[SNMP]: SONiC SNMP Changes to support IPv6 #1457
Conversation
Signed-off-by: Suvarna Meenakshi <sumeenak@microsoft.com>
|
|
||
|
|
||
| ### Effects of this change ### | ||
| 1. By default, SNMP will listen on Management and Loopback0 IPs configured via config_db. |
There was a problem hiding this comment.
This new change may not work for all SONiC users, can introduce backward compatibility issues as we dont have any issue with IPv4 case.
There was a problem hiding this comment.
modified to be backward compatible
|
|
||
| **Possible solution** | ||
|
|
||
| Update STATE_DB with DHCP configured management IP address. |
There was a problem hiding this comment.
Hope you are fixing this as part of the initial pull request itself, otherwise we're breaking the working feature when the DHCP is desired for the mgmt interface.
There was a problem hiding this comment.
Not required with current suggested change
|
community review recording https://zoom.us/rec/share/IhwpNF2czHBDY1OeZwnKdTmnPr4gc2AmItBcRYc1HgFUJG539cPaeIsvdDMaeli3.AqXFYTMBt18iU1XQ |
Signed-off-by: Suvarna Meenakshi <sumeenak@microsoft.com>
What is the motivation for this PR? Skip SNMP IPv6 related test cases in 202211,202205 and 202305 branches until the approach to fix IPv6 issue is fixed. PR contains details of the issue and approach sonic-net/SONiC#1457 How did you do it? Skip single asic IPv6 SNMP loopback test case and link local test case in branches with the testcase added. How did you verify/test it? Tested on 202205 single asic VS image
…#10097) What is the motivation for this PR? Skip SNMP IPv6 related test cases in 202211,202205 and 202305 branches until the approach to fix IPv6 issue is fixed. PR contains details of the issue and approach sonic-net/SONiC#1457 How did you do it? Skip single asic IPv6 SNMP loopback test case and link local test case in branches with the testcase added. How did you verify/test it? Tested on 202205 single asic VS image (cherry picked from commit a72a4db)
…t#10097) What is the motivation for this PR? Skip SNMP IPv6 related test cases in 202211,202205 and 202305 branches until the approach to fix IPv6 issue is fixed. PR contains details of the issue and approach sonic-net/SONiC#1457 How did you do it? Skip single asic IPv6 SNMP loopback test case and link local test case in branches with the testcase added. How did you verify/test it? Tested on 202205 single asic VS image (cherry picked from commit a72a4db)
…10238) What is the motivation for this PR? cherry pick of #10097 Skip SNMP IPv6 related test cases in 202211,202205 and 202305 branches until the approach to fix IPv6 issue is fixed. PR contains details of the issue and approach sonic-net/SONiC#1457 How did you do it? Skip single asic IPv6 SNMP loopback test case and link local test case in branches with the testcase added. How did you verify/test it? Tested on 202205 single asic VS image (cherry picked from commit a72a4db)
|
@venkatmahalingam , @dgsudharsan , @qiluo-msft , thank you for reviewing. |
…10244) (cherry picked from commit a72a4db) What is the motivation for this PR? Skip SNMP IPv6 related test cases in 202211,202205 and 202305 branches until the approach to fix IPv6 issue is fixed. PR contains details of the issue and approach sonic-net/SONiC#1457 How did you do it? Skip single asic IPv6 SNMP loopback test case and link local test case in branches with the testcase added. How did you verify/test it? Tested on 202205 single asic VS image (cherry picked from commit a72a4db)
|
@SuvarnaMeenakshi can you please add the code PRs to this HLD? Thanks. |
Hi @SuvarnaMeenakshi |
During upgrade_flow, if the config_db.json file is present, then backward compatibility will be maintained. |
Thanks @SuvarnaMeenakshi, this looks good. |
@dgsudharsan @venkatmahalingam thank you, I have code PR here sonic-net/sonic-buildimage#17045 |
Signed-off-by: Suvarna Meenakshi <sumeenak@microsoft.com>
Updated PR in the document.
@dgsudharsan @venkatmahalingam Please help review this document PR |
|
@qiluo-msft please help review and merge this. |
| ## Motivation ## | ||
|
|
||
| SNMP query over IPv6 address fails in certain scenarios on single asic platforms. | ||
| Ideally, SNMP over IPv6 should be successful over both IPv4 and IPv6. |
There was a problem hiding this comment.
Could you rephase "SNMP over IPv6 should be successful over both IPv4 and IPv6"? #Closed
|
|
||
| 1. [SNMP][IPv6]: Fix SNMP IPv6 reachability issue in certain scenarios https://github.com/sonic-net/sonic-buildimage/pull/15487 | ||
| 2. [SNMP][IPv6]: Fix to use link local IPv6 address as snmp agentAddress https://github.com/sonic-net/sonic-buildimage/pull/16013 | ||
| 3. [SNMP]: Modify minigraph parser to update SNMP_AGENT_ADDRESS_CONFIG https://github.com/sonic-net/sonic-buildimage/pull/17045 |
There was a problem hiding this comment.
Since this issue is only on single asic, why fixing multi asic in this PR? #Closed
There was a problem hiding this comment.
Yes, only on single-asic, not fixing for multi-asic in this PR.
Rephrase incorrect statement in motivation section. Signed-off-by: Suvarna Meenakshi <sumeenak@microsoft.com>
|
@qiluo-msft can you help merge this PR? |
…able (#17045) #### Why I did it SNMP query over IPv6 does not work due to issue in net-snmp where IPv6 query does not work on multi-nic environment. To get around this, if snmpd listens on specific ipv4 or ipv6 address, then the issue is not seen. We plan to configure Management IP and Loopback IP configured in minigraph.xml as SNMP_AGENT_ADDRESS in config_db., based on changes discussed in sonic-net/SONiC#1457. ##### Work item tracking - Microsoft ADO **(number only)**:26091228 #### How I did it Modify minigraph parser to update SNMP_AGENT_ADDRESS_CONFIG with management and Loopback0 IP addresses. Modify snmpd.conf.j2 to use SNMP_AGENT_ADDRESS_CONFIG table if it is present in config_db, if not listen on any IP. Main change: 1. if minigraph.xml is used to configure the device, then snmpd will listen on mgmt and loopback IP addresses, 2. if config_db is used to configure the device, snmpd will listen IP present in SNMP_AGENT_ADDRESS_CONFIG if that table is present, if table is not present snmpd will listen on any IP. #### How to verify it config_db.json created from minigraph.xml for single asic VS image with mgmt and Loopback IP addresses. ``` "SNMP_AGENT_ADDRESS_CONFIG": { "10.1.0.32|161|": {}, "10.250.0.101|161|": {}, "FC00:1::32|161|": {}, "fec0::ffff:afa:1|161|": {} }, ..... snmpd listening on the above IP addresses: admin@vlab-01:~$ sudo netstat -tulnp | grep 161 tcp 0 0 127.0.0.1:3161 0.0.0.0:* LISTEN 71522/snmpd udp 0 0 10.250.0.101:161 0.0.0.0:* 71522/snmpd udp 0 0 10.1.0.32:161 0.0.0.0:* 71522/snmpd udp6 0 0 fec0::ffff:afa:1:161 :::* 71522/snmpd udp6 0 0 fc00:1::32:161 :::* 71522/snmpd ```
|
@dgsudharsan can you approve the doc PR |
Merging the PR based on discussion in the PR, thanks. |
…able (sonic-net#17045) #### Why I did it SNMP query over IPv6 does not work due to issue in net-snmp where IPv6 query does not work on multi-nic environment. To get around this, if snmpd listens on specific ipv4 or ipv6 address, then the issue is not seen. We plan to configure Management IP and Loopback IP configured in minigraph.xml as SNMP_AGENT_ADDRESS in config_db., based on changes discussed in sonic-net/SONiC#1457. ##### Work item tracking - Microsoft ADO **(number only)**:26091228 #### How I did it Modify minigraph parser to update SNMP_AGENT_ADDRESS_CONFIG with management and Loopback0 IP addresses. Modify snmpd.conf.j2 to use SNMP_AGENT_ADDRESS_CONFIG table if it is present in config_db, if not listen on any IP. Main change: 1. if minigraph.xml is used to configure the device, then snmpd will listen on mgmt and loopback IP addresses, 2. if config_db is used to configure the device, snmpd will listen IP present in SNMP_AGENT_ADDRESS_CONFIG if that table is present, if table is not present snmpd will listen on any IP. #### How to verify it config_db.json created from minigraph.xml for single asic VS image with mgmt and Loopback IP addresses. ``` "SNMP_AGENT_ADDRESS_CONFIG": { "10.1.0.32|161|": {}, "10.250.0.101|161|": {}, "FC00:1::32|161|": {}, "fec0::ffff:afa:1|161|": {} }, ..... snmpd listening on the above IP addresses: admin@vlab-01:~$ sudo netstat -tulnp | grep 161 tcp 0 0 127.0.0.1:3161 0.0.0.0:* LISTEN 71522/snmpd udp 0 0 10.250.0.101:161 0.0.0.0:* 71522/snmpd udp 0 0 10.1.0.32:161 0.0.0.0:* 71522/snmpd udp6 0 0 fec0::ffff:afa:1:161 :::* 71522/snmpd udp6 0 0 fc00:1::32:161 :::* 71522/snmpd ```
…able (#17045) #### Why I did it SNMP query over IPv6 does not work due to issue in net-snmp where IPv6 query does not work on multi-nic environment. To get around this, if snmpd listens on specific ipv4 or ipv6 address, then the issue is not seen. We plan to configure Management IP and Loopback IP configured in minigraph.xml as SNMP_AGENT_ADDRESS in config_db., based on changes discussed in sonic-net/SONiC#1457. ##### Work item tracking - Microsoft ADO **(number only)**:26091228 #### How I did it Modify minigraph parser to update SNMP_AGENT_ADDRESS_CONFIG with management and Loopback0 IP addresses. Modify snmpd.conf.j2 to use SNMP_AGENT_ADDRESS_CONFIG table if it is present in config_db, if not listen on any IP. Main change: 1. if minigraph.xml is used to configure the device, then snmpd will listen on mgmt and loopback IP addresses, 2. if config_db is used to configure the device, snmpd will listen IP present in SNMP_AGENT_ADDRESS_CONFIG if that table is present, if table is not present snmpd will listen on any IP. #### How to verify it config_db.json created from minigraph.xml for single asic VS image with mgmt and Loopback IP addresses. ``` "SNMP_AGENT_ADDRESS_CONFIG": { "10.1.0.32|161|": {}, "10.250.0.101|161|": {}, "FC00:1::32|161|": {}, "fec0::ffff:afa:1|161|": {} }, ..... snmpd listening on the above IP addresses: admin@vlab-01:~$ sudo netstat -tulnp | grep 161 tcp 0 0 127.0.0.1:3161 0.0.0.0:* LISTEN 71522/snmpd udp 0 0 10.250.0.101:161 0.0.0.0:* 71522/snmpd udp 0 0 10.1.0.32:161 0.0.0.0:* 71522/snmpd udp6 0 0 fec0::ffff:afa:1:161 :::* 71522/snmpd udp6 0 0 fc00:1::32:161 :::* 71522/snmpd ```
|
back ported to previous releases as well |
|
@SuvarnaMeenakshi Can you please update the Quality Metric (Alpha/Beta/GA) for the feature either in this PR comments or in HLD itself based on https://github.com/sonic-net/SONiC/blob/master/doc/SONiC%20feature%20quality%20definition.md |
Sure, will check the quality metric and add the required details. Is this a new additional requirement for new features or changes? |
Document captures the changes required to support SNMP over IPv6 for single asic platforms.