>>>>> On Sat, 25 Feb 2006 17:06:23 -0500, "Soni Manish-E3988C" <[EMAIL 
>>>>> PROTECTED]> said:

Soni> Wanted to know when snmp key change is triggered by setting
Soni> usmauthkeychange does the net-snmp agent wait to update the keys
Soni> until all the ongoing operations (Sets) are completed or the
Soni> keys are updated immediately and the new keys will be used for
Soni> responsding to ongoing sets.

The keys are updated immediately and only the outgoing response
message is encoded using the older key.

Though having said that, our internal architecture doesn't allow for
multiple SETs to be processed at once for exactly reasons like this:
dependencies.  Thus you're actually safe to fire a bunch of SETs at
the agent where a middle one is a key change.

*but* you can still run into problems:

1) networks don't guarantee order delivery of packets.  Thus, they
   could arrive out of order if fired off quickly.
2) there is no assurance that the keychange SET itself will fail if
   it is messed up or fails for some reason and every SET after it
   would fail because it would be using the newer key.

The net-policy project on sourceforge is a side-project of mine that
has a robust configuration engine that accounts for issues like this
and one of the things we do there is make sure that SETs that go out
are sent one at a time to the host.  We do allow, though, for multiple
SETs to different hosts to the same time...  We queue outstanding
requests to a single host and stop on an error until an operator
clears the error...

-- 
Wes Hardaker
Sparta, Inc.


-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Reply via email to