[j-nsp] SNMP walk on JunOS from inside a routing instance

[James Bensley]

On 27 April 2016 at 17:10, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
> On 27/04/16 16:58, Per Westerlund wrote:
>>
>> That is default behavior, but you can access other RI's interfaces by
>> explicitly using the RI name. No way to reach all IFs at once via a RI.
>
>
> I'm a bit confused now.
>
> I just tested (SRX240H running 12.3X48-D15.4) and I can see all interfaces
> when hitting an IP inside a routing-instance, as well as in inet.0.
>
> We do *not* have "routing-instance-access" under the "snmp" block, but can
> still make SNMP queries to a routing instance; the docs suggest this should
> not work, so I'm not sure what's going on.

Yes I would expect it to NOT work inline with Per's comments and that
is whats happening for us. From the old Cacti box which is in inet0
(no routing instance) we can hit that community string and get all
interfaces return.

On 27 April 2016 at 17:01, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
> You've configured this community string to map to a routing-instance. Try
> removing it this config item, and just putting the "clients" directly under
> the community.

The problem is that the new Cacti box is only routable to/from the
MX's inside the routing-instance, we want it to be "securely" (take
that with a pinch of salt!) seperated from other traffic and routing.
So this is going to be a problem if the MX's have to be polled from
within inet0. All Cisco boxes are polled inside a management VRF, I
would expect Junos to be able to do this, it seems tome like it would
be a fairly common requirement (to have SNMP traffic seperated into
it's own routing instance).

Cheers,
James.