There are four main parts to the SNMPv3 architecture as shown in the following graphic. How these systems interact with each other to provide the necessary data requested is described in this section.
The SNMP agent receives requests from and makes responses to the SNMP manager. In addition, the SNMP agent communicates with all DPI2 subagents and smux peers on the system. The SNMP agent manages some MIB variables, and all DPI2 subagents and smux peers register their MIB variables with the SNMP agent.
When clsnmp (the SNMP manager) issues a request, it is sent to UDP 161 on the SNMP agent. If the request is an SNMPv1 or SNMPv2c request, the SNMP agent will verify the community name and process the request. If the request is an SNMPv3 request, the SNMP agent will attempt to authenticate the user requesting the data and ensure that the user has the access permissions required to fulfill the request by using the authentication keys, and, if the encrypted version is running, privacy keys. If the SNMP agent cannot authenticate the user, or if the user does not have the correct access permissions to fulfill the request, the SNMP agent will not honor the request. For information on creating users in SNMPv3, see Create Users in SNMPv3.
If the user is authenticated and has the correct access permissions, the SNMP agent will fulfill the request. The SNMP agent will locate the MIB variables being requested. If the SNMP agent itself is managing the requested MIB variables, it will process the request and send a response back to the SNMP manager. If a DPI2 subagent or smux peer is managing the requested MIB variables, the SNMP agent will forward the request to the DPI2 subagent or smux peer on which the MIB variables are managed, allow it to process the request, and will then respond to the SNMP manager.
A DPI2 subagent, such as hostmibd, communicates with the DPI2 agent, which, in SNMPv3, is part of the SNMP agent. The DPI2 subagent sends responses and traps to the DPI2 agent through the dpiPortForTCP.0. Becasue this is not a well-know port, the DPI2 subagent must first issue a request for the port number for dpiPortForTCP.0. This request is issued to UDP 161 on the SNMP agent, after which the SNMP agent responds to the DPI2 subagent with the port number for dpiPortForTCP.0. After the port number is received, the DPI2 subagent establishes a connection with the DPI2 agent using the port number given. The DPI2 subagent then registers its MIB subtrees with the DPI2 agent.
After the connection is established and the MIB subtrees have been registered, the DPI2 subagent is ready to respond to requests received from the DPI2 agent. When a request is received, the DPI2 subagent processes the request and responds with the necessary information.
The DPI2 subagent is also ready to send traps, if necessary. When a trap is sent, the SNMP agent will check its/etc/snmpdv3.conf file to determine the IP address or addresses to which the trap must be forwarded to, and it will send the trap to those addresses.
A smux peer, such as gated, when started, will establish the connection to TCP 199 and will initialize the smux association. Following the initilization, the smux peer will register the MIB subtrees it is going to manage.
After the registration, the smux peer is ready to accept any incoming request from the smux server and send responses back. When the smux peer receives a request, it will process the request and send a response back the the smux server.
The smux peer can also send a trap to the smux server. If a trap is sent, the SNMP agent will check the /etc/snmpdv3.conf file to determine the IP address or addresses to which the trap must be forwarded, and it will send the trap to those addresses.
The SNMP manager runs clsnmp, which is compatible with SNMPv1, SNMPv2c, and SNMPv3. Using the clsnmp command, a user can issue a request, such as a get, get-next, get-bulk, or set request. The request is sent to UDP 161 on the SNMP agent, after which it waits for the response from the SNMP agent.
It also can listen to SNMP traps on UDP 162. The SNMP manager will receive traps if its IP address is so specified in the /etc/snmpdv3.conf file on the SNMP agent.
For information on MIB variables, see Management Information Base, Terminology Related to Management Information Base Variables, Working with Management Information Base Variables, and Management Information Base Database in AIX 5L Version 5.2 Communications Programming Concepts.
If you want to configure your own DPI2 subagent or smux peer, see the /usr/samples/snmpd/smux and /usr/samples/snmpd/dpi2 directories.
