mj08/07041 session 08 snmpv2 adapted from network management: principles and practice © mani...
Post on 21-Dec-2015
222 views
TRANSCRIPT
MJ08/0704 1
Session 08SNMPv2
Adapted from Network Management: Principles and Practice © Mani Subramanian 2000 and solely used for Network Management course at Universitas Bina Nusantara
MJ08/0704 2
Major Changes
• Bulk data transfer• Manager-to-manager message• Enhancements to SMI: SMIv2
• Module definitions: MODULE-IDENTITY macro• Object definitions: OBJECT-TYPE macro• Trap definitions: NOTIFICATION-TYPE macro
• Textual conventions• Conformance statements• Row creation and deletion in table• MIB enhancements• Transport mappings• Security features, originally to be in SNMPv2 moved to
SNMPv3• SNMPv2, like SNMPv1, is community-based administrative
framework
MJ08/0704 3
SNMPv2 Internet Group
• Objects added to System group• Extensive modification of the SNMP group• Additional SNMPv2 group added• Security group is a placeholder
SNMPv2
mgmt(2)
directory(1)
experimental(3)
private(4)
Internet{1 3 6 1}
security(5)
snmpv2(6)
MJ08/0704 4
SNMPv2 NM Architecture
SNMP ManagerApplication
res
po
ns
e
ge
t-b
ulk
-re
qu
es
t
ge
t-n
ex
t-re
qu
es
t
se
t-re
qu
es
t
sn
mp
V2
-tra
p
SNMP Manager
SNMP
UDP
IP
DLC
PHY
Physical Medium
ge
t-re
qu
es
t
info
rm-r
eq
ue
st
SNMP Agent
SNMP
UDP
IP
DLC
PHY
SNMP AgentApplication
res
po
ns
e
ge
t-b
ulk
-re
qu
es
t
ge
t-n
ex
t-re
qu
es
t
se
t-re
qu
es
t
sn
mp
V2
-tra
p
ge
t-re
qu
es
t
SNMP Manager
SNMP
UDP
IP
DLC
PHY
SNMP ManagerApplication
res
po
ns
e
ge
t-b
ulk
-re
qu
es
t
ge
t-n
ex
t-re
qu
es
t
se
t-re
qu
es
t
sn
mp
V2
-tra
p
ge
t-re
qu
es
t
info
rm-r
eq
ue
st
SNMPPDU
ApplicationPDU
Physical Medium
ApplicationPDU
SNMPPDU
MJ08/0704 5
SNMPv2 New Messages
• inform-request• manager-to-manager message
• get-bulk-request• transfer of large data
• report• not used
MJ08/0704 6
OBJECT
• OBJECT IDENTIFIER defines the administrative
identification of a node in the MIB • OBJECT-IDENTITY macro assigns an object identifier to an
object identifier in the MIB• OBJECT-TYPE macro defines the type of a managed object
MJ08/0704 7
Table Expansion
• Augmentation of a table (dependent table) adds
additional columns to an existing table (base table)• Dense table enables addition of more rows to base
table• Sparse table supplements less rows to a base table
MJ08/0704 8
Textual Convention
• Enables defining new data types• Makes semantics of data types consistent and
human readable• Creates new data types using existing ones and
applies restrictions to them• An important textual convention in SNMPv2,
RowStatus creates and deletes rows
MJ08/0704 9
Conformance: OBJECT-GROUP
• Conformance defined by• OBJECT-GROUP macro• NOTIFICATION-GROUP macro
• OBJECT-GROUP• Compiled during implementation, not at run
time• OBJECTS clause names each object• Every object belongs to an OBJECT-GROUP• Access defined by MAX-ACCESS, the maximum
access privilege for the object
MJ08/0704 10
Conformance: NOTIFICATION-GROUP
• Contains trap entities defined in SMIv1• NOTIFICATIONS clause identifies the notifications in the group• NOTIFICATIONS-GROUP macro compiled during implementation, not at run time
MJ08/0704 11
Compliance
• Compliance has two classes of groups• MANDATORY- GROUPS (Required)• GROUP (Optional)
MJ08/0704 12
Agent Capabilities
• AGENT-CAPABILITIES macro• SUPPORTS modules and includes groups• VARIATION identifies additional features
MJ08/0704 13
SNMPv2 MIB
mgmt(2
directory(1)
experimental(3)
private(4)
Internet{1 3 6 1}
security(5)
snmpv2(6)
snmpdomains(1)
snmpProxys(2)
snmpModules(3)
snmpMIB(1)
mib-2(1)
system(1)
snmp(11)
snmpMIBConformance(2)
snmpMIBObjects(1)
MJ08/0704 14
SNMPv2 MIB
• Security is a placeholder• System group: A table sysORTable added that
lists resources that the agent controls; NMS configures NE through the agents.
• Most of the objects in the SNMPv1 obsoleted• Object Groups and Notification Groups defined
for conformance specifications.
MJ08/0704 15
SNMPv2 System Group (RFC 1907)
sysDescr (1)
system(mib-2 1)
sysObjectId (2)sysUpTime (3)
sysContact (4)
sysORLastChange (8)sysServices (7)
sysLocation (6)
sysName (5)sysORTable (9)
sysOREntry (1)
sysORIndex (1)
sysORID (2) sysORDescr (3)
sysORUpTime (4)
MJ08/0704 16
SNMPv2 System Group (RFC 1907)
DescriptionOIDEntity
sysORUpTime
sysORDescr
sysORID
sysORIndex
sysOREntry
sysORTable
sysORLastChange
System up-time since the object in this row was last instantiated
sysOREntry 5
Textual description of the resource modulesysOREntry 4
ID of the resource modulesysOREntry 3
Row index, also index for the tablesysOREntry 2
An entry in the sysORTablesysORTable 1
Table listing system resources that the agent controls; manager can configure these resources through the agent
system 9
sysUpTime value at time of most recent change in state or value of any instance of sysORID.
system 8
MJ08/0704 17
SNMPv2 SNMP MIBsnmp
(mib-2 11)
snmpInPkts(1)
snmpInBadVersions (3)
snmpInBadCommunityNames (4)
snmpInBadCommunityUses (5)
snmpProxyDrops (32)
snmpSilentDrops (31)
snmpEnableAuthenTraps (30)
snmpInASNParseErrors (6)
1,3,6,30,31,32 snmpGroup4,5 snmpCommunity Group7,23 not used2,8-23, 24-29 snmpObsoleteGroup
SNMP Group Objects
MJ08/0704 18
snmpMIBObjects MIB
authenticationFailure (5)
snmpMIBObjects(snmpMIB 1)
snmpSet(6)
snmpTraps(5)
snmpTrap(4)
snmpTrapOID(1)
snmpTrapEnterprise(3)
coldStart (1)
warmStart (2)
snmpSetSerialNo(1 )
linkUp (4)
linkDown (3)
MJ08/0704 19
SNMPv2 PDU
• Standardized format for all messages• Interpretation of error status and error index fields; in
v1, if error occurs status and index field filled, but varBindList blank
Interpretation Status IndexvarBindList ignored xvarBind of index field ignored x x
PDUType
RequestIDError
StatusErrorIndex
VarBind 1name
VarBind 1value
...VarBind n
nameVarBind n
value
MJ08/0704 20
Field Type ValuePDU 0 Get-Request-PDU
1 GetNextRequest-PDU2 Response-PDU3 Set-Request- PDU4 obsolete5 GetBulkRequest-- PDU6 InformRequest- PDU7 SNMPv2 - Trap- PDU14 commitFailed15 undoFailed16 authorizationError17 notWritable18 inconsistentName
SNMPv2 Error Status
MJ08/0704 21
SNMPv2 PDU
Field Type ValuePDU 0 Get-Request-PDU
1 GetNextRequest-PDU2 Response-PDU3 Set-Request- PDU4 obsolete5 GetBulkRequest-- PDU6 InformRequest- PDU7 SNMPv2 - Trap- PDU
MJ08/0704 22
SNMPv2 GetBulkRequest PDU
• Error status field replaced by Non-repeaters• Error index field replaced by Max repetitions• No one-to-one relationship between request and response
PDU
TypeRequestID
Non-
Repeaters
Max
Repetitions
VarBind 1
name
VarBind 1
value...
VarBind n
name
VarBind n
value
MJ08/0704 23
SNMPv1 SNMP MIBsnmp
(mib-2 11)
snmpInPkts(1)
snmpOutPkts (2)
snmpInBadVersions (3)
snmpInCommunityNames (4)
snmpInBadCommunityUses (5)
snmpInASNParseErrors (6)
-- not used (7)
snmpInTooBigs (8)
snmpInNoSuchNames (9)
snmpInBadValues (10)
snmpInReadOnlys (11)
snmpEnableAuthenTraps (30)
snmpOutTraps (29)
snmpOutGetResponses (28)
snmpOutSetRequests (27)
snmpOutGetNexts (26)
snmpOutGetRequests (25)
snmpOutGenErrs (24)
-- not used (23)
snmpOutBadValues (22)
snmpOutNoSuchNames (21)
snmpOutTooBigs (20)
snmpInGenErrs (12)
snmpInTotalReqVars (13)
snmpInTotalSetVars (14)
snmpInGetRequests (15)
snmpInTraps (19)snmpInGetResponses
(18)snmpInSetRequests (17)
snmpInGetNexts (16)
MJ08/0704 24
SNMPv2 Trap
• Addition of NOTIFICATION-TYPE macro• OBJECTS clause, if present, defines order of variable
bindings• Positions 1 and 2 in VarBindList are sysUpTime and
snmpTrapOID
PDUType
RequestIDError
StatusErrorIndex
VarBind 1sysUpTime
VarBind 1value
...
VarBind 2snmpTrapOID
VarBind 2value
MJ08/0704 25
Inform-Request
• Inform-Request behaves as trap in that the message goes from one manager to another unsolicited
• The receiving manager sends response to the sending manager
PDUType
RequestIDError
StatusErrorIndex
VarBind 1sysUpTime
VarBind 1value
...
VarBind 2snmpTrapOID
VarBind 2value
MJ08/0704 26
Bilingual Manager
SNMPv1Agents
Bilingual Manager
SNMPv1Interpreter
SNMPv2Interpreter
AgentProfile
SNMPv2Agents
MJ08/0704 27
Bilingual Manager
• Compatibility with SNMPv1• Bilingual Manager• Proxy Server
• Bilingual Manager expensive in resource and operation
MJ08/0704 29
SNMP Proxy Server
Pass-Through
Pass-Through
SNMPv2 Manager SNMPv1 Agent
GetNextRequest
GetRequest
Pass-ThroughSetRequest
Set: 1. non-repeaters = 0
2. max-repetitions = 0GetBulkRequest
Pass-Through
Exception: For 'tooBig' error, contents of variable-bindings
field removed.Response
Prepend VarBind: 1. sysUpTime.0
2. snmpTrapOID.0SNMPv2-Trap
GetRequest
GetResponse
GetNextRequest
SetRequest
GetNextRequest
Trap
SNMP v2-v1 Proxy Server