Re: Peer twiddling

From: Andres Kroonmaa <andre@dont-contact.us>
Date: Fri, 14 Sep 2001 11:56:22 +0200

On 13 Sep 2001, at 21:56, Adrian Chadd <adrian@squid-cache.org> wrote:

> On Thu, Sep 13, 2001, Joe Cooper wrote:
> > I like the sound of that a lot...standard tools for network systems
> > administration.
> >
> > However, security is still a concern, and SNMP is currently not so
> > secure in Squid (ACLs true, but no granularity for SNMP access).
>
> SNMP isn't as standard as you'd think - you still need to build
> your own enterprise MIB, and its just as stateless and less reliable
> as if we were doing it over HTTP.

 Well, I don't agree. Beauty of SNMP is not in its udp port 161 stuff.
 It's the compactness and standardisation of defining items and values.
 Building config MIB from squid.conf is simple I guess, and using UDP
 vs HTTP is not much more that picking transport means. Squid already
 has enterprise ID and MIB, so its just a matter of adding missing stuff.
 You can request http://squid-internal-peer/peername:peerport/enable,
 or you can request snmp://peer.peername.peerport=enable or you can
 request something like snmp: 2.7.3=1
 MIB is only needed to make translations between machine and human.
 You can perfectly do without one. Make cachemgr a frontend to SNMP,
 be it via UDP:161 or HTTP doesn't matter. You'd have Squid configurator
 with online help automatically. You don't need to code translations
 into squid itself. Basing approach on SNMP just makes it so much
 simpler to keep in sync data available via cachemgr and SNMP.

 By selecting SNMP you just stick with machine-centric approach while
 with HTTP stay more human-readable approach.
 I really don't know which one is simpler to implement in squid.

> Personally, any management system worth its salt (or lots of cash)
> will have a scripting language to write management modules in,
> and these could easily be adapted to use HTTP.

 ;) you don't trust any NMS it seems. Means only that given NMS is
 not worth its salt if you have to write modules yourself ;)

> *AND* (heh), I'm actually of the opinion that SNMP should be implemented
> as an external process which can nab the information out of squid via
> HTTP. Its a nice, clean, enforced abstraction.

 hmm. clean?

 Actually, I don't have any problem with snmp vs http. SNMP tends to
 be slower via udp. And it has its problems. I've just seen some good
 stuff basing all its configs on SNMP, even on console, and it seems
 simple and modular way of managing binary configs on a running system.
 It just popped into my head as a first thing ;)

------------------------------------
 Andres Kroonmaa <andre@online.ee>
 CTO, Microlink Online
 Tel: 6501 731, Fax: 6501 725
 Pärnu mnt. 158, Tallinn,
 11317 Estonia
Received on Fri Sep 14 2001 - 04:02:57 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:21 MST