420 likes | 724 Views
2. Overview. ? We have covered the organization and information models of SNMPv1.? Here we will address the SNMPv1 communication and functional models? SNMPv1 does not formally define a functional model? What was the functional model?? Deals with the user oriented requirements: (configuration,
E N D
1. 1 SNMPCommunication and FunctionalModels
2. 2 Overview • We have covered the organization and information models of SNMPv1.
• Here we will address the SNMPv1 communication and functional models
• SNMPv1 does not formally define a functional model
– What was the functional model?
• Deals with the user oriented requirements: (configuration, fault, performance, security, and accounting)
– The functions are actually built in the community based access policy of the SNMP administrative model
3. 3 SNMP Architecture
4. 4 SNMP Messages Get-Request
Get-Next-Request
Set-Request
Get-Response
Trap
Generic trap
Specific trap
5. 5 SNMP Trap Messages • Generic trap
– coldStart
– warmStart
– linkDown
– linkUp
– authenticationfailure
– egpNeighborLoss
– enterpriseSpecific
• Specific trap
– for special measurements such as statistics
• Time stamp: Time since last initialization
6. 6 Administrative Model Based on community profile and policy
SNMP Entities:
SNMP application entities - Reside in management stations and network elements - Manager and agent
SNMP protocol entities - Communication processes (PDU handlers) - Peer processes that support application entities
7. 7 SNMP Community Security in SNMPv1 is community-based
Authentication scheme in manager and agent
Community: Pairing of two application entities
Community name: String of octets
Two applications in the same community communicate with each other
Application could have multiple community names
Communication is not secured in SNMPv1 - no encryption
8. 8 SNMP Community Community
Relationship between an Agent and Managers.
Community Name
Used to validate the SNMP messages.
SNMP Password.
Default ‘Get’ community name: “public”.
Authentication Failure
Agent sends “Authentication Failure Trap” to Manager.
9. 9 SNMP Community
10. 10 Community Profile MIB view
An agent is programmed to view only a subset of managed objects of a network element
Access mode
Each community name is assigned an access mode:: read-only and read-write
Community profile = MIB view + access mode
Operations on an object determined by community profile and the access mode of the object
Total of four access privileges
Some objects, such as table and table entry are non-accessible
11. 11 Community Profile
12. 12 Access Policy Administration model is SNMP access policy
SNMP community paired with SNMP community profile is SNMP access policy
13. 13 Access Policy
14. 14
15. 15 Proxy Access Policy
16. 16 Protocol Entities
17. 17 Default UDP Ports for SNMP
18. 18 Protocol Entities
19. 19 SNMP Message SNMP Message
Version Identifier
Community Name
Protocol Data Unit
The length of SNMP messages should not exceed 484 octets.
20. 20 SNMP PDUs
21. 21 SNMP PDU PDU ::= SEQUENCE {
request-id INTEGER,
error-status INTEGER {
noError(0),
tooBig(1),
noSuchName(2),
badValue(3),
readOnly(4),
genErr(5)},
error-index INTEGER,
variable-bindings
SEQUENCE OF {
name ObjectName,
value ObjectSyntax
}
}
22. 22 SNMP PDU (cont.)
23. 23
24. 24 Trap-PDU
25. 25 Trap Type
26. 26 Generic Trap Example Enterprise: .1.3.6.1.4.1.311.1.1.3.1.1
Agent-Address: 10.10.13.137
Generic-Trap: 4
Specific-Trap: 0
Timestamp: 29756264
#VarBinds: 0
27. 27 Enterprise-Specific Traps Traps defined by enterprises
Identification of Enterprise-Specific Traps
Enterprise ? Enterprise OID
Generic-Trap ? 6
Specific-Trap ? an Integer
28. 28 Enterprise Trap Example Enterprise: .1.3.6.1.4.1.522
Agent-Address: 10.10.13.24
Generic-Trap: 6
Specific-Trap: 4
Timestamp: 143739963
VariableBindings: (4)
.1.3.6.1.4.1.522.3.14.23.1.2.11687128: 02:18:25
.1.3.6.1.4.1.522.3.14.23.1.3.11687128: 14
.1.3.6.1.4.1.522.3.14.23.1.4.11687128:
(Info): Station 00092d142581 Associated
.1.3.6.1.4.1.522.3.14.23.1.5.11687128: AssociationOK
29. 29
30. 30 Get-Next Request
31. 31 Get-Next Request
32. 32
33. 33
34. 34 Get-Next Requests with Indices
35. 35 SNMP Get-Request Example >>snmpget -d 10.144.18.118 .1.3.6.1.2.1.1.1.0
Transmitted 41 bytes to camry (10.144.18.118) port 161:
Initial Timeout: 0.80 seconds
0: 30 27 02 01 00 04 06 70 75 62 6c 69 63 a0 1a 02 0'.....public...
16: 02 18 bc 02 01 00 02 01 00 30 0e 30 0c 06 08 2b .........0.0...+
32: 06 01 02 01 01 01 00 05 00 -- -- -- -- -- -- -- ................
0: SNMP MESSAGE (0x30): 39 bytes
2: INTEGER VERSION (0x2) 1 bytes: 0 (SNMPv1)
5: OCTET-STR COMMUNITY (0x4) 6 bytes: "public"
13: GET-REQUEST-PDU (0xa0): 26 bytes
15: INTEGER REQUEST-ID (0x2) 2 bytes: 6332
19: INTEGER ERROR-STATUS (0x2) 1 bytes: noError(0)
22: INTEGER ERROR-INDEX (0x2) 1 bytes: 0
25: SEQUENCE VARBIND-LIST (0x30): 14 bytes
27: SEQUENCE VARBIND (0x30): 12 bytes
29: OBJ-ID (0x6) 8 bytes: .1.3.6.1.2.1.1.1.0
39: NULL (0x5) 0 bytes
36. 36 SNMP Get-Response Example Received 69 bytes from 10.144.18.118 port 161:
0: 30 43 02 01 00 04 06 70 75 62 6c 69 63 a2 36 02 0C.....public.6.
16: 02 18 bc 02 01 00 02 01 00 30 2a 30 28 06 08 2b .........0*0(..+
32: 06 01 02 01 01 01 00 04 1c 53 75 6e 20 53 4e 4d .........Sun SNM
48: 50 20 41 67 65 6e 74 2c 20 53 55 4e 57 2c 55 6c P Agent, SUNW,Ul
64: 74 72 61 2d 31 -- -- -- -- -- -- -- -- -- -- -- tra-1...........
0: SNMP MESSAGE (0x30): 67 bytes
2: INTEGER VERSION (0x2) 1 bytes: 0 (SNMPv1)
5: OCTET-STR COMMUNITY (0x4) 6 bytes: "public"
13: RESPONSE-PDU (0xa2): 54 bytes
15: INTEGER REQUEST-ID (0x2) 2 bytes: 6332
19: INTEGER ERROR-STATUS (0x2) 1 bytes: noError(0)
22: INTEGER ERROR-INDEX (0x2) 1 bytes: 0
25: SEQUENCE VARBIND-LIST (0x30): 42 bytes
27: SEQUENCE VARBIND (0x30): 40 bytes
29: OBJ-ID (0x6) 8 bytes: .1.3.6.1.2.1.1.1.0
39: OCTET-STR (0x4) 28 bytes: "Sun SNMP Agent, SUNW,Ultra-1"
system.sysDescr.0 : DISPLAY STRING- (ascii): Sun SNMP Agent, SUNW,Ultra-1
37. 37 SNMP-Walk- Use of SNMP Get-Next Request snmpwalk 10.144.18.118 .1.3.6.1.2.1.1
system.sysDescr.0 : DISPLAY STRING- (ascii): Sun SNMP Agent, SUNW,Ultra-1
system.sysObjectID.0 : OBJECT IDENTIFIER: .iso.org.dod.internet.private.enterprises.42.2.1.1
system.sysUpTime.0 : Timeticks: (198219958) 22 days, 22:36:39.58
system.sysContact.0 : DISPLAY STRING- (ascii): lino@ms.chttl.com.tw
system.sysName.0 : DISPLAY STRING- (ascii): camry
system.sysLocation.0 : DISPLAY STRING- (ascii): Information Technology Laboratory 3F
system.sysServices.0 : INTEGER: 72 (01001000)B
38. 38 SNMP Trap Example Transmitted 64 bytes to 10.144.18.100 port 162:
0: 30 3e 02 01 00 04 06 70 75 62 6c 69 63 a4 31 06 0>.....public.1.
16: 09 2b 06 01 04 01 84 64 01 01 40 04 0a 90 12 74 .+.....d..@....t
32: 02 01 06 02 03 01 86 9f 43 01 00 30 13 30 11 06 ........C..0.0..
48: 04 2b 06 01 01 04 09 54 72 61 70 20 74 65 73 74 .+.....Trap test
0: SNMP MESSAGE (0x30): 62 bytes
2: INTEGER VERSION (0x2) 1 bytes: 0 (SNMPv1)
5: OCTET-STR COMMUNITY (0x4) 6 bytes: "public"
13: V1-TRAP-PDU (0xa4): 49 bytes
15: OBJ-ID ENTERPRISE (0x6) 9 bytes: .1.3.6.1.4.1.612.1.1
26: IPADDRESS AGENT-ADDR (0x40) 4 bytes: 10.144.18.116
32: INTEGER GENERIC-TRAP (0x2) 1 bytes: 6
35: INTEGER SPECIFIC-TRAP (0x2) 3 bytes: 99999
40: TIMETICKS TIME-STAMP (0x43) 1 bytes: 0 (0x0)
43: SEQUENCE VARBIND-LIST (0x30): 19 bytes
45: SEQUENCE VARBIND (0x30): 17 bytes
47: OBJ-ID (0x6) 4 bytes: .1.3.6.1.1
53: OCTET-STR (0x4) 9 bytes: "Trap test"
39. 39 Get System Information Get “System Group” of MIB II
Use get_request or get_next_request
sysDescr .1.3.6.1.2.1.1.1.0
sysObjectID .1.3.6.1.2.1.1.2.0
sysUptime .1.3.6.1.2.1.1.3.0
sysContact .1.3.6.1.2.1.1.4.0
sysName .1.3.6.1.2.1.1.5.0
sysLocation .1.3.6.1.2.1.1.6.0
40. 40 Get Interface Information Get “Interface Group” of MIB II
Repeatedly Use “get_next_request”
Note: We don’t know the ifIndex values in ifTable.
First get the next object of .ifTable.ifEntry.0
Then repeatedly “get_next”
Until the whole subtree is visited.
41. 41 Traffic Monitoring Get “ifInOctets” and “ifOutOctets” of MIB II Interface Group
t1: C1 t2: C2
42. 42
43. 43