| SilverCreek Frequently Asked Questions |
|
|
|
Last updated: December 4, 2006 Loading MIBs SNMP Testing Notification Monitor Connecting to a SNMPv3 Agent Under Test Writing Your Own Test Scripts Automation (CLI, GUI) Performance Testing Windows Remote Desktop The latest IANAifType-MIB can be found at http://www.iana.org/assignments/ianaiftype-mib All MIBs shipped with SilverCreek can be found in the "mibs" sub-directory in your SilverCreej installation. The files with .tmp extension are actual MIB modules. The files with .defs extension are their correspondent compiled forms used by SilverCreek MIB store. How do you compile multiple MIBS that have dependencies on each other Normally, loading mibs into SilverCreek does not require you do anything particular. SilverCreek will try to resolve dependency after all mibs are loaded. If there is something missing, then SilverCreek would report a message like below: The following objects can not be linked under any branch in the Object Identifier (OID) tree. The definition for these objects is incomplete due to the fact that their parent objects (or MIB) have not been loaded. For instance: If a MIB module has an OID, for example 'enterprises.311.1' but the MIB module that defines the object at 'enterprises.311' has not been loaded then the OID 'enterprises.311.1' cannot be fully resolved. The parent MIBs of a MIB are usually listed in the 'IMPORT' clauses at the beginning of that MIB file. See MIB file for more information. To compile and load multiple mibs, just put all of them in the mibs directory under your SilverCreek root directory and then start SilverCreek. All mibs will be compiled and loaded if no critical errors are detected.
Can I set up multiple MIB directory paths so I can maintain different set of MIBs If you have a large number of private MIBs or multiple people testing different MIBs, you may wish to maintain them in different directories. To use a different directory than the default "mibs" directory create an environment variable MIB_PATH and point it to the location of the directory that holds your MIBs. You case force MIBs shipped by SilverCreek to be always loaded by checking the option "always load MIBs in SilverCreek mibs directory...." found in Tools->Options->Misc tab. Using MIB_PATH and SilverCreek's initialization file you can maintain different sets of MIBs in different directories and instruct SilverCreek to use the desired set of MIBs when it starts up. By default, if you place the MIBs for different releases in different directories, you need to redefine the environment variable "MIB_PATH" and restart SilverCreek every time when you want switching to test a different agent release that implements a different set of MIBs. You can create three SilverCreekinit files by making copies of the original scinit.tcl under SilverCreek's home (root) directory: Then add "::env(MIB_PATH)" definitions at the beginning of each of these files. # For scinit_release_2.tcl, at the beginning, insert the line Finally on Windows you can create three different "SilverCreek" icons (shortcuts) via "Copy and Paste", then you can right click on each new icon (shortcut), select "Properties", and then edit "Target" field to: "C:\Program Files\InterWorking Labs, Inc\SilverCreek Pro SP10\BIN\wish84.exe" ./tkcon.tcl -root . ./scinit_release1.tcl On Unix like platforms, you can copy the existing startup script bin/test-agent into three new files: bin/test-agent1, bin/test-agent2, bin/test-agent3 and then simply modify the last line " wish8.4 ./tkcon.tcl -root . ./scinit.tcl -- $*" in bin/test-agent1, bin/test-agent2, bin/test-agent3 to something like: Of course on Unix like systems you can also add the environment variable definition of "MIB_PATH" in bin/test-agent1, bin/test-agent2, bin/test-agent3 directly. MIB_PATH=/home/bob/rel_1_mibs What are Minimal set of MIBs I should load? SNMPv1 Agent: Note: RFC1155, RFC1157 , RFC1215 and RFC1212 are not required. SilverCreek supports them natively. If you want to load them into SilverCreek the MACRO constructs in these files must be removed first. RFC1215 and RFC1212 actually do not contain any MIB modules so do not load these two RFCs. SNMPv2c Agent: Note: RFC2578 ( SNMPv2-SMI ) and SNMPv2-PDU (RFC3416) are not required. SilverCreek supports them natively. If you want to load them into SilverCreek the MACRO constructs in these files must be removed first. SNMPv3 Agent: Note: RFC2578 ( SNMPv2-SMI ) and SNMPv2-PDU (RFC3416) are not required. SilverCreek supports them natively. If you want to load them into SilverCreek the MACRO constructs in these files must be removed first. Remove it from your MIB definition, then the SilverCreek mosy compiler won't complain.A common area of confusion among SNMP MIB designers is the use of BITS. Putting BITS in the IMPORTs clause of a MIB is illegal. The MIB compiler included with SilverCreek will reject a MIB that has BITS in the IMPORTs, because it is wrong per RFC 2578. Other MIB compilers for other types of products, such as simulators, are very permissive; these MIB compilers will allow this error and many other errors to slide by, in order to manage or simulate very badly written MIBs. BITS is not a TEXTUAL-CONVENTION. The standard TEXTUAL-CONVENTION types are defined in RFC 1903. Both RFC 1902 and 1903 define BITS, but as part of the OBJECT-TYPE and TEXTUAL-CONVENTION macros: Hence, BITS is an implicit part of the OBJECT-TYPE and TEXTUAL-CONVENTION macros. The BITS clause is intended to add semantic clarity to the notion of assigning meaning to bits in an OCTET STRING. What are scalar and columnar objects In SNMP, there are two types of objects: scalar and columnar. "Scalar" objects are objects that are not in a table such as sysDescr, sysName, etc. They must have instance ID .0 in get/set requests and responses. "Columnar" objects are objects that are defined in a table such as ifType, ifDescr, etc. They must have meaningful instance IDs (defined by index part of SilverCreek relies on the end user to add .0 or other more complicated instance IDs when issuing get/set request. As a protocol test tool, this approach is
What are covered in the built-in tests that come with SilverCreek? For comprehensive test coverage information please see doc/sc-testlist.pdf in your SilverCreek installation directory. 1.0 RFC-1157 (SNMPv1 Tests for ALL MIBs Loaded) All MIBs (including additional standard and private MIBs) loaded in SilverCreek will be tested automatically when running tests in the Protocol category: The total number of test cases that will be generated depends on 1) The number of MIBs loaded into SilverCreek, 2) The number of MIBs the agent under test has implemented. Note that in order to make sure a MIB implementation is going to be tested you must load the MIB into SilverCreek first. This is because SilverCreek needs to know the MIB definition in order to test that MIB implementation. You can develop additional test suites and make them appear under SilverCreek "Private" test tree node on SilverCreek GUI. Often customers may need to create additional functional tests. For that you can use SilverCreek API (Tcl) to code them. For more information about this see SilverCreek Developer's Guide. How do I limit testing only to my enterprise MIBs By default, any MIBs (including additional standard and private MIBs) loaded in SilverCreek will be tested automatically when running tests in the Protocol category: Why I don't see my private MIBs appear in the test suite tree? When you load a new MIB into SC, there isn't going to be a new test suite that appears in the test suite tree on the GUI. The new MIBs will be tested as part of the "SNMPv1 Tests for all MIBs Loaded", "SNMPv2c Tests for all MIBs Loaded" and/or "SNMPv3 Tests for all MIBs Loaded". In other words new test cases will be automatically generated when you run these protocol tests. You can develop additional test suites and have them to appear under SilverCreek "Private" Test node in the test suite tree. Often customers may need to create additional tests and they can use the SilverCreek API (Tcl) to develop any private tests they want to perform against their agent. Simple test cases can be generated using SilverCreek SNMPTcl script generator. Of course the new MIB should appear in MIB browser tree after you load it into SilverCreek. Does SilverCreek Cover CERT Advisory CA-2002-03 SilverCreek Vulnerability Tests cover CERT Advisory CA-2002-03. CA-2002-03 only targets at SNMPv1, our test suite Vul1 covers that. In addition to the original CA-2002-03, we have expanded SNMP vulnerability tests to SNMPv2c and SNMPv3. Test suite Vul2 and test suite Vul3 cover vulnerability testing for SNMPv2c and v3 agents respectively.
What if read-write objects are implemented as read-only We implemented some MIB objects as read-only according to our specifications event though they are read-write by definition. SilverCreek reports failures. ---------------- The access level and any other variation stated in the Agent Capabilities statement are honored by SilverCreek. For example, You should never return readonly (4). Readonly is a status defined but should never be used by convention. In snmpv1, you should return "noSuchName" Why lexicographical ordering is important Request: 1.3.6.1.2.1.113.1 While the following requests/responses are incorrect: Request: 1.3.6.1.2.1.113.1 The lexicographical order is critical for a NEXT implementation. If lexicographical ordering isn't properly handled then you may not retrieve the objects you want in your MIBs by issuing a simple "NEXT" command and it could cause managers to get into infinite loops. If you decide to deal with it later and continue running tests, you can check Test->Ignore Lexi Errors to work around this issue temporarily.
What fields should I enter when connecting to a SNMPv3 agent To do proper SNMPv3 testing, there must be a configured SNMPv3 user in the agent you wish to test with a full view of the MIB and full privileges. Each network device has its own way of configuring agents. This process is independent of SilverCreek. Though you may connect as a noAuth/NoPriv user, to reap the full benefits of our tests we recommend that you configure and use an auth/priv user.
1. The IP Address of the agent to be tested. Press OK. At this point SilverCreek will go through several steps to obtain the information it needs from the agent so it can do proper key localization and communicate successfully. The following steps occur automatically without any interaction needed from you, the tester. However, it is useful to be aware of how the localization occurs for debugging purposes in case you run across difficulties.
1. SilverCreek sends a get-next on 'sysDescr' with the EngineID = NULL, engineBoots = 0 and engineTime = 0. 4. SilverCreek sends a get-next on sysDescr with EngineID = 'the received value', engineBoots = 0 and engineTime = 0. Hints & Tips Below are a few tips for your information and common problems: 1. Entering a localized key in non-hex format. If you are entering an already localized key into the SilverCreek Agent Setup, it must be entered in strict hex form (for example 0x11:22:33...). If it is entered in any other format, the tool will assume it is not localized and attempt to localize it. 2. Receiving an Error Report (this is generated by your agent not by SilverCreek!): "Error usmStatsWrongDigests.0 report selecting agent." This may indicate that the digest contained in the request (this is the calculated digest) differs from the digest calculated by the agent using the auth secret key. Try comparing the auth/priv keys derived at both ends (your agent and SilverCreek). Any difference in these keys indicates an incorrect configuration. 3. Receiving an Error Report (this is generated by your agent not by SilverCreek!): "Errors snmpUnknownPDUHandlers.0 report selecting agent." 4. Receiving an Error Report (this is generated by your agent not by SilverCreek!): "Error usmStatsUnsupportedSecLevels.0 report selecting agent. 5. Receiving an Error Report (this is generated by your agent not by SilverCreek!): "Error usmStatsUnknownUserNames.0 report selecting agent." This may indicate that the agent does not have a user name configured locally as specified in the GET-NEXT request. Getting an error "Received engineID xxx does not match the configured engineID yyy" when I open a previously saved agent configuration file SilverCreek fails to connect to the agent and reports an error window: This is because the engineID contained in the agent configuration file is different from the current engineID value the agent has currently. Most like the agent had reset itself another engineID. To resolve the issue please leave the agent's engineID field blank and let the tool uses whatever is going to be discovered Does SilverCreek Pro support C++, VB, etc. languages? SilverCreek supports Tcl/Tk scripting language. It does not support developing tests using C/C++, VB, etc.
ASN.1 has two forms for encoding the length field. A full ASN.1 sequence consists of three elements: Where <tag> is a single octet specifying the data type, <length> is one or more octets indicating the number of octets within <contents>, which is the value associated with <tag>. The two forms for <length> are single-octet and multi-octet forms. The highest bit of the first length octet indicates whether it is single (0) or multi-octet (1). If it is 0, then the remaining bits are the length themselves; otherwise, the remaining bits indicate the length of the length field. The single-octet form is restricted to lengths from 0 to 127, since the high bit has a special purpose. The multi-octet form is not restricted. So, lets take a couple examples: Suppose you have an integer encoding with the value 255. The smallest number of octets you could encode this in is 3: Here, 02 is the tag, 01 is the length and ff is the value. Using the multi-octet form, the "minimal encoding" is still encoded in the fewest octets possible: Here, "81" indicates multi-octet form with 1 octet in the length, then the 01 following indicates 1 octet in the contents. The "non-minimally encoded" form would add extra bytes to the length: Now you have 3 extra 0's in the length part of the ASN.1 encoding. This is legal, but is generally frowned upon, because the reason for the single and multi-octet forms is to encode the length field in as few octets as possible. Failed to set trap callback. Port 162 is already in use by some other applications This can happen on Unix machines if the Test Suite is not running as root ( on Unix only privileged user can bind to port 162). If this is the case you can use "sudo" utility to run SilverCreek. This can also happen on any platform if another program is already using the trap port 162. Please see Help->Help Topics
Can I automatically test several agents (v1/v2c/v3) by doing some simple setting on the GUI? Yes. You can easily do that kind of things using Test->Automation Wizard. The automation wizard may be used to create remote interface scripts that allow for hands off testing and easy recreation of the test environment. Using this tool you don't need to write any scripts manually. Thought it is recommended that you use CLI scripts to auto mate running tests for better performance and flexibility, sometimes it is handy to use Automation Wizard for small agents. To create a new automation script select new and a wizard will walk you through the steps necessary. If you have already created automation scripts with the wizard, select Load to browse and load the scripts into the tool. To run, simply highlight the scripts you are interested in running and select run. Note when the generated script is run (using Tcl source command) from a Tcl shell, you may need to edit it and change "absolute" path reference to "appropriate" SilverCreek installation. Can I automatically test several agents (v1/v2c/v3) in command line interface (CLI) by writing a simple script? Yes. You can use SilverCreek's simple yet powerful command line interface API. to control testing. The automation is extremely useful if you want to run multiple test suites against multiple SNMP devices with each device has its own set of MIB files. For example, you can write an automation script to run in command line interface to do the following: Connect to DUT A, run testsuite 1.0 The good thing is that the automation script is very easy to write. For instance the following are two scripts that load two different set of MIBs and run tests against different agents. Both scripts can be run simultaneously or sequentially. See sample scripts and other details at Help -> Help Topics -> Automation and Integration
A quick example: For example, if you want to create one script that runs tests for v1, v2, and v3, # Load API # Create a v1 agent context and run some tests # Create a v2c agent context and run some tests
# Create a v3 agent context and run some tests snmptcl::chapter 3.0
Does SilverCreek do performance testing? Yes. SilverCreek Performance Monitoring Tool allows the user to measure the response time to certain operations with a given device and then compare that to another device. This is useful for understanding performance issues and problems with a network application, the network itself, or the device itself. You can create scripts and run the scripts against several devices and then compare the output results to determine where performance bottlenecks exist and even what device performs best. You can create different scenarios to compare performance: GET/SET/NEXT/BULK request on the same variable(s) SNMP supports both columnar and scalar objects. Columnar objects are located in a table and can have multiple instances, whereas scalar objects exist as single instance variables and are directly accessible. Thus, in a very large table, one may expect the access time to a columnar variable to be greater than that for a stand-alone scalar variable. What is the normal SNMP performance range suppose to be?There is no quick answer to this question. For the purpose of performance comparison you have to first establish a base first. * The size and amount of the SNMP data that is being retrieved.
My SilverCeek GUI does not function properly if viewed in a XP Remote Desktop Q: Windows XP has a remote desktop feature allowing a login session to be monitored/used remotely. Unfortunately any "wish" toplevels are not useable in the remote version of the desktop. All I get is an ugly mess where my widgets were, and a perfectly intact native menubar at the top. All other "native" windows appear fine. Java toplevels are also ok. I'm using TCL/TK 8.4.3.8.4.4. appears to be the same. A: This appears to be an issue in Tk not liking the change of a Windows desktop color depth while running.The issue is that remote logins always use a reduced palette (for speed), and Tk isn't down-shifting properly. This is an incompatibility between Tk and Windows remote desktop. However it should work fine if you start SilverCreek after logging in remotely. If you start SilverCreek before logging in remotely things should work fine if the 'color quality' on the machine on which SilverCreek is running is set to 'medium 16 bit'. It appears that the remote desktop session uses this level of color quality. You can change these setting in Windows Control Panel -> Display Settings.
|