Versions Compared

Old Version 3

changes.mady.by.user Konstantin Lepikhov

Saved on

compared with

New Version 4

changes.mady.by.user Kurt Baumann

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Synagon SNMP Graphing Tool

Overview

Synagon is Python-based program that collects and graphs firewall values from Juniper routers. The tool first requires the user to select a router from a list. It will retrieve all the available firewall filters/counters from that router and the user can select any of these to graph. It was developed by DANTE for internal use, but could be made available on request (on a case by case basis), in an entirely unsupported manner. Please contact operations@dante.org.uk for more details.





Wiki Markup
\[The information below is taken from DANTE's internal documentation.\]





Installation and Setup procedures

Synagon comes as a single compressed archive, that can be copied in a directory and then invoked as any other standard python script.

...

You also need to create a network.py file that describes the network topology where the tool will act upon. The configuration files should be located in the same directory as the tool itself. Please look at the section below for more information on the format of the file.

  • Example Sysngaon screen:

How to use Synagon

The tool can be invoked by double clicking on the file name (under windows) or by typing the following on the command shell:

...

Immediately after, a window with a single menu entry will appear. By clicking on the menu, a list of all routers described in the network.py will be given as submenus.





Wiki Markup
Under each router, a submenu shows the list of firewall filters for that router \(depending whether you have previously collected the list\) together with a 'collect' submenu. The collect submenu initiates the collection of the firewall filters from the router and then updates the list of firewall filters in the submenu where the collect button is located. 
The list of firewall filters of each router is also stored on the local disk and next time the tool is invoked it won't be necessary to interrogate the router for receiving the firewall list, but they will be taken instead from the file.
When the firewall filter list is retrieved, a submenu with all counter and policers for each filter will be displayed. A policer is marked with \[p\] and a counter with a \[c\] just after their name.





When a counter or policer of a firewall filter of a router is selected, the SNMP poling for that entity begins. After a few seconds, a window will appear that plots the requested values.

...

Because values are frequently retrieved, there are memory consumption and performance concerns. To avoid this a configurable limit is placed on the number of samples plotted on graph. The handle at the top of the window limits the number of samples plotted and has an impact on performance if is positioned at a high scale (of thousands).

Developer's guide

This section provides information about how the tool internally works.

...

When a window is closed by the user, the gui modifies the active_firewall_list for that policer by setting the 'collect' attribute to None, and the main thread next time will reach that counter/policer, it will ignore it.

Creating a single synagon package

The tool consists of several files:




  • Wiki Markup
    {{felegktis.py}} 	\[main logic\]







  • Wiki Markup
    {{graph.py}} 		 \[graph library\]







  • Wiki Markup
    {{csnmp.py}} 		\[ SNMP library\]




It is possible by using the squeeze tool (available at http://www.pythonware.com/products/python/squeeze/index.htm\) to make this file into a compressed python executable archive.

...

The command above builds synagon.py from files felegktis.py , graph.py and csnmp.py .

Appendices

A. network.py

newtork.py descibes the nework's topology
- its format can be deduced by inspection. Currently the network topology name (graph name) should be set to 'geant' - the script could be adjusted to change this behaviour.

Compulsory router properties:




  • Wiki Markup
    type: the type of the router \[juniper, cisco, etc\] etc \(the tool only operates on 'juniper' routers




  • address: The address where the router can be contacted at

  • community: the SNMP community to authenticate on the router
    Example:

    Code Block
    # Geant network
geant = graph.Graph()

# Defaults for router
class Router(graph.Vertex):
	 """ Common options for geant routers """

	 def (self):
		  # Initialise base class
		  graph.Vertex.(self)
		  # Set the default properties for these routers
		self.property['type'] = 'juniper'
		  self.property['community'] = 'commpassword'

uk1 = Router()
gr1 = Router()


geant.vertex['uk1'] = uk1
geant.vertex['gr1'] = gr1

uk1.property['address'] = 'uk1.uk.geant.net'
gr1.property['address'] = 'gr1.gr.geant.net'


    B. Python Package Installation

    Python package installation

    Python has a built in support for installing packages.

...

Many python packages which have extension written in some oher language, need to be compiled into a binary package before distributing to platform like windows, because not all windows machine have c or c++ compilers that a package may require.

The Python SNMP framework library

The source version can be downloaded from http://mysnmp.sourceforge.net

...