On 13 Sep 2001, at 21:56, Adrian Chadd <adrian@squid-cache.org> wrote:
> On Thu, Sep 13, 2001, Joe Cooper wrote:
> > I like the sound of that a lot...standard tools for network systems
> > administration.
> >
> > However, security is still a concern, and SNMP is currently not so
> > secure in Squid (ACLs true, but no granularity for SNMP access).
>
> SNMP isn't as standard as you'd think - you still need to build
> your own enterprise MIB, and its just as stateless and less reliable
> as if we were doing it over HTTP.
Well, I don't agree. Beauty of SNMP is not in its udp port 161 stuff.
It's the compactness and standardisation of defining items and values.
Building config MIB from squid.conf is simple I guess, and using UDP
vs HTTP is not much more that picking transport means. Squid already
has enterprise ID and MIB, so its just a matter of adding missing stuff.
You can request http://squid-internal-peer/peername:peerport/enable,
or you can request snmp://peer.peername.peerport=enable or you can
request something like snmp: 2.7.3=1
MIB is only needed to make translations between machine and human.
You can perfectly do without one. Make cachemgr a frontend to SNMP,
be it via UDP:161 or HTTP doesn't matter. You'd have Squid configurator
with online help automatically. You don't need to code translations
into squid itself. Basing approach on SNMP just makes it so much
simpler to keep in sync data available via cachemgr and SNMP.
By selecting SNMP you just stick with machine-centric approach while
with HTTP stay more human-readable approach.
I really don't know which one is simpler to implement in squid.
> Personally, any management system worth its salt (or lots of cash)
> will have a scripting language to write management modules in,
> and these could easily be adapted to use HTTP.
;) you don't trust any NMS it seems. Means only that given NMS is
not worth its salt if you have to write modules yourself ;)
> *AND* (heh), I'm actually of the opinion that SNMP should be implemented
> as an external process which can nab the information out of squid via
> HTTP. Its a nice, clean, enforced abstraction.
hmm. clean?
Actually, I don't have any problem with snmp vs http. SNMP tends to
be slower via udp. And it has its problems. I've just seen some good
stuff basing all its configs on SNMP, even on console, and it seems
simple and modular way of managing binary configs on a running system.
It just popped into my head as a first thing ;)
------------------------------------
Andres Kroonmaa <andre@online.ee>
CTO, Microlink Online
Tel: 6501 731, Fax: 6501 725
Pärnu mnt. 158, Tallinn,
11317 Estonia
Received on Fri Sep 14 2001 - 04:02:57 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:21 MST