330 likes | 410 Views
SNMPv2 Protocol. Prof. Choong Seon HONG. 12.1 Protocol Operations. Three types of access to management information Manager-agent request-response
E N D
SNMPv2Protocol Prof. Choong Seon HONG
12.1 Protocol Operations • Three types of access to management information • Manager-agent request-response • an SNMPv2 entity acting in a manager role sends a request to an SNMPv2 entity acting in an agent role, and the latter SNMPv2 entity acting in an agent role • Manager-manager request-response • An SNMPv2 entity acting a manager role sends a request to an SNMPv2 entity then responds to the request • Agent-manager unconfirmed • An SNMPv2 entity acting in an agent role sends an unsolicited message, termed a “trip,” to an SNMPv2 entity acting in a manager role, and no response is returned • Only second item us new to SNMPv2; the other two types of interaction are found in SNMPv1
12.1.1 SNMP Messages • The structure of a message is specified in SNMPv2 as follows: Message ::= SEQUENCE { Version INTEGER {version(1) }, - version=2 for SNMPv2 Community OCTET STRING, - community name data ANY - an SNMPv2 PDU } • Transmission of an SNMPv2 Message 1. The PDU is constructed, using the ASN.1 structure defined in the protocol specification 2. This PDU is then passed to an authentication service, together with the source and destination transport address and a community name. 3. The protocol entity then constructs a message, consisting of a version field, the community name, and the result from step (2) 4. This new ASN.1 object is then encoded, using the basic encoding rules (BER), and passed to the transport service.
SNMP Messages (cont’d) • Receipt of an SNMPv2 Message • An SNMPv2 entity performs the following actions upon reception of an SMPv2 message Refer P. 366 In practice, the authentication service merely serves to verify that the community name authorizes receipt of messages from the source SNMPv2 entity.
SNMPv2 Access Mode MAX-ACESS Value READ-ONLY READ-WRITE read-only available for get and trap operations available for available for get and read-write get,set,and trap trap operations operations available for available for get and read-create get,set,and trap trap operations operations accessible-for- available for trap operations notify not-accessible unavailable SNMP Messages (cont’d) • Relationship between SNMPv2 MIB MAX-ACCESS Value and Protocol Access Mode (Table 12.1)
0 0 PDU Formats • SNMPv2 PDU Format
PDU Formats (cont’d) • Common fields in the SNMPv2 PDUs • request-id : the value of this field in a response PDU must equal the value in the corresponding field of a request. • error-status : A non-zero value indicates that an exception occurred while processing a request. • error-index : When the error-status field is nonzero, the error-index value identifies the variable (object) in the variable-bindings list that caused the error. • variable-bindings : this field enables a single operation to be applied to a group of object instance. The field consists of a sequence of pairs. The first element in each pair is an object identifier. The second element in each pair is one of the following: • value • unspecified • noSuchObject • noSuchInstance • endOfMibView
PDU Formats (cont’d) • SNMPv2 PDU format definitions (see Fig. 12.3)
PDU Formats (cont’d) • SNMpv2 message structure
SNMPv1 PDU SNMPv2 PDU Direction Description Request value for GetRequest GetRequest Manager to agent each listed object Request next value GetNextRequest GetNextRequest Manager to agent for each listed object Request multiple GetBulkRequest Manager to agent - values Set value for each SetRequest SetRequest Manager to agent listed object Transmit unsolicited InformRequest Manager to agent - information Agent to manager or Repond to manger GetResponse Response manger to manager request (SNMPv2) Transmit unsolicited Trap SNMPv2-Trap Agnet to manager information PDU Formats (cont’d) • Comparison of SNMPv1 and SNMPv2 PDUs
GetRequest, GetNextRequest, SetRequest InformRequest GetBulkRequest noError(0) Х Х Х tooBig(1) Х Х Х noSuchName(2) badValue(3) readOnly(4) genError(5) Х Х Х noAccess(6) Х wrongType(7) Х wrongLength(8) Х wrongEncoding(9) Х wrongValue(10) Х noCreation(11) Х inconsitentValue(12) Х resourceUnavailable(13) Х commitFailed(14) Х undoFailed(15) Х authorizationError(16) Х Х Х notWritable(17) Х inconsitentName(18) Х PDU Formats (cont’d) • Use of Error Status Codes in Response-PDU
PDU Formats (cont’d) • Allowable Values in variable-bindings List
12.1.4 GetRequest PDU • The difference to SNMPv1 is in the way that responses are handled. • SNMPv1 GetRequest operation is atomic: Either all of the values are retrieved or none is retrieved. • In SNMPv2, a variable-bindings list is even if values cannot be supplied for all variables. • If an exception condition related to a variable is found (noSuchObject, noSuchInstance, endOfMibView), then that variable name is paired with an indication of the exception rather a value. • In SNMPv2, response PDU is constructed by processing each variable in the incoming variable list, according to the following rules • If the variable does not have an OBJECT IDENTIFIER prefix that exactly matches the prefix of any variable accessible by this request, then its value field is set to noSuchObject. • Otherwise, if the variable’s name does not exactly match the name of a variable accessible by this request, then its value field is set to noSuchInstance. • Otherwise, the value field is set to the value of the named variable.
GetRequest PDU (cont’d) • If the size of the message that encapsulates the generated response PDU exceeds a local limitation or the maximum message size of the request’s source party, then the response PDU is discarded and a new response PDU is constructed. • The new response PDU has an error-status of tooBig, an errorpindex of zero, and an empty variable-binding field.
12.1.4 GetNextRequest PDU • SNMPv2 GetNextRequest PDU is identical to the SNMPv1 GetNextRequest PDU, in format and semantics. • The only difference is that the SNMPv1 GetNextRequest is atomic • In SNMPv2, a response PDU for a GetNextRequest is constructed by processing each variable in the incoming variable list, according to the following rules. • The variable (object instance) is determined that is in lexicographic order to the named variable. The resulting variable-bindings pair is set to the name and value of the located variable. • If no lexicographic successor exists, then the resulting varible-bindings pair consists of the name of the varible in the request and a variable in the request and a value field set to endOfMibView
GetNextRequest PDU (cont’d) • An example, • Suppose that the management station wishes to retrieve the entire table and does not currently know any of its contents, or even the number of rows in the table. • Then, issue a GetNextRequest with the names of all of the desired columnar objects GetNextRequest (sysUpTime, ipNetToMediaPhysAddress, ipNetToMediaType) Response ( (sysTime.0 = “123456”), (ipNetToMediaPhysAddress.1.9.2.3.4 = “000010543210”), (ipNetToMediaType.1.9.2.3.4 = “dynamic”) )
GetNextRequest PDU (cont’d) • An example subtree of objects and object instances
12.1.5 GetBulkRequest PDU • The purpose of this PDU is to minimize the number of protocol exchange required to retrieve a large amount of management station. • GetBulkRequest PDU allows an SNMPv2 manager to request that the response be as large as possible given the constraints on message size. • GetBulkRequest operation uses the same selection principle as the GetNextRequest operation • Two fields not found in the other PDUs: non-repeaters and max-repetitions
GetBulkRequest PDU (cont’d) • Interpretation of GetBulkRequest fields
GetBulkRequest PDU (cont’d) • Ordering of variable bindings in response to GetBulkRequest
GetBulkRequest PDU (cont’d) • An example • GetBulkRequest [ non-repeaters =1, max-repeatitions = 2 ] (sysUpTime, ipNetToMediaPhysAddress, ipNetToMediaType) • Response ( (sysUpTime.0 = “123456”), (ipNetToMediaPhysAddress.1.9.2.3.4 = “000010543210”), (ipNetToMediaType.1.9.2.3.4 = “dynamic”), (ipNetToMediaPhysAddress.1.10.0.0.51) = “000010012345”), (ipNetToMediaType.1.10.0.0.51 = “static”) )
GetBulkRequest PDU (cont’d) • GetBulkRequest command
12.1.6 SetRequest PDU • The only difference is in the way that responses are handled. • The responding agent determines the size of a message encapsulating a response PDU with the same variable-bindings list of names and values. • If the size exceeds a local limitation or the maximum message size of the request’s source party, a response PDU is constructed with an error-status of tooBig, an error-index of zero, and an empty variable-binding field • The variable bindings are conceptually processed in two phases. • In the first phase, each variable-binding pair, which constitutes an individual set operation, is validated. • If all variable-binding pairs are validated, then each variable is altered in the second phase; that is, each individual set operation is performed in the second phase. • As with SNMPv1, the SNMPv2 set operation is atomic.
12.1.7 SNMPv2-Trap PDU • This PDU fulfills the same role as the SNMP Trap PDU, but with a different format. • The SNMPv2-Trap uses the same format as all other SNMPv2 PDUs except GetBulkRequest, thus easing the processing task at the receiver. • No response is issued to an SNMPv2-Trap PDU
12.1.8 InformRequest PDU • The InformRequest PDU is sent by an SNMPv2 entity acting in a manager role, on behalf of an application, to another SNMPv2 entity acting in a manager role, to provide management information to an application using the latter entity.
12.1.9 Report PDU • There is no definition of how or when to use Report-PDU, because all of the text on usage of Report-PDUs occurred in security-related documents that were subsequently dropped.
12.1.10 Table Operations • See, Page 385 • Highlighting the features of SNMPv2 • Occasionally, an agent will be unable to implement one or more columnar objects in a table. If those objects are mandatory, the agent is noncompliant but still should be able to interoperate with willing managers. The row exchange enables the manager to learn about such objects efficiently. • The agent can often choose a better value for a columnar object than the management station can. In effect, the agent suggests the default value as part of the row creation dialogue.
12.2 Transport Mappings • SNMPv2 onto various transport-level protocols • UDP • OSI connection-less mode Network Service (CLNS) • OSI connection-oriented Network Service (CONS) • Novell Interwork packet Exchange (IPX)
12.3 Coexistence with SNMPv1 • The easiest way to accomplish such an evolution on an existing network is to upgrade the manager systems to support SNMPv2 in a way that allows the coexistence of SNMPv2 managers, SNMPv2 agents, and SNMPv1 agents • Two categories • Management information • Protocol operations • differences between the SNMPv2 and SNMPv1 SMIs • Object definitions • Trap definitions • Compliance definitions • capabilities definitions
SNMPv2 environment SNMPv1 environment GetRequest GetRequest GetNextRequest GetNextRequest SetRequest SetRequest GetBulkRequest GetNextRequest SNMPv2 manager-to-agent PDUs SNMPv1 manager-to-agent PDUs SNMPv2 manager SNMPv2 Agent and proxy SNMPv1 agent SNMPv2 agent-to-manager PDUs SNMPv1 agent-to-manager PDUs GetResponse GetResponse SNMPv2-Trap Trap FIGURE 12.11 Coexistence by means of proxy agent Coexistence with SNMPv1 (cont’d)
Coexistence with SNMPv1 (cont’d) SNMPv2 manager Informrequest,Response Informrequest,Response Bilingual Manager (v1, v2) GetRequest,GetNextRequest, SetRequest SNMPv1 agent GetResponse, Trap SNMPv2-Trap, Response SNMPv2 agent getRequest,getNextRequest getBulkRequest,setRequest