SNMP, Static NAT and management systems including servers midwear and applications

Mark Scholten mark at streamservice.nl
Wed Mar 3 12:19:18 UTC 2010


Hi Bobby,

Can your monitoring system use other ports (per host) for SNMP? In that case
you could user port forwarding (and up to 60,000 hosts this should be fine),
with static NAT this would be a good option I guess.

With kind regards,

Mark Scholten

> -----Original Message-----
> From: Bobby Mac [mailto:bobbyjim at gmail.com]
> Sent: Wednesday, March 03, 2010 2:37 AM
> To: nanog at nanog.org
> Subject: SNMP, Static NAT and management systems including servers
> midwear and applications
> 
> Hi All:
> 
> I have been asked to extend the capabilities of my current monitoring
> and
> management system to another division of the company.  All IP space is
> rfc1918 with no public routed space in the mix.  Needless to say, and
> rightfully so, the network folks won't allow me to directly attach my
> management network to theirs.
> 
> I use SNMP for system level monitoring for all servers via agents on
> the
> servers (WIN and NIX).  Static NAT will be put into place but it breaks
> my
> SNMP gets used by the noc to validate CPU, disk util ect..  In a quick
> test
> NAT on my own network was set up and I can receive traps and parse them
> fine
> even with the NAT as the current trap receiver and visualization can
> handle
> incoming traps and NAT.   I can see system IP and peer IP fulfilling
> the two
> sides. I know I can create an simple ALG via a Apache server with Perl
> to
> execute the SNMP get on the foreign network.  Noc folks can see data
> and
> import it into the ticket (no blind escalations).
> 
> My question is how have others handled SNMP and static NATs without a
> ground
> up re-architecture.  I don't want to bring in new protocols and change
> my
> systems as they are today due to the heavy integration with
> provisioning,
> work flow and process flows.  They have worked well to date besides the
> huge
> sunk $ investment in software and integration.
> 
> I have been looking for a complex ALG but there doesn't seem to be much
> out
> there and I would rather not manipulate the payload,  but map it
> correctly.
> Any suggestions?
> 
> -Bob





More information about the NANOG mailing list