chapter 6 snmp management: snmpv2 network management: principles and practice © mani subramanian...
TRANSCRIPT
Chapter 6
SNMP Management:SNMPv2
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
1
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
Objectives
• Community-based security
• SNMPv2 enhancements
• Additional messages
• Formalization of SMI
• Get-bulk request and information-request
• SNMP MIB modifications
• Incompatibility with SNMPv1
• Proxy server
• Bilingual manager
2
SNMPv1 vs. SNMPv2
Notes
• SNMPv2 released in 1996.
• Basic components are the same in SNMPv1 & SNMPv2 (agent and manager).
• Significant differences between SNMPv1 & SNMPv2.
• Not backward compatible with SNMPv1.
• RFC1908 → Coexistence between Version 1,and Version 2 of SNMP.
• RFC 3584 → Coexistence between Version 1,Version 2, and Version 3 of SNMP.
• Security features, originally to be in SNMPv2, but moved to SNMPv3• SNMPv2, like SNMPv1, is community-based administrative framework → SNMPv2C [RFC 1901]
(01/1996)• Framework details:
→ RFC 2578-2580 [STD 58] (04/1999) and RFC 3416-3418 [STD 62] (12/2002) → Obsoletes RFC 1902-1907
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
3
Major Changes
• Bulk data transfer: [RFC 3416/STD 62]• Speeds up get-next-request process (e.g., retrieve data from tables).
• Manager-to-manager message: [RFC 3416/STD 62]• Interoperability of NMSs.
• Enhancements to SMI: SMIv2 [RFC 2578/STD 58]• Module definitions: MODULE-IDENTITY macro• Object definitions: OBJECT-TYPE macro• Trap definitions: NOTIFICATION-TYPE macro• SMI (SNMPv1) → STD 16 [RFC 1155, RFC 1212,
and RFC 1215]
• Textual conventions: [RFC 2579/STD 58]• Help define new data types.• Make semantics consistent and clear.
• Conformance statements: [RFC 2580/STD 58]• Check compatibility with an SNMP version.• Compliance defines minimum set of capabilities.• Vendors can offer additional capabilities as options.
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
4
Major Changes (Cont.)
• Row creation and deletion in tables: [RFC 2579/STD 58]• RowStatus columnar object added.• Conceptual rows can be added or deleted to/froma table.
• Table Expansion: [RFC 2578/STD 58]• Tables can be expanded→ adding columnar objects to existing tables.
• MIB enhancements: [RFC 3418/STD 62]• Two new subgroups added to the Internet node:security & snmpV2.• Significant changes to the System group and tothe SNMP group of version 1.
• System group → under mib-2 node.• SNMP(v2) group → some from SNMP group +
others from groups under snmpV2 node.
• Transport mappings: [RFC 3417/STD 62]• Communication model changes.• Other transport protocols can be used withSNMPv2 (besides UDP).
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
5
SNMPv2 Internet Group
Notes
SNMPv2
mgmt(2)
directory(1)
experimental(3)
private(4)
internet{1 3 6 1}
security(5)
snmpv2(6)
Figure 6.1 SNMPv2 Internet Group
•Additional SNMPv2 group added
• Security group is a placeholder (not used)
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
6
SNMPv2 MIB - Internet Group -
mgmt(2
directory(1)
experimental(3)
private(4)
Internet{1 3 6 1}
security(5)
snmpv2(6)
snmpdomains(1)
snmpProxys(2)
snmpModules(3)
Figure 6.31 SNMPv2 Internet Group
snmpMIB(1)
mib-2(1)
system(1)
snmp(11)
snmpMIBConformance(2)
snmpMIBObjects(1)
Notes
• Objects added to System group• Extensive modification of the SNMP group• Entities under the new SNMPv2 group added
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
7
SNMPv2 RFCs
RFC 1901: Introduction to Community-based SNMPv2 RFC 2578: Structure of Management Information
Version 2 (SMIv2)
RFC 2579: Textual Conventions for SMIv2
RFC 2580: Conformance Statements for SMIv2
RFC 3416: Version 2 of the Protocol Operations for the SimpleNetwork Management Protocol (SNMP)
RFC 3417: Transport Mappings for the Simple NetworkManagement Protocol (SNMP)
RFC 3418: Management Information Base (MIB) for the SimpleNetwork Management Protocol (SNMP)
RFC 1908: Coexistence between Version 1 and Version 2of SNMP
RFC 1909: An Administrative Infrastructure for SNMPv2
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
8
SNMPv2 NM Architecture
SNMP ManagerApplication
resp
onse
get-b
ulk-
requ
est
get-n
ext-r
eque
st
set-r
eque
st
snm
pV2-
trap
SNMP Manager
SNMP
UDP
IP
DLC
PHY
Physical Medium
SNMP PDU
Figure 6.2 SNMPv2 Network Management Architecture
get-r
eque
st
info
rm-r
eque
st
SNMP AgentApplication
resp
onse
get-b
ulk-
requ
est
get-n
ext-r
eque
st
set-r
eque
st
snm
pV2-
trap
SNMP Agent
SNMP
UDP
IP
DLC
PHY
get-r
eque
st
SNMP ManagerApplication
resp
onse
get-b
ulk-
requ
est
get-n
ext-r
eque
st
set-r
eque
st
snm
pV2-
trap
SNMP Manager
SNMP
UDP
IP
DLC
PHY
get-r
eque
st
info
rm-r
eque
st
SNMP PDU
ApplicationPDU
Physical Medium
ApplicationPDU
Network Management: Principles and Practice© Mani Subramanian 2011
Notes
Chapter 6 SNMP Management: SNMPv2
9
• Eight messages (Seven + one Report message).•Two managers can communicate with each other at peer level.•Report message, defined but not specified (left to implementers). It is not currently used.
SNMPv2 New Messages
Notes
• inform-request• manager-to-manager message
• get-bulk-request• transfer of large data
• report• not used
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
10
RFC 3416/STD 62
PDUs ::= CHOICE { get-request GetRequest-PDU, get-next-request GetNextRequest-PDU, get-bulk-request GetBulkRequest-PDU, response Response-PDU, set-request SetRequest-PDU, inform-request InformRequest-PDU, snmpV2-trap SNMPv2-Trap-PDU, report Report-PDU }
-- PDUs
GetRequest-PDU ::= [0] IMPLICIT PDU
GetNextRequest-PDU ::= [1] IMPLICIT PDU
Response-PDU ::= [2] IMPLICIT PDU
SetRequest-PDU ::= [3] IMPLICIT PDU
-- [4] is obsolete
GetBulkRequest-PDU ::= [5] IMPLICIT BulkPDU
InformRequest-PDU ::= [6] IMPLICIT PDU
SNMPv2-Trap-PDU ::= [7] IMPLICIT PDU
-- Usage and precise semantics of Report-PDU are not defined -- in this document. Any SNMP administrative framework making -- use of this PDU must define its usage and semantics.
Report-PDU ::= [8] IMPLICIT PDU
SMIv2 - Enhancements to SMI[RFC 2578/STD 58]
• Divided into 3 parts:
• Module definitions:• Semantics of an information module• Uses MODULE-IDENTITY macro
• Object definitions:• Describe managed objects (syntax & semantics)• Uses OBJECT-TYPE macro
• Notification definitions:•Describe unsolicited transmissions of trap information (syntax & semantics)• Uses NOTIFICATION-TYPE macro
• Module is a group of related assignments
Notes
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
11
SMIv2 – Information Modules[RFC 2578/STD 58]
• Three kinds of information modules:
• MIB Modules:• Contain definitions of inter-related managed objects• Make use of OBJECT-TYPE and NOTIFICATION-TYPE macros• RFC 2579/STD 58 formalizes the textual conventions used to describe MIB modules
• TEXTUAL-CONVENTION macro• snmpModules object identifier
• Compliance statements for MIB Modules:• Make use of MODULE-COMPLIANCE and OBJECT-GROUP macros • RFC 2580/STD 58• snmpMIBConformance object identifier
• Capability statements for agent implementations:• Make use of AGENT-CAPABILITIES macro• RFC 2580/STD 58
• SMIv1 macros must not be used in SMIv2 information modules.
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
12
MODULE-IDENTITY Macro[RFC 2578/STD 58]
• MODULE-IDENTITY used to concisely convey the semantics of an information module.
• Provides administrative information such as contact and revision history for each information module.
• Must appear exactly once in every information module.
• Example: [RFC3418/STD62]
SNMPv2-MIB DEFINITIONS ::= BEGIN … … …
snmpMIB MODULE-IDENTITY ::= { snmpModules 1 }… … …
END
• The expansion of the MODULE-IDENTITY macro is something which conceptually happens during implementation and not during run-time.
Notes
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
13
Module Identity Macro
Notes
MODULE-IDENTITY MACRO ::= BEGIN TYPE NOTATION ::= "LAST-UPDATED" value (Update UTCTime) "ORGANIZATION" Text "CONTACT-INFO" Text "DESCRIPTION" Text RevisionPart VALUE NOTATION ::= value (VALUE OBJECT IDENTIFIER) RevisionPart ::= Revisions | empty Revisions ::= Revision | Revisions Revision Revision ::= "REVISION" value (UTCTime) "DESCRIPTION" Text -- uses the NVT ASCII character set Text ::= """" string """" END
Figure 6.7 MODULE-IDENTITY Macro
isiMIBModule MODULE-IDENTITY LAST-UPDATED "9802101100Z" ORGANIZATION "InfoTech Services Inc." CONTACT-INFO "Mani Subramanian Tele: 770-111-1111 Fax: 770-111-2222 email: [email protected]" DESCRIPTION " Version 1.1 of the InfoTech Services MIB module" Revision "9709021500Z" DESCRIPTION "Revision 1.0 on September 2, 1997 was a draft version"
Figure 6.8 Example of MODULE-IDENTITY Macro
• Module is a group of related assignments• MODULE-IDENTITY macro defines the module definitions
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
14
MIB Module(Example from RFC 3418/STD 62)
SNMPv2-MIB DEFINITIONS ::= BEGIN IMPORTS … snmpMIB MODULE-IDENTITY LAST-UPDATED "200210160000Z" ORGANIZATION "IETF SNMPv3 Working Group" CONTACT-INFO "WG-EMail: [email protected] Subscribe: [email protected] …" DESCRIPTION "The MIB module for SNMP entities. Copyright (C) The Internet Society (2002). This version of this MIB module is part of RFC 3418; see the RFC itself for full legal notices." REVISION "200210160000Z" DESCRIPTION "This revision of this MIB module was published as RFC 3418." REVISION "199511090000Z" DESCRIPTION "This revision of this MIB module was published as RFC 1907." REVISION "199304010000Z" DESCRIPTION "The initial revision of this MIB module was published as RFC 1450." ::= { snmpModules 1 } snmpMIBObjects OBJECT IDENTIFIER ::= { snmpMIB 1 } … -- the System group … -- the SNMP group snmp OBJECT IDENTIFIER ::= { mib-2 11 } … -- conformance information snmpMIBConformance OBJECT IDENTIFIER ::= { snmpMIB 2 } snmpMIBCompliances OBJECT IDENTIFIER ::= { snmpMIBConformance 1 } snmpMIBGroups OBJECT IDENTIFIER ::= { snmpMIBConformance 2 } … END
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
15
OBJECT Definitions[RFC 2578/STD 58]
Notes
• OBJECT IDENTIFIER defines the administrative
identification of a node in the MIB.
• OBJECT-IDENTITY macro• Defines information about an OBJECT IDENTIFIER.• Assigns an object identifier value to the object node
in the MIB.
• OBJECT-TYPE macro:• Defines the type of a managed object (both syntax
and semantics).• Also, describes a new type (not instance) of object.
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
16
OBJECT-IDENTITY Macro
OBJECT-IDENTITY MACRO ::= BEGIN TYPE NOTATION ::= "STATUS" Status "DESCRIPTION" Text ReferPart VALUE NOTATION ::= value(VALUE OBJECT IDENTIFIER) Status ::= "current" | "deprecated" | "obsolete" ReferPart ::= "REFERENCE" Text | empty -- a character string as defined in section 3.1.1 Text ::= value(IA5String) END
• OBJECT-IDENTITY macro defines informationabout an OBJECT IDENTIFIER assignment.
• Example [RFC 2578/STD 58]:zeroDotZero OBJECT-IDENTITY STATUS current DESCRIPTION "A value used for null identifiers." ::= { 0 0 }
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
17
OBJECT-TYPE Macro
OBJECT-TYPE MACRO ::= BEGIN TYPE NOTATION ::= "SYNTAX" Syntax UnitsPart "MAX-ACCESS" Access "STATUS" Status "DESCRIPTION" Text ReferPart IndexPart DefValPart VALUE NOTATION ::= value(VALUE ObjectName) Syntax ::= type | "BITS" "{" NamedBits "}" … UnitsPart ::= "UNITS" Text | empty Access ::= "not-accessible" | "accessible-for-notify" | "read-only" | "read-write" | "read-create" Status ::= "current" | "deprecated" | "obsolete" ReferPart ::= "REFERENCE" Text | empty IndexPart ::= "INDEX" "{" IndexTypes "}" | "AUGMENTS" "{" Entry "}" | empty ... Entry ::= value(ObjectName) DefValPart ::= "DEFVAL" "{" Defvalue "}" | empty … END
• OBJECT-TYPE macro defines the type of a managed object.
• STATUS:• mandatory replaced with current• optional is not used• deprecated is added → objects required to be implemented in current version, but may not exist in future versions of SNMP (for backward compatibility)
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
18
OBJECT-IDENTITY / OBJECT-TYPE
isiRouter OBJECT-IDENTITY STATUS current DESCRIPTION "An 8-slot IP router in the IP router family." REFERENCE "ISI Memorandum No. ISI-R123 dated January. 20, 1997" ::= {private.enterprises.isi 1}
Figure 6.10(a) Example of OBJECT-IDENTITY Macro
routerIsi123 OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "An 8-slot IP router that can
switch up to 100 million packets per second."
::= {isiRouter 1}
Figure 6.10(b) Example of OBJECT-TYPE Macro
• OBJECT-IDENTITY is high level description• OBJECT-TYPE details description needed for implementation
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
19
Table Expansion[RFC 2578/STD 58]
• Augmentation of a table (augmented table) adds additional
columns to an existing table (base table).• If there is a one-to-one correspondence between the
conceptual rows of this table and an existing table,
then the AUGMENTS clause should be used.
• Sparse dependent table supplements less rows to a base
table.• If there is a sparse relationship between the conceptual
rows of this table and an existing table, then an INDEX
clause should be used which is identical to that in the
existing table.
• Dense dependent table enables addition of more rows to
base table.• If no existing objects have the required syntax and
semantics, then auxiliary objects should be defined
within the conceptual row for the new table, and those
objects should be used within the INDEX clause for the
conceptual row.
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
20
Augmentation of Tables
T1.E1.C1.1
table1(T1)
table1Entry(E1)
T1.E1.C2.1 T1.E1.C3.1
T1.E1.C1.2 T1.E1.C2.2 T1.E1.C3.2
T1.E1.C1.3 T1.E1.C2.3 T1.E1.C3.3
T1.E1.C1.4 T1.E1.C2.4 T.E1.C3.4
table 2(T2)
table2Entry(E2)
T2.E2.C4.1 T2.E2.C5.1
T2.E2.C4.2 T2.E2.C5.2
T2.E2.C4.3 T2.E2.C5.3
T2.E2.C4.4 T2.E2.C5.4
Figure 6.11 Augmentation of Tables
Index: First columnar object in Table 1
Conceptual rows: 1. T1.E1.C1.1 2. T1.E1.C1.2 3. T1.E1.C1.3 4. T1.E1.C1.4
Table 1 Table 2
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
21
Augmentation of Tables: ExampleipAddrTable OBJECT-TYPE SYNTAX SEQUENCE OF IpAddrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table …" ::= {ip 20}
ipAddrEntry OBJECT-TYPE SYNTAX IpAddrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The addressing information…” INDEX {ipAdEntAddr} ;;= {ipAddrTable 1}
ipAugAddrTable OBJECT-TYPE SYNTAX SEQUENCE OF IpAugAddrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The augmented table to IP address table defining board and port numbers" ::= {ipAug 1}
ipAugAddrEntry OBJECT-TYPE SYNTAX IpAugAddrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The addressing information …" AUGMENTS {ipAddrEntry} ::= {ipAugAddrTable 1} Figure 6.13 Example of Augmentation of Tables
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
22
Addition of a Sparse Tableto Base Table
T1.E1.C1.1
table1(T1)
table1Entry(E1)
T1.E1.C2.1 T1.E1.C3.1
T1.E1.C1.2 T1.E1.C2.2 T1.E1.C3.2
T1.E1.C1.3 T1.E1.C2.3 T1.E1.C3.3
T1.E1.C1.4 T1.E1.C2.4 T.E1.C3.4
table 2(T2)
table2Entry(E2)
T2.E2.C4.1 T2.E2.C5.1
T2.E2.C4.2 T2.E2.C5.2
Figure 6.16 Addition of a Sparse Table to Base Table
Index: First columnar object in Table 1
Conceptual rows: 1. T1.E1.C1.1 2. T1.E1.C1.2 3. T1.E1.C1.3 4. T1.E1.C1.4
Table 1 Table 2
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
23
Augmentation of Tables: Example- Sparse Table -
table1 OBJECT-TYPE SYNTAX SEQUENCE OF table1Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table 1 under T” ::= {table 1}
table1Entry OBJECT-TYPE SYNTAX Table1Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (conceptual row) in Table 1” INDEX {T1.E1.C1} ;;= {table1 1}
table2 OBJECT-TYPE SYNTAX SEQUENCE OF table2Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table 2 under T" ::= {ipAug 1}
table2Entry OBJECT-TYPE SYNTAX Table2Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION " An entry (conceptual row) in Table 2" INDEX { table1Entry } ::= {table2 1} Figure 6.15 ASN.1 Constructs for Appending a Sparse Table
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
24
Combining Indexing of Tables(Dense Table)
T1.E1.C1.1
table1(T1)
table1Entry(E1)
T1.E1.C2.1 T1.E1.C3.1
T1.E1.C1.2 T1.E1.C2.2 T1.E1.C3.2
table 2(T2)
table2Entry(E2)
T2.E2.C4.1 T2.E2.C5.1
T2.E2.C4.2 T2.E2.C5.2
T2.E2.C4.3 T2.E2.C5.3
T2.E2.C4.4 T2.E2.C5.4
Figure 6.14 Combined Indexing of Tables
Index: First columnar objects in Table 1 and 2
Conceptual rows:
1. T1.E1.C1.1, T2.E2.C4.1 2. T1.E1.C1.1, T2.E2.C4.2 3. T1.E1.C1.1, T2.E2.C4.3 4. T1.E1.C1.1, T2.E2.C4.4
Table 1 Table 2
5. T1.E1.C1.2, T2.E2.C4.1
8. T1.E1.C1.2, T2.E2.C4.4 …………………………
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
25
Augmentation of Tables: Example- Dense Table-
table1 OBJECT-TYPE SYNTAX SEQUENCE OF table1Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table 1 under T” ::= {table 1}
table1Entry OBJECT-TYPE SYNTAX Table1Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (conceptual row) in Table 1” INDEX {T1.E1.C1} ;;= {table1 1}
table2 OBJECT-TYPE SYNTAX SEQUENCE OF table2Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table 2 under T" ::= {ipAug 1}
table2Entry OBJECT-TYPE SYNTAX Table2Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION " An entry (conceptual row) in Table 2" INDEX {T1.E1.C1, T2.E2.C4} ::= {table2 1} Figure 6.15 ASN.1 Constructs for Appending a Dense Table
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
26
Textual Convention[RFC 2579/STD 58]
Notes
• Enables defining new data types.• Makes semantics of data types consistent and human readable.• Creates new data types using existing ones and applies restrictions to them.• An important textual convention in SNMPv2, RowStatus creates and deletes rows.
DisplayString ::= OCTET STRING -- This data type is used to model textual information taken from the NVT -- ASCII character set. By convention, objects with this syntax are -- declared as having -- SIZE (0..255)
DisplayString ::= TEXTUAL-CONVENTION DISPLAY-HINT "255a" STATUS current
DESCRIPTION "Represents textual information taken from the NVT ASCII character set, as defined in pages 4, 10-11 of RFC 854. …."
SYNTAX OCTET STRING (SIZE (0..255) )
• SNMPv2 [RFC 2579/STD 58]:
• SNMPv1 [RFC1213/STD17]:
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
27
TEXTUAL-CONVENTION Macro [RFC 2579/STD 58]
TEXTUAL-CONVENTION MACRO ::=BEGIN
TYPE NOTATION ::=DisplayPart"STATUS" Status"DESCRIPTION" TextReferPart"SYNTAX" SyntaxVALUE NOTATION ::= value(VALUE Syntax)DisplayPart ::= "DISPLAY-HINT" Text | emptyStatus ::= "current" | "deprecated" | "obsolete“ReferPart ::= "REFERENCE" Text | empty………………………..
END
TEXTUAL-CONVENTION Macro
[RFC 2579 - Textual Conventions for SMIv2, April 1999]
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
28
DISPLAY-HINT Clause [RFC 2579/STD 58]
The DISPLAY-HINT clause may be present if and only if the syntax has an underlying primitive type of INTEGER or OCTET STRING.
- Syntax has an underlying primitive type of INTEGER, the hint consists of two parts. - Part 1: A single character suggesting a display format,
either:
- 'x' for hexadecimal, 'd' for decimal, 'o' for octal, 'b' for binary, 'a' for ASCII.
- Part 2: Can only be present with ‘d’ (optional).
- If present, uses “-” followed by a decimal number, i.e., implied decimal point when rendering the value.
Example:Hundredths ::= TEXTUAL-CONVENTION
DISPLAY-HINT “d-2”
...
SYNTAX INTEGER (0..10000)
-- suggests that a hundredths value of 1234 be rendered as "12.34"
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
29
Examples from RFC 2579/STD 58
PhysAddress ::= TEXTUAL-CONVENTIONDISPLAY-HINT “1x:”STATUS currentDESCRIPTION “Represents media- or physical-level
addresses.”SYNTAX OCTET STRING
TruthValue ::= TEXTUAL-CONVENTIONSTATUS currentDESCRIPTION “Represents a boolean value.”SYNTAX INTEGER { true(1), false(2) }
DateAndTime ::= TEXTUAL-CONVENTION
DISPLAY-HINT “2d-1d-1d,1d:1d:1d.1d,1a1d:1d”
STATUS current
DESCRIPTION “A date-time specification. …
For example: 1992-5-26,13:30:15.0,-4:0 …”
SYNTAX OCTET STRING (SIZE (8 | 11))
See Table 6.3 for SMIv2 Textual Conventions for Initial Data Types
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
30
Examples from RFC 2579/STD 58
RowStatus ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION “The RowStatus textual convention is used to manage the …”
SYNTAX INTEGER {
-- the following two values are states:
-- these values may be read or written
active(1),
notInService(2),
-- the following value is a state:
-- this value may be read, but not written
notReady(3),
-- the following three values are
-- actions: these values may be written,
-- but are never read
createAndGo(4),
createAndWait(5),
destroy(6) }
See Table 6.3 for SMIv2 Textual Conventions for Initial Data Types
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
31
Creation/Deletion of Rows: RowStatus[RFC 2579/STD 58]
Notes
Table 6.4 RowStatus Textual Convention
State Enumer-ation
Description
active 1 Row exists and is operationalnotInService 2 Operation on the row is suspendednotReady 3 Row does not have all the columnar objects
neededcreateAndGo 4 This is a one-step process of creation of a
row; immediately goes into active statecreateAndWait 5 Row is under creation and should not be
commissioned into servicedestroy 6 Same as Invalid in EntryStatus. Row should
be deleted
• Two methods:• Create a row and make it active (createAndGo)
→ immediately available• Create a row and make it available at a later time.
(createAndWait)• Status: A new column is added to the conceptual table.• SYNTAX of Status is RowStatus.• Value of RowStatus is Enumerated INTEGER.• Manager uses states 1, 2, 4, 5 & 6 to create/delete rowson the agent.• Agent uses states 1, 2 & 3 to send responses.
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
32
Row Creation and Deletion
Notes
Row to be created / deleted
entry1
status.1
table1
index.1 data.1
status.2
status.3
index.2
index.3
data.2
data.3
Figure 6.19 Conceptual Table for Creation and Deletion of Row
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
33
Create-and-Go Row Creation
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
34
Figure 6.20 Create-and-Go Row Creation
SetRequest(status.3 = 4,index.3 = 3,
data.3 = DefData )
Response(status.3 = 1,index.3 = 3,data.3 = DefData )
ManagerProcess
AgentProcess
ManagedEntity
Create Instance
Instance Created
Create-and-Wait:Row Creation
Figure 6.21 Create-and-Wait Row Creation
SetRequest(status.3 = 5,index.3 = 3 )Response
(status.3 = 3,index.3 = 3 )
ManagerProcess
AgentProcess
SetRequest(data.3 = DefData )
Response(status.3 = 2data.3 = DefData )
SetRequest(status.3 = 1 )
Response(status.3 = 1 )
GetRequest(data.3 )
Response(data.3 = noSuchInstance)
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
35
Row Deletion
Figure 6.22 Row Deletion
SetRequest(status.3 = 6 )
Response(status.3 = 6 )
ManagerProcess
AgentProcess
ManagedEntity
DeleteInstance
Instance Deleted
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
36
Conformance: OBJECT-GROUP
NotessystemGroup OBJECT-GROUP
OBJECTS {sysDescr, sysObjectID, sysUpTime, sysContact, sysName, sysLocation, sysServices, sysORLastChange, sysORID, sysORUptime, sysORDesc} STATUS current DESCRIPTION "The system group defines objects which are common to all managed systems." ::= {snmpMIBGroups 6}
Figure 6.25 Example of OBJECT-GROUP Macro
• Conformance defined by• OBJECT-GROUP macro• NOTIFICATION-GROUP macro
• OBJECT-GROUP• Compiled during implementation, not at run time• OBJECTS clause names each object• Every object belongs to an OBJECT- GROUP• Access defined by MAX-ACCESS, the maximum access privilege for the object
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
37
Conformance: NOTIFICATION-GROUP
Notes
• NOTIFICATION-GROUP• Contains trap entities defined in SMIv1• NOTIFICATIONS clause identifies the notifications in the group• NOTIFICATIONS-GROUP macro compiled during implementation, not at run time
snmpBasicNotificationsGroup NOTIFICATION-GROUP NOTIFICATIONS {coldStart, authenticationFailure} STATUS current
DESCRIPTION "The two notifications which an SNMP-2 entity is required to implement." ::= {snmpMIBGroups 7}
Figure 6.27 Example of NOTIFICATION-GROUP Macro
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
38
Compliance
Notes
• Compliance has two classes of groups• MANDATORY-GROUPS ... Required• GROUP …Optional
-- compliance statements
snmpBasicCompliance MODULE-COMPLIANCESTATUS currentDESCRIPTION
"The compliance statement for SNMPv2 entities whichimplement the SNMPv2 MIB."
MODULE -- this module MANDATORY-GROUPS {snmpGroup, snmpSetGroup, systemGroup, snmpBasicNotificationsGroup}
GROUP snmpCommunityGroupDESCRIPTION
"This group is mandatory for SNMPv2 entities which support community-based authentication." ::= {snmpMIBCompliances 2 }
-- units of conformancesnmpGroup OBJECT-GROUP ::= {snmpMIBGroups 8}snmpCommunityGroup OBJECT-GROUP ::= {snmpMIBGroups 9}snmpObsoleteGroup OBJECT-GROUP ::= {snmpMIBGroups 10}
… … … …
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
39
Agent Capabilities
Notes
• AGENT-CAPABILITIES macro• SUPPORTS modules and includes groups• VARIATION identifies additional features
routerIsi123 AGENT-CAPABILITIES PRODUCT-RELEASE "InfoTech Router isiRouter123 release 1.0" STATUS current DESCRIPTION "InfoTech High Speed Router" SUPPORTS snmpMIB INCLUDES {systemGroup, snmpGroup, snmpSetGroup, snmpBasicNotificationsGroup } VARIATION coldStart DESCRIPTION "A coldStart trap is generated on all reboots." SUPPORTS IF-MIB INCLUDES {ifGeneralGroup, ifPacketGroup} SUPPORTS IP MIB INCLUDES {ipGroup, icmpGroup} SUPPORTS TCP-MIB INCLUDES {tcpGroup} SUPPORTS UDP-MIB INCLUDES {udpGroup} SUPPORTS EGP-MIB INCLUDES {egpGroup} ::= { isiRouter 1 }
Figure 6.30 Example of AGENT-CAPABILITIES Macro
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
40
SNMPv2 MIB
mgmt(2
directory(1)
experimental(3)
private(4)
internet{1 3 6 1}
security(5)
snmpv2(6)
snmpDomains(1)
snmpProxys(2)
snmpModules(3)
Figure 6.31 SNMPv2 Internet Group
snmpMIB(1)
mib-2(1)
system(1)
snmp(11)
snmpMIBConformance(2)
snmpMIBObjects(1)
Notes• Security is a placeholder• System group: A table sysORTable added that lists resources that the agent controls; NMS configures NE through the agents.• Most of the objects in the SNMPv1 obsoleted• Object Groups and Notification Groups defined for conformance specifications.
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
41
SNMPv2 System Group [RFC 3418/STD 62]
Figure 6.32 The SNMPv2 System Group
sysDescr (1)
system(mib-2 1)
sysObjectId (2)
sysUpTime (3)
sysContact (4)
sysORLastChange (8)
sysServices (7)
sysLocation (6)
sysName (5)sysORTable (9)
sysOREntry (1)
sysORIndex (1)
sysORID (2) sysORDescr (3)
sysORUpTime (4)
Entity OID Description
sysORLastChange system 8 sysUpTime value at time of most recent change in state or value of any instance of sysORID.
sysORTable system 9 Table listing system resources that the agent controls; manager can configure these resources through the agent
sysOREntry sysORTable 1 An entry in the sysORTable
sysORIndex sysOREntry 2 Row index, also index for the table
sysORID sysOREntry 3 ID of the resource module
sysORDescr sysOREntry 4 Textual description of the resource module
sysORUpTime sysOREntry 5 System up-time since the object in this row was last instantiated
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
42
SNMPv2 SNMP MIB
snmp(mib-2 11)
snmpInPkts(1)
snmpInBadVersions (3)
snmpInBadCommunityNames (4)
snmpInBadCommunityUses (5)
snmpProxyDrops (32)
snmpSilentDrops (31)
snmpEnableAuthenTraps (30)
Figure 6.33 SNMPv2 SNMP Group
snmpInASNParseErrors (6)
1,3,6,30,31,32 snmpGroup4,5 snmpCommunity Group7,23 not used2,8-23, 24-29 snmpObsoleteGroup
SNMP Group Objects
Notes
Network Management: Principles and Practice© Mani Subramanian 2011
• Compare this to SNMPv1 MIB!
Chapter 6 SNMP Management: SNMPv2
43
snmp(mib-2 11)
snmpInPkts(1)
snmpOutPkts (2)
snmpInBadVersions (3)
snmpInCommunityNames (4)
snmpInBadCommunityUses (5)
snmpInASNParseErrors (6)
-- not used (7)
snmpInTooBigs (8)
snmpInNoSuchNames (9)
snmpInBadValues (10)
snmpInReadOnlys (11)
snmpEnableAuthenTraps (30)
snmpOutTraps (29)
snmpOutGetResponses (28)
snmpOutSetRequests (27)
snmpOutGetNexts (26)
snmpOutGetRequests (25)
snmpOutGenErrs (24)
-- not used (23)
snmpOutBadValues (22)
snmpOutNoSuchNames (21)
snmpOutTooBigs (20)
snmpInGenErrs (12)
snmpInTotalReqVars (13)
snmpInTotalSetVars (14)
snmpInGetRequests (15)
snmpInTraps (19)snmpInGetResponses
(18)snmpInSetRequests (17)
snmpInGetNexts (16)
Figure 5.21 SNMP Group
SNMPv1 SNMP MIB
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
44
snmpMIBObjects MIB
authenticationFailure (5)
snmpMIBObjects(snmpMIB 1)
snmpSet(6)
snmpTraps(5)
snmpTrap(4)
snmpTrapOID(1)
snmpTrapEnterprise(3)
coldStart (1)
warmStart (2)
snmpSetSerialNo(1 )
linkUp (4)
linkDown (3)
Figure 6.34 MIB Modules under snmpMIBObjects
Notes
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
45
SNMPv2 Protocol
- SNMPv2 PDU -
Notes
Figure 6.37 SNMPv2 PDU (All but Bulk)
PDUType
RequestIDError
StatusErrorIndex
VarBind 1name
VarBind 1value
...VarBind n
nameVarBind n
value
• Standardized format for all messages
• Interpretation of error status and error index fields:
In SNMPv1, if error occurs → status and index field filled, but varBindList blank
In SNMPv2, (x: means non-zero value)
Interpretation Status IndexvarBindList ignored x 0varBind of index field ignored x x
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
46
SNMPv2 PDU and Error StatusTable 6.11 Values for Types of PDU and
Error-status Fields in SNMPv2 PDU
Field Type Value PDU 0 Get-Request-PDU 1 GetNextRequest-PDU 2 Response-PDU 3 Set-Request- PDU 4 obsolete 5 GetBulkRequest-- PDU 6 InformRequest- PDU 7 SNMPv2 - Trap- PDU Error Status 0 noError 1 tooBig 2 noSuchName 3 badValue 4 readOnly 5 genErr 6 noAccess 7 wrongType 8 wrongLength 9 wrongEncoding 10 wrongValue 11 noCreation 12 inconsistentValue 13 resourceUnavailable 14 commitFailed 15 undoFailed 16 authorizationError 17 notWritable 18 inconsistentName
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
47
SNMPv2 GetBulkRequest PDU
Notes
Figure 6.38 SNMPv2 GetBulkRequest PDU
PDUType
RequestIDNon-
RepeatersMax
RepetitionsVarBind 1
nameVarBind 1
value...
VarBind nname
VarBind nvalue
• Error status field replaced by Non-repeaters
• Error index field replaced by Max repetitions
• No one-to-one relationship between requestand response
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
48
Get-Bulk-Request: Generic MIB
T ZA B
1.1
Figure 6.39 MIB for Operation Sequences in Figures 6.40 and 6.41
E
1.2
1.3
1.4
2.1
2.2
2.3
2.4
3.1
3.2
3.3
3.4
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
49
Get-Next-Request Operation
Figure 6.40 Get-Next-Request Operation for MIB in Figure 6.39
T.E.1.1 T.E.2.1 T.E.3.1
T.E.1.2 T.E.2.2 T.E.3.2
E
T
Z
A
B
T.E.1.3 T.E.2.3 T.E.3.3
T.E.1.4 T.E.2.4 T.E.3.4
GetRequest ( A,B )
GetNextRequest (T.E.1.T.E.2,T.E.3)
GetResponse (T.E.1.1,T.E.2.1,T.E.3.1)
GetNextRequest (T.E.1.1,T.E.2.1,T.E.3.1)
GetResponse (T.E.1.2,T.E.2.2,T.E.3.2)
GetResponse (T.E.1.3,T.E.2.3,T.E.3.3)
GetNextRequest (T.E.1.3,T.E.2.3,T.E.3.3)
GetResponse (T.E.1.4,T.E.2.4,T.E.3.4)
GetResponse (T.E.2.1,T.E.3.1,Z)
ManagerProcess
AgentProcessGetResponse (A,B)
GetNextRequest (T.E.1.4,T.E.2.4,T.E.3.4)
GetNextRequest (T.E.1.2,T.E.2.2,T.E.3.2)
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
50
Get-Bulk-Request Operation
T.E.1.1
Figure 6.41 Get-Bulk-Request Operation for MIB in Figure 6.39
T.E.2.1 T.E.3.1
T.E.1.2 T.E.2.2 T.E.3.2
E
T
Z
A
B
GetBulkRequest ( 2,3,A,B,T.E.1, T.E.2, T.E.3 )
Response ( A, B,T.E.1.1, T.E.2.1, T.E.3.1T.E.1.2, T.E.2.2, T.E.3.2
T.E.1.3, T.E.2.3, T.E.3.3 )
GetBulkRequest ( 0,3,T.E.1.3, T.E.2.3, T.E.3.3 )
Response ( T.E.1.4, T.E.2.4, T.E.3.4, Z , " endOfMibView" )
T.E.1.3 T.E.2.3 T.E.3.3
T.E.1.4 T.E.2.4 T.E.3.4
ManagerProcess
AgentProcess
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
51
Get-Bulk-Request Example
Notes
atIfIndex231316
atPhysAddress0000000C3920B40000000C3920AC0000000C3920AF
atNetAddress192.68.3.1172.46.46.1172.46.49.1
GetBulkRequest ( 1,3,sysUpTime,
atPhysAddress )
Response( (sysUpTime.0 = "315131795"), (atPhysAddress.13.172.46.46.1 = "0000000C3920AC")(atPhysAddress.16.172.46.49.1 = "0000000C3920AF")(atPhysAddress.23.172.17.3.1 = "0000000C3920B4") )
Figure 6.42 Get-Bulk-Request Example
GetBulkRequest ( 1,3,sysUpTime,
atPhysAddress.23.192.168.3.1 )
Response( (sysUpTime.0 = "315131800"),(ipForwarding.0 = "1") )
ManagerProcess
AgentProcess
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
52
SNMPv2 Trap
Notes
Figure 6.43 SNMPv2 Trap PDU
PDUType
RequestIDError
StatusErrorIndex
VarBind 1sysUpTime
VarBind 1value
...
VarBind 2snmpTrapOID
VarBind 2value
• Addition of NOTIFICATION-TYPE macro
• OBJECTS clause, if present, defines order of variable bindings
• Positions 1 and 2 in VarBindList are sysUpTime and snmpTrapOID
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
53
Inform-Request
Notes
PDUType
RequestIDError
StatusErrorIndex
VarBind 1sysUpTime
VarBind 1value
...
VarBind 2snmpTrapOID
VarBind 2value
• Inform-Request behaves as trap in that the message goes from one manager to another unsolicited
• The receiving manager sends response to the sending manager
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
54
Bilingual Manager
Notes
SNMPv1Agents
Bilingual Manager
SNMPv1Interpreter
SNMPv2Interpreter
AgentProfile
SNMPv2Agents
Figure 6.45 SNMP Bilingual Manager
• Compatibility with SNMPv1• Bilingual Manager• Proxy Server
• Bilingual Manager expensive in resource and operation
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
55
SNMP Proxy Server
SNMPv1Agents
SNMPv2 Manager
ProxyServer
SNMPv2Agents
Figure 6.46 SNMPv2 Proxy Server Configuration
Pass-Through
Pass-Through
SNMPv2 Manager SNMPv1 Agent
GetNextRequest
GetRequest
Pass-ThroughSetRequest
Set: 1. non-repeaters = 0 2. max-repetitions = 0
3. Change PDU tag to GetNextRequest PDUGetBulkRequest
Pass-ThroughException: For 'tooBig' error, contents of variable-bindings field
removed.Response
Prepend VarBind: 1. sysUpTime.0 2. snmpTrapOID.0
SNMPv2-Trap
GetRequest
GetResponse
GetNextRequest
SetRequest
GetNextRequest
Trap
SNMP v2-v1 Proxy Server
Figure 6.47 SNMP v2-v1 Proxy Server
Network Management: Principles and Practice© Mani Subramanian 2011
Chapter 6 SNMP Management: SNMPv2
56