"Jacek Pop³awski" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Do you have any experience with Python in SNMPv3 area?
SNMP suck per design and SNMPv3 suck even more by adding complexity to that design IMO. SNMPv2 sort of works well within the limits of the design of SNMP, so that is what I would use. The main difference between SNMPv2 and SNMPv3 is that v3 comes with a self-contained security system with it's own rules/tools & yet-another-set-of-credencials-to-control. If you do not need the security, SNMPv2 will work fine, and you don't need it because you will not change anything via SNMP anyway. > I just realized that pySNMP we are using supports only v1 and v2c, > development version probably supports SNMPv3 but I am unable to find any > v3-specific documentation, could you help me? Not really - I have deployed SNMPv3 in a demo network and gotten a management system based on SNMPv2 & SNMPv3 to work. This was a long lesson in how things that are broken by design will remain broken forever. So, I would not worry about it; informs, polling and probing can be done adequately with SNMPv2. Most tools do not bother with SNMPv3 either. Changing configurations by "setting" parameters cannot be made reliable with SNMP so there is no need for SNMPv3's security features (which are complicated in themselves and a real pain to manage, probably impossibly so for more than a few access levels on very few nodes). SNMPv3 Informs are the worst part: They must be authenticated, which means that the Username and engineID the trap is sent from must be registered with the Informsink or the Inform cannot be received. I.O.W: A SMURF attack on the configuration of the management station (and the manager, who has to collect/create engineID's manually). > Is there any other solution than pySNMP? Well, netconf is working it's way through IETF: http://www.ietf.org/html.charters/netconf-charter.html ;-) Netconf on top of XML-RPC would be very Pythonic. It looks like they got most things right this time - especially the parts about netconf NOT being self-contained so one can build on already-deployed and debugged protocols and standards!!
-- http://mail.python.org/mailman/listinfo/python-list
