BAI513 - PROTOCOLS

SNMP

BAIST – Network Management

Objectives

Understand the basic principles and practices involved in managing modern networks

Explain the role that the Simple Network Management Protocol can plan on an IP-based network

Understand the basic structure and function SNMP management data, including Management Information Bases, Abstract Syntax Notation, and related SNMP management objects

Explain the function of the standard remote monitoring SNMP Management Information Base known as RMON

Understanding Network Management Practices and Principles

The tasks involved in managing a network depend on the ability to collect data about a network and detect network-related occurrences, usually called events

This means being able to monitor and control all of the devices that go into a modern network, from hubs and routers, to server, switches, and gateways of various kinds

To some extent, network management is a term that’s open to multiple interpretations

Network Management Architectures End stations are usually known as managed devices,

and may be any kind of system—a desktop computer, server, router, hub, switch, PBX, or some other kind of equipment involved in networking—where management-related software is installed and running

At each managed device, a special piece of software called a management agent responds to polls for collected data, where the management agent itself

has custody of a management database (MDB) of information that it collects and maintains over time

Network Management Architectures

On the data collection end, two kinds of activities occur within a management utility or facility, called a management entity, whose job is to provide access to management data, controls, and behaviors:1. When alerts are received, appropriate

responses must be generated 2. Regular polling or sampling of management

data occurs, whereby the management entity requests updates from managed devices to reflect recent data intervals related to traffic characterization and error and utilization levels, and reports on application- or service-specific activity

Network Management Architectures

Management entities usually function within the context of a network management system (NMS), in which agents and entities use specific network management protocols to communicate and exchange data

Management proxies at a lower level in the hierarchy communicate with higher-level management entities to deliver status and event information

Network Management Architectures

Understanding SNMP SNMP is a request/ response-based protocol

used to transport management messages between an SNMP agent (the client process) and an SNMP manager (the server process)

There are several versions of SNMP currently defined:

– SNMP version 1 (SNMPv1)

– SNMP version 2 (SNMPv2)

– SNMP version 3 (SNMPv3)

Understanding SNMP SNMPv1 consists of the following basic

elements:

– Management Information Base (MIB) objects

– SNMP agents

– SNMP managers

– SNMP messages

Management Information Base (MIB) Objects

A Management Information Base (MIB) is a database of manageable objects for a device

The following lists some of the MIBs implemented on SNMP-managed networks:

– MIB-2 (RFC 1213)

– ATM MIB (RFC 2515)

– Printer MIB (RFC 1759)

– IPv6 MIB (RFC 2465)

MIB Objects

Within any given MIB, a formal specification, known as the Structure of Management Information (SMI), defines the format for all objects maintained in that MIB

In fact, SMI defines object formats in any MIB using a particular form of notation called Abstract Syntax Notation One (ASN.1)

ASN.1 is a language used to describe a type of object and the object identifier (OID)

MIB Objects In SNMP, the object identifier is used to

reference a single MIB object The object identifier is a sequence of non-

negative integers that traverses an object tree

The tree starts with the root The “branches” of the object tree are

referred to as subordinates In SNMP, objects are identified by writing

the path used to get to a specific device identifier on an object tree

ASN.1 Representation Uses a Structured Object Identifier

SMI Tree Branches

Using Object Identifiers

The network management object identifiers are under the iso(1), org(3), dod(6), internet(1), or 1.3.5.1 branch of the name space

Using Object Identifiers

Currently, MIB-2 is the popular general MIB supported by most SNMP-managed devices

In some instances, vendors may implement a private MIB that focuses specifically on a particular product’s manageable elements

MIB-2 Subordinates

SNMP Agents

SNMP agent software is placed on devices that can be managed by SNMP managers

The agent software contains the MIB for the device being managed

SNMP agents answer to the SNMP manager’s queries for information about the objects in the agent’s MIB

SNMP Managers

SNMP managers query SNMP agents

for the information maintained about

MIB objects

SNMP managers also set thresholds

on the SNMP agents

SNMP Messages

SNMP managers and agents communicate over UDP with a specific set of commands

These commands are as follows:

– GET-REQUEST

– GET-RESPONSE

– GET-NEXT

– SET

– TRAP

SNMP Messages Both SNMPv1 & SNMPv2 messages

consist of a header and PDU

Both SNMPv1 & SNMPv2 message headers consist of 2 fields– Version Number– Community Name

SNMPv1 PDU Formats

SNMPv2 PDU Formats

Core SNMP Commands

GET Commands (GET-REQUEST/GET-RESPONSE)

The GET-REQUEST command is used to read a single entry within a MIB

The SNMP manager transmits the GET-REQUEST command and indicates the MIB entry of interest using its ASN.1 representation

The GET-RESPONSE command is sent in reply

GET-NEXT

When an SNMP manager wants to

read a series of entries in a MIB table,

it uses the GET-NEXT command

The MIB objects desired follow the

GET-NEXT command

SET

The SET command is used to set

thresholds on SNMP agents

These thresholds can be referred to

generically as event thresholds, not

alarm thresholds, because they

signify only that an event occurred

TRAP TRAP

messages are unique among SNMP commands

These messages are sent unsolicited by the SNMP agent to the SNMP manager when an event setting is exceeded

SNMP Security SNMP requests include a community name,

which is a type of password

There are three basic community names:– Read-Only (or Monitor) community name

– Read/Write (or Control) community name

– Alert (or Trap) community name

Each community name typically has a different word associated with it

In SNMPv1 and SNMPv2, these community names cross the network in plain text, making them even more insecure

Remote Monitoring (RMON) The RMON MIB is used to monitor and

administer remote segments of a distributed network

A distributed environment is usually fairly large with many devices to manage

Distributed networks usually evolve over time and become heterogeneous environments (contain dissimilar equipment running different versions of software)

Remote Monitoring (RMON) In a distributed environment, you generally

do not have personnel at each facility, who can assist in managing and troubleshooting, so you must find a cost-effective solution

RMON places agents, called network probes, at various locations on the distributed network

Probes are standalone devices that contain a NIC, a processor, memory, and software

Remote Monitoring (RMON)

The probes are attached to the network like any other physical device

The first version of RMON, as outlined in RFC 1757, was Ethernet-based

Its OID is (1.3.5.1.2.1.16) and it has nine distinct groups of objects

The implementation of any or all of these groups is not mandatory

Remote Monitoring (RMON)

The following lists some of the commonly used groups:– Ethernet statistics– History control– Alarm– Host– HostTopN– Matrix– Filter– Packet capture– Event

Summary Understand the basic principles and practices

involved in managing modern networks Explain the role that the Simple Network

Management Protocol can plan on an IP-based network

Understand the basic structure and function SNMP management data, including Management Information Bases, Abstract Syntax Notation, and related SNMP management objects

Explain the function of the standard remote monitoring SNMP Management Information Base known as RMON