difference between snmpv3 report / trap messages

Printable View

04-26-2008, 11:54 AM
unix

difference between snmpv3 report / trap messages

Hello,

I`ve one question about the difference between snmpv3 report and trap
messages. A trap message can be send to the manager (specified in the
table) at any time - and the report message can only be send within
the time-window (recvd request - transmit response).

I read the RFCs which specify some reasons where a report message
should be send (e.g. privflag is set and authflag not).

But which information must be included in a report message? (e.g. the
correct request-ID from the recvd request, or the contextEngineID from
the recvd request)

e.g the snmpv3 message is decrypted and the agent is not able to get
the plaintext so a report message should be sent (RFC) - but the agent
doesn`t know the request-ID which must be equal to the received
request-ID - so which request-ID will the agent send to the manager?

Another example: if the agent is not able to read the field "snmp-
version" from the recvd request, so the agent is not able to send an
report - but will the agent sent an trap message or will the agent
only increment the badsnmpVersion counter?

Is it specified in a rfc when the agent will send an trap / inform
message?

best regards
Bernd
04-26-2008, 08:52 PM
unix

Re: difference between snmpv3 report / trap messages

bernd <bernd.schuster12@googlemail.com> wrote:
[color=blue]
> I`ve one question about the difference between snmpv3 report and trap
> messages. A trap message can be send to the manager (specified in the
> table) at any time - and the report message can only be send within
> the time-window (recvd request - transmit response).[/color]

A report is sent when an error occurs within the SNMP engine. There
is no time window and reports are purely internal to the communication
SNMP engines; they do not convey application data.
[color=blue]
> I read the RFCs which specify some reasons where a report message
> should be send (e.g. privflag is set and authflag not).
>
> But which information must be included in a report message? (e.g. the
> correct request-ID from the recvd request, or the contextEngineID from
> the recvd request)[/color]

If available...
[color=blue]
> e.g the snmpv3 message is decrypted and the agent is not able to get
> the plaintext so a report message should be sent (RFC) - but the agent
> doesn`t know the request-ID which must be equal to the received
> request-ID - so which request-ID will the agent send to the manager?[/color]

I guess you create one. Note that SNMPv3 uses msgID to correlate
messages and msgID is never encrypted.
[color=blue]
> Another example: if the agent is not able to read the field "snmp-
> version" from the recvd request, so the agent is not able to send an
> report - but will the agent sent an trap message or will the agent
> only increment the badsnmpVersion counter?[/color]

RFC 3412 section 4.2.1:

2) The version of the SNMP message is determined in an
implementation-dependent manner. If the packet cannot be
sufficiently parsed to determine the version of the SNMP message,
then the snmpInASNParseErrs [RFC3418] counter is incremented, and
the message is discarded without further processing. If the
version is not supported, then the snmpInBadVersions [RFC3418]
counter is incremented, and the message is discarded without
further processing.
[color=blue]
> Is it specified in a rfc when the agent will send an trap / inform
> message?[/color]

This is specified in MIB modules that define notifications. For
example, the IF-MIB [RFC2863] defines linkUp and linkDown
notifications.

/js

--
Juergen Schoenwaelder Jacobs University Bremen gGmbH
Phone: +49 421 200 3587 Campus Ring 1, 28759 Bremen, Germany
Fax: +49 421 200 3103 <http://www.jacobs-university.de/>
04-29-2008, 11:44 AM
unix

Re: difference between snmpv3 report / trap messages

On 26 Apr., 22:52, "Dr. Juergen Schoenwaelder" <scho...@ibr.cs.tu-
bs.de> wrote:[color=blue]
> bernd <bernd.schuste...@googlemail.com> wrote:[color=green]
> > I`ve one question about the difference between snmpv3 report and trap
> > messages. A trap message can be send to the manager (specified in the
> > table) at any time - and the report message can only be send within
> > the time-window (recvd request - transmit response).[/color]
>
> A report is sent when an error occurs within the SNMP engine. There
> is no time window and reports are purely internal to the communication
> SNMP engines; they do not convey application data.
>[color=green]
> > I read the RFCs which specify some reasons where a report message
> > should be send (e.g. privflag is set and authflag not).[/color]
>[color=green]
> > But which information must be included in a report message? (e.g. the
> > correct request-ID from the recvd request, or the contextEngineID from
> > the recvd request)[/color]
>
> If available...
>[/color]

thanks for your answer.

That means if the msgID is available from the recvd message the agent
is able to transmit a report message, using the default msgMaxSize
and the default flags (0x00 - or is there a table entry where I could
change the settings for a report message?) and the engineID from the
agent - but the agent will not include the engineBoots and engineTime
values.

best regards
Bernd