13.5.5 Traps and static NAT
For an NNMi management server to be able to receive SNMP traps from the nodes located behind a NAT gateway, you must change the managed nodes. This subsection explains two types of SNMP traps, SNMPv2c and SNMPv1.
NNMi must unambiguously resolve the source address of each trap that it receives.
- Organization of this subsection
(1) SNMPv2c traps
The figure below shows the format of an SNMPv2c trap. In this figure, the top section forms the IP header and the lower section forms the SNMP Trap Protocol Data Unit (PDU).
SNMPv2c traps do not include an Agent Address field in the PDU section. Therefore, the trap's only source field is located in the IP packet header. The source field is translated by the NAT router appropriately.
Make sure that the sources of all traps of devices located behind the NAT router are recognized by the interface associated with the source node's private internal IP address. This ensures that the NAT gateway can translate a trap to the appropriate public address.
The figure below shows an example of correct translation from a NAT gateway. The NAT gateway properly translates a trap that begins with the source address of 192.168.1.2 to address 15.2.12.2. Then the NNMi management server correctly resolves this address.
(2) SNMPv1 traps
An SNMPv1 trap includes an Agent Address field in the PDU. The figure below shows the format of SNMPv1 traps. In this figure, the IP header forms the top section and the SNMP trap PDU forms the lower section.
Because the Agent Address field is embedded in the PDU and not in the header, the NAT router does not normally translate this value. To configure NNMi to recognize the header address and ignore the payload's agent address:
Edit the following file:
Windows: %NNM_PROPS%\nms-jboss.properties
Linux: $NNM_PROPS/nms-jboss.properties
Locate the following line:
#!com.hp.nnm.trapd.useUdpHeaderIpAddress=false
Change the value to true and remove the characters #!, as shown below:
com.hp.nnm.trapd.useUdpHeaderIpAddress=true
Save the changes.
Execute the following commands to restart NNMi:
ovstop ovstart
The following figure shows an example of an SNMPv1 trap where NNMi ignores the conflicting Agent Address fields.
NNMi provides the following Custom Incident Attributes (CIAs):
cia.agentAddress: This is the IP address stored in the SNMPv1 trap data of the SNMP agent that generated the trap.
cia.internalAddress: If the network management domain supports static NAT, the NNMi administrator can configure this attribute to display the internal IP address that is mapped to the external management address of the selected incident's source node.
You must use the Overlapping IP Address Mapping form to map the external management IP address (public address) to this internal address (private address). For details, see NNMi Help.