MJ08/0704 1

Session 08SNMPv2

Adapted from Network Management: Principles and Practice © Mani Subramanian 2000 and solely used for Network Management course at Universitas Bina Nusantara

MJ08/0704 2

Major Changes

• Bulk data transfer• Manager-to-manager message• Enhancements to SMI: SMIv2

• Module definitions: MODULE-IDENTITY macro• Object definitions: OBJECT-TYPE macro• Trap definitions: NOTIFICATION-TYPE macro

• Textual conventions• Conformance statements• Row creation and deletion in table• MIB enhancements• Transport mappings• Security features, originally to be in SNMPv2 moved to

SNMPv3• SNMPv2, like SNMPv1, is community-based administrative

framework

MJ08/0704 3

SNMPv2 Internet Group

• Objects added to System group• Extensive modification of the SNMP group• Additional SNMPv2 group added• Security group is a placeholder

SNMPv2

mgmt(2)

directory(1)

experimental(3)

private(4)

Internet{1 3 6 1}

security(5)

snmpv2(6)

MJ08/0704 4

SNMPv2 NM Architecture

SNMP ManagerApplication

res

po

ns

e

ge

t-b

ulk

-re

qu

es

t

ge

t-n

ex

t-re

qu

es

t

se

t-re

qu

es

t

sn

mp

V2

-tra

p

SNMP Manager

SNMP

UDP

IP

DLC

PHY

Physical Medium

ge

t-re

qu

es

t

info

rm-r

eq

ue

st

SNMP Agent

SNMP

UDP

IP

DLC

PHY

SNMP AgentApplication

res

po

ns

e

ge

t-b

ulk

-re

qu

es

t

ge

t-n

ex

t-re

qu

es

t

se

t-re

qu

es

t

sn

mp

V2

-tra

p

ge

t-re

qu

es

t

SNMP Manager

SNMP

UDP

IP

DLC

PHY

SNMP ManagerApplication

res

po

ns

e

ge

t-b

ulk

-re

qu

es

t

ge

t-n

ex

t-re

qu

es

t

se

t-re

qu

es

t

sn

mp

V2

-tra

p

ge

t-re

qu

es

t

info

rm-r

eq

ue

st

SNMPPDU

ApplicationPDU

Physical Medium

ApplicationPDU

SNMPPDU

MJ08/0704 5

SNMPv2 New Messages

• inform-request• manager-to-manager message

• get-bulk-request• transfer of large data

• report• not used

MJ08/0704 6

OBJECT

• OBJECT IDENTIFIER defines the administrative

identification of a node in the MIB • OBJECT-IDENTITY macro assigns an object identifier to an

object identifier in the MIB• OBJECT-TYPE macro defines the type of a managed object

MJ08/0704 7

Table Expansion

• Augmentation of a table (dependent table) adds

additional columns to an existing table (base table)• Dense table enables addition of more rows to base

table• Sparse table supplements less rows to a base table

MJ08/0704 8

Textual Convention

• Enables defining new data types• Makes semantics of data types consistent and

human readable• Creates new data types using existing ones and

applies restrictions to them• An important textual convention in SNMPv2,

RowStatus creates and deletes rows

MJ08/0704 9

Conformance: OBJECT-GROUP

• Conformance defined by• OBJECT-GROUP macro• NOTIFICATION-GROUP macro

• OBJECT-GROUP• Compiled during implementation, not at run

time• OBJECTS clause names each object• Every object belongs to an OBJECT-GROUP• Access defined by MAX-ACCESS, the maximum

access privilege for the object

MJ08/0704 10

Conformance: NOTIFICATION-GROUP

• Contains trap entities defined in SMIv1• NOTIFICATIONS clause identifies the notifications in the group• NOTIFICATIONS-GROUP macro compiled during implementation, not at run time

MJ08/0704 11

Compliance

• Compliance has two classes of groups• MANDATORY- GROUPS (Required)• GROUP (Optional)

MJ08/0704 12

Agent Capabilities

• AGENT-CAPABILITIES macro• SUPPORTS modules and includes groups• VARIATION identifies additional features

MJ08/0704 13

SNMPv2 MIB

mgmt(2

directory(1)

experimental(3)

private(4)

Internet{1 3 6 1}

security(5)

snmpv2(6)

snmpdomains(1)

snmpProxys(2)

snmpModules(3)

snmpMIB(1)

mib-2(1)

system(1)

snmp(11)

snmpMIBConformance(2)

snmpMIBObjects(1)

MJ08/0704 14

SNMPv2 MIB

• Security is a placeholder• System group: A table sysORTable added that

lists resources that the agent controls; NMS configures NE through the agents.

• Most of the objects in the SNMPv1 obsoleted• Object Groups and Notification Groups defined

for conformance specifications.

MJ08/0704 15

SNMPv2 System Group (RFC 1907)

sysDescr (1)

system(mib-2 1)

sysObjectId (2)sysUpTime (3)

sysContact (4)

sysORLastChange (8)sysServices (7)

sysLocation (6)

sysName (5)sysORTable (9)

sysOREntry (1)

sysORIndex (1)

sysORID (2) sysORDescr (3)

sysORUpTime (4)

MJ08/0704 16

SNMPv2 System Group (RFC 1907)

DescriptionOIDEntity

sysORUpTime

sysORDescr

sysORID

sysORIndex

sysOREntry

sysORTable

sysORLastChange

System up-time since the object in this row was last instantiated

sysOREntry 5

Textual description of the resource modulesysOREntry 4

ID of the resource modulesysOREntry 3

Row index, also index for the tablesysOREntry 2

An entry in the sysORTablesysORTable 1

Table listing system resources that the agent controls; manager can configure these resources through the agent

system 9

sysUpTime value at time of most recent change in state or value of any instance of sysORID.

system 8

MJ08/0704 17

SNMPv2 SNMP MIBsnmp

(mib-2 11)

snmpInPkts(1)

snmpInBadVersions (3)

snmpInBadCommunityNames (4)

snmpInBadCommunityUses (5)

snmpProxyDrops (32)

snmpSilentDrops (31)

snmpEnableAuthenTraps (30)

snmpInASNParseErrors (6)

1,3,6,30,31,32 snmpGroup4,5 snmpCommunity Group7,23 not used2,8-23, 24-29 snmpObsoleteGroup

SNMP Group Objects

MJ08/0704 18

snmpMIBObjects MIB

authenticationFailure (5)

snmpMIBObjects(snmpMIB 1)

snmpSet(6)

snmpTraps(5)

snmpTrap(4)

snmpTrapOID(1)

snmpTrapEnterprise(3)

coldStart (1)

warmStart (2)

snmpSetSerialNo(1 )

linkUp (4)

linkDown (3)

MJ08/0704 19

SNMPv2 PDU

• Standardized format for all messages• Interpretation of error status and error index fields; in

v1, if error occurs status and index field filled, but varBindList blank

Interpretation Status IndexvarBindList ignored xvarBind of index field ignored x x

PDUType

RequestIDError

StatusErrorIndex

VarBind 1name

VarBind 1value

...VarBind n

nameVarBind n

value

MJ08/0704 20

Field Type ValuePDU 0 Get-Request-PDU

1 GetNextRequest-PDU2 Response-PDU3 Set-Request- PDU4 obsolete5 GetBulkRequest-- PDU6 InformRequest- PDU7 SNMPv2 - Trap- PDU14 commitFailed15 undoFailed16 authorizationError17 notWritable18 inconsistentName

SNMPv2 Error Status

MJ08/0704 21

SNMPv2 PDU

Field Type ValuePDU 0 Get-Request-PDU

1 GetNextRequest-PDU2 Response-PDU3 Set-Request- PDU4 obsolete5 GetBulkRequest-- PDU6 InformRequest- PDU7 SNMPv2 - Trap- PDU

MJ08/0704 22

SNMPv2 GetBulkRequest PDU

• Error status field replaced by Non-repeaters• Error index field replaced by Max repetitions• No one-to-one relationship between request and response

PDU

TypeRequestID

Non-

Repeaters

Max

Repetitions

VarBind 1

name

VarBind 1

value...

VarBind n

name

VarBind n

value

MJ08/0704 23

SNMPv1 SNMP MIBsnmp

(mib-2 11)

snmpInPkts(1)

snmpOutPkts (2)

snmpInBadVersions (3)

snmpInCommunityNames (4)

snmpInBadCommunityUses (5)

snmpInASNParseErrors (6)

-- not used (7)

snmpInTooBigs (8)

snmpInNoSuchNames (9)

snmpInBadValues (10)

snmpInReadOnlys (11)

snmpEnableAuthenTraps (30)

snmpOutTraps (29)

snmpOutGetResponses (28)

snmpOutSetRequests (27)

snmpOutGetNexts (26)

snmpOutGetRequests (25)

snmpOutGenErrs (24)

-- not used (23)

snmpOutBadValues (22)

snmpOutNoSuchNames (21)

snmpOutTooBigs (20)

snmpInGenErrs (12)

snmpInTotalReqVars (13)

snmpInTotalSetVars (14)

snmpInGetRequests (15)

snmpInTraps (19)snmpInGetResponses

(18)snmpInSetRequests (17)

snmpInGetNexts (16)

MJ08/0704 24

SNMPv2 Trap

• Addition of NOTIFICATION-TYPE macro• OBJECTS clause, if present, defines order of variable

bindings• Positions 1 and 2 in VarBindList are sysUpTime and

snmpTrapOID

PDUType

RequestIDError

StatusErrorIndex

VarBind 1sysUpTime

VarBind 1value

...

VarBind 2snmpTrapOID

VarBind 2value

MJ08/0704 25

Inform-Request

• Inform-Request behaves as trap in that the message goes from one manager to another unsolicited

• The receiving manager sends response to the sending manager

PDUType

RequestIDError

StatusErrorIndex

VarBind 1sysUpTime

VarBind 1value

...

VarBind 2snmpTrapOID

VarBind 2value

MJ08/0704 26

Bilingual Manager

SNMPv1Agents

Bilingual Manager

SNMPv1Interpreter

SNMPv2Interpreter

AgentProfile

SNMPv2Agents

MJ08/0704 27

Bilingual Manager

• Compatibility with SNMPv1• Bilingual Manager• Proxy Server

• Bilingual Manager expensive in resource and operation

MJ08/0704 28

SNMP Proxy Server

SNMPv1Agents

SNMPv2 Manager

ProxyServer

SNMPv2Agents

MJ08/0704 29

SNMP Proxy Server

Pass-Through

Pass-Through

SNMPv2 Manager SNMPv1 Agent

GetNextRequest

GetRequest

Pass-ThroughSetRequest

Set: 1. non-repeaters = 0

2. max-repetitions = 0GetBulkRequest

Pass-Through

Exception: For 'tooBig' error, contents of variable-bindings

field removed.Response

Prepend VarBind: 1. sysUpTime.0

2. snmpTrapOID.0SNMPv2-Trap

GetRequest

GetResponse

GetNextRequest

SetRequest

GetNextRequest

Trap

SNMP v2-v1 Proxy Server