efficient network management (236635) snmp tcp backchannel submitted by: an snmp agent extension for...

Efficient Network Management (236635)Efficient Network Management (236635)

SNMP TCP BackchannelSNMP TCP Backchannel

Submitted by:Submitted by:

An SNMP agent extension for transferring large files

Tsachi Sharfman 029710399Kfir Karmon 037197696


Problem Description Problem Description

• SNMP runs over UDPSNMP runs over UDP

• UDP is unreliable and therefore is UDP is unreliable and therefore is inefficient for transferring large inefficient for transferring large amounts of dataamounts of data


Solution’s RequirementsSolution’s Requirements

• Should enable the efficient transfer Should enable the efficient transfer of any SNMP table supported by the of any SNMP table supported by the agent.agent.

• Should be transparent to existing Should be transparent to existing SNMP clients.SNMP clients.


Possible Solutions (1/3)Possible Solutions (1/3)

• Download a mirrored table using FTPDownload a mirrored table using FTP

Based on widespread known technology (SNMP & FTP)Relies on an reliable protocol (FTP/TCP)

Not transparent to existing SNMP clients (Fails to withstand the requirements)

1. Send an SNMP SET command to a special OID

2. The agent will locally save a specified table

3. The client will retrieve the table using FTP

Pros and ConsPros and Cons::



• Use SNMP through a TCP tunnelUse SNMP through a TCP tunnel

Full transparency for existing SNMP clientsRelies on an reliable transfer protocol (TCP) Non standard, relies on proprietary technology

Overhead for short SNMP requests (UDP is cheaper)

1. Open a TCP tunnel between the client and server

2. SNMP packets are routed through the TCP tunnel

Pros and ConsPros and Cons::



• Use a TCP backchannel for SNMP responsesUse a TCP backchannel for SNMP responses

Full transparency for existing SNMP clientsRelies on an efficient transfer protocol (TCP) Might be non-friendly to firewalls and NAT gateways

1. Client requests the table using SNMP

2. Client has a service, listening on a designated TCP port

3. Agent sends the SNMP responses encapsulated in the TCP backchannel to the client’s listening port

4. The service locally emulates the agent’s SNMP responsePros and ConsPros and Cons::


Implementing Solution #3Implementing Solution #3

• In order to trigger the Backchannel (BC) In order to trigger the Backchannel (BC) mechanism the client should :mechanism the client should :– Register its IP and listening portRegister its IP and listening port– Register the wanted table (OID)Register the wanted table (OID)– Issue an SNMP request to the Mirrored OIDIssue an SNMP request to the Mirrored OID

• At this point the SNMP agent will query itself with At this point the SNMP agent will query itself with SNMP for the requested OID (the real one)SNMP for the requested OID (the real one)

• After the receiving the table a bakchannel to the After the receiving the table a bakchannel to the client is opened and the table is transferredclient is opened and the table is transferred

• The client side will send itself an SNMP response The client side will send itself an SNMP response with the received table with the received table

Architecture Overview - TCP backchannel Architecture Overview - TCP backchannel (1/1)(1/1)



• New MIB defined in the “NET-SNMP-EXAMPLES-New MIB defined in the “NET-SNMP-EXAMPLES-MIB.txt” fileMIB.txt” file

• It introduced two table:It introduced two table:– BCRegisteredClientsTable BCRegisteredClientsTable

Every client that wants to use the BC mechanism needs Every client that wants to use the BC mechanism needs to register itself hereto register itself here

– BCRegisteredOIDsTable BCRegisteredOIDsTable Each OID that needs to be transferred via the BC should Each OID that needs to be transferred via the BC should be registered herebe registered here

• An additional “phantom” table was introduced, it An additional “phantom” table was introduced, it includes OIDs that issuing SNMP requests to them includes OIDs that issuing SNMP requests to them triggers the BC mechanism triggers the BC mechanism

Backchannel Control MIB (BCM) Backchannel Control MIB (BCM) 1/3 1/3



• BCRegisteredClientsBCRegisteredClients• BCRegisteredOIDs BCRegisteredOIDs

Legend:




• BCMirroredOIDsTableBCMirroredOIDsTable– These names are not defined in the MIB, These names are not defined in the MIB,

though the structure is supported by the agent though the structure is supported by the agent add-on (via the numeric annotation)add-on (via the numeric annotation)

Legend:




• The NET SNMP agent was extended using The NET SNMP agent was extended using the, existing, add-on mechanismthe, existing, add-on mechanism

• The extension would handle any SNMP The extension would handle any SNMP requests that are targeted to the “…requests that are targeted to the “…BackchannelControl.*” OIDsBackchannelControl.*” OIDs

• When an SNMP Get* request, to the When an SNMP Get* request, to the MirroredOIDs, is received the agent will MirroredOIDs, is received the agent will query itself for the appropriate OIDquery itself for the appropriate OID

• The agent will send, via the TCP BC, the The agent will send, via the TCP BC, the SNMP packets constructing the received SNMP packets constructing the received response (in the TCP packets payloads)response (in the TCP packets payloads)

Backchannel Server (BCServer) Backchannel Server (BCServer) 1/11/1



• A.K.A BackChannel Listener (BL)A.K.A BackChannel Listener (BL)• The client registers itself and the wanted OIDs to the The client registers itself and the wanted OIDs to the

designated tables as described above.designated tables as described above.• The client issues a standard SNMP Request to the The client issues a standard SNMP Request to the

MirroredOIDMirroredOID• The BCClient listens to the designated port for a connection The BCClient listens to the designated port for a connection

to be made by the BCServerto be made by the BCServer• After receiving the encapsulated SNMP response packets After receiving the encapsulated SNMP response packets

from the BCServer, the BCClient issues a standard SNMP from the BCServer, the BCClient issues a standard SNMP response “spoofed” with the server’s IP.response “spoofed” with the server’s IP.

• Thus causing the initial, standard, SNMP request to receive Thus causing the initial, standard, SNMP request to receive the response without knowing that it was sent via a TCP BC.the response without knowing that it was sent via a TCP BC.

Backchannel Client (BCClient) Backchannel Client (BCClient) 1/11/1


Implementing Solution #3Implementing Solution #3The Whole PictureThe Whole Picture


How We Tested (1/2)How We Tested (1/2)

• I order to test the efficiency of the I order to test the efficiency of the new BC mechanism we built the new BC mechanism we built the following network topologyfollowing network topology

WindowsWindowsSNMP Client

+BCClient

WindowsWindowsSNMP Agent

+BCServer

Linux based router

+ConfigurablePacket loss

driver


How We Tested (2/2)How We Tested (2/2)

• We created scripts to automate our testing:We created scripts to automate our testing:– _AddRoutingRules.vbs_AddRoutingRules.vbs

This script added routing rules to the agent’s routing This script added routing rules to the agent’s routing table, a rule was added for each IP in the range: 10.0.[0-table, a rule was added for each IP in the range: 10.0.[0-4].[0-255]4].[0-255]

– _Test.vbs_Test.vbsThis was the main script, its usage:This was the main script, its usage:

_T_Testest..vbs vbs [[TCP | UDPTCP | UDP] [] [Server's IPServer's IP] [] [Client's IPClient's IP] [] [NumOfRepititionsNumOfRepititions] [] [NumOfTimesNumOfTimes] ] [[CSV_FileCSV_File]]

• This script performs snmpBulkGet requests to the server This script performs snmpBulkGet requests to the server using a defined number of repetitions in the bulk response.using a defined number of repetitions in the bulk response.

• The requests were executed a defined number of times.The requests were executed a defined number of times.• The output was exported to a CSV formatted file for later The output was exported to a CSV formatted file for later

data processing in MS-Excel.data processing in MS-Excel.• TCP requests were issued to the mirrored OID and UDP TCP requests were issued to the mirrored OID and UDP

requests were issued to the regular ipRoutingTable OID requests were issued to the regular ipRoutingTable OID (both via standard SNMP)(both via standard SNMP)


Results (1/4)Results (1/4)

• At first we compared At first we compared the BC mechanism’s the BC mechanism’s efficiency against the efficiency against the standard SNMP with the standard SNMP with the following parameters:following parameters:– 60 repetitions in the bulk 60 repetitions in the bulk

response (= a single IP response (= a single IP packet)packet)

– Packet Loss rate ranging Packet Loss rate ranging from 0%-50% stepping in from 0%-50% stepping in 10%10%

– Each scenario was tested Each scenario was tested 50 times50 times

Success Rate

0

0.2

0.4

0.6

0.8

1

1.2

0 10 20 30 40 50

Packet Loss Rate

Su

cc

es

s R

ate

Udp

Tcp

Time

0

5

10

15

20

25

0 10 20 30 40 50

Packet Loss Rate

Tim

e (

se

c)

Udp

Tcp

Increase Packet Loss Rate & no IP FragmentsIncrease Packet Loss Rate & no IP Fragments



• Then we used the Then we used the following following parameters:parameters:– 126 repetitions in 126 repetitions in

the bulk response (= the bulk response (= 2 IP packet, caused 2 IP packet, caused by IP-fragmentation)by IP-fragmentation)

– Packet Loss rate Packet Loss rate ranging from 0%-ranging from 0%-50% stepping in 10%50% stepping in 10%

– Each scenario was Each scenario was tested 50 timestested 50 times

Success Rate

0

0.2

0.4

0.6

0.8

1

1.2

0 10 20 30 40 50

Packet Loss Rate

Su

cc

es

s R

ate

Udp

Tcp

Time

0

5

10

15

20

0 10 20 30 40 50

Packet Loss Rate

Tim

e (

se

c)

Udp

Tcp

Increase Packet Loss Rate & 2 IP FragmentsIncrease Packet Loss Rate & 2 IP Fragments



• Then after we used Then after we used the following the following parameters:parameters:– 400 repetitions in the 400 repetitions in the

bulk response (= ~8 IP bulk response (= ~8 IP packet, caused by IP-packet, caused by IP-fragmentation)fragmentation)

– Packet Loss rate Packet Loss rate ranging from 0%-50% ranging from 0%-50% stepping in 10%stepping in 10%


Success Rate

0

0.2

0.4

0.6

0.8

1

1.2

0 10 20 30 40 50

Packet Loss Rate

Su

cc

es

s R

ate

Udp

Tcp

Time

0

5

10

15

20

25

0 10 20 30 40 50

Packet Loss Rate

Tim

e (

se

c)

Udp

Tcp

Increase Packet Loss Rate & 8 IP FragmentsIncrease Packet Loss Rate & 8 IP Fragments



• The last test had the The last test had the following following parameters:parameters:– Repetitions ranging Repetitions ranging

from 6 to 2880, in the from 6 to 2880, in the bulk response, bulk response, stepping in ~400stepping in ~400

– Packet Loss rate of Packet Loss rate of 10% 10%


Success Rate

0

0.2

0.4

0.6

0.8

1

0 1000 2000 3000 4000

Number of Entries Retrieved

Su

cc

es

s R

ate

Udp

Tcp

Time

0

1

2

3

4

5

0 1000 2000 3000 4000

Number of Entries Retrieved

Tim

e (

se

c)

Udp

Tcp

Increasing IP Fragments & fixed Packet LossIncreasing IP Fragments & fixed Packet Loss


Observations (1/2)Observations (1/2)

• Both methods success rate drop when Both methods success rate drop when packet loss rate inclinespacket loss rate inclines

• Though, BC success rate is consistently Though, BC success rate is consistently higher than standard SNMPhigher than standard SNMP

• UDP’s average success time is constant, UDP’s average success time is constant, BC’s average time increases. (UDP fails at BC’s average time increases. (UDP fails at const timeout, BC retries)const timeout, BC retries)

• BC’s performance declines when packet BC’s performance declines when packet loss increases over 20% (Combination of loss increases over 20% (Combination of average time and success rate)average time and success rate)

Increase Packet Loss RateIncrease Packet Loss Rate


Observations (2/2)Observations (2/2)

• When packet loss rate set to 10% When packet loss rate set to 10% and increasing the size of the bulk ...and increasing the size of the bulk ...

• BC delivers great performance: BC delivers great performance: Nearly fixed time & high success rateNearly fixed time & high success rate

• Standard SNMP suffers from Standard SNMP suffers from increasing average time and steep increasing average time and steep drop in success ratedrop in success rate

Fixed Low Packet LossFixed Low Packet Loss


ConclusionConclusion

• Using a TCP Backchannel proved to Using a TCP Backchannel proved to be very effective in relatively be very effective in relatively moderate packet loss rates (~10%)moderate packet loss rates (~10%)

• The solution is transparent to The solution is transparent to existing SNMP based management existing SNMP based management tools tools

• Provides efficient method for Provides efficient method for retrieving large amounts of data in a retrieving large amounts of data in a quick and reliable mannerquick and reliable manner


The EndThe End

efficient network management (236635) snmp tcp backchannel submitted by: an snmp agent extension for...

Documents

snmp table

udp snmp

snmp responses

snmp tcp backchannel

snmp packets

existing snmp clients

snmp agent extension

tcp tunnel use snmp