© 2006, monash university, australia cse4884 network design and management lecturer: dr carlo kopp,...
TRANSCRIPT
CSE4884 Network Design and Management
Lecturer: Dr Carlo Kopp, MIEEE, MAIAA, PEng
Lecture 19-20
Simple Network Management Protocol Family
References and Reading Burke J.R., Network Management; Concepts and
Practice, Pearson/Prentice-Hall, 2004 – Ch.2 onward Wikipedia -
http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol
http://www.cs.tcd.ie/Karl.Quinn/openresources/NDS23Nov04.ppt
Cisco SNMP Command Reference Dcoument -http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/fun_r/cfr_1g11.pdf ; also http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/snmp.htm
Request for Comments: 1441; Introduction to version 2 of the Internet-standard Network Management Framework - http://tools.ietf.org/html/rfc1441
Situational Awareness A critical problem for any network manager is
maintaining situational awareness about the state of the network.
The manager must know at all times what devices are in what state and how this impacts overall network performance and function.
With situational awareness the network manager is ‘flying blind’ and thus is not aware of malfunctions or performance problems as they arise.
Network management software tools can provide situational awareness by automating monitoring of networks.
SNMP is the most widely used management tool in IP networks.
Network Management Protocols - Background Mid to early 1980s – proprietary network management
software, usually designed to be mutually incompatible. 1987 – Simple Gateway Monitoring Protocol (SGMP)
defined in RFC 1028 ; SGMP designed to monitor interface type, status, route type and route protocol in use; implemented to run over UDP.
Common Management Information Protocol (CMIP) defined in ITU X.700 and RFC 1095 as a replacement to SGMP, based on the OSI protocol suite rather than IP; developed in competition with SNMP; more complex than SNMP; not as widely used as SNMP; CMIP over TCP (CMOT) abandoned in 1989.
1990 – SNMPv1 recommended standard for IP networks.
1993 – SNMPv2 introduced; 1999-2002 – SNMPv3.
Network Management (Cisco)
SNMP Protocol
SNMP was devised to manage network devices. SNMP is literally a simple protocol, which provides a
limited command set. SNMP runs a Master Agent server program or ‘daemon’
as a background process on a network device, or as a foreground task on a simpler network device.
The SNMP Master Agent server responds to commands issued by an SNMP client program on a management system.
SNMP defines a Management Information Base (MIB) for devices. A MIB is a heirarchical database of objects each of which describes the state of a device.
SNMP Design Aims – IETF RFC 1157 “(1) The development cost for management agent
software necessary to support the protocol is accordingly reduced.
(2) The degree of management function that is remotely supported is accordingly increased, thereby admitting fullest use of internet resources in the management task.
(3) The degree of management function that is remotely supported is accordingly increased, thereby imposing the fewest possible restrictions on the form and sophistication of management tools.
(4) Simplified sets of management functions are easily understood and used by developers of network management tools.”
Must be extensible, and device independent.
SNMP Model (Cisco)
SNMP Functions – IETF RFC 1157 “The strategy implicit in the SNMP is that the monitoring
of network state at any significant level of detail is accomplished primarily by polling for appropriate information on the part of the monitoring center(s).”
“A limited number of unsolicited messages (traps) guide the timing and focus of the polling.”
“Limiting the number of unsolicited messages is consistent with the goal of simplicity and minimizing the amount of traffic generated by the network management function. “
In plain language, SNMP aims to minimise complexity by using a very simple model for accessing devices, but retains the capability to generate asynchronous traps when important conditions arise.
Limitations of Polling Technique
Polling involves a client station periodically interrogating the status of individual devices to collect information.
The large the number of devices to be polled, the greater the interval between visits.
Polling is acceptable for the monitoring of slow changing events; most network management information is slow changing.
The trap mechanism in SNMP is used to handle small numbers of critical events, which cannot wait for the duration of a whole polling cycle.
Four Basic SNMP Operations
The Get command is generated by a client to monitor managed devices. Variables that are maintained by managed devices are read back.
The Set command is generated by a client to control managed devices. The values of variables stored within managed devices are changed.
The Trap command is generated by managed devices; it asynchronously signals events to theclient. When specific events occur, the managed device sends a trap to the client.
Traversal operations are used by clients to establish which variables a managed device can support; also to sequentially gather information in variable tables, such as a routing table.
SNMP MIBs (Cisco)
A Management Information Base (MIB) is a hierarchically organized collection of information.
A MIB comprises managed objects which are identified by object identifiers.
managed object - MIB object - an object – MIB – common industry usage of language.
Managed objects are scalar or tabular. Scalar objects will define a single instance of an object. Tabular objects will define multiple instances of related
objects, grouped in MIB tables. Object identifier / object ID will uniquely identify a
managed object in the MIB hierarchy. The MIB hierarchy is tree structured.
SNMP MIBs (Cisco)
Top-level MIB object IDs belong to different standards organizations.
Lower-level object IDs are allocated by associated organizations.
Vendors can define private branches in the MIB tree, which include managed objects for their own products.
MIBs that have not been standardized are usually positioned in the experimental branch.
MIB Hierarchy (Cisco)
MIB Hierarchy (Cisco)
SNMP vs Security
SNMP has only trivial authentication therefore is vulnerable to unauthorised accesses.
SNMP security risks:
1. Masquerading.
2. Modification by unauthorised users.
3. Sequence and timing modification – replaying messages.
4. Disclosure – unauthorised gathering of data. Often Set operations not implemented at expense of
utility.
SNMP V1 Messaging (Cisco)
Version Number
Community Name
Identifies PDU type
Protocol Data Unit
Associates Response with Request Objects and Values
Get, GetNext, Response, and Set PDU Format
SNMP V1 Messaging (Cisco)
Version Number
Community Name
Type of managed object generating the trap
Protocol Data Unit
Objects and Values
Trap PDU Format
SNMP V2 Messaging (Cisco)
Identifies PDU type
Version Number
Community Name Protocol Data Unit
Associates Response with Request Objects and Values
Get, GetNext, Inform, Response, Set, and Trap PDU Format
SNMP PDU (Message) Classes
SNMPv3 PDU Class
Description SNMPv1 PDUsSNMPv2/SNMPv3
PDUs
Read
Messages that read management information from a managed device using a polling mechanism.
GetRequest-PDU, GetNextRequest-PDU
GetRequest-PDU, GetNextRequest-PDU,GetBulkRequest-PDU
Write
Messages that change management information on a managed device to affect the device's operation.
SetRequest-PDU SetRequest-PDU
ResponseMessages sent in response to a previous request.
GetResponse-PDU Response-PDU
Notification
Messages used by a device to send an interrupt-like notification to an SNMP manager.
Trap-PDUTrapv2-PDU,
InformRequest-PDU
http://www.tcpipguide.com/free/t_SNMPProtocolGeneralOperationCommunicationMethodsan-2.htm
SNMP MIB Model
MIB Objects described in Structure of Management Information Version 2 (SMIv2) format, based on ISO/ITU Abstract Syntax Notation One (ASN.1) syntax.
There are a very large number of MIBs defined for specific network devices and entities.
Example index is at http://www.icir.org/fenner/mibs/mib-index.html or http://www.mibdepot.com/index.shtml
Specific MIB entries might be:
1. ADSL-LINE-EXT-MIB
2. ADSL-LINE-EXT-MIB
3. IPV6-ICMP-MIB
4. DIFFSERV-POLICY-MIB
SNMP MIB Model
MIBs are often specific or peculiar to particular devices and may include proprietary extensions.
An SNMP client must understand the MIBs used by an SNMP agent server.
Managing MIBs is an issue in its own right. For instance the mibDepot website hosts ~7300 SNMP MIBs covering ~1,000,000 MIB object definitions.
Example - MG-SOFT MIB Compiler
Example – NuDesign Visual MIBrowser®
RMON: Remote Monitoring MIBs RMON1 and RMON2 MIBs permit monitoring of network
traffic. Implemented to support management of LAN segments. RMON1 objects - Statistics, History, Alarm, Host,
HostTopN, Matrix, Filters, Packet Capture, Events. RMON2 objects - Protocol Directory, Protocol
Distribution, Address mapping, Network Layer host, Network layer matrix, Application layer host, Application layer matrix, Probe configuration.
RMON1 or 2 agent usually implemented as a daemon or background task embedded in the firmware of a network device.
The SNMP client must access the objects to gather the statistics.
Filters
RMON: Remote Monitoring MIBs
Javvin Technologies, Inc Image
Example - iReasoning MIB browser
Tutorial
Q&A + Discussion