Download - SNMP Version 2 (SNMPv2)
1
POSTECH DP&NM Lab
SNMP Version 2(SNMPv2)
J. Won-Ki HongDept. of Computer Science and Engineering
POSTECH
Tel: 054-279-2244
Email: [email protected]
2
POSTECH DP&NM Lab
Table of Contents
• The Birth of SNMPv2
• SNMPv2 RFCs
• SNMPv2 Enhancements
• SNMPv2 Protocol Operations
• SNMPv2 Coexistence with SNMPv1
3
POSTECH DP&NM Lab
The Birth of SNMPv2
• a major problem with SNMP is the lack of security• secure SNMP was proposed (July 1992) to solve
this problem in SNMP• Simple Management Protocol (SMP) was also
proposed (July 1992) to extend the SNMP functionality
• secure SNMP + SMP = SNMPv2 (March 1993)• a major security flaw was detected in this
proposal and the security aspects were dropped and the result is community-based SNMPv2 (Jan. 1996)
4
POSTECH DP&NM Lab
SNMPv2 RFCs
• RFC 1901 (experimental) – Introduction to Community-based SNMPv2
• RFC 1902 (draft) -> RFC 2578 (standard)– Structure of Management Information for SNMPv2
(SMIv2)
• RFC 1903 (draft) -> RFC 2579 (standard)– Textual Conventions for SMIv2
• RFC 1904 (draft) -> RFC 2580 (standard)– Conformance Statements for SMIv2
5
POSTECH DP&NM Lab
SNMPv2 RFCs (cont’d)
• RFC 1905 (draft)– Protocol Operations for SNMPv2
• RFC 1906 (draft)– Transport Mappings for SNMPv2
• RFC 1907 (draft)– Management Information Base for SNMPv2
• RFC 1908 (draft)– Coexistence between Version 1 and Version 2 of the
Internet-standard Network Management Framework
6
POSTECH DP&NM Lab
SNMPv2 Key Enhancements• SMIv2 (a superset of SMIv1)
– provides more elaborate specification and documentation of managed objects and MIB modules
• object type macros expanded (see Fig. 11.1, 11.2 & Table 11.2)
• creating and deleting conceptual rows in a table (as used in RMON)
• notification definitions
• information modules
– new SNMP MIB definitions are defined using SMIv2
• Manager-to-Manager Capability– for managing large, distributed networks
• Protocol Operations– bulk management information retrieval– manager-to-manager communication
7
POSTECH DP&NM Lab
Comparison of Data Types
Data Type SNMPv1 SNMPv2 INTEGER X X Unsigned32 X Counter32 X X Counter64 X Gauge32 X X TimeTicks X X OCTET STRING X X IpAddress X X OBJECT IDENTIFIER X X Opaque X X
8
POSTECH DP&NM Lab
Notification Type MACRO
NOTIFICATION-TYPE MACRO ::= BEGIN
TYPE NOTATION ::= ObjectsPart “STATUS” Status “DESCRIPTION” Text ReferPart
VALUE NOTATION ::= value (VALUE NotificationName)ObjectsPart ::= “OBJECTS” “{“ Objects “}” | emptyObjects ::= Object | Objects “,” ObjectObject ::= value (Name ObjectName)Status ::= “current” | “deprecated” | “obsolete”ReferPart ::= “REFERENCE” Text | emptyText ::= “““ string “““
END
9
POSTECH DP&NM Lab
Notification Type Example
coldStart NOTIFICATION-TYPE STATUS current DESCRIPTION
"A coldStart trap signifies that the SNMPv2 entity, acting in an agent role, is
reinitializing itself and that its configuration may have been altered."
::= { snmpTraps 1 }
-- From RFC 1907
10
POSTECH DP&NM Lab
Module Identity MACROMODULE-IDENTITY MACRO ::= BEGIN
TYPE NOTATION ::= “LAST-UPDATED” value (Update UTCTime) “ORGANIZATION” Text “CONTACT-INFO” Text “DESCRIPTION” Text RevisionPart
VALUE NOTATION ::= value (VALUE OBJECT IDENTIFIER)RevisionPart ::= Revisions | emptyRevisions ::= Revision | Revisions RevisionRevision ::= “REVISION” value (Update UTCTime) “DESCRIPTION” TextText ::= “““ string “““END
11
POSTECH DP&NM Lab
Module Identity Example
rmon MODULE-IDENTITY LAST-UPDATED "9605270000Z" ORGANIZATION "IETF RMON MIB Working Group" CONTACT-INFO "Steve Waldbusser (WG Editor) Postal: International Network Services
650 Castro Street, Suite 260 Mountain View, CA 94041
Phone: +1 415 254 4251 Email: [email protected] DESCRIPTION
"The MIB module for managing remote monitoring device implementations. This MIB module augments the original RMON MIB as specified in RFC 1757."
::= { mib-2 16 }
12
POSTECH DP&NM Lab
Object Identity MACRO
OBJECT-IDENTITY MACRO ::= BEGIN
TYPE NOTATION ::= “STATUS” Status “DESCRIPTION” Text ReferPart
VALUE NOTATION ::= value (VALUE OBJECT IDENTIFIER)Status ::= “current” | “deprecated” | “obsolete”ReferPart ::= “REFERENCE” Text | emptyText ::= “““ string “““
END
13
POSTECH DP&NM Lab
Object Identity Example
snmpUDPDomain OBJECT-IDENTITY STATUS current DESCRIPTION "The SNMPv2 over UDP transport domain.
The corresponding transport address is of type SnmpUDPAddress."
::= { snmpDomains 1 }
-- from RFC 1906
14
POSTECH DP&NM Lab
SNMPv2 MIB Access
SNMPv2 Access ModeMIB ACCESSValue READ-ONLY READ-WRITE
read-only Available for get and trap operations
read-writeAvailable for get
and trap operationsAvailable for get, set,and trap operations
read-createAvailable for get
and trap operations
Available for get, set,trap and create
operationsaccessible-for-
notifyAvailable for trap operations
not accessible Unavailable
15
POSTECH DP&NM Lab
SNMPv2 Operations
• GetRequest - get the value for each listed object
• GetNextRequest - get next value for each listed object
• GetBulkRequest - get multiple values
• Response - respond to manager request
• SetRequest - set value for each listed object
• InformRequest - send unsolicited information from a manager to another
• SNMPv2-Trap - send unsolicited information from an agent to a manager
16
POSTECH DP&NM Lab
SNMPv2 PDU Formats
variable-bindings00requestid
PDU type
(a) GetRequest-PDU, GetNextRequest-PDU, SetRequest-PDU, SNMPv2-Trap-PDU, InformRequest-PDU
variable-bindingserrorindex
errorstatus
requestid
PDU type(b) Response-PDU
variable-bindingsmax-
repetitionsnon-
repeatersrequest
idPDU type(c) GetBulkRequest-PDU
valueNnameN. . .value2name2value1name1
(d) variable-bindings
PDUcommunityversion (1) SNMPv2 Message
17
POSTECH DP&NM Lab
GetBulkRequest
• used to minimize the exchanges required to retrieve a large amount of information
• selection principle is the same as GetNextRequest– the next object instance in lexicographic order
• includes a list of (N + R) variable names in the variable-bindings list– the first N variables for retrieving single values– the next R variables for retrieving multiple values
• non-repeaters and max-repetition fields are used to indicate the number of N and R variables
18
POSTECH DP&NM Lab
Interpretation of GetBulkRequest Fields
name1 name2 .... nameN nameN+1 .... nameN+R
For first N variables:provide one value each
(first lexicographic successor)
For last R variables:provide M values each
(first M lexicographic successors)
L = number of names in variable-bindings fieldN = MAX [ MIN (non-repeaters, L), 0 ]M = MAX [ max-repetitions, 0 ]R = L - N
19
POSTECH DP&NM Lab
GetBulkRequest Example
NMS
Agent(e.g, router)
x Y
Table
Agent returns singlevalue for X, Y, and six
rows of table
GetBulkRequest (non-repeaters = 2, max-repeaters = 6, X, Y, TA, TB, TC)
Manager issues request with six variable names; for the first two variable (non-repeaters=2),a single value is requested; for the remaining variablessix successive values (max-repeaters=6) are requested.
Response [X, Y, TA(1), TB(1), TC(1), TA(2), TB(2), TC(2), TA(3), TB(3), TC(3), TA(4), TB(4), TC(4), TA(5), TB(5), TC(5),
TA(6), TB(6), TC(6) ]
TA TB TC
20
POSTECH DP&NM Lab
SNMPv2-Trap and InformRequest
• SNMPv2-Trap– is sent from an agent to a manager when an unusual e
vent occurs– no response is required
• InformRequest– is sent from a manager for passing information to an ap
plication running in another manager– Response PDU is used to acknowledge the request– for hierarchical or distributed management where multip
le managers are involved
21
POSTECH DP&NM Lab
SNMPv2 PDU SequencesManager Agent
GetRequest PDU
Response PDU
Manager Agent
SetRequest PDU
Response PDU
Manager Agent
GetNextRequest PDU
Response PDU
Manager Agent
SNMPv2-Trap PDU
Manager Agent
GetBulkRequest PDU
Response PDU
Manager Manager
InformRequest PDU
Response PDU
22
POSTECH DP&NM Lab
PDU Comparisons
SNMPv1 SNMPv2 Direction Description
GetRequest GetRequest Manager to agent Request value for each listed object
GetNextRequest GetNextRequest Manager to agent Request next value for each listed object
----- GetBulkRequest Manager to agent Request multiple values
SetRequest SetRequest Manager to agent Set value for each listed object
----- InformRequest Manager to managerTransmit unsolicited information
GetResponse Response Agent to manager
or manager to Response to manager request
manager(SNMPv2)
Trap SNMPv2-Trap Agent to manager Transmit unsolicited information
23
POSTECH DP&NM Lab
Transport Mappings
• RFC 1906 specifies the mapping of SNMPv2 onto the following transport protocols– User Datagram Protocol (UDP)– OSI Connectionless-Mode Network Service (CLNS)– OSI Connection-Oriented Network Service (CONS)– Novell Internetwork Packet Exchange (IPX)– Appletalk
• The SNMPv2 document states that UDP is the preferred mapping
24
POSTECH DP&NM Lab
Coexistence by Means of Proxy Agent
ProxyAgent
SNMPv1agent
SNMPv2manager
SNMPv2 environment SNMPv1 environment
GetRequest GetRequest
GetNextRequest GetNextRequest
SetRequest SetRequest
GetBulkRequest GetNextRequest
Response GetResponse
SNMPv2-Trap Trap
SNMPv2 manager-to-agentPDUs
SNMPv1 manager-to-agentPDUs
SNMPv2 agent-to-manager PDUs
SNMPv1 agent-to-manager PDUs
25
POSTECH DP&NM Lab
Coexistence by Means of Bilingual Manager
Bilingualmanager(v1, v2)
SNMPv2manager
SNMPv1agent
SNMPv2agent
GetRequest, GetNextRequest,SetRequest
GetResponse, Trap
InformRequest, ResponseInformRequest, Response
SNMPv2-Trap, Response
getRequest, getNextRequest
getBulkRequest, setRequest
26
POSTECH DP&NM Lab
Summary
• SNMPv2 is a natural extension of SNMPv1• Key enhancements in SNMPv2 are:
– more elaborate MIB specification capability (SMIv2)– Manager-to-Manager communication– Bulk information transfer
• SNMPv2 failed to improve on security• More powerful but more complex than SNMPv1• SNMPv3 focuses on improving the security
aspect