snmp and network management
TRANSCRIPT
![Page 1: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/1.jpg)
SNMP andNetwork Management
Simple Network Management Protocol
A Standard Protocol for Systems and Network Management
![Page 2: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/2.jpg)
Systems and Network Management SNMP 2
SNMP — how it was born
In 1980‘s, networks grew, hard to manage
Many vendors, many protocols
Many saw a need for standard
SNMP Proposed to IETF (Internet Engineering Task Force) as a Request for Comments (RFC)
RFCs are the standards documents for the Internet
![Page 3: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/3.jpg)
Systems and Network Management SNMP 3
SNMP: An IETF standard
There are three versions of SNMP
SNMPv1: RFC 1157
Basic functionality, supported by all vendors
SNMPv2: RFC 1905, 1906, 1907
Some useful additional features; supported by many vendors
SNMPv3: RFC 1905, 1906, 1907, 2571, 2572, 2573, 2574, 2575.
Still a proposed standard
Adds strong authentication
Supported by Net SNMP and some Cisco products
![Page 4: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/4.jpg)
Systems and Network Management SNMP 4
Managers and Agents A network management system consists
of two software components:
Network manager
often called a NMS (Network Management Station)
Agent
Software that runs on the device being monitored/managed
![Page 5: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/5.jpg)
Network Management - Basic paradigm
Manager
Agent
MIB
Req Res Events/A
larm
Management
Station
Managed
Node
Client
Server
![Page 6: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/6.jpg)
Systems and Network Management SNMP 6
SNMP runs on UDP
UDP = User Datagram Protocol
Unreliable (no acknowlegment in UDP protocol)
Low overhead
Won‘t flood a failing network with retransmissions
UDP port 161 for sending, receiving requests
UDP port 162 for receiving traps
![Page 7: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/7.jpg)
Systems and Network Management SNMP 7
SNMP Communities
SNMPv1, v2 use a ―community‖ as a way of establishing trust between manager and agent
This is simply a plain text password
There are three: Read-only (often defaults to ―public‖)
Read-write (often defaults to ―private‖)
Trap
Change from default for production!!!!!!!!!!!
![Page 8: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/8.jpg)
Systems and Network Management SNMP 8
Authentication in SNMPv3
Sophisticated authentication system
User based
Supports encryption
Overcomes the biggest weakness of SNMPv1, v2 community strings
![Page 9: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/9.jpg)
Systems and Network Management SNMP 9
Management Models in SNMP
Organizational Model
Two-tier architecture
Three-tier architecture (RMON)
Proxy Servers
SNMP network management architecture
Containment model (Rack->Shelf->Slot->Card->Port->Timeslots)
![Page 10: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/10.jpg)
Systems and Network Management SNMP 10
What is a managed object? A Managed Object composed of object type and an object
instance.
A better name is variable, but called managed object more often
Ex. the managed object system.sysUpTime.0 Gives time since agent was started
Is (generally) located on the agent
A managed object has one object identifier (OID)
Carries one scalar value, or a table of related information
Management involves monitoring and setting values in these managed objects
Agent software changes SNMP requests to action to read or set the requested value(s)
![Page 11: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/11.jpg)
Systems and Network Management SNMP 11
Structure of Management Information (SMI)
Defines how managed objects are named, and specifies their datatypes (called syntax).
Definition has three attributes: Name (also called object identifier). Two forms (both very
long): Numeric
―Human readable‖
Type and syntax: defined using a subset of ASN.1 (Abstract Syntax Notation One) ASN.1 is machine independent
Encoding: how an instance of a managed object is encoded as a string of
bytes using the Basic Encoding Rules (BER)
![Page 12: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/12.jpg)
Systems and Network Management SNMP 12
More on managed object? SMI is concerned only with the object type and not object
instance E.g. Object type with different instances of hub card would be the identical
object ID (iso.org.dod.internet.private.enterprise.43.1.8.5) but different ip addresses for each instance
Object
Object Type
Encoding:BERSyntax:ASN.1Name:Object ID
Object instance 2
Object instance 1
Object instance 3
![Page 13: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/13.jpg)
Systems and Network Management SNMP 13
Naming managed objects
Objects are organised into a tree
Object type (i.e. name) is uniquely identified by a DESCRIPTOR and an associated OBJECT IDENTIFIER
DESCRIPTOR defining the name is mnemonic and is in all lower case
Object ID is unique name and number in the MIT
Object ID is series of numbers separated by dots
―human readable‖ name substitutes a name for each number
But the names are very long and hard for a human to remember
NMS makes it easier to find variables (objects) in a more human friendly way
![Page 14: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/14.jpg)
Systems and Network Management SNMP 14
Naming managed objects
internet OBJECT IDENTIFIER ::= { iso org(3) dod(6) 1 }
internet OBJECT IDENTIFIER ::= {1 3 6 1}
directory OBJECT IDENTIFIER ::= { internet 1 }
mgmt OBJECT IDENTIFIER ::= { internet 2 }
experimental OBJECT IDENTIFIER ::= { internet 3 }
private OBJECT IDENTIFIER ::= { internet 4 }
![Page 15: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/15.jpg)
Systems and Network Management SNMP 15
ASN.1
MIBs defined with a SYNTAX attribute
The SYNTAX specifies a datatype, as in
a programming language
Exact specification, so works on any platform
Will see examples of MIB definitions later
![Page 16: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/16.jpg)
Systems and Network Management SNMP 16
ASN.1 Basic data types or Primitive Date Types
INTEGER: length can be specified
OCTET STRING: byte string
OBJECT IDENTIFIER:
1.3.6.1.4.1.11400 is ICT private enterprise OID.
![Page 17: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/17.jpg)
Systems and
Network
Management SNMP 17
SNMPv1 Defined data types
Counter: 32-bit
unsigned value that wraps after 232 -1. It can only increase.
IpAddress: 32-bit
IPv4 address
NetworkAddress:
can hold other types of protocol family
Gauge: 32-bit unsigned value that can increase or decrease but not wrap
TimeTicks: 32-bit count in hundredths of a second
Opaque: allow any kind of data
![Page 18: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/18.jpg)
Systems and
Network
Management SNMP 18
SEQUENCE (ipAddrEntry)
Object Name Object ID Obj Syntax
1 ipAdEntAddr {ipAdEntry 1} ipAddress
2 ipAdEntIfIndex {ipAdEntry 2} INTEGER
3 ipAdEntNetMask {ipAdEntry 3} ipAddress
4 ipAdEntBcdAddr {ipAdEntry 4} INTEGER
5 ipAdEntReaMaxSize
{ipAdEntry 5} INTEGER
6 ipAddEntry {ipAddrTable 1} SEQUENCE
![Page 19: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/19.jpg)
Systems and
Network
Management SNMP 19
Definition of ipAddrEntry
List: IpAddrEntry::=
SEQUENCE{
ipAdEntAddr IpAddress
ipAdEntIfIndex INTEGER
------ -----
}
![Page 20: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/20.jpg)
Systems and
Network
Management SNMP 20
SEQUENCE OF (Table)
Table: IpAddrTable ::=
SEQUENCE OF IpAddrEntry
7 ipAddrTable {ip 20} SEQUENCE OF
![Page 21: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/21.jpg)
MIB – Management Information Base
Object IDentifier (OID)
- Example .1.3.6.1.2.1.1
- iso(1) org(3) dod(6) internet(1) mgmt(2)
mib-2(1) system(1)
Note:- .1.3.6.1 ~100% present.- mgmt and private most common.- MIB-2 successor to original MIB.- STATUS ‗mandatory‘, All or nothing in group
1
3
6
1
1
2 3
4
1
1
2 4
6
iso(1)
org(3)
dod(6)
internet(1)
directory(1)
mgmt(2) experimental(3)
private(4)
mib-2(1)
system(1)
interfaces(2) ip(4)
tcp(6)
![Page 22: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/22.jpg)
MIB – Management Information Base system(1) group
- Contains objects that describe some basic information on an entity.
- An entity can be the agent itself or the network object that the agent is on.
1
1
2
mib-2(1)
system(1)
interfaces(2)
system(1) group objects
- sysDescr(1) Description of the entity.
- sysObjectID(2) Vendor defined OID string.
- sysUpTime(3) Time since net-mgt was last re-initialised.
- sysContact(4) Name of person responsible for the entity.
![Page 23: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/23.jpg)
MIB – Management Information Base
MIB - tree view MIB - syntax view
1
1
mib-2(1)
system(1)
1
2
3
4
sysDesc(1)
sysObjectID(2)
sysUpTime(3)
sysUpTime OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION “The time (in hundredths
of a second) since the
network management
portion of the system was
last re-initialized.”
::= {system 3}
sysContact(4)
![Page 24: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/24.jpg)
MIB – Management Information Base
MIB - tree view MIB - syntax view
1
1
mib-2(1)
system(1)
1
2
3
4
sysDesc(1)
sysObjectID(2)
sysUpTime(3)
sysDescr OBJECT-TYPE
SYNTAX
OCTETSTRING (SIZE
(0…255)
ACCESS read-only
STATUS mandatory
DESCRIPTION “This value include the full
name and version id of the
system hardware, OS and
NOS.”
::= {system 1}
sysContact(4)
![Page 25: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/25.jpg)
Systems and
Network
Management SNMP 25
OBJECT-TYPE MACRO
OBJECT-TYPE MACRO ::=
BEGIN TYPE NOTATION ::= ―SYNTAX‖ type (TYPE
ObjectSyntax) ―ACCESS‖ Access
―STATUS‖ Status
VALUE NOTATION ::= value (VALUE ObjectName)
Access ::= ―read-only‖|‖write-only‖|‖not-accessible‖
Status ::= ―mandatory‖|‖optional‖|‖obsolete‖
END
![Page 26: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/26.jpg)
Systems and
Network
Management SNMP 26
Aggregate Objects
Group of related objects e.g.
ifTable & ipAddrTable
Objects which make up Aggregate
Objects are called subordinate
object type e.g. ipAddrEntry
Columnar Objects
![Page 27: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/27.jpg)
Systems and
Network
Management SNMP 27
Columnar ipAddrTable
ipAddrTable {1.3.6.1.2.1.4.20} ipAddrEntry {1}
ipAdEntAddr {1}
ipAdEntIfIndex {2}
------
Columnar object ID of ipAdEntIfIndex would be {1. 3.6.1.2.1.4.20.1.2}
Iso.org.dod.internet.mgmt.mib-2.ip.ipAddrTable.ipAddrEntry.ipAdEntIfIndex
![Page 28: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/28.jpg)
Systems and
Network
Management SNMP 28
ipAddrTable
Row ipAdEntAddr
ipAdEntIfIndex
ipAdEntNetMask
ipEntBcastAddr
ipAdEntDaGramMaxSize
1 123.45.2.1
1 255.255.255.0
0 12000
2 123.45.2.4
3 255.255.0.0
1 12000
3 165.8.9.25
4 255.255.255.0
0 12000
4 9.96.8.138
2 255.255.255.0
0 12000
![Page 29: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/29.jpg)
Systems and
Network
Management SNMP 29
SNMP Protocol Specification
Protocol Entities
Application Layer -> Physical Layer
Get-Request [0]
Get-Next-Request [1]
Set-Request [2]
Get-Response [3]
Trap [4]
![Page 30: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/30.jpg)
Systems and
Network
Management SNMP 30
Protocol Data Unit (PDU)
The PDU is the message format that carries SNMP operations.
There is a standard PDU for each of the SNMP operations.
![Page 31: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/31.jpg)
Systems and
Network
Management SNMP 31
Message Format: message header
SNMPv1, v2c message has a header and PDU
header contains: version number (version of SNMP)
Community name (i.e., the shared password)
![Page 32: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/32.jpg)
Systems and
Network
Management SNMP 32
Message Format: the PDU
get, get-next, response, set PDUs all contain same fields
PDU type indicated operation (i.e., get, or set)
request ID associates request with response
Error status, index: show an error condition used in response only, zero otherwise
Variable Bindings: object ID and value. SNMP allows more than one OID/value pair to be sent together for
efficiency
![Page 33: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/33.jpg)
Systems and
Network
Management SNMP 33
get-bulk-request PDU
All fields same as other SNMP PDUs in v1, v2c, except Nonrepeaters and Max-repetitions
Nonrepeaters: Specifies the number of object instances in the variable bindings field that should be retrieved no more than once from the beginning of the request. used when some of the instances are scalar objects with only one variable.
Max-repetitions: Defines the maximum number of times that other variables beyond those specified by the non-repeaters field should be retrieved.
PDU
type ID
Request Object 1
Value 1
Object 2 Object n
Value n. . .
variable bindings
Value 2
Non-repetitions
Max-
repeaters
![Page 34: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/34.jpg)
Systems and
Network
Management SNMP 34
get-bulk-request
Get can request more than one MIB object But if agent cannot send it all back, sends error
message and no data
get-bulk-request tells agent to send as much of the response back as it can
Possible to send incomplete data
Requires two parameters: Nonrepeaters
Max-repetitions
![Page 35: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/35.jpg)
Systems and
Network
Management SNMP 35
get-bulk-request:
nonrepeaters, max-repetitions: 1
Nonrepeaters:
A number, N
Indicates first N objects can be retrieved with simple get-next operation
Max-repetitions:
A number, R
Can attempt up to R get-next operations to retrieve remaining objects
![Page 36: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/36.jpg)
Systems and
Network
Management SNMP 36
Trap
A trap has no response:
![Page 37: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/37.jpg)
Systems and
Network
Management SNMP 37
SNMP traps
Lets the agent tell the managersomething happened, e.g.,
A network interface is down on the device where the agent is installed
The network interface came back up
A call came in to the modem rack, but could not connect to any modem
A fan has failed
![Page 38: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/38.jpg)
Systems and
Network
Management SNMP 38
Trap Format: the PDU(V1)
Generic Trap Types coldStart(0)
warmStart(1)
linkDown(2)
linkUp(3)
authenticationFailure(4)
egpNeigborLoss(5)
enterpriseSepcific(6)
PDU
TYPE
ENTE
RPRIS
E
AGENT
ADDRES
S
GENERIC
TRAP
TYPE
SPECIFIC
TRAP
TYPE
TIMESTAMP VARBIND 1 VARBIND N
![Page 39: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/39.jpg)
Systems and
Network
Management SNMP 39
Trap Format: the PDU(V2)
linkUp NOTIFICATION-TYPEOBJECT {ifIndex}
STATUS current
DESCRIPTION ―…‖
PDU
TYPE
REQID Error
Status
Error Index SystemUpT
ime
SNMPTrapoi
d
VARBIND 1 VARBIND N
![Page 40: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/40.jpg)
Systems and
Network
Management SNMP 40
Traps and Inform: port 162
Other SNMP operations are on UDP port 161
trap and inform-request operations are on UDP port 162.
![Page 41: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/41.jpg)
Systems and
Network
Management SNMP 41
SNMP notification (v2, v3)
This is a macro that sends either a trap or an inform-request
Bilingual Manager
SNMP Proxy Server
![Page 42: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/42.jpg)
Systems and
Network
Management SNMP 42
Table Augmentation (SNMPV2)
Aggregate Objects – Single to Mutliple
Expansion by adding more columnar objects – When (1)
Number of conceptual rows not affected
One-to-One correspondence b/w the rows of the two tables
INDEX of second table –same as first.
![Page 43: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/43.jpg)
Systems and
Network
Management SNMP 43
Table Augmentation – ASN.1 construct table1Entry OBJECT-TYPE Base Table
SYNTAX TableT1Entry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION ―An entry in table T1‖
INDEX {T1.E1.C1}
::= (table 1}
table2Entry OBJECT-TYPE Augmented Table
SYNTAX TableT2Entry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION ―An entry in table T2‖
AUGMENTS {tableEntry}
::= (table2 1}
![Page 44: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/44.jpg)
Systems and
Network
Management SNMP 44
Table Augmentation (SNMPV2)
Dense Table
Large no of rows than the base table
Combined indices of both
INDEX CLAUSE – combined columnar objects as the index clause for the aggregate object.
Base Table & Dependent Table
![Page 45: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/45.jpg)
Systems and
Network
Management SNMP 45
Table Augmentation Dense Table – ASN.1 construct table1Entry OBJECT-TYPE Base Table
SYNTAX TableT1Entry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION ―An entry in table T1‖
INDEX {T1.E1.C1}
::= (table 1}
table2Entry OBJECT-TYPE Augmented Table
SYNTAX TableT2Entry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION ―An entry in table T2‖
INDEX {T1.E1.C1, T2.E2.C4}
::= (table2 1}
![Page 46: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/46.jpg)
Systems and
Network
Management SNMP 46
Table Augmentation (SNMPV2)
Sparce Table
Less no of rows than the base table.
INDEX of second table –same as first.
AUGMENT CLAUSE – Substitute with INDEX CLAUSE
![Page 47: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/47.jpg)
Systems and
Network
Management SNMP 47
Creation/Deletion of rows (SNMPV2)
Significant features of V2
Creation of rows
Create a row & make it active
Create a row & make it active later.
A new column – status column added to the tables.
![Page 48: SNMP and Network Management](https://reader031.vdocument.in/reader031/viewer/2022020623/61f0765b307fce3f732f65cf/html5/thumbnails/48.jpg)
Systems and
Network
Management SNMP 48
RowStatusState Enumeration Description
Active 1 Row exist & operational
notInService 2 Operation on the row is suspended
notReady 3 Row doesn‘t have all the columnar objects
createAndGo 4 One-step creation and become active
createAndWait 5 Row under creation;not to be commissioned
Destroy 6 Row deleted.