14-snmp
DESCRIPTION
Class Room PresentationTRANSCRIPT
-
SNMP
(Simple Network Management Protocol)
What is SNMP ? Why SNMP is required ? SNMP versions SNMP messages
1 OPM
-
SNMP
SNMP is developed by IETF.
SNMP operates in application layer of Internet Protocol Suit.
It is an Internet-standard protocol for managing devices on IP networks and is a component (part) of the Internet Protocol Suit
(TCP/IP).
It is used to monitor, control and coordinate network-attached devices for conditions that warrant administrative attention.
2 OPM
-
SNMP (cont.)
An SNMP-managed network consists of three key components:
Managed device.
Agent
Manager
The Agent contains only MIB while Manager contains both MDB & MIB.
The SNMP agent receives Manager requests on UDP port 161. The manager may send requests from any available source port to port 161 to the agent.
The agent response is sent back to the source port on the manager. The manager receives notifications/Traps on UDP port 162.
3 OPM
-
The features of SNMP which make it popular:
Its design is simple, easier to implement for network of any size.
Its simple design makes it easy for a user to program variables need to be managed.
It is popular and extensible.
4 OPM
-
SNMP (INTERNET) Model
SNMP Network Management
Organization submodel
Information subModel
Communication subModel
Functional subModel
5 OPM
-
SNMP (INTERNET) Model (Cont.)
Organization Model Relationship between network element, agent, and manager Hierarchical architecture
Information Model Uses ASN.1 syntax SMI (Structure of Management Information) MIB ( Management Information Base)
Communication Model Transfer syntax SNMP over TCP/IP Communication services addressed by messages
Functional model addressed in terms of operations, administration and security. The accounting function is not addressed by the SNMP model.
6 OPM
-
Two-Tier Organization Model
Network
Element
SNMPAgent
SNMP
Manager
Network
Element
Network Agent
SNMP
Manager
SNMP
Manager
(a) One Manager - One Agent Model (b) Multiple Managers - One Agent Model
7 OPM
-
Three-Tier Organization Model: RMON
Managed
Objects
SNMP
Manager
RMON
Probe
8 OPM
-
Three-Tier Organization Model:
Proxy Server
Non-SNMP
Managed
Objects
SNMP
Manager
Proxy
Server
SNMP
Managed
Objects
9 OPM
-
An NMS behaving as Manager and Agent
SNMP
Agent
SNMP
Manager
SNMP
Agent
SNMP
Manager
SNMP Agent
Network
Element
Network
Element
SNMP Agent
10 OPM
-
Information model
It deals with Structure of Management Information (SMI) and Management Information Base (MIB).
Structure of Management Information (SMI)
Defines standard unique names and identifiers for objects
Defines standard formats (syntax) for objects to use in MIB
Management Information Base (MIB)
MIB is a simple database
Hierarchy of information about a device is maintained.
Uniquely identifies specific information on a specific device Object Type
Name and Object Identifier
Relationship between various managed objects
11 OPM
-
Object names and identifiers
internet OBJECT IDENTIFIER ::= {iso(1) org(3) dod(6) internet(1)}
The object identifier of internet is 1.3.6.1
iso (1)
org (3)
dod (6)
internet
(1)
12 OPM
-
Subnodes under internet node in SNMPv1
internet
(1 3 6 1)
directory
(1)
mgmt
(2)
experimental
(3)
private
(4)
13 OPM
-
Subnodes under internet node in SNMPv1
(cont.)
The directory (1) is reserved for future use (now used by SNMPv2 & SNMPv3 to manage OSI based & other networks) of OSI directory in the internet.
The mgmt (2) node is used to identify all IETF recommended and IAB (Internet Architecture Board) approved subnodes and objects.
The experimental (3) objects under IETF experiments.
The private (4) is heavily used node, Commercial vendors can acquire a number under enterprises (1).
14 OPM
-
A private subtree for commercial vendors
internet
(1 3 6 1)
private
(4)
Cabletron
(52)
3Com
(43)
hp
(11)
cisco
(9)
enterprises
(1)
ibm
(2)
* 37519 enterprise numbers has been issued under enterprises node up to 3 March 2011 and list is growing day by day.
15 OPM
-
MIB Management Information Base
Object IDentifier (OID)
- Example .1.3.6.1.2.1.1
- iso(1) org(3) dod(6) internet(1) mgmt(2) mib-2(1) system(1)
-
1
3
6
1
1
2 3
4
1
1
2 4
6
iso(1)
org(3)
dod(6)
internet(1)
directory(1)
mgmt(2) experimental(3)
private(4)
mib-2(1)
system(1)
interfaces(2) ip(4)
tcp(6)
16 OPM
-
MIB Management Information Base
Maintains SNMP instances (values)
- Each MIB object can have an instance.
iso(1) org(3) dod(6) internet(1) mgmt(2) mib-2(1) interfaces(2) ifTable(2) ifEntry(1) ifType(3)
- One MIB object definition can represent multiple instances
through Tables, Entries, and Indexes.
17 OPM
-
MIB-II
mgmt
(2)
directory
(1)
experimental
(3)
private
(4)
Internet
{1 3 6 1}
mib-2
(1)
Internet MIB-II Group
system (1)
interfaces (2)
at (3)
ip (4)
icmp (5)
snmp (11)
transmission (10)
cmot (9)
egp (8)
udp (7)
tcp (6)MIB-II objects are divided into 11 group but may increase in future
Objects that are related, are grouped into object group
18 OPM
-
MIB-II groups
System group contains the objects that describe system administration Interface group defines the interfaces of the network components and network parameters associated with each interface.
Address Translation (AT) group is a cross-reference table between the IP address and the MAC (physical) address.
IP (Internet Protocol) network layer protocol ICMP (Internet Control Management Protocol) TCP (Transport Control Protocol) connection oriented transport layer protocol UDP (User Datagram Protocol) connectionless transport layer protocol EGP (External Gateway Protocol) is a routing protocol CMOT (CMIP over TCP/IP) is used to manage internet using CMIP
The above mentioned protocol groups contain objects of corresponding protocol
Transmission group was created as a place holder for network transmission related parameters
SNMP group is the communication protocol group associated with SNMP
management 19 OPM
-
Communication model
To exchange management information between Manager and Agent following messages are used:
SNMP (SNMPv1) (total 5 messages) Get-Request
Get-Next-Request
Set-Request
Get-Response
Trap
SNMPv2 and SNMPv3 consists of two more messages (total 7 including 5 mentioned above)
Get-Bulk-Request
Inform-Request
20 OPM
-
SNMP Manager
Application
Get
-Res
pons
e
Get
-Req
uest
Get
Nex
t-Req
uest
Set
-Req
uest
Trap
SNMP Manager
SNMP
UDP
IP
DLC
PHY
SNMP Agent
Application
Get
-Res
pons
e
Trap
SNMP Agent
SNMP
UDP
IP
DLC
PHY
Physical Medium
Figure 4.9 SNMP Network Management Architecture
Manage-
ment
Data
Get
-Req
uest
Get
Nex
t-Req
uest
Set
-Req
uest
SNMP Communication
21 OPM
-
Basic operations contd..
Manager Agent
get_request
get_next_request
get_response port 161
port 161
port 161
port 161 port 162
get_response
get_response
set_request
trap
22 OPM
-
SNMP Messages
Get-Request Sent by manager requesting specific data from agent
Get-Next-Request Sent by manager requesting data of the next Managed Object to the one
specified
Set-Request Initializes or changes the value of network element/parameter
Get-Response Agent responds with data for get and set requests from the manager
Trap (Notification) Alarm generated by an agent
23 OPM
-
SNMP Message transmission (GetRequest, GetNextRequest, SetRequest, GetResponce)
IP
header
UDP
header
SNMP
Version
SNMP
Community
PDU type Request
ID
Error
status
Error
index
Variable
bindings
SNMP PDU
UDP
header
MAC
header
IP
header
UDP
header
Physical Layer
Application Layer
Transport Layer
Network Layer
Data Link Layer
Transport Medium
SNMP Message
PHY
header
Modulation information
SNMP Message
SNMP Message
SNMP Message
MAC
header
IP
header
UDP
header SNMP Message
24 OPM
-
SNMP PDU fields
PDU type- Specifies the type of PDU transmitted: GetRequest [0], GetNextRequest [1], SetRequest [2], GetResponse [3] and Trap [4] .
Request ID- Associates SNMP requests with responses.
Error status- Indicates one of the errors and error types. Only the response operation sets this field. Other operations set this field to zero. 0x00 No error occurred 0x01 Response message too large to transport 0x02 The name of the requested object not found 0x03 A data type in the request did not match the data type in the
SNMP agent 0x04 The SNMP manager attempted to set a read-only parameter 0x05 General Error (some error other than the one listed above)
25 OPM
-
SNMP PDU fields (cont.)
Error index- Associates an error with a particular object instance. Only the response operation sets this field. Other operations set this
field to zero.
Variable bindings- Serves as the data field of the SNMPv1 PDU. Each variable binding associates a particular object instance with
its current value (except Get and GetNext requests, for which the
value is ignored).
26 OPM
-
SNMP version & community
SNMP version:
SNMPv1 (0), SNMPv2 (1), SNMPv3 (2)
SNMP Community Strings :
An SNMP community string is a text string that acts as a password.
It is used to authenticate messages that are sent between the management station and the device (the SNMP agent).
The community string is included in every packet that is transmitted between the SNMP manager and the SNMP agent.
27 OPM
-
Fields in SNMP message
28 OPM
-
SNMP Message transmission (Trap PDU)
IP
header
UDP
header
SNMP
Version
SNMP
Community
PDU type enterprise Agent-
address
Generic
trap
Specific
trap
SNMP PDU
UDP
header
SNMP Message
MAC
header
IP
header
UDP
header
Physical Layer
Application Layer
Transport Layer
Network Layer
Data Link Layer
Transport Medium
Time
stamp
Variable
binding
SNMP Message
PHY
header
Modulation information
SNMP Message
SNMP Message
29 OPM
-
SNMP PDU fields (trap message)
PDU type --Specifies the type of PDU (Trap=4).
Enterprise -- Identifies the management enterprise under whose registration authority the trap was defined.
Agent address- - IP address of the agent, used for further identification.
Specific trap type -- Used to identify a non-generic trap when the Generic Trap Type is enterprise specific.
Timestamp -- Value of the sysUpTime object, representing the amount of time elapsed between the last (re-)initialization and the generation of that Trap.
30 OPM
-
SNMP PDU (trap) fields (cont.)
Generic trap type -- Field describing the event being reported. The following seven values are defined:
Generic Trap Type Description (brief) coldStart (0) Sending protocol entity is reinializing itself; agents configuration or
protocol entity implementation may be altered
warmStart (1) Sending protocol entity is reinializing itself; agents configuration or protocol entity implementation will not alter
linkDown (2) Failure of one of the communication link
linkUp (3) One of the link has come up
authenticationFailure (4) Authentication failure
egpNeighborLoss (5) Loss of EGP neighbor
enterpriseSpecific (6) Enterprise-specific trap 31 OPM
-
SNMP Message transmission (GetBulkRequest PDU)
IP
header
UDP
header
SNMP
Version
SNMP
Community
PDU type Request
ID
Non-
Repeaters
Max
Repetition
Variable
bindings
SNMP PDU
UDP
header
MAC
header
IP
header
UDP
header
Physical Layer
Application Layer
Transport Layer
Network Layer
Data Link Layer
Transport Medium
SNMP Message
PHY
header
Modulation information
SNMP Message
SNMP Message
SNMP Message
32 OPM
-
SNMP PDU (GetBulkRequest) fields
PDU type value is 5.
Two new fields in SNMP PDU are:
Non-Repeaters field indicates the number of non-repetitive field value requested.
Max Repetitions field designates the maximum number of table rows requested.
33 OPM
-
SNMP message (InformRequest)
The packet format of InformRequest message is same as of GetRequest, GetNextRequest, SetRequest , GetResponce messages.
PDU type value is 6.
Generally InformRequest is used to send notification from one SNMP Manager to another SNMP manager.
The SNMP manager that receives an Inform Request message acknowledges the message with an SNMP Response PDU.
Traps are unreliable because the receiver does not send any acknowledgment when it receives a trap. The sender cannot determine if the trap was received.
In some cases InformRequest message is used at place of Traps message due to reliability for notification from Agent to Manager.
34 OPM
-
Functional Model
It consists of:
Operation (Configuration , Fault & Performance ) Management
Administration (Authentication)
[Accounting management is left open for service providers]
Security (Community String, ACCESS)
35 OPM
-
SNMP Security
SNMP Community Strings (like passwords)
ACCESS:
- READ-ONLY: You can send out a Get & GetNext to the SNMP agent, and
if the agent is using the same read-only string it will process the request.
- READ-WRITE: Get, GetNext, and Set. If a MIB object has an ACCESS
value of read-write, then a Set PDU can change the value of that object
with the correct read-write community string.
36 OPM
-
Security in SNMPv1 & SNMPv2
SNMPv1 uses plain text community strings for authentication as plain text without encryption.
SNMPv2 was supposed to fix security problems beyond SNMP community, but effort de-railed (The c in SNMPv2c stands for
community).
37 OPM
-
SNMPv3 Security
SNMPv3 has numerous security features: Ensures that a packet has not been tampered with (integrity due to encryption)
Ensures that a message is from a valid source (authentication using login ID & password)
Ensures that a message cannot be read by unauthorized (privacy due to encryption).
Security model of SNMPv3 has two components: 1.Instead of granting access rights to a community, SNMPv3 grants access to users
(after verifying authentication).
2. Access can be restricted to sections of the MIB:
by specifying a range of valid IP addresses for a user or community,
or by specifying the part of the MIB tree that can be accessed.
38 OPM
-
RMON (Remote network MONitoring)
Remote Monitoring (RMON) is a standard monitoring specification that enables various network Probes or monitors that send monitoring data to manager.
Probe consists of physical object/device with Processor (Router/Switch/Computer) and Agent function with RMON specification .
There are 2 versions of RMON: RMON1 (RMONv1)and RMON2 (RMONv2).
39 OPM
-
Diagram of the RMON MIB
MIB 1&2
MIB 1
MIB 2
Root
ISO Org
DoD
Internet
Mgmt Private
RMON1
1. Statistics
9. Event
7. Filter
8. Capture
6. Matrix
5. Host Top N
4. Hosts
3. Alarm
2. History
10. Token Ring
RMON2
11. Protocol Directory
19. Probe Configuration
17. Application-Layer Matrix
18. User History
16. Application-Layer Host
15. Network-Layer Matrix
14. Network-Layer Host
13. Address Map
12. Protocol Distribution
20. RMON Conformance
RMON
40 OPM
-
RMON1 MIB Groups
Statistics - Traffic and error rates on a segment of network
History - Above statistics with a time stamp
Alarm - User defined threshold alarms on any RMON variable
Hosts - Traffic and error rates for each host by MAC address
Host Top N - Sorts hosts by top traffic and/or error rates
Matrix - Conversation matrix between hosts
Filter - Definition of what type of packet to capture and store
Packet Capture - Creates a capture buffer on the probe that can be requested and decoded by the management application
Event - Generates login entries and/or SNMP traps
Token Ring - Token Ring extensions, most complex group
41 OPM
-
RMON2 MIB Groups Protocol Directory - List of protocols the probe can monitor
Protocol Distribution - Traffic statistics for each protocol
Address Map - Maps network-layer to MAC-layer addresses
Network-Layer Host - Traffic statistics to and from each discovered host
Network-Layer Matrix - Traffic statistics on conversations between pairs of discovered hosts
Application-Layer Host - Traffic statistics to and from each host by protocol providing insight into the use and growth of applications
Application-Layer Matrix - Traffic statistics on conversations between pairs of hosts by protocol
User History Collection - Periodic samples of user-specified variables
Probe Configuration - Remote configuration of probe parameters
RMON Conformance - Requirements for RMON2 MIB conformance (specify mandatory or optional group)
42 OPM
-
RMON Groups
RMON delivers information in RMON1 and RMON2 groups of monitoring elements, each group provides specific sets of data to meet common
network-monitoring requirements.
Each group is optional so that vendors do not need to support all the groups within the Management Information Base (MIB).
Some RMON groups require support of other RMON groups to function properly.
43 OPM
-
RMON operation
RMON solutions are comprised of two components: a probe ( or a monitor or RMON agent), and Clint usually a management station (Manager).
Probes (RMON agent) store network information within their RMON MIB and are normally found as embedded software on network hardware such as
routers and switches although they can be a program running on a Computer.
Probes can only see the traffic that flows through them so they must be placed on each LAN segment or WAN link that is to be monitored.
Management stations (Manager) communicate with the RMON agent or probe, using SNMP messages to obtain and correlate RMON data.
44 OPM