SNMPv2

SNMPv2 Yen-Cheng Chen Department of Information Management National Chi Nan University Puli, Nantou, Taiwan

SNMPv1 • SNMPv1 Protocol • RFC 1157 – Simple Network Management Protocol • SMIv1 Data Definition Language • Full Standards: • RFC 1155 - Structure of Management Information • RFC 1212 - Concise MIB Definitions • Informational: • RFC 1215 - A Convention for Defining Traps • SMIv1 MIB Modules • Full Standards: • RFC 1213 - Management Information Base II • RFC 1643 - Ethernet-Like Interface Types MIB

SNMPv2 • SMIv2 Data Definition Language • Full Standards: • RFC 2578 - Structure of Management Information • RFC 2579 - Textual Conventions • RFC 2580 - Conformance Statements • SMIv2 MIB Modules • Full Standards: • RFC 2819 - Remote Network Monitoring MIB • RFC 3411 - SNMP Framework MIB • RFC 3412 - SNMPv3 MPD MIB • RFC 3413 - SNMP Applications MIBs • RFC 3414 - SNMPv3 USM MIB • RFC 3415 - SNMP VACM MIB • RFC 3418 - SNMP MIB

SNMPv3 • SNMPv3 Protocol • Full Standards: • RFC 3411 - Architecture for SNMP Frameworks • RFC 3412 - Message Processing and Dispatching • RFC 3413 - SNMP Applications • RFC 3414 - User-based Security Model • RFC 3415 - View-based Access Control Model • RFC 3416 - Protocol Operations Version 2 • RFC 3417 - Transport Mappings for SNMP • RFC 3418 - SNMP MIB

Major Changes • Bulk data transfer • Manager-to-manager message • Enhancements to SMI: SMIv2(RFC 2578) • Module definitions: MODULE-IDENTITY macro • Object definitions: OBJECT-TYPE macro • Trap definitions: NOTIFICATION-TYPE macro • Textual conventions (RFC 2579) • Conformance statements (RFC 2580) • Row creation and deletion in table • MIB enhancements • Transport mappings • Security Feature

Structure of Management Information (SMI)

SMIv1, SMIv2 • SMIv1: • SMI (RFC 1155) • Concise MIB (RFC 1212) • Trap-Type (RFC 1215) • SMIv2: • SMIv2 (RFC 2578) • Textual Conventions (RFC 2579) • Conformance Statements (RFC 2580)

Three Parts of SMIv2 • Module definitions • MODULE-IDENTITY • Object definitions • OBJECT-TYPE • Notification difinitions • NOTIFICATION-TYPE

1. MODULE-IDENTITY

MODULE-IDENTITY Example

2. OBJECT-TYPE OBJECT-TYPE MACRO ::= BEGIN TYPE NOTATION ::= "SYNTAX" Syntax UnitsPart "MAX-ACCESS" Access "STATUS" Status "DESCRIPTION" Text ReferPart IndexPart DefValPart VALUE NOTATION ::= value(VALUE ObjectName)

"SYNTAX" Syntax Syntax ::= -- Must be one of the following: -- a base type (or its refinement), -- a textual convention (or its refinement), or -- a BITS pseudo-type type | "BITS" "{" NamedBits "}“ NamedBits ::= NamedBit | NamedBits "," NamedBit NamedBit ::= identifier "(" number ")“ -- number is nonnegative

(Example) SYNTAX BITS protocolDirType OBJECT-TYPE SYNTAX BITS { extensible(0), addressRecognitionCapable(1) } MAX-ACCESS read-only STATUS current DESCRIPTION “…” ::= { protocolDirEntry 5 }

UnitsPart: UNITS UnitsPart ::= "UNITS" Text | empty hrDiskStorageCapacity OBJECT-TYPE SYNTAX KBytes UNITS "KBytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The total size for this long-term storage device. If the media is removable and is currently removed, this value should be zero." ::= { hrDiskStorageEntry 4 } Back to OBJECT-TYPE

"MAX-ACCESS" Access Access ::= "not-accessible" | "accessible-for-notify" | "read-only" | "read-write" | "read-create" ordered from least to greatest: "not-accessible": indicates an auxiliary object "accessible-for-notify": accessible only via a notification "read-only": read only "read-write": read and write, but create does not. "read-create": read, write and create

"STATUS" Status Status ::= "current" | "deprecated" | "obsolete" “current”: the definition is current and valid. “deprecated”: indicates an obsolete definition, it permits new/continued implementation. “obsolete”: the definition is obsolete and should not be implemented.

ReferPart ReferPart ::= "REFERENCE" Text | empty ipForwardTable OBJECT-TYPE SYNTAX SEQUENCE OF IpForwardEntry MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "This entity's IP Routing table." REFERENCE "RFC 1213 Section 6.6, The IP Group“ ::= { ipForward 2 }

NOTIFICATION-TYPE MACRO ::= BEGIN TYPE NOTATION ::= ObjectsPart "STATUS" Status "DESCRIPTION" Text ReferPart VALUE NOTATION ::= value(VALUE NotificationName) ObjectsPart ::= "OBJECTS" "{" Objects "}“ | empty Objects ::= Object | Objects "," Object Object ::= value(ObjectName) Status ::= "current" | "deprecated" | "obsolete" ReferPart ::= "REFERENCE" Text | empty Text ::= value(IA5String) END 3. NOTIFICATION-TYPE NotificationName ::= OBJECT IDENTIFIER

NOTIFICATION-TYPE Example Reference: SNMPv2-MIB (RFC 1907)

OBJECT ?? • OBJECT IDENTIFIER defines the administrative identification of a node in the MIB • OBJECT-IDENTITY macro assigns an object identifier to an object identifier in the MIB • OBJECT-TYPE macro defines the type of a managed object

OBJECT-IDENTITY / OBJECT-TYPE • OBJECT-IDENTITY is high level description • OBJECT-TYPE details description needed for implementation

OBJECT-TYPE

Table Expansion • Augmentation of a table (dependent table) adds additional columns to an existing table(base table) • Dense table enables addition of more rows to base table • Sparse table supplements less rows to a base table

Augmentation of Tables

Appending a Spare Table hrDiskStorageTable OBJECT-TYPE SYNTAX SEQUENCE OF HrDiskStorageEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The (conceptual) table of long-term storage devices contained by the host..." ::= { hrDevice 6 } hrDiskStorageEntry OBJECT-TYPE SYNTAX HrDiskStorageEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A (conceptual) entry for one long-term storage devices contained by the host..." INDEX { hrDeviceIndex } ::= { hrDiskStorageTable 1 } hrDeviceTable OBJECT-TYPE SYNTAX SEQUENCE OF HrDeviceEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The (conceptual) table of devices…" ::= { hrDevice 2 } hrDeviceEntry OBJECT-TYPE SYNTAX HrDeviceEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A (conceptual) entry for one device contained by the host. …" INDEX { hrDeviceIndex } ::= { hrDeviceTable 1 }

Textual Convention • Enables defining new data types • Makes semantics of data types consistent and human readable • Creates new data types using existing ones and applies restrictions to them • An important textual convention in SNMPv2, RowStatus creates and deletes rows

SNMPV1: DisplayString ::= OCTET STRING -- This data type is used to model textual information taken -- from the NVT ASCII character set. By convention, objects -- with this syntax are declared as having -- SIZE (0..255) • SNMPv2: Also see Page 251

InterfaceIndex ::= TEXTUAL-CONVENTION DISPLAY-HINT "d" STATUS current DESCRIPTION "A unique value, greater than zero, for each interface or interface sub-layer in the managed system. It is recommended that values are assigned contiguously starting from 1. The value for each interface sub-layer must remain constant at least from one re-initialization of the entity's network management system to the next re-initialization." SYNTAX Integer32 (1..2147483647)

Creation of Row: RowStatus

Create-and-Go Row Creation Manager Agent Managed Process Process Entity SetRequest ( status.3 = 4, index.3 = 3, Create Instance data.3 = DefData ) Response ( Instance Created status.3 = 1, index.3 = 3, data.3 = DefData )

Create-and-Wait: Row Creation

Row Deletion

SNMPv2 MIB

Conformance Statements for SMIv2 (RFC 2580)

MIB MODULE IMPORTS EXPORTS MODULE-IDENTITY TEXTUAL-CONVENTION OBJECT IDENTIFIER Application Data Types OBJECT-TYPE NOTIFICATION-TYPE OBJECT-GROUP NOTIFICATION-GROUP MODULE-COMPLIANCE I E MI TCs OIs OTs NTs OGs NGs MCs

NG OG OG NT OT OT OT NT NT OT OT OT OT NG NT NT OI OI data types TC E data types TC MI I MC OG OG NG NG MC

Four Macros in SNMPv2-CONF • OBJECT-GROUP macro • NOTIFICATION-GROUP macro • MODULE-COMPLIANCE macro • AGENT-CAPABILITIES macro

Conformance: OBJECT-GROUP • Conformance defined by • OBJECT-GROUP macro • NOTIFICATION-GROUP macro • OBJECT-GROUP • Compiled during implementation, not at run time • OBJECTS clause names each object • Every object belongs to an OBJECT-GROUP • Access defined by MAX-ACCESS, the maximum access privilege for the object

OBJECT-GROUP OBJECT-GROUP MACRO ::= BEGIN TYPE NOTATION ::= ObjectsPart "STATUS" Status "DESCRIPTION" Text ReferPart VALUE NOTATION ::= value(VALUE OBJECT IDENTIFIER) ObjectsPart ::= "OBJECTS" "{" Objects "}" Objects ::= Object | Objects "," Object Object ::= value(ObjectName) Status ::= "current" | "deprecated" | "obsolete" ReferPart ::= "REFERENCE" Text | empty Text ::= value(IA5String) END

OBJECT-GROUP Example hrSWRunGroup OBJECT-GROUP OBJECTS { hrSWOSIndex, hrSWRunIndex, hrSWRunName, hrSWRunID, hrSWRunPath, hrSWRunParameters, hrSWRunType, hrSWRunStatus } STATUS current DESCRIPTION "The Host Resources Running Software Group." ::= { hrMIBGroups 4 }

Conformance: NOTIFICATION-GROUP • NOTIFICATION-GROUP • Contains trap entities defined in SMIv1 • NOTIFICATIONS clause identifies the notifications in the group • NOTIFICATIONS-GROUP macro compiled during implementation, not at run time

NOTIFICATION-GROUP NOTIFICATION-GROUP MACRO ::= BEGIN TYPE NOTATION ::= NotificationsPart "STATUS" Status "DESCRIPTION" Text ReferPart VALUE NOTATION ::= value(VALUE OBJECT IDENTIFIER) NotificationsPart ::= "NOTIFICATIONS" "{" Notifications "}" Notifications ::= Notification | Notifications "," Notification Notification ::= value(NotificationName) Status ::= "current" | "deprecated" | "obsolete" ReferPart ::= "REFERENCE" Text | empty Text ::= value(IA5String) END

NOTIFICATION-GROUP Example linkUpDownNotificationsGroup NOTIFICATION-GROUP NOTIFICATIONS { linkUp, linkDown } STATUS current DESCRIPTION "The notifications which indicate specific changes in the value of ifOperStatus." ::= { ifGroups 14 }

Compliance • Compliance has two classes of groups • MANDATORY-GROUPS ... Required • GROUP …Optional

MODULE-COMPLIANCE MACRO ::= BEGIN TYPE NOTATION ::= "STATUS" Status "DESCRIPTION" Text ReferPart ModulePart VALUE NOTATION ::= value(VALUE OBJECT IDENTIFIER) MODULE-COMPLIANCE

ModulePart ModulePart ::= Modules Modules ::= Module | Modules Module Module ::= "MODULE" ModuleName MandatoryPart CompliancePart ModuleName ::= identifier ModuleIdentifier | empty ModuleIdentifier ::= value(OBJECT IDENTIFIER) | empty MandatoryPart ::= "MANDATORY-GROUPS" "{" Groups "}“ | empty Groups ::= Group | Groups "," Group Group ::= value(OBJECT IDENTIFIER)

CompliancePart (1/2) CompliancePart ::= Compliances | empty Compliances ::= Compliance | Compliances Compliance Compliance ::= ComplianceGroup | Object ComplianceGroup ::= "GROUP" value(OBJECT IDENTIFIER) "DESCRIPTION" Text Object ::= "OBJECT" value(ObjectName) SyntaxPart WriteSyntaxPart AccessPart "DESCRIPTION" Text

SyntaxPart ::= "SYNTAX" Syntax | empty -- must be a refinement for object's SYNTAX clause WriteSyntaxPart ::= "WRITE-SYNTAX" Syntax | empty Syntax ::= type | "BITS" "{" NamedBits "}" NamedBits ::= NamedBit | NamedBits "," NamedBit NamedBit ::= identifier "(" number ")" AccessPart ::= "MIN-ACCESS" Access | empty Access ::= "not-accessible" | "accessible-for-notify" | "read-only" | "read-write" | "read-create" CompliancePart (2/2)

SNMPv2

SNMPv2

Presentation Transcript

SNMP Version 2 SNMPv2

SNMPv1 cont d SNMPv2 II

SNMPv2

SNMP Version 2 (SNMPv2)

Chapter 6 SNMPv2

SNMPv1 (cont’d) & SNMPv2 (II) *

SNMPv2

SNMPv1 (cont’d) & SNMPv2 (II) *

SNMPv2 Overview

SNMPv2 SECURITY: WHAT HAPPENED?

SNMPv2 Protocol

SNMPv2 Management Information

SNMPv2

SNMPv2

Presentation Transcript

SNMP Version 2 SNMPv2

SNMPv1 cont d SNMPv2 II

SNMPv2

SNMP Version 2 (SNMPv2)

Chapter 6 SNMPv2

SNMPv1 (cont’d) &amp; SNMPv2 (II) *

SNMPv2

SNMPv1 (cont’d) &amp; SNMPv2 (II) *

SNMPv2 Overview

SNMPv2 SECURITY: WHAT HAPPENED?

SNMPv2 Protocol

SNMPv2 Management Information

SNMPv1 (cont’d) & SNMPv2 (II) *

SNMPv1 (cont’d) & SNMPv2 (II) *