chapter 6 snmp management: snmpv2 network management: principles and practice © mani subramanian...

Chapter 6

SNMP Management:SNMPv2

Network Management: Principles and Practice© Mani Subramanian 2011

Chapter 6 SNMP Management: SNMPv2

1



Objectives

• Community-based security

• SNMPv2 enhancements

• Additional messages

• Formalization of SMI

• Get-bulk request and information-request

• SNMP MIB modifications

• Incompatibility with SNMPv1

• Proxy server

• Bilingual manager

2

SNMPv1 vs. SNMPv2

Notes

• SNMPv2 released in 1996.

• Basic components are the same in SNMPv1 & SNMPv2 (agent and manager).

• Significant differences between SNMPv1 & SNMPv2.

• Not backward compatible with SNMPv1.

• RFC1908 → Coexistence between Version 1,and Version 2 of SNMP.

• RFC 3584 → Coexistence between Version 1,Version 2, and Version 3 of SNMP.

• Security features, originally to be in SNMPv2, but moved to SNMPv3• SNMPv2, like SNMPv1, is community-based administrative framework → SNMPv2C [RFC 1901]

(01/1996)• Framework details:

→ RFC 2578-2580 [STD 58] (04/1999) and RFC 3416-3418 [STD 62] (12/2002) → Obsoletes RFC 1902-1907



3

Major Changes

• Bulk data transfer: [RFC 3416/STD 62]• Speeds up get-next-request process (e.g., retrieve data from tables).

• Manager-to-manager message: [RFC 3416/STD 62]• Interoperability of NMSs.

• Enhancements to SMI: SMIv2 [RFC 2578/STD 58]• Module definitions: MODULE-IDENTITY macro• Object definitions: OBJECT-TYPE macro• Trap definitions: NOTIFICATION-TYPE macro• SMI (SNMPv1) → STD 16 [RFC 1155, RFC 1212,

and RFC 1215]

• Textual conventions: [RFC 2579/STD 58]• Help define new data types.• Make semantics consistent and clear.

• Conformance statements: [RFC 2580/STD 58]• Check compatibility with an SNMP version.• Compliance defines minimum set of capabilities.• Vendors can offer additional capabilities as options.



4

Major Changes (Cont.)

• Row creation and deletion in tables: [RFC 2579/STD 58]• RowStatus columnar object added.• Conceptual rows can be added or deleted to/froma table.

• Table Expansion: [RFC 2578/STD 58]• Tables can be expanded→ adding columnar objects to existing tables.

• MIB enhancements: [RFC 3418/STD 62]• Two new subgroups added to the Internet node:security & snmpV2.• Significant changes to the System group and tothe SNMP group of version 1.

• System group → under mib-2 node.• SNMP(v2) group → some from SNMP group +

others from groups under snmpV2 node.

• Transport mappings: [RFC 3417/STD 62]• Communication model changes.• Other transport protocols can be used withSNMPv2 (besides UDP).



5

SNMPv2 Internet Group

Notes

SNMPv2

mgmt(2)

directory(1)

experimental(3)

private(4)

internet{1 3 6 1}

security(5)

snmpv2(6)

Figure 6.1 SNMPv2 Internet Group

•Additional SNMPv2 group added

• Security group is a placeholder (not used)



6

SNMPv2 MIB - Internet Group -

mgmt(2

directory(1)

experimental(3)

private(4)

Internet{1 3 6 1}

security(5)

snmpv2(6)

snmpdomains(1)

snmpProxys(2)

snmpModules(3)


snmpMIB(1)

mib-2(1)

system(1)

snmp(11)

snmpMIBConformance(2)

snmpMIBObjects(1)

Notes

• Objects added to System group• Extensive modification of the SNMP group• Entities under the new SNMPv2 group added



7

SNMPv2 RFCs

RFC 1901: Introduction to Community-based SNMPv2 RFC 2578: Structure of Management Information

Version 2 (SMIv2)

RFC 2579: Textual Conventions for SMIv2

RFC 2580: Conformance Statements for SMIv2

RFC 3416: Version 2 of the Protocol Operations for the SimpleNetwork Management Protocol (SNMP)

RFC 3417: Transport Mappings for the Simple NetworkManagement Protocol (SNMP)

RFC 3418: Management Information Base (MIB) for the SimpleNetwork Management Protocol (SNMP)

RFC 1908: Coexistence between Version 1 and Version 2of SNMP

RFC 1909: An Administrative Infrastructure for SNMPv2



8

http://www.ietf.org/rfc/rfc1901.txt









SNMPv2 NM Architecture

SNMP ManagerApplication

resp

onse

get-b

ulk-

requ

est

get-n

ext-r

eque

st

set-r

eque

st

snm

pV2-

trap

SNMP Manager

SNMP

UDP

IP

DLC

PHY

Physical Medium

SNMP PDU

Figure 6.2 SNMPv2 Network Management Architecture

get-r

eque

st

info

rm-r

eque

st

SNMP AgentApplication

resp

onse

get-b

ulk-

requ

est

get-n

ext-r

eque

st

set-r

eque

st

snm

pV2-

trap

SNMP Agent

SNMP

UDP

IP

DLC

PHY

get-r

eque

st

SNMP ManagerApplication

resp

onse

get-b

ulk-

requ

est

get-n

ext-r

eque

st

set-r

eque

st

snm

pV2-

trap

SNMP Manager

SNMP

UDP

IP

DLC

PHY

get-r

eque

st

info

rm-r

eque

st

SNMP PDU

ApplicationPDU

Physical Medium

ApplicationPDU


Notes


9

• Eight messages (Seven + one Report message).•Two managers can communicate with each other at peer level.•Report message, defined but not specified (left to implementers). It is not currently used.

SNMPv2 New Messages

Notes

• inform-request• manager-to-manager message

• get-bulk-request• transfer of large data

• report• not used



10

RFC 3416/STD 62

PDUs ::= CHOICE { get-request GetRequest-PDU, get-next-request GetNextRequest-PDU, get-bulk-request GetBulkRequest-PDU, response Response-PDU, set-request SetRequest-PDU, inform-request InformRequest-PDU, snmpV2-trap SNMPv2-Trap-PDU, report Report-PDU }

-- PDUs

GetRequest-PDU ::= [0] IMPLICIT PDU

GetNextRequest-PDU ::= [1] IMPLICIT PDU

Response-PDU ::= [2] IMPLICIT PDU

SetRequest-PDU ::= [3] IMPLICIT PDU

-- [4] is obsolete

GetBulkRequest-PDU ::= [5] IMPLICIT BulkPDU

InformRequest-PDU ::= [6] IMPLICIT PDU

SNMPv2-Trap-PDU ::= [7] IMPLICIT PDU

-- Usage and precise semantics of Report-PDU are not defined -- in this document. Any SNMP administrative framework making -- use of this PDU must define its usage and semantics.

Report-PDU ::= [8] IMPLICIT PDU

SMIv2 - Enhancements to SMI[RFC 2578/STD 58]

• Divided into 3 parts:

• Module definitions:• Semantics of an information module• Uses MODULE-IDENTITY macro

• Object definitions:• Describe managed objects (syntax & semantics)• Uses OBJECT-TYPE macro

• Notification definitions:•Describe unsolicited transmissions of trap information (syntax & semantics)• Uses NOTIFICATION-TYPE macro

• Module is a group of related assignments

Notes



11

SMIv2 – Information Modules[RFC 2578/STD 58]

• Three kinds of information modules:

• MIB Modules:• Contain definitions of inter-related managed objects• Make use of OBJECT-TYPE and NOTIFICATION-TYPE macros• RFC 2579/STD 58 formalizes the textual conventions used to describe MIB modules

• TEXTUAL-CONVENTION macro• snmpModules object identifier

• Compliance statements for MIB Modules:• Make use of MODULE-COMPLIANCE and OBJECT-GROUP macros • RFC 2580/STD 58• snmpMIBConformance object identifier

• Capability statements for agent implementations:• Make use of AGENT-CAPABILITIES macro• RFC 2580/STD 58

• SMIv1 macros must not be used in SMIv2 information modules.



12

MODULE-IDENTITY Macro[RFC 2578/STD 58]

• MODULE-IDENTITY used to concisely convey the semantics of an information module.

• Provides administrative information such as contact and revision history for each information module.

• Must appear exactly once in every information module.

• Example: [RFC3418/STD62]

SNMPv2-MIB DEFINITIONS ::= BEGIN … … …

snmpMIB MODULE-IDENTITY ::= { snmpModules 1 }… … …

END

• The expansion of the MODULE-IDENTITY macro is something which conceptually happens during implementation and not during run-time.

Notes



13

Module Identity Macro

Notes

MODULE-IDENTITY MACRO ::= BEGIN TYPE NOTATION ::= "LAST-UPDATED" value (Update UTCTime) "ORGANIZATION" Text "CONTACT-INFO" Text "DESCRIPTION" Text RevisionPart VALUE NOTATION ::= value (VALUE OBJECT IDENTIFIER) RevisionPart ::= Revisions | empty Revisions ::= Revision | Revisions Revision Revision ::= "REVISION" value (UTCTime) "DESCRIPTION" Text -- uses the NVT ASCII character set Text ::= """" string """" END

Figure 6.7 MODULE-IDENTITY Macro

isiMIBModule MODULE-IDENTITY LAST-UPDATED "9802101100Z" ORGANIZATION "InfoTech Services Inc." CONTACT-INFO "Mani Subramanian Tele: 770-111-1111 Fax: 770-111-2222 email: [email protected]" DESCRIPTION " Version 1.1 of the InfoTech Services MIB module" Revision "9709021500Z" DESCRIPTION "Revision 1.0 on September 2, 1997 was a draft version"

Figure 6.8 Example of MODULE-IDENTITY Macro

• Module is a group of related assignments• MODULE-IDENTITY macro defines the module definitions



14

MIB Module(Example from RFC 3418/STD 62)

SNMPv2-MIB DEFINITIONS ::= BEGIN IMPORTS … snmpMIB MODULE-IDENTITY LAST-UPDATED "200210160000Z" ORGANIZATION "IETF SNMPv3 Working Group" CONTACT-INFO "WG-EMail: [email protected] Subscribe: [email protected] …" DESCRIPTION "The MIB module for SNMP entities. Copyright (C) The Internet Society (2002). This version of this MIB module is part of RFC 3418; see the RFC itself for full legal notices." REVISION "200210160000Z" DESCRIPTION "This revision of this MIB module was published as RFC 3418." REVISION "199511090000Z" DESCRIPTION "This revision of this MIB module was published as RFC 1907." REVISION "199304010000Z" DESCRIPTION "The initial revision of this MIB module was published as RFC 1450." ::= { snmpModules 1 } snmpMIBObjects OBJECT IDENTIFIER ::= { snmpMIB 1 } … -- the System group … -- the SNMP group snmp OBJECT IDENTIFIER ::= { mib-2 11 } … -- conformance information snmpMIBConformance OBJECT IDENTIFIER ::= { snmpMIB 2 } snmpMIBCompliances OBJECT IDENTIFIER ::= { snmpMIBConformance 1 } snmpMIBGroups OBJECT IDENTIFIER ::= { snmpMIBConformance 2 } … END



15

OBJECT Definitions[RFC 2578/STD 58]

Notes

• OBJECT IDENTIFIER defines the administrative

identification of a node in the MIB.

• OBJECT-IDENTITY macro• Defines information about an OBJECT IDENTIFIER.• Assigns an object identifier value to the object node

in the MIB.

• OBJECT-TYPE macro:• Defines the type of a managed object (both syntax

and semantics).• Also, describes a new type (not instance) of object.



16

OBJECT-IDENTITY Macro

OBJECT-IDENTITY MACRO ::= BEGIN TYPE NOTATION ::= "STATUS" Status "DESCRIPTION" Text ReferPart VALUE NOTATION ::= value(VALUE OBJECT IDENTIFIER) Status ::= "current" | "deprecated" | "obsolete" ReferPart ::= "REFERENCE" Text | empty -- a character string as defined in section 3.1.1 Text ::= value(IA5String) END

• OBJECT-IDENTITY macro defines informationabout an OBJECT IDENTIFIER assignment.

• Example [RFC 2578/STD 58]:zeroDotZero OBJECT-IDENTITY STATUS current DESCRIPTION "A value used for null identifiers." ::= { 0 0 }



17

OBJECT-TYPE Macro

OBJECT-TYPE MACRO ::= BEGIN TYPE NOTATION ::= "SYNTAX" Syntax UnitsPart "MAX-ACCESS" Access "STATUS" Status "DESCRIPTION" Text ReferPart IndexPart DefValPart VALUE NOTATION ::= value(VALUE ObjectName) Syntax ::= type | "BITS" "{" NamedBits "}" … UnitsPart ::= "UNITS" Text | empty Access ::= "not-accessible" | "accessible-for-notify" | "read-only" | "read-write" | "read-create" Status ::= "current" | "deprecated" | "obsolete" ReferPart ::= "REFERENCE" Text | empty IndexPart ::= "INDEX" "{" IndexTypes "}" | "AUGMENTS" "{" Entry "}" | empty ... Entry ::= value(ObjectName) DefValPart ::= "DEFVAL" "{" Defvalue "}" | empty … END

• OBJECT-TYPE macro defines the type of a managed object.

• STATUS:• mandatory replaced with current• optional is not used• deprecated is added → objects required to be implemented in current version, but may not exist in future versions of SNMP (for backward compatibility)



18

OBJECT-IDENTITY / OBJECT-TYPE

isiRouter OBJECT-IDENTITY STATUS current DESCRIPTION "An 8-slot IP router in the IP router family." REFERENCE "ISI Memorandum No. ISI-R123 dated January. 20, 1997" ::= {private.enterprises.isi 1}

Figure 6.10(a) Example of OBJECT-IDENTITY Macro

routerIsi123 OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "An 8-slot IP router that can

switch up to 100 million packets per second."

::= {isiRouter 1}

Figure 6.10(b) Example of OBJECT-TYPE Macro

• OBJECT-IDENTITY is high level description• OBJECT-TYPE details description needed for implementation



19

Table Expansion[RFC 2578/STD 58]

• Augmentation of a table (augmented table) adds additional

columns to an existing table (base table).• If there is a one-to-one correspondence between the

conceptual rows of this table and an existing table,

then the AUGMENTS clause should be used.

• Sparse dependent table supplements less rows to a base

table.• If there is a sparse relationship between the conceptual

rows of this table and an existing table, then an INDEX

clause should be used which is identical to that in the

existing table.

• Dense dependent table enables addition of more rows to

base table.• If no existing objects have the required syntax and

semantics, then auxiliary objects should be defined

within the conceptual row for the new table, and those

objects should be used within the INDEX clause for the

conceptual row.



20

Augmentation of Tables

T1.E1.C1.1

table1(T1)

table1Entry(E1)

T1.E1.C2.1 T1.E1.C3.1

T1.E1.C1.2 T1.E1.C2.2 T1.E1.C3.2

T1.E1.C1.3 T1.E1.C2.3 T1.E1.C3.3

T1.E1.C1.4 T1.E1.C2.4 T.E1.C3.4

table 2(T2)

table2Entry(E2)

T2.E2.C4.1 T2.E2.C5.1

T2.E2.C4.2 T2.E2.C5.2

T2.E2.C4.3 T2.E2.C5.3

T2.E2.C4.4 T2.E2.C5.4

Figure 6.11 Augmentation of Tables

Index: First columnar object in Table 1

Conceptual rows: 1. T1.E1.C1.1 2. T1.E1.C1.2 3. T1.E1.C1.3 4. T1.E1.C1.4

Table 1 Table 2



21

Augmentation of Tables: ExampleipAddrTable OBJECT-TYPE SYNTAX SEQUENCE OF IpAddrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table …" ::= {ip 20}

ipAddrEntry OBJECT-TYPE SYNTAX IpAddrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The addressing information…” INDEX {ipAdEntAddr} ;;= {ipAddrTable 1}

ipAugAddrTable OBJECT-TYPE SYNTAX SEQUENCE OF IpAugAddrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The augmented table to IP address table defining board and port numbers" ::= {ipAug 1}

ipAugAddrEntry OBJECT-TYPE SYNTAX IpAugAddrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The addressing information …" AUGMENTS {ipAddrEntry} ::= {ipAugAddrTable 1} Figure 6.13 Example of Augmentation of Tables



22

Addition of a Sparse Tableto Base Table

T1.E1.C1.1

table1(T1)

table1Entry(E1)

T1.E1.C2.1 T1.E1.C3.1

T1.E1.C1.2 T1.E1.C2.2 T1.E1.C3.2

T1.E1.C1.3 T1.E1.C2.3 T1.E1.C3.3

T1.E1.C1.4 T1.E1.C2.4 T.E1.C3.4

table 2(T2)

table2Entry(E2)

T2.E2.C4.1 T2.E2.C5.1

T2.E2.C4.2 T2.E2.C5.2

Figure 6.16 Addition of a Sparse Table to Base Table

Index: First columnar object in Table 1

Conceptual rows: 1. T1.E1.C1.1 2. T1.E1.C1.2 3. T1.E1.C1.3 4. T1.E1.C1.4

Table 1 Table 2



23

Augmentation of Tables: Example- Sparse Table -

table1 OBJECT-TYPE SYNTAX SEQUENCE OF table1Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table 1 under T” ::= {table 1}

table1Entry OBJECT-TYPE SYNTAX Table1Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (conceptual row) in Table 1” INDEX {T1.E1.C1} ;;= {table1 1}

table2 OBJECT-TYPE SYNTAX SEQUENCE OF table2Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table 2 under T" ::= {ipAug 1}

table2Entry OBJECT-TYPE SYNTAX Table2Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION " An entry (conceptual row) in Table 2" INDEX { table1Entry } ::= {table2 1} Figure 6.15 ASN.1 Constructs for Appending a Sparse Table



24

Combining Indexing of Tables(Dense Table)

T1.E1.C1.1

table1(T1)

table1Entry(E1)

T1.E1.C2.1 T1.E1.C3.1

T1.E1.C1.2 T1.E1.C2.2 T1.E1.C3.2

table 2(T2)

table2Entry(E2)

T2.E2.C4.1 T2.E2.C5.1

T2.E2.C4.2 T2.E2.C5.2

T2.E2.C4.3 T2.E2.C5.3

T2.E2.C4.4 T2.E2.C5.4

Figure 6.14 Combined Indexing of Tables

Index: First columnar objects in Table 1 and 2

Conceptual rows:

1. T1.E1.C1.1, T2.E2.C4.1 2. T1.E1.C1.1, T2.E2.C4.2 3. T1.E1.C1.1, T2.E2.C4.3 4. T1.E1.C1.1, T2.E2.C4.4

Table 1 Table 2

5. T1.E1.C1.2, T2.E2.C4.1

8. T1.E1.C1.2, T2.E2.C4.4 …………………………



25

Augmentation of Tables: Example- Dense Table-

table1 OBJECT-TYPE SYNTAX SEQUENCE OF table1Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table 1 under T” ::= {table 1}

table1Entry OBJECT-TYPE SYNTAX Table1Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (conceptual row) in Table 1” INDEX {T1.E1.C1} ;;= {table1 1}

table2 OBJECT-TYPE SYNTAX SEQUENCE OF table2Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table 2 under T" ::= {ipAug 1}

table2Entry OBJECT-TYPE SYNTAX Table2Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION " An entry (conceptual row) in Table 2" INDEX {T1.E1.C1, T2.E2.C4} ::= {table2 1} Figure 6.15 ASN.1 Constructs for Appending a Dense Table



26

Textual Convention[RFC 2579/STD 58]

Notes

• Enables defining new data types.• Makes semantics of data types consistent and human readable.• Creates new data types using existing ones and applies restrictions to them.• An important textual convention in SNMPv2, RowStatus creates and deletes rows.

DisplayString ::= OCTET STRING -- This data type is used to model textual information taken from the NVT -- ASCII character set. By convention, objects with this syntax are -- declared as having -- SIZE (0..255)

DisplayString ::= TEXTUAL-CONVENTION DISPLAY-HINT "255a" STATUS current

DESCRIPTION "Represents textual information taken from the NVT ASCII character set, as defined in pages 4, 10-11 of RFC 854. …."

SYNTAX OCTET STRING (SIZE (0..255) )

• SNMPv2 [RFC 2579/STD 58]:

• SNMPv1 [RFC1213/STD17]:



27

TEXTUAL-CONVENTION Macro [RFC 2579/STD 58]

TEXTUAL-CONVENTION MACRO ::=BEGIN

TYPE NOTATION ::=DisplayPart"STATUS" Status"DESCRIPTION" TextReferPart"SYNTAX" SyntaxVALUE NOTATION ::= value(VALUE Syntax)DisplayPart ::= "DISPLAY-HINT" Text | emptyStatus ::= "current" | "deprecated" | "obsolete“ReferPart ::= "REFERENCE" Text | empty………………………..

END

TEXTUAL-CONVENTION Macro

[RFC 2579 - Textual Conventions for SMIv2, April 1999]



28

DISPLAY-HINT Clause [RFC 2579/STD 58]

The DISPLAY-HINT clause may be present if and only if the syntax has an underlying primitive type of INTEGER or OCTET STRING.

- Syntax has an underlying primitive type of INTEGER, the hint consists of two parts. - Part 1: A single character suggesting a display format,

either:

- 'x' for hexadecimal, 'd' for decimal, 'o' for octal, 'b' for binary, 'a' for ASCII.

- Part 2: Can only be present with ‘d’ (optional).

- If present, uses “-” followed by a decimal number, i.e., implied decimal point when rendering the value.

Example:Hundredths ::= TEXTUAL-CONVENTION

DISPLAY-HINT “d-2”

...

SYNTAX INTEGER (0..10000)

-- suggests that a hundredths value of 1234 be rendered as "12.34"



29

Examples from RFC 2579/STD 58

PhysAddress ::= TEXTUAL-CONVENTIONDISPLAY-HINT “1x:”STATUS currentDESCRIPTION “Represents media- or physical-level

addresses.”SYNTAX OCTET STRING

TruthValue ::= TEXTUAL-CONVENTIONSTATUS currentDESCRIPTION “Represents a boolean value.”SYNTAX INTEGER { true(1), false(2) }

DateAndTime ::= TEXTUAL-CONVENTION

DISPLAY-HINT “2d-1d-1d,1d:1d:1d.1d,1a1d:1d”

STATUS current

DESCRIPTION “A date-time specification. …

For example: 1992-5-26,13:30:15.0,-4:0 …”

SYNTAX OCTET STRING (SIZE (8 | 11))

See Table 6.3 for SMIv2 Textual Conventions for Initial Data Types



30

Examples from RFC 2579/STD 58

RowStatus ::= TEXTUAL-CONVENTION

STATUS current

DESCRIPTION “The RowStatus textual convention is used to manage the …”

SYNTAX INTEGER {

-- the following two values are states:

-- these values may be read or written

active(1),

notInService(2),

-- the following value is a state:

-- this value may be read, but not written

notReady(3),

-- the following three values are

-- actions: these values may be written,

-- but are never read

createAndGo(4),

createAndWait(5),

destroy(6) }

See Table 6.3 for SMIv2 Textual Conventions for Initial Data Types



31

Creation/Deletion of Rows: RowStatus[RFC 2579/STD 58]

Notes

Table 6.4 RowStatus Textual Convention

State Enumer-ation

Description

active 1 Row exists and is operationalnotInService 2 Operation on the row is suspendednotReady 3 Row does not have all the columnar objects

neededcreateAndGo 4 This is a one-step process of creation of a

row; immediately goes into active statecreateAndWait 5 Row is under creation and should not be

commissioned into servicedestroy 6 Same as Invalid in EntryStatus. Row should

be deleted

• Two methods:• Create a row and make it active (createAndGo)

→ immediately available• Create a row and make it available at a later time.

(createAndWait)• Status: A new column is added to the conceptual table.• SYNTAX of Status is RowStatus.• Value of RowStatus is Enumerated INTEGER.• Manager uses states 1, 2, 4, 5 & 6 to create/delete rowson the agent.• Agent uses states 1, 2 & 3 to send responses.



32

Row Creation and Deletion

Notes

Row to be created / deleted

entry1

status.1

table1

index.1 data.1

status.2

status.3

index.2

index.3

data.2

data.3

Figure 6.19 Conceptual Table for Creation and Deletion of Row



33

Create-and-Go Row Creation



34

Figure 6.20 Create-and-Go Row Creation

SetRequest(status.3 = 4,index.3 = 3,

data.3 = DefData )

Response(status.3 = 1,index.3 = 3,data.3 = DefData )

ManagerProcess

AgentProcess

ManagedEntity

Create Instance

Instance Created

Create-and-Wait:Row Creation

Figure 6.21 Create-and-Wait Row Creation

SetRequest(status.3 = 5,index.3 = 3 )Response

(status.3 = 3,index.3 = 3 )

ManagerProcess

AgentProcess

SetRequest(data.3 = DefData )

Response(status.3 = 2data.3 = DefData )

SetRequest(status.3 = 1 )

Response(status.3 = 1 )

GetRequest(data.3 )

Response(data.3 = noSuchInstance)



35

Row Deletion

Figure 6.22 Row Deletion

SetRequest(status.3 = 6 )

Response(status.3 = 6 )

ManagerProcess

AgentProcess

ManagedEntity

DeleteInstance

Instance Deleted



36

Conformance: OBJECT-GROUP

NotessystemGroup OBJECT-GROUP

OBJECTS {sysDescr, sysObjectID, sysUpTime, sysContact, sysName, sysLocation, sysServices, sysORLastChange, sysORID, sysORUptime, sysORDesc} STATUS current DESCRIPTION "The system group defines objects which are common to all managed systems." ::= {snmpMIBGroups 6}

Figure 6.25 Example of OBJECT-GROUP Macro

• Conformance defined by• OBJECT-GROUP macro• NOTIFICATION-GROUP macro

• OBJECT-GROUP• Compiled during implementation, not at run time• OBJECTS clause names each object• Every object belongs to an OBJECT- GROUP• Access defined by MAX-ACCESS, the maximum access privilege for the object



37

Conformance: NOTIFICATION-GROUP

Notes

• NOTIFICATION-GROUP• Contains trap entities defined in SMIv1• NOTIFICATIONS clause identifies the notifications in the group• NOTIFICATIONS-GROUP macro compiled during implementation, not at run time

snmpBasicNotificationsGroup NOTIFICATION-GROUP NOTIFICATIONS {coldStart, authenticationFailure} STATUS current

DESCRIPTION "The two notifications which an SNMP-2 entity is required to implement." ::= {snmpMIBGroups 7}

Figure 6.27 Example of NOTIFICATION-GROUP Macro



38

Compliance

Notes

• Compliance has two classes of groups• MANDATORY-GROUPS ... Required• GROUP …Optional

-- compliance statements

snmpBasicCompliance MODULE-COMPLIANCESTATUS currentDESCRIPTION

"The compliance statement for SNMPv2 entities whichimplement the SNMPv2 MIB."

MODULE -- this module MANDATORY-GROUPS {snmpGroup, snmpSetGroup, systemGroup, snmpBasicNotificationsGroup}

GROUP snmpCommunityGroupDESCRIPTION

"This group is mandatory for SNMPv2 entities which support community-based authentication." ::= {snmpMIBCompliances 2 }

-- units of conformancesnmpGroup OBJECT-GROUP ::= {snmpMIBGroups 8}snmpCommunityGroup OBJECT-GROUP ::= {snmpMIBGroups 9}snmpObsoleteGroup OBJECT-GROUP ::= {snmpMIBGroups 10}

… … … …



39

Agent Capabilities

Notes

• AGENT-CAPABILITIES macro• SUPPORTS modules and includes groups• VARIATION identifies additional features

routerIsi123 AGENT-CAPABILITIES PRODUCT-RELEASE "InfoTech Router isiRouter123 release 1.0" STATUS current DESCRIPTION "InfoTech High Speed Router" SUPPORTS snmpMIB INCLUDES {systemGroup, snmpGroup, snmpSetGroup, snmpBasicNotificationsGroup } VARIATION coldStart DESCRIPTION "A coldStart trap is generated on all reboots." SUPPORTS IF-MIB INCLUDES {ifGeneralGroup, ifPacketGroup} SUPPORTS IP MIB INCLUDES {ipGroup, icmpGroup} SUPPORTS TCP-MIB INCLUDES {tcpGroup} SUPPORTS UDP-MIB INCLUDES {udpGroup} SUPPORTS EGP-MIB INCLUDES {egpGroup} ::= { isiRouter 1 }

Figure 6.30 Example of AGENT-CAPABILITIES Macro



40

SNMPv2 MIB

mgmt(2

directory(1)

experimental(3)

private(4)

internet{1 3 6 1}

security(5)

snmpv2(6)

snmpDomains(1)

snmpProxys(2)

snmpModules(3)


snmpMIB(1)

mib-2(1)

system(1)

snmp(11)

snmpMIBConformance(2)

snmpMIBObjects(1)

Notes• Security is a placeholder• System group: A table sysORTable added that lists resources that the agent controls; NMS configures NE through the agents.• Most of the objects in the SNMPv1 obsoleted• Object Groups and Notification Groups defined for conformance specifications.



41

SNMPv2 System Group [RFC 3418/STD 62]

Figure 6.32 The SNMPv2 System Group

sysDescr (1)

system(mib-2 1)

sysObjectId (2)

sysUpTime (3)

sysContact (4)

sysORLastChange (8)

sysServices (7)

sysLocation (6)

sysName (5)sysORTable (9)

sysOREntry (1)

sysORIndex (1)

sysORID (2) sysORDescr (3)

sysORUpTime (4)

Entity OID Description

sysORLastChange system 8 sysUpTime value at time of most recent change in state or value of any instance of sysORID.

sysORTable system 9 Table listing system resources that the agent controls; manager can configure these resources through the agent

sysOREntry sysORTable 1 An entry in the sysORTable

sysORIndex sysOREntry 2 Row index, also index for the table

sysORID sysOREntry 3 ID of the resource module

sysORDescr sysOREntry 4 Textual description of the resource module

sysORUpTime sysOREntry 5 System up-time since the object in this row was last instantiated



42

SNMPv2 SNMP MIB

snmp(mib-2 11)

snmpInPkts(1)

snmpInBadVersions (3)

snmpInBadCommunityNames (4)

snmpInBadCommunityUses (5)

snmpProxyDrops (32)

snmpSilentDrops (31)

snmpEnableAuthenTraps (30)

Figure 6.33 SNMPv2 SNMP Group

snmpInASNParseErrors (6)

1,3,6,30,31,32 snmpGroup4,5 snmpCommunity Group7,23 not used2,8-23, 24-29 snmpObsoleteGroup

SNMP Group Objects

Notes


• Compare this to SNMPv1 MIB!


43

snmp(mib-2 11)

snmpInPkts(1)

snmpOutPkts (2)

snmpInBadVersions (3)

snmpInCommunityNames (4)

snmpInBadCommunityUses (5)

snmpInASNParseErrors (6)

-- not used (7)

snmpInTooBigs (8)

snmpInNoSuchNames (9)

snmpInBadValues (10)

snmpInReadOnlys (11)

snmpEnableAuthenTraps (30)

snmpOutTraps (29)

snmpOutGetResponses (28)

snmpOutSetRequests (27)

snmpOutGetNexts (26)

snmpOutGetRequests (25)

snmpOutGenErrs (24)

-- not used (23)

snmpOutBadValues (22)

snmpOutNoSuchNames (21)

snmpOutTooBigs (20)

snmpInGenErrs (12)

snmpInTotalReqVars (13)

snmpInTotalSetVars (14)

snmpInGetRequests (15)

snmpInTraps (19)snmpInGetResponses

(18)snmpInSetRequests (17)

snmpInGetNexts (16)

Figure 5.21 SNMP Group

SNMPv1 SNMP MIB



44

snmpMIBObjects MIB

authenticationFailure (5)

snmpMIBObjects(snmpMIB 1)

snmpSet(6)

snmpTraps(5)

snmpTrap(4)

snmpTrapOID(1)

snmpTrapEnterprise(3)

coldStart (1)

warmStart (2)

snmpSetSerialNo(1 )

linkUp (4)

linkDown (3)

Figure 6.34 MIB Modules under snmpMIBObjects

Notes



45

SNMPv2 Protocol

- SNMPv2 PDU -

Notes

Figure 6.37 SNMPv2 PDU (All but Bulk)

PDUType

RequestIDError

StatusErrorIndex

VarBind 1name

VarBind 1value

...VarBind n

nameVarBind n

value

• Standardized format for all messages

• Interpretation of error status and error index fields:

In SNMPv1, if error occurs → status and index field filled, but varBindList blank

In SNMPv2, (x: means non-zero value)

Interpretation Status IndexvarBindList ignored x 0varBind of index field ignored x x



46

SNMPv2 PDU and Error StatusTable 6.11 Values for Types of PDU and

Error-status Fields in SNMPv2 PDU

Field Type Value PDU 0 Get-Request-PDU 1 GetNextRequest-PDU 2 Response-PDU 3 Set-Request- PDU 4 obsolete 5 GetBulkRequest-- PDU 6 InformRequest- PDU 7 SNMPv2 - Trap- PDU Error Status 0 noError 1 tooBig 2 noSuchName 3 badValue 4 readOnly 5 genErr 6 noAccess 7 wrongType 8 wrongLength 9 wrongEncoding 10 wrongValue 11 noCreation 12 inconsistentValue 13 resourceUnavailable 14 commitFailed 15 undoFailed 16 authorizationError 17 notWritable 18 inconsistentName



47

SNMPv2 GetBulkRequest PDU

Notes

Figure 6.38 SNMPv2 GetBulkRequest PDU

PDUType

RequestIDNon-

RepeatersMax

RepetitionsVarBind 1

nameVarBind 1

value...

VarBind nname

VarBind nvalue

• Error status field replaced by Non-repeaters

• Error index field replaced by Max repetitions

• No one-to-one relationship between requestand response



48

Get-Bulk-Request: Generic MIB

T ZA B

1.1

Figure 6.39 MIB for Operation Sequences in Figures 6.40 and 6.41

E

1.2

1.3

1.4

2.1

2.2

2.3

2.4

3.1

3.2

3.3

3.4



49

Get-Next-Request Operation

Figure 6.40 Get-Next-Request Operation for MIB in Figure 6.39

T.E.1.1 T.E.2.1 T.E.3.1

T.E.1.2 T.E.2.2 T.E.3.2

E

T

Z

A

B

T.E.1.3 T.E.2.3 T.E.3.3

T.E.1.4 T.E.2.4 T.E.3.4

GetRequest ( A,B )

GetNextRequest (T.E.1.T.E.2,T.E.3)

GetResponse (T.E.1.1,T.E.2.1,T.E.3.1)

GetNextRequest (T.E.1.1,T.E.2.1,T.E.3.1)





GetResponse (T.E.2.1,T.E.3.1,Z)

ManagerProcess

AgentProcessGetResponse (A,B)





50

Get-Bulk-Request Operation

T.E.1.1

Figure 6.41 Get-Bulk-Request Operation for MIB in Figure 6.39

T.E.2.1 T.E.3.1

T.E.1.2 T.E.2.2 T.E.3.2

E

T

Z

A

B

GetBulkRequest ( 2,3,A,B,T.E.1, T.E.2, T.E.3 )

Response ( A, B,T.E.1.1, T.E.2.1, T.E.3.1T.E.1.2, T.E.2.2, T.E.3.2

T.E.1.3, T.E.2.3, T.E.3.3 )

GetBulkRequest ( 0,3,T.E.1.3, T.E.2.3, T.E.3.3 )

Response ( T.E.1.4, T.E.2.4, T.E.3.4, Z , " endOfMibView" )

T.E.1.3 T.E.2.3 T.E.3.3

T.E.1.4 T.E.2.4 T.E.3.4

ManagerProcess

AgentProcess



51

Get-Bulk-Request Example

Notes

atIfIndex231316

atPhysAddress0000000C3920B40000000C3920AC0000000C3920AF

atNetAddress192.68.3.1172.46.46.1172.46.49.1

GetBulkRequest ( 1,3,sysUpTime,

atPhysAddress )

Response( (sysUpTime.0 = "315131795"), (atPhysAddress.13.172.46.46.1 = "0000000C3920AC")(atPhysAddress.16.172.46.49.1 = "0000000C3920AF")(atPhysAddress.23.172.17.3.1 = "0000000C3920B4") )

Figure 6.42 Get-Bulk-Request Example

GetBulkRequest ( 1,3,sysUpTime,

atPhysAddress.23.192.168.3.1 )

Response( (sysUpTime.0 = "315131800"),(ipForwarding.0 = "1") )

ManagerProcess

AgentProcess



52

SNMPv2 Trap

Notes

Figure 6.43 SNMPv2 Trap PDU

PDUType

RequestIDError

StatusErrorIndex

VarBind 1sysUpTime

VarBind 1value

...

VarBind 2snmpTrapOID

VarBind 2value

• Addition of NOTIFICATION-TYPE macro

• OBJECTS clause, if present, defines order of variable bindings

• Positions 1 and 2 in VarBindList are sysUpTime and snmpTrapOID



53

Inform-Request

Notes

PDUType

RequestIDError

StatusErrorIndex

VarBind 1sysUpTime

VarBind 1value

...

VarBind 2snmpTrapOID

VarBind 2value

• Inform-Request behaves as trap in that the message goes from one manager to another unsolicited

• The receiving manager sends response to the sending manager



54

Bilingual Manager

Notes

SNMPv1Agents

Bilingual Manager

SNMPv1Interpreter

SNMPv2Interpreter

AgentProfile

SNMPv2Agents

Figure 6.45 SNMP Bilingual Manager

• Compatibility with SNMPv1• Bilingual Manager• Proxy Server

• Bilingual Manager expensive in resource and operation



55

SNMP Proxy Server

SNMPv1Agents

SNMPv2 Manager

ProxyServer

SNMPv2Agents

Figure 6.46 SNMPv2 Proxy Server Configuration

Pass-Through

Pass-Through

SNMPv2 Manager SNMPv1 Agent

GetNextRequest

GetRequest

Pass-ThroughSetRequest

Set: 1. non-repeaters = 0 2. max-repetitions = 0

3. Change PDU tag to GetNextRequest PDUGetBulkRequest

Pass-ThroughException: For 'tooBig' error, contents of variable-bindings field

removed.Response

Prepend VarBind: 1. sysUpTime.0 2. snmpTrapOID.0

SNMPv2-Trap

GetRequest

GetResponse

GetNextRequest

SetRequest

GetNextRequest

Trap

SNMP v2-v1 Proxy Server

Figure 6.47 SNMP v2-v1 Proxy Server



56

chapter 6 snmp management: snmpv2 network management: principles and practice © mani subramanian...

Documents

snmp management

security snmpv2

snmpv2 node

communitybased snmpv2

snmpv2 rfcsrfc

snmpv2notes snmpv2

snmpv3 snmpv2

snmp version