1.02k likes | 1.53k Views
Simple Network Management Protocol (SNMP). Contents. Define and describe the functions of managed devices, agents, and NMSs in an SNMP managed network Describe the four key SNMP commands Read, Write, Trap, and Traversal operations
E N D
Contents • Define and describe the functions of managed devices, agents, and NMSs in an SNMP managed network • Describe the four key SNMP commands • Read, Write, Trap, and Traversal operations • Define and describe the functions of the MIB, managed objects, and object identifiers • Abstract Syntax Notation One (ASN.1) • Discuss ASN.1 and its function in network management • Identify the function of ASN.1 in relation to SNMP • Identify the key differences between SNMPv1, SNMPv2 and SNMPv3 in the area of protocol operations
SNMP Overview • An application layer protocol that facilitates the exchange of management information between network devices. • Part of the Transmission Control Protocol/ Internet Protocol (TCP/IP) protocol suite. • Allows network administrators to manage network performance, find and solve network problems, and plan for network growth. • In 1988, the Internet Activities Board (IAB) committee proposed the SNMP as the short-term solution for network management. • Since then, the simple structure and good performance of SNMP has make it popular around the world. It is likely that SNMP will be a long-term solution.
Popularity of SNMP • Simplicity: easy to learn and inexpensive to implement, no rigid administrative structure • Wide industry Support: support network using TCP/IP, because of popularity of Internet, hundreds of vendors supports SNMP • Efficient use of resource: requires low memory and CPU cycles • Standardization and stability: a standard supported by IAB and is a relatively stable protocol • Centralized administration: based on query-response mechanism, allow administrator to manage a large network from one location • Portability: enables transparent management on devices which can be hardware and software.
SNMP Basic Components • Key components of a SNMP managed network are: • Management Entity (manager) • Managed Device • Agent • Management database
Network Management Entity • An network management entity (manager) executes SNMP client applications that monitor and control managed devices. • They provide the bulk of the processing and memory resources required for network management. • One or more NMSs must exist on any managed network. • Many NMS are available in the market • usually support both Unix and Windows • support both command line and GUI • Command line interface: Microsoft SNMPUTIL • GUI: SunNet Manager, HP OpenView • support FCAPS model
Common NMS applications • Popular NMS supporting SNMP • WhatsUp Gold: pupular, low cost, simple. Buddle with Cisco NMS • Scotty: popular in Unix/Linux. Written in TCL/TK. Support both SNMPv1, SNMPv2 and SNMPv3 • HP OpenView: industrial standard. Enterprise grade NMS, support 3rd party tools. e.g. Synoptics Optivity Tools to improve NM functionality of Synoptics devices • IBM Netview: developed in 1986. mainly to support IBM mainframes • SunNet Manager: use proxy agent to gather information about non-Sun machines.
Managed Device • a network node that contains an agent that run SNMP server program. • collects and stores management information and make this information available to network management systems (NMSs) using SNMP. • a.k.a network elements, can be routers and access servers, switches and bridges, hubs, computer hosts, or printers
Agent • An agent is a network management software module that resides in a managed device. • It is basically a SNMP server program • keep network information in its database • translates that information into a form compatible with SNMP • send warning to NM manager if there is an unusual situation
Versions of SNMP • SNMP Version 1 (SNMPv1) • SNMP Version 2 (SNMPv2) • Both versions have a number of features in common. • SNMPv2 offers such enhancements as additional protocol operations
SNMP Basic Commands Managed devices are monitored and controlled using 3 basic SNMP commands: • Read • GetRequest • Traversal Operations • GetNext • GetBulk (in SNMPv2) • Write • SetRequest
SNMP Read • The read command is used by a network management system (NMS) to monitor managed devices. • For instance, application programs in Linux (e.g. net-SNMP) such as: • Snmpget – specifies a single variable by name, i.e. system.sysDescr • Get at ip X, OID=1.3.6.1.2.1.1.1 • Response return value “cisco 5505” • Snmpwalk – reads a portion of the MIB sub-tree from a device
SNMP Write • The write command is used by an NMS to control managed devices. • The NMS changes the values of variables stored within managed devices. • Snmpset • $ /opt/OV/bin/snmpset -c private orarouter1 .1.3.6.1.2.1.1.4.0 \ • octetstring "Meg A. Byte 555-1212" • system.sysContact.0 : DISPLAY STRING- (ascii): Meg A. Byte 555-1212
SNMP Traps • The trap command is used by managed device to asynchronously report events to the NMS. • When certain types of events occur, a managed device sends a trap to the NMS • 7 Trap Types are defined • coldStart (0) authenticationFailure (4) • warmStart (1) egpNeighborLoss (5) • linkDown (2) enterpriseSpecific (6) • linkUp (3)
SNMP Traps (2) • agent send the trap in the following situation • coldStart (0) • Agent send the trap when initializing itself • warmStart (1) • agent send the trap when re-initalizing itself • linkDown (2) • specific link on the source device has failed • linkUp (3) • specific link on the source device has come up
SNMP Traps (3) • authenticationFailure (4) • agent determines that a request does not provide proper authentication (e.g. wrong SNMP community string) • egpNeighborLoss (5) • agent report the loss of an EGP neighbor • enterpriseSpecific (6) • implemented by a vendor to provide additional functionality that complements the generic traps.
SNMP - Traversal Operations • Traversal operations are used by the NMS to determine which variables a managed device supports and to sequentially gather information in variable tables (such as a routing table). • Snmpget-next – specifies OID, but value returned is next lexicographic OID and its value • Get-next sysDescr, and you get sysObjectId • Get-next sysObjectId and you get sysUpTime
SMI overview • For manager / agent paradigm, managed network objects must be logically accessible • Management information must be stored in such a way it can be easily retrievable and modifiable • SNMP performs the retrieval and modification • SMI determine the way information is organized • SMI is a master document explains how the name, structure, and encode SNMP management information • SMI states each managed object must satisfy the following requirements: • must have a name, syntax and encoding
SMI functions • to name objects • Name: MIB composes of a sequence of identifier which can uniquely identifies the object • to define the type of data that can be stored in an object • Syntax: defines the data type (or grammar) of a object, such as an integer, a string of a octets • to show how to encode data for transmission over the network • Encoding: describe how information associated with the managed objects is serialized for transmission between machines
SNMP and SMI • SMI’s implementation in SNMP • The names used for called object identifier (OID) – a human readable format • The syntax used for SNMP is called ASN.1 • The encoding used for SNMP is called BER (Basic Encoding Rules)
ITU 0 ITU-iso 2 iso 1 org 3 dod 6 internet 1 mgmt 2 experimental 3 private 4 directory 1 mib 1 enterprise 1 cisco 9 Object Name: OID and OID tree root (unamed) • An object identifier (or object ID) uniquely identifies a managed object in the MIB hierarchy. • The MIB hierarchy can be depicted as a tree, with a nameless root, the levels of which are assigned by different organizations. • MIB is a collection of OID that is organized hierarchically. • define the properties of the managed object • iso.org.dod.internet.mgmt.mib <=>1.3.6.1.2.1
Data type - ASN.1 • The 2nd attribute of an object is the data type. • SMI uses some fundamental of ASN.1 definitions but also adds some new definitions • Abstract Syntax Notation One (ASN.1) is a language that consistently represents the managed objects of a Management Information Base (MIB) in a machine-independent format. • ASN.1 uses variables and statement similar to that other programming language. • can be considered as a meta-language • provide a vendor-neutral, cross-platform standard-based languages that allows developers to describe the workings of protocols, systems and machines. • ASN.1 is the basis for a human-readable syntax of MIB tree • The use of a consistent language like ASN.1 allows different types of computers to successfully share information between computers more efficient
ASN.1 (2) • ASN.1 is a data representation format used by SNMP to create actual MIB object • ASN.1 existed long before SNMP, MIB of SNMP was developed to make the full advantages of ASN.1 • ASN.1 is defined as part of the Open Systems Interconnection (OSI) specification described in the ISO 8824 standard. • Management protocols, such as the SNMP, use ASN.1 to define both the packets exchanged by the management protocol and the objects that are to be managed.
Types of Managed Objects • simple type • scalar object • define a single object instance. • 1st three taken directly from ASN.1, the four other added by SMI • Integer (4 bytes) • String (variable) • ObjectIdentifier (variable) • IPAddress (4 bytes) • Counter (4 bytes) • Gauge (4 bytes) • TimeTicks (4 bytes) • structured type • combine simple and structured data types • SMI define TWO structured data types: sequence and sequence of • Sequence: A sequence data type is a combination of simple data types. (c.f. a record used in C) • Sequence of: A sequence of data type is a combination of simple type (of the same types). (c.f. array in C)
Simple data type • Simple Data Type : three simple data types defined in the ASN.1, all of which are unique values, the other four defined by SMI: • Integers – These values are signed integers in the range of -2,147,483,648 to 2,147,483,647. • Octet strings – These strings are an ordered sequence of zero to 65,535 octets. • Object IDs – These values are from the set of all object identifiers allocated according to the rules specified in ASN.1. • Network addresses - A Network addresses represent an address from a particular protocol family. SNMPv1 supports only 32-bit IP addresses. • Counters - Counters are nonnegative integers that increase until they reach a maximum value, and then return to zero. In SNMPv1, a 32-bit counter size is specified. • Gauges - Gauges are nonnegative integers that can increase or decrease, but retain the maximum value reached. • Time ticks - A time tick represents a hundredth of a second since some event.
Encoding method • SMI user Basic Encoding Rules (BER), to encode data to be transmitted over the network. • Data encoded into 3 parts • Tag (1 byte) - 3 sub-field • class (2 bit), format (1 bit), and number (5 bit) • Length • one or more bytes • Value • code the value of data according to rules defined in BER
Encoding Tag • Tag: 1 byte • Class (2bit) + format (1bit) + Number (5 bit) Data type class format Number Tag (bin) Tag(Hex) Integer 00 0 00010 00000010 02 String 00 0 00100 00000100 04 OID 00 0 00110 00000110 06 Sequence, 00 1 10000 00110000 30 sequence of IPAddress 01 0 00000 01000000 40 Counter 01 0 00001 01000001 41 Gauge 01 0 00010 01000010 42 TimeTics 01 0 00011 01000011 43
SMI encoding method for Tag • based on Basic Encoding Rule (BER), to encode data to be transmitted over the network • format • tag: 1 byte. Class (2bit) + format (1bit) + Number (5 bit) • length: 1 or more byte. • value: depends of the object
Encoding length • The length field is one or more bytes. • If it is one byte, the most significant bit must be 0. The other 7 bits define the length of the data • If it is more than one byte, the MSB of the first byte must be 1. The other 7 bits of the first byte define the number of bytes needed to be define the length. sequence of
Encoding Value • The value field codes the value of the data according to the rules defined in BER • The followings are examples that show how these 3 fields: tag, length and value are encoded
SMI encoding method : examples • For example: integer 14 • 02 04 0 0 0 0E Integer + 4 byte value + 0 0 0 14 • For example : message “HI” • 04 02 48 49 String + 2 byte value + “H” + “I” • format : OID 1.3.6.1 • 06 04 01 03 06 01 • format : IPAddress 131.21.14.8 • 40 04 83 15 0E 08 tag length value
Encoding exercise Show how the following array (sequence of) integer is encoded 2345 1236 122 1236 See note page for answer
Encoding exercise #2 • Show how following record (sequence) is encoded • Integer String IP Address • 2345 “COMPUTER” 185.32.1.5 • See answer in note page
MIB • MIB is another key component used in network management • Object Name / Descriptor • objects in MIB are categorized under 11 different group (only 8 in SNMPv1)
MIB-I • MIB-I • developed in 1988 (RFC1156 and RFC1212). • defined more than 100 configurable managed objects • 8 object groups • system object group (1.3.6.1.2.1.1) • Interface object group (1.3.6.1.2.1.2) • Address translation object group (1.3.6.1.2.1.3) • IP object group (1.3.6.1.2.1.4) • ICMP object group (1.3.6.1.2.1.5) • TCP object group (1.3.6.1.2.1.6) • UDP object group (1.3.6.1.2.1.7) • EGP object group (1.3.6.1.2.1.8)
MIB-II • developed in 1990 (RFC 1158 and RFC 1213) • A total of 11 object groups and contains 171 objects • superset of MIB-I and provide additional functionality required SNMPv2 • New object group in MIB-II • Transmission object group (1.3.6.1.2.1.10) • SNMP object group (1.3.6.1.2.1.11)
Details of MIB objects • Here are some example of key groups (5 other are not described here) • System Group 1.3.2.1.2.1.1 • Give information about the whole system • sysDesc, SysObjectID, sysUpTime, sysContact, sysName, SysLocation, sysService • Interface Group 1.3.2.1.2.1.2 • Give infomration about the interface • inNumber -> ifIndex, ifDescr … InOutLen, ifSpecific (total 22) • IP Group 1.3.2.1.2.1.4 • Defines the pieces of information kept by the IP packet • ipForwarding, ipDefaultTTL, ipInReceive, ipInHdrErrors … ipFragCreates, ipRoutingDiscards (total 20) + ipAddrTable (5 sub varables)+ ipRouteTable (13 sub-variables)+ipNetMedia (3 sub variables) • ICMP Group 1.3.2.1.2.1.5 • ICMP group stores information about the ICMP package • icmpInMsgs, icmpInErrors, … icmpOutAddrMaskReps (total 26) • TCP Group 1.3.2.1.2.1.6 • TCP group stores information about the TCP segments • tcpRtoAlgroithm, tcpRtoMin, … tcpOutRsts (total 14)+ tcpConnState (5 sub-variables) • UDP Group 1.3.2.1.2.1.7 • UDP group stores information about the UDP datagram • udpInDatagram, UdpNoPorts, udpInErrors, udpOutDatagrams (total 4) + udpTables (2 sub variables)
Access MIB variables from udp group (2) • Use UDP group (1.3.6.1.2.1.7) as an example • 4 simple variables • 1 sequence of (table) • udpInDatagram 1.3.6.1.2.1.7.1 • udpNoPort 1.3.6.1.2.1.7.2 • udpInError 1.3.6.1.2.1.7.3 • udpOutDatagram 1.3.6.1.2.1.7.4 • udpTable 1.3.6.1.2.1.7.5 • udpEntry 1.3.6.1.2.1.7.5.1 • udpLocal Address 1.3.6.1.2.1.7.5.1.1 • udpLocal Port 1.3.6.1.2.1.7.5.1.2 1.3.6.1.2.1.7.1 1.3.6.1.2.1.7.2 1.3.6.1.2.1.7.3 1.3.6.1.2.1.7.4 1.3.6.1.2.1.7.5
Access MIB instance • OID only define variable, not the instance (contents) • to show the instance or the contents of each variable • add instance suffix • for simple variable : add a zero • To access the instance (or the contents) of udp group, use the following: • udpInDatagrams.0 => 1.3.6.1.2.1.7.1.0 • udpNoPort.0 => 1.3.6.1.2.1.7.2.0 • udpInError.0 => 1.3.6.1.2.1.7.3.0 • udpOutDatagram.0 => 1.3.6.1.2.1.7.4.0
Access MIB instance (2) • To identify a udp table • udpTable => 1.3.6.1.2.1.7.5 • udpEntry => 1.3.6.1.2.1.7.5.1 • udpLocalAddress => 1.3.6.1.2.1.7.5.1.1 • udpLocalPoart => 1.3.6.1.2.1.7.5.1.2 • There are many udp entries, to access to each of these entries, use the index. • In MIB, the index is not an integer. The indexes are based on the value of one or more fields in the entries. • Show figure • To access the instance of the local address for the 1st row, use the OID • udpLocalAddress.181.23.45.14.23
Index for updTable • updTable 1.3.6.1.2.1.7.5 udpEntry 1.3.6.1.2.1.7.5.1 udpLocalAddress udplocalPort • Each of these are with same OID • How to resolve which is which? 181.23.45.14 23 192.13.5.10 161 227.2.45.18 180 230.20.5.24 212
Index for updTable (2) • To access the instance of the local address for the 1st row, we use the OID augmented with the instanceindex: • udpLocalAddress.181.23.45.14.23 • That is 1.3.6.1.2.1.7.5.1.1.181.23.45.14.23 • Note that not all tables are indexed the same way. Some tables are indexed using the value of one field, some suing the value of two fields, and so on. 1.3.6.1.2.1.7.5.1.1.181.23.45.14.23 181.23.45.14 23 1.3.6.1.2.1.7.5.1.1.192.13.5.10.161 192.13.5.10 161 1.3.6.1.2.1.7.5.1.1.227.2.45.18.180 227.2.45.18 180 1.3.6.1.2.1.7.5.1.1.230.20.5.24.212 230.20.5.24 212
Index for updTable (3) • Tables are ordered according to column-row rules, which means one should go column by column as shown in figure 1.3.6.1.2.1.7.5.1.1.181.23.45.14.23 181.23.45.14 23 1.3.6.1.2.1.7.5.1.1.192.13.5.10.161 192.13.5.10 161 1.3.6.1.2.1.7.5.1.1.227.2.45.18.180 227.2.45.18 180 1.3.6.1.2.1.7.5.1.1.230.20.5.24.212 230.20.5.24 212
SNMP Version 1 • SNMPv1 is the initial implementation of the SNMP protocol. • Based on 4 RFCs • RFC-1155: Structure of Management Information • RFC-1157: Simple Network Management Protocol • RFC-1212: Concise MIB Definitions • RFC-1213: Management Information Base II • Operates over such protocols • User datagram Protocol (UDP) • Internet Protocol (IP) • OSI Connectionless Network Service (CLNS) • Apple Talk Datagram Delivery Protocol (DDP) • Novell Internet Packet Exchange (IPX).
SNMPv1 Protocol Operation • SNMP is a simple request-response protocol. • The network management system issues a request, and managed devices return responses. • This behavior is implemented using protocol operations. • SNMP message has the format: • Version Number • Community Name - kind of a password • One or more SNMP PDUs - assuming trivial authentication • SNMPv1 defines five protocol operations: • Get (Request) • GetNext (Request) • Set (Request) • Get (Response) • Trap