Writable SNMP

Keegan Holley keegan.holley at sungard.com
Wed Dec 7 16:19:24 UTC 2011

> > There's no reason one can't program a device with SNMP, the main issue
> > has always been what I dubbed "config drift".  You have your desired
> > configuration and variances that happen over time.  If you don't force
> > a 'wr mem' or similar event after you trigger a 'copy tftp run'
> operation,
> > you may have troubles that are not apparent if there is a power failure
> > or other lossage.  The boot-time parser doesn't interpret SNMP, it parses
> > text.  This and other reasons have made people fail-safe to using the
> language
> > most easily interpreted by the device.
> Yup, I think the OP was maybe getting at:
>  "Why can't I snmp configure my cisco/juniper/alteon device?"
> I took that to mean (probably naively?) that they also would validate
> configs and update drift out of the configuration. You CAN force a 'wr
> mem' via snmp as well, of course (in cisco world).

It was more curiosity.  I'm looking in to scripting and starting to get
tired of having to account for ssh/telnet, credentials, differences in
platforms and code from the same vendor and my various failed attempts to
do all of the above.  Most of the automation suites I've seen work via
logins, rancid,HP NA etc etc.  Although there are better programmers that
can and have made it work it still seems cumbersome to me. I've pretty much
made the assumption that writable SNMP was a bad idea but have never
actually tried it.  I was curious what others were using, netconf or just
scripted logins. I'm also fighting a losing battle to convince people that
netconf isn't evil.  It strikes me as odd that if I wanted to talk to a
database/website full of credit card and billing info there's a long list
of API's I could use, but if I wanted to talk to the router or firewall in
front of it I can only use ssh or telnet.

More information about the NANOG mailing list