Challenges with deploying SNMP v3 based monitoring tools in diverse environments
One of the biggest challenges with SNMP v3 deployments in diverse environments is a lack of consensus
among hardware manufactures on what set of Privacy Ciphers has to be supported/included in standard SNMP v3 stack.
Even Cisco was unable to unify list of supported v3 Ciphers in different product lines (ASA vs NX-OS vs IOS-XR).
Partially this was caused by the lack of RFC that defined AES-192 and AES-256 implementations for SNMP v3 but this didn’t stop top-tier hardware
vendors from implementing those Ciphers internally and partially it was caused by slow v3 adoption rate that put very low pressure on hardware vendors.
In any case it is very unlikely that you will be able to pick single set of SNMP v3 Authentication/Encryption parameters that will be supported on all of the devices
in a good sized enterprise network. This results in having to use and support different encryption ciphers in different devices and what most important this
will require your Network monitoring tool to support multiple SNMP profiles based on device type. Your monitoring tool has to discover what SNMP profile
is compatible with each device, “remember” it and only use compatible SNMP parameters when communicating with specific device.
Nectus is the only tool that was built from ground up with support for device specific SNMP profiles and it deploys patented discovery logic that allows it to match
compatible SNMP profile to each device in sub-seconds. Nectus supports up to 1000 SNMP profiles and used by multiple customers with 10K+ routers.
Leave a ReplyWant to join the discussion?
Feel free to contribute!