02-SNMP

8/8/2019 02-SNMP

http://slidepdf.com/reader/full/02-snmp 1/69

1

Copyright Warning

COMMONWEALTH OF AUSTRALIA

Copyright Regulation 1969

WARNING

This material has been copied and communicated to you by or onbehalf of Curtin University of Technology pursuant to Part VB

of the Copyright Act 1968 (the Act)

The material in this communication may be subject to copyright

under the Act. Any further copying or communication of this

material by you may be the subject of copyright protection underthe Act.

Do not remove this notice

8/8/2019 02-SNMP


2

Network Systems

Design 304

Simple Network Management

Protocol

8/8/2019 02-SNMP


3

Overview

Background (History)

SNMPv1 Structure of Management Information

Architecture/Protocol

Management Information Bases (MIBs)MIB-II

RMON

SNMPv2

Summary

8/8/2019 02-SNMP


4

Historic Background

Prior to 1988, the only standardised management protocol for TCP/IPnetworks was the Internet Control Message Protocol (ICMP)

In 1988, development of three network management protocols was beingpursued: Common Management Information Services and Protocol over TCP (CMOT)

High-level Entity Management System (HEMS) Simple Gateway Monitoring Protocol (SGMP) RFC 1052 - IAB Recommendations for the Development of Internet Network

Management Standards

Goals:

Minimise complexity of management functions Flexible, extensible Independent of the architecture and mechanisms of particular hosts and

gateways

8/8/2019 02-SNMP


5

Related IETF Documents

RFC 1155 – Structure of Management Information

(SMI)

RFC 1157 – SNMPv1 protocol operations

RFC 1212 – Defines structure and syntax of MIBs

RFC 1213 – MIB-II (core management information)

8/8/2019 02-SNMP


6

SNMP Architecture & Model

Organisation Components, functions, relationships

Information

Structure and organisation of information Management Information Base

Communication Transfer syntax/structure (PDUs) administration

Functional Configuration, Performance, Fault, Security, Accounting No formal specifications

8/8/2019 02-SNMP


7

SNMPv1 (Organisation)

Directly derived from SGMP

SNMP Entities Manager (client) – Initialisation, monitoring and control

Houses applications

Agent (server) – Receive, process and respond to requests andgenerate event reports Management Information Base (MIB)

Hierarchical architecture 2-tier (Inherently centralised)

1 manager, multiple agents

Multiple managers, multiple agents

3-tier - RMON

8/8/2019 02-SNMP


8

Information Model (SMI)

Management information within managedsystems must be represented as:

ScalarsTables

The SNMP protocol can only exchange (alist of) scalars

Defined in terms of ASN.1 constructs.

8/8/2019 02-SNMP


9

Information Model (Management

Information Bases) A MIB is a precise definition of the information accessible through a network

management protocol Defined using the Abstract Syntax Notion 1 (ASN.1) language (next week’s

lecture).

MIBs follow a structured tree-like hierarchical naming convention. Root node SMI (defined in RFC 1155) All nodes in a MIB are uniquely identified through Object Identifiers (OIDs) A leaf node in a MIB defines an object class that can be instantiated:

Variable or Object Instance

A MIB can extend/import a parent MIB/Specification (e.g. MIB-II –transmission, SMI)

Example MIBs: Remote Network Monitoring MIB (RMON) – RFC 1757 MIB-II – RFC 1213

8/8/2019 02-SNMP


10

Object Identifiers An OID is an ordered sequence of

non-negative integers, written fromleft to right

A rooted tree is often used toillustrate the numbers in the

sequences that correspond to OIDvalues E.g. objectA is { 1.2.1.1 }

Object Instances/Variables

The identity for a variable is based on theidentity of its class and its identificationwithin its class

OID prefix + OID suffix = OID value

OIDs in a MIB are lexicographicallyordered

Root

Node (1) Node (2)

Node (1) Node (2)

Object (1) Object (2)

NodeA (1)

ObjectA (1)

8/8/2019 02-SNMP


11

MIB Tree Traversal The lexicographical ordering of the

MIB tree allows you to discover,without prior knowledge of itsstructure, all the object identifiersthat a given network device cansupport.

The lexicographical order of thisMIB is: 1 1.1

1.1.1 1.2 1.2.1 1.2.1.1 1.2.2

2

Root

Node (1) Node (2)

Node (1) Node (2)

Object (1) Object (2)

NodeA (1)

ObjectA (1)

8/8/2019 02-SNMP


12

Communication Model

Architecture Operations between managers and agents (message format specified in ASN.1) Communication semantics Message Exchange

Connectionless Stateless

Supports polling and interrupt-driven (traps) communications. Agent port - UDP port 161 Trap daemon port – UDP port 162

Administrative Model Use the concept of communities

Only members of the same community can communicate with each other Community Profile:

SNMP MIB View – agent programmed only to view a subset of managed objects of anetwork element

SNMP Access Mode – Each community name is assigned an access mode: read-onlyand read-write

Community Profile = MIB view + access mode

8/8/2019 02-SNMP


13

Administrative Model (cont…)

Authentication in SNMPv1 is facilitated through the community string in anSNMP PDU Community strings are analogous to passwords. No concept of multiple users in SNMPv1 The default community string is “public”

The community string is sent in cleartext!!!

Manager 1(Community 1)

Agent 1Community Profile 1


Community 1

Manager 1(Community 1, Community 2)



Community 2

Manager 3

(Community 2)

8/8/2019 02-SNMP


14

SNMP Operations

Set-Request Initialises or changes the value of

network element

Get-Request Sent by manager requesting data fromagent

Get-Next-Request Sent by manager requesting data on the

next managed object to the one specified

Get-Response Agent responds with data to get and set

requests from he manager

Trap Alarm generated by agent

8/8/2019 02-SNMP


15

SNMP Message Format

SNMP PDU

Tag Len Value: sequence of fieldsAdministrative

fields

Tag Len Value: sequence of fieldsSNMP

Message

Version CommunityPDUType

VarBindList

Fields of anSNMP

message

Control fields Value: sequence of VarBindsTag LenFields of an

SNMP PDU

Tag Len Value: pair of fieldsArray of

VarBinds

VarBind

Tag Len Value: pair of fields

VarBind

Tag LenValue: identification of

management informationTag Len

Value: value of management information

8/8/2019 02-SNMP


16

Sending/Receiving a Request The top level actions for a manager to send a request

message are as follows:1. Appropriate PDU is constructed based on the VarbindList and the

operation type

2. The PDU, security information and agent identity are input to a securitymechanism to apply authentication and encryption to the PDU

3. The result from the security mechanism and the community string are

used to generate an SNMPv1 message4. The message is then serialised and sent using a transport service to

the specified SNMP agent

The top level actions for an agent to receive a requestmessage are as follows:

1. Incoming message is de-serialised to construct an ASN.1 message2. Version number is verified

3. The community name, security information and the data found in theSNMPv1 message are input to a security mechanism – Conceptuallyin SNMPv1

4. The agent then performs a rudimentary parse of the ASN.1 object

returned from the security service to build an ASN.1 objectcorresponding to an SNMPv1 PDU object

8/8/2019 02-SNMP


17

Sending/Receiving a Response The top level actions for an agent to send a response

message are as follows:1. It first constructs a GET-RESPONSE PDU using as input, the saved

request-id value and the values for error-status, error-index andVarBindList returned from processing the request.

2. The PDU, security information and agent identity are input to a securitymechanism.

The result is just the original PDU in SNMPv13. The result from the security mechanism and the community string are

used to generate an SNMPv1 message

4. The message is serialised and then sent to the manger address fromthe request.

The top level actions for a manager to receive a responsemessage are as follows:

1. Incoming message is de-serialised.

2. PDU version is verified.

3. The community name, security information and the data found in theSNMPv1 message are input in the security mechanism.

4. The ASN.1 object is parsed.

8/8/2019 02-SNMP


18

SNMPv1 GET Request Processing

Retrieves the value of one or more instances of management information.

Each VarBind element of array VarBindList specifies theidentify of an instance of management information.

Request

IDName X Value XError Status ...Error IndexGet-Request

RequestID

Name X Value XError Status ...Error IndexGet-Response

Copy value Copy value

Not used Not used Not used

Set to zero Set to zero Current Value

8/8/2019 02-SNMP


19

SNMPv1 GET Request Processing

On error, one of the following values is retuned in theerror-status field: tooBig

noSuchName genErr

RequestID Name X Value XError Status ...Error IndexGet-Request

RequestID




Set to error Set to zero

or index Copy Value

8/8/2019 02-SNMP


20

SNMPv1 GETNEXT Request Processing

Request

IDName X Value XError Status ...Error Index

GetNext-Request

Request

IDName X Value XError Status ...Error IndexGet-Response

Copy value Determine next


Set to zero Set to zero Current Value

8/8/2019 02-SNMP


21

Example - SNMP MIB Walk

Get-Request: ipRouteDest.1

Get-Response: ipRouteDest.1 = 0.0.0.0

NetworkManagement

Station

Time

Agent

Time

0.0.0.0

15.0.0.0

131.108.0.0

129.140.0.0

ipRouteDest

ipRouteDest.1

ipRouteDest.2

ipRouteDest.3

ipRouteDest.4

8/8/2019 02-SNMP


22


Get-Next-Request ipRouteDest.1




NetworkManagement

Station

Time

Agent

Time

0.0.0.0

15.0.0.0

131.108.0.0

129.140.0.0

ipRouteDest

ipRouteDest.1

ipRouteDest.2

ipRouteDest.3

ipRouteDest.4

8/8/2019 02-SNMP


23








NetworkManagement

Station

Time

Agent

Time

0.0.0.0

15.0.0.0

131.108.0.0

129.140.0.0

ipRouteDest

ipRouteDest.1

ipRouteDest.2

ipRouteDest.3

ipRouteDest.4

8/8/2019 02-SNMP


24










NetworkManagement

Station

Time

Agent

Time

0.0.0.0

15.0.0.0

131.108.0.0

129.140.0.0

ipRouteDest

ipRouteDest.1

ipRouteDest.2

ipRouteDest.3

ipRouteDest.4

8/8/2019 02-SNMP


25





Get-Response: error (NoSuchName)







NetworkManagement

Station

Time

Agent

Time

0.0.0.0

15.0.0.0

131.108.0.0

129.140.0.0

ipRouteDest

ipRouteDest.1

ipRouteDest.2

ipRouteDest.3

ipRouteDest.4

8/8/2019 02-SNMP


26

Example Table Retrieval

xyzC1 xyzC2 xyzC3 xyzC4

xyzEntry

xyzTable

Row index 1Row index 3Row index 6

stu

stuS1 stuS2 stuS3

xyzC1 xyzC2 xyzC3 xyzC4index

1

3

6

GETNEXT(xyzC1, xyzC2, xyzC3, xyzC4)RESPONSE(xyzC1.1, xyzC2.1, xyzC3.1, xyzC4.1)GETNEXT(xyzC1.1, xyzC2.1, xyzC3.1, xyzC4.1)RESPONSE(xyzC1.3, xyzC2.3, xyzC3.3, xyzC4.3)GETNEXT(xyzC1.3, xyzC2.3, xyzC3.3, xyzC4.3)RESPONSE(xyzC1.6, xyzC2.6, xyzC3.6, xyzC4.6)

GETNEXT(xyzC1.6, xyzC2.6, xyzC3.6, xyzC4.6)RESPONSE(xyzC2.1, xyzC3.1, xyzC4.1, stuS1)

stuS1

GETNEXT

row retrieval

8/8/2019 02-SNMP


27

Sparse Tables It is possible that not all columns in a table have an instance in a row

GETNEXT operations skip over the non-existing instances in the table

Manager has to perform additional checking


xyzEntry

xyzTable


GETNEXTrow retrieval

8/8/2019 02-SNMP


28

SNMPv1 SET Request Processing Modifies the value of one or more instances of management information

Also creates new instances and delete existing instances of managementinformation

Operation either completely succeeds or completely fails

In snmpv1, there are 3 types of error messages that can be returned: noSuchName badValue genErr

Request

ID Name X Value XError Status ...Error IndexSet-Request

RequestID



Not used Not used

Set to zeroor error

Set to zeroor index Copy value

8/8/2019 02-SNMP


29

Example – Row Creation


xyzEntry

xyzTable

SET ((xyzC2.4, 2), (xyzC3.4,45))

2 45


Row index 4

Row index 5Row index 6

8/8/2019 02-SNMP


30

SNMP Traps An unsolicited message an SNMP agent sends to the

manager. Manager is responsible for configuring the trap on the agent Used to reduce the length of time between when an event occurs

and when it is noticed by the manager

No response is expected

MIB-II defines 7 types of traps: Coldstart of a system Warmstart of a system

Link Down Link Up Authentication Failure Exterior Gateway Protocol (EGP) neighbour loss Enterprise Specific

8/8/2019 02-SNMP


31

Use of Events Agents provide the specified data only when

request by managers. The periodic gathering of data is called polling

Amount of time between an event and amanager realising that an event has occurredis called the event detection latency

Another model of management is based onagents in managed systems sending data toconfigured managers Traps (Pushing) However, during a communication failure, an

event report would never reach a manager

The snmp solution to this dilemma is calledtrap directed polling

Can reduce polling latency but may consumeadditional resources

Manager Agent

Pulling data

Manager Agent

Pushing data

timeEvent occurs

Event realised

Event

detection

latency

timeEvent occurs

Event detection

latency

minimised

Manager

polls

Manager

polls

Manager

polls

Manager

polls

Manager

polls

Manager

pollsManager

polls

earlier

than

normal

8/8/2019 02-SNMP


32

Event Triggering

There are 2 models for decidingwhen events occur:

Edge triggered events: occurs when a monitored value

first enters a range

monitored value must then enter a potentially different rangebefore the event may occur again – rearming the trigger

Level triggered events: occurs when a monitored value is

inside a range at the start of eachperiodic time interval

Rearm

threshold

Monitored value

Event

threshold

event rearm event rearm

Monitored value

Event

level

events

time

8/8/2019 02-SNMP


33

SNMPv1 Limitations LIMITED ERROR CODES

LIMITED DATA TYPES Reduction in complexity of SNMP has resulted in some increase in complexity of

MIB understanding and design

LIMITED TRAP NOTIFICATIONS

LIMITED PERFORMANCE Inefficient for large retrievals. (e.g. retrieving entire MIB or tables)

E.g. 2000 entry table with 4 columns 200ms RTT

Using GETNEXT-Requests: 2000 X 4 X 2 = 16000 packets or 2000 X 4 X .2 = 1600seconds!!!

IDLE-RQ like performance

LACK OF HIERARCHIES Inherently centralised

LACK OF SECURITY Community Strings

8/8/2019 02-SNMP


34

SNMPv1 MIBs (SMI, MIB-II, RMON)

8/8/2019 02-SNMP


35

SMI (RFC1155) Defined Data Types Integer – Signed 32 bit integer.

Enumerated Integer Octet String – String of bytes Object Identifier NetworkAddress – An address from one of possibly

several protocol families IpAddress – 32 bit IP address Gauge – Nonnegative integer from 0 to 232 – 1, which

may increase or decrease

Counter – Nonnegative monotonically increasinginteger from 0 to 232 – 1

Timeticks – Non-negative integer which counts time inhundredths of a second

Opaque – Arbitrary syntax

8/8/2019 02-SNMP


36

Gauge Used to specify a value whose range includes only non-

negative 32bit integers

RFC 1155 – this application-wide type represents a non-

negative integer, which may increase or decrease, but which latches at a maximum value

Max in

range

Min in

range

Time

Dashed line is the actual value

Solid line is value reported by gauge type

8/8/2019 02-SNMP


37

Counter Use to specify a non-negative value

whose range includes only positive32-bit integers

Values reported by counters are notabsolute, since the count is notrequired to start at 0 and the count

may roll over

Counters are used by obtaining avalue v0 at to and then later obtaininga value v1 at t1 Difference between v0 and v1 is the

count over the time period Counter rollover can be detected iff v0

> v1

A periodic sampling of counter valuesmay be converted into a rate value:

if (vi > vi-1) then r i = (vi – vi-1) / T

else r i = ((Cmax – (vi-1 – vi) + 1) / T

232 - 1

0

Time

Maximumvalue

Starting value

is undefined

Counter rollover

and start at 0

232 - 1

0

Time

Computed rate

8/8/2019 02-SNMP


38

Other Types

Timeticks - used to specify a non-negative value whoserange includes only non-negative integers Units are in hundredths of seconds

Length of time between rollovers is 497 days Network Address – used to specify a string a 4 octets

Currently used to store IPv4 addresses

Was designed to allow a network address of any type to bespecified

Obsolete – use IpAddress Opaque – used to specify octets of binary information

Generic type

8/8/2019 02-SNMP


39

SMI Tree

RFC 1155 defines top of theadministrative domain managedby the IETF:

1.3.6.1 Directory - reserved for use with a

future memo that discusses howthe OSI Directory may be used inthe Internet

Mgmt – area for items defined in

standards track documents. Experimental – area for IETF

experimental items

Private – area for delegation of subtrees to enterprises, that is,anyone who asks for an enterprisenumber

iso (1) Joint-iso-ccitt (2)

org (3)

dod (6)

internet (1)

ccitt (0)

directory (1) mgmt (2)

mib (1)

experimental (3) private (4)

enterprise (1)

8/8/2019 02-SNMP


40

MIB II MIB-II defines 11 separate groups:

system (1) interfaces (2) address translation (3) IP (4)

ICMP (5) tcp (6) udp (7) egp (8) cmot (9) CMIS over TCP (for historic reasons only) transmission (10) snmp (11)

RFC1213 defines 2 additional data types DisplayString

PhysAddress

8/8/2019 02-SNMP


41

System Group

Contains data pertaining to the system where the agent isresiding in

Fault management objects:

SysObjectID – System Manufacturer sysServices – Protocol layers that device services – using formula

2(L-1)

e.g. host that runs transport + application layer services 2(4-1) + 2(7-1) = 72

sysUptime – Amount of time system has been operational

Configuration management objects: sysDescr – Description of the system sysLocation – System’s physical location sysContact – System’s name

8/8/2019 02-SNMP


42

Interfaces Group

The interfaces group provides information pertaining toeach specific network interface (ifTable)

Useful for configuration, performance, fault and accounting

management

ifNumber - number of interfaces

ifTable example:

ifIndex ifDescr ifOperStatus ifInUPackets ifSpeed

0 DEC Ethernet 1 1 8169 8000000

1 SUN Ethernet 1 2 16184 100000

8/8/2019 02-SNMP


43

Interfaces Group (cont…)

Example – Determining utilisation

Total bytes = (ifInOctectsy – ifInOctectsx) +

(ifOutOctectsy – ifOutOctectsx)

Total bytes per sec = Total bytes / (y-x)

Utilisation = (total bytes per sec* 8) / ifSpeed

8/8/2019 02-SNMP


44

IP Group

Provides information about the IP layer in a systemsnetwork protocol stack Information pertaining to errors and types of packets seen.

Routing table (i.e. ipRouteTable)

Configuration/Fault management objects ipForwarding – If device is set up to route IP packets

ipAddrTable – Addresses on the device

ipRouteTable – Routing table

Performance management objects

ipInDiscards – Rate of input datagrams discarded ipInHdrErrors – Rate of input header errors

ipInAddrErrors – Rate of input address errors

Accounting management objects ipOutRequests – Number of IP datagrams sent

ipInDelivers – Number of IP datagrams received

8/8/2019 02-SNMP


45

ICMP Group

Provides information pertaining to systems ICMP

entity

icmpInRedirects – rate of redirect messages received

icmpOutDestUnreachs – rate of destination

unreachable errors sent.

icmpInSrcQuenchs – input rate of source quench

messages

icmpOutEchos – rate of output echo messages

8/8/2019 02-SNMP


46

TCP Group TCP – The Transmission Control Protocol (TCP) provides reliable transport services

between applications (UDP is the unreliable transport service used in IP)

Configuration management objects: tcpRtoAlgorithm – Retransmission algorithm tcpConnTable – Connection table (i.e. netstat).

Performance management objects:

tcpAttemptFails – Number of failed attempts to make a connection tcpEstabResets – Number of resets in established connections

Accounting management objects: tcpActiveOpens – Number of times this system has opened a connection tcpInSegs – Number of TCP segments received

Security management objects: tcpConnTable – Connection table (i.e. netstat)

The User Datagram Protocol (UDP) group provides similar information. (e.g.udpTable)

8/8/2019 02-SNMP


47

EGP Group

EGP (RFC 904) is a protocol that tests for the reachability of IP networks. An IP network can be divided into networks of

autonomous systems

egpNeighTable

Fault management objects: egpNeighState – state of egp neighbour

(up,down)

Configuration management objects egpIntervalHello – hello message interval.

egpAs – local egp autonomous system.

Managing Host PC 1 PC 2

Printer 2

Wide AreaNetwork

PC 3

Network Drive 1

Server 1

Server 2

Router 3

Router 1Printer 1

Network Drive 2

Router 2

8/8/2019 02-SNMP


48

Transmission Group

Reserved for information pertaining tospecific media underlying the interfaces of

a system

Various RFCs:RFC 1512 FDDI

RFC 1493 Bridge

RFC 1743 Token Ring

8/8/2019 02-SNMP


49

SNMP Group Management protocols also need to be managed!!!

Useful to all 5 areas of network management

Fault management objects: snmpInASNParseErrrors – Number of malformed SNMP messages snmpInNoSuchNames – Number of requests to invalid objects

Configuration management objects: EnableAuthenTraps – Enables entity to send traps when authentication errors

occur

Performance/Accounting management objects:

snmpInPkts – Rate of SNMP packets input snmpInTraps – Rate of traps input

Security management objects: snmpInBadCommunityNames – Number of authentication failures snmpInBadCommunityUses – Number of requests without sufficient privileges

8/8/2019 02-SNMP


50

Topology Discovery Revisited

1. temporarySet = get_default_router()

2. foreach router in temporarySet do

a. ping(this_router)b. if (this_router is alive) then

permanentSet = permanentSet + this_router

c. hostList = SNMP_GetArpTable(this_router)

d. permanentSet = permanentSet + hostList

e. routerList = SNMP_GetIpRouteTable(router)

f. permanentSet = permanentSet + routerList

g. temporarySet = temporarySet + routerList

8/8/2019 02-SNMP


51

Remote Monitoring (RMON)

Goal - A remote monitoring device to help perform management

on a network segment while reducing on agents andmanagement stations

RMON1 (RFC 1757 - DRAFT) - Ethernet TOKEN RING EXTENSIONS TO RMON (RFC 1513 - PROPOSED)

RMON2 (RFC 2021 - PROPOSED)

E

THERNET

MANAGER

RMON

WAN

8/8/2019 02-SNMP


52

Objectives Off-line operation: Limit or halt routine polling of a monitor by a network manager

Performance reasons

May cease if there is a communications failure Probe continues to accumulate statistics that may be retrieved at a later time

Proactive monitoring: Probe can continuously run diagnostics and log networkperformance In the event of failures, probe may notify managers and provide useful diagnostics

Problem detection and reporting: Active probing of consumption of resources on thenetwork to check for error and exceptional conditions

Value-added data: Perform specific analysis on data collected in the network. Eg. –determining top N hosts that generate the most traffic

Multiple managers: Reasons to support multiple managers is to improve reliability perform different functionality provide management capability to different units within an organisation Concurrency

8/8/2019 02-SNMP


53

RMON Groups

STATISTICS

HISTORY

HOST

HOST TOP N

TRAFFIC MATRIX

ALARMS

FILTERS

PACKET CAPTURE

EVENTS

8/8/2019 02-SNMP


54

Statistics Group KEEPS STATISTICS PER ETHERNET SEGMENT:

PACKETS OCTETS BROADCASTS MULTICASTS COLLISIONS ERRORS

KEEPS TRACK OF PACKET SIZE DISTRIBUTION: 65 - 127 OCTETS 128 - 255 OCTETS 256 - 511 OCTETS 512 - 1023 OCTETS 1024 - 1518 OCTETS

jabber CRC or

alignment

errors

fragmentsBAD FCS

ERRORS

oversizeGOOD!undersizeWELL-FORMED

PACKETS

>1518

bytes64 to 1518< 64 Bytes

8/8/2019 02-SNMP


55

History Group Records periodic statistical samples from

information available in the statistics group historyControlTable etherHistoryTable

USES A CIRCULAR BUFFER BUCKETS – sampling interval SIZE MAY BE SET BY MANAGER

MANAGER MAY SET: THE ETHERNET SEGMENTS (INTERFACES) SAMPLING INTERVAL

Host/Matrix/hostTopN Group Consists of 1 control table and 1 or more data tables

8/8/2019 02-SNMP


56

Alarm Group

Absolute or delta values

Hysteresis mechanism

TRIGGERS ON: RISING ALARM FALLING ALARM RISING OR FALLING ALARM

900

800

700

600

500

400

300

200

100

RISING TRESHOLD

FALLING TRESHOLD

NOTIFICATION

NOTIFICATION

NOTIFICATION

8/8/2019 02-SNMP


57

Other Groups

FILTER GROUP TO COUNT PACKETS THAT CARRY A SPECIFIC BIT-PATTERN – CHANNELS

PACKET CAPTURE GROUP TO STORE SPECIFIC PACKETS

EVENT GROUP TO DEFINE THE VARIOUS EVENTS TO DETERMINE ON LOGGING AND / OR TRANSMISSION OF TRAPS

S ( C )

8/8/2019 02-SNMP


58

SNMPv2 (Major Changes) Enhancements to SMI

New data types

Protocol enhancements: Performance - GetBulk-Request Better handling/reporting of error conditions

Manager-to-manager capability

Administrative models SNMPv2c – communities SNMPv2u - user-based

SNMPv3

8/8/2019 02-SNMP


59

SMI Scalar Data Types

8/8/2019 02-SNMP


60

SNMPv2 Protocol Operations

8/8/2019 02-SNMP


61

GetBulk Operation

For efficient retrieval of many VarBinds

getBulk REQUEST HAS TWO ADDITIONAL PARAMETERS: non-repeators max-repetitions

THE FIRST N ELEMENTS (non-repeators) OF THE VARBIND LIST ARETREATED AS IF THE OPERATION WAS A NORMAL getnextOPERATION

THE NEXT ELEMENTS OF THE VARBIND LIST ARE TREATED AS IFTHE OPERATION CONSISTED OF A NUMBER (max-repetitions) OFREPEATED getnext OPERATIONS

8/8/2019 02-SNMP


62

GetBulk Operation (cont…)

REQUEST(non-repeaters = N; max-repetitions = M;

VariableBinding-1; ... ; VariableBinding-N; VariableBinding-(N+1); ... ; VariableBinding-(N+R)

RESPONSE(

)

VariableBinding-1; ... ; VariableBinding-N; VariableBinding-(N+1); ... ; VariableBinding-(N+R)

VariableBinding-(N+1); ... ; VariableBinding-(N+R)

VariableBinding-(N+1); ... ; VariableBinding-(N+R)

...VariableBinding-(N+1); ... ; VariableBinding-(N+R)

)

1st LEXICOGRAPHICAL SUCCESSOR

2 nd LEXICOGRAPHICAL SUCCESSOR

3th LEXICOGRAPHICAL SUCCESSOR

M th LEXICOGRAPHICAL SUCCESSOR

N-TIMES

M-TIMES

• Overshoot problem - GetBulk does not stop when it reaches the end of a table

• Still suffers from problem with sparse tables

8/8/2019 02-SNMP


63

GetBulk Operation (Example) getBulk(max-repetitions = 4; 1.1) response(

1.1.0 => 130.89.16.2

1.2.1.0 => printer-1

1.2.2.0 => 123456 1.3.1.1.2.1 => 2 )

getBulk( non-repeaters = 1; max-repetitions = 3; 1.1, 1.3.1.1;1.3.1.2; 1.3.1.3)

response(1.2.1 => 8;

1.3.1.1.2.1 => 2 ; 1.3.1.2.2.1 => 1; 1.3.1.3.2.1 => 2

1.3.1.1.3.1 => 3; 1.3.1.2.3.1 => 1; 1.3.1.3.3.1 => 3

1.3.1.1.5.1 => 5 ; 1.3.1.2.5.1 => 1; 1.3.1.3.5.1 => 2

)

R di

8/8/2019 02-SNMP


64

Reading

Network Management: A Practical Perspective Chapter 8 - SNMP

Chapter 10 - MIB-II

Chapter 11 - RMON

Unit Resources webpage Siamwalla, R., Sharma, R. and Keshav, S., Discovering Internet

Topology. 1999

RFC 1155 (SMI) and RFC 1157 (SNMPv1)

RFC 1213 (MIB-II)

RFC 1757 (RMON)

SNMP 2 S t O ti

8/8/2019 02-SNMP


65

SNMPv2 Set Operation

CONCEPTUAL TWO PHASE COMMIT: PHASE 1: PERFORM VARIOUS CHECKS PHASE 2: PERFORM THE ACTUAL SET

wrongValue

wrongEncoding

wrongType

wrongLength

inconsistentValue

noAccess

notWritable

noCreationinconsistentName

resourceUnavailable

genErr

CommitFailed

undoFailed

badValue

badValue

badValue

badValue

badValue

noSuchName

noSuchName

noSuchName

noSuchName

genErr

genErr

genErr

genErr

SNMPv1 SNMPv2

PHASE 1:

PHASE 2:

8/8/2019 02-SNMP


66

SNMPv2 Get Operation

SIMILAR TO SNMPv1, EXCEPT FOR "EXCEPTIONS"

POSSIBLE EXCEPTIONS:

noSuchObject noSuchInstance

EXCEPTIONS ARE CODED WITHIN THE VARBINDS

EXCEPTIONS DO NOT RAISE ERROR STATUS ANDINDEX

8/8/2019 02-SNMP


67

Inform Operation

Inform

CONFIRMED TRAP

ORIGINALLY TO INFORM A HIGHERLEVEL MANAGER

SAME FORMAT AS TRAP PDU

POSSIBLE ERROR: tooBig

8/8/2019 02-SNMP


68

SNMPv2 GetNext Operation

SIMILAR TO SNMPv1, EXCEPT FOR"EXCEPTIONS"

POSSIBLE EXCEPTIONS: endOfMibView

EXAMPLE getNext(1.4.0) response(error-status => noError, 1.4.0 =>

endOfMibView)

8/8/2019 02-SNMP


SNMPv2 Trap Operation

SNMPv1: COLD START WARM START LINK DOWN LINK UP AUTHETICATION FAILURE EGP NEIGHBOR LOSS

SNMPv2: MIBs MAY NOW INCLUDE NOTIFICATION TYPE MACROS FIRST TWO VARBINDS: sysUptime AND snmpTrapOID USES SAME FORMAT AS OTHER PDUs