snmp at a glance
TRANSCRIPT
1
OverviewSNMP (Simple Network Management Protocol) -It is an Internet-standard protocol for managing devices (routers,switches, printers, workstations, servers etc.) on IP network. Thestandard was defined by IETF RFC 1157 in May of 1990.It can be used to monitor the health of your routers, servers, andother pieces of network hardware, but you can also use it tocontrol your network devices and even send pages or take otherautomatic action if problems arise.SNMP is an application layer protocol which uses User DatagramProtocol (UDP) for transport layer and Internet Protocol (IP) in thenetwork layer of the TCP/IP protocol suite. SNMP requests aretransmitted as UDP datagrams over a connectionless transmissioninterface between SNMP Manager and Agent (Residing in thedevice to be monitored). Communication is preformed via UDP onports 161 and 162.
2
Key ComponentsManaged Object (MO) – A resource that is supervised andcontrolled by the SNMP manager (e.g. switch, workstation etc.). MOcan represent one or more resources or relationship betweenresources. MO has certain properties called attributes.Attribute – It describes the characteristics, current state andcondition of the operation on the MO. An Attribute value isassociated with each Attribute. For example a switch may have anattribute called status and value “operational”.Management Information Base (MIB) – It is a database containinginformation about elements to be managed In the MIB. Eachresource is represented as an MO. Each MO is identified using aunique Object Identifier (OID). It Provides a map between numericOIDs and a textual human readable form.Structured Management Information (SMI) - It defines theframework within which an MIB can be defined and constructed. Itdefines the data types that can be used and how MOs can berepresented and named in the MIB. It is defined in RFC 1155.
3
Key ComponentsAbstract Syntax Notation one(ASN.1) - SMI specifies use of ASN.1to describe MIB variables. It is a notation (representation) thatdescribes an abstract syntax for data types such as integers,counters etc. It has a set of simple data types and structure typesthat are used to define MIB structure.Basic Encoding Rule (BER) - It describes the actual representationof data. It provides a set of rules to develop bit level data forcommunication. The rule require that each type need to beconverted to a data element.Data Element – It consist of three components – Type , Lengthand value (TLV). Type indicates whether the data element is aOBJECT IDENTIFIER or a Sequence etc. Length indicates length ofcontent in octets. Value indicates the actual information of dataelement. It can be of variable length.
T L T L V T L V
V
4
Key ComponentsSNMP Agent –Network device runs a SNMP agent as a daemon process which answersrequests from the Manager. It makes the Object (MO) visible toManager. It performs action on the Object requested by a Manager. Italso notifies any change in the state of Object to Manager.SNMP Manager –It manages the system. It controls the MO by sending action request toagent. It can only deal with the MOs that the agent allows it to see.Several managers may share the same agent. Several managers maycontrol the same MO.Working principle -Network device runs an SNMP agent as a daemon process whichanswers requests from the network. The agent populates the MIB whichprovides a large number of Object Identifiers and makes them available.An SNMP manager (client) can then query the agent’s OIDs for specificinformation.
SNMP Community –
5
Key ComponentsSNMP Community –SNMP agent establishes a community with a set of managersbased on the authentication and access privileges required forthem to access the MIB or a subset of the MIB. Agent can definedifferent communities based on the access privileges required fora set of managers. Each community is given a name. When agentreceives a request from a Manager, it verifies the “communityname” in the request message for authentication and provideslimited access to MIB based on access policy.
Traps –It enables an agent to send asynchronous messages to themanagers. It is used to inform the managers of some significantevent (e.g. link-down, cold-start ).
6
Example of SMI structure
Below is a part of the Structure of Management Information ofSystem Object Group in ASN.1. It declares “system” as a MIBObject.RFC1214-MIB DEFINITIONS :: = BEGINIMPORTS
TimeTicks, IpAddress, CounterFROM RFC1151-SMI;
OBJECT-TYPEFROM RFC-1212;
system OBJECT INDENTIFIER :: = { mib-2 1}sysUpTime OBJECT-TYPE TimeTicks (.001a):SYNTAX TimeTicks Time since lastACCESS read-onlySTATUS mandatory
:: = { system 3}..
END
7
Defining a Table
Defining a two dimensional table in ASN.1 –Define tcpConntable as a table containing TCPConnEntry as row.Each instance of TcpConnEntry will be considered as a row.
tcpConntable OBJECT-TYPESYNTAX Sequence of TcpConnEntryACCESS not-accessibleSTATUS mandatoryDescription
“A table containing TCP connection specific information”:: = { tcp 13}
8
Defining a Table
Define columns (TcpConnEntry ) and Index -tcpConnEntry OBJECT-TYPE
SYNTAX TcpConnEntryACCESS not-accessibleSTATUS mandatoryDESCRIPTION
“Information about a particular current TCP connection”INDEX { tcpConnState,
tcpConnLocalAddress,tcpConnLocalPort,tcpConnremAddress,tcpConnLocalPort
}:: = { tcpConnTable 1}
9
Defining a Table
Define columns (TcpConnEntry ) -TcpConnEntry ::= SEQUENCE { tcpConnState INTEGER,
tcpConnLocalAddress IpAddress,tcpConnLocalPorta INTEGER(0…65535),tcpConnremAddress, IpAddress,tcpConnLocalPort INTEGER(0…65535)
}
Define each column entry -tcpConnState OBJECT-TYPESYNTAX INTEGER { closed(1),listen(2),… deleteTCB(12) }ACCESS read-writeSTATUS mandatoryDESCRIPTION
“State of this TCP connection”:: = { tcpConnEntry 1 }
10
Defining a TableDefine column entry -tcpConnLocalAddress OBJECT-TYPESYNTAX IpAddressACCESS read-onlySTATUS mandatoryDESCRIPTION
“The local IP address of this TCP connection”:: = { tcpConnEntry 2 }
tcpConnLocalPort OBJECT-TYPESYNTAX INTEGER {0 …65535}ACCESS read-onlySTATUS mandatoryDESCRIPTION
“The Local port number for this TCP connection”:: = { tcpConnEntry 3 }
11
Defining a TableDefine column entry -tcpConnRemoteAddress OBJECT-TYPESYNTAX IpAddressACCESS read-onlySTATUS mandatoryDESCRIPTION
“The Remote IP address of this TCP connection”:: = { tcpConnEntry 4 }
tcpConnRemotePort OBJECT-TYPESYNTAX INTEGER {0 …65535}ACCESS read-onlySTATUS mandatoryDESCRIPTION
“The Remote port number for this TCP connection”:: = { tcpConnEntry 5 }
12
Defining a TableDefine column entry -tcpConnRemoteAddress OBJECT-TYPESYNTAX IpAddressACCESS read-onlySTATUS mandatoryDESCRIPTION
“The Remote IP address of this TCP connection”:: = { tcpConnEntry 4 }
tcpConnRemotePort OBJECT-TYPESYNTAX INTEGER {0 …65535}ACCESS read-onlySTATUS mandatoryDESCRIPTION
“The Remote port number for this TCP connection”:: = { tcpConnEntry 5 }
13
Defining a TableThe tcpConnTable table with column entries will be as below.
OID is mentioned for each column.
tcpCnnEntry oid for rows = 1.3.6.1.2.1.6.13 .1
tcpConnState1.3.6.1.2.1.6.13.1.1
tcpConnLocalIpAddress1.3.6.1.2.1.6.13.1.2
tcpConnLocalPort1.3.6.1.2.1.6.13.1.3
tcpConnRemoteIpAddress1.3.6.1.2.1.6.13.1.4
tcpConnRemotePort1.3.6.1.2.1.6.13.1.5
5 10.0.0.56 12 9.3.5.13 15
4 0.0.0.0 98 0 0
7 10.0.0.56 14 102.34.56.8 84
14
Defining a TRAPTraps - It is an asynchronous message sent byagent to Manager. It sends the trap to desiredmanagers based on the Trap configuration fileentry.
tcpConnRemoteAddress TRAP-TYPEENTERPRISE frame-relayVARIABLES (frCircuitIndex, frCircuitInDlci, frCircuitState)DESCRIPTION
“Trap for frCircuitState state change notification”:: = 1
15
MIB TreeIt is a MIB tree which displays the various groups andtheir associated OID.
ROOT
Interfaces is uniquely identified as 1.3.6.1.2.1.2
ITU-T(0) ISO(1) Joint-ISO-ITU-T(2)
STND(0)
REG-AUTH(1)MEM(2)CC ( iISO3166)
IE-ORG(3)ICD (ISO 6523)
DOD(6)
Internet(1)
Mgmt(2)
Mib-2(1)
Interfaces(2)
16
version community SNMP PDU
PDU type
Enterprise
Agent-addr
Generic-trap
Specific-trap
Time-Stamp
Variable-bindings
PDU type request-id error–status error-index Variable-bindings
SNMP Packet Data Unit (PDU)
variable-bindings
PDU type request-id 0 0 name1 value1 … nameN valueN
Information is exchanged between a agent and a manager in the form of aSNMP message. Each message includes SNMP version number, communityname and SNMP PDU.
(SNMP message format)
SNMP PDU can be one of the following types of PDUs as below.
(Request PDU)
(Response PDU)
(Trap PDU)
17
Transmission of SNMP Messages
Variable Binding –
All SNMP operation involve access to an Object instance .SNMP allowsgrouping a number of same type of operations (get , set) in to a singlemessage. To implement this all SNMP PDUs include a variable bindingfield. The field consist of a sequence of reference to object instance andcorresponding value of the object. The variable binding part is ignoredwhere PDU is concerned only with name of the object instance.
SNMP performs following actions to transmit any of the PDUs toanother SNMP entity.
• PDU is constructed using ASN.1 structures defined in RFC 1157.
• This PDU is then passed to Protocol Entity to construct a SNMPmessage consisting of version, community name and the PDU.
• The new ASN.1 Object is encoded using BER and passed to transportservice.
18
Receipt of SNMP Messages
SNMP performs following actions after receiving any SNMP messagefrom another SNMP entity.
• It does a basic syntax check and discards the message if checkfails
• It verifies version number and discards the message if versionmismatch
• If authentication fails then Protocol Entity generates a TRAP anddiscards the message.
• If authentication succeeds , a PDU in the form of an ASN.1 objectthat confirms to RFC 1157 is returned
• Protocol entity does basic syntax check and discards the PDU iffails
• Using community name, appropriate access policy, PDU isprocessed.
19
MIB View
MIB-2 mib view -
20
IE-ORG(3)
DOD(6)
Internet(1)
Mgmt(2)
Interfaces(2)
Mib-2(1)
ISO(1)
system(1)
at(3)
udp(7)
icmp(5)
tcp(6)
ip(4)
egp(8)
cmot(9)
snmp(11)
transmission(10)
MIB-2 mib groups
Part of the MIB-2 groups are shown below.
(MIB-2 System Group) (MIB-2 Interface Group) (MIB-2 IP Group)
sysDescr(1)
sysObjectid(2)sysUpTime(3)sysContact(4)
system(1)
sysName(5)sysLocation(6)sysServices(7)
Interface(2)
ifEntry(1)
ifNumber(1)
IfTable(2)
ifIndex(1)ifDescre(2)
ifSpecific(22)
ifOperStatus(8)
ipForwarding(1)ipDefaultTTL(2)
ipInreceives(3)
ipAdpEntAddr(1)
ipAddrTable(20)
ip(4)
ipAddrEntry(1)
ipAdEntifindex(2)
ipAdEntNetMask(3)ipAdEntBcastAddr4)ipAdEnReasmMaxSize(5)
Accessing Object Values
Retrieving a simple object value -
To access “Sysdescr” value from “MIB 2 system group”
snmpGet option Hostname community 1.3.6.1.2.1.1.1.0
Response possible - 1.3.6.1.2.1.1.1.0 , value = <Name of SNMP agent>
Retrieving a number of simple object value -To access multiple simple objects “sysDescr”, “sysObjectid”, “sysName”, and“sysLocation” values from MIB-2 system group
snmpGet option Hostname community 1.3.6.1.2.1.1.1.0, 1.3.6.1.2.1.1.2.0,1.3.6.1.2.1.1.6.0, 1.3.6.1.2.1.1.7.0
Response possible - 1.3.6.1.2.1.1.1.0 , value = <Name of SNMP agent>
1.3.6.1.2.1.1.2.0, value = 10
1.3.6.1.2.1.1.6.0, value = Drone
1.3.6.1.2.1.1.7.0, value = Bangalore22
Accessing Object Values
To access multiple simple objects udpIndatagrams, udpNoPorts,udpInError, updOutDatagrams values from MIB-2 UDP group
snmpGetNext option Hostname –c community 1.3.6.1.2.1.7.1.0,1.3.6.1.2.1.7.2.0, 1.3.6.1.2.1.7.3.0, 1.3.6.1.2.1.7.4.0
Agent will return values in lexicographic order–
1.3.6.1.2.1.7.1.0, value = 90
1.3.6.1.2.1.7.2.0, value = 1
1.3.6.1.2.1.7.3.0, value = 2
1.3.6.1.2.1.7.4.0, value = 120
If udpNoPorts is not supported then agent will retun the value ofnext OID in lexicographic order i.e. udpInError and finallyudpOutputdatagrams.
23
Accessing Table Values
Accessing Table values –
If contents and no. of rows are not known , then snmpGetNext can beinvoked with column names. Agent will respond with values of first row.
• Retrieve a value using table index -
Use an index into the table to select the field which uniquelyindentifies the row. To get netmask in the ipAddrtable (MIB-2 IPgroup) for a router whose ipaddress is 100.90.22.7
snmpGet hostname -c public 1.3.6.2.1.4.20.1 3 100.90.22.7
• Retrieve a value using GetNext
Get operational status on interface 1 (Interface group)
snmpGetNext hostname -c public 1.3.6.1.2.1.2.2.1.8.1
Response - 1.3.6.1.2.1.2.2.1.8.2, value = 124
Object and Table Modification
Modify Object value
Set sysName for a router in MIB-2 system group
SNMPset hostname –c community 1.3.6.1.2.1.1.5.0 value=“CiscoRouter1”
Possible response - 1.3.6.1.2.1.1.5.0 , value = “CiscoRouter1”
Update table value
To update ipRouteMetric1 in ipAddrTable (MIB-2 ip group) for arouter with ip address 100.90.22.7
SNMPset hostname –c community 1.3.6.2.1.4.21.1 3 value = 5
100.90.22.7
25
Object and Table Modification
Add a new row
In the SNMPset command, assign index a new value and assignall columnar objects with desired value. When agent finds anindex value that is not available in the Table, then based on thepolicy configured, it may create a new row or reject the requestwith an error “noSuchName”
Delete a row
To delete ipRouteMetric1 in ipAddrTable (MIB-2 ip group) for arouter with ip address 100.90.22.7
SNMPset hostname –c community 1.3.6.2.1.4.21.1 3 value = invalid100.90.22.7
Based on the implementation agent will either the delete the rowfrom MIB ro mark it as deleted.
26
SNMP V2 Commands
SNMPwalk –
It traverses the MIB tree based on a starting OID. By default with no OID, it returns the MIB-II OIDs.
Walk on mgmt.mib-2.system group tree
SNMPwalk switch2 1.3.6.1.2.1.1
Possible response -system.sysObjectID.0: OBJECT IDENTIFIER: iso.org.dod. internet. private. enterprises.cisco.
system.sysUpTime.0 : Timeticks: (168113316) 19 days, 10:58:53.16
system.sysContact.0 : DISPLAY STRING- (ascii): J.C.M. Pager 555-1212
system.sysName.0 : DISPLAY STRING- (ascii): witch2.com
system.sysLocation.0 : DISPLAY STRING- (ascii): Bangalore
system.sysServices.0 : INTEGER: 627
SNMP V2 Commands
SNMPbulk –It retrieves a chunk of information in one operation, as opposed to
a single get or sequence of get-next operations.
Get all info on ifInOctets and ifOutOctets in MIB-2 Interface group
nonrepeaters and max-repetitions are set with the 0 and 3.
SNMPbulkget -v2c -B 0 3 dec.com public ifInOctets ifOutOctets
Possible Response -interfaces.ifTable.ifEntry.ifInOctets.1 = 70840
interfaces.ifTable.ifEntry.ifOutOctets.1 = 70840
interfaces.ifTable.ifEntry.ifInOctets.2 = 143548020
interfaces.ifTable.ifEntry.ifOutOctets.2 = 111725152
interfaces.ifTable.ifEntry.ifInOctets.3 = 0
interfaces.ifTable.ifEntry.ifOutOctets.3 = 0
28
SNMPV2 Enhancements
• New data types Introduced – Unsigned32 and Counter64
• New Error messages introduced –
– noSuchObject or noSuchInstance
– endOfMibView
• Set is done in two phases
– Validation of each variable, incase of failure operation aborted.
• Enhancement on Trap
– Each trap is assigned an OID.
– New macro NOTIFICATION-TYPE
– Timestamp and trap identifier is moved to variable list
• New commands – snmpwalk and snmpbulk
• Communication between managers using inform-request 29
SNMPV3 Enhancements
It consist of two layers – Application and SNMP Engine.
SNMP Engine –
• Dispatcher – Accepts PDU to be sent, supports multiple versions
• Message Processing Subsystem - send messages and extract data from received messages
• Security Subsystem – provides authenticity and privacy
• Access Control Subsystem – provides authorization service
Application –
Command Generator – initiates Get and SET PDUs
Command Responder – generate Responses
Notification Receiver/Originator – generate responses to inform PDU
Proxy Forwarder – Forwards SNMP messages
30
SNMPV3 Enhancements
It consist of two layers – Application and SNMP Engine.
SNMP Engine –
• Dispatcher – Accepts PDU to be sent, supports multiple versions
• Message Processing Subsystem - send messages and extract data from received messages
• Security Subsystem – provides authenticity and privacy
• Access Control Subsystem – provides authorization service
Application –
Command Generator – initiates Get and SET PDUs
Command Responder – generate Responses
Notification Receiver/Originator – generate responses to inform PDU
Proxy Forwarder – Forwards SNMP messages
31
SNMPV3 Enhancements
SNMP V3 MIBs –
• Management target MIB
• Notification MIB
• Proxy MIB
Security –
• User based security
• View based access control
32
Limitations of SNMP
• SNMP may not be suitable for management of truly large network because of the performance limitations of polling.
• SNMP is not well suited for retrieving large volumes of data such as an entire routing table.
• SNMP traps are unacknowledged. Agent can not be sure of critical messages being delivered to Manager.
• Basic SNMP is better suited for monitoring than for control.
• SNMP MIB model is limited and does not support applications that make sophisticated management queries based on object value or types.
33
