snmpv1 network management spring 2014 bahador bakhshi ce & it department, amirkabir university...

SNMPv1

Network Management

Spring 2014

Bahador Bakhshi

CE & IT Department, Amirkabir University of Technology

This presentation is based on the slides listed in references.

Outline

Introduction

SNMP Organization model

SNMP Information model

SNMP Communication model

SNMP Administration model & Security

Conclusion

2

Outline

Introduction





Conclusion

3

Simple Network Management Protocol (SNMP)

SNMP is one of the most widely used network management protocols In fact SNMP is a management standard not only a protocol When we say SNMP management, we are really referring to

Internet management standard SNMP communication protocol is a part of the standard

SNMP Goals Ubiquity

From PCs to Carrier networks From small to large network elements

Inclusion of management functions should be inexpensive Small code Limited functionality

Management extensions should be possible New MIBs

4

SNMP Versions

SNMPv1 The initial version Performance & Security limitations

SNMPv2 Initially intended to resolve SNMPv1 issues, but Performance improvement More standard management information (MIB-II)

SNMPv3 Major focus on security

5

Four Key Parts

Structure of Management Information (SMI): Data definition language for MIB objects

Management Information Base (MIB): View of agent, set of MOs, some standard MIBs

SNMP communication protocol Manager Agent: object info, commands, …

Security and administration capabilities Major addition in SNMPv3

6

SMI: Data Definition Language

We want to ensure that the syntax and semantics of management data are well-defined and unambiguous

SMI is the language in which that information is specified It does not define what specific data is required for a

particular managed network entity

To do this, SMI allows us to use base data types Higher level constructs, including sequences, objects

and modules.

7

Management Information Base (MIB)

The MIB can be thought of as a virtual information store, holding managed objects whose values collectively reflect the current state of the network

Managed objects are specified and gathered into MIB modules using SMI

There are now over ~150 standardized MIB modules and many, many more vendor-specific (private) MIB modules

8

SNMP Communication Protocol Two ways to convey MIB information and commands

Manager initiated A managing entity initiates a request to management agent The agent receives the request, performs some action, and

sends a reply to the request Typically this is used to query or modify MIB object values

within the managed device

Agent initiated A management agent sends an unsolicited message, known

as a trap message, to the managing entity Usually used to notify a managing entity of an exceptional

situation that has resulted in changes to MIB object values

9

SNMP Management Models

Organization Model Relationship between network element, agent, and

manager Hierarchical architecture

Information Model Uses ASN.1 syntax SMI (Structure of Management Information MIB (Management Information Base)

Communication Model Communication services addressed by messages

Security Model Security framework community-based model

10

Outline

Introduction





Conclusion

11

Organization Model

Describes components of a network management system, focuses on Infrastructure

Manager & Agent & Proxies & RMON Two & Three Tier Architecture

Functions SNMP Operations

Manager initiated: Request Response

Agent initiated: Trap

12

Two-Tier Organization Model

Basic SNMP organization model is two-tier Single & multiple managers are allowed There is not any predefined manager for agents

Any manager can manage any agent Security: Community (password) is needed

13

Network Element

SNMPAgent

SNMP Manager

Network Element

Network Agent

SNMP Manager

SNMP Manager

Single Manager Model Multiple Managers Model

Three-Tier Organization Model: RMON

Managed object comprises network element and management agent

RMON (Remote Monitoring) acts as an agent and a manager

RMON gathers data from MO, analyses the data, and stores the data

Communicates the statistics to the manager

14

ManagedObjects

SNMP Manager

RMONProbe

Three-Tier Organization Model: Proxy

Proxy server converts non-SNMP data from non-SNMP objects to SNMP compatible objects and messages

15

Manager process

SNMP

UDP

IP

Network-dependentprotocols




Mapping function

Agent process

SNMP

UDP

IP

Protocolarchitecture usedby proxied device

Management process

Protocolarchitecture usedby proxied device

Management station

Proxy agent

Proxied device

SNMP Operations

Operations supported in SNMP are the inspection and modification of variables & notification

Four Services Get, Set, GetNext, Trap

Five SNMP Messages GetRequest, SetRequest, GetNextRequest, GetResponse, Trap

16

Manager Agent(s)

Get, Set, GetNext Request

Get Response

Trap

SNMP Operations

17

Get Request

Get ResponseManager Agent

GetNext Request


Set Request


TrapManager Agent

Get

GetNext

Set

Trap

System Architecture

18

SNMP ManagerApplication

Get

-Res

pons

e

Get

-Req

uest

Get

Nex

t-R

eque

st

Set

-Req

uest

Tra

p

SNMP Manager

SNMP

UDP

IP

DLC

PHY

SNMP AgentApplication

Get

-Res

pons

e

Tra

p

SNMP Agent

SNMP

UDP

IP

DLC

PHY

Physical Medium

Manage-mentData

Get

-Req

uest

Get

Nex

t-R

eque

st

Set

-Req

uest

Outline

Introduction


SNMP Information model ASN.1 review SMI & MIB MIB development



19

Presentation Problem in NM

Networks are heterogeneous systems How data are represented?

E.g. Integer in little-endian or big-endian ordering? We need standard ways of communicating the same

information to/from all devices

ASN.1 from the ISO also provides this kind of translation in a more generic form ASN.1 is very general & complex

SMI also provides this kind of translation for SNMP network management Subset of ASN.1 which is customized for network mgmt

20

Abstract & Transfer Syntaxes

21

Transfer

Syntax

Encoding Rules

Encoding Rules (BER)

Local

MappingLocal

Storage

Data Transfer

Component

Data Transfer

Component

Application Component

Application Component

LocalStorage

Local

Mapping

User PresentationMapping

User User

Abstract

SyntaxASN.1

The user of data transfer comp. e.g., SNMP, FTP, TELNET for TCP/IP

Mechanisms for transferof data between end systems (e.g., TCP or UDP)

Binary representation of data

User is concerned with semantics of data

Concerned with syntax of data

ASN.1 vs. BER Example

22

BER EncodingBirthday Length Contents30 ?? VisibleString Length Contents 1A 04 "Jane" DayOfYear Length Contents 51 02 00 81

Birthday ::= SEQUENCE {name VisibleString,day DayOfYear

}

Type Definition using ASN.1

myBirthday Birthday ::= {name "Jane",day 129

}

Value Assignment

0A

ASN.1: Backus-Nauer Form (BNF) Definition: <name> ::= <definition>

<entity> denotes “entity” and the symbol “::=“ represents “defined as”

Primitive definitions: <digit> ::= 0|1|2|3|4|5|6|7|8|9 <op> ::= +|-|x|/

An entity number can be constructed from primitives: <number> ::= <digit> | <digit> <number>

Example: 1 is primitive 1 21 is construct of 2 and 1 321 is construct of 3 and 21

23

ASN.1: Modules

Group of assignments: Modules Start with capital letters Usually modules are built from primitive (atomic)

data types (e.g., INTEGER, REAL, etc..) May use ASN.1 constructs (e.g., SET,

SEQUENCE, etc.)

24

ASN.1: Modules

25

A module PersonnelRecord

(a set of data types)

Three construction mechanisms (develop structured data types):

Alternatives: CHOICE

List: SET and SEQUENCE

Repetition: SET OF and SEQUENCE OF

PersonnelRecord ::= SET { name GraphicString, title GraphicString, division CHOICE { marketing SEQUENCE {

sector Integer, country Integer

}, RD SEQUENCE { area Integer, section Integer, }

} }

Primitives data types

Constructs: “list makers”

Construct: alternatives

Outline

Introduction





26

MIT: Management Information Tree SNMP MIB has a hierarchal structure

It is called Management Information Tree (MIT) To group related information

e.g., all information about NIC is grouped as a sub-tree of node corresponding to the NIC

There are two (in fact three including traps) types of node Leaf node management parameter & value

Some leaf nodes define traps Middle node to group other nodes

Each node has a unique ID in the tree (known as OID): 1) By concatenation the name of (grand) parent nodes & this node 2) By concatenation of the child # of (grand) parent nodes & this node

28

29

MIB

Module

· A leaf node in MIT· A scalar value is associated it· E.g., port status, # of sent

packets, # received packets

ManagementObject

· A parent node in MIT· No value is associated it· E.g., a port, a routing algorithm

ManagementObject

· Used for notification

ManagementObject

Defined using SMI

MIB Structure

Object identification?

How to construct the MIT Parent & Child relations

30

MIB

Module



ManagementObject


ManagementObject


ManagementObject

Object Name & MIT Structure

Each object is uniquely identified through hierarchical naming in MIT

SMI uses two mechanisms altogether A descriptive name

Example: sysName, uptime, ospfVersion, … Location of the object in MIT

Each object has a unique parent node Each node has a unique childe # in the children of its

parent Example: ospfVersion is the first version of ospf

31

MIB Structure: Parent Nodes

Does not contain any data No data type is needed Used only for grouping related

objects

Only to construct the MIT Name Location in MIT

32

MIB

Module



ManagementObject


ManagementObject


ManagementObject

SMI Type for Parent Nodes

OBJECT IDENTIFIER Is a primitive type

Commonly used syntax

internet OBJECT IDENTIFIER ::= { dod 1 }

Alternative syntax internet OBJECT IDENTIFIER

STATUS Current

Description "The Internet Sub-node"

::= { dod 1 }

33

Descriptive name

MIT Location

MIB Structure: Leaf Nodes

Leaf nodes contain data

Data can be Simple scalar Complex structure

The type of the data must be specified In addition to

Name MIT Location

35

MIB

Module



ManagementObject


ManagementObject


ManagementObject

Object Data Type

Although SMI is based on ASN.1, it has its own types, examples: INTEGER, Integer32, Unsigned32, OCTET STRING, OBJECT IDENTIFIER, IPaddress, Counter32, Counter64, SEQUENCE, …

Subtype: INTEGER (0..255), OCTET STRING (SIZE 0..255)

Enumeration error-status INTEGER { noError(0) tooBig(1)}

36

SMI Structured Types

SEQUENCE, SEQUENCE OF: SET, SET OF, CHOICE of ASN.1 are not

included in SNMP-based management Usually used to construct tables or two-

dimensional arrays of other types of data An individual row is a SEQUENCE, defining the

different types making up the various columns A collection of rows forming the table is made

using a SEQUENCE OF construct It must be a sequence of the same type

Example: TCP connection table

38

SMI Type for Leaf Nodes

OBJECT-TYPE: Used to specify managed objects Includes the data type, status, and semantics

The OBJECT-TYPE construct has four parts: SYNTAX: The basic data type associated with the object

(Only one data type per object in SMI!) MAX-ACCESS: Whether the object can be read, written,

created, or used in a notification STATUS: Whether the object definition is current, obsolete

(for historical purposes), or deprecated DESCRIPTION: A human-readable definition of the object,

giving all necessary semantic information

39

SMI: OBJECT-TYPE Example

ipInDelivers OBJECT-TYPE

SYNTAX Counter32

MAX-ACCESS read-only

STATUS current

DESCRIPTION

"The total number of input datagrams

successfully delivered to IP user-

protocols (including ICMP)"

::= { ip 9}

40

MIB Structure: Notifications

Notifications are sent by agent to inform manager

Usually contains some objects to be send by the notification In addition to

Name MIT Location

41

MIB

Module



ManagementObject


ManagementObject


ManagementObject

SMI Types for Notifications

NOTIFICATION-TYPE macro is used to define traps Trap name, OID, Objects, and descriptions

TemperatureAlarm NOTIFICATION-TYPEOBJECTS {lowThreshold, highThreshold, currentTemperature} STATUS current DESCRIPTION "This alarm indicates that system temperature violates configured thresholds"::= { environmentTraps 4}

42

MIB Structure: Modules

Modules are high-level optional abstraction layer to group related management objects

Provide some information about the objects

Usually, each HW/SW component is treated as a module, e.g., Protocols: IP, TCP, UDP, … Line Card Modem …

43

MIB

Module



ManagementObject


ManagementObject


ManagementObject

SMI Type for Modules

MODULE-IDENTITY Allows related objects to be grouped together

within a MIB module It specifies the location of module in the MIT More over, the MODULE-IDENTITY construct

contains clauses that document the module This includes the author of the module, the data

of the last update, a revision history, and a textual description of the module.

44

SMI: MODULE-IDENTITY Example

ipMIB MODULE-IDENTITY

LAST-UPDATED “941101000Z”

ORGANZATION “IETF SNMPv2 Working Group”

CONTACT-INFO “Keith McCloghrie ……”

DESCRIPTION

“The MIB module for managing IP and

ICMP implementations, but excluding

their management of IP routes.”

REVISION “019331000Z”

………

::= {mib-2 48}

45

MIB Structure: MIB

Coarse grain grouping of objects

Related modules are grouped in a MIB, e.g., Cisco has it own MIB file(s)

containing the modules of Cisco routers

Standard MIBs (e.g., RFC1213) are defined in separated MIB files

46

MIB

Module



ManagementObject


ManagementObject


ManagementObject

SMI Type for MIB Definition

<mib name> DEFINITIONS ::= BEGIN<imports><definitions>

END

Import is similar to #include in C IMPORTS MODULE-IDENTITY, OBJECT-TYPE

FROM SNMPv2-SMI

Definitions include OBJECT-TYPE, OBJECT IDENTIFIER, MODULE-IDENTITY

47

MIB ExampleSIP-MIB DEFINITIONS ::= BEGIN

IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Counter32, Integer32, IpAddress FROM SNMPv2-SMI;

sipMIB MODULE-IDENTITY LAST-UPDATED "9403311818Z" ORGANIZATION "IETF Interfaces Working Group" CONTACT-INFO " ... " DESCRIPTION "The MIB module to describe SMDS interfaces" ::= { mib-2 36 }

sipMIBObjects OBJECT IDENTIFIER ::= { sipMIB 1 }

48

MIB ExamplesipL3Table OBJECT-TYPE SYNTAX SEQUENCE OF SipL3Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains SIP L3 parameters and state variables, one entry per SIPL3 interface." ::= { sip 1 }

sipL3Entry OBJECT-TYPE SYNTAX SipL3Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This list contains SIP L3 parameters and state variables." INDEX { sipL3Index } ::= { sipL3Table 1 }END

49

SMI for Organization of a MIBMIB

Module



ManagementObject


ManagementObject


ManagementObject

Defined by MODULE-IDENTITY

Defined by OBJECT-TYPE

Defined by OBJECT IDENTIFIER

Defined by NOTIFICATION-TYPE

Note: These are currently in used SNMPv1 & SNMPv2 macros (SNMPv2 replaced some SNMPv1 macros)

Defined by DEFINITION

Managed Object: Single Instance

Object type and data type are synonymous

Object identifier is data type, not instance

51

Object

Object Instance

Object Type

Encoding:BER

Syntax:ASN.1

Name:OBJECT

IDENTIFIER

Defined By SMI

Managed Object: Multiple Instances

52

Object

Object Instance 3

Object Type

Encoding:BER

Syntax:ASN.1

Name:OBJECT

IDENTIFIER

Object Instance 2

Object Instance 1

Object Types

Two main object types According to where multiple instances of objects are

Simple objects Value is a scalar (Integer, String, …) Single instance in each node

Examples: System name, Upitme, …

Aggregate objects also called tabular objects A group of objects Can be represented by a table with

Columns of objects, Rows of instances

53

Aggregate Object Example

IP address table

Consists of objects: IP address Subnet mask Interface Broadcast address MTU

Multiple instances of these objects associated (per interface) with the node

54

Aggregate Object Type as Table

The objects TABLE T and ENTRY E are objects that are logical objects. They define the grouping and are not accessible

Columnar objects are objects that represent the attributes and hence are accessible Each instance of E is a row of columnar objects 1 through 5 Multiple instances of E are represented by multiple rows

55

TABLET

ENTRYE

COLUMNAROBJECT 1

COLUMNAROBJECT 5

COLUMNAROBJECT 2

COLUMNAROBJECT 3

COLUMNAROBJECT 4

Aggregate Object Instances as Table

56

T

T.E

T.E.1.1 T.E.5.1T.E.2.1 T.E.3.1 T.E.4.1

T.E.1.2 T.E.5.2T.E.2.2 T.E.3.2 T.E.4.2

T.E.1.3 T.E.5.3T.E.2.3 T.E.3.3 T.E.4.3

T.E.1.4 T.E.5.4T.E.2.4 T.E.3.4 T.E.4.4

Row 3: the third instance ofthe object

Not accessibleObject ID

{Table, Entry, Object, Index }

The row # in this example

Table Indexing Index can be anything

Usually a column is used as index not row #

57

The index of table

Aggregate Object Example: IP Table

Aggregate M.O. : Table Object

58

ipAddrTable OBJECT-TYPE SYNTAX SEQUENCE OF IpAddrEntry ACCESS not-accessible STATUS current DESCRIPTION "The table of addressing information relevant to this entity's IP addresses." ::= {ip 20}


Aggregate M.O. : Entry Object

59

IpAddrEntry ::= SEQUENCE { ipAdEntAddr IpAddress, ipAdEntIfIndex INTEGER, ipAdEntNetMask IpAddress, ipAdEntBcastAddr INTEGER, ipAdEntReasmMaxSize INTEGER (0..65535) } ipAddrEntry OBJECT-TYPE SYNTAX IpAddrEntry ACCESS not-accessible STATUS current DESCRIPTION "The addressing information for one of this entity's IP addresses." INDEX { ipAdEntAddr } ::= { ipAddrTable 1 }

Aggregate Object Example: IP Table Aggregate M.O. : Columnar Objects

ipAdEntAddr OBJECT-TYPE...

::= { ipAddrEntry 1 }

ipAdEntIfIndex OBJECT-TYPE...


ipAdEntNetMask OBJECT-TYPE...


ipAdEntBcastAddr OBJECT-TYPE ... ::= { ipAddrEntry 4 }

ipAdEntReasmMaxSize OBJECT-TYPE ... ::= { ipAddrEntry 5 }

60

Aggregate Object Example: IP Table ipAddrTable {1.3.6.1.2.1.4.20}

ipAddrEntry (1)ipAdEntAddr (1)ipAdEntIfIndex (2)ipAdEntNetMask (3)ipAdEntBcastAddr (4)ipAdEntReasmMaxSize (5)

Columnar object ID of ipAdEntBcastAddr is (1.3.6.1.2.1.4.20.1.4)

iso org dod internet mgmt mib ip ipAddrTable ipAddrEntry ipAdEntBcastAddr 1 3 6 1 2 1 4 20 1 4


63

Row ipAdEntAddr ipAdEntIfIndex IpAdEntNetMask IpAdEntBcastAddr IpAdEntReasmMaxSize

1 123.45.2.1 1 255.255.255.0 0 12000

2 123.45.3.4 3 255.255.0.0 1 12000

3 165.8.9.25 2 255.255.255.0 0 10000

4 9.96.8.138 4 255.255.255.0 0 15000

Object instances of ipAddrTable (1.3.6.1.2.1.4.20)

Columnar Object Row # Object Identifier

ipAdEntAddr1.3.6.1.2.1.4.20.1.1

2 {1.3.6.1.2.1.4.20.1.1.123.45.3.4}

ipAdEntIfIndex1.3.6.1.2.1.4.20.1.2

3 {1.3.6.1.2.1.4.20.1.2.165.8.9.25}

ipAdEntBcastAddr1.3.6.1.2.1.4.20.1.4

1 {1.3.6.1.2.1.4.20.1.4.123.45.2.1}

IpAdEntReasmMaxSize1.3.6.1.2.1.4.20.1.5

4 {1.3.6.1.2.1.4.20.1.5.9.96.8.138}

Object Id for specific instances

Index of the object instance

Object ID for ipAddrEntry

Node 1 under ipAddrEntry

Standard MIB

Information model of SNMP standard SMI

Which is discussed MIB

A set of standard MIBs

The standard MIBs define The overall structure of MIB

The location of future development is specified The required management objects must be

implemented

64

Standard MIBs

65

mgmt(2)

directory(1)

experimental(3)

private(4)

Internet{1 3 6 1}

Reserved for future use

Used for objects defined in IAB-approved documents

To identify objects used in Internet experiments

Used heavily by commercial vendors

Standard MIBs

66

mgmt(2)

directory(1)

experimental(3)

private(4)

Internet{1 3 6 1}

mib-2(1)

system (1)

interfaces (2)

at (3)

ip (4)

icmp (5)

snmp (11)

transmission (10)

cmot (9)

egp (8)

udp (7)

tcp (6)

Standard MIBs

67

mgmt(2)

directory(1)

experimental(3)

private(4)

Internet{1 3 6 1}

enterprises(1)

hp(11)

cisco(9)

3Com(43)

Cabletron(52)

Interface Group

68

ifTable(2)

ifNumber(1)

interfaces(mib-2 2)

ifEntry(1)

ifIndex (1)

ifDescr (2) ifType (3)

ifMtu (4) ifSpeed (5)

ifPhysAddress (6) ifAdminstatus (7)

ifOperStatus (8) ifLastChange (9)

ifInOctets (10) ifInUcastPkts (11)

ifSpecific (22)

ifOutQLen (21) ifOutErrors (20)

ifOutDiscards (19) ifOutNUcastPkts (18)

ifOutUcastPkts (17) ifOutOctets (16)

ifUnknownProtos (15) ifInErrors (14)

ifInDiscards (13) ifInNUcastPkts (12)

IP Group

69

ipRoutingDiscards (23)

ip(mib-2 4)

ipForwarding (1)

ipDefaultTTL (2)

ipInReceives (3)

ipInHdrErrors (4)

ipInAddrErrors (5)

ipForwDatagrams (6)

ipInUnknownProtos (7)

ipInDiscards (8)

ipInDelivers (9)

ipOutRequests(10)

ipNetToMediaTable (22)

ipRouteTable (21)

ipAddrTable (20)

ipFragCreates (19)

ipFragFails (18)

ipFragOKs (17)

ipReasmFails (16)

ipReasmOKs (15)

ipReasmReqds (14)

ipOutDiscards (11) ipReasmTimeout (13)

ipOutNoRoutes (12)

IP Routing Table

70

ipRouteEntryipRouteTable (1)

ipRouteDest (1)

ipRouteIfIndex (2)

ipRouteMetric1 (3)

ipRouteMetric2 (4)

ipRouteMetric3 (5)

ipRouteInfo (13)ipRouteMetric5

(12)ipRouteMask 11)

ipRouteAge (10)

ipRouteProto (9)

ipRouteMetric4 (6) ipRouteType (8)

ipRouteNextHop (7)

ipRouteTable (ip 21)

SNMP Information Model Characteristics

Not possible to change the structure of a MIB In SNMPv2 it is possible to change tables

No explicit action is supported Action through side-effect of setting a value

Access is provided only to leaf objects in the MIB tree Not possible to access an entire table or a row of a table with a

single atomic action

SNMP MIBs are NOT object-oriented Inheritance is not supported

These simplify the implementation of SNMP but limit the capability of the NMS

71

Outline

Introduction





72

SNMP MIB Modeling

MIB is essential for developing and operating management systems

Analysis of MIB objects is required before writing MIB definitions

Using the designed model, MIB definitions can be easily generated Similar to software engineering -- must design a system

before any implementation!

73

Step 1: MIB Design Components

Collections of logical & physical component that are being managed

Attributes Fairly static properties of a modeled object

Statistics Useful information about what a system has been doing

State The current condition of a system

Setting Value of system parameters

Actions Control a system

Traps Notifications

74

Components

Components Physical containment

E.g., a list of interface cards Logical containments

E.g., software components

Start from the top level and work down until reasonable size is reached

Cardinality How many of an item are present in a system?

75

Modeling Example - Router

Containments

Hardware CPU RAM Line Card

NIC

Software Routing

OSPF Management

SNMP

76

Attributes

The fairly static properties Typically read-only

Examples NIC serial number # Of CPU Amount of RAM Manufacture data of router backplane OSPF version …

77

Statistics

Show a picture of the past (history) A record of the interesting events which

occurred since a specific point in time Read-only

Examples # of sent packets # of dropped packets # of CPU overutilization # of OSPF restarts …

78

State

Show the current condition of the resource Read-only

Stages of operation, examples Enabled/Disabled state of NIC Used/Unused MD5 in OSPF …

Resource usage level, examples Current routers temperature Current link bandwidth Current CPU usage …

79

Setting

The configurable parameters of system System behavior depends on them Read-Write

Examples IP address OSPF area CPU over utilized threshold IPsec parameter settings …

80

Actions

SNMP does not support explicit action operation

Represented in terms of implicit actions which do their work through side effects This is achieved by setting some value of a MIB object

Typically write-only

Examples Restart BGP Ping a remote router Shut down a NIC …

81

Trap

To notify the manager about the events No Read, No Write

Examples Over temperature trap CPU over utilized trap BGP route changes (route flapping) Link over utilization …

82

Step 2: Translate Model into MIB Each component is modeled as a module: MODULE-IDENTITY

General guide lines Sub-components with a cardinality > 1 should be part of a table Attributes of an object can be

Octet String - human readable descriptions or binary data Integer - measurable quantities

Statistics representing increasing values are Counter type Stats representing high or low water marks are Integer type System setting can be any type depends on the setting

Integer for threshold, String for Hostname, IP-Address for address, … Actions are encoded as Enumerate types

ON (1), OFF (0), START(2), STOP (3), … Traps also include additional data to be send

States, Setting, and Statistics

83

Step 3: Using the MIB

MIB files are complied in both manager & agent software

84

Step 3: Using the MIB (cont’d)

Compiling MIB in NMS Usually, is simply parsing and/or

processing

Examples Simple MIB Browser parses the MIB

and display its tree structure More powerful NMS applications map

OIDs to high-level management parameters, e.g., OSPF version

Cisco 1.2.3.4.5.6.7.8 Juniper 1.2.6.1.1.1.1.

85

Step 3: Using the MIB (cont’d)

Compiling MIB in Agent Is developing an executable code from MIB

Based on an existing agent framework

Example Net-SNMP agent

Implements SNMP protocol (we don’t need to develop it) Provides an API to develop plug-in (module)

A MIB to read OSPF version is implemented as a module It uses the Net-SNMP API to connect the agent core It uses the vendor specific API to access the version of

the OSPF

86

Outline

Introduction





Conclusion

87

Communication Model

Architecture Management messages

SNMP protocol Packet formats & operation

SNMP protocol MIB SNMP protocol’s management parameters

88

Communication Model: Architecture

Communicate management information between network manager and managed elements

Operation: 5 messages From manager to agent

get-request, get-next request, set-request From agent to manager

get-response, trap

SNMP messages are exchanged using UDP (connection less) transport protocol Port 161: Agent listens for messages from manager Port 162: Manager listen for trap messages from agents

89

SNMP Protocol Message Types

90

GetRequestGetNextRequest

Mgr-to-agent: “get me data”(instance or next in list)

Message type Function

SetRequest Mgr-to-agent: set MIB value

GetResponse Agent-to-mgr: value, response to Request

Trap Agent-to-mgr: inform managerof exceptional event

Communication Model: SNMP Protocol

Message & PDU structure

91

NAME 1 VALUE 1 NAME 2 VALUE 2 ••• ••• NAME n VALUE n

PDU TYPE* ERROR

VARIABLE BINDINGSSTATUSREQUEST

IDERRORINDEX

VERSION COMMUNITY SNMP PDU

variable bindings:

SNMP PDU:

SNMP message:

SNMPv1 Protocol: Message Formats

92

Variable bindingstimestamp

specifictrap

generictrap

agentaddr

enter-prise

PDU type

Variable bindingserrorindex

errorstatus

requestid

PDU type

Variable bindings00requestid

PDU type

SNMP PDUVersion Community

(a) SNMP message

(b) GetRequest PDU, GetNextRequest PDU, and SetRequest PDU

(c) GetResponse PDU

(d) Trap PDU

GetRequest & GetRespone PDU Is issued by an SNMP manager to retrieve information

Includes PDU type, request-id & variablebindings GetResponse PDU containing the same request-id is used for the

reply

Operation is atomic (all values are returned or none is valid) If error-status = noError All variable bindings are valid If error-status ≠ noError

error-index = index of a variable binding that cause error None of variable binding is valid

Possible error-status: noSuchName: object instance cannot be found tooBig: the size of resulting values exceed a limitation genErr: Generic error

93

SetRequest & GetResponse PDU Is issued by an SNMP manager to modify information

GetResponse PDU containing the same request-id is used for the reply if the operation succeeds, a GetResponse PDU is returned with the

same variablebindings as in the original SetRequest PDU

The operation is atomic If any one of the values can’t be set, then the whole operation fails

Manager should re-set the values However, transaction is not supported

Possible error-status: noSuchName, tooBig, genErr badValue: PDU contains at least one pair of variable name and value

that is inconsistent

94

Trap PDU Is issued by an SNMP agent to notify NMS of some significant

event

Trap PDU does not require a response and is not acknowledged can get lost

Generic Trap types: coldStart (0): unexpected restart due to a crash or major fault warmStart (1): routine restart linkDown (2): a communication link is inoperational linkUp (3): the link is back in operation authenticationFailure (4): received authentication-failed egpNeighborLoss (5): EGP neighbor is down enterpriseSpecific (6): some enterprise-specific event occurred

95

GetRequest Issues

Assume browsing the following MIB

96

GetRequest (A)

GetResponse ( A )

GetRequest (B)

GetResponse ( B )

GetRequest ( T.E.1.1 )

GetResponse ( T.E.1.1 )







GetRequest ( T.E.3.1)




GetRequest ( Z )

Response ( Z )

ManagerProcess

AgentProcess

T ZA B

1.1

E

2.1 3.1

1.2 2.2 3.2

GetRequest Issues (cont’d)

Hidden assumption in the previous example We know all the elements in MIB including the

number of columns and rows in the table

In practice, tables are dynamic We may don’t know the number or row

If we have MIB, we only know column #

In some situations, we may have not all information about MIB We just know an object identifier

97

Solution for GetRequest Issues

SNMP support two object access modes:

1) Random access: Using the OID

2) Serial access: Using Lexicographical order Lexicographical ordering is also referred to as:

preorder traversal (root, left, right) of a tree depth-first search

Useful for examining MIBs whose structure is not known to NMS It is known as “MIB walk”

98

Lexicographical Ordering

Example of lexicographic order of MIB

100

3 91 2

18

1

5

2

6

2 10

9

214

11.11.1.51.1.181.21.2.622.22.102.10.933.43.219

Lexicographical order of OIDs MIB

GetNextRequest Example

101

ManagerProcess

AgentProcess

T ZA B

1.1

E

2.1 3.1

1.2 2.2 3.2

GetRequest ( A )

GetResponse ( A )

GetNextRequest ( A )

GetResponse ( B )

GetNextRequest ( B )


GetNextRequest (T.E.1.1 )











GetResponse ( Z )

GetNextRequest ( Z )

GetResponse ( noSuchName )

GetNextRequest & GetResponse PDU Is issued by an SNMP manager to retrieve information

The PDU is the same as GetRequest PDU except: In the GetRequest PDU, each variable in the variablebindings

list refers to an object instance whose value is to be returned In the GetNextRequest PDU, for each variable in the

variablebindings, the value of the object instance that is next in lexicographic order is returned

Similar to GetRequest, operation is atomic

Allows NMS to discover the structure of a MIB view dynamically

Provides an efficient mechanism for searching a table whose entries are unknown

102

Communication Model: SNMP MIB

103

snmp(mib-2 11)

snmpInPkts(1)

snmpOutPkts (2) snmpInBadVersions (3)

snmpInCommunityNames (4) snmpInBadCommunityUses (5)

snmpInASNParseErrors (6) -- not used (7)

snmpInTooBigs (8) snmpInNoSuchNames (9)

snmpInBadValues (10) snmpInReadOnlys (11)

snmpEnableAuthenTraps (30)

snmpOutTraps (29) snmpOutGetResponses (28)

snmpOutSetRequests (27) snmpOutGetNexts (26)

snmpOutGetRequests (25) snmpOutGenErrs (24)

-- not used (23) snmpOutBadValues (22)

snmpOutNoSuchNames (21) snmpOutTooBigs (20)

snmpInGenErrs (12) snmpInTotalReqVars (13)

snmpInTotalSetVars (14) snmpInGetRequests (15)

snmpInTraps (19) snmpInGetResponses

(18) snmpInSetRequests (17)

snmpInGetNexts (16)

Outline

Introduction





Conclusion

104

SNMP Security ConceptsAuthentication service

Agent may wish to limit access to the MIB to authorized managers

Access policy Agent may wish to give different access privileges

to different managers

105

SNMP Community

The first version of SNMP had only a simple security functionality, through communities A pair of manager and agent

Each community Has a unique name

Also called its community string A subset of MIB objects available to the community

Also called a MIB view An access mode (read only or read-write) is

defined for each community

106

SNMP Community (cont’d)

A managing entity could be part of an agent’s community only by knowing the community name The name was in effect also the password! The community name is always sent in the clear

(unencrypted) so anyone can sniff it!

Each SNMP agent can define multiple communities Multiple manager can manage the agent

Different views & access

107

SNMP Community (cont’d)

SNMP MIB View A subset of objects within a MIB Different MIB views may be defined for each community

The objects in a view need not belong to a single sub-tree

SNMP Access Mode An access mode {READ-ONLY, READ-WRITE} is defined

for each community The access mode is applied uniformly to all objects in the

MIB view

SNMP Community Profile A combination of a MIB view and an access mode

108

Community Profile

Operations on an object determined by community profile and the access mode of the object

109

SNMP Agent

Object 2

read-only

READ-ONLY

READ-WRITE

SNMP Access Mode

SNMP MIB View

MIB Access

Object 3

write-only

Object 1

not-accessible

Object 4

read-write

MIB ACCESS Category vs. SNMP Access Mode

110

MIB ACCESSCategory

SNMP Access Mode

READ-ONLY READ-WRITE

read-only Available for get operation

read-write Available for get operation Available for get and set operations

write-only Implementation-specificAvailable for set, implementation-specific for get

not accessible Unavailable

SNMPv1 Security: Drawbacks If there is not any attacker!!!, community is a sufficient, but!

No encryption (everything is transferred in plain) The community string can be sniffed

Attacker will be manager! Transferred data can be sniffed no confidentiality

No integrity check Data modification invalid management parameters

Not per-user password, community string a shared secret! If a member of community reveal the string whole community is

compromised

No message stream protection Replay attack

111

SNMPv1 Security (cont’d) In the end, it was better than nothing at the time, and could

be used reasonably Block SNMP at firewalls to prevent access by all external intruders Change community strings from default values (usually “public” for

read-only and “private” for read-write) Only allow SNMP requests from certain internal addresses (though

addresses could be spoofed) Use a dedicated line to a device for SNMP access

But, because of security concerns, early SNMP was primarily used only for monitoring SetRequest was rarely used or supported No community with read-write access!

112

Outline

Introduction





Conclusion

113

Summary

SNMP (Internet Management system) SMI (subset of ASN.1): Data type language MIB: The virtual database of management objects SNMP protocol: transmit messages

SNMP can be viewed as four models Organization model: Manager, Agent, Proxy, … Information model: SMI & MIB Communication model: get/set/response/ trap Security model: community profile

114

References Reading Assignment: Chapters 4 & 5 of “Mani Subramanian, ‘Network

Management: Principles and Practice’, Pearson Education, 2012”

www.simpleweb.org

R. Dssouli, “Advanced Network Management,” Concordia Institute for Information Systems Engineering, http://users.encs.concordia.ca/~dssouli/INSE 7120.html

Nhut Nguyen, “Telecommunications Network Management,” University of Texas at Dallas, www.utdallas.edu/~nhutnn/cs6368/

J. Won-Ki Hong, “Network Management System,” PosTech University, dpnm.postech.ac.kr/cs607/

116

http://www.simpleweb.org/

http://users.encs.concordia.ca/~dssouli/INSE%207120.html

http://www.utdallas.edu/~nhutnn/cs6368/

http://www.dpnm.postech.ac.kr/cs607/

snmpv1 network management spring 2014 bahador bakhshi ce & it department, amirkabir university...

Documents