Upload
aquacure
View
234
Download
0
Embed Size (px)
Citation preview
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 1/69
1
Copyright Warning
COMMONWEALTH OF AUSTRALIA
Copyright Regulation 1969
WARNING
This material has been copied and communicated to you by or onbehalf of Curtin University of Technology pursuant to Part VB
of the Copyright Act 1968 (the Act)
The material in this communication may be subject to copyright
under the Act. Any further copying or communication of this
material by you may be the subject of copyright protection underthe Act.
Do not remove this notice
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 2/69
2
Network Systems
Design 304
Simple Network Management
Protocol
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 3/69
3
Overview
Background (History)
SNMPv1 Structure of Management Information
Architecture/Protocol
Management Information Bases (MIBs)MIB-II
RMON
SNMPv2
Summary
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 4/69
4
Historic Background
Prior to 1988, the only standardised management protocol for TCP/IPnetworks was the Internet Control Message Protocol (ICMP)
In 1988, development of three network management protocols was beingpursued: Common Management Information Services and Protocol over TCP (CMOT)
High-level Entity Management System (HEMS) Simple Gateway Monitoring Protocol (SGMP) RFC 1052 - IAB Recommendations for the Development of Internet Network
Management Standards
Goals:
Minimise complexity of management functions Flexible, extensible Independent of the architecture and mechanisms of particular hosts and
gateways
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 5/69
5
Related IETF Documents
RFC 1155 – Structure of Management Information
(SMI)
RFC 1157 – SNMPv1 protocol operations
RFC 1212 – Defines structure and syntax of MIBs
RFC 1213 – MIB-II (core management information)
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 6/69
6
SNMP Architecture & Model
Organisation Components, functions, relationships
Information
Structure and organisation of information Management Information Base
Communication Transfer syntax/structure (PDUs) administration
Functional Configuration, Performance, Fault, Security, Accounting No formal specifications
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 7/69
7
SNMPv1 (Organisation)
Directly derived from SGMP
SNMP Entities Manager (client) – Initialisation, monitoring and control
Houses applications
Agent (server) – Receive, process and respond to requests andgenerate event reports Management Information Base (MIB)
Hierarchical architecture 2-tier (Inherently centralised)
1 manager, multiple agents
Multiple managers, multiple agents
3-tier - RMON
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 8/69
8
Information Model (SMI)
Management information within managedsystems must be represented as:
ScalarsTables
The SNMP protocol can only exchange (alist of) scalars
Defined in terms of ASN.1 constructs.
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 9/69
9
Information Model (Management
Information Bases) A MIB is a precise definition of the information accessible through a network
management protocol Defined using the Abstract Syntax Notion 1 (ASN.1) language (next week’s
lecture).
MIBs follow a structured tree-like hierarchical naming convention. Root node SMI (defined in RFC 1155) All nodes in a MIB are uniquely identified through Object Identifiers (OIDs) A leaf node in a MIB defines an object class that can be instantiated:
Variable or Object Instance
A MIB can extend/import a parent MIB/Specification (e.g. MIB-II –transmission, SMI)
Example MIBs: Remote Network Monitoring MIB (RMON) – RFC 1757 MIB-II – RFC 1213
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 10/69
10
Object Identifiers An OID is an ordered sequence of
non-negative integers, written fromleft to right
A rooted tree is often used toillustrate the numbers in the
sequences that correspond to OIDvalues E.g. objectA is { 1.2.1.1 }
Object Instances/Variables
The identity for a variable is based on theidentity of its class and its identificationwithin its class
OID prefix + OID suffix = OID value
OIDs in a MIB are lexicographicallyordered
Root
Node (1) Node (2)
Node (1) Node (2)
Object (1) Object (2)
NodeA (1)
ObjectA (1)
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 11/69
11
MIB Tree Traversal The lexicographical ordering of the
MIB tree allows you to discover,without prior knowledge of itsstructure, all the object identifiersthat a given network device cansupport.
The lexicographical order of thisMIB is: 1 1.1
1.1.1 1.2 1.2.1 1.2.1.1 1.2.2
2
Root
Node (1) Node (2)
Node (1) Node (2)
Object (1) Object (2)
NodeA (1)
ObjectA (1)
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 12/69
12
Communication Model
Architecture Operations between managers and agents (message format specified in ASN.1) Communication semantics Message Exchange
Connectionless Stateless
Supports polling and interrupt-driven (traps) communications. Agent port - UDP port 161 Trap daemon port – UDP port 162
Administrative Model Use the concept of communities
Only members of the same community can communicate with each other Community Profile:
SNMP MIB View – agent programmed only to view a subset of managed objects of anetwork element
SNMP Access Mode – Each community name is assigned an access mode: read-onlyand read-write
Community Profile = MIB view + access mode
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 13/69
13
Administrative Model (cont…)
Authentication in SNMPv1 is facilitated through the community string in anSNMP PDU Community strings are analogous to passwords. No concept of multiple users in SNMPv1 The default community string is “public”
The community string is sent in cleartext!!!
Manager 1(Community 1)
Agent 1Community Profile 1
Agent 2Community Profile 2
Community 1
Manager 1(Community 1, Community 2)
Agent 3Community Profile 3
Agent 4Community Profile 4
Community 2
Manager 3
(Community 2)
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 14/69
14
SNMP Operations
Set-Request Initialises or changes the value of
network element
Get-Request Sent by manager requesting data fromagent
Get-Next-Request Sent by manager requesting data on the
next managed object to the one specified
Get-Response Agent responds with data to get and set
requests from he manager
Trap Alarm generated by agent
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 15/69
15
SNMP Message Format
SNMP PDU
Tag Len Value: sequence of fieldsAdministrative
fields
Tag Len Value: sequence of fieldsSNMP
Message
Version CommunityPDUType
VarBindList
Fields of anSNMP
message
Control fields Value: sequence of VarBindsTag LenFields of an
SNMP PDU
Tag Len Value: pair of fieldsArray of
VarBinds
VarBind
Tag Len Value: pair of fields
VarBind
Tag LenValue: identification of
management informationTag Len
Value: value of management information
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 16/69
16
Sending/Receiving a Request The top level actions for a manager to send a request
message are as follows:1. Appropriate PDU is constructed based on the VarbindList and the
operation type
2. The PDU, security information and agent identity are input to a securitymechanism to apply authentication and encryption to the PDU
3. The result from the security mechanism and the community string are
used to generate an SNMPv1 message4. The message is then serialised and sent using a transport service to
the specified SNMP agent
The top level actions for an agent to receive a requestmessage are as follows:
1. Incoming message is de-serialised to construct an ASN.1 message2. Version number is verified
3. The community name, security information and the data found in theSNMPv1 message are input to a security mechanism – Conceptuallyin SNMPv1
4. The agent then performs a rudimentary parse of the ASN.1 object
returned from the security service to build an ASN.1 objectcorresponding to an SNMPv1 PDU object
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 17/69
17
Sending/Receiving a Response The top level actions for an agent to send a response
message are as follows:1. It first constructs a GET-RESPONSE PDU using as input, the saved
request-id value and the values for error-status, error-index andVarBindList returned from processing the request.
2. The PDU, security information and agent identity are input to a securitymechanism.
The result is just the original PDU in SNMPv13. The result from the security mechanism and the community string are
used to generate an SNMPv1 message
4. The message is serialised and then sent to the manger address fromthe request.
The top level actions for a manager to receive a responsemessage are as follows:
1. Incoming message is de-serialised.
2. PDU version is verified.
3. The community name, security information and the data found in theSNMPv1 message are input in the security mechanism.
4. The ASN.1 object is parsed.
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 18/69
18
SNMPv1 GET Request Processing
Retrieves the value of one or more instances of management information.
Each VarBind element of array VarBindList specifies theidentify of an instance of management information.
Request
IDName X Value XError Status ...Error IndexGet-Request
RequestID
Name X Value XError Status ...Error IndexGet-Response
Copy value Copy value
Not used Not used Not used
Set to zero Set to zero Current Value
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 19/69
19
SNMPv1 GET Request Processing
On error, one of the following values is retuned in theerror-status field: tooBig
noSuchName genErr
RequestID Name X Value XError Status ...Error IndexGet-Request
RequestID
Name X Value XError Status ...Error IndexGet-Response
Copy value Copy value
Not used Not used Not used
Set to error Set to zero
or index Copy Value
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 20/69
20
SNMPv1 GETNEXT Request Processing
Request
IDName X Value XError Status ...Error Index
GetNext-Request
Request
IDName X Value XError Status ...Error IndexGet-Response
Copy value Determine next
Not used Not used Not used
Set to zero Set to zero Current Value
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 21/69
21
Example - SNMP MIB Walk
Get-Request: ipRouteDest.1
Get-Response: ipRouteDest.1 = 0.0.0.0
NetworkManagement
Station
Time
Agent
Time
0.0.0.0
15.0.0.0
131.108.0.0
129.140.0.0
ipRouteDest
ipRouteDest.1
ipRouteDest.2
ipRouteDest.3
ipRouteDest.4
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 22/69
22
Example - SNMP MIB Walk
Get-Next-Request ipRouteDest.1
Get-Response: ipRouteDest.2 = 15.0.0.0
Get-Request: ipRouteDest.1
Get-Response: ipRouteDest.1 = 0.0.0.0
NetworkManagement
Station
Time
Agent
Time
0.0.0.0
15.0.0.0
131.108.0.0
129.140.0.0
ipRouteDest
ipRouteDest.1
ipRouteDest.2
ipRouteDest.3
ipRouteDest.4
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 23/69
23
Example - SNMP MIB Walk
Get-Next-Request ipRouteDest.2
Get-Response: ipRouteDest.3 = 131.108.0.0
Get-Next-Request ipRouteDest.1
Get-Response: ipRouteDest.2 = 15.0.0.0
Get-Request: ipRouteDest.1
Get-Response: ipRouteDest.1 = 0.0.0.0
NetworkManagement
Station
Time
Agent
Time
0.0.0.0
15.0.0.0
131.108.0.0
129.140.0.0
ipRouteDest
ipRouteDest.1
ipRouteDest.2
ipRouteDest.3
ipRouteDest.4
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 24/69
24
Example - SNMP MIB Walk
Get-Next-Request ipRouteDest.2
Get-Response: ipRouteDest.3 = 131.108.0.0
Get-Next-Request ipRouteDest.3
Get-Response: ipRouteDest.4 = 129.140.0.0
Get-Next-Request ipRouteDest.1
Get-Response: ipRouteDest.2 = 15.0.0.0
Get-Request: ipRouteDest.1
Get-Response: ipRouteDest.1 = 0.0.0.0
NetworkManagement
Station
Time
Agent
Time
0.0.0.0
15.0.0.0
131.108.0.0
129.140.0.0
ipRouteDest
ipRouteDest.1
ipRouteDest.2
ipRouteDest.3
ipRouteDest.4
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 25/69
25
Example - SNMP MIB Walk
Get-Next-Request ipRouteDest.2
Get-Response: ipRouteDest.3 = 131.108.0.0
Get-Next-Request ipRouteDest.4
Get-Response: error (NoSuchName)
Get-Next-Request ipRouteDest.3
Get-Response: ipRouteDest.4 = 129.140.0.0
Get-Next-Request ipRouteDest.1
Get-Response: ipRouteDest.2 = 15.0.0.0
Get-Request: ipRouteDest.1
Get-Response: ipRouteDest.1 = 0.0.0.0
NetworkManagement
Station
Time
Agent
Time
0.0.0.0
15.0.0.0
131.108.0.0
129.140.0.0
ipRouteDest
ipRouteDest.1
ipRouteDest.2
ipRouteDest.3
ipRouteDest.4
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 26/69
26
Example Table Retrieval
xyzC1 xyzC2 xyzC3 xyzC4
xyzEntry
xyzTable
Row index 1Row index 3Row index 6
stu
stuS1 stuS2 stuS3
xyzC1 xyzC2 xyzC3 xyzC4index
1
3
6
GETNEXT(xyzC1, xyzC2, xyzC3, xyzC4)RESPONSE(xyzC1.1, xyzC2.1, xyzC3.1, xyzC4.1)GETNEXT(xyzC1.1, xyzC2.1, xyzC3.1, xyzC4.1)RESPONSE(xyzC1.3, xyzC2.3, xyzC3.3, xyzC4.3)GETNEXT(xyzC1.3, xyzC2.3, xyzC3.3, xyzC4.3)RESPONSE(xyzC1.6, xyzC2.6, xyzC3.6, xyzC4.6)
GETNEXT(xyzC1.6, xyzC2.6, xyzC3.6, xyzC4.6)RESPONSE(xyzC2.1, xyzC3.1, xyzC4.1, stuS1)
stuS1
GETNEXT
row retrieval
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 27/69
27
Sparse Tables It is possible that not all columns in a table have an instance in a row
GETNEXT operations skip over the non-existing instances in the table
Manager has to perform additional checking
xyzC1 xyzC2 xyzC3 xyzC4
xyzEntry
xyzTable
Row index 1Row index 3Row index 6
GETNEXTrow retrieval
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 28/69
28
SNMPv1 SET Request Processing Modifies the value of one or more instances of management information
Also creates new instances and delete existing instances of managementinformation
Operation either completely succeeds or completely fails
In snmpv1, there are 3 types of error messages that can be returned: noSuchName badValue genErr
Request
ID Name X Value XError Status ...Error IndexSet-Request
RequestID
Name X Value XError Status ...Error IndexGet-Response
Copy value Copy value
Not used Not used
Set to zeroor error
Set to zeroor index Copy value
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 29/69
29
Example – Row Creation
xyzC1 xyzC2 xyzC3 xyzC4
xyzEntry
xyzTable
SET ((xyzC2.4, 2), (xyzC3.4,45))
2 45
Row index 1Row index 2Row index 3
Row index 4
Row index 5Row index 6
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 30/69
30
SNMP Traps An unsolicited message an SNMP agent sends to the
manager. Manager is responsible for configuring the trap on the agent Used to reduce the length of time between when an event occurs
and when it is noticed by the manager
No response is expected
MIB-II defines 7 types of traps: Coldstart of a system Warmstart of a system
Link Down Link Up Authentication Failure Exterior Gateway Protocol (EGP) neighbour loss Enterprise Specific
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 31/69
31
Use of Events Agents provide the specified data only when
request by managers. The periodic gathering of data is called polling
Amount of time between an event and amanager realising that an event has occurredis called the event detection latency
Another model of management is based onagents in managed systems sending data toconfigured managers Traps (Pushing) However, during a communication failure, an
event report would never reach a manager
The snmp solution to this dilemma is calledtrap directed polling
Can reduce polling latency but may consumeadditional resources
Manager Agent
Pulling data
Manager Agent
Pushing data
timeEvent occurs
Event realised
Event
detection
latency
timeEvent occurs
Event detection
latency
minimised
Manager
polls
Manager
polls
Manager
polls
Manager
polls
Manager
polls
Manager
pollsManager
polls
earlier
than
normal
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 32/69
32
Event Triggering
There are 2 models for decidingwhen events occur:
Edge triggered events: occurs when a monitored value
first enters a range
monitored value must then enter a potentially different rangebefore the event may occur again – rearming the trigger
Level triggered events: occurs when a monitored value is
inside a range at the start of eachperiodic time interval
Rearm
threshold
Monitored value
Event
threshold
event rearm event rearm
Monitored value
Event
level
events
time
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 33/69
33
SNMPv1 Limitations LIMITED ERROR CODES
LIMITED DATA TYPES Reduction in complexity of SNMP has resulted in some increase in complexity of
MIB understanding and design
LIMITED TRAP NOTIFICATIONS
LIMITED PERFORMANCE Inefficient for large retrievals. (e.g. retrieving entire MIB or tables)
E.g. 2000 entry table with 4 columns 200ms RTT
Using GETNEXT-Requests: 2000 X 4 X 2 = 16000 packets or 2000 X 4 X .2 = 1600seconds!!!
IDLE-RQ like performance
LACK OF HIERARCHIES Inherently centralised
LACK OF SECURITY Community Strings
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 35/69
35
SMI (RFC1155) Defined Data Types Integer – Signed 32 bit integer.
Enumerated Integer Octet String – String of bytes Object Identifier NetworkAddress – An address from one of possibly
several protocol families IpAddress – 32 bit IP address Gauge – Nonnegative integer from 0 to 232 – 1, which
may increase or decrease
Counter – Nonnegative monotonically increasinginteger from 0 to 232 – 1
Timeticks – Non-negative integer which counts time inhundredths of a second
Opaque – Arbitrary syntax
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 36/69
36
Gauge Used to specify a value whose range includes only non-
negative 32bit integers
RFC 1155 – this application-wide type represents a non-
negative integer, which may increase or decrease, but which latches at a maximum value
Max in
range
Min in
range
Time
Dashed line is the actual value
Solid line is value reported by gauge type
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 37/69
37
Counter Use to specify a non-negative value
whose range includes only positive32-bit integers
Values reported by counters are notabsolute, since the count is notrequired to start at 0 and the count
may roll over
Counters are used by obtaining avalue v0 at to and then later obtaininga value v1 at t1 Difference between v0 and v1 is the
count over the time period Counter rollover can be detected iff v0
> v1
A periodic sampling of counter valuesmay be converted into a rate value:
if (vi > vi-1) then r i = (vi – vi-1) / T
else r i = ((Cmax – (vi-1 – vi) + 1) / T
232 - 1
0
Time
Maximumvalue
Starting value
is undefined
Counter rollover
and start at 0
232 - 1
0
Time
Computed rate
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 38/69
38
Other Types
Timeticks - used to specify a non-negative value whoserange includes only non-negative integers Units are in hundredths of seconds
Length of time between rollovers is 497 days Network Address – used to specify a string a 4 octets
Currently used to store IPv4 addresses
Was designed to allow a network address of any type to bespecified
Obsolete – use IpAddress Opaque – used to specify octets of binary information
Generic type
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 39/69
39
SMI Tree
RFC 1155 defines top of theadministrative domain managedby the IETF:
1.3.6.1 Directory - reserved for use with a
future memo that discusses howthe OSI Directory may be used inthe Internet
Mgmt – area for items defined in
standards track documents. Experimental – area for IETF
experimental items
Private – area for delegation of subtrees to enterprises, that is,anyone who asks for an enterprisenumber
iso (1) Joint-iso-ccitt (2)
org (3)
dod (6)
internet (1)
ccitt (0)
directory (1) mgmt (2)
mib (1)
experimental (3) private (4)
enterprise (1)
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 40/69
40
MIB II MIB-II defines 11 separate groups:
system (1) interfaces (2) address translation (3) IP (4)
ICMP (5) tcp (6) udp (7) egp (8) cmot (9) CMIS over TCP (for historic reasons only) transmission (10) snmp (11)
RFC1213 defines 2 additional data types DisplayString
PhysAddress
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 41/69
41
System Group
Contains data pertaining to the system where the agent isresiding in
Fault management objects:
SysObjectID – System Manufacturer sysServices – Protocol layers that device services – using formula
2(L-1)
e.g. host that runs transport + application layer services 2(4-1) + 2(7-1) = 72
sysUptime – Amount of time system has been operational
Configuration management objects: sysDescr – Description of the system sysLocation – System’s physical location sysContact – System’s name
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 42/69
42
Interfaces Group
The interfaces group provides information pertaining toeach specific network interface (ifTable)
Useful for configuration, performance, fault and accounting
management
ifNumber - number of interfaces
ifTable example:
ifIndex ifDescr ifOperStatus ifInUPackets ifSpeed
0 DEC Ethernet 1 1 8169 8000000
1 SUN Ethernet 1 2 16184 100000
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 43/69
43
Interfaces Group (cont…)
Example – Determining utilisation
Total bytes = (ifInOctectsy – ifInOctectsx) +
(ifOutOctectsy – ifOutOctectsx)
Total bytes per sec = Total bytes / (y-x)
Utilisation = (total bytes per sec* 8) / ifSpeed
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 44/69
44
IP Group
Provides information about the IP layer in a systemsnetwork protocol stack Information pertaining to errors and types of packets seen.
Routing table (i.e. ipRouteTable)
Configuration/Fault management objects ipForwarding – If device is set up to route IP packets
ipAddrTable – Addresses on the device
ipRouteTable – Routing table
Performance management objects
ipInDiscards – Rate of input datagrams discarded ipInHdrErrors – Rate of input header errors
ipInAddrErrors – Rate of input address errors
Accounting management objects ipOutRequests – Number of IP datagrams sent
ipInDelivers – Number of IP datagrams received
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 45/69
45
ICMP Group
Provides information pertaining to systems ICMP
entity
icmpInRedirects – rate of redirect messages received
icmpOutDestUnreachs – rate of destination
unreachable errors sent.
icmpInSrcQuenchs – input rate of source quench
messages
icmpOutEchos – rate of output echo messages
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 46/69
46
TCP Group TCP – The Transmission Control Protocol (TCP) provides reliable transport services
between applications (UDP is the unreliable transport service used in IP)
Configuration management objects: tcpRtoAlgorithm – Retransmission algorithm tcpConnTable – Connection table (i.e. netstat).
Performance management objects:
tcpAttemptFails – Number of failed attempts to make a connection tcpEstabResets – Number of resets in established connections
Accounting management objects: tcpActiveOpens – Number of times this system has opened a connection tcpInSegs – Number of TCP segments received
Security management objects: tcpConnTable – Connection table (i.e. netstat)
The User Datagram Protocol (UDP) group provides similar information. (e.g.udpTable)
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 47/69
47
EGP Group
EGP (RFC 904) is a protocol that tests for the reachability of IP networks. An IP network can be divided into networks of
autonomous systems
egpNeighTable
Fault management objects: egpNeighState – state of egp neighbour
(up,down)
Configuration management objects egpIntervalHello – hello message interval.
egpAs – local egp autonomous system.
Managing Host PC 1 PC 2
Printer 2
Wide AreaNetwork
PC 3
Network Drive 1
Server 1
Server 2
Router 3
Router 1Printer 1
Network Drive 2
Router 2
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 48/69
48
Transmission Group
Reserved for information pertaining tospecific media underlying the interfaces of
a system
Various RFCs:RFC 1512 FDDI
RFC 1493 Bridge
RFC 1743 Token Ring
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 49/69
49
SNMP Group Management protocols also need to be managed!!!
Useful to all 5 areas of network management
Fault management objects: snmpInASNParseErrrors – Number of malformed SNMP messages snmpInNoSuchNames – Number of requests to invalid objects
Configuration management objects: EnableAuthenTraps – Enables entity to send traps when authentication errors
occur
Performance/Accounting management objects:
snmpInPkts – Rate of SNMP packets input snmpInTraps – Rate of traps input
Security management objects: snmpInBadCommunityNames – Number of authentication failures snmpInBadCommunityUses – Number of requests without sufficient privileges
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 50/69
50
Topology Discovery Revisited
1. temporarySet = get_default_router()
2. foreach router in temporarySet do
a. ping(this_router)b. if (this_router is alive) then
permanentSet = permanentSet + this_router
c. hostList = SNMP_GetArpTable(this_router)
d. permanentSet = permanentSet + hostList
e. routerList = SNMP_GetIpRouteTable(router)
f. permanentSet = permanentSet + routerList
g. temporarySet = temporarySet + routerList
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 51/69
51
Remote Monitoring (RMON)
Goal - A remote monitoring device to help perform management
on a network segment while reducing on agents andmanagement stations
RMON1 (RFC 1757 - DRAFT) - Ethernet TOKEN RING EXTENSIONS TO RMON (RFC 1513 - PROPOSED)
RMON2 (RFC 2021 - PROPOSED)
E
THERNET
MANAGER
RMON
WAN
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 52/69
52
Objectives Off-line operation: Limit or halt routine polling of a monitor by a network manager
Performance reasons
May cease if there is a communications failure Probe continues to accumulate statistics that may be retrieved at a later time
Proactive monitoring: Probe can continuously run diagnostics and log networkperformance In the event of failures, probe may notify managers and provide useful diagnostics
Problem detection and reporting: Active probing of consumption of resources on thenetwork to check for error and exceptional conditions
Value-added data: Perform specific analysis on data collected in the network. Eg. –determining top N hosts that generate the most traffic
Multiple managers: Reasons to support multiple managers is to improve reliability perform different functionality provide management capability to different units within an organisation Concurrency
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 53/69
53
RMON Groups
STATISTICS
HISTORY
HOST
HOST TOP N
TRAFFIC MATRIX
ALARMS
FILTERS
PACKET CAPTURE
EVENTS
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 54/69
54
Statistics Group KEEPS STATISTICS PER ETHERNET SEGMENT:
PACKETS OCTETS BROADCASTS MULTICASTS COLLISIONS ERRORS
KEEPS TRACK OF PACKET SIZE DISTRIBUTION: 65 - 127 OCTETS 128 - 255 OCTETS 256 - 511 OCTETS 512 - 1023 OCTETS 1024 - 1518 OCTETS
jabber CRC or
alignment
errors
fragmentsBAD FCS
ERRORS
oversizeGOOD!undersizeWELL-FORMED
PACKETS
>1518
bytes64 to 1518< 64 Bytes
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 55/69
55
History Group Records periodic statistical samples from
information available in the statistics group historyControlTable etherHistoryTable
USES A CIRCULAR BUFFER BUCKETS – sampling interval SIZE MAY BE SET BY MANAGER
MANAGER MAY SET: THE ETHERNET SEGMENTS (INTERFACES) SAMPLING INTERVAL
Host/Matrix/hostTopN Group Consists of 1 control table and 1 or more data tables
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 56/69
56
Alarm Group
Absolute or delta values
Hysteresis mechanism
TRIGGERS ON: RISING ALARM FALLING ALARM RISING OR FALLING ALARM
900
800
700
600
500
400
300
200
100
RISING TRESHOLD
FALLING TRESHOLD
NOTIFICATION
NOTIFICATION
NOTIFICATION
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 57/69
57
Other Groups
FILTER GROUP TO COUNT PACKETS THAT CARRY A SPECIFIC BIT-PATTERN – CHANNELS
PACKET CAPTURE GROUP TO STORE SPECIFIC PACKETS
EVENT GROUP TO DEFINE THE VARIOUS EVENTS TO DETERMINE ON LOGGING AND / OR TRANSMISSION OF TRAPS
S ( C )
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 58/69
58
SNMPv2 (Major Changes) Enhancements to SMI
New data types
Protocol enhancements: Performance - GetBulk-Request Better handling/reporting of error conditions
Manager-to-manager capability
Administrative models SNMPv2c – communities SNMPv2u - user-based
SNMPv3
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 61/69
61
GetBulk Operation
For efficient retrieval of many VarBinds
getBulk REQUEST HAS TWO ADDITIONAL PARAMETERS: non-repeators max-repetitions
THE FIRST N ELEMENTS (non-repeators) OF THE VARBIND LIST ARETREATED AS IF THE OPERATION WAS A NORMAL getnextOPERATION
THE NEXT ELEMENTS OF THE VARBIND LIST ARE TREATED AS IFTHE OPERATION CONSISTED OF A NUMBER (max-repetitions) OFREPEATED getnext OPERATIONS
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 62/69
62
GetBulk Operation (cont…)
REQUEST(non-repeaters = N; max-repetitions = M;
VariableBinding-1; ... ; VariableBinding-N; VariableBinding-(N+1); ... ; VariableBinding-(N+R)
RESPONSE(
)
VariableBinding-1; ... ; VariableBinding-N; VariableBinding-(N+1); ... ; VariableBinding-(N+R)
VariableBinding-(N+1); ... ; VariableBinding-(N+R)
VariableBinding-(N+1); ... ; VariableBinding-(N+R)
...VariableBinding-(N+1); ... ; VariableBinding-(N+R)
)
1st LEXICOGRAPHICAL SUCCESSOR
2 nd LEXICOGRAPHICAL SUCCESSOR
3th LEXICOGRAPHICAL SUCCESSOR
M th LEXICOGRAPHICAL SUCCESSOR
N-TIMES
M-TIMES
• Overshoot problem - GetBulk does not stop when it reaches the end of a table
• Still suffers from problem with sparse tables
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 63/69
63
GetBulk Operation (Example) getBulk(max-repetitions = 4; 1.1) response(
1.1.0 => 130.89.16.2
1.2.1.0 => printer-1
1.2.2.0 => 123456 1.3.1.1.2.1 => 2 )
getBulk( non-repeaters = 1; max-repetitions = 3; 1.1, 1.3.1.1;1.3.1.2; 1.3.1.3)
response(1.2.1 => 8;
1.3.1.1.2.1 => 2 ; 1.3.1.2.2.1 => 1; 1.3.1.3.2.1 => 2
1.3.1.1.3.1 => 3; 1.3.1.2.3.1 => 1; 1.3.1.3.3.1 => 3
1.3.1.1.5.1 => 5 ; 1.3.1.2.5.1 => 1; 1.3.1.3.5.1 => 2
)
R di
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 64/69
64
Reading
Network Management: A Practical Perspective Chapter 8 - SNMP
Chapter 10 - MIB-II
Chapter 11 - RMON
Unit Resources webpage Siamwalla, R., Sharma, R. and Keshav, S., Discovering Internet
Topology. 1999
RFC 1155 (SMI) and RFC 1157 (SNMPv1)
RFC 1213 (MIB-II)
RFC 1757 (RMON)
SNMP 2 S t O ti
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 65/69
65
SNMPv2 Set Operation
CONCEPTUAL TWO PHASE COMMIT: PHASE 1: PERFORM VARIOUS CHECKS PHASE 2: PERFORM THE ACTUAL SET
wrongValue
wrongEncoding
wrongType
wrongLength
inconsistentValue
noAccess
notWritable
noCreationinconsistentName
resourceUnavailable
genErr
CommitFailed
undoFailed
badValue
badValue
badValue
badValue
badValue
noSuchName
noSuchName
noSuchName
noSuchName
genErr
genErr
genErr
genErr
SNMPv1 SNMPv2
PHASE 1:
PHASE 2:
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 66/69
66
SNMPv2 Get Operation
SIMILAR TO SNMPv1, EXCEPT FOR "EXCEPTIONS"
POSSIBLE EXCEPTIONS:
noSuchObject noSuchInstance
EXCEPTIONS ARE CODED WITHIN THE VARBINDS
EXCEPTIONS DO NOT RAISE ERROR STATUS ANDINDEX
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 67/69
67
Inform Operation
Inform
CONFIRMED TRAP
ORIGINALLY TO INFORM A HIGHERLEVEL MANAGER
SAME FORMAT AS TRAP PDU
POSSIBLE ERROR: tooBig
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 68/69
68
SNMPv2 GetNext Operation
SIMILAR TO SNMPv1, EXCEPT FOR"EXCEPTIONS"
POSSIBLE EXCEPTIONS: endOfMibView
EXAMPLE getNext(1.4.0) response(error-status => noError, 1.4.0 =>
endOfMibView)
8/8/2019 02-SNMP
http://slidepdf.com/reader/full/02-snmp 69/69
SNMPv2 Trap Operation
SNMPv1: COLD START WARM START LINK DOWN LINK UP AUTHETICATION FAILURE EGP NEIGHBOR LOSS
SNMPv2: MIBs MAY NOW INCLUDE NOTIFICATION TYPE MACROS FIRST TWO VARBINDS: sysUptime AND snmpTrapOID USES SAME FORMAT AS OTHER PDUs