network management principles, objectives & components مادة إدارة الشبكات...
TRANSCRIPT
NETWORK MANAGEMENTNETWORK MANAGEMENTPrinciples, Objectives & Principles, Objectives & ComponentsComponents
الشبكات إدارة الشبكات مادة إدارة مادةوشبكات - نظم اختصاص الخامسة وشبكات - السنة نظم اختصاص الخامسة السنة
ByBy
Dr. Moutasem SHAFA’AMRYDr. Moutasem SHAFA’AMRY
شفاعمري . . دد شفاعمري معتصم معتصم2004-2005 (First Semester)2004-2005 (First Semester)
دمشق جامعةالمعلوماتية الهندسة كلية
والشبكات النظم قسمالحاسوبية
Damascus UniversityDamascus UniversityFaculty of Computer EngineeringFaculty of Computer EngineeringDept. Of Networks And OS.Dept. Of Networks And OS.
المنهاج مم المنهاج حاور حاورCourse OutlineCourse Outline
المنهاج مم المنهاج حاور حاورCourse OutlineCourse Outline
الشبكات إدارة نظم وأهمية الشبكات تعريف إدارة نظم وأهمية تعريف الشبكات إدارة نظم الشبكات مكونات إدارة نظم مكونات بروتوكوالت تطور عن تاريخية بروتوكوالت لمحة تطور عن تاريخية لمحة
الشبكات إدارة الشبكات نظم إدارة نظم البرتوكول البرتوكولSNMPv1SNMPv1
البنيةالبنية–األساسية – والوظائف اإلدارة األساسية نموذج والوظائف اإلدارة نموذجالبرتوكول – رزمة وتفاصيل البرتوكول محددات رزمة وتفاصيل محدداتالبيانات – قاعدة البيانات بنية قاعدة MIBMIBبنية
البرتوكول البرتوكولSNMPv2SNMPv2 البرتوكول البرتوكولSNMPv3SNMPv3 خصائص بين خصائص مقارنات بين SNMPv1,2,3SNMPv1,2,3مقارناتبعد برتوكولبرتوكول عن بعد اإلدارة عن RMON I &IIRMON I &II اإلدارة الوب عبر الوب اإلدارة عبر Web-based Web-basedاإلدارة
ManagementManagement
العلمية العلمية المراجع المراجعCourse ReferencesCourse References
العلمية العلمية المراجع المراجعCourse ReferencesCourse References
1. M.Subramanian, Network Management: Principles and, Practice, Addison-Wesley, 2000.
2. David Zeltserman, A Practical Guide to SNMPv3 and, Network Management, Prentice Hall, 1999
3.3. Simple Web SNMP TutorialsSimple Web SNMP Tutorials, University of Twente, University of Twente, , http://www.utwente.nl/http://www.utwente.nl/
4. Simple Network Network Management Protocol, tutorials by Dr. Andreas Steffen, ©2000-2002 Zürcher Hochschule Winterthur
5. ASN.1:Communication between Heterogeneous Systems, By Olivier Dubuisson, translated from French by Philippe Fouquarthttp://asn1.elibel.tm.fr/en/book/http://www.oss.com/asn1/booksintro.htmlJune 5, 2000
6. Hands-On SNMPv3 Tutorial & Demo Manual, http://www.NuDesignTeam.com
7. ASN.1 Complete, by, Prof John Larmouth, © OSS,31 May 1999
8. RFCs (Related)
DEFINITIONDEFINITIONالتعريفالتعريف DEFINITIONDEFINITIONالتعريفالتعريف
األدوات من مجموعة هو الشبكات إدارة األدوات نظام من مجموعة هو الشبكات إدارة نظامتأمين إلى تأمين تهدف إلى لوظائف لوظائف التحكمالتحكمو و المراقبةالمراقبةتهدف
تكون بحيث تكون الشبكة بحيث تأمين متكاملةمتكاملةالشبكة حيث تأمين من حيث مناالستخدام قوية،سهلة مشتركة عمل االستخدام واجهة قوية،سهلة مشتركة عمل واجهة
بأقل والمراقبة التحكم أوامر جميع بأقل توفر والمراقبة التحكم أوامر جميع توفرممكنة إضافية ممكنة تجهيزات إضافية تجهيزات
A NETWORK MANAGEMENT SYSTEM IS :A NETWORK MANAGEMENT SYSTEM IS :
COLLECTION OF TOOLS FOR MONITORING AND CONTROLING THE COLLECTION OF TOOLS FOR MONITORING AND CONTROLING THE NETWORK INTEGRATED IN THE FOLLOWING SENSES:NETWORK INTEGRATED IN THE FOLLOWING SENSES:
– SINGLE OPERATOR INTERFACE : POWERFUL , USER-SINGLE OPERATOR INTERFACE : POWERFUL , USER-FRIENDLY WITH COMMANDS PERFORMING MOST / ALL FRIENDLY WITH COMMANDS PERFORMING MOST / ALL NETWORK MANAGEMENT TASKS. NETWORK MANAGEMENT TASKS.
– MINIMAL AMOUNT OF SEPARATE EQUIPMENT. MINIMAL AMOUNT OF SEPARATE EQUIPMENT.
إدارة نظام إلى الحاجة إدارة ما نظام إلى الحاجة ماالشبكات؟الشبكات؟
Why the need for Why the need forNETWORK MANAGEMENTNETWORK MANAGEMENT
?SYSTEM?SYSTEM
إدارة نظام إلى الحاجة إدارة ما نظام إلى الحاجة ماالشبكات؟الشبكات؟
Why the need for Why the need for NETWORK MANAGEMENTNETWORK MANAGEMENT
SYSTEM?SYSTEM? تقديمها مع lتعقيدا وأكثر أكبر شبكات باتجاه تقديمها التطور مع lتعقيدا وأكثر أكبر شبكات باتجاه التطور
المستثمرين من العديد و التطبيقات من المستثمرين للكثير من العديد و التطبيقات من THE THE للكثيرTREND IS TOWARD LARGER, MORE COMPLEX NETWORKS TREND IS TOWARD LARGER, MORE COMPLEX NETWORKS
SUPPORTING MORE APPLICATIONS AND MORE USERS SUPPORTING MORE APPLICATIONS AND MORE USERS.. األخطاء األخطاء ازدياد والتطبيقات ازدياد الشبكات حجم ازدياد والتطبيقات مع الشبكات حجم ازدياد MORE MOREمع
THINGS CAN GO WRONGTHINGS CAN GO WRONG::الشبكة – من جزء فصل إمكانية إلى الشبكة الحاجة من جزء فصل إمكانية إلى DISABLING THE DISABLING THE الحاجة
NETWORK OR PART OF ITNETWORK OR PART OF IT..متدن – أداء إلى متدن الوصول أداء إلى DEGRADING PERFORMANCE TO AN DEGRADING PERFORMANCE TO AN الوصول
UNACCEPTABLE LEVELUNACCEPTABLE LEVEL.. الشبكات إدارة في البشري الجهد على االعتماد إمكانية الشبكات عدم إدارة في البشري الجهد على االعتماد إمكانية عدم
NOT ABLE TO BE MANAGED BY HUMAN EFFORT NOT ABLE TO BE MANAGED BY HUMAN EFFORTالكبيرةالكبيرةALONEALONE..
AUTOMATED NETWORK MANAGEMENT TOOLS IS AUTOMATED NETWORK MANAGEMENT TOOLS IS NEEDEDNEEDED..
اإلدارة نظام اإلدارة متطلبات نظام متطلباتNETWORK MANAGEMENT REQUIREMENTSNETWORK MANAGEMENT REQUIREMENTS
اإلدارة نظام اإلدارة متطلبات نظام متطلباتNETWORK MANAGEMENT REQUIREMENTSNETWORK MANAGEMENT REQUIREMENTS
BASED ON THE FEATURES THAT ARE MOST IMPORTANT TO USERSBASED ON THE FEATURES THAT ARE MOST IMPORTANT TO USERS::
للمنظومة االستراتيجية بالمصادر للمنظومة التحكم االستراتيجية بالمصادر التحكم CONTROLLING CORPORATE STRATEGIC ASSETSCONTROLLING CORPORATE STRATEGIC ASSETS
التعقيد بمستوى التعقيد التحكم بمستوى التحكم CONTROLLING COMPLEXITY.CONTROLLING COMPLEXITY.
الخدمات مستوى الخدمات تحسين مستوى تحسين IMPROVING SERVICE.IMPROVING SERVICE.
والحاجات المتطلبات في التوازن والحاجات تأمين المتطلبات في التوازن تأمين BALANCING VARIOUS NEEDS.BALANCING VARIOUS NEEDS.
والتوقفات اإلنقطاعات زمن والتوقفات تقليل اإلنقطاعات زمن تقليل REDUCING DOWNTIME.REDUCING DOWNTIME.
الكلفة الكلفة تخفيض تخفيض CONTROLLING COSTS.CONTROLLING COSTS.
SOFTWARESOFTWARE: IN : IN HOST COMPUTERSHOST COMPUTERS AND AND COMMUNICATIONS COMMUNICATIONS
PROCESSORSPROCESSORS (FRONT-END PROC., TERMINAL CLUSTER (FRONT-END PROC., TERMINAL CLUSTER CONTROLLERS, BRIDGES, ROUTERS).CONTROLLERS, BRIDGES, ROUTERS).
HARDWAREHARDWARE
A NETWORK MANAGEMENT SYSTEM IS DESIGNED TO VIEW THE A NETWORK MANAGEMENT SYSTEM IS DESIGNED TO VIEW THE ENTIRE NETWORK AS A UNIFIED ARCHITECTURE.ENTIRE NETWORK AS A UNIFIED ARCHITECTURE.
THE URGENCY OF SUCH TOOLS IS INCREASEDTHE URGENCY OF SUCH TOOLS IS INCREASED
LARGE NETWORKS ARE MORE COMPLEX AND MORE LARGE NETWORKS ARE MORE COMPLEX AND MORE HETEROGENEOUS.HETEROGENEOUS.
STANDARD NMS IS NEEDEDSTANDARD NMS IS NEEDED..
اإلدارة لنظام اإلضافية اإلدارة المكونات لنظام اإلضافية المكونات A NETWORK MANAGEMENT SYSTEM CONSISTS OF A NETWORK MANAGEMENT SYSTEM CONSISTS OF
ADDITIONALADDITIONAL::
اإلدارة لنظام اإلضافية اإلدارة المكونات لنظام اإلضافية المكوناتA NETWORK MANAGEMENT SYSTEM CONSISTS OF A NETWORK MANAGEMENT SYSTEM CONSISTS OF
ADDITIONALADDITIONAL::
ل محاورمحاورالال األساسية ل الوظيفية األساسية إدارة إدارة نظام نظام الوظيفيةمن المحددة من الشبكات المحددة المعيارية قبل قبل الشبكات المعيارية الهيئة ISOISOالهيئة
THE OSI MANAGEMENT FUNCTIONAL AREASTHE OSI MANAGEMENT FUNCTIONAL AREAS
ل محاورمحاورالال األساسية ل الوظيفية األساسية إدارة إدارة نظام نظام الوظيفيةمن المحددة من الشبكات المحددة المعيارية قبل قبل الشبكات المعيارية الهيئة ISOISOالهيئة
THE OSI MANAGEMENT FUNCTIONAL AREASTHE OSI MANAGEMENT FUNCTIONAL AREAS
األخطاء األخطاء إدارة FAULT MANAGEMENTFAULT MANAGEMENT إدارة الحسابات الحسابات إدارة ACCOUNTING MANAGEMENTACCOUNTING MANAGEMENT إدارة والتسميات التهيئة والتسميات إدارة التهيئة CONFIGURATION AND NAME CONFIGURATION AND NAME إدارة
MANAGEMENTMANAGEMENT األداء األداء إدارة PERFORMANCE MANAGEMENTPERFORMANCE MANAGEMENT إدارة الحمايات الحمايات إدارة SECURITY MANAGEMENTSECURITY MANAGEMENT إدارة
Although this functional classification was developed for the OSI Although this functional classification was developed for the OSI
environment, it has environment, it has gained broad acceptancegained broad acceptance by vendors of both by vendors of both standardized and proprietary network management systems.standardized and proprietary network management systems.
1. FAULT MANAGEMENT1. FAULT MANAGEMENT 1. FAULT MANAGEMENT1. FAULT MANAGEMENT
WHEN FAULT OCCURS, IT IS IMPORTANT, AS RAPIDLY AS WHEN FAULT OCCURS, IT IS IMPORTANT, AS RAPIDLY AS POSSIBLE, TO:POSSIBLE, TO:
DETERMINE EXACTLY WHERE THE FAULT IS.DETERMINE EXACTLY WHERE THE FAULT IS. ISOLATE THE REST OF THE NETWORK FROM THE ISOLATE THE REST OF THE NETWORK FROM THE
FAILURE TO FUNCTION WITHOUT INTERFERENCE.FAILURE TO FUNCTION WITHOUT INTERFERENCE. RECONFIGURE THE NETWORK TO MINIMIZE THE IMPACT RECONFIGURE THE NETWORK TO MINIMIZE THE IMPACT
OF OPERATION WITHOUT THE FAILED OF OPERATION WITHOUT THE FAILED COMPONENTS.COMPONENTS.
REPAIR OR REPLACE THE FAILED COMPONENTS TO REPAIR OR REPLACE THE FAILED COMPONENTS TO RESTORE THE NETWORK TO ITS INITIAL STATE. RESTORE THE NETWORK TO ITS INITIAL STATE.
المستثمر يتوقعه المستثمر ما يتوقعه USERS EXPECTUSERS EXPECTما الشبكة حالة عن الشبكة إعالمه حالة عن TO BE INFORMED OF THE NETWORK TO BE INFORMED OF THE NETWORK إعالمه
STATUSSTATUS.. خطأ أو عطل حالة أي عن مباشرة خطأ ابالغه أو عطل حالة أي عن مباشرة RECEIVING IMMEDIATE RECEIVING IMMEDIATE ابالغه
NOTIFICATION IN CASE OF FAULTNOTIFICATION IN CASE OF FAULT.. للمشكلة والموثوق السريع للمشكلة الحل والموثوق السريع FAST AND RELIABLE PROBLEM FAST AND RELIABLE PROBLEM الحل
RESOLUTIONRESOLUTION,, الشبكة عمل صحة على الشبكة التأكيد عمل صحة على REASSURANCE OF CORRECT REASSURANCE OF CORRECT التأكيد
NETWORK OPERATIONNETWORK OPERATION..تحقيق في lوموثوقا lسريعا يكون أن اإلدارة نظام على تحقيق يجب في lوموثوقا lسريعا يكون أن اإلدارة نظام على يجب
التاليالتالي
NM SHOULD HAVE VERY RAPID & RELIABLE:NM SHOULD HAVE VERY RAPID & RELIABLE: FAULT-DETECTION & DIAGNOSTIC-MANAGEMENT FUNCTIONS. FAULT-DETECTION & DIAGNOSTIC-MANAGEMENT FUNCTIONS. MINIMIZING DURATION OF FAULTS BY USING REDUNDANT MINIMIZING DURATION OF FAULTS BY USING REDUNDANT
COMPONENTS AND ALTERNATE COMMUNICATION ROUTES.COMPONENTS AND ALTERNATE COMMUNICATION ROUTES.
FAULT MANAGEMENT SHOULD HAVE A MINIMAL EFFECT ON NETWORK FAULT MANAGEMENT SHOULD HAVE A MINIMAL EFFECT ON NETWORK PERFORMANCE.PERFORMANCE.
2. ACCOUNTING MANAGEMENT2. ACCOUNTING MANAGEMENT2. ACCOUNTING MANAGEMENT2. ACCOUNTING MANAGEMENT
USERS ARE CHARGED FOR THE USE OF NETWORK USERS ARE CHARGED FOR THE USE OF NETWORK SERVICES. SERVICES.
IF NO SUCH INTERNAL CHARGING IS EMPLOYED, THE IF NO SUCH INTERNAL CHARGING IS EMPLOYED, THE NETWORK MANAGER NEEDS TO BE ABLE TO TRACK NETWORK MANAGER NEEDS TO BE ABLE TO TRACK THE USE OF NETWORK FOR SOME REASONS, THE USE OF NETWORK FOR SOME REASONS, INCLUDING:INCLUDING:
– USER(S) MAY BE ABUSING THEIR ACCESS PRIVILEGES & BURDENING USER(S) MAY BE ABUSING THEIR ACCESS PRIVILEGES & BURDENING THE NETWORK AT THE EXPENSE OF OTHERS.THE NETWORK AT THE EXPENSE OF OTHERS.
– USERS MAY BE MAKING INEFFICIENT USE OF THE NETWORK, AND USERS MAY BE MAKING INEFFICIENT USE OF THE NETWORK, AND THE NMer CAN ASSIST IN CHANGING PROCEDURES TO IMPROVE THE NMer CAN ASSIST IN CHANGING PROCEDURES TO IMPROVE PERFORMANCE. PERFORMANCE.
NMer IS IN A BETTER POSITION TO PLAN FOR NMer IS IN A BETTER POSITION TO PLAN FOR NETWORK GROWTH IF USER ACTIVITY IS KNOWN.NETWORK GROWTH IF USER ACTIVITY IS KNOWN.
3.CONFIGURATION & NAME 3.CONFIGURATION & NAME MANAGEMENTMANAGEMENT
3.CONFIGURATION & NAME 3.CONFIGURATION & NAME MANAGEMENTMANAGEMENT
INITIALIZING A NETWORK AND GRACEFULLY INITIALIZING A NETWORK AND GRACEFULLY SHUTTING DOWN PART OR ALL OF THE NETWORK.SHUTTING DOWN PART OR ALL OF THE NETWORK.
MAINTAINING, ADDING & UPDATING THE MAINTAINING, ADDING & UPDATING THE RELATIONSHIPS AMONG COMPONENTS AND THEIR RELATIONSHIPS AMONG COMPONENTS AND THEIR STATUS DURING NETWORK OPERATION.STATUS DURING NETWORK OPERATION.
IDENTIFY THE COMPONENTS THAT COMPRISE THE IDENTIFY THE COMPONENTS THAT COMPRISE THE NETWORKNETWORK
DEFINE THE DESIRED CONNECTIVITY OF DEFINE THE DESIRED CONNECTIVITY OF COMPONENTS. COMPONENTS.
WAYS TO DEFINE AND MODIFY DEFAULT ATTRIBUTES WAYS TO DEFINE AND MODIFY DEFAULT ATTRIBUTES LOAD THESE PRE-DEFINED SETS OF ATTRIBUTES.LOAD THESE PRE-DEFINED SETS OF ATTRIBUTES.
THE NETWORK MANAGER NEEDS THE CAPABILITY THE NETWORK MANAGER NEEDS THE CAPABILITY TOTO CHANGE THE CONNECTIVITY OF NETWORK CHANGE THE CONNECTIVITY OF NETWORK COMPONENTS WHEN USERS' NEEDS CHANGE. COMPONENTS WHEN USERS' NEEDS CHANGE.
RECONFIGURATION OF A NETWORK IS DESIRED IN RECONFIGURATION OF A NETWORK IS DESIRED IN RESPONSE TO PERFORMANCE EVALUATION OR RESPONSE TO PERFORMANCE EVALUATION OR NETWORK UPGRADE, FAULT RECOVERY, OR NETWORK UPGRADE, FAULT RECOVERY, OR SECURITY CHECKS.SECURITY CHECKS.
USERS SHOULD BE NOTIFIED OF THE CHANGES. USERS SHOULD BE NOTIFIED OF THE CHANGES. OFTEN THEY INQUIRE ABOUT THE UPCOMING OFTEN THEY INQUIRE ABOUT THE UPCOMING STATUS OF RESOURCES AND THEIR ATTRIBUTES STATUS OF RESOURCES AND THEIR ATTRIBUTES BEFORE RECONFIGURATION, USERS. BEFORE RECONFIGURATION, USERS.
ONLYONLY AUTHORIZED USERS (OPERATORS) MANAGE AUTHORIZED USERS (OPERATORS) MANAGE AND CONTROL NETWORK OPERATION AND CONTROL NETWORK OPERATION
(E.G.., SOFTWARE DISTRIBUTION AND UPDATING)(E.G.., SOFTWARE DISTRIBUTION AND UPDATING)..
4.PERFORMANCE MANAGEMENT4.PERFORMANCE MANAGEMENT4.PERFORMANCE MANAGEMENT4.PERFORMANCE MANAGEMENT
IT COMPRISES TWO BROAD FUNCTIONAL CATEGORIES: IT COMPRISES TWO BROAD FUNCTIONAL CATEGORIES:
– MONITORINGMONITORING : TRACKS ACTIVITIES ON THE : TRACKS ACTIVITIES ON THE NETWORK.NETWORK.
– CONTROLLINGCONTROLLING: MAKE ADJUSTMENTS TO IMPROVE : MAKE ADJUSTMENTS TO IMPROVE NETWORK PERFORMANCE.NETWORK PERFORMANCE.
SOME OF THE PERFORMANCE ISSUES ARESOME OF THE PERFORMANCE ISSUES ARE:: WHAT IS THE LEVEL OF CAPACITY UTILIZATION?WHAT IS THE LEVEL OF CAPACITY UTILIZATION? IS THERE EXCESSIVE TRAFFIC?IS THERE EXCESSIVE TRAFFIC? HAS THROUGHPUT REDUCED TO UNACCEPTABLE HAS THROUGHPUT REDUCED TO UNACCEPTABLE
LEVELS'? LEVELS'? ARE THERE BOTTLENECKS?ARE THERE BOTTLENECKS? IS RESPONSE TIME INCREASING?IS RESPONSE TIME INCREASING?
USER USER MAY WANT TO KNOW THINGS AS :MAY WANT TO KNOW THINGS AS :– THE AVERAGE AND WORST-CASE RESPONSE TIMES.THE AVERAGE AND WORST-CASE RESPONSE TIMES.
– THE RELIABILITY OF NETWORK SERVICESTHE RELIABILITY OF NETWORK SERVICES. .
NMer NMer NEED PERFORMANCE STATISTICS TO HELP HEM NEED PERFORMANCE STATISTICS TO HELP HEM IN :IN :
ANSWER ALL USER’S QUERIES.ANSWER ALL USER’S QUERIES. PLAN, MANAGE & MAINTAIN LARGE NETWORKS. PLAN, MANAGE & MAINTAIN LARGE NETWORKS. TAKE CORRECTION ACTIONS:TAKE CORRECTION ACTIONS:
– CHANGING ROUTING TABLES .CHANGING ROUTING TABLES .
– BALANCE OR REDISTRIBUTE TRAFFIC LOAD DURING TIMES BALANCE OR REDISTRIBUTE TRAFFIC LOAD DURING TIMES OF PEAK USE OR A BOTTLENECK.OF PEAK USE OR A BOTTLENECK.
5.SECURITY MANAGEMENT5.SECURITY MANAGEMENT5.SECURITY MANAGEMENT5.SECURITY MANAGEMENT
PROVIDES FACILITIES FOR PROTECTION OF A PROVIDES FACILITIES FOR PROTECTION OF A NETWORK MANAGEMENT SYSTEM.NETWORK MANAGEMENT SYSTEM.
MONITORING &CONTROLLING ACCESS TO MONITORING &CONTROLLING ACCESS TO NETWORKS, AND TO ALL PART OF NM NETWORKS, AND TO ALL PART OF NM INFORMATION ON THE NODES.INFORMATION ON THE NODES.
GENERATE, DISTRIBUTE & STORE ENCRYPTION GENERATE, DISTRIBUTE & STORE ENCRYPTION KEYS, PASSWORDS, AND OTHER AUTHORIZATION KEYS, PASSWORDS, AND OTHER AUTHORIZATION OR ACCESS CONTROL INFORMATION. OR ACCESS CONTROL INFORMATION.
THIS FACILITIES SHOULD BE AVAILABLE TO THIS FACILITIES SHOULD BE AVAILABLE TO AUTHORIZED USERS ONLYAUTHORIZED USERS ONLY..
NETWORK MANAGEMENT NETWORK MANAGEMENT CONFIGURATIONCONFIGURATION
NETWORK MANAGEMENT NETWORK MANAGEMENT CONFIGURATIONCONFIGURATION
EACH NODE CONTAIN A COLLECTION OF NM -EACH NODE CONTAIN A COLLECTION OF NM -SOFTWARE : NETWORK MANAGEMENT ENTITY -SOFTWARE : NETWORK MANAGEMENT ENTITY -NME- PERFORMS:NME- PERFORMS:
COLLECTING STATISTICS ON COMMUNICATION COLLECTING STATISTICS ON COMMUNICATION ACTIVITIES.ACTIVITIES.
– STORE THEM LOCALLY.STORE THEM LOCALLY.
– RESPONDS TO NM CENTRE COMMANDS:RESPONDS TO NM CENTRE COMMANDS:
– TRANSMIT COLLECTED STATISTICS TO TRANSMIT COLLECTED STATISTICS TO CENTRE.CENTRE.
– CHANGE A PARAMETER.CHANGE A PARAMETER.
– PROVIDE STATUS INFORMATION.PROVIDE STATUS INFORMATION.
– GENERATE ARTIFICIAL TRAFFIC FOR TEST.GENERATE ARTIFICIAL TRAFFIC FOR TEST.
ONE HOST IN THE NETWORK SHOULD BE ONE HOST IN THE NETWORK SHOULD BE NETWORK-CONTROL HOST (MANAGER)NETWORK-CONTROL HOST (MANAGER)
IT CONTAINS IT CONTAINS NME NME + NETWORK MANAGEMENT + NETWORK MANAGEMENT APPLICATION SOFTWARE (NMA).APPLICATION SOFTWARE (NMA).
NMA HAS OPERATOR INTERFACE.NMA HAS OPERATOR INTERFACE.
TO MAINTAIN HIGH AVAILABILITY : 2 OR MORE HOSTS TO MAINTAIN HIGH AVAILABILITY : 2 OR MORE HOSTS WITH NMA ARE USED.WITH NMA ARE USED.
NMA = NETWORK MANAGEMENT APPLICATIONNME =NETWORK MANAGEMENT ENTITYAPPL. = APPLICATION; COM = COMMUNICATION SOFTWAREOS = OPERATING SYSTEM
HOST(AGENT)
OS
COMNME APPL
NMAOS
COMNME APPL
NME
COMCOM
OS
NME
COMCOM
OS
NETWORK-CONTROLLER HOST (MANAGER)
MONITOR
HOST (AGENT)
OS
COMNME APPL
FRONT-END PROC.
CLUSTER CONTROLLER
NETWORK MANAGEMENT NETWORK MANAGEMENT SOFTWARE ARCHITECTURESOFTWARE ARCHITECTURENETWORK MANAGEMENT NETWORK MANAGEMENT
SOFTWARE ARCHITECTURESOFTWARE ARCHITECTURE
USER PRESENTATION SOFTWAREUSER PRESENTATION SOFTWARE
NETWORK MANAGEMENT SOFTWARENETWORK MANAGEMENT SOFTWARE
COMMUNICATION & DATABASE SUPPORT COMMUNICATION & DATABASE SUPPORT SOFTWARESOFTWARE
1. USER PRESENTATION 1. USER PRESENTATION SOFTWARESOFTWARE
1. USER PRESENTATION 1. USER PRESENTATION SOFTWARESOFTWARE
INTERACTION BETWEEN A USER AND THE INTERACTION BETWEEN A USER AND THE NM SOFTWARE.NM SOFTWARE.
ALLOW USER TO MONITOR & CONTROL THE ALLOW USER TO MONITOR & CONTROL THE NETWORK.NETWORK.
IT ORGANIZE, SUMMARIZE & SIMPLIFY THE IT ORGANIZE, SUMMARIZE & SIMPLIFY THE INFORMATION (GRAPHIC PRESENTATION).INFORMATION (GRAPHIC PRESENTATION).
USUALLY LOCATED ON THE MANAGER USUALLY LOCATED ON THE MANAGER HOSTHOST
IT MAY BE LOCATED ON AN AGENT FOR IT MAY BE LOCATED ON AN AGENT FOR TESTING & DEBUGGING, VIEW /SET SOME TESTING & DEBUGGING, VIEW /SET SOME LOCAL PARAMETERS.LOCAL PARAMETERS.
ALL INTERFACES SHOULD BE UNIFIED.ALL INTERFACES SHOULD BE UNIFIED.
2.NETWORK MANAGEMENT 2.NETWORK MANAGEMENT SOFTWARESOFTWARE
2.NETWORK MANAGEMENT 2.NETWORK MANAGEMENT SOFTWARESOFTWARE
ITS VARY IN COMPLEXITY ( BASED ON THE THE ITS VARY IN COMPLEXITY ( BASED ON THE THE NETWORK TYPE (LAN, WAN, T1, ..ETC..)NETWORK TYPE (LAN, WAN, T1, ..ETC..)
IT MAY ORGANIZE IN 3- LAYERS:IT MAY ORGANIZE IN 3- LAYERS: TOPTOP: COLLECTION OF: COLLECTION OF NM NM APPLS. OF USER APPLS. OF USER
INTEREST.INTEREST. MIDDLEMIDDLE: NM-APPLICATION FOR MONITOR & : NM-APPLICATION FOR MONITOR &
CONTROL THE LOCAL NODE.CONTROL THE LOCAL NODE.– EACH APPL. COVERS BROAD AREA OF NETWORK EACH APPL. COVERS BROAD AREA OF NETWORK
MANAGEMENT. MANAGEMENT.
– APPLICATION ELEMENT: PRIMITIVE & BASIC FUNCTIONAPPLICATION ELEMENT: PRIMITIVE & BASIC FUNCTION
LOWLOW: NM-DATA TRANSPORT SERVICES, ITS A : NM-DATA TRANSPORT SERVICES, ITS A PROTOCOL TO X-CHANGE MANAGEMENT INFO. PROTOCOL TO X-CHANGE MANAGEMENT INFO. AMONG NET-MANAGEMENT ELEMENTS:AMONG NET-MANAGEMENT ELEMENTS:
– GET, SET PARAMETER, ,GENERATE NOTIFICATION ... ETC..GET, SET PARAMETER, ,GENERATE NOTIFICATION ... ETC..
3. NM SUPPORT SOFTWARE3. NM SUPPORT SOFTWARE3. NM SUPPORT SOFTWARE3. NM SUPPORT SOFTWARE
PROVIDES:PROVIDES: ACCESS TO LOCAL & REMOTE ACCESS TO LOCAL & REMOTE
MANAGEMENT INFORMATION BASE (MIB)MANAGEMENT INFORMATION BASE (MIB)– MIB : IS A DATA BASE CONTAINS THE NEEDED MIB : IS A DATA BASE CONTAINS THE NEEDED
INFORMATION ABOUT THE NODE.INFORMATION ABOUT THE NODE.
COMMUNICATION WITH OTHER NODES COMMUNICATION WITH OTHER NODES (GENTS, MANAGERS) BY A (GENTS, MANAGERS) BY A COMMUNICATIONS-PROTOCOL STACK.COMMUNICATIONS-PROTOCOL STACK.
L1
L2
L3
UNIFIED USER INTERFACE
USER PRESENTATION SOFTWARE
NM APPLICATION NM APPLICATION
APP. ELEM. APP. ELEM.APP. ELEM.
NM DATA TRANSPORT SERVICE
MIB ACCESS MODULE
COMM. PROTOCOL STACK
MIBMANAGED NET
MANAGING THE NON-NM MANAGING THE NON-NM SUPPORTED NETWORK SUPPORTED NETWORK
CONPONENTSCONPONENTS
MANAGING THE NON-NM MANAGING THE NON-NM SUPPORTED NETWORK SUPPORTED NETWORK
CONPONENTSCONPONENTS
OLDER SYSTEMS & SMALL ONES ( MODEM, OLDER SYSTEMS & SMALL ONES ( MODEM, MUX) DO NOT SUPPORT ADDITIONAL NM MUX) DO NOT SUPPORT ADDITIONAL NM SOFTWARE.SOFTWARE.
USE ONE AGENT TO SERVE AS PROXY: IT USE ONE AGENT TO SERVE AS PROXY: IT TRANSLATES THE COMMANDS TO THE TRANSLATES THE COMMANDS TO THE NODE AND THE RESPONSE TO THE NODE AND THE RESPONSE TO THE MANAGER.MANAGER.
RPC MECHANISM IS USED.RPC MECHANISM IS USED.
MANAGE-MENTS APPL.
CLIENT STUB
PROTOCOL STACK
PROXY MANAGER
SERVER STUBCLIENT
PROXY STUB
PROTOCOL STACK
PROTOCOLSTACK
PROPRIETARY MAN. INTERFACE
SERVER PROXY STUB
PROTOCOL STACK
STANDARD OPERATIONAND EVENT REPORTS
PROPRIETARY OPERATIONAND EVENT REPORT
DISTRIBUTED NETWORK DISTRIBUTED NETWORK MANAGEMENTMANAGEMENT
DISTRIBUTED NETWORK DISTRIBUTED NETWORK MANAGEMENTMANAGEMENT
CENTRALIZED COMPUTING MODEL HAS CENTRALIZED COMPUTING MODEL HAS GIVEN WAY TO DISTRIBUTED COMPUTING GIVEN WAY TO DISTRIBUTED COMPUTING ARCHITECTUR E.ARCHITECTUR E.
DISTRIBUTED NETWORK MANAGEMENT DISTRIBUTED NETWORK MANAGEMENT BASED ON HIERARCHIACAL MODEL:BASED ON HIERARCHIACAL MODEL:
– DISTRIBUTED MANAGEMENT STATION WITH DISTRIBUTED MANAGEMENT STATION WITH LIMITED ACCESS: MONITOR & CONTROL.LIMITED ACCESS: MONITOR & CONTROL.
– CENTRAL WORK STATION WITH GLOBAL CENTRAL WORK STATION WITH GLOBAL ACCESS RIGHTS.ACCESS RIGHTS.
BENEFITS:BENEFITS: MINIMIZING THE NM TRAFFIC.MINIMIZING THE NM TRAFFIC.
EASY TO MODITY AND UPDATE THE SYSTEM.EASY TO MODITY AND UPDATE THE SYSTEM.
ELIMINATES THE SINGLE POINT OF FAILURE.ELIMINATES THE SINGLE POINT OF FAILURE.
NETWORK MANAGEMENT: NETWORK MANAGEMENT: STANDARDSSTANDARDS
INTERNET INTERNET ENGINEERING TASK FORCE (IETF)
• OPERATIONS AND MANAGEMENT AREA• SNMP
ISO• ISO-IEC/JTC 1/WG 4• OSI• CMIP-CMIS (Common Management Information Protocol/Service)
ITU-TITU-T• SG IV• TMN
OTHERSOTHERS• DMTF• TM FORUM• OMG• IEEE• ...
CHARACTERISTICSCHARACTERISTICSIETFIETF
• • MANAGEMENT SHOULD BE SIMPLEMANAGEMENT SHOULD BE SIMPLE
• • VARIABLE ORIENTED APPROACHVARIABLE ORIENTED APPROACH
• • MANAGEMENT INFORMATION EXCHANGES MAY BE UNRELIABLEMANAGEMENT INFORMATION EXCHANGES MAY BE UNRELIABLE
ISOISO
• • MANAGEMENT SHOULD BE POWERFULMANAGEMENT SHOULD BE POWERFUL
• • OBJECT ORIENTED APPROACHOBJECT ORIENTED APPROACH
• • MANAGEMENT INFORMATION MUST BE EXCHANGED IN A RELIABLE FASHIONMANAGEMENT INFORMATION MUST BE EXCHANGED IN A RELIABLE FASHION
TMNTMN
• • DEFINES ONLY A MANAGEMENT ARCHITECTUREDEFINES ONLY A MANAGEMENT ARCHITECTURE
• • THE ACTUAL PROTOCOLS ARE THOSE OF OSITHE ACTUAL PROTOCOLS ARE THOSE OF OSI
• • OUT-OF-BAND MANAGEMENTOUT-OF-BAND MANAGEMENT
HISTORYHISTORY
1980 1982 1984 1986 1988 1990 1992 1994 1996 1998 2000
SNMP
OSI
TMN
البرتوكول نجح البرتوكول لماذا نجح كمعيار كمعيار SNMPSNMPلماذا؟؟ISOISOوليس وليس
WHY DID SNMP SUCCEEDWHY DID SNMP SUCCEED??
STANDARDS CAN BE OBTAINED FOR FREESTANDARDS CAN BE OBTAINED FOR FREE
STANDARDS ARE AVAILABLE FROM FTP & WWW STANDARDS ARE AVAILABLE FROM FTP & WWW SERVERSSERVERS IN AN ELECTRONIC FORMIN AN ELECTRONIC FORM
RAPID DEVELOPMENT OF STANDARDSRAPID DEVELOPMENT OF STANDARDS
PROTOTYPES MUST DEMONSTRATE THE NEED FOR,PROTOTYPES MUST DEMONSTRATE THE NEED FOR, AND THE FEASIBILITY OF STANDARDSAND THE FEASIBILITY OF STANDARDS
IETF STANDARDIZATIONIETF STANDARDIZATIONW O R KIN G
D O C U M EN T
PROPOSEDSTANDARD
FULLSTANDARD
HISTORICAL
HISTORICAL
implementationexperience
after a maximum
after a maximumof 4 years
of 2 years
several independentimplementationsmust interwork
must be obtained
DRAFTSTANDARD
ISO STANDARDIZATIONISO STANDARDIZATION
W O R KIN GD O C U M EN T
COMMITTEEDRAFT
FULLSTANDARD
TECHNICAL REPORT
TECHNICAL REPORT
nobodyimplements!
still nobodyimplements!!
DRAFTINTERNATIONAL
STANDARD
SNMP HISTORYSNMP HISTORY
pro
po
se
ds
tan
da
rd
i mp
lem
en
t ati
on
ex
pe
rie
nc
e
1987 1988 1989 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999
CMOT :Common Management Information Protocol (CMIP) Over TCP/IP
SGMP
HEMS/HEMP
SNMP
SNMPSMP
SNMPv2
(parties)security
SNMPv2
(community)SNMPv3
dr a
f ts
tan
da
rd
full
sta
nd
ard
his
tor i
c
pro
po
se
ds
tan
da
rd
dr a
f ts
tan
da
rd
pro
po
se
ds
tan
da
rd
dr a
f ts
tan
da
rd
HEMS/HEMP: High-level Entity-Management System/Protocol
NETWORK MANAGEMENT NETWORK MANAGEMENT STANDARD PROTOCOLSSTANDARD PROTOCOLS
NETWORK MANAGEMENT NETWORK MANAGEMENT STANDARD PROTOCOLSSTANDARD PROTOCOLS
SNMP FAMILY: SET OF STANDARDS INCLUDING SNMP FAMILY: SET OF STANDARDS INCLUDING PROTOCOLS, DB-STRUCTURE & SET OF DATA PROTOCOLS, DB-STRUCTURE & SET OF DATA OBJECTS. OBJECTS.
1989, IT ADOPTED AS STANDARD FOR TCP/IP -1989, IT ADOPTED AS STANDARD FOR TCP/IP -BASED INTERNET .BASED INTERNET .
1992 SNMP + SECURITY ENHANCEMENT1992 SNMP + SECURITY ENHANCEMENT
SNMPv2 ( adopted in 1993)SNMPv2 ( adopted in 1993) OSI : LARGE, COMPLEX SET OF STANDERDS FOR OSI : LARGE, COMPLEX SET OF STANDERDS FOR
GENERAL PURPOSE NETWORK MANAGEMENT GENERAL PURPOSE NETWORK MANAGEMENT APPLICATIONS.APPLICATIONS.
OSI HISTORYOSI HISTORY
1980 1982 1984 1986 1988 1990 1992 1994 1996 1998 2000
SC21/WG4
SYSTEMS MGT.
ESTABLISHED
OVERVIEW
MANAGEMENT FUNCTIONS
MANAGEMENTFRAMEWORK
CMIS/CMIP
TMN HISTORYTMN HISTORY
1980 1982 1984 1986 1988 1990 1992 1994 1996 1998 2000
WORK ON TMNSTARTED BY SGIV
M30
IDEAS FROM OSI MGT.
M3010
M3010 (rev.)
WORK STARTED ON DERIVED STANDARDS
RESPONSIBILITY MODEL PART OF MAIN TEXT
RESPONSIBILITY MODEL BECAME ANNEX
الثانية الثانية المحاضرة المحاضرة
الثانية الثانية المحاضرة المحاضرةالمنهاج مم المنهاج حاور حاور
Course OutlineCourse Outline
الثانية الثانية المحاضرة المحاضرةالمنهاج مم المنهاج حاور حاور
Course OutlineCourse Outline الشبكات إدارة نظم وأهمية الشبكات تعريف إدارة نظم وأهمية تعريف الشبكات إدارة نظم الشبكات مكونات إدارة نظم مكونات بروتوكوالت تطور عن تاريخية بروتوكوالت لمحة تطور عن تاريخية لمحة
الشبكات إدارة الشبكات نظم إدارة نظم البرتوكول البرتوكولSNMPv1SNMPv1
البنيةالبنية–األساسية – والوظائف اإلدارة األساسية نموذج والوظائف اإلدارة نموذجالبرتوكول – رزمة وتفاصيل البرتوكول محددات رزمة وتفاصيل محدداتالبيانات – قاعدة البيانات بنية قاعدة MIBMIBبنية
البرتوكول البرتوكولSNMPv2SNMPv2 البرتوكول البرتوكولSNMPv3SNMPv3بعد برتوكولبرتوكول عن بعد اإلدارة عن RMONRMON اإلدارةWeb-based ManagementWeb-based Management
SNMPSNMPSimple Network Management ProtocolSimple Network Management Protocol
What is SNMP?What is SNMP?SNMP VersionsSNMP VersionsPRINCIPLE OPERATIONPRINCIPLE OPERATIONThe Three Parts of SNMPThe Three Parts of SNMP
– SNMP Protocol– Structure of Management Information (SMI)– Management Information Base (MIB)
SNMPV1 Message Formats
Basic tasks that fall under this category areBasic tasks that fall under this category are::
What is Network ManagementWhat is Network Management??
•Fault Management•Dealing with problems and emergencies in the network (router stops routing, server loses power, etc.)
•Performance Management•How smoothly is the network running? •Can it handle the workload it currently has?
•Configuration Management•Keeping track of device settings and how they function
Network Management must beNetwork Management must be......
The management interface must be...
The management mechanism must be...
•Standardized
•Extendible
•Portable
•Inexpensive
•Implemented as software only
Functional Areas of Network Functional Areas of Network ManagementManagement
Configuration Management - inventory, configuration, provisioning
Fault Management - reactive and proactive network fault management
Performance Management - # of packets dropped, timeouts, collisions, CRC errors
Security Management - SNMP doesn’t provide much here
Accounting Management - cost management and chargeback assessment
Asset Management - statistics of equipment, facility, and administration personnel
Planning Management - analysis of trends to help justify a network upgrade or bandwidth increase
SNMP & Network Management HistorySNMP & Network Management History
19831983 - TCP/IP replaces ARPANET at U.S. Dept. of Defense, effective birth of Internet - TCP/IP replaces ARPANET at U.S. Dept. of Defense, effective birth of Internet First model for net management - First model for net management - HEMSHEMS - High-Level Entity Management System ( - High-Level Entity Management System (RFCs 1021,1022,1024,1076RFCs 1021,1022,1024,1076)) 19871987 - ISO OSI proposes - ISO OSI proposes CMIPCMIP - Common Management Information Protocol, and - Common Management Information Protocol, and CMOTCMOT (CMIP over TCP) for the (CMIP over TCP) for the
actual network management protocol for use on the internetactual network management protocol for use on the internet Nov. 1987Nov. 1987 - - SGMPSGMP - Simple Gateway Monitoring protocol ( - Simple Gateway Monitoring protocol (RFC 1028RFC 1028)) 19891989 - Marshall T. Rose heads up - Marshall T. Rose heads up SNMPSNMP working group to create a common network management framework to be working group to create a common network management framework to be
used by both used by both SGMPSGMP and and CMOTCMOT to allow for transition to to allow for transition to CMOTCMOT Aug. 1989Aug. 1989 - “ - “Internet-standard Network Management FrameworkInternet-standard Network Management Framework” defined (” defined (RFCs 1065, 1066, 1067RFCs 1065, 1066, 1067)) Apr. 1989Apr. 1989 - - SNMPSNMP promoted to promoted to recommendedrecommended status as the de facto TCP/IP network management framework ( status as the de facto TCP/IP network management framework (RFC RFC
10981098)) June 1989June 1989 - IAB committee decides to let - IAB committee decides to let SNMPSNMP and and CMOTCMOT develop separately develop separately May 1990May 1990 - IAB promotes - IAB promotes SNMPSNMP to a to a standard protocol with a recommended statusstandard protocol with a recommended status ( (RFC 1157RFC 1157)) Mar. 1991Mar. 1991 - format of MIBs and traps defined ( - format of MIBs and traps defined (RFCs 1212, 1215RFCs 1212, 1215)) TCP/IP MIB definition revised to create TCP/IP MIB definition revised to create SNMPv1 SNMPv1 (RFC 1213)(RFC 1213)
VersionsVersions
•Two major versions SNMPv1, SNMPv2
•SNMPv1 is the recommended standard
•SNMPv2 has become split into:
•SNMPv2u - SNMPv2 with user-based security
•SNMPv2* - SNMPv2 with user-based security and additional features
•SNMPv2c - SNMPv2 without security
What is SNMPWhat is SNMP??
SNMP is a tool (protocol) that allows for remote and SNMP is a tool (protocol) that allows for remote and local management of items on the network including local management of items on the network including servers, workstations, routers, switches and other servers, workstations, routers, switches and other managed devices.managed devices.
Comprised of Comprised of agentsagents and and managersmanagers
•Agent - process running on each managed node collecting information about the device it is running on.
•Manager - process running on a management workstation that requests information about devices on the network.
Advantages of using SNMPAdvantages of using SNMP
StandardizedStandardized universally supporteduniversally supported extendibleextendible portableportable allows distributed management accessallows distributed management access lightweight protocollightweight protocol
Client Pull & Server PushClient Pull & Server Push
SNMP is a “client pull” modelSNMP is a “client pull” model
SNMP is a “server push” modelSNMP is a “server push” model
The management system (client) “pulls” data from the agent (server).
The agent (server) “pushes” out a trap message to a (client) management system
PRINCIPLE OPERATIONPRINCIPLE OPERATION
MANAGER
AGENTS
SNMP
MIB
PRINCIPLE OPERATIONPRINCIPLE OPERATION
MANAGER
AGENTS
TRAPS
POLLING
MIB
PRINCIPLE OPERATIONPRINCIPLE OPERATION
MANAGER
AGENTS
GET / SET
TRAP
MIB
PRINCIPLE OPERATIONPRINCIPLE OPERATION
MANAGER
AGENTS
TABLES
VARIABLES
SNMP STRUCTURESNMP STRUCTUREMANAGER AGENT
CONNECTIONLESS TRANSPORT SERVICE PROVIDER
SNMP PDUs
UDP
Management ApplicationMIB
SNMP & The OSI ModelSNMP & The OSI Model
Management and Agent APIs 7 Application Layer SNMP
6 Presentation Layer ASN.1 and BER 5 Session Layer RPC and NetBIOS 4 Transport Layer TCP and UDP 3 Network Layer IP and IPX 2 Data Link Layer 1 Physical Layer
Ethernet, Token Ring, FDDI
Management and Agent APIs 7 Application Layer SNMP
6 Presentation Layer ASN.1 and BER 5 Session Layer RPC and NetBIOS 4 Transport Layer TCP and UDP 3 Network Layer IP and IPX 2 Data Link Layer 1 Physical Layer
Ethernet, Token Ring, FDDI
Ports & UDPPorts & UDP
•SNMP uses User Datagram Protocol (UDP) as the transport mechanism for SNMP messages
•UDP Port 161 - SNMP Messages
•UDP Port 162 - SNMP Trap Messages
•Like FTP, SNMP uses two well-known ports to operate:
Ethernet Frame IP
PacketUDP
Datagram
SNMP Message CRC
SNMP network management is based on three partsSNMP network management is based on three parts::
The Three Parts of SNMPThe Three Parts of SNMP
•Structure of Management Information (SMI)•Rules specifying the format used to define objects managed on the network that the SNMP protocol accesses
•Management Information Base (MIB)•A map of the hierarchical order of all managed objects and how they are accessed
•SNMP Protocol•Defines format of messages exchanged by management systems and agents.•Specifies the Get, GetNext, Set, and Trap operations
NodesNodes
Items in an SNMP Network are called nodes. There are different types of nodes.
•Managed nodes
•Management nodes
•Nodes that are not manageable by SNMP
Typically runs an agent process that services requests from a management node
Typically a workstation running some network management & monitoring software
A node may not support SNMP, but may be manageable by SNMP through a proxy agent running on another machine
Nodes can be both managed nodes and a management node at the same time (typically this is the case, since you want to be able to manage the workstation that your management application is running on.)
Community NamesCommunity Names
Community names are used to define where an SNMP message is destined for.
They mirror the same concept as a Windows NT or Unix domain.
•Set up your agents to belong to certain communities.
•Set up your management applications to monitor and receive traps from certain community names.
SNMP AgentsSNMP Agents
Two basic designs of agentsTwo basic designs of agents
•Extendible Agents
•Monolithic Agents•not extendible
•optimized for specific hardware platform and OS
•this optimization results in less overhead (memory and system resources) and quicker execution
•Open, modular design allows for adaptations to new management data and operational requirements
Proxy & Gateway AgentsProxy & Gateway Agents
Proxy & Gateway Agents extend the capabilities of SNMP by allowing it to:
•Manage a device that cannot support an SNMP agent
•Manage a device that supports a non-SNMP management agent
•Allow a non-SNMP management system to access an SNMP agent
•Provide firewall-type security to other SNMP agents (UDP packet filtering)
•Translate between different formats of SNMP messages (v1 and v2)
•Consolidate multiple managed nodes into a single network address (also to provide a single trap destination)
Four Basic OperationsFour Basic Operations
•Get
•GetNext
•Set
•Trap
Retrieves the value of a MIB variable stored on the agent machine
(integer, string, or address of another MIB variable)
Retrieves the next value of the next lexical MIB variable
Changes the value of a MIB variable
An unsolicited notification sent by an agent to a management application (typically a notification of something unexpected, like an error)
TrapsTraps
•Traps are unrequested event reports that are sent to a management system by an SNMP agent process
•When a trappable event occurs, a trap message is generated by the agent and is sent to a trap destination (a specific, configured network address)
•Many events can be configured to signal a trap, like a network cable fault, failing NIC or Hard Drive, a “General Protection Fault”, or a power supply failure
•Traps can also be throttled -- You can limit the number of traps sent per second from the agent
•Traps have a priority associated with them -- Critical, Major, Minor, Warning, Marginal, Informational, Normal, Unknown
Trap ReceiversTrap Receivers
•Traps are received by a management application.
•Management applications can handle the trap in a few ways:•Poll the agent that sent the trap for more information about the event, and the status of the rest of the machine.
•Log the reception of the trap.
•Completely ignore the trap.
•Management applications can be set up to send off an e-mail, call a voice mail and leave a message, or send an alpha-numeric page to the network administrator’s pager that says:
Your PDC just Blue-Screened at 03:46AM. Have a nice day. :)
Languages of SNMPLanguages of SNMP
•Structure of Management Information (SMI)
•Abstract Syntax Notation One (ASN.1)
•Basic Encoding Rules (BER)
specifies the format used for defining managed objects that are accessed via the SNMP protocol
used to define the format of SNMP messages and managed objects (MIB modules) using an unambiguous data description format
used to encode the SNMP messages into a format suitable for transmission across a network
SMIv1SMIv1Structure of Management Information
SMIv1 is described in RFCs 1155, 1212, 1215
These RFCs describe:
•How MIB modules are defined with CCITT X.208 ASN.1 data description language
•The subset of the ASN.1 language that is used in MIBs
•The addition of the APPLICATION data type to ASN.1, specifically for use with SNMP MIBs
•All ASN.1 constructs are serialized using the CCITT X.209 BER for transmission across the wire
•definition of the high-level structure of the Internet branch (iso(1).org(3).dod(6).internet(1)) of the MIB naming tree
•the definition and description of an SNMP managed object
SMIv2SMIv2Structure of Management Information
SMIv2 is described in RFCs 1442, 1443, 1444
These RFCs describe:
•SMIv2 is a backward compatible update to SMIv1
•The only exception is the Counter64 type defined by SMIv2
•Counter64 cannot be created in SMIv2
•RFC 2089 defines how bilingual (SMIv1 & SMIv2) agents handle the Counter64 data type
•IETF requires that new and revised RFCs specify MIB modules using SMIv2
ASN.1ASN.1Abstract Syntax Notation One
ASN.1 is nothing more than a language definition. It is similar to C/C++ and other programming languages.
Syntax examples:-- two dashes is a comment -- The C equivalent is written in the comment
MostSevereAlarm ::= INTEGER -- typedef MostSevereAlarm int;
circuitAlarms MostSevereAlarm ::= 3 -- MostSevereAlarm circuitAlarms = 3;
MostSevereAlarm ::= INTEGER (1..5) -- specify a valid range
ErrorCounts ::= SEQUENCE {
circuitID OCTET STRING,
erroredSeconds INTEGER,
unavailableSeconds INTEGER
} -- data structures are defined using the SEQUENCE keyword
BERBERBasic Encoding Rules
The relationship between ASN.1 and BER parallels that of source code and machine code.
CCITT X.209 specifies the Basic Encoding Rules
All SNMP messages are converted / serialized from ASN.1 notation into smaller, binary data (BER)
•INTEGER -- signed 32-bit integer
•OCTET STRING
•OBJECT IDENTIFIER (OID)
•NULL -- not actually data type, but data value
•IpAddress -- OCTET STRING of size 4, in network byte order (B.E.)
•Counter -- unsigned 32-bit integer (rolls over)
•Gauge -- unsigned 32-bit integer (will top out and stay there)
•TimeTicks -- unsigned 32-bit integer (rolls over after 497 days)
•Opaque -- used to create new data types not in SNMPv1
•DateAndTime, DisplayString, MacAddress, PhysAddress, TimeInterval, TimeStamp, TruthValue, VariablePointer -- textual conventions used as types
SNMP Data TypesSNMP Data Types
Yellow items defined by ASN.1
Orange items defined
by RFC 1155
Managed “Objects” & MIBsManaged “Objects” & MIBs
Always defined and referenced within the context of a MIB
A typical MIB variable definition:
sysContact OBJECT-TYPE -- OBJECT-TYPE is a macro
SYNTAX DisplayString (SIZE (0..255))
ACCESS read-write -- or read-write, write-only, not-accessible
STATUS mandatory -- or optional, deprecated, obsolete
DESCRIPTION
“Chris Francois
(360)650-0000”
::= { system 4 }
Basic Message FormatBasic Message Format
Message Length
Message Version
Community String
PDU Header
PDU Body
Message Preamble
SNMP Protocol Data Unit
Message Length
Message Version
Community String
PDU Type
PDU Length
Request IDError Status
Error Index
Length of Variable Bindings
Length of First Binding
Additional Variable Bindings
OID of First BindingType of First Binding
Value of First Binding
Length of Second Binding
OID of Second BindingType of Second Binding
Value of Second Binding
Message Length
Message Version
Community String
PDU Type
PDU Length
Enterprises MIB OIDAgent IP Address
Standard Trap Type
Length of Variable Bindings
Length of First Binding
Additional Variable Bindings
OID of First BindingType of First Binding
Value of First Binding
Length of Second Binding
OID of Second BindingType of Second Binding
Value of Second Binding
Specific Trap TypeTime Stamp
PDU Body
SNMP Message Preamble
PDU Header
SNMPV1 Message Formats
Trap
Commercial SNMP ApplicationsCommercial SNMP ApplicationsHere are some of the various SNMP Management products available today:
•http://www.hp.com/go/openview/ HP OpenView
•http://www.tivoli.com/ IBM NetView
•http://www.novell.com/products/managewise/ Novell ManageWise
•http://www.sun.com/solstice/ Sun MicroSystems Solstice
•http://www.microsoft.com/smsmgmt/ Microsoft SMS Server
•http://www.compaq.com/products/servers/management/ Compaq Insight Manger
•http://www.redpt.com/ SnmpQL - ODBC Compliant
•http://www.empiretech.com/ Empire Technologies
•ftp://ftp.cinco.com/users/cinco/demo/ Cinco Networks NetXray
•http://www.netinst.com/html/snmp.html SNMP Collector (Win9X/NT)
•http://www.netinst.com/html/Observer.html Observer
•http://www.gordian.com/products_technologies/snmp.html Gordian’s SNMP Agent
•http://www.castlerock.com/ Castle Rock Computing
•http://www.adventnet.com/ Advent Network Management
•http://www.smplsft.com/ SimpleAgent, SimpleTester
SNMP & Windows NT 5.0SNMP & Windows NT 5.0
Some features of the Windows NT5 SNMP Service
•Full bilingual support for SNMPv1 and SNMPv2c
•ability to map SNMPv2c requests to SNMPv1 for processing by extension agents
•better synchronization of MIB variables
•a new extension agent framework (backward compatible with original framework, but with MS add-ons)
•code-generator for creation of extension agents
•MIB-II, LAN Manager 2, IP Forwarding MIB (RFC 1354), and Host Resources MIB (RFC 1514) extension agents included
•All MIB modules included with SNMP install
•SMS 2.0 also has a Symantec PCAnywhere type of application integrated into it, allowing “remote-but-local” management as well
SNMPSNMPRFC’sRFC’s
RFC Description Published Current Status1065 SMIv1 Aug-88 Obsoleted by 11551066 SNMPv1 MIB Aug-88 Obsoleted by 11561067 SNMPv1 Aug-88 Obsoleted by 10981098 SNMPv1 Apr-89 Obsoleted by 11571155 SMIv1 May-90 Standard1156 SNMPv1 MIB May-90 Historic1157 SNMPv1 May-90 Standard1158 SNMPv1 MIB-II May-90 Obsoleted by 12131212 SNMPv1 MIB definitions Mar-91 Standard1213 SNMPv1 MIB-II Mar-91 Standard1215 SNMPv1 traps Mar-91 Informational1351 Secure SNMP administrative model Jul-92 Proposed Standard1352 Secure SNMP managed objects Jul-92 Proposed Standard1353 Secure SNMP security protocols Jul-92 Proposed Standard1441 Introduction to SNMPv2 Apr-93 Proposed Standard1442 SMIv2 Apr-93 Obsoleted by 19021443 Textual conventions for SNMPv2 Apr-93 Obsoleted by 19031444 Conformance statements for SNMPv2 Apr-93 Obsoleted by 19041445 SNMPv2 administrative model Apr-93 Historic1446 SNMPv2 security protocols Apr-93 Historic1447 SNMPv2 party MIB Apr-93 Historic1448 SNMPv2 protocol operations Apr-93 Obsoleted by 19051449 SNMPv2 transport mapping Apr-93 Obsoleted by 19061450 SNMPv2 MIB Apr-93 Obsoleted by 19071451 Manger-to-manger MIB Apr-93 Historic1452 Coexistence of SNMPv1 and SNMPv2 Apr-93 Obsoleted by 19081901 Community-Based SNMPv2 Jan-96 Experimental1902 SMIv2 Jan-96 Draft Standard1903 Textual conventions for SNMPv2 Jan-96 Draft Standard1904 Conformance statements for SNMPv2 Jan-96 Draft Standard1905 Protocol operations for SNMPv2 Jan-96 Draft Standard1906 Transport mapping for SNMPv2 Jan-96 Draft Standard1907 SNMPv2 MIB Jan-96 Draft Standard1908 Coexistence of SNMPv1 and SNMPv2 Jan-96 Draft Standard1909 Administrative infrastructure for SNMPv2 Feb-96 Experimental1910 User-based security for SNMPv2 Feb-96 Experimental
الثا الثا المحاضرة ةةلثلثالمحاضرة
33المحاضرة المحاضرة
المنهاج مم المنهاج حاور حاورCourse OutlineCourse Outline
33المحاضرة المحاضرة
المنهاج مم المنهاج حاور حاورCourse OutlineCourse Outline
الشبكات إدارة نظم وأهمية الشبكات تعريف إدارة نظم وأهمية تعريف الشبكات إدارة نظم الشبكات مكونات إدارة نظم مكونات بروتوكوالت تطور عن تاريخية بروتوكوالت لمحة تطور عن تاريخية لمحة
الشبكات إدارة الشبكات نظم إدارة نظم البرتوكول البرتوكولSNMPv1SNMPv1
البنيةالبنية–األساسية – والوظائف اإلدارة األساسية نموذج والوظائف اإلدارة نموذج
البرتوكول – رزمة وتفاصيل البرتوكول محددات رزمة وتفاصيل محدداتالبيانات – قاعدة البيانات بنية قاعدة MIBMIBبنية
البرتوكول البرتوكولSNMPv2SNMPv2 البرتوكول البرتوكولSNMPv3SNMPv3بعد برتوكولبرتوكول عن بعد اإلدارة عن RMONRMON اإلدارةWeb-based ManagementWeb-based Management
البرتوكول البرتوكول أهداف SNMP GOALSSNMP GOALSأهداف
UBIQUITYUBIQUITY• • PCs AND CRAYsPCs AND CRAYs
INCLUSION OF MANAGEMENTINCLUSION OF MANAGEMENTSHOULD BE INEXPENSIVESHOULD BE INEXPENSIVE• • SMALL CODESMALL CODE• • LIMITED FUNCTIONALITYLIMITED FUNCTIONALITY
MANAGEMENT EXTENSIONSMANAGEMENT EXTENSIONS SHOULD BE SHOULD BE POSSIBLEPOSSIBLE• • NEW MIBsNEW MIBs
MANAGEMENT SHOULD BE ROBUSTMANAGEMENT SHOULD BE ROBUST• • CONNECTIONLESS TRANSPORTCONNECTIONLESS TRANSPORT
PRINCIPLE OPERATIONPRINCIPLE OPERATION
MANAGER
AGENTS
SNMP
MIB
PRINCIPLE OPERATIONPRINCIPLE OPERATION
MANAGER
AGENTS
TRAPS
POLLING
MIB
PRINCIPLE OPERATIONPRINCIPLE OPERATION
MANAGER
AGENTS
GET / SET
TRAP
MIB
PRINCIPLE OPERATIONPRINCIPLE OPERATION
MANAGER
AGENTS
TABLES
VARIABLES
SNMP STRUCTURESNMP STRUCTUREMANAGER AGENT
CONNECTIONLESS TRANSPORT SERVICE PROVIDER
SNMP PDUs
UDP
Management ApplicationMIB
STANDARDSSTANDARDS
SMISMI• • STRUCTURE OF MANAGEMENT INFORMATIONSTRUCTURE OF MANAGEMENT INFORMATION
• • RFC 1155RFC 1155
MIB-IIMIB-II• • MANAGEMENT INFORMATION BASEMANAGEMENT INFORMATION BASE
• • RFC 1213RFC 1213
• • A LARGE NUMBER OF ADDITIONAL MIBs EXISTA LARGE NUMBER OF ADDITIONAL MIBs EXIST
SNMPSNMP• • SIMPLE NETWORK MANAGEMENT PROTOCOLSIMPLE NETWORK MANAGEMENT PROTOCOL
• • RFC 1157RFC 1157
• • NAME IS USED IN A MORE GENERAL SENSENAME IS USED IN A MORE GENERAL SENSE
NEWER VERSIONS: SNMPv2 & SNMPv3NEWER VERSIONS: SNMPv2 & SNMPv3
SNMPSNMP
Simple Network Management Protocol (SNMP) is a network management Simple Network Management Protocol (SNMP) is a network management specification developed by the Internet Engineering Task Force (IETF),specification developed by the Internet Engineering Task Force (IETF),1 a a subsidiary group of the Internet Activities Board (IAB),subsidiary group of the Internet Activities Board (IAB),2 in the mid 1980s in the mid 1980s to provide standard, simplified, and extensible management of LAN-to provide standard, simplified, and extensible management of LAN-based internetworking products such as bridges, routers, and wiring based internetworking products such as bridges, routers, and wiring concentrators concentrators
SNMP was designed to reduce the complexity of network management SNMP was designed to reduce the complexity of network management and minimize the amount of resources required to support it. and minimize the amount of resources required to support it.
SNMP provides for centralized, robust, interoperable network SNMP provides for centralized, robust, interoperable network management, along with the flexibility to allow for the management of management, along with the flexibility to allow for the management of vendor-specific information.vendor-specific information.
SNMPSNMP
SNMP is a communication specification that defines how SNMP is a communication specification that defines how management information is exchanged between network management information is exchanged between network management applications and management agents. There are management applications and management agents. There are several versions of SNMP, two of the most common are SNMPv1 several versions of SNMP, two of the most common are SNMPv1 and SNMPv2.. and SNMPv2..
SNMPv1 is a simple message based SNMPv1 is a simple message based request/responserequest/response application-layerapplication-layer protocol which typically uses the User Datagram protocol which typically uses the User Datagram Protocol (UDP) for data delivery. The SNMPv1 network Protocol (UDP) for data delivery. The SNMPv1 network management architecture containsmanagement architecture contains
SNMPSNMP
Network Management Station (NMS) - Workstation that hosts the network Network Management Station (NMS) - Workstation that hosts the network management application. management application.
SNMPv1 network management application - Polls management agents SNMPv1 network management application - Polls management agents for information and provides control information to agents. for information and provides control information to agents.
Management Information Base (MIB) - Defines the information that can Management Information Base (MIB) - Defines the information that can be collected and controlled by the management application. SNMPv1 be collected and controlled by the management application. SNMPv1 management agent(s) - Provides information contained in the management agent(s) - Provides information contained in the
MIB to management applications and may accept control informationMIB to management applications and may accept control information
SNMP OperationsSNMP Operations Attributes of managed objects may be monitored or set by the network Attributes of managed objects may be monitored or set by the network
management application using the following operations: management application using the following operations:
GET_NEXT_REQUESTGET_NEXT_REQUEST - Requests the next object instance - Requests the next object instance from a table or list from an agent from a table or list from an agent
GET_RESPONSEGET_RESPONSE - Returned answer to - Returned answer to get_next_requestget_next_request, , get_requestget_request, or , or set_requestset_request
GET_REQUESTGET_REQUEST - Requests the value of an object instance - Requests the value of an object instance from the agent from the agent
SET_REQUESTSET_REQUEST - Set the value of an object instance within an - Set the value of an object instance within an agent agent
TRAP TRAP - Send trap (event) asynchronously to - Send trap (event) asynchronously to network network management application.management application. Agents can send a trap when a Agents can send a trap when a condition has occurred, such as change in state of a device, condition has occurred, such as change in state of a device, device failure or agent initialization/restart. device failure or agent initialization/restart.
The Structure of PDUsThe Structure of PDUs
The PDU FieldsThe PDU Fields
The The version numberversion number (an INTEGER type) assures that both manager and (an INTEGER type) assures that both manager and agent are using the same version of the SNMP protocol. agent are using the same version of the SNMP protocol.
– Messages between manager and agent containing different version Messages between manager and agent containing different version numbers are discarded without further processing. numbers are discarded without further processing.
The The community namecommunity name (an OCTET STRING type) authenticates the (an OCTET STRING type) authenticates the manager before allowing access to the agent. The community name, manager before allowing access to the agent. The community name, along with the manager’s IP address, is stored in the agent’s community along with the manager’s IP address, is stored in the agent’s community profile.profile.
– If there’s a difference between the manager and agent values for the If there’s a difference between the manager and agent values for the community name, the agent will send an authentication failure trap community name, the agent will send an authentication failure trap message to the manager. If both the version number and community message to the manager. If both the version number and community name from the manager match the ones stored in the agent, the name from the manager match the ones stored in the agent, the SNMP PDU begins processingSNMP PDU begins processing
Get, Set, and Response PDU FormatsGet, Set, and Response PDU Formats
The first field, The first field, PDU TypePDU Type, specifies the type of PDU the message , specifies the type of PDU the message contains: contains:
PDUPDU PDU Type Field ValuePDU Type Field Value
GetRequest GetRequest 0 0
GetNextRequest GetNextRequest 1 1
GetResponse GetResponse 2 2
SetRequest SetRequest 3 3
Trap Trap 4 4
The The Request IDRequest ID field is an INTEGER type that correlates the manager’s field is an INTEGER type that correlates the manager’s request to the agent’s response. request to the agent’s response.
Get, Set, and Response PDU FormatsGet, Set, and Response PDU Formats The The Error StatusError Status field is an enumerated INTEGER type that indicates normal field is an enumerated INTEGER type that indicates normal
operation (noError) or one of five error conditions. The possible values are:operation (noError) or one of five error conditions. The possible values are:
Error Error Value Value MeaningMeaning
noError noError 0 0 Proper manager/agent operation. Proper manager/agent operation.
TooBig TooBig 1 1 The size of the required GetResponse PDU exceeds a The size of the required GetResponse PDU exceeds a local local limitation. limitation.
noSuchName noSuchName 2 2 The requested object name did not match the names The requested object name did not match the names available in the relevant MIB View. available in the relevant MIB View.
badValue badValue 3 3 A SetRequest contained an inconsistent type, length, and A SetRequest contained an inconsistent type, length, and value for the variable. value for the variable.
readOnly readOnly 4 4 Not defined in RFC 1157. (Historical footnote: this error is Not defined in RFC 1157. (Historical footnote: this error is listed, but the description of the SetRequest PDU listed, but the description of the SetRequest PDU
processing does not describe how this error processing does not describe how this error is generated. is generated. The standard interpretation is that this error The standard interpretation is that this error should not should not be be generated, although some vendor’s agents generated, although some vendor’s agents nevertheless do.) genErr nevertheless do.) genErr 5 5 Other errors, not explicitly defined, have Other errors, not explicitly defined, have occurred. occurred.
Get, Set, and Response PDU FormatsGet, Set, and Response PDU Formats
When an error occurs, the When an error occurs, the Error Index fieldError Index field identifies the entry identifies the entry within the variable bindings list that caused the error. For within the variable bindings list that caused the error. For example, if a readOnly error occurred, it would return an Error example, if a readOnly error occurred, it would return an Error Index = 4Index = 4
Variable BindingVariable Binding (VarBind) pairs a variable name with its value. (VarBind) pairs a variable name with its value.
A A VarBindList VarBindList is a list of such pairings. is a list of such pairings.
– within the Variable Bindings fields of the SNMP PDUs, the within the Variable Bindings fields of the SNMP PDUs, the word Object identifies the variable name (OID encoding of word Object identifies the variable name (OID encoding of object type plus the instance) for which a value is being object type plus the instance) for which a value is being communicated.communicated.
GetRequest or GetNextRequest PDUs use a value of NULL, GetRequest or GetNextRequest PDUs use a value of NULL, which is a special ASN.1 data type.which is a special ASN.1 data type.
Using the GetRequest PDUUsing the GetRequest PDU The manager uses the GetRequest PDU to retrieve the value of The manager uses the GetRequest PDU to retrieve the value of
one or more object(s) from an agent. one or more object(s) from an agent.
– In most cases, these are scalar, not columnar, objects. In most cases, these are scalar, not columnar, objects.
To generate the GetRequest PDU, the manager assigns PDU To generate the GetRequest PDU, the manager assigns PDU Type = 0, specifies a locally defined Request ID, and sets both Type = 0, specifies a locally defined Request ID, and sets both the ErrorStatus and ErrorIndex to 0. A VarBindList, containing the ErrorStatus and ErrorIndex to 0. A VarBindList, containing the requested variables and corresponding NULL (placeholder) the requested variables and corresponding NULL (placeholder) values, completes the PDU.values, completes the PDU.
Under error-free conditions, the agent generates a Under error-free conditions, the agent generates a GetResponse PDU, which is assigned PDU Type = 2, the same GetResponse PDU, which is assigned PDU Type = 2, the same value of Request ID, Error Status = noError, and Error Index = 0. value of Request ID, Error Status = noError, and Error Index = 0. The Variable Bindings now contain the values associated with The Variable Bindings now contain the values associated with each of the variables noted in the GetRequest PDU each of the variables noted in the GetRequest PDU
Recall that the term variable refers to an instance of a managed Recall that the term variable refers to an instance of a managed object. object.
..… ..…Using the GetRequest PDUUsing the GetRequest PDU
Four error conditions are possible:Four error conditions are possible:
– •• If a variable in the Variable Bindings field does not exactly If a variable in the Variable Bindings field does not exactly match an available object, the agent returns a GetResponse PDU match an available object, the agent returns a GetResponse PDU with Error with Error Status = noSuchNameStatus = noSuchName, and with the Error Index , and with the Error Index indicating the index of the variable in question. indicating the index of the variable in question.
– •• If a variable is an aggregate type, such as a row object, the If a variable is an aggregate type, such as a row object, the agent returns a GetResponse PDU with agent returns a GetResponse PDU with Error Status = Error Status = noSuchNamenoSuchName, and with the Error Index indicating the index of the , and with the Error Index indicating the index of the variable in question. variable in question.
– •• If the size of the appropriate GetResponse PDU would exceed a If the size of the appropriate GetResponse PDU would exceed a local limitation, then the agent returns a GetResponse PDU of local limitation, then the agent returns a GetResponse PDU of identical form, with identical form, with Error Status = tooBigError Status = tooBig, and Error Index = 0. , and Error Index = 0.
– •• If the value of a requested variable cannot be retrieved for any If the value of a requested variable cannot be retrieved for any other reason, then the agent returns a GetResponse PDU with other reason, then the agent returns a GetResponse PDU with Error Status = genErr, and the Error Index indicating the index of Error Status = genErr, and the Error Index indicating the index of the variable in question. the variable in question.
Using the GetNextRequest PDUUsing the GetNextRequest PDU
The manager uses the GetNextRequest PDU to retrieve one or more The manager uses the GetNextRequest PDU to retrieve one or more objects and their values from an agent. In most cases, these multiple objects and their values from an agent. In most cases, these multiple objects will reside within a table. to generate the GetNextRequest objects will reside within a table. to generate the GetNextRequest PDU the manager assigns PDU Type = 1, specifies a locally defined PDU the manager assigns PDU Type = 1, specifies a locally defined Request ID, and sets both the ErrorStatus and the ErrorIndex to 0. Request ID, and sets both the ErrorStatus and the ErrorIndex to 0.
A VarBindList, containing the OIDs and corresponding NULL A VarBindList, containing the OIDs and corresponding NULL (placeholder) values, completes the PDU. These OIDs can be any OID (placeholder) values, completes the PDU. These OIDs can be any OID (which may be a variable) that immediately precedes the variable and (which may be a variable) that immediately precedes the variable and value returned. Under error-free conditions, the agent generates a value returned. Under error-free conditions, the agent generates a GetResponse PDU, which is assigned PDU Type = 2, the same value GetResponse PDU, which is assigned PDU Type = 2, the same value of Request ID, Error Status = noError, and Error Index = 0. The of Request ID, Error Status = noError, and Error Index = 0. The Variable Bindings contain the name and value associated with the Variable Bindings contain the name and value associated with the lexicographical successor of each of the OIDs noted in the lexicographical successor of each of the OIDs noted in the GetNextRequest PDU. GetNextRequest PDU.
... Using the GetNextRequest ... Using the GetNextRequest PDUPDU
Three error conditions are possible:Three error conditions are possible:
– •• If a variable in the Variable Bindings field does not If a variable in the Variable Bindings field does not lexicographically precede the name of an object that may be lexicographically precede the name of an object that may be retrieved (that is, an object available for Get operations and retrieved (that is, an object available for Get operations and within the relevant MIB View), the agent returns a within the relevant MIB View), the agent returns a GetResponse PDU with Error Status = GetResponse PDU with Error Status = noSuchNamenoSuchName, and with , and with the Error Index indicating the index of the variable in the Error Index indicating the index of the variable in question. This condition is called “running off the end of the question. This condition is called “running off the end of the MIB View.” MIB View.”
– •• If the size of the appropriate GetResponse PDU exceeds a If the size of the appropriate GetResponse PDU exceeds a local limitation, the agent returns a GetResponse PDU of local limitation, the agent returns a GetResponse PDU of identical form, with Error Status = identical form, with Error Status = tooBigtooBig and Error Index = 0. and Error Index = 0.
– •• If the value of the lexicographical successor to a requested If the value of the lexicographical successor to a requested variable in the Variable Bindings field cannot be retrieved for variable in the Variable Bindings field cannot be retrieved for any other reason, the agent returns a GetResponse PDU, with any other reason, the agent returns a GetResponse PDU, with Error Status = Error Status = genErrgenErr, and the Error Index indicating the index , and the Error Index indicating the index of the variable in questionof the variable in question
Using the SetRequest PDUUsing the SetRequest PDU
The manager uses the SetRequest PDU to assign a value to The manager uses the SetRequest PDU to assign a value to an object residing in the agent. an object residing in the agent.
To generate that PDU the manager assigns PDU Type = 3, To generate that PDU the manager assigns PDU Type = 3, specifies a locally defined Request ID, and sets both the specifies a locally defined Request ID, and sets both the ErrorStatus and ErrorIndex to 0. A VarBindList, containing ErrorStatus and ErrorIndex to 0. A VarBindList, containing the specified variables and their corresponding values, the specified variables and their corresponding values, completes the PDU. When the agent receives the SetRequest completes the PDU. When the agent receives the SetRequest PDU, it alters the values of the named objects to the values in PDU, it alters the values of the named objects to the values in the variable binding. Under error-free conditions, the agent the variable binding. Under error-free conditions, the agent generates a GetResponse PDU of identical form, except that generates a GetResponse PDU of identical form, except that the assigned PDU Type = 2, Error Status = noError, and Error the assigned PDU Type = 2, Error Status = noError, and Error Index = 0Index = 0
Using the SetRequest PDUUsing the SetRequest PDU Four error conditions are possible:Four error conditions are possible:
– If a variable in the Variable Bindings field is not available for Set If a variable in the Variable Bindings field is not available for Set operations within the relevant MIB View, the agent returns a operations within the relevant MIB View, the agent returns a GetResponse PDU of identical form, with GetResponse PDU of identical form, with Error Status = noSuchNameError Status = noSuchName, , and with the Error Index indicating the index of the object name in and with the Error Index indicating the index of the object name in question. (Historical note: Some agent implementations return Error question. (Historical note: Some agent implementations return Error Status = readOnly if the object exists, but Access = read-only for that Status = readOnly if the object exists, but Access = read-only for that variable.) variable.)
– If the value of a variable named in the Variable Bindings field does not If the value of a variable named in the Variable Bindings field does not conform to the ASN.1 Type, Length, and Value required, the agent returns conform to the ASN.1 Type, Length, and Value required, the agent returns a GetResponse PDU of identical form, with a GetResponse PDU of identical form, with Error Status = badValueError Status = badValue and and the Error Index indicating the index of the variable in question. the Error Index indicating the index of the variable in question.
– If the size of the appropriate GetResponse PDU exceeds a local limitation, If the size of the appropriate GetResponse PDU exceeds a local limitation, the agent returns a GetResponse PDU of identical form, with the agent returns a GetResponse PDU of identical form, with Error Status Error Status = tooBig, and Error Index = 0. = tooBig, and Error Index = 0.
– If the value of a variable cannot be altered for any other reason, the agent If the value of a variable cannot be altered for any other reason, the agent returns a GetResponse PDU of identical form, with returns a GetResponse PDU of identical form, with Error Status = genErrError Status = genErr and the Error Index indicating the index of the variable in question. and the Error Index indicating the index of the variable in question.
The Trap PDU FormatThe Trap PDU Format
The Trap PDU has a format distinct from the four other SNMP PDUsThe Trap PDU has a format distinct from the four other SNMP PDUs
The first field indicates the Trap PDU and contains PDU Type = 4. The first field indicates the Trap PDU and contains PDU Type = 4.
The Enterprise field identifies the management enterprise under The Enterprise field identifies the management enterprise under whose registration authority the trap was defined. For example, the whose registration authority the trap was defined. For example, the OID prefix {1.3.6.1.4.1.110} would identify Network General Corp. as OID prefix {1.3.6.1.4.1.110} would identify Network General Corp. as the Enterprise sending a trap.the Enterprise sending a trap.
The Agent Address field, which contains the IP address of the The Agent Address field, which contains the IP address of the agent, provides further identification. If a non-IP transport protocol agent, provides further identification. If a non-IP transport protocol is used, the value 0.0.0.0 is returned. is used, the value 0.0.0.0 is returned.
The Trap PDU FormatThe Trap PDU Format There are seven defined values (enumerated INTEGER types) for this field:There are seven defined values (enumerated INTEGER types) for this field:
Trap Trap Value Value MeaningMeaning
coldStart coldStart 0 0 The sending protocol entity (higher-layer The sending protocol entity (higher-layer network management) has reinitialized, network management) has reinitialized, indicating that the agent’s configuration or indicating that the agent’s configuration or
entity implementation may be altered. entity implementation may be altered.
warmStart warmStart 1 1 The sending protocol has reinitialized, but The sending protocol has reinitialized, but neither the agent’s configuration nor the neither the agent’s configuration nor the protocol entity implementation has been protocol entity implementation has been
altered. altered.
linkDown linkDown 2 2 A communication link has failed. The affected A communication link has failed. The affected interface is identified as the first element within interface is identified as the first element within the Variable Bindings field: name and value of the Variable Bindings field: name and value of
the the ifIndexifIndex instance. instance.
linkUp linkUp 3 3 A communication link has come up. The A communication link has come up. The affected interface is identified as the first affected interface is identified as the first element within the Variable Bindings field: name element within the Variable Bindings field: name
and value of the and value of the ifIndexifIndex instance. instance.
authenticationFailure 4 authenticationFailure 4 The agent has received an improperly authenticated SNMP message The agent has received an improperly authenticated SNMP message from the manager; that is, the community name was incorrect. from the manager; that is, the community name was incorrect.
egpNeighborLoss egpNeighborLoss 5 5 An EGP peer neighbor is down. An EGP peer neighbor is down.
enterpriseSpecific enterpriseSpecific 6 6 A nongeneric trap has occurred, which is further identified A nongeneric trap has occurred, which is further identified by the Specific Trap Type field and Enterprise field. by the Specific Trap Type field and Enterprise field.
Two additional fields complete the Trap PDU. The Timestamp field contains the value of the sysUpTime object, representing the Two additional fields complete the Trap PDU. The Timestamp field contains the value of the sysUpTime object, representing the amount of time elapsed between the last (re-)initialization of the agent and the generation of that Trap. The last field contains amount of time elapsed between the last (re-)initialization of the agent and the generation of that Trap. The last field contains the Variable Bindingsthe Variable Bindings
The Trap PDU FormatThe Trap PDU Format There are seven defined values (enumerated INTEGER types) for this field:There are seven defined values (enumerated INTEGER types) for this field:
Trap Trap Value Value MeaningMeaning . .
authenticationFailureauthenticationFailure 4 4 The agent has received an improperly The agent has received an improperly authenticated SNMP message from authenticated SNMP message from the manager; that is, the community the manager; that is, the community name was incorrect. name was incorrect.
egpNeighborLoss egpNeighborLoss 5 5 An EGP peer neighbor is down. An EGP peer neighbor is down.
enterpriseSpecific enterpriseSpecific 6 6 A nongeneric trap has occurred, A nongeneric trap has occurred, which is further identified by the Swhich is further identified by the Specific Trap Type field and Enterprise field. pecific Trap Type field and Enterprise field.
Two additional fields complete the Trap PDU. The Two additional fields complete the Trap PDU. The TimestampTimestamp field contains the value of the sysUpTime object, field contains the value of the sysUpTime object, representing the amount of time elapsed between the last (re-)initialization of the agent and the representing the amount of time elapsed between the last (re-)initialization of the agent and the generation of that Trap. generation of that Trap.
The last field contains the The last field contains the Variable BindingsVariable Bindings
Using the Trap PDUUsing the Trap PDU
The agent uses the Trap PDU to alert the manager that a predefined The agent uses the Trap PDU to alert the manager that a predefined event has occurred. To generate the Trap PDU, the agent assigns PDU event has occurred. To generate the Trap PDU, the agent assigns PDU Type = 4 and fills in the Enterprise, Agent Address, Generic Trap, Type = 4 and fills in the Enterprise, Agent Address, Generic Trap, Specific Trap Type, and Timestamp fields, as well as the Variable Specific Trap Type, and Timestamp fields, as well as the Variable Bindings list. Bindings list.
55و و 44المحاضرة المحاضرة
المنهاج مم المنهاج حاور حاورCourse OutlineCourse Outline
55و و 44المحاضرة المحاضرة
المنهاج مم المنهاج حاور حاورCourse OutlineCourse Outline
الشبكات إدارة نظم وأهمية الشبكات تعريف إدارة نظم وأهمية تعريف الشبكات إدارة نظم الشبكات مكونات إدارة نظم مكونات بروتوكوالت تطور عن تاريخية بروتوكوالت لمحة تطور عن تاريخية لمحة
الشبكات إدارة الشبكات نظم إدارة نظم البرتوكول البرتوكولSNMPv1SNMPv1
البنيةالبنية–األساسية – والوظائف اإلدارة األساسية نموذج والوظائف اإلدارة نموذجالبرتوكول – رزمة وتفاصيل البرتوكول محددات رزمة وتفاصيل محدداتالبيانات – قاعدة البيانات بنية قاعدة MIBMIBبنية–ASN.1ASN.1
البرتوكول البرتوكولSNMPv2SNMPv2 البرتوكول البرتوكولSNMPv3SNMPv3بعد برتوكولبرتوكول عن بعد اإلدارة عن RMONRMON اإلدارةWeb-based ManagementWeb-based Management
The Structure of Management The Structure of Management Information (SMI) Information (SMI)
المعلومات إدارة المعلومات بنية إدارة بنية
– In the manager/agent paradigm for network In the manager/agent paradigm for network management, managed network objects must management, managed network objects must be physically and logically accessible. be physically and logically accessible.
• physically accessiblephysically accessible means that some means that some entity must physically check the address, entity must physically check the address, count the packets, or otherwise quantify the count the packets, or otherwise quantify the network management information. network management information.
• Logical accessibilityLogical accessibility means that means that management information must be stored management information must be stored somewhere and, therefore, that the somewhere and, therefore, that the information must be retrievable and information must be retrievable and modifiable. (SNMP actually performs the modifiable. (SNMP actually performs the retrieval and modification.retrieval and modification.
SMISMI The SMI (RFC 1155) organizes, names, and The SMI (RFC 1155) organizes, names, and
describes information so that logical access can describes information so that logical access can occur.occur.
– In SMI each managed object must have a name, a syntax, and In SMI each managed object must have a name, a syntax, and an encoding. an encoding.
• The The namename,, an object identifier (OID), uniquely identifies the an object identifier (OID), uniquely identifies the object. object.
• The The syntaxsyntax defines the data type, such as an integer or a defines the data type, such as an integer or a string of octets. string of octets.
• TheThe encodingencoding describes how the information associated describes how the information associated with the managed objects is serialized for transmission with the managed objects is serialized for transmission between machinesbetween machines
We will Study:We will Study:– The syntax (the Abstract Syntax Notation One, ASN.1)The syntax (the Abstract Syntax Notation One, ASN.1)
– The encoding (the Basic Encoding Rules,(RER), The encoding (the Basic Encoding Rules,(RER),
– And finally the names (the object identifier).And finally the names (the object identifier).
– How the MIBs use these names.->moves from the abstract to How the MIBs use these names.->moves from the abstract to the practical. the practical.
SMISMI
• ASN.1 defines ASN.1 defines datadata as a pattern of bits in computer as a pattern of bits in computer memory, just as any high-level computer memory, just as any high-level computer programming language defines data as programming language defines data as variablesvariables. .
• The BER define a standard way to convert ASN.1 The BER define a standard way to convert ASN.1 definitions into bit patterns for transmission, and then definitions into bit patterns for transmission, and then they actually transfer the data between computers.they actually transfer the data between computers.
• The BER representation, however, is always the The BER representation, however, is always the same for any ASN.1 description, regardless of the same for any ASN.1 description, regardless of the computers that send or receive that information. This computers that send or receive that information. This assures communication between machines, assures communication between machines, regardless of their internal architectureregardless of their internal architecture
SMISMI
ASN.1 ElementsASN.1 Elements
ASN.1 uses some unique terms to define ASN.1 uses some unique terms to define its procedures, including:its procedures, including:
– type definitions, type definitions,
– value assignments, value assignments,
– macro definitions and evocations,macro definitions and evocations,
– module definitions. You need to understandmodule definitions. You need to understand
– ASN.1 specifies some words as keywords, or reserved ASN.1 specifies some words as keywords, or reserved character sequences. Keywords, such as character sequences. Keywords, such as INTEGER, INTEGER, OBJECT, and NULLOBJECT, and NULL, have special meanings and appear , have special meanings and appear in uppercase letters.in uppercase letters.
SMI TypesSMI Types• A A typetype is a class of data. It defines the data structure is a class of data. It defines the data structure
that the machine needs in order to understand and that the machine needs in order to understand and process information. process information.
• The SMI defines three types: The SMI defines three types: Primitive, Constructor, Primitive, Constructor, andand Defined. Defined.
– ASN.1 defines several ASN.1 defines several Primitive typesPrimitive types (also known as Simple (also known as Simple types), including INTEGER, OCTET STRING, OBJECT IDENTIFIER, types), including INTEGER, OCTET STRING, OBJECT IDENTIFIER, and NULL. and NULL.
– Types begin with an uppercase letter. Types begin with an uppercase letter.
• Constructor Constructor typestypes (also known as Aggregate types) (also known as Aggregate types) generate lists and tables.generate lists and tables.
• Defined Defined typestypes are alternate names for either simple are alternate names for either simple or complex ASN.1 types and are usually more or complex ASN.1 types and are usually more descriptive. descriptive.
The The valuevalue quantifies the type. the value provides a quantifies the type. the value provides a specific instance for that type. For example, a specific instance for that type. For example, a value could be an entry in a routing table. value could be an entry in a routing table.
– values begin with lowercase letters.values begin with lowercase letters.
– Some applications allow only a subset of the possible type Some applications allow only a subset of the possible type values. A subtype specification indicates such a constraint. values. A subtype specification indicates such a constraint. The subtype specification appears after the type and shows the The subtype specification appears after the type and shows the permissible value or values, called the permissible value or values, called the subtype valuessubtype values, in , in parentheses. For example, if an application uses an INTEGER parentheses. For example, if an application uses an INTEGER type and the permissible values must fit within an 8-bit field, type and the permissible values must fit within an 8-bit field, the possible range of values must be between 0 and 255. You the possible range of values must be between 0 and 255. You would express this as:would express this as:
– INTEGER (0..255)INTEGER (0..255)
SMI ValueSMI Value
macro reference (or macro name) appears entirely in uppercase letters.
For example, MIB definitions make extensive use of the ASN.1 macro, OBJECT-TYPE.The first object in MIB-II is a system description (sysDescr). RFC 1213 uses the OBJECT-TYPE macro to define sysDescr, as follows: sysDescr OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..255)) ACCESS read-only STATUS mandatory DESCRIPTION “A textual description of the entity. This value should include the full name and version identification of the system’s hardware type, software operating-system, and networking software. This must contain only printable ASCII characters.” ::= { system 1 }
SMI MacroSMI Macro
In ASN.1 collection of descriptions into convenient groups, called In ASN.1 collection of descriptions into convenient groups, called modulesmodules. . – The module starts with a The module starts with a module namemodule name, such as , such as RMON-MIB.RMON-MIB. Module names must begin with an Module names must begin with an
uppercase letter. Theuppercase letter. The BEGIN BEGIN and and END END statements enclose the body of the module. statements enclose the body of the module.
– The body may contain The body may contain IMPORTSIMPORTS, which are the names of types, values, and macros, and the , which are the names of types, values, and macros, and the modules in which they are declaredmodules in which they are declared..
ExampleExample
RMON-MIB DEFINITIONS ::= BEGINRMON-MIB DEFINITIONS ::= BEGIN IMPORTSIMPORTS Counter FROM RFC1155-SMICounter FROM RFC1155-SMI DisplayString FROM RFC1158-MIBDisplayString FROM RFC1158-MIB mib-2 FROM RFC1213-MIBmib-2 FROM RFC1213-MIB OBJECT-TYPE FROM RFC-1212OBJECT-TYPE FROM RFC-1212 TRAP-TYPE FROM RFC-1215;TRAP-TYPE FROM RFC-1215; -- Remote Network Monitoring MIB-- Remote Network Monitoring MIB rmon OBJECT IDENTIFIER ::= { mib-2 16 }rmon OBJECT IDENTIFIER ::= { mib-2 16 }
-- textual conventions-- textual conventions
ENDEND
SMI ModulesSMI Modules
Summary of ASN.1 conventionsSummary of ASN.1 conventions
In summary, ASN.1 makes distinctions between uppercase In summary, ASN.1 makes distinctions between uppercase and lowercase letters, as follows: and lowercase letters, as follows:
ItemItem ConventionConvention
Types Types Initial uppercase letter Initial uppercase letter
Values Values Initial lowercase letter Initial lowercase letter
Macros Macros All uppercase letters All uppercase letters
Modules Modules Initial uppercase letter Initial uppercase letter
ASN.1 keywords ASN.1 keywords All uppercase letters All uppercase letters
The ASN.1 keywords that are frequently used within SNMP are The ASN.1 keywords that are frequently used within SNMP are BEGIN, BEGIN, CHOICE, DEFINED, DEFINITIONS, END, EXPORTS, IDENTIFIER, CHOICE, DEFINED, DEFINITIONS, END, EXPORTS, IDENTIFIER, IMPORTS, INTEGER, NULL, OBJECT, OCTET, OF, SEQUENCE, and IMPORTS, INTEGER, NULL, OBJECT, OCTET, OF, SEQUENCE, and STRINGSTRING
Summary of ASN.1 conventionsSummary of ASN.1 conventions
ItemItem NameName
-- Signed number Signed number
---- Comment Comment
::= ::= Assignment (defined as) Assignment (defined as)
| | Alternation (options of a list) Alternation (options of a list)
{ }{ } Starts and ends a list Starts and ends a list
[ ][ ] Starts and ends a tag Starts and ends a tag
( )( ) Starts and ends a subtype expression Starts and ends a subtype expression
.. .. Indicates a range Indicates a range
Summary of ASN.1 conventionsSummary of ASN.1 conventions
MIBsMIBsMANAGEMENT INFORMATION BASESMANAGEMENT INFORMATION BASES
CONTAIN THE MANAGED OBJECTS (VARIABLES)CONTAIN THE MANAGED OBJECTS (VARIABLES)
THAT REPRESENT THE RESOURCES OF A SYSTEMTHAT REPRESENT THE RESOURCES OF A SYSTEM
AND WHICH MAY BE MONITORED AND MODIFIED BY A (REMOTE) MANAGERAND WHICH MAY BE MONITORED AND MODIFIED BY A (REMOTE) MANAGER
TO CONTROL THE BEHAVIOUR OF THAT SYSTEMTO CONTROL THE BEHAVIOUR OF THAT SYSTEM
MIB
MANAGER AGENT
SNMP
MIB DEFINITION AND MIB MIB DEFINITION AND MIB INSTANCEINSTANCE
MIB DEFINITIONS SHOULD BE KNOWN BY:MIB DEFINITIONS SHOULD BE KNOWN BY:
• • THE IMPLEMENTORS OF THE MANAGED SYSTEMTHE IMPLEMENTORS OF THE MANAGED SYSTEM
• • THE MANAGERTHE MANAGER
THE MIB IS INSTANTIATED WITHIN THE MANAGED THE MIB IS INSTANTIATED WITHIN THE MANAGED SYSTEMSYSTEM
MODULARITYMODULARITYTHE MANAGED OBJECTS OF A SYSTEMTHE MANAGED OBJECTS OF A SYSTEM
ARE USUALLY DEFINED IN MULTIPLE MIB DEFINITIONSARE USUALLY DEFINED IN MULTIPLE MIB DEFINITIONS
MODULESMODULES
• • DIFFERENT MODULES CAN BE DEFINED BY DIFFERENT TEAMSDIFFERENT MODULES CAN BE DEFINED BY DIFFERENT TEAMS
• • MANAGEMENT FUNCTIONALITY CAN GRADUALLY BE EXTENDEDMANAGEMENT FUNCTIONALITY CAN GRADUALLY BE EXTENDED
• • DIFFERENT TYPES OF SYSTEMSDIFFERENT TYPES OF SYSTEMS
CAN SUPPORT DIFFERENT MIB MODULESCAN SUPPORT DIFFERENT MIB MODULES
• • VENDORS CAN EXTEND THE MANAGEMENT FUNCTIONALITYVENDORS CAN EXTEND THE MANAGEMENT FUNCTIONALITY
VIA PROPRIETARY MIBSVIA PROPRIETARY MIBS
HARDWARE MIBSHARDWARE MIBSHOST RESOURCES MIB
MODEM MIB
PRINTER MIB
PROTOCOL MIBSPROTOCOL MIBSAPPLICATION
MA
IL
DN
S
X.5
00
WW
W
RD
BM
S
...
SN
MP
UDPTCP
IPICMP
ARP
...
OSPF
BGP
EGP
802.
5
FD
DI
AT
M
802.
3
AD
SL
...
SO
NE
T
TRANSPORT
NETWORK
TRANSMISSION INTERFACES
PROTOCOL MIBS - EXAMPLE: PROTOCOL MIBS - EXAMPLE: MIB-IIMIB-II
APPLICATION
MA
IL
DN
S
X.5
00
WW
W
RD
BM
S
...
SN
MP
UDPTCP
IPICMP
ARP
...
OSPF
BGP
EGP
802.
5
FD
DI
AT
M
802.
3
AD
SL
...
SO
NE
T
TRANSPORT
NETWORK
TRANSMISSION INTERFACES
LIST OF MIBSLIST OF MIBS
FOR THE MOST RECENT LIST, SEEFOR THE MOST RECENT LIST, SEE
http://www.simpleweb.org/ietf/rfcs/rfcbytopic.html
LEGEND:LEGEND:S = STANDARDS = STANDARD
D = DRAFT STANDARDD = DRAFT STANDARD
P = PROPOSED STANDARDP = PROPOSED STANDARD
I = INFORMATIONALI = INFORMATIONAL
E = EXPERIMENTALE = EXPERIMENTAL
HARDWARE SPECIFIC MIBsHARDWARE SPECIFIC MIBs
PP16281628UPSUPS
DD16581658Character Stream DevicesCharacter Stream Devices
DD16591659RS-232-like HardwareRS-232-like Hardware
DD16601660Parallel printer-like HardwareParallel printer-like Hardware
PP16961696ModemModem
PP17591759PrinterPrinter
II27072707Job Monitoring MIBJob Monitoring MIB
PP27372737Entity MIBEntity MIB
DD27902790Host Resources MIBHost Resources MIB
STATUSSTATUSRFCRFCTitleTitle
S = STANDARDD = DRAFT STANDARDP = PROPOSED STANDARDI = INFORMATIONALE = EXPERIMENTAL
TRANSMISSIONTRANSMISSION MIBsMIBs
PP26692669Cable Device MIB for DOCSIS compliant Cable Modems Cable Device MIB for DOCSIS compliant Cable Modems and Cable Modem Termination Systemsand Cable Modem Termination Systems
PP26682668IEEE 802.3 Medium Attachment Units (MAUs)IEEE 802.3 Medium Attachment Units (MAUs)
II26662666Object Identifiers for Identifying Ethernet Chip SetsObject Identifiers for Identifying Ethernet Chip Sets
PP26702670Radio Frequency MIB for MCNS/DOCSIS compliant RF Radio Frequency MIB for MCNS/DOCSIS compliant RF interfacesinterfaces
PP26742674Bridges with Traffic Classes, Multicast Filtering and Bridges with Traffic Classes, Multicast Filtering and Virtual LAN ExtensionsVirtual LAN Extensions
PP26772677NBMA Next Hop Resolution Protocol (NHRP)NBMA Next Hop Resolution Protocol (NHRP)
PP28372837Fabric Element in Fibre Channel StandardFabric Element in Fibre Channel Standard
DD28632863Interfaces GroupInterfaces Group
PP28642864Inverted Stack Table Extension to the Interfaces GroupInverted Stack Table Extension to the Interfaces Group
PP29542954Frame Relay ServiceFrame Relay Service
PP29552955Frame Relay/ATM PVC Service Interworking FunctionFrame Relay/ATM PVC Service Interworking Function
PP30203020UNI/NNI Multilink Frame Relay functionUNI/NNI Multilink Frame Relay function
STATUSSTATUSRFCRFCTitleTitle
TRANSMISSIONTRANSMISSION MIBs - 2MIBs - 2
PP22662266IEEE 802.12 Repeater DevicesIEEE 802.12 Repeater Devices
PP21282128Dial ControlDial Control
PP21272127ISDNISDN
PP23202320Classical IP and ARP Over ATM (IPOA)Classical IP and ARP Over ATM (IPOA)
DD21152115Frame Relay DTEsFrame Relay DTEs
PP24942494DS0 and DS0 Bundle Interface TypeDS0 and DS0 Bundle Interface Type
PP24952495DS1, E1, DS2 and E2 Interface TypesDS1, E1, DS2 and E2 Interface Types
PP24962496DS3/E3 Interface TypeDS3/E3 Interface Type
PP25142514Textual Conventions and OBJECT-IDENTITIES for ATM Textual Conventions and OBJECT-IDENTITIES for ATM ManagementManagement
PP25152515ATM ManagementATM Management
PP25582558SONET/SDH Interface TypeSONET/SDH Interface Type
PP26622662ADSL LinesADSL Lines
PP26652665Ethernet-like Interface TypesEthernet-like Interface Types
STATUSSTATUSRFCRFCTitleTitle
TRANSMISSIONTRANSMISSION MIBs - 3MIBs - 3
PP14741474Bridge Network Control Protocol of PPPBridge Network Control Protocol of PPP
PP14731473IP Network Control Protocol of PPPIP Network Control Protocol of PPP
PP14721472Security Protocols of PPPSecurity Protocols of PPP
DD14931493BridgesBridges
PP14711471Link Control Protocol of PPPLink Control Protocol of PPP
PP15121512FDDIFDDI
PP15251525Source Routing BridgesSource Routing Bridges
DD16941694SMDSSMDS
DD17481748IEEE 802.5IEEE 802.5
PP17491749IEEE 802.5 Station Source RoutingIEEE 802.5 Station Source Routing
PP20202020IEEE 802.12 InterfacesIEEE 802.12 Interfaces
PP20242024Data Link SwitchingData Link Switching
PP21082108IEEE 802.3 Repeater DevicesIEEE 802.3 Repeater Devices
STATUSSTATUSRFCRFCTitleTitle
TRANSMISSIONTRANSMISSION MIBsMIBs
PP13811381X.25 LAPBX.25 LAPB
PP13821382X.25 Packet LayerX.25 Packet Layer
PP14611461Multiprotocol Interconnect over X.25Multiprotocol Interconnect over X.25
STATUSSTATUSRFCRFCTitleTitle
S = STANDARDD = DRAFT STANDARDP = PROPOSED STANDARDI = INFORMATIONALE = EXPERIMENTAL
NETWORK LAYERNETWORK LAYER MIBsMIBs
PP24172417Definitions of MO for Multicast over UNI 3.0/3.1 based Definitions of MO for Multicast over UNI 3.0/3.1 based ATM NetworksATM Networks
PP22142214Integrated Services - Guaranteed Service Ext.Integrated Services - Guaranteed Service Ext.
PP22132213Integrated ServicesIntegrated Services
PP24652465MIB for IPv6: Textual Conventions and General GroupMIB for IPv6: Textual Conventions and General Group
PP22062206RSVPRSVP
PP24662466MIB for IPv6: ICMPv6 GroupMIB for IPv6: ICMPv6 Group
PP26672667IP Tunnel MIBIP Tunnel MIB
PP27872787Definitions of MO for the Virtual Router Redundancy Definitions of MO for the Virtual Router Redundancy ProtocolProtocol
PP28512851Textual Conventions for Internet Network AddressesTextual Conventions for Internet Network Addresses
PP29322932IPv4 Multicast Routing MIBIPv4 Multicast Routing MIB
PP29332933Internet Group Management Protocol MIBInternet Group Management Protocol MIB
EE29342934Protocol Independent Multicast MIB for IPv4Protocol Independent Multicast MIB for IPv4
PP30193019IPv6 MIB for The Multicast Listener Discovery ProtocolIPv6 MIB for The Multicast Listener Discovery Protocol
STATUSSTATUSRFCRFCTitleTitle
NETWORK LAYERNETWORK LAYER MIBsMIBs
SS12131213MIB-IIMIB-II
PP12691269BGP Version 3BGP Version 3
PP14141414Identification MIBIdentification MIB
DD16571657BGP Version 4BGP Version 4
DD17241724RIP Version 2 MIB ExtensionRIP Version 2 MIB Extension
DD18501850OSPF Version 2OSPF Version 2
PP20062006IP Mobility SupportIP Mobility Support
PP20112011IP MIBIP MIB
PP20962096IP Forwarding TableIP Forwarding Table
STATUSSTATUSRFCRFCTitleTitle
S = STANDARDD = DRAFT STANDARDP = PROPOSED STANDARDI = INFORMATIONALE = EXPERIMENTAL
TRANSPORT LAYERTRANSPORT LAYER MIBsMIBs
PP20122012Transmission Control Protocol (TCP)Transmission Control Protocol (TCP)
PP20132013User Datagram Protocol (UDP)User Datagram Protocol (UDP)
PP24522452IP Version 6 MIB for the Transmission Control ProtocolIP Version 6 MIB for the Transmission Control Protocol
PP24542454IP Version 6 MIB for the User Datagram ProtocolIP Version 6 MIB for the User Datagram Protocol
PP29592959Real-Time Transport ProtocolReal-Time Transport Protocol
STATUSSTATUSRFCRFCTitleTitle
S = STANDARDD = DRAFT STANDARDP = PROPOSED STANDARDI = INFORMATIONALE = EXPERIMENTAL
APPLICATION LAYERAPPLICATION LAYER MIBsMIBs
PP25642564Application Management MIBApplication Management MIB
PP22872287Definitions of System-Level Managed Objects for Definitions of System-Level Managed Objects for ApplicationsApplications PP19071907SNMPv2 MIBSNMPv2 MIB
PP25942594Definitions of Managed Objects for WWW ServicesDefinitions of Managed Objects for WWW Services
PP16971697RDBMS MIBRDBMS MIB
PP26052605Directory Server Monitoring MIBDirectory Server Monitoring MIB
PP26182618RADIUS Authentication Client MIBRADIUS Authentication Client MIB
PP26192619RADIUS Authentication Server MIBRADIUS Authentication Server MIB
II26202620RADIUS Accounting Client MIBRADIUS Accounting Client MIB
II26212621RADIUS Accounting Server MIBRADIUS Accounting Server MIB
PP27882788Network Services MonitoringNetwork Services Monitoring
PP27892789Mail Monitoring MIBMail Monitoring MIB
PP30553055MIB for the PINT Services ArchitectureMIB for the PINT Services Architecture
STATUSSTATUSRFCRFCTitleTitle
APPLICATION LAYERAPPLICATION LAYER MIBsMIBs
PP16111611DNS Server MIB ExtensionsDNS Server MIB Extensions
PP16121612DNS Resolver MIB ExtensionsDNS Resolver MIB Extensions
STATUSSTATUSRFCRFCTitleTitle
S = STANDARDD = DRAFT STANDARDP = PROPOSED STANDARDI = INFORMATIONALE = EXPERIMENTAL
REMOTE MONITORING AND REMOTE MONITORING AND MEASURMENTMEASURMENT MIBsMIBs
PP15131513Token Ring extensions to RMONToken Ring extensions to RMON
PP20212021RMON Version 2RMON Version 2
PP26132613RMON MIB Extensions for Switched Networks Version RMON MIB Extensions for Switched Networks Version 1.01.0
PP27202720Traffic Flow Measurement: Meter MIBTraffic Flow Measurement: Meter MIB
SS28192819Remote Network Monitoring (RMON) MIBRemote Network Monitoring (RMON) MIB
STATUSSTATUSRFCRFCTitleTitle
S = STANDARDD = DRAFT STANDARDP = PROPOSED STANDARDI = INFORMATIONALE = EXPERIMENTAL
DISTRIBUTED MANAGEMENTDISTRIBUTED MANAGEMENT MIBsMIBs
PP25912591Scheduling Management OperationsScheduling Management Operations
PP25922592Delegation of Management ScriptsDelegation of Management Scripts
PP29252925Remote Ping, Traceroute, and Lookup OperationsRemote Ping, Traceroute, and Lookup Operations
PP29812981Event MIBEvent MIB
PP29822982Expression MIBExpression MIB
PP30143014Notification Log MIBNotification Log MIB
STATUSSTATUSRFCRFCTitleTitle
S = STANDARDD = DRAFT STANDARDP = PROPOSED STANDARDI = INFORMATIONALE = EXPERIMENTAL
VENDOR SPECIFICVENDOR SPECIFIC MIBsMIBs
PP16661666SNA NAUsSNA NAUs
EE17921792TCP/IPX ConnectionTCP/IPX Connection
PP17471747SNA Data Link Control (SDLC)SNA Data Link Control (SDLC)
PP17421742AppletalkAppletalk
PP20512051APPCAPPC
DD15591559DECNET Phase IVDECNET Phase IV
PP22322232DLURDLUR
PP22382238HPNHPN
PP24552455APPNAPPN
PP24562456APPN TRAPSAPPN TRAPS
PP24572457Extended Border NodeExtended Border Node
PP25612561TN3270ETN3270E
PP25622562TN3270E Response Time CollectionTN3270E Response Time Collection
PP25842584APPN/HPR in IP NetworksAPPN/HPR in IP Networks
STATUSSTATUSRFCRFCTitleTitle
MISCELLANYMISCELLANY MIBsMIBs
EE12241224Techniques for managing asynchronously generated Techniques for managing asynchronously generated alertsalerts
PP24932493Textual Conventions for MIB Modules Using Textual Conventions for MIB Modules Using Performance History Based on 15 Minute IntervalsPerformance History Based on 15 Minute Intervals
PP25122512Accounting Information for ATM NetworksAccounting Information for ATM Networks
PP25132513Collection and Storage of Accounting Information for CO Collection and Storage of Accounting Information for CO NetworksNetworks
PP27422742Definitions of Managed Objects for Extensible SNMP Definitions of Managed Objects for Extensible SNMP AgentsAgents
EE27582758Service Level Agreements Performance MonitoringService Level Agreements Performance Monitoring
II29222922Physical TopologyPhysical Topology
PP29402940Common Open Policy Service (COPS) Protocol ClientsCommon Open Policy Service (COPS) Protocol Clients
STATUSSTATUSRFCRFCTitleTitle
S = STANDARDD = DRAFT STANDARDP = PROPOSED STANDARDI = INFORMATIONALE = EXPERIMENTAL
NAMING OFNAMING OF MIBsMIBs
...
root
ccitt (0) iso (1) joint-iso-ccitt (2)
stnd (0) reg-auth (1) mb (2) org (3)
dod (6)
internet (1)
directory (1) mngt (2) experimental (3) private (4)
mib-2 (1)
system (1) interfaces (2) ... transmission (10) snmp (11) ospf (14) bgp (15)
ethernet (6) token ring (9) fddi (15) adsl (94)
...
...
security (5) snmpV2 (6)
SMISMI
STRUCTURE OF MANAGEMENT INFORMATIONSTRUCTURE OF MANAGEMENT INFORMATION
RFC 1155: SMIv1RFC 1155: SMIv1
RFC 1212: CONCISE MIB DEFINITIONSRFC 1212: CONCISE MIB DEFINITIONS
RFC 2578: SMIv2RFC 2578: SMIv2
RFC 2579: TEXTUAL CONVENTIONSRFC 2579: TEXTUAL CONVENTIONS
MAKES THE DEFINITION OF (NEW) MIBs EASIERMAKES THE DEFINITION OF (NEW) MIBs EASIER
SMISMI
MANAGEMENT INFORMATION WITHIN MANAGED SYSTEMSMANAGEMENT INFORMATION WITHIN MANAGED SYSTEMSMUST BE REPRESENTED AS:MUST BE REPRESENTED AS:
• • SCALARSSCALARS
• • TABLESTABLES(= TWO DIMENSIONAL ARRAYS OF SCALARS)(= TWO DIMENSIONAL ARRAYS OF SCALARS)
THE SNMP PROTOCOL CAN ONLY EXCHANGETHE SNMP PROTOCOL CAN ONLY EXCHANGE(A LIST OF) SCALARS(A LIST OF) SCALARS
DEFINED IN TERMS OF ASN.1 CONSTRUCTSDEFINED IN TERMS OF ASN.1 CONSTRUCTS
SMI: DATA TYPES FOR SMI: DATA TYPES FOR SCALARSSCALARS
INTEGEROCTET STRINGOBJECT IDENTIFIER
Integer32
Unsigned32Gauge32Counter32Counter64TimeTicksIpAddressOpaque-
BITS
INTEGEROCTET STRINGOBJECT IDENTIFIER
-
-GaugeCounter-TimeTicksIpAddressOpaqueNetworkAddress
-
SMIv1 SMIv2SIMPLE TYPES:
APPLICATION-WIDETYPES:
PSEUDO TYPES:
EXAMPLE OF SCALAR EXAMPLE OF SCALAR OBJECTSOBJECTS
MANAGER AGENT
SNMP
address
name
uptime
MANAGED OBJECTINSTANCES
OBJECT NAMINGOBJECT NAMING
INTRODUCE NAMING TREEINTRODUCE NAMING TREE
THE LEAVES OF THE TREE REPRESENT THE MANAGED OBJECTS
NODES ARE INTRODUCED FOR NAMING PURPOSES
NEW-MIB:
address (1) info (2)
name (1) uptime (2)
1
130.89.16.2
printer-1 123456
OBJECT NAMINGOBJECT NAMING•• addressaddress
Object ID = 1.1Object ID = 1.1Object Instance = 1.1.0Object Instance = 1.1.0
Value of Instance = Value of Instance = 130.89.16.2130.89.16.2
•• infoinfoObject ID = 1.2Object ID = 1.2
• •namenameObject ID = 1.2.1Object ID = 1.2.1
Object Instance = 1.2.1.0Object Instance = 1.2.1.0Value of Instance = Value of Instance = printer-1printer-1
•• uptimeuptimeObject ID = 1.2.2Object ID = 1.2.2
Object Instance = 1.2.2.0Object Instance = 1.2.2.0Value of Instance = Value of Instance = 123456123456
ALTERNATIVEALTERNATIVE::Object ID = NEW-MIB info uptimeObject ID = NEW-MIB info uptime
OBJECT NAMING: MIBsOBJECT NAMING: MIBsroot
ccitt (0) iso (1) joint-iso-ccitt (2)
stnd (0) reg-auth (1) mb (2) org (3)
dod (6)
internet (1)
security (5)mngt (2) experimental (3) private (4)
mib-2 (1)
directory (1) snmpV2 (6)
enterprises (1)
snmpDomains (1)
snmpProxys (2)
snmpModules (3)
OBJECT TYPE DEFINITIONOBJECT TYPE DEFINITION
OBJECT-TYPE:
SYNTAX
MAX-ACCESS
STATUS
DESCRIPTION
INTEGEROCTET STRINGOBJECT IDENTIFIER
IpAddressInteger32Counter32Counter64Gauge32TimeTicks
New Type
BITS
read-onlyread-writeread-createaccessible-for-notify
currentdeprecatedobsolete
""
Opaque
not-accessible
OBJECT TYPE DEFINITION - OBJECT TYPE DEFINITION - EXAMPLEEXAMPLE
---- Definition of address Definition of address
addressaddress OBJECT-TYPEOBJECT-TYPE
SYNTAXSYNTAX IpAddressIpAddress
MAX-ACCESSMAX-ACCESS read-writeread-write
STATUSSTATUS currentcurrent
DESCRIPTIONDESCRIPTION "The Internet address of this "The Internet address of this system"system"
::=::= {{NEW-MIB 1NEW-MIB 1}}
DEFINITION OF NON-LEAF DEFINITION OF NON-LEAF ‘OBJECTS’‘OBJECTS’
Name Name OBJECT IDENTIFIEROBJECT IDENTIFIER ::=::= {{......}}
EXAMPLE:EXAMPLE:info info OBJECT IDENTIFIEROBJECT IDENTIFIER ::=::= {{NEW-MIB 2NEW-MIB 2}}
ALTERNATIVE CONSTRUCT: OBJECT IDENTITYALTERNATIVE CONSTRUCT: OBJECT IDENTITY
EXAMPLE:EXAMPLE:infoinfo OBJECT-IDENTITYOBJECT-IDENTITY
STATUSSTATUS currentcurrentDESCRIPTIONDESCRIPTION "The node under which future scalar "The node under which future scalar
objects should be objects should be registered"registered"::=::= {{NEW-MIB 2NEW-MIB 2}}
DEFINITION OF A MIBDEFINITION OF A MIB
NEW-MIB NEW-MIB DEFINITIONSDEFINITIONS ::=::=
BEGINBEGIN
import statement(s)import statement(s)
module identity definitionmodule identity definition
definition of all node and leaf objectsdefinition of all node and leaf objects
definition of implementation requirementsdefinition of implementation requirements
ENDEND
MODULE IDENTITY - EXAMPLEMODULE IDENTITY - EXAMPLE
newMibModule newMibModule MODULE-IDENTITYMODULE-IDENTITY
LAST-UPDATEDLAST-UPDATED "200104041200Z" "200104041200Z"
ORGANIZATIONORGANIZATION "UT-TMG" "UT-TMG"
CONTACT-INFO CONTACT-INFO ""
TSSTSS
University of TwenteUniversity of Twente
POBox 217POBox 217
7500 AE Enschede7500 AE Enschede
The NetherlandsThe Netherlands
Email: [email protected] "Email: [email protected] "
DESCRIPTIONDESCRIPTION
"Experimental MIB for demo "Experimental MIB for demo purposespurposes""
::= {::= { enterprises ut(785) 7 enterprises ut(785) 7 }}
IMPORT STATEMENT - IMPORT STATEMENT - EXAMPLEEXAMPLE
IMPORTSIMPORTS
MODULE-IDENTITY, OBJECT-TYPE,MODULE-IDENTITY, OBJECT-TYPE,TimeTicks, enterprisesTimeTicks, enterprises
FROMFROM SNMPv2-SMI; SNMPv2-SMI;
66المحاضرة المحاضرة
المنهاج مم المنهاج حاور حاورCourse OutlineCourse Outline
66المحاضرة المحاضرة
المنهاج مم المنهاج حاور حاورCourse OutlineCourse Outline
الشبكات إدارة نظم وأهمية الشبكات تعريف إدارة نظم وأهمية تعريف الشبكات إدارة نظم الشبكات مكونات إدارة نظم مكونات نظم بروتوكوالت تطور عن تاريخية نظم لمحة بروتوكوالت تطور عن تاريخية لمحة
الشبكات الشبكات إدارة إدارة البرتوكول البرتوكولSNMPv1SNMPv1
البنيةالبنية–األساسية – والوظائف اإلدارة األساسية نموذج والوظائف اإلدارة نموذجالبرتوكول – رزمة وتفاصيل البرتوكول محددات رزمة وتفاصيل محدداتالبيانات – قاعدة البيانات بنية قاعدة MIBMIBبنية
البرتوكول البرتوكولSNMPv2SNMPv2األساسية – والوظائف اإلدارة األساسية نموذج والوظائف اإلدارة والمزايا والمزايا نموذج
بـ بـ مقارن SNMPV1SNMPV1مقارنالبرتوكول – رزم وتفاصيل البرتوكول محددات رزم وتفاصيل محدداتالبيانات – قاعدة البيانات بنية قاعدة MIBMIBبنيةالجداول – مع الجداول التعامل مع التعامل
البرتوكول البرتوكولSNMPv3SNMPv3بعد برتوكولبرتوكول عن بعد اإلدارة عن RMONRMON اإلدارةWeb-based ManagementWeb-based Management
SNMPv2 SNMPv2 OutlineOutline
OVERVIEW:OVERVIEW: LIMITATIONS OF SNMPv1LIMITATIONS OF SNMPv1 HISTORY OF SNMPv2HISTORY OF SNMPv2 HIERARCHIESHIERARCHIES SECURITYSECURITY SNMPv2 PROTOCOL OPERATIONSSNMPv2 PROTOCOL OPERATIONS TRANSPORT INDEPENDENCETRANSPORT INDEPENDENCE RFCsRFCs
Copyright © 2001 by Aiko Pras
These sheets may be used for educational purposes
LIMITATIONS OF SNMPv1LIMITATIONS OF SNMPv1
•• UNDOCUMENTED RULESUNDOCUMENTED RULES
• • LIMITED ERROR CODESLIMITED ERROR CODES
• • LIMITED DATA TYPESLIMITED DATA TYPES
• • LIMITED NOTIFICATIONSLIMITED NOTIFICATIONS
• • LIMITED PERFORMANCELIMITED PERFORMANCE
• • TRANSPORT DEPENDENCETRANSPORT DEPENDENCE
• • LACK OF HIERARCHIESLACK OF HIERARCHIES
• • LACK OF SECURITYLACK OF SECURITY
HISTORY OF SNMPv2HISTORY OF SNMPv2
1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000
SNMP/SMI v1
SNMPSMP
SNMPv2 parties
security
SMIv2
community
SNMPv3
dra
ftst
and
ard
full
stan
da
rd
DISMAN
V2
Us
ec V2
* ...
full
stan
da
rd
pro
po
sed
stan
da
rdp
ropo
sed
sta
nd
a rd
dra
ftst
an
da r
d1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000
SNMP/SMI v1
SNMPSMP
SNMPv2 parties
security
SMIv2
community
SNMPv3
dra
ftst
and
ard
full
stan
da
rd
DISMAN
V2
Us
ec V2
* ...
full
stan
da
rd
pro
po
sed
stan
da
rdp
ropo
sed
sta
nd
a rd
dra
ftst
an
da r
d
HIERARCHIES: ORIGINAL IDEAHIERARCHIES: ORIGINAL IDEA
MANAGER TO MANAGER (M2M) MIBMANAGER TO MANAGER (M2M) MIB
•• STANDARD MIB APPROACHSTANDARD MIB APPROACH
• • LIMITED FUNCTIONALITYLIMITED FUNCTIONALITY
• • RUN-TIME BEHAVIOUR MUST BE DEFINED AT IMPLEMENTATION RUN-TIME BEHAVIOUR MUST BE DEFINED AT IMPLEMENTATION TIMETIME
poll
inform command
M
M
M
A A AAA
HIERARCHIES: STATUSHIERARCHIES: STATUS
WORK HAS MOVED TO A SEPARATE WORK HAS MOVED TO A SEPARATE DISTRIBUTED MANAGEMENT DISTRIBUTED MANAGEMENT GROUPGROUP(DISMAN)(DISMAN)
THREE APPROACHES ARE STANDARDIZED:THREE APPROACHES ARE STANDARDIZED:
– • • MIB BASED MIB BASED (EXPRESSION, EVENT AND NOTIFICATION LOG (EXPRESSION, EVENT AND NOTIFICATION LOG MIB)MIB)
– • • SCRIPT BASED SCRIPT BASED (SCRIPT AND SCHEDULE MIB)(SCRIPT AND SCHEDULE MIB)
– • • REMOTE OPERATIONS BASED REMOTE OPERATIONS BASED (REMOPS MIB)(REMOPS MIB)
SNMPv2 SECURITY: WHAT SNMPv2 SECURITY: WHAT HAPPENEDHAPPENED??
APRIL 1993:APRIL 1993: PROPOSED STANDARDPROPOSED STANDARD FOUR EDITORSFOUR EDITORS SECURITY BASED ON SECURITY BASED ON PARTIESPARTIES FIRST PROTOTYPES APPEARED SOONFIRST PROTOTYPES APPEARED SOON
JUNE 1995:JUNE 1995: PROPOSED STANDARD REJECTED BY TWO OF THE ORIGINAL EDITORS!PROPOSED STANDARD REJECTED BY TWO OF THE ORIGINAL EDITORS!
AUGUST 1995:AUGUST 1995: GENERAL AGREEMENT THAT PARTY BASED MODEL WAS TOO COMPLEX!GENERAL AGREEMENT THAT PARTY BASED MODEL WAS TOO COMPLEX! MANY NEW PROPOSALS APPEARED:MANY NEW PROPOSALS APPEARED: • • SNMPv2C: COMMUNITY BASEDSNMPv2C: COMMUNITY BASED • • SNMPv2U: USER BASEDSNMPv2U: USER BASED • • ......
1997:1997: NEW SNMPv3 WORKING GROUP WAS FORMEDNEW SNMPv3 WORKING GROUP WAS FORMED WITH NEW EDITORSWITH NEW EDITORS
SNMPv2 PROTOCOL SNMPv2 PROTOCOL OPERATIONSOPERATIONS
getNext
response
MIB
manager agent
set
response
MIB
manager agent
get
response
MIB
manager agent
getBulk
response
MIB
manager agent
trap
MIB
manager agent
response
inform
MIB
manager "agent"
GETGET
SIMILAR TO SNMPv1, EXCEPT FOR "EXCEPTIONS"SIMILAR TO SNMPv1, EXCEPT FOR "EXCEPTIONS"
POSSIBLE EXCEPTIONSPOSSIBLE EXCEPTIONS- noSuchObject- noSuchObject
- - noSuchInstancenoSuchInstance
EXCEPTIONS ARE CODED WITHIN THE VARBINDSEXCEPTIONS ARE CODED WITHIN THE VARBINDS
EXCEPTIONS EXCEPTIONS DO NOTDO NOT RAISE ERROR STATUS AND RAISE ERROR STATUS AND INDEXINDEX
manager agentget
response
MIB
GET EXAMPLESGET EXAMPLES
get(1)get(1) response(error-status => response(error-status => noErrornoError, 1.2 => , 1.2 => noSuchObjectnoSuchObject))
get(1.1)get(1.1) response(error-status => response(error-status => noErrornoError, 1.2.0 => , 1.2.0 => noSuchInstancenoSuchInstance))
get(1.1.9)get(1.1.9) response(error-status => response(error-status => noErrornoError, 1.2.0 => , 1.2.0 => noSuchInstancenoSuchInstance))
get(1.2)get(1.2) response(error-status => response(error-status => noErrornoError, 1.4.0 => , 1.4.0 => noSuchObjectnoSuchObject))
get(1.4.0)get(1.4.0) response(error-status => response(error-status => noErrornoError, 1.4.0 => , 1.4.0 => noSuchObjectnoSuchObject))
get(1.1.0, 1.4.0)get(1.1.0, 1.4.0) response(error-status => response(error-status => noErrornoError, 1.1.0 => , 1.1.0 => 130.89.16.2, 130.89.16.2, 1.4.0 => 1.4.0 =>
noSuchObjectnoSuchObject))
GET-NEXTGET-NEXT
SIMILAR TO SNMPv1, EXCEPT FOR SIMILAR TO SNMPv1, EXCEPT FOR "EXCEPTIONS""EXCEPTIONS"
POSSIBLE EXCEPTIONS:POSSIBLE EXCEPTIONS: • • endOfMibViewendOfMibView
EXAMPLEEXAMPLE getNext(1.4.0)getNext(1.4.0) response(error-status => response(error-status => noErrornoError, 1.4.0 => , 1.4.0 => endOfMibViewendOfMibView))
manager agentgetNext
response
MIB
GET-BULKGET-BULK
NEW IN SNMPv2NEW IN SNMPv2
TO RETRIEVE A LARGE NUMBER OF TO RETRIEVE A LARGE NUMBER OF VARBINDSVARBINDS
IMPROVES PERFORMANCE!IMPROVES PERFORMANCE!
manager agentgetBulk
response
MIB
GETBULK PERFORMANCEGETBULK PERFORMANCESource: Steve Waldbusser, Carnegie-Mellon University
210
3300
v1
v2
NO SECURITY
195
2910
110
1600
WITH AUTHENTICATION WITH ENCRYPTION
Figures based on original (party based) SNMPv2
GET-BULKGET-BULK getBulkgetBulk REQUEST HAS TWO ADDITIONAL REQUEST HAS TWO ADDITIONAL
PARAMETERS:PARAMETERS:– • • non-repeatorsnon-repeators
– • • max-repetitionsmax-repetitions
THE FIRST THE FIRST NN ELEMENTS ( ELEMENTS (non-repeatorsnon-repeators) OF ) OF THE VARBIND LIST ARE TREATED AS IF THE THE VARBIND LIST ARE TREATED AS IF THE OPERATION WAS A NORMAL OPERATION WAS A NORMAL getnext getnext OPERATIONOPERATION
• • THE NEXT ELEMENTS OF THE VARBIND THE NEXT ELEMENTS OF THE VARBIND LIST ARE TREATED AS IF THE OPERATIONLIST ARE TREATED AS IF THE OPERATIONCONSISTED OF A NUMBER (CONSISTED OF A NUMBER (max-repetitionsmax-repetitions) ) OF REPEATED OF REPEATED getnextgetnext OPERATIONS OPERATIONS
GET-BULKGET-BULKREQUEST(non-repeaters = N; max-repetitions = M;
VariableBinding-1; ... ; VariableBinding-N; VariableBinding-(N+1); ... ; VariableBinding-(N+R)
RESPONSE(
)
VariableBinding-1; ... ; VariableBinding-N; VariableBinding-(N+1); ... ; VariableBinding-(N+R)
VariableBinding-(N+1); ... ; VariableBinding-(N+R)
VariableBinding-(N+1); ... ; VariableBinding-(N+R)
...
VariableBinding-(N+1); ... ; VariableBinding-(N+R)
)
1st LEXICOGRAPHICAL SUCCESSOR
2nd LEXICOGRAPHICAL SUCCESSOR
3th LEXICOGRAPHICAL SUCCESSOR
Mth LEXICOGRAPHICAL SUCCESSOR
N-TIMES
M-TIMES
GET-BULK EXAMPLEGET-BULK EXAMPLE
getBulkgetBulk((max-repetitionsmax-repetitions = 4; 1.1) = 4; 1.1)
responseresponse((1.1.0 => 1.1.0 => 130.89.16.2130.89.16.2
1.2.1.0 1.2.1.0 => => printer-1printer-1
1.2.2.0 1.2.2.0 => => 123456123456
1.3.1.1.1.3.1.1.2.12.1 => => 2 2 ))
GET-BULK EXAMPLEGET-BULK EXAMPLE
getBulkgetBulk((max-repetitionsmax-repetitions = 3; 1.3.1.1; 1.3.1.2; = 3; 1.3.1.1; 1.3.1.2; 1.3.1.3)1.3.1.3)
responseresponse((1.3.1.1.1.3.1.1.2.12.1 => => 22; 1.3.1.2.; 1.3.1.2.2.12.1 => => 11; 1.3.1.3.; 1.3.1.3.2.12.1 => => 22
1.3.1.1.1.3.1.1.3.13.1 => => 33; 1.3.1.2.; 1.3.1.2.3.13.1 => => 11; 1.3.1.3.; 1.3.1.3.3.13.1 => => 33
1.3.1.1.1.3.1.1.5.15.1 => => 55; 1.3.1.2.; 1.3.1.2.5.15.1 => => 11; 1.3.1.3.; 1.3.1.3.5.15.1 => => 2 2
))
SETSET
SIMILAR TO SNMPv1SIMILAR TO SNMPv1
CONCEPTUAL TWO PHASE COMMIT:CONCEPTUAL TWO PHASE COMMIT:– • • PHASE 1: PERFORM VARIOUS CHECKSPHASE 1: PERFORM VARIOUS CHECKS
– • • PHASE 2: PERFORM THE ACTUAL SETPHASE 2: PERFORM THE ACTUAL SET
MANY NEW ERROR CODES ARE DEFINEDMANY NEW ERROR CODES ARE DEFINED
manager agentset
response
MIB
NEW ERROR CODES FOR NEW ERROR CODES FOR SETSSETS
wrongValuewrongEncodingwrongTypewrongLengthinconsistentValuenoAccessnotWritablenoCreationinconsistentNameresourceUnavailablegenErr
CommitFailedundoFailed
badValuebadValuebadValuebadValuebadValuenoSuchNamenoSuchNamenoSuchNamenoSuchNamegenErrgenErr
genErrgenErr
SNMPv1 SNMPv2
PHASE 1:
PHASE 2:
TRAPTRAP
SNMPv1:SNMPv1:• • COLD STARTCOLD START
• • WARM STARTWARM START
• • LINK DOWNLINK DOWN
• • LINK UPLINK UP
• • AUTHETICATION FAILUREAUTHETICATION FAILURE
• • EGP NEIGHBOR LOSSEGP NEIGHBOR LOSS
SNMPv2:SNMPv2:• • MIBs MAY NOW INCLUDE NOTIFICATION TYPE MACROSMIBs MAY NOW INCLUDE NOTIFICATION TYPE MACROS
• • FIRST TWO VARBINDS: FIRST TWO VARBINDS: sysUptimesysUptime AND AND snmpTrapOIDsnmpTrapOID
• • USES SAME FORMAT AS OTHER PDUsUSES SAME FORMAT AS OTHER PDUs
manager agent
trapMIB
EXAMPLE OF NOTIFICATION EXAMPLE OF NOTIFICATION TYPE MACROTYPE MACRO
linkUplinkUpNOTIFICATION-TYPENOTIFICATION-TYPE
OBJECTSOBJECTS{ifIndex}{ifIndex}
STATUSSTATUScurrentcurrent
DESCRIPTIONDESCRIPTION"A linkUp trap signifies that the entity"A linkUp trap signifies that the entity
has detected that the has detected that the ifOperStatusifOperStatus
object has changed object has changed to Upto Up""
=::=:: {{snmpTraps 4snmpTraps 4}}
INFORMINFORM
CONFIRMED TRAPCONFIRMED TRAP
ORIGINALLY TO INFORM A HIGHER LEVEL MANAGERORIGINALLY TO INFORM A HIGHER LEVEL MANAGER
SAME FORMAT AS TRAP PDUSAME FORMAT AS TRAP PDU
POSSIBLE ERROR: POSSIBLE ERROR: tooBigtooBig
manager "agent"
Response
inform MIB
REPORTREPORT
NEW PDU TO SIGNAL PROTOCOL NEW PDU TO SIGNAL PROTOCOL EXCEPTIONS / ERRORSEXCEPTIONS / ERRORS
NO SEMANTICS DEFINED IN SNMPv2NO SEMANTICS DEFINED IN SNMPv2
manager agent
report
TRANSPORT DEPENDANCETRANSPORT DEPENDANCE
SNMPv1:SNMPv1:– UDP OnlyUDP Only
SNMPv2:SNMPv2:– UDPUDP
– CLNS (OSI)CLNS (OSI)
– DDP (APPLETALK)DDP (APPLETALK)
– IPXIPX
SNMPv2 RFCsSNMPv2 RFCs COMMUNICATION MODELCOMMUNICATION MODEL • • DRAFT STANDARDDRAFT STANDARD • • RFC 1905, RFC1906RFC 1905, RFC1906
SECURITY MODEL - SNMPv2C:SECURITY MODEL - SNMPv2C: • • COMMUNITY BASED SNMPCOMMUNITY BASED SNMP • • SAME ‘SECURITY MECHANISMS’ AS SNMPv1SAME ‘SECURITY MECHANISMS’ AS SNMPv1 • • EXPERIMENTAL STATUSEXPERIMENTAL STATUS • • RFC 1901RFC 1901
SECURITY MODEL - SNMPv2U:SECURITY MODEL - SNMPv2U: • • USER BASED SECURITY (AUTHENTICATION / ENCRYPTION / USER BASED SECURITY (AUTHENTICATION / ENCRYPTION /
ACCESS CONTROL)ACCESS CONTROL) • • EXPERIMENTAL STATUSEXPERIMENTAL STATUS • • RFC 1909, RFC1910RFC 1909, RFC1910
INFORMATION MODEL:INFORMATION MODEL: • • STANDARDSTANDARD • • RFC2578, RFC2579, RFC2580RFC2578, RFC2579, RFC2580
77المحاضرة المحاضرة
المنهاج مم المنهاج حاور حاورCourse OutlineCourse Outline
77المحاضرة المحاضرة
المنهاج مم المنهاج حاور حاورCourse OutlineCourse Outline
الشبكات إدارة نظم وأهمية الشبكات تعريف إدارة نظم وأهمية تعريف الشبكات إدارة نظم الشبكات مكونات إدارة نظم مكونات نظم بروتوكوالت تطور عن تاريخية نظم لمحة بروتوكوالت تطور عن تاريخية لمحة
الشبكات الشبكات إدارة إدارة البرتوكول البرتوكولSNMPv1SNMPv1
البنيةالبنية–األساسية – والوظائف اإلدارة األساسية نموذج والوظائف اإلدارة نموذجالبرتوكول – رزمة وتفاصيل البرتوكول محددات رزمة وتفاصيل محدداتالبيانات – قاعدة البيانات بنية قاعدة MIBMIBبنية
البرتوكول البرتوكولSNMPv2SNMPv2األساسية – والوظائف اإلدارة األساسية نموذج والوظائف اإلدارة والمزايا والمزايا نموذج
بـ بـ مقارن SNMPV1SNMPV1مقارنالبرتوكول – رزم وتفاصيل البرتوكول محددات رزم وتفاصيل محدداتالبيانات – قاعدة البيانات بنية قاعدة MIBMIBبنيةالجداول – مع الجداول التعامل مع التعامل
البرتوكول البرتوكولSNMPv3SNMPv3بعد برتوكولبرتوكول عن بعد اإلدارة عن RMONRMON اإلدارةWeb-based ManagementWeb-based Management
TABLESTABLES
EXAMPLE: ROUTING TABLEEXAMPLE: ROUTING TABLE
TO RETRIEVE INDIVIDUAL TABLE ENTRIES
EACH ENTRY SHOULD GET A NAME
destination next
2 2
3
5
7
3
2
2
8
9
3
3
1
2
9
3
5
7
8
NAMING OF TABLE ENTRIES - INAMING OF TABLE ENTRIES - IPOSSIBILITY 1POSSIBILITY 1 (NOT BEING USED BY SNMP)(NOT BEING USED BY SNMP): USE ROW NUMBERS: USE ROW NUMBERS
1
address (1) info (2) routeTable (3)
name (1) uptime (2)
130.89.16.2
printer-1 123456
dest(1) next(2)
2 2
3
5
7
3
2
2
8
9
3
3
NEW-MIB:
this is row 5
EXAMPLE: THE VALUE OF NEW-MIB routeTable next 5 IS 3
NAMING OF TABLE ENTRIES - IINAMING OF TABLE ENTRIES - II
POSSIBILITY 2 POSSIBILITY 2 (USED BY SNMP)(USED BY SNMP): INTRODUCE AN INDEX COLUMN: INTRODUCE AN INDEX COLUMN
1
address (1) info (2) routeTable (3)
name (1) uptime (2)
130.89.16.2
printer-1 123456
dest(1) next(2)
2 2
3
5
7
3
2
2
8
9
3
3
NEW-MIB:
EXAMPLE: THE VALUE OF NEW-MIB routeTable next 5 IS 2
TABLE INDEXINGTABLE INDEXING
GENERAL SCHEMEGENERAL SCHEME
OID of Table Column number Index value
X.C.I
EXAMPLES:
OID of Table = 1.31.3.1.5 >= 5 1.3.2.5 >= 21.3.1.9 >=9 1.3.2.9 >= 31.3.2.7 >=2
1.3.1.1 >=entry does not exist1.3.2.1 >=entry does not exist
TABLE INDEXING - NON-TABLE INDEXING - NON-INTEGER INDEXINTEGER INDEX
AN INDEX NEED NOT BE AN INTEGERAN INDEX NEED NOT BE AN INTEGERrouteTable (3)
dest (1) next (2)
130.89.16.1 130.89.16.1
130.89.16.4
130.89.16.23
130.89.19.121
130.89.16.4
130.89.16.1
130.89.16.1
192.1.23.24
193.22.11.97
130.89.16.4
130.89.16.4EXAMPLES:
OID of Table = 1.31.3.1.130.89.16.23 => 130.89.16.23 1.3.2.130.89.16.23 => 130.89.16.1
1.3.1.193.22.11.97 => 193.22.11.971.3.2.193.22.11.97 => 130.89.16.4
1.3.2.130.89.19.121 => 130.89.16.1
TABLE INDEXING - MULTIPLE TABLE INDEXING - MULTIPLE INDEX FIELDSINDEX FIELDS
USE OF MULTIPLE INDEX FIELDSUSE OF MULTIPLE INDEX FIELDS
OID of Table Column number Index value 1
X.C.I1.I2
Index value 2
TABLE INDEXING - MULTIPLE INDEX TABLE INDEXING - MULTIPLE INDEX FIELDS: EXAMPLEFIELDS: EXAMPLE
EXAMPLE:EXAMPLE:
routeTable (3)
dest (1) policy (2) next (3)
130.89.16.23 1 130.89.16.23
130.89.16.23
130.89.19.121
192.1.23.24
2
1
1
130.89.16.23
130.89.16.1
130.89.16.1
192.1.23.24
193.22.11.97
2
1
130.89.16.4
130.89.16.1
1 = low costs2 = high reliability
1.3.3.192.1.23.24.1 => 130.89.16.1
1.3.3.192.1.23.24.2 => 130.89.16.4
TABLE DEFINITIONTABLE DEFINITION---- Definition of the route table Definition of the route table
routeTablerouteTable OBJECT-TYPEOBJECT-TYPE
SYNTAXSYNTAX SEQUENCE OF RouteEntrySEQUENCE OF RouteEntry
MAX-ACCESSMAX-ACCESS not-accessiblenot-accessible
STATUSSTATUS currentcurrent
DESCRIPTIONDESCRIPTION ""This entity’s routing tableThis entity’s routing table""
::=::= {{NEW-MIB 3NEW-MIB 3}}
routeEntryrouteEntry OBJECT-TYPEOBJECT-TYPE
SYNTAXSYNTAX RouteEntryRouteEntry
MAX-ACCESSMAX-ACCESS not-accessiblenot-accessible
STATUSSTATUS currentcurrent
DESCRIPTIONDESCRIPTION ""A route to a particular destinationA route to a particular destination""
INDEXINDEX {dest, policy}{dest, policy}
::=::= {{routeTable 1routeTable 1}}
TABLE DEFINITION (cont. 1)TABLE DEFINITION (cont. 1)
RouteEntry RouteEntry ::=::=
SEQUENCESEQUENCE {{
destdest ipAddress,ipAddress,
policypolicy INTEGER,INTEGER,
nextnext ipAddressipAddress
}}
TABLE DEFINITION (cont. 2)TABLE DEFINITION (cont. 2)destdest OBJECT-TYPEOBJECT-TYPE
SYNTAXSYNTAX ipAddressipAddressACCESSACCESS read-onlyread-onlySTATUSSTATUS currentcurrentDESCRIPTIONDESCRIPTION ""The address of a particular The address of a particular destinationdestination""::=::= {{route-entry 1route-entry 1}}
policypolicy OBJECT-TYPEOBJECT-TYPESYNTAXSYNTAX INTEGER {INTEGER {
costs(1)costs(1)-- lowest delay-- lowest delay
reliability(2)} reliability(2)} -- highest reliability-- highest reliability
ACCESSACCESS read-onlyread-onlySTATUSSTATUS currentcurrentDESCRIPTIONDESCRIPTION ""The routing policy to reach that The routing policy to reach that destinationdestination""::=::= {{route-entry 2route-entry 2}}
nextnext OBJECT-TYPEOBJECT-TYPESYNTAXSYNTAX ipAddressipAddressACCESSACCESS read-writeread-writeSTATUSSTATUS currentcurrentDESCRIPTIONDESCRIPTION ""The internet address of the next hopThe internet address of the next hop""::=::= {{route-entry 3route-entry 3}}
DEFINITION OF NEW TYPESDEFINITION OF NEW TYPESTEXTUAL CONVENTIONSTEXTUAL CONVENTIONS
TO REFINE SEMANTICS OF EXISTING TYPESTO REFINE SEMANTICS OF EXISTING TYPES
EXAMPLE:EXAMPLE:
RunState ::= RunState ::= TEXTUAL CONVENTIONTEXTUAL CONVENTION
STATUSSTATUS currentcurrent
DESCRIPTIONDESCRIPTION ""......""
SYNTAXSYNTAX INTEGER{INTEGER{
running(1)running(1)
runable(2)runable(2)
waiting(3)waiting(3)
exiting(4)}exiting(4)}
TEXTUAL CONVENTIONSTEXTUAL CONVENTIONS
•• PhysAddressPhysAddress
• • MacAddressMacAddress
• • TruthValueTruthValue
• • AutonomousTypeAutonomousType
• • InstancePointerInstancePointer
• • VariablePointerVariablePointer
• • RowPointerRowPointer
• • RowStatusRowStatus
• • TimeStampTimeStamp
• • TimeIntervalTimeInterval
• • DateAndTime DateAndTime
• • StorageTypeStorageType
• • TDomainTDomain
• • TAddressTAddress
ROW-STATUS TEXTUAL ROW-STATUS TEXTUAL CONVENTIONCONVENTION
USED TO CHANGE TABLE ROWSUSED TO CHANGE TABLE ROWSTO: VIA:
130.89.16.4
130.89.18.2
130.89.1.1
130.89.1.4
ACTIVE
STATUS:
130.89.1.4130.89.18.7ACTIVEACTIVE
130.89.17.6 130.89.1.1 NOT READY
ROW-STATUS - STATE ROW-STATUS - STATE DIAGRAMDIAGRAM
status columndoes not exist
status columnis active
status columnis notReady
status columnis notInService
1
6
1 2
1 23
4
4
31
5
6
6
12
3 34
4
5 35
4
4
6
5
2
2 2
noError
noError
noError
noError
6
6
1
2
3
4
5
6
set status column to createAndGo
set status column to createAndWait
set status column to active
set status column to notInService
set status column to destroy
set any other column to some value
4 6 4 6or
NOTIFICATION TYPESNOTIFICATION TYPESSMIv2:SMIv2:
• • MIBs MAY NOW INCLUDE NOTIFICATION TYPE MACROSMIBs MAY NOW INCLUDE NOTIFICATION TYPE MACROS
EXAMPLE:EXAMPLE:
linkUp linkUp NOTIFICATION-TYPENOTIFICATION-TYPE
OBJECTSOBJECTS {ifIndex}{ifIndex}
STATUSSTATUS currentcurrent
DESCRIPTIONDESCRIPTION
"A linkUp trap signifies that the"A linkUp trap signifies that the
entity has detected that theentity has detected that the
ifOperStatus object has changed to Up"ifOperStatus object has changed to Up"
::= {::= {snmpTraps 4snmpTraps 4}}
DEFINITION OF IMPLEMENTATION DEFINITION OF IMPLEMENTATION REQUIREMENTSREQUIREMENTS
THE MODULE-COMPLIANCE CONSTRUCTTHE MODULE-COMPLIANCE CONSTRUCT
DEFINES IMPLEMENTATION REQUIREMENTS FOR AGENTSDEFINES IMPLEMENTATION REQUIREMENTS FOR AGENTS
newMibCompliance MODULE-COMPLIANCESTATUS ...DESCRIPTION ...
MODULE 1
MODULE n
::= { ... }
MODULE ...MANDATORY-GROUPS ...GROUP ...OBJECT ...
OBJECT GROUP CONSTRUCTOBJECT GROUP CONSTRUCTTO DEFINE A SET OF RELATED OBJECT TYPESTO DEFINE A SET OF RELATED OBJECT TYPES
EXAMPLE:EXAMPLE:
newMibScalarGroup newMibScalarGroup OBJECT-GROUPOBJECT-GROUP
OBJECTS {OBJECTS { address, name, uptime address, name, uptime }}
STATUSSTATUS current current
DESCRIPTIONDESCRIPTION "The collection of "The collection of scalar objects."scalar objects."
::= {::= { demoGroups 1 demoGroups 1 }}
SNMPv2 - SUMMARYSNMPv2 - SUMMARY IMPROVED COMMUNICATION MODELIMPROVED COMMUNICATION MODEL • • TRAPS HAVE SAME FORMAT AS OTHER PDUSTRAPS HAVE SAME FORMAT AS OTHER PDUS • • GET-BULK PDUGET-BULK PDU • • ADDITIONAL ERROR CODES FOR SETSADDITIONAL ERROR CODES FOR SETS
TWO SECURITY MODELSTWO SECURITY MODELS • • SNMPv2C: COMMUNITY BASEDSNMPv2C: COMMUNITY BASED • • SNMPv2U: USER BASEDSNMPv2U: USER BASED
INDEPENDENCE OF UNDERLYING TRANSPORTINDEPENDENCE OF UNDERLYING TRANSPORT • • MIB-II SPLIT INTO MODULESMIB-II SPLIT INTO MODULES
SECURITY AND HIERARCHIES TO SNMPv3 & DISMANSECURITY AND HIERARCHIES TO SNMPv3 & DISMAN
IMPROVED INFORMATION MODEL (SMIv2)IMPROVED INFORMATION MODEL (SMIv2) • • ADDITIONAL DATA TYPESADDITIONAL DATA TYPES • • TEXTUAL CONVENTIONSTEXTUAL CONVENTIONS E.G. ROW STATUSE.G. ROW STATUS • • NOTIFICATIONSNOTIFICATIONS
88المحاضرة المحاضرة
المنهاج مم المنهاج حاور حاورCourse OutlineCourse Outline
88المحاضرة المحاضرة
المنهاج مم المنهاج حاور حاورCourse OutlineCourse Outline
الشبكات إدارة نظم وأهمية الشبكات تعريف إدارة نظم وأهمية تعريف الشبكات إدارة نظم الشبكات مكونات إدارة نظم مكونات بروتوكوالت تطور عن تاريخية بروتوكوالت لمحة تطور عن تاريخية لمحة
الشبكات إدارة الشبكات نظم إدارة نظم البرتوكول البرتوكولSNMPv1SNMPv1
البنيةالبنية–األساسية – والوظائف اإلدارة األساسية نموذج والوظائف اإلدارة نموذجالبرتوكول – رزمة وتفاصيل البرتوكول محددات رزمة وتفاصيل محدداتالبيانات – قاعدة البيانات بنية قاعدة MIBMIBبنية
البرتوكول البرتوكولSNMPv2SNMPv2 البرتوكول البرتوكولSNMPv3SNMPv3بعد برتوكولبرتوكول عن بعد اإلدارة عن RMONRMON اإلدارةWeb-based ManagementWeb-based Management
Network Management - Dr. Moutasem ShafaAmry - Damascus University
SNMPv3 outline
OVERVIEW:
• DESIGN DECISIONS
• ARCHITECTURE
• SNMP MESSAGE STRUCTURE
• SECURE COMMUNICATIONUSER SECURITY MODEL (USM)
• ACCESS CONTROL– VIEW BASED ACCESS CONTROL MODEL (VACM)
• IMPLEMENTATIONS
• RFCsCopyright © 2001 by Aiko Pras
These sheets may be used for educational purposes
Network Management - Dr. Moutasem ShafaAmry - Damascus University
DESIGN DECISIONS
ADDRESS THE NEED FOR SECURY SET SUPPORT
DEFINE AN ARCHITECTURE THAT ALLOWS FOR LONGEVITY OF SNMP
ALLOW THAT DIFFERENT PORTIONS OF THE ARCHITECTUREMOVE AT DIFFERENT SPEEDS TOWARDS STANDARD STATUS
ALLOW FOR FUTURE EXTENSIONS
KEEP SNMP AS SIMPLE AS POSSIBLE
ALLOW FOR MINIMAL IMPLEMENTATIONS
SUPPORT ALSO THE MORE COMPLEX FEATURES,WHICH ARE REQUIRED IN LARGE NETWORKS
RE-USE EXISTING SPECIFICATIONS, WHENEVER POSSIBLE
Network Management - Dr. Moutasem ShafaAmry - Damascus University
SNMPv3 ARCHITECTURE
OTHERNOTIFICATIONORIGINATOR
COMMANDRESPONDER
COMMANDGENERATOR
NOTIFICATIONRECEIVER
PROXYFORWARDER
SNMP APPLICATIONS
SNMP ENGINE
MESSAGE PROCESSINGSUBSYSTEM
DISPATCHERSECURITY
SUBSYSTEMACCESS CONTROL
SUBSYSTEM
SNMP ENTITY
OTHER
Network Management - Dr. Moutasem ShafaAmry - Damascus University
SNMPv3 ARCHITECTURE: MANAGER
NOTIFICATIONRECEIVER
COMMANDGENERATOR
PDUDISPATCHER
COMMUNITY BASEDSECURITY MODEL
USER BASEDSECURITY MODEL
OTHERSECURITY MODEL
SECURITY SUBSYSTEM
SNMPv1
SNMPv2C
SNMPv3
OTHER
MESSAGE PROCESSINGSUBSYSTEM
MESSAGEDISPATCHER
TRANSPORTMAPPINGS
Network Management - Dr. Moutasem ShafaAmry - Damascus University
SNMPv3 ARCHITECTURE: AGENT
PDUDISPATCHER
COMMUNITY BASEDSECURITY MODEL
USER BASEDSECURITY MODEL
OTHERSECURITY MODEL
SECURITY SUBSYSTEM
SNMPv1
SNMPv2C
SNMPv3
OTHER
MESSAGE PROCESSINGSUBSYSTEM
MESSAGEDISPATCHER
TRANSPORTMAPPINGS
MANAGEMENT INFORMATION BASE
VIEW BASEDACCESS CONTROL
ACCESS CONTROL SUBSYSTEM
NOTIFICATIONORIGINATOR
COMMANDRESPONDER
Network Management - Dr. Moutasem ShafaAmry - Damascus University
CONCEPTS: snmpEngineID
O TH ER
SNMP ENGINE
SNMP ENTITY
snmpEngineID=4
O TH ER
SNMP ENGINE
SNMP ENTITY
snmpEngineID=2
O TH ER
SNMP ENGINE
SNMP ENTITY
snmpEngineID=3
OT HE R
SNMP ENGINE
SNMP ENTITY
snmpEngineID=1
Network Management - Dr. Moutasem ShafaAmry - Damascus University
CONCEPTS: Context
OTHER
COMMAND RESPONDER APPLICATION
SNMP ENGINE
SNMP ENTITY
snmpEngineID=1
contextEngineID=1The context can be reached from this engine, thus:
MIB
contextName=card1
MIB
contextName=card2
Network Management - Dr. Moutasem ShafaAmry - Damascus University
PRIMITIVES BETWEEN MODULES
Network Management - Dr. Moutasem ShafaAmry - Damascus University
sendPdu
DISPATCHER
ACCESSCONTROL
SUBSYSTEM
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
sendPdu
APPLICATIONS
Network Management - Dr. Moutasem ShafaAmry - Damascus University
prepareOutgoingMessage
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
prepareOutgoingMessage
DISPATCHER
Network Management - Dr. Moutasem ShafaAmry - Damascus University
generateRequestMsg
DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
SECURITYSUBSYSTEM DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
generateRequestMsg
MESSAGEPROCESSINGSUBSYSTEM
Network Management - Dr. Moutasem ShafaAmry - Damascus University
send / receive
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
send and receive
DISPATCHER
Network Management - Dr. Moutasem ShafaAmry - Damascus University
prepareDataElements
DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
prepareDataElements
DISPATCHER
Network Management - Dr. Moutasem ShafaAmry - Damascus University
processIncomingMsg
DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
processIncomingMsg
MESSAGEPROCESSINGSUBSYSTEM
Network Management - Dr. Moutasem ShafaAmry - Damascus University
processPd
DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
processPdu
DISPATCHER
Network Management - Dr. Moutasem ShafaAmry - Damascus University
isAccessAllowed
DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM DISPATCHER
ACCESSCONTROL
SUBSYSTEM
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
isAccessAllowed
APPLICATIONS
Network Management - Dr. Moutasem ShafaAmry - Damascus University
returnResponsePdu
DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM DISPATCHER
ACCESSCONTROL
SUBSYSTEM
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
returnResponsePdu
APPLICATIONS
Network Management - Dr. Moutasem ShafaAmry - Damascus University
prepareResponseMessage
DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
prepareResponseMessage
DISPATCHER
Network Management - Dr. Moutasem ShafaAmry - Damascus University
generateResponseMsg
DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
generateResponseMsg
MESSAGEPROCESSINGSUBSYSTEM
Network Management - Dr. Moutasem ShafaAmry - Damascus University
send / receive
DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
send and receive
DISPATCHER
Network Management - Dr. Moutasem ShafaAmry - Damascus University
prepareDataElements
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
prepareDataElements
DISPATCHER
Network Management - Dr. Moutasem ShafaAmry - Damascus University
processIncomingMsg
DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
SECURITYSUBSYSTEM DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
processIncomingMsg
MESSAGEPROCESSINGSUBSYSTEM
Network Management - Dr. Moutasem ShafaAmry - Damascus University
processResponsePdu
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
processResponsePdu
DISPATCHER
Network Management - Dr. Moutasem ShafaAmry - Damascus University
MODULES OF THE SNMPv3 ARCHITECTURE
DISPATCHER AND MESSAGE PROCESSING MODULE• SNMPv3 MESSAGE STRUCTURE
• snmpMPDMIB• RFC 2572
APPLICATIONS• snmpTargetMIB
• snmpNotificationMIB• snmpProxyMIB
• RFC 2573
SECURITY SUBSYSTEM• USER BASED SECURITY MODEL
• snmpUsmMIB• RFC 2574
ACCESS CONTROL SUBSYSTEM• VIEW BASED ACCESS CONTROL MODEL
• snmpVacmMIB• RFC 2575
Network Management - Dr. Moutasem ShafaAmry - Damascus University
SNMPv3 MESSAGE STRUCTURE
msgVersionmsgID
msgMaxSizemsgFlags
msgSecurityModel
msgSecurityParameters
contextEngineIDcontextName
PDU
USED BY MESSAGE PROCESSING SUBSYSTEM
USED BY SNMPv3 PROCESSING MODULE
USED BY SECURITY SUBSYSTEM
USED BY ACCESS CONTROL SUBSYSTEMAND APPLICATIONS
Network Management - Dr. Moutasem ShafaAmry - Damascus University
SNMPv3 PROCESSING MODULE PARAMETERS
msgVersionmsgID
msgMaxSizemsgFlags
msgSecurityModel
msgSecurityParameters
contextEngineIDcontextName
PDU
authFlagprivFlagreportableFlag
SNMPv1SNMPv2cUSM
484..2147483647
0..2147483647
Network Management - Dr. Moutasem ShafaAmry - Damascus University
SECURE COMMUNICATION VERSUS ACCESS CONTROL
MIB
MANAGER
APPLICATION PROCESSES
TRANSPORT SERVICE
MANAGER AGENT
GET / GET-NEXT / GETBULKSET / TRAP / INFORM
SECURE COMMUNICATION
ACCESS CONTROL
Network Management - Dr. Moutasem ShafaAmry - Damascus University
USM: SECURITY THREATS
THREAT ADDRESSED? MECHANISM
REPLAY YES TIME STAMP
MASQUERADE YES MD5 / SHA-1
INTEGRITY YES (MD5 / SHA-1)
DISCLOSURE YES DES
DENIAL OF SERVICE YES
TRAFFIC ANALYSIS YES
Network Management - Dr. Moutasem ShafaAmry - Damascus University
USM MESSAGE STRUCTURE
msgVersionmsgID
msgMaxSizemsgFlags
msgSecurityModelmsgAuthoritativeEngineID
msgAuthoritativeEngineBootsmsgAuthoritativeEngineTime
msgUserNamemsgAuthenticationParameters
msgPrivacyParameterscontextEngineID
contextName
PDU
REPLAY
MASQUERADE/INTEGRITY/DISCLOSURE
DISCLOSURE
MASQUERADE/INTEGRITY
Network Management - Dr. Moutasem ShafaAmry - Damascus University
IDEA BEHIND REPLAY PROTECTION
LOCAL NOTION OFREMOTE CLOCK
ALLOWEDLIFETIME
LOCALCLOCK
+ >?
ID BOOTS TIME DATA ID BOOTS TIME DATA
Authoritative EngineNonauthoritative Engine
Network Management - Dr. Moutasem ShafaAmry - Damascus University
IDEA BEHIND DATA INTEGRITY AND AUTHENTICATION
HASH FUNCTION
DATAKEY
MAC
ADD THE MESSAGE AUTHENTICATION CODE (MAC) TO THE DATAAND SEND THE RESULT
Network Management - Dr. Moutasem ShafaAmry - Damascus University
IDEA BEHIND AUTHENTICATION
HASH FUNCTION
KEY
MAC
DATAUSER MAC
DATA
HASH FUNCTION
KEY
MAC
DATAUSER MAC
DATA
=?
Network Management - Dr. Moutasem ShafaAmry - Damascus University
IDEA BEHIND THE DATA CONFIDENTIALITY (DES)
DES ALGORITHM
DATADES-KEY
ENCRYPTED DATA
Network Management - Dr. Moutasem ShafaAmry - Damascus University
IDEA BEHIND ENCRYPTION
DES ALGORITHM
DATADES-KEY
ENCRYPTED DATA
ENCRYPTED DATAUSER
DES ALGORITHM
DATADES-KEY
ENCRYPTED DATA
ENCRYPTED DATAUSER
Network Management - Dr. Moutasem ShafaAmry - Damascus University
VIEW BASED ACCESS CONTROL MODEL
ACCESS CONTROL TABLE
MIB VIEWS
Network Management - Dr. Moutasem ShafaAmry - Damascus University
ACCESS CONTROL TABLES
GET / GETNEXTInterface Table John, Paul Authentication
•••••• ••• •••
•••••• ••• •••
SETInterface Table JohnAuthentication
GET / GETNEXTSystems Group George None
•••••• ••• •••
•••••• ••• •••
Encryption
MIB VIEWALLOWED
MANAGERSREQUIRED LEVEL
OF SECURITYALLOWED
OPERATIONS
Network Management - Dr. Moutasem ShafaAmry - Damascus University
MIB VIEWS
Network Management - Dr. Moutasem ShafaAmry - Damascus University
SNMPv3 IMPLEMENTATIONS
ACE*COMMAdventNet
BMC SoftwareCisco
EpilogueGambit communications
HalcyonIBMISI
IWLMG-SOFT
MultiPort CorporationSimpleSoft
SNMP Research
SNMP++ TU of Braunschweig
UCDUniversity of Quebec
Network Management - Dr. Moutasem ShafaAmry - Damascus University
SNMPv3 RFCs
OTHER
SNMP APPLICATIONS
SNMP ENGINE
MESSAGE PROCESSINGSUBSYSTEM
DISPATCHERSECURITY
SUBSYSTEMACCESS CONTROL
SUBSYSTEM
SNMP ENTITY
RFC 2573
RFC 2571
RFC 2572 RFC 2572 USM: RFC 2574 VACM: RFC 2575
99المحاضرة المحاضرة
المنهاج مم المنهاج حاور حاورCourse OutlineCourse Outline
99المحاضرة المحاضرة
المنهاج مم المنهاج حاور حاورCourse OutlineCourse Outline
الشبكات إدارة نظم وأهمية الشبكات تعريف إدارة نظم وأهمية تعريف الشبكات إدارة نظم الشبكات مكونات إدارة نظم مكونات بروتوكوالت تطور عن تاريخية بروتوكوالت لمحة تطور عن تاريخية لمحة
الشبكات إدارة الشبكات نظم إدارة نظم البرتوكول البرتوكولSNMPv1SNMPv1
البنيةالبنية–األساسية – والوظائف اإلدارة األساسية نموذج والوظائف اإلدارة نموذجالبرتوكول – رزمة وتفاصيل البرتوكول محددات رزمة وتفاصيل محدداتالبيانات – قاعدة البيانات بنية قاعدة MIBMIBبنية
البرتوكول البرتوكولSNMPv2SNMPv2 البرتوكول البرتوكولSNMPv3SNMPv3بعد برتوكولبرتوكول عن بعد اإلدارة عن RMONRMON اإلدارةWeb-based ManagementWeb-based Management
Network Management - Dr. Moutasem ShafaAmry - Damascus University
REMOTE MONITORING
RMON1 (RFC 1757 - DRAFT)TOKEN RING EXTENSIONS TO RMON (RFC 1513 - PROPOSED)
RMON2 (RFC 2021 - PROPOSED)SMON (RFC 2613 - PROPOSED)
ETHERNET
MANAGER
RMON
WAN
Copyright © 2001 by Aiko Pras
These sheets may be used for educational purposes
Network Management - Dr. Moutasem ShafaAmry - Damascus University
RMON1 GROUPS
NINE GROUPS:
• STATISTICS
• HISTORY
• HOST
• HOST TOP N
• TRAFFIC MATRIX
• ALARMS
• FILTERS
• PACKET CAPTURE
• EVENTS
Network Management - Dr. Moutasem ShafaAmry - Damascus University
STATISTICS GROUP
KEEPS STATISTICS PER ETHERNET SEGMENT
SHOWS:• PACKETS• OCTETS
• BROADCASTS• MULTICASTS• COLLISIONS
• ERRORS
KEEPS TRACK OF PACKET SIZE DISTRIBUTION:• 65 - 127 OCTETS
• 128 - 255 OCTETS• 256 - 511 OCTETS
• 512 - 1023 OCTETS• 1024 - 1518 OCTETS
Network Management - Dr. Moutasem ShafaAmry - Damascus University
STATISTICS GROUP - ERRORS
< 64 Bytes64 to 1518>1518 bytes
WELL-FORMED PACKETS
undersizeGOOD!oversize
BAD FCS ERRORSfragmentsCRC oralignment errors
jabber
Network Management - Dr. Moutasem ShafaAmry - Damascus University
HISTORY GROUP
STORES INFORMATION OF STATISTICS GROUPEXCEPT PACKET SIZE DISTRIBUTION
USES A CIRCULAR BUFFER• BUCKETS
• SIZE MAY BE SET BY MANAGER
MANAGER MAY SET:• THE ETHERNET SEGMENTS (INTERFACES)
• SAMPLING INTERVAL
Network Management - Dr. Moutasem ShafaAmry - Damascus University
HOST INFORMATION
• HOST• HOST TOP N
IN / OUT:PACKETS / OCTETS
OUT:BROADCASTSMULTICASTS
ERRORS
INFORMATION INDEXED BY:• INTERFACE AND MAC ADDRESS (hostTable)
• CREATION TIME (hostTimetable)• SORTED ON SOME VARIABLE VALUE (hostTopN)
Network Management - Dr. Moutasem ShafaAmry - Damascus University
TRAFFIC MATRIX
FOR EACH SOURCE & DESTINATION• PACKETS• OCTETS• ERRORS
USEFUL:• TO PROVIDE "WHAT IF" ANALYSIS
• TO DETECT INTRUDERS
Network Management - Dr. Moutasem ShafaAmry - Damascus University
ALARM GROUP
ABSOLUTE OR DELTA VALUES
TRIGGERS ON:• RISING ALARM
• FALLING ALARM• RISING OR FALLING ALARM
900
800
700
600
500
400
300
200
100
RISING TRESHOLD
FALLING TRESHOLD
NOTIFICATION
NOTIFICATION
NOTIFICATION
Network Management - Dr. Moutasem ShafaAmry - Damascus University
OTHER GROUPS
FILTER GROUP• TO COUNT PACKETS THAT CARRY A SPECIFIC BIT-PATTERN
PACKET CAPTURE GROUP• TO STORE SPECIFIC PACKETS
EVENT GROUP• TO DEFINE THE VARIOUS EVENTS
• TO DETERMINE ON LOGGING AND / OR TRANSMISSION OF TRAPS
ALARMS
FILTER
EVENTS TRAPS
CAPTURETABLE
LOGTABLE
MIB VARIABLES
Network Management - Dr. Moutasem ShafaAmry - Damascus University
RMON2
TO MONITOR ALL HIGHER LAYER PROTOCOLS
EXTENDS RMON1 WITH FOLLOWING GROUPS:• PROTOCOL DIRECTORY GROUP
• PROTOCOL DISTRIBUTION GROUP• ADDRESS MAPPING GROUP
• NETWORK LAYER HOST GROUP• NETWORK LAYER MATRIX GROUP• APPLICATION LAYER HOST GROUP
• APPLICATION LAYER MATRIX GROUP• USER HISTORY GROUP
• PROBE CONFIGURATION GROUP
1010المحاضرة المحاضرة
المنهاج مم المنهاج حاور حاورCourse OutlineCourse Outline
1010المحاضرة المحاضرة
المنهاج مم المنهاج حاور حاورCourse OutlineCourse Outline
الشبكات إدارة نظم وأهمية الشبكات تعريف إدارة نظم وأهمية تعريف الشبكات إدارة نظم الشبكات مكونات إدارة نظم مكونات بروتوكوالت تطور عن تاريخية بروتوكوالت لمحة تطور عن تاريخية لمحة
الشبكات إدارة الشبكات نظم إدارة نظم البرتوكول البرتوكولSNMPv1SNMPv1
البنيةالبنية–األساسية – والوظائف اإلدارة األساسية نموذج والوظائف اإلدارة نموذجالبرتوكول – رزمة وتفاصيل البرتوكول محددات رزمة وتفاصيل محدداتالبيانات – قاعدة البيانات بنية قاعدة MIBMIBبنية
البرتوكول البرتوكولSNMPv2SNMPv2 البرتوكول البرتوكولSNMPv3SNMPv3بعد برتوكولبرتوكول عن بعد اإلدارة عن RMONRMON اإلدارةWeb-based ManagementWeb-based Management