TDC597 Linuxbased Network Management Lecture Six CLIbased Application Development

1
TDC597Linux-based Network ManagementLecture
SixCLI-based Application Development

• James T. Yu, Ph.D.
• jyu_at_cs.depaul.edu
• School of CTI
• DePaul University

2
Application Development (I)

• An application is to address a specific business
  need or to solve a specific technical problem.
• hw02 is an application to analyze the network
  performance as measured by the round trip time.
• hw03 is an application to (1) generate a summary
  report of account usage.
• Extra credit of hw03 is an application to assess
  the severity of intrusion attacks.
• Hw04 is an application to analyze the CPU
  occupancy.

3
Application Development (II)

• Network professionals develop applications for
  their personal needs and also to support their
  peers.
• Many commercial applications start from personal
  use.
• There are many 3rd party tools and shareware to
  support various network applications and to
  support application development.
• TDC597 uses the basic tool (Shell and Perl) for
  application development.

4
Approaches of SNMP application development

• A Linux Net-SNMP Utilities
• The easiest way may not be an elegant way
• Run SNMP utilities in the shell environment and
  save the raw data in a file (or multiple files)
• Write a Perl script to read the raw data from the
  file and associate the data for network
  significance and generate easy-to-read network
  management reports
• B Linux Net-SNMP Utilities
• Write a Perl script to embed the Net-SNMP
  utilities.
• The result of Net-SNMP execution is saved in a
  Perl variable.

5
Approaches (cont.) of SNMP application
development

• C SNMP_Util a Perl Module for SNMP
• Install an SNMP module in Perl
• Call the SNMP functions in the module
• use SNMP_Util
• This is like the include function in C.
• Function call snmpwalk(community_at_hostoptions,
  OID)
• D Perl Module for Net-SNMP
• More advanced functions and more challenging
• use SNMP
• Use objected-oriented features in Perl
  anonymous array reference, structured class, etc.
• session new SNMP Session(DestHost gt host
  )
• var new SNMPVarList(sysDescr, 0,
• _at_vars session-gtget(var)
• E HPOpenView the most popular commercial tool
• F SNMP4J Java API for SNMP application
  development

6
CLI vs. GUI

• Almost all commercial management tools support
  both Command-Line Interface (CLI) and
  Graphical-User-Interface (GUI).
• Most GUIs are based on the web interface.
• The engine behind GUI is most likely CLI.
• Developers usually start with CLI and then
  enhance the application with GUI after the CLI
  work is done.
• If you are doing SNMP development work for
  internal use (among your peer group where you are
  given them a favor), CLI would be sufficient.
• If you are doing SNMP development work for
  customers (internal or external), GUI is
  required.
• If you would like to impress anyone, GUI is also
  required.
• If your goal is just to get the work, CLI is all
  you need.

7
TDC597 Lab Environment
140.192.40.4 (Lnux04)
192.168.2.102
Internet
192.168.11.3
192.168.1.4
192.168.11.2
192.168.1.1
192.168.10.2
192.168.10.1
192.168.1.2
192.168.1.101
192.168.1.5 (Linux)
192.168.1.8 (Windows)
8
Caveat

• The TDC LAN lab environment (192.168.1.0/24) is a
  private environment with limited security
  protection.
• We use SNMPv2 at the LAN lab for ease of network
  device access.
• In an enterprise environment, you should consider
  SNMPv3 for data encryption with better security
  protection.

9
Method A (Linux Shell)
Shell Script (snmpwalk)
SNMP Manager
SNMP Agent
MIB data File
Perl Script
MIB Analysis Report
10
Method A
11
Method B (System Call)
snmpwalk
Perl Script (Linux Call)
SNMP Manager
SNMP Agent
MIB Analysis Report
MIB Data in Perl Variables (memory)
12
Method B
13
Method C (Perl API)
snmpwalk
Perl Script (SNMP Function Call)
SNMP Manager
SNMP Agent
MIB Analysis Report
MIB Data in Perl Variables (memory)
14
Perl SNMP module

• perl-modules-5.8.6-2.i386.rpm
• perl-SNMP_Session-1.05-1.noarch.rpm
• The SNMP module has the SNMP functions
• use SNMP_util
• This is like include in C

15
Perl functions for SNMP

• snmpget(community_at_host, mib)
• snmpwalk(community_at_host, mib)
• snmpset(community_at_host, type, value)
• Type integer, string, etc.

16
Method C
17
Function Calls vs. System Calls

• If you use Perl function call (API), the data is
  kept in a Perl variable (value). It will be
  easy to process this variable.
• If you use Linux system call, the data is on
  Linux Shell which is outside the Perl
  environment.
• It is better to use the Perl function call. When
  you do trouble shooting, you may use the Linux
  system call to check and verify the data.

18
Same example - Command Arguments
19
Single MIB Retrieval - snmpget
BER Basic Encoding Rule
20
Retrieving Multiple MIBs
cf (_at_value) vs. (value)
value scalar variable _at_value list array
variable must be in ( )
21
Retrieving Multiple MIBs(cont.)
22
Network Device Configuration

• From SNMP perspective, network configuration is
  to set a value to a MIB or to a group of MIBs to
  perform a certain configuration function.
• Example
• Enable an interface
• Disable an interface
• Need to be careful of the MIB
• ifAdminStatus
• ifOperStatus
• API snmpset

23
MIB ifAdminStatus
24
MIB ifOperStatus
25
snmpset
26
Caveat

• SNMP is a protocol on UDP which is on IP which is
  bound to a physical interface.
• If the physical interface is down, IP is down,
  along with UDP and SNMP.
• In the previous example, what if
• perl ex04a.pl 192.168.1.101 2

27
What is Interface2 on Router6?
28
A non-trivial example

• Get the routing table from an IP router
• Development Process
• Understand the problem
• If you cannot do it by hand, you cannot teach the
  computer to do it automatically.
• Do a simple example by hand first
• Design the solution
• Write the code

29
Development Process (II)

• Understand the problem
• What is a routing table?
• What is a MAC address table?
• What is an ARP table?
• Understand the MIB
• What are the MIBs to generate the above tables?
• Do a few examples manually

30
Incremental Design

• Always maintain a working program
• Perl is very forgiven on some syntax errors, and
  it makes debugging very difficult.
• If you have a typo for a variable name, the Perl
  will accept it as a new variable and all
  references to this variable would be wrong.
• use strict strong data type
• Working program syntax and semantics are both
  correct.
• If not, debug the segment that has been changed.

31
What is the IP Routing Table?
32
Program Design

• It is a table IP routing table
• What is the index (key) of the table?
• IP route index
• What is an IP route index?
• 192.168.1.10
• What are the attributes of the table?
• IP route destination
• IP route subnet mask
• IP next hop
• Protocol type (local, RIP, OSPF, etc)
• Route type (direct and indirect)

33
MIBs for the Routing Table
If you have any question, read RFC 1213 or use a
MIB browser.
34
MIBs for the Routing Table
35
Output of getRoutingTable.pl
36
Initialization
use SNMP_util TARGET shift MIB
".1.3.6.1.2.1.4.21.1" (MIB) (TARGET) die
"usage 0 lttargetgt" secret
"public" ifName1 "e0/0" ifName2
"e0/1" protoName2 "local" protoName8
"rip" routeType3 "direct" routeType4
"indirect"
Is this good? Can you do better than this?
37
Set MIB Title
_at_MIB_NAME ( "ipRouteDest",
1.3.6.1.2.1.4.21.1.1 "ipRouteIfIndex",
1.3.6.1.2.1.4.21.1.2 "na", "na", "na",
"na", "ipRouteNextHop", 1.3.6.1.2.1.4.21.1.
7 "ipRouteType",
1.3.6.1.2.1.4.21.1.8 "ipRouteProto",
1.3.6.1.2.1.4.21.1.9 "na", "ipRouteMask",
1.3.6.1.2.1.4.21.1.11 "na", "na", "na")
38
Get MIB Data
(_at_value) snmpwalk("secret\_at_TARGET",
"MIB") foreach x ( _at_value ) _at_r1
split(//, x) m r10 MIB OID
(1.192.168.1.0) v r11 MIB
Value i index(m, "\.", 0)
1st occurrence of ltdotgt n
length(m) mib_idx substr(m, 0, i)
- 1 OID starts at 1, Perl starts
at 0 mib_name MIB_NAMEmib_idx
route_idx substr(m, i1, (n-i))
192.168.1.0 route_idx_tblroute_idx
1 route index hash table
if( mib_name ne "na" )
table mib_idx . "" . route_idx v
create MIB hash table
39
Print the data from the table
foreach x (keys route_idx_tbl) my v0
table 0 . "" . x my v1 table
1 . "" . x v1 ifNamev1
my v6 table 6 . "" . x my v7
table 7 . "" . x v7
routeTypev7 my v8 table 8 . ""
. x v8 protoNamev8 my
v10 table 10 . "" . x print
"v0\t v1\t v6\t v7\t v8\t v10\n"
40
Caveat

• The Module has a problem dealing with the
  hex-decimal string (i.e., MAC address).
• As a result, it cannot produce the MAC address
  table and the ARP table.
• Alternative use Method A (simpler) or Method B
  (preferred)

41
ARP TableApproach Method B
42
Identify the MIBs
MIB "1.3.6.1.2.1.3.1.1." _at_MIBLIST (1, 2, 3)
43
(No Transcript)
44
Get the MIB Data from the Device
foreach my i (_at_MIBLIST) my oid MIB
. i my command "snmpwalk -v2c -c
public TARGET oid" my _at_r
command print "MIB OID oid\n"
set the MIB data to the hash
tables
45
Set the Hash Tables
foreach my x (_at_r) chomp(x)
my _at_arr split(/ /, x)
my _at_tmp split(/\./, arr0)
my ifIndex "tmp3.tmp4.tmp5.tmp6
" if( i 1 )
get Index
tblIndex ifIndex 1
elsif( i 2 )
set MAC address my
mac "arr3-arr4-arr5-arr6-arr7-a
rr8" tblMAC ifIndex
mac elsif
(i 3 ) set IP address
tblIP ifIndex arr4

46
Join the Tables
foreach idx (keys tblIndex) print "idx \t
tblMACidx \t tblIPidx \n"
47
Hw05 -

• Step 1 Write a Perl program to generate the MAC
  address table.
• Note the MAC address table is defined for each
  VLAN
• Step 2 Write a Shell program that can select the
  IP routing table, MAC forwarding table, or ARP
  table based on the command line option.

48
MIBs for MAC Address Table
TARGET1 target network device (its IP
address) VLAN2 OID1".1.3.6.1.2.1.17.4.3.1.1" O
ID2".1.3.6.1.2.1.17.4.3.1.2" SECRET"public_at_VLAN
specify VLAN save the data in the
files snmpwalk -v2c -c SECRET TARGET
OID1 snmpwalk -v2c -c SECRET TARGET OID2
Note This is a Method-A approach, and you should
use the Method-B approach. Extra credit use
Method-C approach (need to use the pack function.)