CSE4884 Network Design and Management

Lecturer: Dr Carlo Kopp, MIEEE, MAIAA, PEng

Lecture 19-20

Simple Network Management Protocol Family

References and Reading Burke J.R., Network Management; Concepts and

Practice, Pearson/Prentice-Hall, 2004 – Ch.2 onward Wikipedia -

http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol

http://www.cs.tcd.ie/Karl.Quinn/openresources/NDS23Nov04.ppt

Cisco SNMP Command Reference Dcoument -http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/fun_r/cfr_1g11.pdf ; also http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/snmp.htm

Request for Comments: 1441; Introduction to version 2 of the Internet-standard Network Management Framework - http://tools.ietf.org/html/rfc1441

Situational Awareness A critical problem for any network manager is

maintaining situational awareness about the state of the network.

The manager must know at all times what devices are in what state and how this impacts overall network performance and function.

With situational awareness the network manager is ‘flying blind’ and thus is not aware of malfunctions or performance problems as they arise.

Network management software tools can provide situational awareness by automating monitoring of networks.

SNMP is the most widely used management tool in IP networks.

Network Management Protocols - Background Mid to early 1980s – proprietary network management

software, usually designed to be mutually incompatible. 1987 – Simple Gateway Monitoring Protocol (SGMP)

defined in RFC 1028 ; SGMP designed to monitor interface type, status, route type and route protocol in use; implemented to run over UDP.

Common Management Information Protocol (CMIP) defined in ITU X.700 and RFC 1095 as a replacement to SGMP, based on the OSI protocol suite rather than IP; developed in competition with SNMP; more complex than SNMP; not as widely used as SNMP; CMIP over TCP (CMOT) abandoned in 1989.

1990 – SNMPv1 recommended standard for IP networks.

1993 – SNMPv2 introduced; 1999-2002 – SNMPv3.

Network Management (Cisco)

SNMP Protocol

SNMP was devised to manage network devices. SNMP is literally a simple protocol, which provides a

limited command set. SNMP runs a Master Agent server program or ‘daemon’

as a background process on a network device, or as a foreground task on a simpler network device.

The SNMP Master Agent server responds to commands issued by an SNMP client program on a management system.

SNMP defines a Management Information Base (MIB) for devices. A MIB is a heirarchical database of objects each of which describes the state of a device.

SNMP Design Aims – IETF RFC 1157 “(1) The development cost for management agent

software necessary to support the protocol is accordingly reduced.

(2) The degree of management function that is remotely supported is accordingly increased, thereby admitting fullest use of internet resources in the management task.

(3) The degree of management function that is remotely supported is accordingly increased, thereby imposing the fewest possible restrictions on the form and sophistication of management tools.

(4) Simplified sets of management functions are easily understood and used by developers of network management tools.”

Must be extensible, and device independent.

SNMP Model (Cisco)

SNMP Functions – IETF RFC 1157 “The strategy implicit in the SNMP is that the monitoring

of network state at any significant level of detail is accomplished primarily by polling for appropriate information on the part of the monitoring center(s).”

“A limited number of unsolicited messages (traps) guide the timing and focus of the polling.”

“Limiting the number of unsolicited messages is consistent with the goal of simplicity and minimizing the amount of traffic generated by the network management function. “

In plain language, SNMP aims to minimise complexity by using a very simple model for accessing devices, but retains the capability to generate asynchronous traps when important conditions arise.

Limitations of Polling Technique

Polling involves a client station periodically interrogating the status of individual devices to collect information.

The large the number of devices to be polled, the greater the interval between visits.

Polling is acceptable for the monitoring of slow changing events; most network management information is slow changing.

The trap mechanism in SNMP is used to handle small numbers of critical events, which cannot wait for the duration of a whole polling cycle.

Four Basic SNMP Operations

The Get command is generated by a client to monitor managed devices. Variables that are maintained by managed devices are read back.

The Set command is generated by a client to control managed devices. The values of variables stored within managed devices are changed.

The Trap command is generated by managed devices; it asynchronously signals events to theclient. When specific events occur, the managed device sends a trap to the client.

Traversal operations are used by clients to establish which variables a managed device can support; also to sequentially gather information in variable tables, such as a routing table.

SNMP MIBs (Cisco)

A Management Information Base (MIB) is a hierarchically organized collection of information.

A MIB comprises managed objects which are identified by object identifiers.

managed object - MIB object - an object – MIB – common industry usage of language.

Managed objects are scalar or tabular. Scalar objects will define a single instance of an object. Tabular objects will define multiple instances of related

objects, grouped in MIB tables. Object identifier / object ID will uniquely identify a

managed object in the MIB hierarchy. The MIB hierarchy is tree structured.

SNMP MIBs (Cisco)

Top-level MIB object IDs belong to different standards organizations.

Lower-level object IDs are allocated by associated organizations.

Vendors can define private branches in the MIB tree, which include managed objects for their own products.

MIBs that have not been standardized are usually positioned in the experimental branch.

MIB Hierarchy (Cisco)

MIB Hierarchy (Cisco)

SNMP vs Security

SNMP has only trivial authentication therefore is vulnerable to unauthorised accesses.

SNMP security risks:

1. Masquerading.

2. Modification by unauthorised users.

3. Sequence and timing modification – replaying messages.

4. Disclosure – unauthorised gathering of data. Often Set operations not implemented at expense of

utility.

SNMP V1 Messaging (Cisco)

Version Number

Community Name

Identifies PDU type

Protocol Data Unit

Associates Response with Request Objects and Values

Get, GetNext, Response, and Set PDU Format

SNMP V1 Messaging (Cisco)

Version Number

Community Name

Type of managed object generating the trap

Protocol Data Unit

Objects and Values

Trap PDU Format

SNMP V2 Messaging (Cisco)

Identifies PDU type

Version Number

Community Name Protocol Data Unit

Associates Response with Request Objects and Values

Get, GetNext, Inform, Response, Set, and Trap PDU Format

SNMP PDU (Message) Classes

SNMPv3 PDU Class

Description SNMPv1 PDUsSNMPv2/SNMPv3

PDUs

Read

Messages that read management information from a managed device using a polling mechanism.

GetRequest-PDU, GetNextRequest-PDU

GetRequest-PDU, GetNextRequest-PDU,GetBulkRequest-PDU

Write

Messages that change management information on a managed device to affect the device's operation.

SetRequest-PDU SetRequest-PDU

ResponseMessages sent in response to a previous request.

GetResponse-PDU Response-PDU

Notification

Messages used by a device to send an interrupt-like notification to an SNMP manager.

Trap-PDUTrapv2-PDU,

InformRequest-PDU

http://www.tcpipguide.com/free/t_SNMPProtocolGeneralOperationCommunicationMethodsan-2.htm

SNMP MIB Model

MIB Objects described in Structure of Management Information Version 2 (SMIv2) format, based on ISO/ITU Abstract Syntax Notation One (ASN.1) syntax.

There are a very large number of MIBs defined for specific network devices and entities.

Example index is at http://www.icir.org/fenner/mibs/mib-index.html or http://www.mibdepot.com/index.shtml

Specific MIB entries might be:

1. ADSL-LINE-EXT-MIB

2. ADSL-LINE-EXT-MIB

3. IPV6-ICMP-MIB

4. DIFFSERV-POLICY-MIB

SNMP MIB Model

MIBs are often specific or peculiar to particular devices and may include proprietary extensions.

An SNMP client must understand the MIBs used by an SNMP agent server.

Managing MIBs is an issue in its own right. For instance the mibDepot website hosts ~7300 SNMP MIBs covering ~1,000,000 MIB object definitions.

Example - MG-SOFT MIB Compiler

Example – NuDesign Visual MIBrowser®

RMON: Remote Monitoring MIBs RMON1 and RMON2 MIBs permit monitoring of network

traffic. Implemented to support management of LAN segments. RMON1 objects - Statistics, History, Alarm, Host,

HostTopN, Matrix, Filters, Packet Capture, Events. RMON2 objects - Protocol Directory, Protocol

Distribution, Address mapping, Network Layer host, Network layer matrix, Application layer host, Application layer matrix, Probe configuration.

RMON1 or 2 agent usually implemented as a daemon or background task embedded in the firmware of a network device.

The SNMP client must access the objects to gather the statistics.

Filters

RMON: Remote Monitoring MIBs

Javvin Technologies, Inc Image

Example - iReasoning MIB browser

Tutorial

Q&A + Discussion