SNMPSNMPSimple Network Management Simple Network Management

ProtocolProtocol

SNMPSNMPSimple Network Management Simple Network Management

ProtocolProtocol

Team: MatrixTeam: Matrix

CMPE-208 CMPE-208

Fall 2006Fall 2006

What is Network What is Network Management?Management?Maintenance and administration of networks at the top levelMaintenance and administration of networks at the top level

• Configuration ManagementConfiguration Management– Keeping track of network device settingsKeeping track of network device settings

• Fault ManagementFault Management– Detect, isolate and correct problems in the network Detect, isolate and correct problems in the network

(alerts)(alerts)

• Performance ManagementPerformance Management– Provide data for statistic and network performanceProvide data for statistic and network performance

• Security ManagementSecurity Management- protect network against unauthorized access- protect network against unauthorized access

• Bandwidth ManagementBandwidth Management--measuring and controlling communications on a network measuring and controlling communications on a network

What is SNMP?What is SNMP?What is SNMP?What is SNMP?

• SNMP (Simple Network Management SNMP (Simple Network Management protocol): A protocol that enables a protocol): A protocol that enables a management station to configure, monitor, management station to configure, monitor, and receive trap (alarm) messages from and receive trap (alarm) messages from network devicesnetwork devices

SNMP & Network Management SNMP & Network Management HistoryHistorySNMP & Network Management SNMP & Network Management HistoryHistory

• 19831983 - TCP/IP replaces ARPANET at U.S. DoD, effective birth - TCP/IP replaces ARPANET at U.S. DoD, effective birth of Internetof Internet

• 19871987 - - CMIPCMIP - Common Management Information Protocol - Common Management Information Protocol CMOTCMOT - CMIP over TCP - CMIP over TCP

SGMPSGMP - Simple Gateway Monitoring protocol ( - Simple Gateway Monitoring protocol (RFC RFC 10281028))

• 19891989 - - SNMPSNMP working group formed working group formed

• 19901990 – – SNMPSNMP promoted to a promoted to a recommended statusrecommended status ( (RFC RFC 11571157))

• 19911991 – – SNMPv1SNMPv1 defined with format of MIBs and traps defined with format of MIBs and traps ((RFCs 1212, 1215RFCs 1212, 1215))

SNMP CharacteristicsSNMP Characteristics• Widespread adoptionWidespread adoption

-de facto standard for inter-network management.-de facto standard for inter-network management.

• SimpleSimple -requires little code to implement-requires little code to implement -vendors can easily build SNMP agents to their products-vendors can easily build SNMP agents to their products

• ExtensibleExtensible-easy for vendors to add network management functions to -easy for vendors to add network management functions to products.products.

• Clean architectureClean architecture -separates management architecture from hardware devices’ -separates management architecture from hardware devices’

architecturearchitecture -broadens the base of multi-vendor support-broadens the base of multi-vendor support

Comprised of mainly Comprised of mainly agentsagents and and managersmanagers

Major Components of Major Components of SNMPSNMPMajor Components of Major Components of SNMPSNMP

•Agent - process (software) running on each managed device collecting information about the device it is running on.

•Manager - process (software) running on a management workstation that requests information about devices on the network.

SNMP Architectural SNMP Architectural ModelModel

SNMP Architectural SNMP Architectural ModelModel

SNMP network managed devices are dictated SNMP network managed devices are dictated by:by:

SNMP: Inside the SNMP: Inside the AgentsAgentsSNMP: Inside the SNMP: Inside the AgentsAgents

• Structure of Management Information (SMI)• Structure of Management Information (SMI)•Rules specifying the format used to define objects managed on the network that the SNMP protocol accesses

• Management Information Base (MIB)• Management Information Base (MIB)•A map of the hierarchical order of all managed objects •Leaves represent individual data items

• Abstract Syntax Notation One (ASN.1)• Abstract Syntax Notation One (ASN.1)

•Dictates how MIB variables must be defined and referenced

MIBs and Object MIBs and Object IdentifiersIdentifiersMIBs and Object MIBs and Object IdentifiersIdentifiers

Let’s have a detailed look at MIBs ...Let’s have a detailed look at MIBs ...

•MIBS•MIBS

•Object Identifiers (Ids)•Object Identifiers (Ids)•Uniquely identify or named the MIB objects

•Like telephone number--they are organized hierarchically with specific digits assigned by different organizations

•Uniquely identify or named the MIB objects

•Like telephone number--they are organized hierarchically with specific digits assigned by different organizations

•An abstract tree with an unnamed root, individual data items make up the leaves of the tree

•Tree is extensible by virtue of experimental and private branches (Vendors can define their own private branches to include instances of their own products)

MIBMIB Sample Sample

TreeTree

MIBMIB Sample Sample

TreeTree

BEA Object IDBEA Object ID

=1.3.6.1.4.1.140=1.3.6.1.4.1.140

Four Basic CommandsFour Basic CommandsFour Basic CommandsFour Basic Commands

•Get

•GetNext

•Set

•Trap

Retrieves the value of a MIB variable stored on the agent machine

Retrieves the next value of the next lexical MIB variable

Changes the value of a MIB variable

An Event/Alarm notification sent by an agent to a management application

• SNMP OperationsSNMP Operations

agent data

Managed device

managingentity

response

agent data

Managed device

managingentity

traprequest

Request/Response Mode Trap Mode

SNMP Transport SNMP Transport MessagesMessagesSNMP Transport SNMP Transport MessagesMessages

•SNMP uses User Datagram Protocol (UDP) as the transport mechanism for SNMP messages

•UDP Port 161 - SNMP Messages

•UDP Port 162 - SNMP Trap Messages

•Like FTP, SNMP uses two well-known ports to operate:

Ethernet Frame IP

PacketUDP

Datagram

SNMP Message CRC

SNMP Basic Message SNMP Basic Message FormatFormat

SNMP Basic Message SNMP Basic Message FormatFormat

Message Length

Message Version

Community String

PDU Header

PDU Body

Message Preamble

SNMP Protocol Data Unit

• Community names are used to define where an SNMP message is destined for.

Message Length

Message Version

Community String

PDU Type

PDU Length

Request IDError Status

Error Index

Length of Variable Bindings

Length of First Binding

Additional Variable Bindings

OID of First BindingType of First Binding

Value of First Binding

Length of Second Binding

OID of Second BindingType of Second Binding

Value of Second Binding

Message Length

Message Version

Community String

PDU Type

PDU Length

Enterprises MIB OIDAgent IP Address

Standard Trap Type

Length of Variable Bindings

Length of First Binding

Additional Variable Bindings

OID of First BindingType of First Binding

Value of First Binding

Length of Second Binding

OID of Second BindingType of Second Binding

Value of Second Binding

Specific Trap TypeTime Stamp

PDU Body

SNMP Message Preamble

PDU Header

SNMP Message FormatsSNMP Message Formats

NAME 1 VALUE 1 NAME 2 VALUE 2 ••• ••• NAME n VALUE n

PDU TYPE* ERROR

VARIABLE BINDINGSSTATUSREQUEST

IDERRORINDEX

VERSION COMMUNITY SNMP PDU

variable bindings:

SNMP PDU:

SNMP message:SNMP MESSAGE

SNMP PDU

VARIABLE BINDINGS

SNMP VersionsSNMP VersionsSNMP VersionsSNMP Versions

• SNMP v1:RFC 1155 and RFC 1157.

• SNMP v2c: RFC 1901, RFC 1905, and RFC 1906

• SNMP v3: RFC 1905, RFC 1906, RFC 2571, RFC 2572, RFC 2574, and RFC 2575.

SNMP v1SNMP v1SNMP v1SNMP v1

• Most widely used of all versions

• Support GET GETNEXT SET TRAP

• Security based on Read-only and Read-Write community strings

• Defined in RFC 1157

SNMP v2cSNMP v2cSNMP v2cSNMP v2c

• Same PDU structure for Trap and Get/Set request

• Updated protocol operations: Getbulk, Inform

• Updated data types: Counter32, Counter64,…

• Used the same community-based security from v1

• Support Get, Get next, Get bulk, set, trap, inform

• Defined in RFCs 1901, 1905, and 1906

New Commands in New Commands in SNMPv2cSNMPv2c

• Get Bulk RequestGet Bulk Request– Retrieve N objects with simple get-next Retrieve N objects with simple get-next

operationoperation

• InformInform– Enable manager to send some information to Enable manager to send some information to

another mangeranother manger

SNMP v3SNMP v3SNMP v3SNMP v3

• SNMPv2 protocol operations and data types

• Proxy support

• User-based security

• Defined in RFCs 2571, 2572, 2573, 2574, and 2575

SNMP v3 Protocol SNMP v3 Protocol OperationsOperationsSNMP v3 Protocol SNMP v3 Protocol OperationsOperations

•GetBulk

•Report

•InformUsed by a manager to send an alert to another manager

Contain Security information from Agent to Manager for connection establishment.

Same as a v1 notification, except the PDU has the same structure as Get, GetNext, and Set

Retrieves a potentially large amount MIB values without having the manager to send successive GetNext requests

•Get, GetNext, Set

•v2Trap

SNMP v3 User-Based SNMP v3 User-Based SecuritySecuritySNMP v3 User-Based SNMP v3 User-Based SecuritySecurity

User Security Model (USM) is designed to secure against the following principle threats:

• Modification of Information

• Masquerade

• Message Stream Modification

• Disclosure

SNMP v3 User-Based SNMP v3 User-Based SecuritySecuritySNMP v3 User-Based SNMP v3 User-Based SecuritySecurity

USM Message Processing

SNMP v3 User-Based SNMP v3 User-Based SecuritySecuritySNMP v3 User-Based SNMP v3 User-Based SecuritySecurity

USM authentication protocols:

USM encryption:

• HMAC-MD5-96

• HMAC-SHA-96

• Cipher Block Chaining (CBC) mode of the Data Encryption Standard (DES)

SNMPSNMPRFC’sRFC’sSNMPSNMPRFC’sRFC’s

RFC Description Published Current Status1155 SMIv1 May-90 Standard1156 SNMPv1 MIB May-90 Historic1157 SNMPv1 May-90 Standard1212 SNMPv1 MIB definitions Mar-91 Standard1213 SNMPv1 MIB-II Mar-91 Standard1215 SNMPv1 traps Mar-91 Informational1351 Secure SNMP administrative model Jul-92 Proposed Standard1352 Secure SNMP managed objects Jul-92 Proposed Standard1353 Secure SNMP security protocols Jul-92 Proposed Standard1441 Introduction to SNMPv2 Apr-93 Proposed Standard1445 SNMPv2 administrative model Apr-93 Historic1446 SNMPv2 security protocols Apr-93 Historic1447 SNMPv2 party MIB Apr-93 Historic1451 Manger-to-manger MIB Apr-93 Historic1901 Community-Based SNMPv2 Jan-96 Experimental1902 SMIv2 Jan-96 Draft Standard1903 Textual conventions for SNMPv2 Jan-96 Draft Standard1904 Conformance statements for SNMPv2 Jan-96 Draft Standard1905 Protocol operations for SNMPv2 Jan-96 Draft Standard1906 Transport mapping for SNMPv2 Jan-96 Draft Standard1907 SNMPv2 MIB Jan-96 Draft Standard1908 Coexistence of SNMPv1 and SNMPv2 Jan-96 Draft Standard1909 Administrative infrastructure for SNMPv2 Feb-96 Experimental1910 User-based security for SNMPv2 Feb-96 Experimental2270 Introduction to SNMPv3 Apr-99 Informational2271 SNMP Management Frameworks Apr-99 Draft Standard

2272 SNMPv3 Msg Dispatching & Processing Apr-99 Draft Standard

2273 SNMP Applications Apr-99 Draft Standard2274 USM for SNMPv3 Apr-99 Draft Standard2275 VACM for SNMPv3 Apr-99 Draft Standard2576 Coexistance between SNMP v1, v2, & v3 Mar-00 Proposed Standard3411 Manamgement SNMP Protocol Framework Dec-02 Proposed Standard3780 Next Generation Structure of Management May-04 Experimental4181 Guidelines for MIB Documents Sep-05 Informational

SNMP ReferencesSNMP ReferencesSNMP ReferencesSNMP References____________________________________________________________

•WEBSITES:

•“Simple Network Management Protocol (SNMP)”

•http://www.cisco.com/warp/public/535/3.html

•“The Simple Times” Volume 5, Number 1; December, 1997

•http://www.simple-times.org/pub/simple-times/issues/5-1.html#alternative

•“SNMPv3: A Security Enhancement for SNMP”, William Stallings

•http://www.comsoc.org/pubs/surveys/4q98issue/stallings.html

•BOOKS:

•.”Understanding SNMP MIBs”, David Perkins Evan McGinnis

•“SNMP, SNMPv2, and RMON”, William Stallings, 1996, ISBN#0-201-63479-1

•“Internetworking with TCP/IP”, 4th edition, Douglas E. Comer, 2000, ISBN#0-13-018380-6

Thank YouThank YouThank YouThank You

SUGGESTIONS and SUGGESTIONS and QUESTIONSQUESTIONS

SUGGESTIONS and SUGGESTIONS and QUESTIONSQUESTIONS