On Tue, Dec 6, 2011 at 12:15 PM, Jared Mauch <jared@puck.nether.net> wrote:
On Dec 6, 2011, at 11:28 AM, Christopher Morrow wrote:
long ago, in a network far away (not on the interwebs) we used snmp write to trigger a tftp config load. It worked nicely... I'm fairly certain I'd not do this on an internet connected network today though.
Many vendors have poor TFTP implementations, such that any additional latency creates very slow transfer rates. This is why things like the RCPD were done, and others use FTP/HTTP even. I am not sure if you can tell it to trigger some protocol other than TFTP in IOS.
agreed, I did say 'long time ago' :) (like before 2000 long time ago) I get the impression we could have said copy http:// instead of tftp though. (if it were supported at the time, http I mean)
As someone who has moved large configs around in the past (1-16MB in cases) transfer speeds do matter.
agreed
Also, who tests snmp WRITE in their code? at scale? for daily operations tasks? ... (didn't the snmp incident in 2002 teach us something?)
This is also a whole other interesting problem. Part of it is lack of exposure to it. Part of it is ease of operation. Many people still telnet over when they should use ssh. (feedback is more immediate if you are not in the VTY ACL for example). People revert to what they are comfortable with. Some it's scripts, others its typing configure or conf t and hitting ? a lot.
There's no reason one can't program a device with SNMP, the main issue IMHO has always been what I dubbed "config drift". You have your desired configuration and variances that happen over time. If you don't force a 'wr mem' or similar event after you trigger a 'copy tftp run' operation, you may have troubles that are not apparent if there is a power failure or other lossage. The boot-time parser doesn't interpret SNMP, it parses text. This and other reasons have made people fail-safe to using the language most easily interpreted by the device.
Yup, I think the OP was maybe getting at: "Why can't I snmp configure my cisco/juniper/alteon device?" I took that to mean (probably naively?) that they also would validate configs and update drift out of the configuration. You CAN force a 'wr mem' via snmp as well, of course (in cisco world).