1 / 86

《计算机网络管理》 主讲教师:王继龙 清华大学信息网络工程研究中心 wjl@cernet

《计算机网络管理》 主讲教师:王继龙 清华大学信息网络工程研究中心 wjl@cernet.edu.cn. 本节内容. SNMP Overview(Cont.) 下节课讨论准备 第一次作业情况. SNMP 应用. 配置管理 拓扑结构发现 网络划分信息获取 节点设备类型、分布、设置信息获取 故障管理(邹焕英) 线路故障监控 节点故障监控 协议故障监控 性能(宋驰)(菅骁翔) 流量监控 协议监控 诊断监控 用户行为监控 计费管理(陈鹏宇 钟华强) 用户数据采集. 第三章 SNMP. SNMP 的管理模型 SNMP 协议及协议的操作

bart
Download Presentation

《计算机网络管理》 主讲教师:王继龙 清华大学信息网络工程研究中心 wjl@cernet

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 《计算机网络管理》 主讲教师:王继龙 清华大学信息网络工程研究中心 wjl@cernet.edu.cn

  2. 本节内容 • SNMP Overview(Cont.) • 下节课讨论准备 • 第一次作业情况 wjl@cernet.edu.cn

  3. SNMP应用 • 配置管理 • 拓扑结构发现 • 网络划分信息获取 • 节点设备类型、分布、设置信息获取 • 故障管理(邹焕英) • 线路故障监控 • 节点故障监控 • 协议故障监控 • 性能(宋驰)(菅骁翔) • 流量监控 • 协议监控 • 诊断监控 • 用户行为监控 • 计费管理(陈鹏宇 钟华强) • 用户数据采集 wjl@cernet.edu.cn

  4. 第三章 SNMP • SNMP的管理模型 • SNMP协议及协议的操作 • SNMP的管理信息库 • SNMP的发展 • RMON • 举例 wjl@cernet.edu.cn

  5. SNMP Overview 体系结构 Agent/Server Protocol Client/APP MIB定义 GET SNMP命令 MIB实现 协议栈 SET 标准MIB 协议栈 Trap 私有MIB SNMP SNMP UDP UDP wjl@cernet.edu.cn

  6. SNMP Overview • 管理信息的定义——MIB • 管理信息的采集和提供——Agent/Server • 管理信息的传输——SNMP 协议 • 管理信息的收集和利用——Client/Application wjl@cernet.edu.cn

  7. MIB • 树状数据库 • 结构由SMI定义(RFC1155) ,用ASN.1描述 • 良好的可扩展性 wjl@cernet.edu.cn

  8. wjl@cernet.edu.cn

  9. Agent • 路由器 • 交换机 • 服务器 • 其它提供SNMP服务(请求应答)的设备 wjl@cernet.edu.cn

  10. Client/Application • 实现了SNMP命令 • 理解:ftp协议和ftp命令 • 例:snmpwalk –v 1 166.111.0.1 public 1.3.6.1.2.1.1.1 • SNMP请求的发起者 • Agent也可能向其他Agent发出SNMP请求,此时他的角色就是Client。如一台Linux主机实现了SNMP Agent,同时又安装了网络管理系统。 • Client也可能提供SNMP请求的应答,此时其角色是Agent。如上面的例子。 wjl@cernet.edu.cn

  11. 管理信息的传输——Protocol • SNMP数据请求 • GET • GET NEXT • SNMP数据操作 • SET • SNMP应答 • Response • 事件发生(主动消息发生) • Trap wjl@cernet.edu.cn

  12. SNMP v2 • 背景——LIMITATIONS OF SNMPv1 • 体系结构 • 特点 • 原理和操作 wjl@cernet.edu.cn

  13. LIMITATIONS OF SNMPv1 • LIMITED ERROR CODES • LIMITED DATA TYPES • LIMITED NOTIFICATIONS • LIMITED PERFORMANCE • TRANSPORT DEPENDENCE • LACK OF HIERARCHIES • LACK OF SECURITY wjl@cernet.edu.cn

  14. New Features • IMPROVED COMMUNICATION MODEL • TRAPS HAVE SAME FORMAT AS OTHER PDUS • GET-BULK PDU • ADDITIONAL ERROR CODES FOR SETS • TWO SECURITY MODELS • SNMPv2C: COMMUNITY BASED • SNMPv2U: USER BASED • INDEPENDENCE OF UNDERLYING TRANSPORT • MIB-II SPLIT INTO MODULES • IMPROVED INFORMATION MODEL (SMIv2) • ADDITIONAL DATA TYPES • TEXTUAL CONVENTIONS • E.G. ROW STATUS • NOTIFICATIONS wjl@cernet.edu.cn

  15. Stories • History • HIERARCHIES TO DISMAN • SECURITY TO SNMPv3 wjl@cernet.edu.cn

  16. l l d d d d d d l l r r r r u u e e f f a a a a s s d d d d o o n n n n p p a a a a o o t t t t r r s s s s p p t t d d d d d d f f r r r r e e a a a a a a r r s s d d d d d d o o n n n n p p a a a a o o t t t t r r s s s s p p SNMP SNMP security security SMP SMP SNMP/SMI v1 SNMP/SMI v1 l l d d l l r r u u f f a a d d n n a a t t s s SMIv2 SMIv2 t t d d f f r r a a a a r r d d d d n n a a t t s s parties parties community community SNMPv2 SNMPv2 . . * * c c . . 2 2 . . e e V V s s U U 2 2 V V SNMPv3 SNMPv3 DISMAN DISMAN 1990 1990 1991 1991 1992 1992 1993 1993 1994 1994 1995 1995 1996 1996 1997 1997 1998 1998 1999 1999 2000 2000 HISTORY OF SNMPv2 wjl@cernet.edu.cn

  17. HIERARCHIES: ORIGINAL IDEA WORK HAS MOVED TO A SEPARATE DISTRIBUTED MANAGEMENT GROUP (DISMAN) wjl@cernet.edu.cn

  18. SNMPv2 SECURITY: WHAT HAPPENED? • APRIL 1993 • PROPOSED STANDARD • FOUR EDITORS • SECURITY BASED ON PARTIES • FIRST PROTOTYPES APPEARED SOON • JUNE 1995 • PROPOSED STANDARD REJECTED BY TWO OF THE ORIGINAL EDITORS! • AUGUST 1995 • GENERAL AGREEMENT THAT PARTY BASED MODEL WAS TOO COMPLEX! • MANY NEW PROPOSALS APPEARED • 1997 • NEW SNMPv3 WORKING GROUP WAS FORMED • WITH NEW EDITORS wjl@cernet.edu.cn

  19. SNMPv2 PROTOCOL OPERATIONS wjl@cernet.edu.cn

  20. GET • SIMILAR TO SNMPv1, EXCEPT FOR "EXCEPTIONS" • POSSIBLE EXCEPTIONS: • • noSuchObject • • noSuchInstance • EXCEPTIONS ARE CODED WITHIN THE VARBINDS • EXCEPTIONS DO NOT RAISE ERROR STATUS AND INDEX wjl@cernet.edu.cn

  21. GET-NEXT • SIMILAR TO SNMPv1, EXCEPT FOR "EXCEPTIONS" • POSSIBLE EXCEPTIONS: • endOfMibView • EXAMPLE • getNext(1.4.0) • response(error-status => noError, 1.4.0 => endOfMibView) wjl@cernet.edu.cn

  22. GET-BULK • NEW IN SNMPv2 • TO RETRIEVE A LARGE NUMBER OF VARBINDS • IMPROVES PERFORMANCE! wjl@cernet.edu.cn

  23. GET-BULK • getBulk REQUEST HAS TWO ADDITIONAL PARAMETERS: • non-repeators • max-repetitions • THE FIRST N ELEMENTS (non-repeators) OF THE VARBIND LIST ARE TREATED AS IF THE OPERATION WAS A NORMAL getnext OPERATION • THE NEXT ELEMENTS OF THE VARBIND LIST • ARE TREATED AS IF THE OPERATIONCONSISTED OF A NUMBER (max-repetitions) OF REPEATED getnext OPERATIONS wjl@cernet.edu.cn

  24. GET-BULK wjl@cernet.edu.cn

  25. GET-BULK EXAMPLE • getBulk(max-repetitions = 4; 1.1) response( 1.1.0 => 130.89.16.2 1.2.1.0 => printer-1 1.2.2.0 => 123456 1.3.1.1.2.1 => 2 ) • getBulk(max-repetitions = 3; 1.3.1.1; 1.3.1.2; 1.3.1.3) response( 1.3.1.1.2.1 => 2; 1.3.1.2.2.1 => 1; 1.3.1.3.2.1 => 2 1.3.1.1.3.1 => 3; 1.3.1.2.3.1 => 1; 1.3.1.3.3.1 => 3 1.3.1.1.5.1 => 5; 1.3.1.2.5.1 => 1; 1.3.1.3.5.1 => 2 ) wjl@cernet.edu.cn

  26. SET • SIMILAR TO SNMPv1 • CONCEPTUAL TWO PHASE COMMIT: • PHASE 1: PERFORM VARIOUS CHECKS • PHASE 2: PERFORM THE ACTUAL SET • MANY NEW ERROR CODES ARE DEFINED wjl@cernet.edu.cn

  27. NEW ERROR CODES FOR SETS wjl@cernet.edu.cn

  28. TRAP • SNMPv1: COLD START WARM START LINK DOWN LINK UP AUTHETICATION FAILURE EGP NEIGHBOR LOSS • SNMPv2: • MIBs MAY NOW INCLUDE NOTIFICATION TYPE MACROS • FIRST TWO VARBINDS: sysUptime AND snmpTrapOID • USES SAME FORMAT AS OTHER PDUs wjl@cernet.edu.cn

  29. INFORM • CONFIRMED TRAP • ORIGINALLY TO INFORM A HIGHER LEVEL MANAGER • SAME FORMAT AS TRAP PDU • POSSIBLE ERROR: tooBig wjl@cernet.edu.cn

  30. TRANSPORT DEPENDANCE • SNMPv1: • UDP • SNMPv2: • UDP • CLNS (OSI) • DDP (APPLETALK) • IPX wjl@cernet.edu.cn

  31. SNMPv2 RFCs • COMMUNICATION MODEL • DRAFT STANDARD • RFC 1905, RFC1906 • SECURITY MODEL - SNMPv2C: • COMMUNITY BASED SNMP • SAME ‘SECURITY MECHANISMS’ AS SNMPv1 • EXPERIMENTAL STATUS • RFC 1901 • SECURITY MODEL - SNMPv2U: • USER BASED SECURITY (AUTHENTICATION / ENCRYPTION / ACCESS CONTROL) • EXPERIMENTAL STATUS • RFC 1909, RFC1910 • INFORMATION MODEL: • STANDARD • RFC2578, RFC2579, RFC2580 wjl@cernet.edu.cn

  32. SNMPv3 • 背景 • 体系结构 • 特点 • 原理和操作 wjl@cernet.edu.cn

  33. DESIGN DECISIONS • ADDRESS THE NEED FOR SECURY SET SUPPORT • DEFINE AN ARCHITECTURE THAT ALLOWS FOR LONGEVITY OF SNMP • ALLOW THAT DIFFERENT PORTIONS OF THE ARCHITECTURE • MOVE AT DIFFERENT SPEEDS TOWARDS STANDARD STATUS • ALLOW FOR FUTURE EXTENSIONS • KEEP SNMP AS SIMPLE AS POSSIBLE • ALLOW FOR MINIMAL IMPLEMENTATIONS • SUPPORT ALSO THE MORE COMPLEX FEATURES,WHICH ARE REQUIRED IN LARGE NETWORKS • RE-USE EXISTING SPECIFICATIONS, WHENEVER POSSIBLE wjl@cernet.edu.cn

  34. SNMPv3 ARCHITECTURE wjl@cernet.edu.cn

  35. SNMPv3 ARCHITECTURE: MANAGER wjl@cernet.edu.cn

  36. SNMPv3 ARCHITECTURE: AGENT wjl@cernet.edu.cn

  37. CONCEPTS: snmpEngineID wjl@cernet.edu.cn

  38. PRIMITIVES BETWEEN MODULES wjl@cernet.edu.cn

  39. sendPdu wjl@cernet.edu.cn

  40. prepareOutgoingMessage wjl@cernet.edu.cn

  41. generateRequestMsg wjl@cernet.edu.cn

  42. send / receive wjl@cernet.edu.cn

  43. prepareDataElements wjl@cernet.edu.cn

  44. processIncomingMsg wjl@cernet.edu.cn

  45. processPd wjl@cernet.edu.cn

  46. isAccessAllowed wjl@cernet.edu.cn

  47. returnResponsePdu wjl@cernet.edu.cn

  48. prepareResponseMessage wjl@cernet.edu.cn

  49. generateResponseMsg wjl@cernet.edu.cn

  50. send / receive wjl@cernet.edu.cn

More Related