NETWORK MANAGEMENT Principles, Objectives & Components مادة إدارة الشبكات السنة الخامسة - اختصاص نظم وشبكات By Dr. Moutasem SHAFA’AMRY

NETWORK MANAGEMENTNETWORK MANAGEMENTPrinciples, Objectives & Principles, Objectives & ComponentsComponents

الشبكات إدارة الشبكات مادة إدارة مادةوشبكات - نظم اختصاص الخامسة وشبكات - السنة نظم اختصاص الخامسة السنة

ByBy

Dr. Moutasem SHAFA’AMRYDr. Moutasem SHAFA’AMRY

شفاعمري . . دد شفاعمري معتصم معتصم2004-2005 (First Semester)2004-2005 (First Semester)

دمشق جامعةالمعلوماتية الهندسة كلية

والشبكات النظم قسمالحاسوبية

Damascus UniversityDamascus UniversityFaculty of Computer EngineeringFaculty of Computer EngineeringDept. Of Networks And OS.Dept. Of Networks And OS.

المنهاج مم المنهاج حاور حاورCourse OutlineCourse Outline


الشبكات إدارة نظم وأهمية الشبكات تعريف إدارة نظم وأهمية تعريف الشبكات إدارة نظم الشبكات مكونات إدارة نظم مكونات بروتوكوالت تطور عن تاريخية بروتوكوالت لمحة تطور عن تاريخية لمحة

الشبكات إدارة الشبكات نظم إدارة نظم البرتوكول البرتوكولSNMPv1SNMPv1

البنيةالبنية–األساسية – والوظائف اإلدارة األساسية نموذج والوظائف اإلدارة نموذجالبرتوكول – رزمة وتفاصيل البرتوكول محددات رزمة وتفاصيل محدداتالبيانات – قاعدة البيانات بنية قاعدة MIBMIBبنية

البرتوكول البرتوكولSNMPv2SNMPv2 البرتوكول البرتوكولSNMPv3SNMPv3 خصائص بين خصائص مقارنات بين SNMPv1,2,3SNMPv1,2,3مقارناتبعد برتوكولبرتوكول عن بعد اإلدارة عن RMON I &IIRMON I &II اإلدارة الوب عبر الوب اإلدارة عبر Web-based Web-basedاإلدارة

ManagementManagement

العلمية العلمية المراجع المراجعCourse ReferencesCourse References

العلمية العلمية المراجع المراجعCourse ReferencesCourse References

1. M.Subramanian, Network Management: Principles and, Practice, Addison-Wesley, 2000.

2. David Zeltserman, A Practical Guide to SNMPv3 and, Network Management, Prentice Hall, 1999

3.3. Simple Web SNMP TutorialsSimple Web SNMP Tutorials, University of Twente, University of Twente, , http://www.utwente.nl/http://www.utwente.nl/

4. Simple Network Network Management Protocol, tutorials by Dr. Andreas Steffen, ©2000-2002 Zürcher Hochschule Winterthur

5. ASN.1:Communication between Heterogeneous Systems, By Olivier Dubuisson, translated from French by Philippe Fouquarthttp://asn1.elibel.tm.fr/en/book/http://www.oss.com/asn1/booksintro.htmlJune 5, 2000

6. Hands-On SNMPv3 Tutorial & Demo Manual, http://www.NuDesignTeam.com

7. ASN.1 Complete, by, Prof John Larmouth, © OSS,31 May 1999

8. RFCs (Related)

DEFINITIONDEFINITIONالتعريفالتعريف DEFINITIONDEFINITIONالتعريفالتعريف

األدوات من مجموعة هو الشبكات إدارة األدوات نظام من مجموعة هو الشبكات إدارة نظامتأمين إلى تأمين تهدف إلى لوظائف لوظائف التحكمالتحكمو و المراقبةالمراقبةتهدف

تكون بحيث تكون الشبكة بحيث تأمين متكاملةمتكاملةالشبكة حيث تأمين من حيث مناالستخدام قوية،سهلة مشتركة عمل االستخدام واجهة قوية،سهلة مشتركة عمل واجهة

بأقل والمراقبة التحكم أوامر جميع بأقل توفر والمراقبة التحكم أوامر جميع توفرممكنة إضافية ممكنة تجهيزات إضافية تجهيزات

A NETWORK MANAGEMENT SYSTEM IS :A NETWORK MANAGEMENT SYSTEM IS :

COLLECTION OF TOOLS FOR MONITORING AND CONTROLING THE COLLECTION OF TOOLS FOR MONITORING AND CONTROLING THE NETWORK INTEGRATED IN THE FOLLOWING SENSES:NETWORK INTEGRATED IN THE FOLLOWING SENSES:

– SINGLE OPERATOR INTERFACE : POWERFUL , USER-SINGLE OPERATOR INTERFACE : POWERFUL , USER-FRIENDLY WITH COMMANDS PERFORMING MOST / ALL FRIENDLY WITH COMMANDS PERFORMING MOST / ALL NETWORK MANAGEMENT TASKS. NETWORK MANAGEMENT TASKS.

– MINIMAL AMOUNT OF SEPARATE EQUIPMENT. MINIMAL AMOUNT OF SEPARATE EQUIPMENT.

إدارة نظام إلى الحاجة إدارة ما نظام إلى الحاجة ماالشبكات؟الشبكات؟

Why the need for Why the need forNETWORK MANAGEMENTNETWORK MANAGEMENT

?SYSTEM?SYSTEM

إدارة نظام إلى الحاجة إدارة ما نظام إلى الحاجة ماالشبكات؟الشبكات؟

Why the need for Why the need for NETWORK MANAGEMENTNETWORK MANAGEMENT

SYSTEM?SYSTEM? تقديمها مع lتعقيدا وأكثر أكبر شبكات باتجاه تقديمها التطور مع lتعقيدا وأكثر أكبر شبكات باتجاه التطور

المستثمرين من العديد و التطبيقات من المستثمرين للكثير من العديد و التطبيقات من THE THE للكثيرTREND IS TOWARD LARGER, MORE COMPLEX NETWORKS TREND IS TOWARD LARGER, MORE COMPLEX NETWORKS

SUPPORTING MORE APPLICATIONS AND MORE USERS SUPPORTING MORE APPLICATIONS AND MORE USERS.. األخطاء األخطاء ازدياد والتطبيقات ازدياد الشبكات حجم ازدياد والتطبيقات مع الشبكات حجم ازدياد MORE MOREمع

THINGS CAN GO WRONGTHINGS CAN GO WRONG::الشبكة – من جزء فصل إمكانية إلى الشبكة الحاجة من جزء فصل إمكانية إلى DISABLING THE DISABLING THE الحاجة

NETWORK OR PART OF ITNETWORK OR PART OF IT..متدن – أداء إلى متدن الوصول أداء إلى DEGRADING PERFORMANCE TO AN DEGRADING PERFORMANCE TO AN الوصول

UNACCEPTABLE LEVELUNACCEPTABLE LEVEL.. الشبكات إدارة في البشري الجهد على االعتماد إمكانية الشبكات عدم إدارة في البشري الجهد على االعتماد إمكانية عدم

NOT ABLE TO BE MANAGED BY HUMAN EFFORT NOT ABLE TO BE MANAGED BY HUMAN EFFORTالكبيرةالكبيرةALONEALONE..

AUTOMATED NETWORK MANAGEMENT TOOLS IS AUTOMATED NETWORK MANAGEMENT TOOLS IS NEEDEDNEEDED..

اإلدارة نظام اإلدارة متطلبات نظام متطلباتNETWORK MANAGEMENT REQUIREMENTSNETWORK MANAGEMENT REQUIREMENTS

اإلدارة نظام اإلدارة متطلبات نظام متطلباتNETWORK MANAGEMENT REQUIREMENTSNETWORK MANAGEMENT REQUIREMENTS

BASED ON THE FEATURES THAT ARE MOST IMPORTANT TO USERSBASED ON THE FEATURES THAT ARE MOST IMPORTANT TO USERS::

للمنظومة االستراتيجية بالمصادر للمنظومة التحكم االستراتيجية بالمصادر التحكم CONTROLLING CORPORATE STRATEGIC ASSETSCONTROLLING CORPORATE STRATEGIC ASSETS

التعقيد بمستوى التعقيد التحكم بمستوى التحكم CONTROLLING COMPLEXITY.CONTROLLING COMPLEXITY.

الخدمات مستوى الخدمات تحسين مستوى تحسين IMPROVING SERVICE.IMPROVING SERVICE.

والحاجات المتطلبات في التوازن والحاجات تأمين المتطلبات في التوازن تأمين BALANCING VARIOUS NEEDS.BALANCING VARIOUS NEEDS.

والتوقفات اإلنقطاعات زمن والتوقفات تقليل اإلنقطاعات زمن تقليل REDUCING DOWNTIME.REDUCING DOWNTIME.

الكلفة الكلفة تخفيض تخفيض CONTROLLING COSTS.CONTROLLING COSTS.

SOFTWARESOFTWARE: IN : IN HOST COMPUTERSHOST COMPUTERS AND AND COMMUNICATIONS COMMUNICATIONS

PROCESSORSPROCESSORS (FRONT-END PROC., TERMINAL CLUSTER (FRONT-END PROC., TERMINAL CLUSTER CONTROLLERS, BRIDGES, ROUTERS).CONTROLLERS, BRIDGES, ROUTERS).

HARDWAREHARDWARE

A NETWORK MANAGEMENT SYSTEM IS DESIGNED TO VIEW THE A NETWORK MANAGEMENT SYSTEM IS DESIGNED TO VIEW THE ENTIRE NETWORK AS A UNIFIED ARCHITECTURE.ENTIRE NETWORK AS A UNIFIED ARCHITECTURE.

THE URGENCY OF SUCH TOOLS IS INCREASEDTHE URGENCY OF SUCH TOOLS IS INCREASED

LARGE NETWORKS ARE MORE COMPLEX AND MORE LARGE NETWORKS ARE MORE COMPLEX AND MORE HETEROGENEOUS.HETEROGENEOUS.

STANDARD NMS IS NEEDEDSTANDARD NMS IS NEEDED..

اإلدارة لنظام اإلضافية اإلدارة المكونات لنظام اإلضافية المكونات A NETWORK MANAGEMENT SYSTEM CONSISTS OF A NETWORK MANAGEMENT SYSTEM CONSISTS OF

ADDITIONALADDITIONAL::

اإلدارة لنظام اإلضافية اإلدارة المكونات لنظام اإلضافية المكوناتA NETWORK MANAGEMENT SYSTEM CONSISTS OF A NETWORK MANAGEMENT SYSTEM CONSISTS OF

ADDITIONALADDITIONAL::

ل محاورمحاورالال األساسية ل الوظيفية األساسية إدارة إدارة نظام نظام الوظيفيةمن المحددة من الشبكات المحددة المعيارية قبل قبل الشبكات المعيارية الهيئة ISOISOالهيئة

THE OSI MANAGEMENT FUNCTIONAL AREASTHE OSI MANAGEMENT FUNCTIONAL AREAS

ل محاورمحاورالال األساسية ل الوظيفية األساسية إدارة إدارة نظام نظام الوظيفيةمن المحددة من الشبكات المحددة المعيارية قبل قبل الشبكات المعيارية الهيئة ISOISOالهيئة

THE OSI MANAGEMENT FUNCTIONAL AREASTHE OSI MANAGEMENT FUNCTIONAL AREAS

األخطاء األخطاء إدارة FAULT MANAGEMENTFAULT MANAGEMENT إدارة الحسابات الحسابات إدارة ACCOUNTING MANAGEMENTACCOUNTING MANAGEMENT إدارة والتسميات التهيئة والتسميات إدارة التهيئة CONFIGURATION AND NAME CONFIGURATION AND NAME إدارة

MANAGEMENTMANAGEMENT األداء األداء إدارة PERFORMANCE MANAGEMENTPERFORMANCE MANAGEMENT إدارة الحمايات الحمايات إدارة SECURITY MANAGEMENTSECURITY MANAGEMENT إدارة

Although this functional classification was developed for the OSI Although this functional classification was developed for the OSI

environment, it has environment, it has gained broad acceptancegained broad acceptance by vendors of both by vendors of both standardized and proprietary network management systems.standardized and proprietary network management systems.

1. FAULT MANAGEMENT1. FAULT MANAGEMENT 1. FAULT MANAGEMENT1. FAULT MANAGEMENT

WHEN FAULT OCCURS, IT IS IMPORTANT, AS RAPIDLY AS WHEN FAULT OCCURS, IT IS IMPORTANT, AS RAPIDLY AS POSSIBLE, TO:POSSIBLE, TO:

DETERMINE EXACTLY WHERE THE FAULT IS.DETERMINE EXACTLY WHERE THE FAULT IS. ISOLATE THE REST OF THE NETWORK FROM THE ISOLATE THE REST OF THE NETWORK FROM THE

FAILURE TO FUNCTION WITHOUT INTERFERENCE.FAILURE TO FUNCTION WITHOUT INTERFERENCE. RECONFIGURE THE NETWORK TO MINIMIZE THE IMPACT RECONFIGURE THE NETWORK TO MINIMIZE THE IMPACT

OF OPERATION WITHOUT THE FAILED OF OPERATION WITHOUT THE FAILED COMPONENTS.COMPONENTS.

REPAIR OR REPLACE THE FAILED COMPONENTS TO REPAIR OR REPLACE THE FAILED COMPONENTS TO RESTORE THE NETWORK TO ITS INITIAL STATE. RESTORE THE NETWORK TO ITS INITIAL STATE.

المستثمر يتوقعه المستثمر ما يتوقعه USERS EXPECTUSERS EXPECTما الشبكة حالة عن الشبكة إعالمه حالة عن TO BE INFORMED OF THE NETWORK TO BE INFORMED OF THE NETWORK إعالمه

STATUSSTATUS.. خطأ أو عطل حالة أي عن مباشرة خطأ ابالغه أو عطل حالة أي عن مباشرة RECEIVING IMMEDIATE RECEIVING IMMEDIATE ابالغه

NOTIFICATION IN CASE OF FAULTNOTIFICATION IN CASE OF FAULT.. للمشكلة والموثوق السريع للمشكلة الحل والموثوق السريع FAST AND RELIABLE PROBLEM FAST AND RELIABLE PROBLEM الحل

RESOLUTIONRESOLUTION,, الشبكة عمل صحة على الشبكة التأكيد عمل صحة على REASSURANCE OF CORRECT REASSURANCE OF CORRECT التأكيد

NETWORK OPERATIONNETWORK OPERATION..تحقيق في lوموثوقا lسريعا يكون أن اإلدارة نظام على تحقيق يجب في lوموثوقا lسريعا يكون أن اإلدارة نظام على يجب

التاليالتالي

NM SHOULD HAVE VERY RAPID & RELIABLE:NM SHOULD HAVE VERY RAPID & RELIABLE: FAULT-DETECTION & DIAGNOSTIC-MANAGEMENT FUNCTIONS. FAULT-DETECTION & DIAGNOSTIC-MANAGEMENT FUNCTIONS. MINIMIZING DURATION OF FAULTS BY USING REDUNDANT MINIMIZING DURATION OF FAULTS BY USING REDUNDANT

COMPONENTS AND ALTERNATE COMMUNICATION ROUTES.COMPONENTS AND ALTERNATE COMMUNICATION ROUTES.

FAULT MANAGEMENT SHOULD HAVE A MINIMAL EFFECT ON NETWORK FAULT MANAGEMENT SHOULD HAVE A MINIMAL EFFECT ON NETWORK PERFORMANCE.PERFORMANCE.

2. ACCOUNTING MANAGEMENT2. ACCOUNTING MANAGEMENT2. ACCOUNTING MANAGEMENT2. ACCOUNTING MANAGEMENT

USERS ARE CHARGED FOR THE USE OF NETWORK USERS ARE CHARGED FOR THE USE OF NETWORK SERVICES. SERVICES.

IF NO SUCH INTERNAL CHARGING IS EMPLOYED, THE IF NO SUCH INTERNAL CHARGING IS EMPLOYED, THE NETWORK MANAGER NEEDS TO BE ABLE TO TRACK NETWORK MANAGER NEEDS TO BE ABLE TO TRACK THE USE OF NETWORK FOR SOME REASONS, THE USE OF NETWORK FOR SOME REASONS, INCLUDING:INCLUDING:

– USER(S) MAY BE ABUSING THEIR ACCESS PRIVILEGES & BURDENING USER(S) MAY BE ABUSING THEIR ACCESS PRIVILEGES & BURDENING THE NETWORK AT THE EXPENSE OF OTHERS.THE NETWORK AT THE EXPENSE OF OTHERS.

– USERS MAY BE MAKING INEFFICIENT USE OF THE NETWORK, AND USERS MAY BE MAKING INEFFICIENT USE OF THE NETWORK, AND THE NMer CAN ASSIST IN CHANGING PROCEDURES TO IMPROVE THE NMer CAN ASSIST IN CHANGING PROCEDURES TO IMPROVE PERFORMANCE. PERFORMANCE.

NMer IS IN A BETTER POSITION TO PLAN FOR NMer IS IN A BETTER POSITION TO PLAN FOR NETWORK GROWTH IF USER ACTIVITY IS KNOWN.NETWORK GROWTH IF USER ACTIVITY IS KNOWN.

3.CONFIGURATION & NAME 3.CONFIGURATION & NAME MANAGEMENTMANAGEMENT

3.CONFIGURATION & NAME 3.CONFIGURATION & NAME MANAGEMENTMANAGEMENT

INITIALIZING A NETWORK AND GRACEFULLY INITIALIZING A NETWORK AND GRACEFULLY SHUTTING DOWN PART OR ALL OF THE NETWORK.SHUTTING DOWN PART OR ALL OF THE NETWORK.

MAINTAINING, ADDING & UPDATING THE MAINTAINING, ADDING & UPDATING THE RELATIONSHIPS AMONG COMPONENTS AND THEIR RELATIONSHIPS AMONG COMPONENTS AND THEIR STATUS DURING NETWORK OPERATION.STATUS DURING NETWORK OPERATION.

IDENTIFY THE COMPONENTS THAT COMPRISE THE IDENTIFY THE COMPONENTS THAT COMPRISE THE NETWORKNETWORK

DEFINE THE DESIRED CONNECTIVITY OF DEFINE THE DESIRED CONNECTIVITY OF COMPONENTS. COMPONENTS.

WAYS TO DEFINE AND MODIFY DEFAULT ATTRIBUTES WAYS TO DEFINE AND MODIFY DEFAULT ATTRIBUTES LOAD THESE PRE-DEFINED SETS OF ATTRIBUTES.LOAD THESE PRE-DEFINED SETS OF ATTRIBUTES.

THE NETWORK MANAGER NEEDS THE CAPABILITY THE NETWORK MANAGER NEEDS THE CAPABILITY TOTO CHANGE THE CONNECTIVITY OF NETWORK CHANGE THE CONNECTIVITY OF NETWORK COMPONENTS WHEN USERS' NEEDS CHANGE. COMPONENTS WHEN USERS' NEEDS CHANGE.

RECONFIGURATION OF A NETWORK IS DESIRED IN RECONFIGURATION OF A NETWORK IS DESIRED IN RESPONSE TO PERFORMANCE EVALUATION OR RESPONSE TO PERFORMANCE EVALUATION OR NETWORK UPGRADE, FAULT RECOVERY, OR NETWORK UPGRADE, FAULT RECOVERY, OR SECURITY CHECKS.SECURITY CHECKS.

USERS SHOULD BE NOTIFIED OF THE CHANGES. USERS SHOULD BE NOTIFIED OF THE CHANGES. OFTEN THEY INQUIRE ABOUT THE UPCOMING OFTEN THEY INQUIRE ABOUT THE UPCOMING STATUS OF RESOURCES AND THEIR ATTRIBUTES STATUS OF RESOURCES AND THEIR ATTRIBUTES BEFORE RECONFIGURATION, USERS. BEFORE RECONFIGURATION, USERS.

ONLYONLY AUTHORIZED USERS (OPERATORS) MANAGE AUTHORIZED USERS (OPERATORS) MANAGE AND CONTROL NETWORK OPERATION AND CONTROL NETWORK OPERATION

(E.G.., SOFTWARE DISTRIBUTION AND UPDATING)(E.G.., SOFTWARE DISTRIBUTION AND UPDATING)..

4.PERFORMANCE MANAGEMENT4.PERFORMANCE MANAGEMENT4.PERFORMANCE MANAGEMENT4.PERFORMANCE MANAGEMENT

IT COMPRISES TWO BROAD FUNCTIONAL CATEGORIES: IT COMPRISES TWO BROAD FUNCTIONAL CATEGORIES:

– MONITORINGMONITORING : TRACKS ACTIVITIES ON THE : TRACKS ACTIVITIES ON THE NETWORK.NETWORK.

– CONTROLLINGCONTROLLING: MAKE ADJUSTMENTS TO IMPROVE : MAKE ADJUSTMENTS TO IMPROVE NETWORK PERFORMANCE.NETWORK PERFORMANCE.

SOME OF THE PERFORMANCE ISSUES ARESOME OF THE PERFORMANCE ISSUES ARE:: WHAT IS THE LEVEL OF CAPACITY UTILIZATION?WHAT IS THE LEVEL OF CAPACITY UTILIZATION? IS THERE EXCESSIVE TRAFFIC?IS THERE EXCESSIVE TRAFFIC? HAS THROUGHPUT REDUCED TO UNACCEPTABLE HAS THROUGHPUT REDUCED TO UNACCEPTABLE

LEVELS'? LEVELS'? ARE THERE BOTTLENECKS?ARE THERE BOTTLENECKS? IS RESPONSE TIME INCREASING?IS RESPONSE TIME INCREASING?

USER USER MAY WANT TO KNOW THINGS AS :MAY WANT TO KNOW THINGS AS :– THE AVERAGE AND WORST-CASE RESPONSE TIMES.THE AVERAGE AND WORST-CASE RESPONSE TIMES.

– THE RELIABILITY OF NETWORK SERVICESTHE RELIABILITY OF NETWORK SERVICES. .

NMer NMer NEED PERFORMANCE STATISTICS TO HELP HEM NEED PERFORMANCE STATISTICS TO HELP HEM IN :IN :

ANSWER ALL USER’S QUERIES.ANSWER ALL USER’S QUERIES. PLAN, MANAGE & MAINTAIN LARGE NETWORKS. PLAN, MANAGE & MAINTAIN LARGE NETWORKS. TAKE CORRECTION ACTIONS:TAKE CORRECTION ACTIONS:

– CHANGING ROUTING TABLES .CHANGING ROUTING TABLES .

– BALANCE OR REDISTRIBUTE TRAFFIC LOAD DURING TIMES BALANCE OR REDISTRIBUTE TRAFFIC LOAD DURING TIMES OF PEAK USE OR A BOTTLENECK.OF PEAK USE OR A BOTTLENECK.

5.SECURITY MANAGEMENT5.SECURITY MANAGEMENT5.SECURITY MANAGEMENT5.SECURITY MANAGEMENT

PROVIDES FACILITIES FOR PROTECTION OF A PROVIDES FACILITIES FOR PROTECTION OF A NETWORK MANAGEMENT SYSTEM.NETWORK MANAGEMENT SYSTEM.

MONITORING &CONTROLLING ACCESS TO MONITORING &CONTROLLING ACCESS TO NETWORKS, AND TO ALL PART OF NM NETWORKS, AND TO ALL PART OF NM INFORMATION ON THE NODES.INFORMATION ON THE NODES.

GENERATE, DISTRIBUTE & STORE ENCRYPTION GENERATE, DISTRIBUTE & STORE ENCRYPTION KEYS, PASSWORDS, AND OTHER AUTHORIZATION KEYS, PASSWORDS, AND OTHER AUTHORIZATION OR ACCESS CONTROL INFORMATION. OR ACCESS CONTROL INFORMATION.

THIS FACILITIES SHOULD BE AVAILABLE TO THIS FACILITIES SHOULD BE AVAILABLE TO AUTHORIZED USERS ONLYAUTHORIZED USERS ONLY..

NETWORK MANAGEMENT NETWORK MANAGEMENT CONFIGURATIONCONFIGURATION

NETWORK MANAGEMENT NETWORK MANAGEMENT CONFIGURATIONCONFIGURATION

EACH NODE CONTAIN A COLLECTION OF NM -EACH NODE CONTAIN A COLLECTION OF NM -SOFTWARE : NETWORK MANAGEMENT ENTITY -SOFTWARE : NETWORK MANAGEMENT ENTITY -NME- PERFORMS:NME- PERFORMS:

COLLECTING STATISTICS ON COMMUNICATION COLLECTING STATISTICS ON COMMUNICATION ACTIVITIES.ACTIVITIES.

– STORE THEM LOCALLY.STORE THEM LOCALLY.

– RESPONDS TO NM CENTRE COMMANDS:RESPONDS TO NM CENTRE COMMANDS:

– TRANSMIT COLLECTED STATISTICS TO TRANSMIT COLLECTED STATISTICS TO CENTRE.CENTRE.

– CHANGE A PARAMETER.CHANGE A PARAMETER.

– PROVIDE STATUS INFORMATION.PROVIDE STATUS INFORMATION.

– GENERATE ARTIFICIAL TRAFFIC FOR TEST.GENERATE ARTIFICIAL TRAFFIC FOR TEST.

ONE HOST IN THE NETWORK SHOULD BE ONE HOST IN THE NETWORK SHOULD BE NETWORK-CONTROL HOST (MANAGER)NETWORK-CONTROL HOST (MANAGER)

IT CONTAINS IT CONTAINS NME NME + NETWORK MANAGEMENT + NETWORK MANAGEMENT APPLICATION SOFTWARE (NMA).APPLICATION SOFTWARE (NMA).

NMA HAS OPERATOR INTERFACE.NMA HAS OPERATOR INTERFACE.

TO MAINTAIN HIGH AVAILABILITY : 2 OR MORE HOSTS TO MAINTAIN HIGH AVAILABILITY : 2 OR MORE HOSTS WITH NMA ARE USED.WITH NMA ARE USED.

NMA = NETWORK MANAGEMENT APPLICATIONNME =NETWORK MANAGEMENT ENTITYAPPL. = APPLICATION; COM = COMMUNICATION SOFTWAREOS = OPERATING SYSTEM

HOST(AGENT)

OS

COMNME APPL

NMAOS

COMNME APPL

NME

COMCOM

OS

NME

COMCOM

OS

NETWORK-CONTROLLER HOST (MANAGER)

MONITOR

HOST (AGENT)

OS

COMNME APPL

FRONT-END PROC.

CLUSTER CONTROLLER

NETWORK MANAGEMENT NETWORK MANAGEMENT SOFTWARE ARCHITECTURESOFTWARE ARCHITECTURENETWORK MANAGEMENT NETWORK MANAGEMENT

SOFTWARE ARCHITECTURESOFTWARE ARCHITECTURE

USER PRESENTATION SOFTWAREUSER PRESENTATION SOFTWARE

NETWORK MANAGEMENT SOFTWARENETWORK MANAGEMENT SOFTWARE

COMMUNICATION & DATABASE SUPPORT COMMUNICATION & DATABASE SUPPORT SOFTWARESOFTWARE

1. USER PRESENTATION 1. USER PRESENTATION SOFTWARESOFTWARE

1. USER PRESENTATION 1. USER PRESENTATION SOFTWARESOFTWARE

INTERACTION BETWEEN A USER AND THE INTERACTION BETWEEN A USER AND THE NM SOFTWARE.NM SOFTWARE.

ALLOW USER TO MONITOR & CONTROL THE ALLOW USER TO MONITOR & CONTROL THE NETWORK.NETWORK.

IT ORGANIZE, SUMMARIZE & SIMPLIFY THE IT ORGANIZE, SUMMARIZE & SIMPLIFY THE INFORMATION (GRAPHIC PRESENTATION).INFORMATION (GRAPHIC PRESENTATION).

USUALLY LOCATED ON THE MANAGER USUALLY LOCATED ON THE MANAGER HOSTHOST

IT MAY BE LOCATED ON AN AGENT FOR IT MAY BE LOCATED ON AN AGENT FOR TESTING & DEBUGGING, VIEW /SET SOME TESTING & DEBUGGING, VIEW /SET SOME LOCAL PARAMETERS.LOCAL PARAMETERS.

ALL INTERFACES SHOULD BE UNIFIED.ALL INTERFACES SHOULD BE UNIFIED.

2.NETWORK MANAGEMENT 2.NETWORK MANAGEMENT SOFTWARESOFTWARE

2.NETWORK MANAGEMENT 2.NETWORK MANAGEMENT SOFTWARESOFTWARE

ITS VARY IN COMPLEXITY ( BASED ON THE THE ITS VARY IN COMPLEXITY ( BASED ON THE THE NETWORK TYPE (LAN, WAN, T1, ..ETC..)NETWORK TYPE (LAN, WAN, T1, ..ETC..)

IT MAY ORGANIZE IN 3- LAYERS:IT MAY ORGANIZE IN 3- LAYERS: TOPTOP: COLLECTION OF: COLLECTION OF NM NM APPLS. OF USER APPLS. OF USER

INTEREST.INTEREST. MIDDLEMIDDLE: NM-APPLICATION FOR MONITOR & : NM-APPLICATION FOR MONITOR &

CONTROL THE LOCAL NODE.CONTROL THE LOCAL NODE.– EACH APPL. COVERS BROAD AREA OF NETWORK EACH APPL. COVERS BROAD AREA OF NETWORK

MANAGEMENT. MANAGEMENT.

– APPLICATION ELEMENT: PRIMITIVE & BASIC FUNCTIONAPPLICATION ELEMENT: PRIMITIVE & BASIC FUNCTION

LOWLOW: NM-DATA TRANSPORT SERVICES, ITS A : NM-DATA TRANSPORT SERVICES, ITS A PROTOCOL TO X-CHANGE MANAGEMENT INFO. PROTOCOL TO X-CHANGE MANAGEMENT INFO. AMONG NET-MANAGEMENT ELEMENTS:AMONG NET-MANAGEMENT ELEMENTS:

– GET, SET PARAMETER, ,GENERATE NOTIFICATION ... ETC..GET, SET PARAMETER, ,GENERATE NOTIFICATION ... ETC..

3. NM SUPPORT SOFTWARE3. NM SUPPORT SOFTWARE3. NM SUPPORT SOFTWARE3. NM SUPPORT SOFTWARE

PROVIDES:PROVIDES: ACCESS TO LOCAL & REMOTE ACCESS TO LOCAL & REMOTE

MANAGEMENT INFORMATION BASE (MIB)MANAGEMENT INFORMATION BASE (MIB)– MIB : IS A DATA BASE CONTAINS THE NEEDED MIB : IS A DATA BASE CONTAINS THE NEEDED

INFORMATION ABOUT THE NODE.INFORMATION ABOUT THE NODE.

COMMUNICATION WITH OTHER NODES COMMUNICATION WITH OTHER NODES (GENTS, MANAGERS) BY A (GENTS, MANAGERS) BY A COMMUNICATIONS-PROTOCOL STACK.COMMUNICATIONS-PROTOCOL STACK.

L1

L2

L3

UNIFIED USER INTERFACE

USER PRESENTATION SOFTWARE

NM APPLICATION NM APPLICATION

APP. ELEM. APP. ELEM.APP. ELEM.

NM DATA TRANSPORT SERVICE

MIB ACCESS MODULE

COMM. PROTOCOL STACK

MIBMANAGED NET

MANAGING THE NON-NM MANAGING THE NON-NM SUPPORTED NETWORK SUPPORTED NETWORK

CONPONENTSCONPONENTS

MANAGING THE NON-NM MANAGING THE NON-NM SUPPORTED NETWORK SUPPORTED NETWORK

CONPONENTSCONPONENTS

OLDER SYSTEMS & SMALL ONES ( MODEM, OLDER SYSTEMS & SMALL ONES ( MODEM, MUX) DO NOT SUPPORT ADDITIONAL NM MUX) DO NOT SUPPORT ADDITIONAL NM SOFTWARE.SOFTWARE.

USE ONE AGENT TO SERVE AS PROXY: IT USE ONE AGENT TO SERVE AS PROXY: IT TRANSLATES THE COMMANDS TO THE TRANSLATES THE COMMANDS TO THE NODE AND THE RESPONSE TO THE NODE AND THE RESPONSE TO THE MANAGER.MANAGER.

RPC MECHANISM IS USED.RPC MECHANISM IS USED.

MANAGE-MENTS APPL.

CLIENT STUB

PROTOCOL STACK

PROXY MANAGER

SERVER STUBCLIENT

PROXY STUB

PROTOCOL STACK

PROTOCOLSTACK

PROPRIETARY MAN. INTERFACE

SERVER PROXY STUB

PROTOCOL STACK

STANDARD OPERATIONAND EVENT REPORTS

PROPRIETARY OPERATIONAND EVENT REPORT

DISTRIBUTED NETWORK DISTRIBUTED NETWORK MANAGEMENTMANAGEMENT

DISTRIBUTED NETWORK DISTRIBUTED NETWORK MANAGEMENTMANAGEMENT

CENTRALIZED COMPUTING MODEL HAS CENTRALIZED COMPUTING MODEL HAS GIVEN WAY TO DISTRIBUTED COMPUTING GIVEN WAY TO DISTRIBUTED COMPUTING ARCHITECTUR E.ARCHITECTUR E.

DISTRIBUTED NETWORK MANAGEMENT DISTRIBUTED NETWORK MANAGEMENT BASED ON HIERARCHIACAL MODEL:BASED ON HIERARCHIACAL MODEL:

– DISTRIBUTED MANAGEMENT STATION WITH DISTRIBUTED MANAGEMENT STATION WITH LIMITED ACCESS: MONITOR & CONTROL.LIMITED ACCESS: MONITOR & CONTROL.

– CENTRAL WORK STATION WITH GLOBAL CENTRAL WORK STATION WITH GLOBAL ACCESS RIGHTS.ACCESS RIGHTS.

BENEFITS:BENEFITS: MINIMIZING THE NM TRAFFIC.MINIMIZING THE NM TRAFFIC.

EASY TO MODITY AND UPDATE THE SYSTEM.EASY TO MODITY AND UPDATE THE SYSTEM.

ELIMINATES THE SINGLE POINT OF FAILURE.ELIMINATES THE SINGLE POINT OF FAILURE.

NETWORK MANAGEMENT: NETWORK MANAGEMENT: STANDARDSSTANDARDS

INTERNET INTERNET ENGINEERING TASK FORCE (IETF)

• OPERATIONS AND MANAGEMENT AREA• SNMP

ISO• ISO-IEC/JTC 1/WG 4• OSI• CMIP-CMIS (Common Management Information Protocol/Service)

ITU-TITU-T• SG IV• TMN

OTHERSOTHERS• DMTF• TM FORUM• OMG• IEEE• ...

CHARACTERISTICSCHARACTERISTICSIETFIETF

• • MANAGEMENT SHOULD BE SIMPLEMANAGEMENT SHOULD BE SIMPLE

• • VARIABLE ORIENTED APPROACHVARIABLE ORIENTED APPROACH

• • MANAGEMENT INFORMATION EXCHANGES MAY BE UNRELIABLEMANAGEMENT INFORMATION EXCHANGES MAY BE UNRELIABLE

ISOISO

• • MANAGEMENT SHOULD BE POWERFULMANAGEMENT SHOULD BE POWERFUL

• • OBJECT ORIENTED APPROACHOBJECT ORIENTED APPROACH

• • MANAGEMENT INFORMATION MUST BE EXCHANGED IN A RELIABLE FASHIONMANAGEMENT INFORMATION MUST BE EXCHANGED IN A RELIABLE FASHION

TMNTMN

• • DEFINES ONLY A MANAGEMENT ARCHITECTUREDEFINES ONLY A MANAGEMENT ARCHITECTURE

• • THE ACTUAL PROTOCOLS ARE THOSE OF OSITHE ACTUAL PROTOCOLS ARE THOSE OF OSI

• • OUT-OF-BAND MANAGEMENTOUT-OF-BAND MANAGEMENT

HISTORYHISTORY

1980 1982 1984 1986 1988 1990 1992 1994 1996 1998 2000

SNMP

OSI

TMN

البرتوكول نجح البرتوكول لماذا نجح كمعيار كمعيار SNMPSNMPلماذا؟؟ISOISOوليس وليس

WHY DID SNMP SUCCEEDWHY DID SNMP SUCCEED??

STANDARDS CAN BE OBTAINED FOR FREESTANDARDS CAN BE OBTAINED FOR FREE

STANDARDS ARE AVAILABLE FROM FTP & WWW STANDARDS ARE AVAILABLE FROM FTP & WWW SERVERSSERVERS IN AN ELECTRONIC FORMIN AN ELECTRONIC FORM

RAPID DEVELOPMENT OF STANDARDSRAPID DEVELOPMENT OF STANDARDS

PROTOTYPES MUST DEMONSTRATE THE NEED FOR,PROTOTYPES MUST DEMONSTRATE THE NEED FOR, AND THE FEASIBILITY OF STANDARDSAND THE FEASIBILITY OF STANDARDS

IETF STANDARDIZATIONIETF STANDARDIZATIONW O R KIN G

D O C U M EN T

PROPOSEDSTANDARD

FULLSTANDARD

HISTORICAL

HISTORICAL

implementationexperience

after a maximum

after a maximumof 4 years

of 2 years

several independentimplementationsmust interwork

must be obtained

DRAFTSTANDARD

ISO STANDARDIZATIONISO STANDARDIZATION

W O R KIN GD O C U M EN T

COMMITTEEDRAFT

FULLSTANDARD

TECHNICAL REPORT

TECHNICAL REPORT

nobodyimplements!

still nobodyimplements!!

DRAFTINTERNATIONAL

STANDARD

SNMP HISTORYSNMP HISTORY

pro

po

se

ds

tan

da

rd

i mp

lem

en

t ati

on

ex

pe

rie

nc

e

1987 1988 1989 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999

CMOT :Common Management Information Protocol (CMIP) Over TCP/IP

SGMP

HEMS/HEMP

SNMP

SNMPSMP

SNMPv2

(parties)security

SNMPv2

(community)SNMPv3

dr a

f ts

tan

da

rd

full

sta

nd

ard

his

tor i

c

pro

po

se

ds

tan

da

rd

dr a

f ts

tan

da

rd

pro

po

se

ds

tan

da

rd

dr a

f ts

tan

da

rd

HEMS/HEMP: High-level Entity-Management System/Protocol

NETWORK MANAGEMENT NETWORK MANAGEMENT STANDARD PROTOCOLSSTANDARD PROTOCOLS

NETWORK MANAGEMENT NETWORK MANAGEMENT STANDARD PROTOCOLSSTANDARD PROTOCOLS

SNMP FAMILY: SET OF STANDARDS INCLUDING SNMP FAMILY: SET OF STANDARDS INCLUDING PROTOCOLS, DB-STRUCTURE & SET OF DATA PROTOCOLS, DB-STRUCTURE & SET OF DATA OBJECTS. OBJECTS.

1989, IT ADOPTED AS STANDARD FOR TCP/IP -1989, IT ADOPTED AS STANDARD FOR TCP/IP -BASED INTERNET .BASED INTERNET .

1992 SNMP + SECURITY ENHANCEMENT1992 SNMP + SECURITY ENHANCEMENT

SNMPv2 ( adopted in 1993)SNMPv2 ( adopted in 1993) OSI : LARGE, COMPLEX SET OF STANDERDS FOR OSI : LARGE, COMPLEX SET OF STANDERDS FOR

GENERAL PURPOSE NETWORK MANAGEMENT GENERAL PURPOSE NETWORK MANAGEMENT APPLICATIONS.APPLICATIONS.

OSI HISTORYOSI HISTORY

1980 1982 1984 1986 1988 1990 1992 1994 1996 1998 2000

SC21/WG4

SYSTEMS MGT.

ESTABLISHED

OVERVIEW

MANAGEMENT FUNCTIONS

MANAGEMENTFRAMEWORK

CMIS/CMIP

TMN HISTORYTMN HISTORY

1980 1982 1984 1986 1988 1990 1992 1994 1996 1998 2000

WORK ON TMNSTARTED BY SGIV

M30

IDEAS FROM OSI MGT.

M3010

M3010 (rev.)

WORK STARTED ON DERIVED STANDARDS

RESPONSIBILITY MODEL PART OF MAIN TEXT

RESPONSIBILITY MODEL BECAME ANNEX

الثانية الثانية المحاضرة المحاضرة

الثانية الثانية المحاضرة المحاضرةالمنهاج مم المنهاج حاور حاور

Course OutlineCourse Outline

الثانية الثانية المحاضرة المحاضرةالمنهاج مم المنهاج حاور حاور

Course OutlineCourse Outline الشبكات إدارة نظم وأهمية الشبكات تعريف إدارة نظم وأهمية تعريف الشبكات إدارة نظم الشبكات مكونات إدارة نظم مكونات بروتوكوالت تطور عن تاريخية بروتوكوالت لمحة تطور عن تاريخية لمحة



البرتوكول البرتوكولSNMPv2SNMPv2 البرتوكول البرتوكولSNMPv3SNMPv3بعد برتوكولبرتوكول عن بعد اإلدارة عن RMONRMON اإلدارةWeb-based ManagementWeb-based Management

SNMPSNMPSimple Network Management ProtocolSimple Network Management Protocol

What is SNMP?What is SNMP?SNMP VersionsSNMP VersionsPRINCIPLE OPERATIONPRINCIPLE OPERATIONThe Three Parts of SNMPThe Three Parts of SNMP

– SNMP Protocol– Structure of Management Information (SMI)– Management Information Base (MIB)

SNMPV1 Message Formats

Basic tasks that fall under this category areBasic tasks that fall under this category are::

What is Network ManagementWhat is Network Management??

•Fault Management•Dealing with problems and emergencies in the network (router stops routing, server loses power, etc.)

•Performance Management•How smoothly is the network running? •Can it handle the workload it currently has?

•Configuration Management•Keeping track of device settings and how they function

Network Management must beNetwork Management must be......

The management interface must be...

The management mechanism must be...

•Standardized

•Extendible

•Portable

•Inexpensive

•Implemented as software only

Functional Areas of Network Functional Areas of Network ManagementManagement

Configuration Management - inventory, configuration, provisioning

Fault Management - reactive and proactive network fault management

Performance Management - # of packets dropped, timeouts, collisions, CRC errors

Security Management - SNMP doesn’t provide much here

Accounting Management - cost management and chargeback assessment

Asset Management - statistics of equipment, facility, and administration personnel

Planning Management - analysis of trends to help justify a network upgrade or bandwidth increase

SNMP & Network Management HistorySNMP & Network Management History

19831983 - TCP/IP replaces ARPANET at U.S. Dept. of Defense, effective birth of Internet - TCP/IP replaces ARPANET at U.S. Dept. of Defense, effective birth of Internet First model for net management - First model for net management - HEMSHEMS - High-Level Entity Management System ( - High-Level Entity Management System (RFCs 1021,1022,1024,1076RFCs 1021,1022,1024,1076)) 19871987 - ISO OSI proposes - ISO OSI proposes CMIPCMIP - Common Management Information Protocol, and - Common Management Information Protocol, and CMOTCMOT (CMIP over TCP) for the (CMIP over TCP) for the

actual network management protocol for use on the internetactual network management protocol for use on the internet Nov. 1987Nov. 1987 - - SGMPSGMP - Simple Gateway Monitoring protocol ( - Simple Gateway Monitoring protocol (RFC 1028RFC 1028)) 19891989 - Marshall T. Rose heads up - Marshall T. Rose heads up SNMPSNMP working group to create a common network management framework to be working group to create a common network management framework to be

used by both used by both SGMPSGMP and and CMOTCMOT to allow for transition to to allow for transition to CMOTCMOT Aug. 1989Aug. 1989 - “ - “Internet-standard Network Management FrameworkInternet-standard Network Management Framework” defined (” defined (RFCs 1065, 1066, 1067RFCs 1065, 1066, 1067)) Apr. 1989Apr. 1989 - - SNMPSNMP promoted to promoted to recommendedrecommended status as the de facto TCP/IP network management framework ( status as the de facto TCP/IP network management framework (RFC RFC

10981098)) June 1989June 1989 - IAB committee decides to let - IAB committee decides to let SNMPSNMP and and CMOTCMOT develop separately develop separately May 1990May 1990 - IAB promotes - IAB promotes SNMPSNMP to a to a standard protocol with a recommended statusstandard protocol with a recommended status ( (RFC 1157RFC 1157)) Mar. 1991Mar. 1991 - format of MIBs and traps defined ( - format of MIBs and traps defined (RFCs 1212, 1215RFCs 1212, 1215)) TCP/IP MIB definition revised to create TCP/IP MIB definition revised to create SNMPv1 SNMPv1 (RFC 1213)(RFC 1213)

VersionsVersions

•Two major versions SNMPv1, SNMPv2

•SNMPv1 is the recommended standard

•SNMPv2 has become split into:

•SNMPv2u - SNMPv2 with user-based security

•SNMPv2* - SNMPv2 with user-based security and additional features

•SNMPv2c - SNMPv2 without security

What is SNMPWhat is SNMP??

SNMP is a tool (protocol) that allows for remote and SNMP is a tool (protocol) that allows for remote and local management of items on the network including local management of items on the network including servers, workstations, routers, switches and other servers, workstations, routers, switches and other managed devices.managed devices.

Comprised of Comprised of agentsagents and and managersmanagers

•Agent - process running on each managed node collecting information about the device it is running on.

•Manager - process running on a management workstation that requests information about devices on the network.

Advantages of using SNMPAdvantages of using SNMP

StandardizedStandardized universally supporteduniversally supported extendibleextendible portableportable allows distributed management accessallows distributed management access lightweight protocollightweight protocol

Client Pull & Server PushClient Pull & Server Push

SNMP is a “client pull” modelSNMP is a “client pull” model

SNMP is a “server push” modelSNMP is a “server push” model

The management system (client) “pulls” data from the agent (server).

The agent (server) “pushes” out a trap message to a (client) management system

PRINCIPLE OPERATIONPRINCIPLE OPERATION

MANAGER

AGENTS

SNMP

MIB


MANAGER

AGENTS

TRAPS

POLLING

MIB


MANAGER

AGENTS

GET / SET

TRAP

MIB


MANAGER

AGENTS

TABLES

VARIABLES

SNMP STRUCTURESNMP STRUCTUREMANAGER AGENT

CONNECTIONLESS TRANSPORT SERVICE PROVIDER

SNMP PDUs

UDP

Management ApplicationMIB

SNMP & The OSI ModelSNMP & The OSI Model

Management and Agent APIs 7 Application Layer SNMP

6 Presentation Layer ASN.1 and BER 5 Session Layer RPC and NetBIOS 4 Transport Layer TCP and UDP 3 Network Layer IP and IPX 2 Data Link Layer 1 Physical Layer

Ethernet, Token Ring, FDDI

Management and Agent APIs 7 Application Layer SNMP

6 Presentation Layer ASN.1 and BER 5 Session Layer RPC and NetBIOS 4 Transport Layer TCP and UDP 3 Network Layer IP and IPX 2 Data Link Layer 1 Physical Layer

Ethernet, Token Ring, FDDI

Ports & UDPPorts & UDP

•SNMP uses User Datagram Protocol (UDP) as the transport mechanism for SNMP messages

•UDP Port 161 - SNMP Messages

•UDP Port 162 - SNMP Trap Messages

•Like FTP, SNMP uses two well-known ports to operate:

Ethernet Frame IP

PacketUDP

Datagram

SNMP Message CRC

SNMP network management is based on three partsSNMP network management is based on three parts::

The Three Parts of SNMPThe Three Parts of SNMP

•Structure of Management Information (SMI)•Rules specifying the format used to define objects managed on the network that the SNMP protocol accesses

•Management Information Base (MIB)•A map of the hierarchical order of all managed objects and how they are accessed

•SNMP Protocol•Defines format of messages exchanged by management systems and agents.•Specifies the Get, GetNext, Set, and Trap operations

NodesNodes

Items in an SNMP Network are called nodes. There are different types of nodes.

•Managed nodes

•Management nodes

•Nodes that are not manageable by SNMP

Typically runs an agent process that services requests from a management node

Typically a workstation running some network management & monitoring software

A node may not support SNMP, but may be manageable by SNMP through a proxy agent running on another machine

Nodes can be both managed nodes and a management node at the same time (typically this is the case, since you want to be able to manage the workstation that your management application is running on.)

Community NamesCommunity Names

Community names are used to define where an SNMP message is destined for.

They mirror the same concept as a Windows NT or Unix domain.

•Set up your agents to belong to certain communities.

•Set up your management applications to monitor and receive traps from certain community names.

SNMP AgentsSNMP Agents

Two basic designs of agentsTwo basic designs of agents

•Extendible Agents

•Monolithic Agents•not extendible

•optimized for specific hardware platform and OS

•this optimization results in less overhead (memory and system resources) and quicker execution

•Open, modular design allows for adaptations to new management data and operational requirements

Proxy & Gateway AgentsProxy & Gateway Agents

Proxy & Gateway Agents extend the capabilities of SNMP by allowing it to:

•Manage a device that cannot support an SNMP agent

•Manage a device that supports a non-SNMP management agent

•Allow a non-SNMP management system to access an SNMP agent

•Provide firewall-type security to other SNMP agents (UDP packet filtering)

•Translate between different formats of SNMP messages (v1 and v2)

•Consolidate multiple managed nodes into a single network address (also to provide a single trap destination)

Four Basic OperationsFour Basic Operations

•Get

•GetNext

•Set

•Trap

Retrieves the value of a MIB variable stored on the agent machine

(integer, string, or address of another MIB variable)

Retrieves the next value of the next lexical MIB variable

Changes the value of a MIB variable

An unsolicited notification sent by an agent to a management application (typically a notification of something unexpected, like an error)

TrapsTraps

•Traps are unrequested event reports that are sent to a management system by an SNMP agent process

•When a trappable event occurs, a trap message is generated by the agent and is sent to a trap destination (a specific, configured network address)

•Many events can be configured to signal a trap, like a network cable fault, failing NIC or Hard Drive, a “General Protection Fault”, or a power supply failure

•Traps can also be throttled -- You can limit the number of traps sent per second from the agent

•Traps have a priority associated with them -- Critical, Major, Minor, Warning, Marginal, Informational, Normal, Unknown

Trap ReceiversTrap Receivers

•Traps are received by a management application.

•Management applications can handle the trap in a few ways:•Poll the agent that sent the trap for more information about the event, and the status of the rest of the machine.

•Log the reception of the trap.

•Completely ignore the trap.

•Management applications can be set up to send off an e-mail, call a voice mail and leave a message, or send an alpha-numeric page to the network administrator’s pager that says:

Your PDC just Blue-Screened at 03:46AM. Have a nice day. :)

Languages of SNMPLanguages of SNMP

•Structure of Management Information (SMI)

•Abstract Syntax Notation One (ASN.1)

•Basic Encoding Rules (BER)

specifies the format used for defining managed objects that are accessed via the SNMP protocol

used to define the format of SNMP messages and managed objects (MIB modules) using an unambiguous data description format

used to encode the SNMP messages into a format suitable for transmission across a network

SMIv1SMIv1Structure of Management Information

SMIv1 is described in RFCs 1155, 1212, 1215

These RFCs describe:

•How MIB modules are defined with CCITT X.208 ASN.1 data description language

•The subset of the ASN.1 language that is used in MIBs

•The addition of the APPLICATION data type to ASN.1, specifically for use with SNMP MIBs

•All ASN.1 constructs are serialized using the CCITT X.209 BER for transmission across the wire

•definition of the high-level structure of the Internet branch (iso(1).org(3).dod(6).internet(1)) of the MIB naming tree

•the definition and description of an SNMP managed object

SMIv2SMIv2Structure of Management Information

SMIv2 is described in RFCs 1442, 1443, 1444

These RFCs describe:

•SMIv2 is a backward compatible update to SMIv1

•The only exception is the Counter64 type defined by SMIv2

•Counter64 cannot be created in SMIv2

•RFC 2089 defines how bilingual (SMIv1 & SMIv2) agents handle the Counter64 data type

•IETF requires that new and revised RFCs specify MIB modules using SMIv2

ASN.1ASN.1Abstract Syntax Notation One

ASN.1 is nothing more than a language definition. It is similar to C/C++ and other programming languages.

Syntax examples:-- two dashes is a comment -- The C equivalent is written in the comment

MostSevereAlarm ::= INTEGER -- typedef MostSevereAlarm int;

circuitAlarms MostSevereAlarm ::= 3 -- MostSevereAlarm circuitAlarms = 3;

MostSevereAlarm ::= INTEGER (1..5) -- specify a valid range

ErrorCounts ::= SEQUENCE {

circuitID OCTET STRING,

erroredSeconds INTEGER,

unavailableSeconds INTEGER

} -- data structures are defined using the SEQUENCE keyword

BERBERBasic Encoding Rules

The relationship between ASN.1 and BER parallels that of source code and machine code.

CCITT X.209 specifies the Basic Encoding Rules

All SNMP messages are converted / serialized from ASN.1 notation into smaller, binary data (BER)

•INTEGER -- signed 32-bit integer

•OCTET STRING

•OBJECT IDENTIFIER (OID)

•NULL -- not actually data type, but data value

•IpAddress -- OCTET STRING of size 4, in network byte order (B.E.)

•Counter -- unsigned 32-bit integer (rolls over)

•Gauge -- unsigned 32-bit integer (will top out and stay there)

•TimeTicks -- unsigned 32-bit integer (rolls over after 497 days)

•Opaque -- used to create new data types not in SNMPv1

•DateAndTime, DisplayString, MacAddress, PhysAddress, TimeInterval, TimeStamp, TruthValue, VariablePointer -- textual conventions used as types

SNMP Data TypesSNMP Data Types

Yellow items defined by ASN.1

Orange items defined

by RFC 1155

Managed “Objects” & MIBsManaged “Objects” & MIBs

Always defined and referenced within the context of a MIB

A typical MIB variable definition:

sysContact OBJECT-TYPE -- OBJECT-TYPE is a macro

SYNTAX DisplayString (SIZE (0..255))

ACCESS read-write -- or read-write, write-only, not-accessible

STATUS mandatory -- or optional, deprecated, obsolete

DESCRIPTION

“Chris Francois

[email protected]

(360)650-0000”

::= { system 4 }

Basic Message FormatBasic Message Format

Message Length

Message Version

Community String

PDU Header

PDU Body

Message Preamble

SNMP Protocol Data Unit

Message Length

Message Version

Community String

PDU Type

PDU Length

Request IDError Status

Error Index

Length of Variable Bindings

Length of First Binding

Additional Variable Bindings

OID of First BindingType of First Binding

Value of First Binding

Length of Second Binding

OID of Second BindingType of Second Binding

Value of Second Binding

Message Length

Message Version

Community String

PDU Type

PDU Length

Enterprises MIB OIDAgent IP Address

Standard Trap Type

Length of Variable Bindings

Length of First Binding

Additional Variable Bindings

OID of First BindingType of First Binding

Value of First Binding

Length of Second Binding

OID of Second BindingType of Second Binding

Value of Second Binding

Specific Trap TypeTime Stamp

PDU Body

SNMP Message Preamble

PDU Header

SNMPV1 Message Formats

Trap

Commercial SNMP ApplicationsCommercial SNMP ApplicationsHere are some of the various SNMP Management products available today:

•http://www.hp.com/go/openview/ HP OpenView

•http://www.tivoli.com/ IBM NetView

•http://www.novell.com/products/managewise/ Novell ManageWise

•http://www.sun.com/solstice/ Sun MicroSystems Solstice

•http://www.microsoft.com/smsmgmt/ Microsoft SMS Server

•http://www.compaq.com/products/servers/management/ Compaq Insight Manger

•http://www.redpt.com/ SnmpQL - ODBC Compliant

•http://www.empiretech.com/ Empire Technologies

•ftp://ftp.cinco.com/users/cinco/demo/ Cinco Networks NetXray

•http://www.netinst.com/html/snmp.html SNMP Collector (Win9X/NT)

•http://www.netinst.com/html/Observer.html Observer

•http://www.gordian.com/products_technologies/snmp.html Gordian’s SNMP Agent

•http://www.castlerock.com/ Castle Rock Computing

•http://www.adventnet.com/ Advent Network Management

•http://www.smplsft.com/ SimpleAgent, SimpleTester

SNMP & Windows NT 5.0SNMP & Windows NT 5.0

Some features of the Windows NT5 SNMP Service

•Full bilingual support for SNMPv1 and SNMPv2c

•ability to map SNMPv2c requests to SNMPv1 for processing by extension agents

•better synchronization of MIB variables

•a new extension agent framework (backward compatible with original framework, but with MS add-ons)

•code-generator for creation of extension agents

•MIB-II, LAN Manager 2, IP Forwarding MIB (RFC 1354), and Host Resources MIB (RFC 1514) extension agents included

•All MIB modules included with SNMP install

•SMS 2.0 also has a Symantec PCAnywhere type of application integrated into it, allowing “remote-but-local” management as well

SNMPSNMPRFC’sRFC’s

RFC Description Published Current Status1065 SMIv1 Aug-88 Obsoleted by 11551066 SNMPv1 MIB Aug-88 Obsoleted by 11561067 SNMPv1 Aug-88 Obsoleted by 10981098 SNMPv1 Apr-89 Obsoleted by 11571155 SMIv1 May-90 Standard1156 SNMPv1 MIB May-90 Historic1157 SNMPv1 May-90 Standard1158 SNMPv1 MIB-II May-90 Obsoleted by 12131212 SNMPv1 MIB definitions Mar-91 Standard1213 SNMPv1 MIB-II Mar-91 Standard1215 SNMPv1 traps Mar-91 Informational1351 Secure SNMP administrative model Jul-92 Proposed Standard1352 Secure SNMP managed objects Jul-92 Proposed Standard1353 Secure SNMP security protocols Jul-92 Proposed Standard1441 Introduction to SNMPv2 Apr-93 Proposed Standard1442 SMIv2 Apr-93 Obsoleted by 19021443 Textual conventions for SNMPv2 Apr-93 Obsoleted by 19031444 Conformance statements for SNMPv2 Apr-93 Obsoleted by 19041445 SNMPv2 administrative model Apr-93 Historic1446 SNMPv2 security protocols Apr-93 Historic1447 SNMPv2 party MIB Apr-93 Historic1448 SNMPv2 protocol operations Apr-93 Obsoleted by 19051449 SNMPv2 transport mapping Apr-93 Obsoleted by 19061450 SNMPv2 MIB Apr-93 Obsoleted by 19071451 Manger-to-manger MIB Apr-93 Historic1452 Coexistence of SNMPv1 and SNMPv2 Apr-93 Obsoleted by 19081901 Community-Based SNMPv2 Jan-96 Experimental1902 SMIv2 Jan-96 Draft Standard1903 Textual conventions for SNMPv2 Jan-96 Draft Standard1904 Conformance statements for SNMPv2 Jan-96 Draft Standard1905 Protocol operations for SNMPv2 Jan-96 Draft Standard1906 Transport mapping for SNMPv2 Jan-96 Draft Standard1907 SNMPv2 MIB Jan-96 Draft Standard1908 Coexistence of SNMPv1 and SNMPv2 Jan-96 Draft Standard1909 Administrative infrastructure for SNMPv2 Feb-96 Experimental1910 User-based security for SNMPv2 Feb-96 Experimental

الثا الثا المحاضرة ةةلثلثالمحاضرة

33المحاضرة المحاضرة






البنيةالبنية–األساسية – والوظائف اإلدارة األساسية نموذج والوظائف اإلدارة نموذج

البرتوكول – رزمة وتفاصيل البرتوكول محددات رزمة وتفاصيل محدداتالبيانات – قاعدة البيانات بنية قاعدة MIBMIBبنية


البرتوكول البرتوكول أهداف SNMP GOALSSNMP GOALSأهداف

UBIQUITYUBIQUITY• • PCs AND CRAYsPCs AND CRAYs

INCLUSION OF MANAGEMENTINCLUSION OF MANAGEMENTSHOULD BE INEXPENSIVESHOULD BE INEXPENSIVE• • SMALL CODESMALL CODE• • LIMITED FUNCTIONALITYLIMITED FUNCTIONALITY

MANAGEMENT EXTENSIONSMANAGEMENT EXTENSIONS SHOULD BE SHOULD BE POSSIBLEPOSSIBLE• • NEW MIBsNEW MIBs

MANAGEMENT SHOULD BE ROBUSTMANAGEMENT SHOULD BE ROBUST• • CONNECTIONLESS TRANSPORTCONNECTIONLESS TRANSPORT


MANAGER

AGENTS

SNMP

MIB


MANAGER

AGENTS

TRAPS

POLLING

MIB


MANAGER

AGENTS

GET / SET

TRAP

MIB


MANAGER

AGENTS

TABLES

VARIABLES

SNMP STRUCTURESNMP STRUCTUREMANAGER AGENT

CONNECTIONLESS TRANSPORT SERVICE PROVIDER

SNMP PDUs

UDP

Management ApplicationMIB

STANDARDSSTANDARDS

SMISMI• • STRUCTURE OF MANAGEMENT INFORMATIONSTRUCTURE OF MANAGEMENT INFORMATION

• • RFC 1155RFC 1155

MIB-IIMIB-II• • MANAGEMENT INFORMATION BASEMANAGEMENT INFORMATION BASE

• • RFC 1213RFC 1213

• • A LARGE NUMBER OF ADDITIONAL MIBs EXISTA LARGE NUMBER OF ADDITIONAL MIBs EXIST

SNMPSNMP• • SIMPLE NETWORK MANAGEMENT PROTOCOLSIMPLE NETWORK MANAGEMENT PROTOCOL

• • RFC 1157RFC 1157

• • NAME IS USED IN A MORE GENERAL SENSENAME IS USED IN A MORE GENERAL SENSE

NEWER VERSIONS: SNMPv2 & SNMPv3NEWER VERSIONS: SNMPv2 & SNMPv3

SNMPSNMP

Simple Network Management Protocol (SNMP) is a network management Simple Network Management Protocol (SNMP) is a network management specification developed by the Internet Engineering Task Force (IETF),specification developed by the Internet Engineering Task Force (IETF),1 a a subsidiary group of the Internet Activities Board (IAB),subsidiary group of the Internet Activities Board (IAB),2 in the mid 1980s in the mid 1980s to provide standard, simplified, and extensible management of LAN-to provide standard, simplified, and extensible management of LAN-based internetworking products such as bridges, routers, and wiring based internetworking products such as bridges, routers, and wiring concentrators concentrators

SNMP was designed to reduce the complexity of network management SNMP was designed to reduce the complexity of network management and minimize the amount of resources required to support it. and minimize the amount of resources required to support it.

SNMP provides for centralized, robust, interoperable network SNMP provides for centralized, robust, interoperable network management, along with the flexibility to allow for the management of management, along with the flexibility to allow for the management of vendor-specific information.vendor-specific information.

SNMPSNMP

SNMP is a communication specification that defines how SNMP is a communication specification that defines how management information is exchanged between network management information is exchanged between network management applications and management agents. There are management applications and management agents. There are several versions of SNMP, two of the most common are SNMPv1 several versions of SNMP, two of the most common are SNMPv1 and SNMPv2.. and SNMPv2..

SNMPv1 is a simple message based SNMPv1 is a simple message based request/responserequest/response application-layerapplication-layer protocol which typically uses the User Datagram protocol which typically uses the User Datagram Protocol (UDP) for data delivery. The SNMPv1 network Protocol (UDP) for data delivery. The SNMPv1 network management architecture containsmanagement architecture contains

SNMPSNMP

Network Management Station (NMS) - Workstation that hosts the network Network Management Station (NMS) - Workstation that hosts the network management application. management application.

SNMPv1 network management application - Polls management agents SNMPv1 network management application - Polls management agents for information and provides control information to agents. for information and provides control information to agents.

Management Information Base (MIB) - Defines the information that can Management Information Base (MIB) - Defines the information that can be collected and controlled by the management application. SNMPv1 be collected and controlled by the management application. SNMPv1 management agent(s) - Provides information contained in the management agent(s) - Provides information contained in the

MIB to management applications and may accept control informationMIB to management applications and may accept control information

SNMP OperationsSNMP Operations Attributes of managed objects may be monitored or set by the network Attributes of managed objects may be monitored or set by the network

management application using the following operations: management application using the following operations:

GET_NEXT_REQUESTGET_NEXT_REQUEST - Requests the next object instance - Requests the next object instance from a table or list from an agent from a table or list from an agent

GET_RESPONSEGET_RESPONSE - Returned answer to - Returned answer to get_next_requestget_next_request, , get_requestget_request, or , or set_requestset_request

GET_REQUESTGET_REQUEST - Requests the value of an object instance - Requests the value of an object instance from the agent from the agent

SET_REQUESTSET_REQUEST - Set the value of an object instance within an - Set the value of an object instance within an agent agent

TRAP TRAP - Send trap (event) asynchronously to - Send trap (event) asynchronously to network network management application.management application. Agents can send a trap when a Agents can send a trap when a condition has occurred, such as change in state of a device, condition has occurred, such as change in state of a device, device failure or agent initialization/restart. device failure or agent initialization/restart.

The Structure of PDUsThe Structure of PDUs

The PDU FieldsThe PDU Fields

The The version numberversion number (an INTEGER type) assures that both manager and (an INTEGER type) assures that both manager and agent are using the same version of the SNMP protocol. agent are using the same version of the SNMP protocol.

– Messages between manager and agent containing different version Messages between manager and agent containing different version numbers are discarded without further processing. numbers are discarded without further processing.

The The community namecommunity name (an OCTET STRING type) authenticates the (an OCTET STRING type) authenticates the manager before allowing access to the agent. The community name, manager before allowing access to the agent. The community name, along with the manager’s IP address, is stored in the agent’s community along with the manager’s IP address, is stored in the agent’s community profile.profile.

– If there’s a difference between the manager and agent values for the If there’s a difference between the manager and agent values for the community name, the agent will send an authentication failure trap community name, the agent will send an authentication failure trap message to the manager. If both the version number and community message to the manager. If both the version number and community name from the manager match the ones stored in the agent, the name from the manager match the ones stored in the agent, the SNMP PDU begins processingSNMP PDU begins processing

Get, Set, and Response PDU FormatsGet, Set, and Response PDU Formats

The first field, The first field, PDU TypePDU Type, specifies the type of PDU the message , specifies the type of PDU the message contains: contains:

PDUPDU PDU Type Field ValuePDU Type Field Value

GetRequest GetRequest 0 0

GetNextRequest GetNextRequest 1 1

GetResponse GetResponse 2 2

SetRequest SetRequest 3 3

Trap Trap 4 4

The The Request IDRequest ID field is an INTEGER type that correlates the manager’s field is an INTEGER type that correlates the manager’s request to the agent’s response. request to the agent’s response.

Get, Set, and Response PDU FormatsGet, Set, and Response PDU Formats The The Error StatusError Status field is an enumerated INTEGER type that indicates normal field is an enumerated INTEGER type that indicates normal

operation (noError) or one of five error conditions. The possible values are:operation (noError) or one of five error conditions. The possible values are:

Error Error Value Value MeaningMeaning

noError noError 0 0 Proper manager/agent operation. Proper manager/agent operation.

TooBig TooBig 1 1 The size of the required GetResponse PDU exceeds a The size of the required GetResponse PDU exceeds a local local limitation. limitation.

noSuchName noSuchName 2 2 The requested object name did not match the names The requested object name did not match the names available in the relevant MIB View. available in the relevant MIB View.

badValue badValue 3 3 A SetRequest contained an inconsistent type, length, and A SetRequest contained an inconsistent type, length, and value for the variable. value for the variable.

readOnly readOnly 4 4 Not defined in RFC 1157. (Historical footnote: this error is Not defined in RFC 1157. (Historical footnote: this error is listed, but the description of the SetRequest PDU listed, but the description of the SetRequest PDU

processing does not describe how this error processing does not describe how this error is generated. is generated. The standard interpretation is that this error The standard interpretation is that this error should not should not be be generated, although some vendor’s agents generated, although some vendor’s agents nevertheless do.) genErr nevertheless do.) genErr 5 5 Other errors, not explicitly defined, have Other errors, not explicitly defined, have occurred. occurred.

Get, Set, and Response PDU FormatsGet, Set, and Response PDU Formats

When an error occurs, the When an error occurs, the Error Index fieldError Index field identifies the entry identifies the entry within the variable bindings list that caused the error. For within the variable bindings list that caused the error. For example, if a readOnly error occurred, it would return an Error example, if a readOnly error occurred, it would return an Error Index = 4Index = 4

Variable BindingVariable Binding (VarBind) pairs a variable name with its value. (VarBind) pairs a variable name with its value.

A A VarBindList VarBindList is a list of such pairings. is a list of such pairings.

– within the Variable Bindings fields of the SNMP PDUs, the within the Variable Bindings fields of the SNMP PDUs, the word Object identifies the variable name (OID encoding of word Object identifies the variable name (OID encoding of object type plus the instance) for which a value is being object type plus the instance) for which a value is being communicated.communicated.

GetRequest or GetNextRequest PDUs use a value of NULL, GetRequest or GetNextRequest PDUs use a value of NULL, which is a special ASN.1 data type.which is a special ASN.1 data type.

Using the GetRequest PDUUsing the GetRequest PDU The manager uses the GetRequest PDU to retrieve the value of The manager uses the GetRequest PDU to retrieve the value of

one or more object(s) from an agent. one or more object(s) from an agent.

– In most cases, these are scalar, not columnar, objects. In most cases, these are scalar, not columnar, objects.

To generate the GetRequest PDU, the manager assigns PDU To generate the GetRequest PDU, the manager assigns PDU Type = 0, specifies a locally defined Request ID, and sets both Type = 0, specifies a locally defined Request ID, and sets both the ErrorStatus and ErrorIndex to 0. A VarBindList, containing the ErrorStatus and ErrorIndex to 0. A VarBindList, containing the requested variables and corresponding NULL (placeholder) the requested variables and corresponding NULL (placeholder) values, completes the PDU.values, completes the PDU.

Under error-free conditions, the agent generates a Under error-free conditions, the agent generates a GetResponse PDU, which is assigned PDU Type = 2, the same GetResponse PDU, which is assigned PDU Type = 2, the same value of Request ID, Error Status = noError, and Error Index = 0. value of Request ID, Error Status = noError, and Error Index = 0. The Variable Bindings now contain the values associated with The Variable Bindings now contain the values associated with each of the variables noted in the GetRequest PDU each of the variables noted in the GetRequest PDU

Recall that the term variable refers to an instance of a managed Recall that the term variable refers to an instance of a managed object. object.

..… ..…Using the GetRequest PDUUsing the GetRequest PDU

Four error conditions are possible:Four error conditions are possible:

– •• If a variable in the Variable Bindings field does not exactly If a variable in the Variable Bindings field does not exactly match an available object, the agent returns a GetResponse PDU match an available object, the agent returns a GetResponse PDU with Error with Error Status = noSuchNameStatus = noSuchName, and with the Error Index , and with the Error Index indicating the index of the variable in question. indicating the index of the variable in question.

– •• If a variable is an aggregate type, such as a row object, the If a variable is an aggregate type, such as a row object, the agent returns a GetResponse PDU with agent returns a GetResponse PDU with Error Status = Error Status = noSuchNamenoSuchName, and with the Error Index indicating the index of the , and with the Error Index indicating the index of the variable in question. variable in question.

– •• If the size of the appropriate GetResponse PDU would exceed a If the size of the appropriate GetResponse PDU would exceed a local limitation, then the agent returns a GetResponse PDU of local limitation, then the agent returns a GetResponse PDU of identical form, with identical form, with Error Status = tooBigError Status = tooBig, and Error Index = 0. , and Error Index = 0.

– •• If the value of a requested variable cannot be retrieved for any If the value of a requested variable cannot be retrieved for any other reason, then the agent returns a GetResponse PDU with other reason, then the agent returns a GetResponse PDU with Error Status = genErr, and the Error Index indicating the index of Error Status = genErr, and the Error Index indicating the index of the variable in question. the variable in question.

Using the GetNextRequest PDUUsing the GetNextRequest PDU

The manager uses the GetNextRequest PDU to retrieve one or more The manager uses the GetNextRequest PDU to retrieve one or more objects and their values from an agent. In most cases, these multiple objects and their values from an agent. In most cases, these multiple objects will reside within a table. to generate the GetNextRequest objects will reside within a table. to generate the GetNextRequest PDU the manager assigns PDU Type = 1, specifies a locally defined PDU the manager assigns PDU Type = 1, specifies a locally defined Request ID, and sets both the ErrorStatus and the ErrorIndex to 0. Request ID, and sets both the ErrorStatus and the ErrorIndex to 0.

A VarBindList, containing the OIDs and corresponding NULL A VarBindList, containing the OIDs and corresponding NULL (placeholder) values, completes the PDU. These OIDs can be any OID (placeholder) values, completes the PDU. These OIDs can be any OID (which may be a variable) that immediately precedes the variable and (which may be a variable) that immediately precedes the variable and value returned. Under error-free conditions, the agent generates a value returned. Under error-free conditions, the agent generates a GetResponse PDU, which is assigned PDU Type = 2, the same value GetResponse PDU, which is assigned PDU Type = 2, the same value of Request ID, Error Status = noError, and Error Index = 0. The of Request ID, Error Status = noError, and Error Index = 0. The Variable Bindings contain the name and value associated with the Variable Bindings contain the name and value associated with the lexicographical successor of each of the OIDs noted in the lexicographical successor of each of the OIDs noted in the GetNextRequest PDU. GetNextRequest PDU.

... Using the GetNextRequest ... Using the GetNextRequest PDUPDU

Three error conditions are possible:Three error conditions are possible:

– •• If a variable in the Variable Bindings field does not If a variable in the Variable Bindings field does not lexicographically precede the name of an object that may be lexicographically precede the name of an object that may be retrieved (that is, an object available for Get operations and retrieved (that is, an object available for Get operations and within the relevant MIB View), the agent returns a within the relevant MIB View), the agent returns a GetResponse PDU with Error Status = GetResponse PDU with Error Status = noSuchNamenoSuchName, and with , and with the Error Index indicating the index of the variable in the Error Index indicating the index of the variable in question. This condition is called “running off the end of the question. This condition is called “running off the end of the MIB View.” MIB View.”

– •• If the size of the appropriate GetResponse PDU exceeds a If the size of the appropriate GetResponse PDU exceeds a local limitation, the agent returns a GetResponse PDU of local limitation, the agent returns a GetResponse PDU of identical form, with Error Status = identical form, with Error Status = tooBigtooBig and Error Index = 0. and Error Index = 0.

– •• If the value of the lexicographical successor to a requested If the value of the lexicographical successor to a requested variable in the Variable Bindings field cannot be retrieved for variable in the Variable Bindings field cannot be retrieved for any other reason, the agent returns a GetResponse PDU, with any other reason, the agent returns a GetResponse PDU, with Error Status = Error Status = genErrgenErr, and the Error Index indicating the index , and the Error Index indicating the index of the variable in questionof the variable in question

Using the SetRequest PDUUsing the SetRequest PDU

The manager uses the SetRequest PDU to assign a value to The manager uses the SetRequest PDU to assign a value to an object residing in the agent. an object residing in the agent.

To generate that PDU the manager assigns PDU Type = 3, To generate that PDU the manager assigns PDU Type = 3, specifies a locally defined Request ID, and sets both the specifies a locally defined Request ID, and sets both the ErrorStatus and ErrorIndex to 0. A VarBindList, containing ErrorStatus and ErrorIndex to 0. A VarBindList, containing the specified variables and their corresponding values, the specified variables and their corresponding values, completes the PDU. When the agent receives the SetRequest completes the PDU. When the agent receives the SetRequest PDU, it alters the values of the named objects to the values in PDU, it alters the values of the named objects to the values in the variable binding. Under error-free conditions, the agent the variable binding. Under error-free conditions, the agent generates a GetResponse PDU of identical form, except that generates a GetResponse PDU of identical form, except that the assigned PDU Type = 2, Error Status = noError, and Error the assigned PDU Type = 2, Error Status = noError, and Error Index = 0Index = 0

Using the SetRequest PDUUsing the SetRequest PDU Four error conditions are possible:Four error conditions are possible:

– If a variable in the Variable Bindings field is not available for Set If a variable in the Variable Bindings field is not available for Set operations within the relevant MIB View, the agent returns a operations within the relevant MIB View, the agent returns a GetResponse PDU of identical form, with GetResponse PDU of identical form, with Error Status = noSuchNameError Status = noSuchName, , and with the Error Index indicating the index of the object name in and with the Error Index indicating the index of the object name in question. (Historical note: Some agent implementations return Error question. (Historical note: Some agent implementations return Error Status = readOnly if the object exists, but Access = read-only for that Status = readOnly if the object exists, but Access = read-only for that variable.) variable.)

– If the value of a variable named in the Variable Bindings field does not If the value of a variable named in the Variable Bindings field does not conform to the ASN.1 Type, Length, and Value required, the agent returns conform to the ASN.1 Type, Length, and Value required, the agent returns a GetResponse PDU of identical form, with a GetResponse PDU of identical form, with Error Status = badValueError Status = badValue and and the Error Index indicating the index of the variable in question. the Error Index indicating the index of the variable in question.

– If the size of the appropriate GetResponse PDU exceeds a local limitation, If the size of the appropriate GetResponse PDU exceeds a local limitation, the agent returns a GetResponse PDU of identical form, with the agent returns a GetResponse PDU of identical form, with Error Status Error Status = tooBig, and Error Index = 0. = tooBig, and Error Index = 0.

– If the value of a variable cannot be altered for any other reason, the agent If the value of a variable cannot be altered for any other reason, the agent returns a GetResponse PDU of identical form, with returns a GetResponse PDU of identical form, with Error Status = genErrError Status = genErr and the Error Index indicating the index of the variable in question. and the Error Index indicating the index of the variable in question.

The Trap PDU FormatThe Trap PDU Format

The Trap PDU has a format distinct from the four other SNMP PDUsThe Trap PDU has a format distinct from the four other SNMP PDUs

The first field indicates the Trap PDU and contains PDU Type = 4. The first field indicates the Trap PDU and contains PDU Type = 4.

The Enterprise field identifies the management enterprise under The Enterprise field identifies the management enterprise under whose registration authority the trap was defined. For example, the whose registration authority the trap was defined. For example, the OID prefix {1.3.6.1.4.1.110} would identify Network General Corp. as OID prefix {1.3.6.1.4.1.110} would identify Network General Corp. as the Enterprise sending a trap.the Enterprise sending a trap.

The Agent Address field, which contains the IP address of the The Agent Address field, which contains the IP address of the agent, provides further identification. If a non-IP transport protocol agent, provides further identification. If a non-IP transport protocol is used, the value 0.0.0.0 is returned. is used, the value 0.0.0.0 is returned.

The Trap PDU FormatThe Trap PDU Format There are seven defined values (enumerated INTEGER types) for this field:There are seven defined values (enumerated INTEGER types) for this field:

Trap Trap Value Value MeaningMeaning

coldStart coldStart 0 0 The sending protocol entity (higher-layer The sending protocol entity (higher-layer network management) has reinitialized, network management) has reinitialized, indicating that the agent’s configuration or indicating that the agent’s configuration or

entity implementation may be altered. entity implementation may be altered.

warmStart warmStart 1 1 The sending protocol has reinitialized, but The sending protocol has reinitialized, but neither the agent’s configuration nor the neither the agent’s configuration nor the protocol entity implementation has been protocol entity implementation has been

altered. altered.

linkDown linkDown 2 2 A communication link has failed. The affected A communication link has failed. The affected interface is identified as the first element within interface is identified as the first element within the Variable Bindings field: name and value of the Variable Bindings field: name and value of

the the ifIndexifIndex instance. instance.

linkUp linkUp 3 3 A communication link has come up. The A communication link has come up. The affected interface is identified as the first affected interface is identified as the first element within the Variable Bindings field: name element within the Variable Bindings field: name

and value of the and value of the ifIndexifIndex instance. instance.

authenticationFailure 4 authenticationFailure 4 The agent has received an improperly authenticated SNMP message The agent has received an improperly authenticated SNMP message from the manager; that is, the community name was incorrect. from the manager; that is, the community name was incorrect.

egpNeighborLoss egpNeighborLoss 5 5 An EGP peer neighbor is down. An EGP peer neighbor is down.

enterpriseSpecific enterpriseSpecific 6 6 A nongeneric trap has occurred, which is further identified A nongeneric trap has occurred, which is further identified by the Specific Trap Type field and Enterprise field. by the Specific Trap Type field and Enterprise field.

Two additional fields complete the Trap PDU. The Timestamp field contains the value of the sysUpTime object, representing the Two additional fields complete the Trap PDU. The Timestamp field contains the value of the sysUpTime object, representing the amount of time elapsed between the last (re-)initialization of the agent and the generation of that Trap. The last field contains amount of time elapsed between the last (re-)initialization of the agent and the generation of that Trap. The last field contains the Variable Bindingsthe Variable Bindings

The Trap PDU FormatThe Trap PDU Format There are seven defined values (enumerated INTEGER types) for this field:There are seven defined values (enumerated INTEGER types) for this field:

Trap Trap Value Value MeaningMeaning . .

authenticationFailureauthenticationFailure 4 4 The agent has received an improperly The agent has received an improperly authenticated SNMP message from authenticated SNMP message from the manager; that is, the community the manager; that is, the community name was incorrect. name was incorrect.

egpNeighborLoss egpNeighborLoss 5 5 An EGP peer neighbor is down. An EGP peer neighbor is down.

enterpriseSpecific enterpriseSpecific 6 6 A nongeneric trap has occurred, A nongeneric trap has occurred, which is further identified by the Swhich is further identified by the Specific Trap Type field and Enterprise field. pecific Trap Type field and Enterprise field.

Two additional fields complete the Trap PDU. The Two additional fields complete the Trap PDU. The TimestampTimestamp field contains the value of the sysUpTime object, field contains the value of the sysUpTime object, representing the amount of time elapsed between the last (re-)initialization of the agent and the representing the amount of time elapsed between the last (re-)initialization of the agent and the generation of that Trap. generation of that Trap.

The last field contains the The last field contains the Variable BindingsVariable Bindings

Using the Trap PDUUsing the Trap PDU

The agent uses the Trap PDU to alert the manager that a predefined The agent uses the Trap PDU to alert the manager that a predefined event has occurred. To generate the Trap PDU, the agent assigns PDU event has occurred. To generate the Trap PDU, the agent assigns PDU Type = 4 and fills in the Enterprise, Agent Address, Generic Trap, Type = 4 and fills in the Enterprise, Agent Address, Generic Trap, Specific Trap Type, and Timestamp fields, as well as the Variable Specific Trap Type, and Timestamp fields, as well as the Variable Bindings list. Bindings list.

55و و 44المحاضرة المحاضرة


55و و 44المحاضرة المحاضرة




البنيةالبنية–األساسية – والوظائف اإلدارة األساسية نموذج والوظائف اإلدارة نموذجالبرتوكول – رزمة وتفاصيل البرتوكول محددات رزمة وتفاصيل محدداتالبيانات – قاعدة البيانات بنية قاعدة MIBMIBبنية–ASN.1ASN.1


The Structure of Management The Structure of Management Information (SMI) Information (SMI)

المعلومات إدارة المعلومات بنية إدارة بنية

– In the manager/agent paradigm for network In the manager/agent paradigm for network management, managed network objects must management, managed network objects must be physically and logically accessible. be physically and logically accessible.

• physically accessiblephysically accessible means that some means that some entity must physically check the address, entity must physically check the address, count the packets, or otherwise quantify the count the packets, or otherwise quantify the network management information. network management information.

• Logical accessibilityLogical accessibility means that means that management information must be stored management information must be stored somewhere and, therefore, that the somewhere and, therefore, that the information must be retrievable and information must be retrievable and modifiable. (SNMP actually performs the modifiable. (SNMP actually performs the retrieval and modification.retrieval and modification.

SMISMI The SMI (RFC 1155) organizes, names, and The SMI (RFC 1155) organizes, names, and

describes information so that logical access can describes information so that logical access can occur.occur.

– In SMI each managed object must have a name, a syntax, and In SMI each managed object must have a name, a syntax, and an encoding. an encoding.

• The The namename,, an object identifier (OID), uniquely identifies the an object identifier (OID), uniquely identifies the object. object.

• The The syntaxsyntax defines the data type, such as an integer or a defines the data type, such as an integer or a string of octets. string of octets.

• TheThe encodingencoding describes how the information associated describes how the information associated with the managed objects is serialized for transmission with the managed objects is serialized for transmission between machinesbetween machines

We will Study:We will Study:– The syntax (the Abstract Syntax Notation One, ASN.1)The syntax (the Abstract Syntax Notation One, ASN.1)

– The encoding (the Basic Encoding Rules,(RER), The encoding (the Basic Encoding Rules,(RER),

– And finally the names (the object identifier).And finally the names (the object identifier).

– How the MIBs use these names.->moves from the abstract to How the MIBs use these names.->moves from the abstract to the practical. the practical.

SMISMI

• ASN.1 defines ASN.1 defines datadata as a pattern of bits in computer as a pattern of bits in computer memory, just as any high-level computer memory, just as any high-level computer programming language defines data as programming language defines data as variablesvariables. .

• The BER define a standard way to convert ASN.1 The BER define a standard way to convert ASN.1 definitions into bit patterns for transmission, and then definitions into bit patterns for transmission, and then they actually transfer the data between computers.they actually transfer the data between computers.

• The BER representation, however, is always the The BER representation, however, is always the same for any ASN.1 description, regardless of the same for any ASN.1 description, regardless of the computers that send or receive that information. This computers that send or receive that information. This assures communication between machines, assures communication between machines, regardless of their internal architectureregardless of their internal architecture

SMISMI

ASN.1 ElementsASN.1 Elements

ASN.1 uses some unique terms to define ASN.1 uses some unique terms to define its procedures, including:its procedures, including:

– type definitions, type definitions,

– value assignments, value assignments,

– macro definitions and evocations,macro definitions and evocations,

– module definitions. You need to understandmodule definitions. You need to understand

– ASN.1 specifies some words as keywords, or reserved ASN.1 specifies some words as keywords, or reserved character sequences. Keywords, such as character sequences. Keywords, such as INTEGER, INTEGER, OBJECT, and NULLOBJECT, and NULL, have special meanings and appear , have special meanings and appear in uppercase letters.in uppercase letters.

SMI TypesSMI Types• A A typetype is a class of data. It defines the data structure is a class of data. It defines the data structure

that the machine needs in order to understand and that the machine needs in order to understand and process information. process information.

• The SMI defines three types: The SMI defines three types: Primitive, Constructor, Primitive, Constructor, andand Defined. Defined.

– ASN.1 defines several ASN.1 defines several Primitive typesPrimitive types (also known as Simple (also known as Simple types), including INTEGER, OCTET STRING, OBJECT IDENTIFIER, types), including INTEGER, OCTET STRING, OBJECT IDENTIFIER, and NULL. and NULL.

– Types begin with an uppercase letter. Types begin with an uppercase letter.

• Constructor Constructor typestypes (also known as Aggregate types) (also known as Aggregate types) generate lists and tables.generate lists and tables.

• Defined Defined typestypes are alternate names for either simple are alternate names for either simple or complex ASN.1 types and are usually more or complex ASN.1 types and are usually more descriptive. descriptive.

The The valuevalue quantifies the type. the value provides a quantifies the type. the value provides a specific instance for that type. For example, a specific instance for that type. For example, a value could be an entry in a routing table. value could be an entry in a routing table.

– values begin with lowercase letters.values begin with lowercase letters.

– Some applications allow only a subset of the possible type Some applications allow only a subset of the possible type values. A subtype specification indicates such a constraint. values. A subtype specification indicates such a constraint. The subtype specification appears after the type and shows the The subtype specification appears after the type and shows the permissible value or values, called the permissible value or values, called the subtype valuessubtype values, in , in parentheses. For example, if an application uses an INTEGER parentheses. For example, if an application uses an INTEGER type and the permissible values must fit within an 8-bit field, type and the permissible values must fit within an 8-bit field, the possible range of values must be between 0 and 255. You the possible range of values must be between 0 and 255. You would express this as:would express this as:

– INTEGER (0..255)INTEGER (0..255)

SMI ValueSMI Value

macro reference (or macro name) appears entirely in uppercase letters.

For example, MIB definitions make extensive use of the ASN.1 macro, OBJECT-TYPE.The first object in MIB-II is a system description (sysDescr). RFC 1213 uses the OBJECT-TYPE macro to define sysDescr, as follows: sysDescr OBJECT-TYPE

SYNTAX DisplayString (SIZE (0..255)) ACCESS read-only STATUS mandatory DESCRIPTION “A textual description of the entity. This value should include the full name and version identification of the system’s hardware type, software operating-system, and networking software. This must contain only printable ASCII characters.” ::= { system 1 }

SMI MacroSMI Macro

In ASN.1 collection of descriptions into convenient groups, called In ASN.1 collection of descriptions into convenient groups, called modulesmodules. . – The module starts with a The module starts with a module namemodule name, such as , such as RMON-MIB.RMON-MIB. Module names must begin with an Module names must begin with an

uppercase letter. Theuppercase letter. The BEGIN BEGIN and and END END statements enclose the body of the module. statements enclose the body of the module.

– The body may contain The body may contain IMPORTSIMPORTS, which are the names of types, values, and macros, and the , which are the names of types, values, and macros, and the modules in which they are declaredmodules in which they are declared..

ExampleExample

RMON-MIB DEFINITIONS ::= BEGINRMON-MIB DEFINITIONS ::= BEGIN IMPORTSIMPORTS Counter FROM RFC1155-SMICounter FROM RFC1155-SMI DisplayString FROM RFC1158-MIBDisplayString FROM RFC1158-MIB mib-2 FROM RFC1213-MIBmib-2 FROM RFC1213-MIB OBJECT-TYPE FROM RFC-1212OBJECT-TYPE FROM RFC-1212 TRAP-TYPE FROM RFC-1215;TRAP-TYPE FROM RFC-1215; -- Remote Network Monitoring MIB-- Remote Network Monitoring MIB rmon OBJECT IDENTIFIER ::= { mib-2 16 }rmon OBJECT IDENTIFIER ::= { mib-2 16 }

-- textual conventions-- textual conventions

ENDEND

SMI ModulesSMI Modules

Summary of ASN.1 conventionsSummary of ASN.1 conventions

In summary, ASN.1 makes distinctions between uppercase In summary, ASN.1 makes distinctions between uppercase and lowercase letters, as follows: and lowercase letters, as follows:

ItemItem ConventionConvention

Types Types Initial uppercase letter Initial uppercase letter

Values Values Initial lowercase letter Initial lowercase letter

Macros Macros All uppercase letters All uppercase letters

Modules Modules Initial uppercase letter Initial uppercase letter

ASN.1 keywords ASN.1 keywords All uppercase letters All uppercase letters

The ASN.1 keywords that are frequently used within SNMP are The ASN.1 keywords that are frequently used within SNMP are BEGIN, BEGIN, CHOICE, DEFINED, DEFINITIONS, END, EXPORTS, IDENTIFIER, CHOICE, DEFINED, DEFINITIONS, END, EXPORTS, IDENTIFIER, IMPORTS, INTEGER, NULL, OBJECT, OCTET, OF, SEQUENCE, and IMPORTS, INTEGER, NULL, OBJECT, OCTET, OF, SEQUENCE, and STRINGSTRING


ItemItem NameName

-- Signed number Signed number

---- Comment Comment

::= ::= Assignment (defined as) Assignment (defined as)

| | Alternation (options of a list) Alternation (options of a list)

{ }{ } Starts and ends a list Starts and ends a list

[ ][ ] Starts and ends a tag Starts and ends a tag

( )( ) Starts and ends a subtype expression Starts and ends a subtype expression

.. .. Indicates a range Indicates a range


MIBsMIBsMANAGEMENT INFORMATION BASESMANAGEMENT INFORMATION BASES

CONTAIN THE MANAGED OBJECTS (VARIABLES)CONTAIN THE MANAGED OBJECTS (VARIABLES)

THAT REPRESENT THE RESOURCES OF A SYSTEMTHAT REPRESENT THE RESOURCES OF A SYSTEM

AND WHICH MAY BE MONITORED AND MODIFIED BY A (REMOTE) MANAGERAND WHICH MAY BE MONITORED AND MODIFIED BY A (REMOTE) MANAGER

TO CONTROL THE BEHAVIOUR OF THAT SYSTEMTO CONTROL THE BEHAVIOUR OF THAT SYSTEM

MIB

MANAGER AGENT

SNMP

MIB DEFINITION AND MIB MIB DEFINITION AND MIB INSTANCEINSTANCE

MIB DEFINITIONS SHOULD BE KNOWN BY:MIB DEFINITIONS SHOULD BE KNOWN BY:

• • THE IMPLEMENTORS OF THE MANAGED SYSTEMTHE IMPLEMENTORS OF THE MANAGED SYSTEM

• • THE MANAGERTHE MANAGER

THE MIB IS INSTANTIATED WITHIN THE MANAGED THE MIB IS INSTANTIATED WITHIN THE MANAGED SYSTEMSYSTEM

MODULARITYMODULARITYTHE MANAGED OBJECTS OF A SYSTEMTHE MANAGED OBJECTS OF A SYSTEM

ARE USUALLY DEFINED IN MULTIPLE MIB DEFINITIONSARE USUALLY DEFINED IN MULTIPLE MIB DEFINITIONS

MODULESMODULES

• • DIFFERENT MODULES CAN BE DEFINED BY DIFFERENT TEAMSDIFFERENT MODULES CAN BE DEFINED BY DIFFERENT TEAMS

• • MANAGEMENT FUNCTIONALITY CAN GRADUALLY BE EXTENDEDMANAGEMENT FUNCTIONALITY CAN GRADUALLY BE EXTENDED

• • DIFFERENT TYPES OF SYSTEMSDIFFERENT TYPES OF SYSTEMS

CAN SUPPORT DIFFERENT MIB MODULESCAN SUPPORT DIFFERENT MIB MODULES

• • VENDORS CAN EXTEND THE MANAGEMENT FUNCTIONALITYVENDORS CAN EXTEND THE MANAGEMENT FUNCTIONALITY

VIA PROPRIETARY MIBSVIA PROPRIETARY MIBS

HARDWARE MIBSHARDWARE MIBSHOST RESOURCES MIB

MODEM MIB

PRINTER MIB

PROTOCOL MIBSPROTOCOL MIBSAPPLICATION

MA

IL

DN

S

X.5

00

WW

W

RD

BM

S

...

SN

MP

UDPTCP

IPICMP

ARP

...

OSPF

BGP

EGP

802.

5

FD

DI

AT

M

802.

3

AD

SL

...

SO

NE

T

TRANSPORT

NETWORK

TRANSMISSION INTERFACES

PROTOCOL MIBS - EXAMPLE: PROTOCOL MIBS - EXAMPLE: MIB-IIMIB-II

APPLICATION

MA

IL

DN

S

X.5

00

WW

W

RD

BM

S

...

SN

MP

UDPTCP

IPICMP

ARP

...

OSPF

BGP

EGP

802.

5

FD

DI

AT

M

802.

3

AD

SL

...

SO

NE

T

TRANSPORT

NETWORK

TRANSMISSION INTERFACES

LIST OF MIBSLIST OF MIBS

FOR THE MOST RECENT LIST, SEEFOR THE MOST RECENT LIST, SEE

http://www.simpleweb.org/ietf/rfcs/rfcbytopic.html

LEGEND:LEGEND:S = STANDARDS = STANDARD

D = DRAFT STANDARDD = DRAFT STANDARD

P = PROPOSED STANDARDP = PROPOSED STANDARD

I = INFORMATIONALI = INFORMATIONAL

E = EXPERIMENTALE = EXPERIMENTAL

http://www.simpleweb.org/ietf/rfcs/rfcbytopic.html

HARDWARE SPECIFIC MIBsHARDWARE SPECIFIC MIBs

PP16281628UPSUPS

DD16581658Character Stream DevicesCharacter Stream Devices

DD16591659RS-232-like HardwareRS-232-like Hardware

DD16601660Parallel printer-like HardwareParallel printer-like Hardware

PP16961696ModemModem

PP17591759PrinterPrinter

II27072707Job Monitoring MIBJob Monitoring MIB

PP27372737Entity MIBEntity MIB

DD27902790Host Resources MIBHost Resources MIB

STATUSSTATUSRFCRFCTitleTitle

S = STANDARDD = DRAFT STANDARDP = PROPOSED STANDARDI = INFORMATIONALE = EXPERIMENTAL

TRANSMISSIONTRANSMISSION MIBsMIBs

PP26692669Cable Device MIB for DOCSIS compliant Cable Modems Cable Device MIB for DOCSIS compliant Cable Modems and Cable Modem Termination Systemsand Cable Modem Termination Systems

PP26682668IEEE 802.3 Medium Attachment Units (MAUs)IEEE 802.3 Medium Attachment Units (MAUs)

II26662666Object Identifiers for Identifying Ethernet Chip SetsObject Identifiers for Identifying Ethernet Chip Sets

PP26702670Radio Frequency MIB for MCNS/DOCSIS compliant RF Radio Frequency MIB for MCNS/DOCSIS compliant RF interfacesinterfaces

PP26742674Bridges with Traffic Classes, Multicast Filtering and Bridges with Traffic Classes, Multicast Filtering and Virtual LAN ExtensionsVirtual LAN Extensions

PP26772677NBMA Next Hop Resolution Protocol (NHRP)NBMA Next Hop Resolution Protocol (NHRP)

PP28372837Fabric Element in Fibre Channel StandardFabric Element in Fibre Channel Standard

DD28632863Interfaces GroupInterfaces Group

PP28642864Inverted Stack Table Extension to the Interfaces GroupInverted Stack Table Extension to the Interfaces Group

PP29542954Frame Relay ServiceFrame Relay Service

PP29552955Frame Relay/ATM PVC Service Interworking FunctionFrame Relay/ATM PVC Service Interworking Function

PP30203020UNI/NNI Multilink Frame Relay functionUNI/NNI Multilink Frame Relay function


TRANSMISSIONTRANSMISSION MIBs - 2MIBs - 2

PP22662266IEEE 802.12 Repeater DevicesIEEE 802.12 Repeater Devices

PP21282128Dial ControlDial Control

PP21272127ISDNISDN

PP23202320Classical IP and ARP Over ATM (IPOA)Classical IP and ARP Over ATM (IPOA)

DD21152115Frame Relay DTEsFrame Relay DTEs

PP24942494DS0 and DS0 Bundle Interface TypeDS0 and DS0 Bundle Interface Type

PP24952495DS1, E1, DS2 and E2 Interface TypesDS1, E1, DS2 and E2 Interface Types

PP24962496DS3/E3 Interface TypeDS3/E3 Interface Type

PP25142514Textual Conventions and OBJECT-IDENTITIES for ATM Textual Conventions and OBJECT-IDENTITIES for ATM ManagementManagement

PP25152515ATM ManagementATM Management

PP25582558SONET/SDH Interface TypeSONET/SDH Interface Type

PP26622662ADSL LinesADSL Lines

PP26652665Ethernet-like Interface TypesEthernet-like Interface Types


TRANSMISSIONTRANSMISSION MIBs - 3MIBs - 3

PP14741474Bridge Network Control Protocol of PPPBridge Network Control Protocol of PPP

PP14731473IP Network Control Protocol of PPPIP Network Control Protocol of PPP

PP14721472Security Protocols of PPPSecurity Protocols of PPP

DD14931493BridgesBridges

PP14711471Link Control Protocol of PPPLink Control Protocol of PPP

PP15121512FDDIFDDI

PP15251525Source Routing BridgesSource Routing Bridges

DD16941694SMDSSMDS

DD17481748IEEE 802.5IEEE 802.5

PP17491749IEEE 802.5 Station Source RoutingIEEE 802.5 Station Source Routing

PP20202020IEEE 802.12 InterfacesIEEE 802.12 Interfaces

PP20242024Data Link SwitchingData Link Switching

PP21082108IEEE 802.3 Repeater DevicesIEEE 802.3 Repeater Devices


TRANSMISSIONTRANSMISSION MIBsMIBs

PP13811381X.25 LAPBX.25 LAPB

PP13821382X.25 Packet LayerX.25 Packet Layer

PP14611461Multiprotocol Interconnect over X.25Multiprotocol Interconnect over X.25



NETWORK LAYERNETWORK LAYER MIBsMIBs

PP24172417Definitions of MO for Multicast over UNI 3.0/3.1 based Definitions of MO for Multicast over UNI 3.0/3.1 based ATM NetworksATM Networks

PP22142214Integrated Services - Guaranteed Service Ext.Integrated Services - Guaranteed Service Ext.

PP22132213Integrated ServicesIntegrated Services

PP24652465MIB for IPv6: Textual Conventions and General GroupMIB for IPv6: Textual Conventions and General Group

PP22062206RSVPRSVP

PP24662466MIB for IPv6: ICMPv6 GroupMIB for IPv6: ICMPv6 Group

PP26672667IP Tunnel MIBIP Tunnel MIB

PP27872787Definitions of MO for the Virtual Router Redundancy Definitions of MO for the Virtual Router Redundancy ProtocolProtocol

PP28512851Textual Conventions for Internet Network AddressesTextual Conventions for Internet Network Addresses

PP29322932IPv4 Multicast Routing MIBIPv4 Multicast Routing MIB

PP29332933Internet Group Management Protocol MIBInternet Group Management Protocol MIB

EE29342934Protocol Independent Multicast MIB for IPv4Protocol Independent Multicast MIB for IPv4

PP30193019IPv6 MIB for The Multicast Listener Discovery ProtocolIPv6 MIB for The Multicast Listener Discovery Protocol


NETWORK LAYERNETWORK LAYER MIBsMIBs

SS12131213MIB-IIMIB-II

PP12691269BGP Version 3BGP Version 3

PP14141414Identification MIBIdentification MIB

DD16571657BGP Version 4BGP Version 4

DD17241724RIP Version 2 MIB ExtensionRIP Version 2 MIB Extension

DD18501850OSPF Version 2OSPF Version 2

PP20062006IP Mobility SupportIP Mobility Support

PP20112011IP MIBIP MIB

PP20962096IP Forwarding TableIP Forwarding Table



TRANSPORT LAYERTRANSPORT LAYER MIBsMIBs

PP20122012Transmission Control Protocol (TCP)Transmission Control Protocol (TCP)

PP20132013User Datagram Protocol (UDP)User Datagram Protocol (UDP)

PP24522452IP Version 6 MIB for the Transmission Control ProtocolIP Version 6 MIB for the Transmission Control Protocol

PP24542454IP Version 6 MIB for the User Datagram ProtocolIP Version 6 MIB for the User Datagram Protocol

PP29592959Real-Time Transport ProtocolReal-Time Transport Protocol



APPLICATION LAYERAPPLICATION LAYER MIBsMIBs

PP25642564Application Management MIBApplication Management MIB

PP22872287Definitions of System-Level Managed Objects for Definitions of System-Level Managed Objects for ApplicationsApplications PP19071907SNMPv2 MIBSNMPv2 MIB

PP25942594Definitions of Managed Objects for WWW ServicesDefinitions of Managed Objects for WWW Services

PP16971697RDBMS MIBRDBMS MIB

PP26052605Directory Server Monitoring MIBDirectory Server Monitoring MIB

PP26182618RADIUS Authentication Client MIBRADIUS Authentication Client MIB

PP26192619RADIUS Authentication Server MIBRADIUS Authentication Server MIB

II26202620RADIUS Accounting Client MIBRADIUS Accounting Client MIB

II26212621RADIUS Accounting Server MIBRADIUS Accounting Server MIB

PP27882788Network Services MonitoringNetwork Services Monitoring

PP27892789Mail Monitoring MIBMail Monitoring MIB

PP30553055MIB for the PINT Services ArchitectureMIB for the PINT Services Architecture


APPLICATION LAYERAPPLICATION LAYER MIBsMIBs

PP16111611DNS Server MIB ExtensionsDNS Server MIB Extensions

PP16121612DNS Resolver MIB ExtensionsDNS Resolver MIB Extensions



REMOTE MONITORING AND REMOTE MONITORING AND MEASURMENTMEASURMENT MIBsMIBs

PP15131513Token Ring extensions to RMONToken Ring extensions to RMON

PP20212021RMON Version 2RMON Version 2

PP26132613RMON MIB Extensions for Switched Networks Version RMON MIB Extensions for Switched Networks Version 1.01.0

PP27202720Traffic Flow Measurement: Meter MIBTraffic Flow Measurement: Meter MIB

SS28192819Remote Network Monitoring (RMON) MIBRemote Network Monitoring (RMON) MIB



DISTRIBUTED MANAGEMENTDISTRIBUTED MANAGEMENT MIBsMIBs

PP25912591Scheduling Management OperationsScheduling Management Operations

PP25922592Delegation of Management ScriptsDelegation of Management Scripts

PP29252925Remote Ping, Traceroute, and Lookup OperationsRemote Ping, Traceroute, and Lookup Operations

PP29812981Event MIBEvent MIB

PP29822982Expression MIBExpression MIB

PP30143014Notification Log MIBNotification Log MIB



VENDOR SPECIFICVENDOR SPECIFIC MIBsMIBs

PP16661666SNA NAUsSNA NAUs

EE17921792TCP/IPX ConnectionTCP/IPX Connection

PP17471747SNA Data Link Control (SDLC)SNA Data Link Control (SDLC)

PP17421742AppletalkAppletalk

PP20512051APPCAPPC

DD15591559DECNET Phase IVDECNET Phase IV

PP22322232DLURDLUR

PP22382238HPNHPN

PP24552455APPNAPPN

PP24562456APPN TRAPSAPPN TRAPS

PP24572457Extended Border NodeExtended Border Node

PP25612561TN3270ETN3270E

PP25622562TN3270E Response Time CollectionTN3270E Response Time Collection

PP25842584APPN/HPR in IP NetworksAPPN/HPR in IP Networks


MISCELLANYMISCELLANY MIBsMIBs

EE12241224Techniques for managing asynchronously generated Techniques for managing asynchronously generated alertsalerts

PP24932493Textual Conventions for MIB Modules Using Textual Conventions for MIB Modules Using Performance History Based on 15 Minute IntervalsPerformance History Based on 15 Minute Intervals

PP25122512Accounting Information for ATM NetworksAccounting Information for ATM Networks

PP25132513Collection and Storage of Accounting Information for CO Collection and Storage of Accounting Information for CO NetworksNetworks

PP27422742Definitions of Managed Objects for Extensible SNMP Definitions of Managed Objects for Extensible SNMP AgentsAgents

EE27582758Service Level Agreements Performance MonitoringService Level Agreements Performance Monitoring

II29222922Physical TopologyPhysical Topology

PP29402940Common Open Policy Service (COPS) Protocol ClientsCommon Open Policy Service (COPS) Protocol Clients



NAMING OFNAMING OF MIBsMIBs

...

root

ccitt (0) iso (1) joint-iso-ccitt (2)

stnd (0) reg-auth (1) mb (2) org (3)

dod (6)

internet (1)

directory (1) mngt (2) experimental (3) private (4)

mib-2 (1)

system (1) interfaces (2) ... transmission (10) snmp (11) ospf (14) bgp (15)

ethernet (6) token ring (9) fddi (15) adsl (94)

...

...

security (5) snmpV2 (6)

SMISMI

STRUCTURE OF MANAGEMENT INFORMATIONSTRUCTURE OF MANAGEMENT INFORMATION

RFC 1155: SMIv1RFC 1155: SMIv1

RFC 1212: CONCISE MIB DEFINITIONSRFC 1212: CONCISE MIB DEFINITIONS

RFC 2578: SMIv2RFC 2578: SMIv2

RFC 2579: TEXTUAL CONVENTIONSRFC 2579: TEXTUAL CONVENTIONS

MAKES THE DEFINITION OF (NEW) MIBs EASIERMAKES THE DEFINITION OF (NEW) MIBs EASIER

SMISMI

MANAGEMENT INFORMATION WITHIN MANAGED SYSTEMSMANAGEMENT INFORMATION WITHIN MANAGED SYSTEMSMUST BE REPRESENTED AS:MUST BE REPRESENTED AS:

• • SCALARSSCALARS

• • TABLESTABLES(= TWO DIMENSIONAL ARRAYS OF SCALARS)(= TWO DIMENSIONAL ARRAYS OF SCALARS)

THE SNMP PROTOCOL CAN ONLY EXCHANGETHE SNMP PROTOCOL CAN ONLY EXCHANGE(A LIST OF) SCALARS(A LIST OF) SCALARS

DEFINED IN TERMS OF ASN.1 CONSTRUCTSDEFINED IN TERMS OF ASN.1 CONSTRUCTS

SMI: DATA TYPES FOR SMI: DATA TYPES FOR SCALARSSCALARS

INTEGEROCTET STRINGOBJECT IDENTIFIER

Integer32

Unsigned32Gauge32Counter32Counter64TimeTicksIpAddressOpaque-

BITS


-

-GaugeCounter-TimeTicksIpAddressOpaqueNetworkAddress

-

SMIv1 SMIv2SIMPLE TYPES:

APPLICATION-WIDETYPES:

PSEUDO TYPES:

EXAMPLE OF SCALAR EXAMPLE OF SCALAR OBJECTSOBJECTS

MANAGER AGENT

SNMP

address

name

uptime

MANAGED OBJECTINSTANCES

OBJECT NAMINGOBJECT NAMING

INTRODUCE NAMING TREEINTRODUCE NAMING TREE

THE LEAVES OF THE TREE REPRESENT THE MANAGED OBJECTS

NODES ARE INTRODUCED FOR NAMING PURPOSES

NEW-MIB:

address (1) info (2)

name (1) uptime (2)

1

130.89.16.2

printer-1 123456

OBJECT NAMINGOBJECT NAMING•• addressaddress

Object ID = 1.1Object ID = 1.1Object Instance = 1.1.0Object Instance = 1.1.0

Value of Instance = Value of Instance = 130.89.16.2130.89.16.2

•• infoinfoObject ID = 1.2Object ID = 1.2

• •namenameObject ID = 1.2.1Object ID = 1.2.1

Object Instance = 1.2.1.0Object Instance = 1.2.1.0Value of Instance = Value of Instance = printer-1printer-1

•• uptimeuptimeObject ID = 1.2.2Object ID = 1.2.2

Object Instance = 1.2.2.0Object Instance = 1.2.2.0Value of Instance = Value of Instance = 123456123456

ALTERNATIVEALTERNATIVE::Object ID = NEW-MIB info uptimeObject ID = NEW-MIB info uptime

OBJECT NAMING: MIBsOBJECT NAMING: MIBsroot

ccitt (0) iso (1) joint-iso-ccitt (2)

stnd (0) reg-auth (1) mb (2) org (3)

dod (6)

internet (1)

security (5)mngt (2) experimental (3) private (4)

mib-2 (1)

directory (1) snmpV2 (6)

enterprises (1)

snmpDomains (1)

snmpProxys (2)

snmpModules (3)

OBJECT TYPE DEFINITIONOBJECT TYPE DEFINITION

OBJECT-TYPE:

SYNTAX

MAX-ACCESS

STATUS

DESCRIPTION


IpAddressInteger32Counter32Counter64Gauge32TimeTicks

New Type

BITS

read-onlyread-writeread-createaccessible-for-notify

currentdeprecatedobsolete

""

Opaque

not-accessible

OBJECT TYPE DEFINITION - OBJECT TYPE DEFINITION - EXAMPLEEXAMPLE

---- Definition of address Definition of address

addressaddress OBJECT-TYPEOBJECT-TYPE

SYNTAXSYNTAX IpAddressIpAddress

MAX-ACCESSMAX-ACCESS read-writeread-write

STATUSSTATUS currentcurrent

DESCRIPTIONDESCRIPTION "The Internet address of this "The Internet address of this system"system"

::=::= {{NEW-MIB 1NEW-MIB 1}}

DEFINITION OF NON-LEAF DEFINITION OF NON-LEAF ‘OBJECTS’‘OBJECTS’

Name Name OBJECT IDENTIFIEROBJECT IDENTIFIER ::=::= {{......}}

EXAMPLE:EXAMPLE:info info OBJECT IDENTIFIEROBJECT IDENTIFIER ::=::= {{NEW-MIB 2NEW-MIB 2}}

ALTERNATIVE CONSTRUCT: OBJECT IDENTITYALTERNATIVE CONSTRUCT: OBJECT IDENTITY

EXAMPLE:EXAMPLE:infoinfo OBJECT-IDENTITYOBJECT-IDENTITY

STATUSSTATUS currentcurrentDESCRIPTIONDESCRIPTION "The node under which future scalar "The node under which future scalar

objects should be objects should be registered"registered"::=::= {{NEW-MIB 2NEW-MIB 2}}

DEFINITION OF A MIBDEFINITION OF A MIB

NEW-MIB NEW-MIB DEFINITIONSDEFINITIONS ::=::=

BEGINBEGIN

import statement(s)import statement(s)

module identity definitionmodule identity definition

definition of all node and leaf objectsdefinition of all node and leaf objects

definition of implementation requirementsdefinition of implementation requirements

ENDEND

MODULE IDENTITY - EXAMPLEMODULE IDENTITY - EXAMPLE

newMibModule newMibModule MODULE-IDENTITYMODULE-IDENTITY

LAST-UPDATEDLAST-UPDATED "200104041200Z" "200104041200Z"

ORGANIZATIONORGANIZATION "UT-TMG" "UT-TMG"

CONTACT-INFO CONTACT-INFO ""

TSSTSS

University of TwenteUniversity of Twente

POBox 217POBox 217

7500 AE Enschede7500 AE Enschede

The NetherlandsThe Netherlands

Email: [email protected] "Email: [email protected] "

DESCRIPTIONDESCRIPTION

"Experimental MIB for demo "Experimental MIB for demo purposespurposes""

::= {::= { enterprises ut(785) 7 enterprises ut(785) 7 }}

IMPORT STATEMENT - IMPORT STATEMENT - EXAMPLEEXAMPLE

IMPORTSIMPORTS

MODULE-IDENTITY, OBJECT-TYPE,MODULE-IDENTITY, OBJECT-TYPE,TimeTicks, enterprisesTimeTicks, enterprises

FROMFROM SNMPv2-SMI; SNMPv2-SMI;





الشبكات إدارة نظم وأهمية الشبكات تعريف إدارة نظم وأهمية تعريف الشبكات إدارة نظم الشبكات مكونات إدارة نظم مكونات نظم بروتوكوالت تطور عن تاريخية نظم لمحة بروتوكوالت تطور عن تاريخية لمحة

الشبكات الشبكات إدارة إدارة البرتوكول البرتوكولSNMPv1SNMPv1


البرتوكول البرتوكولSNMPv2SNMPv2األساسية – والوظائف اإلدارة األساسية نموذج والوظائف اإلدارة والمزايا والمزايا نموذج

بـ بـ مقارن SNMPV1SNMPV1مقارنالبرتوكول – رزم وتفاصيل البرتوكول محددات رزم وتفاصيل محدداتالبيانات – قاعدة البيانات بنية قاعدة MIBMIBبنيةالجداول – مع الجداول التعامل مع التعامل

البرتوكول البرتوكولSNMPv3SNMPv3بعد برتوكولبرتوكول عن بعد اإلدارة عن RMONRMON اإلدارةWeb-based ManagementWeb-based Management

SNMPv2 SNMPv2 OutlineOutline

OVERVIEW:OVERVIEW: LIMITATIONS OF SNMPv1LIMITATIONS OF SNMPv1 HISTORY OF SNMPv2HISTORY OF SNMPv2 HIERARCHIESHIERARCHIES SECURITYSECURITY SNMPv2 PROTOCOL OPERATIONSSNMPv2 PROTOCOL OPERATIONS TRANSPORT INDEPENDENCETRANSPORT INDEPENDENCE RFCsRFCs

Copyright © 2001 by Aiko Pras

These sheets may be used for educational purposes

LIMITATIONS OF SNMPv1LIMITATIONS OF SNMPv1

•• UNDOCUMENTED RULESUNDOCUMENTED RULES

• • LIMITED ERROR CODESLIMITED ERROR CODES

• • LIMITED DATA TYPESLIMITED DATA TYPES

• • LIMITED NOTIFICATIONSLIMITED NOTIFICATIONS

• • LIMITED PERFORMANCELIMITED PERFORMANCE

• • TRANSPORT DEPENDENCETRANSPORT DEPENDENCE

• • LACK OF HIERARCHIESLACK OF HIERARCHIES

• • LACK OF SECURITYLACK OF SECURITY

HISTORY OF SNMPv2HISTORY OF SNMPv2

1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000

SNMP/SMI v1

SNMPSMP

SNMPv2 parties

security

SMIv2

community

SNMPv3

dra

ftst

and

ard

full

stan

da

rd

DISMAN

V2

Us

ec V2

* ...

full

stan

da

rd

pro

po

sed

stan

da

rdp

ropo

sed

sta

nd

a rd

dra

ftst

an

da r

d1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000

SNMP/SMI v1

SNMPSMP

SNMPv2 parties

security

SMIv2

community

SNMPv3

dra

ftst

and

ard

full

stan

da

rd

DISMAN

V2

Us

ec V2

* ...

full

stan

da

rd

pro

po

sed

stan

da

rdp

ropo

sed

sta

nd

a rd

dra

ftst

an

da r

d

HIERARCHIES: ORIGINAL IDEAHIERARCHIES: ORIGINAL IDEA

MANAGER TO MANAGER (M2M) MIBMANAGER TO MANAGER (M2M) MIB

•• STANDARD MIB APPROACHSTANDARD MIB APPROACH

• • LIMITED FUNCTIONALITYLIMITED FUNCTIONALITY

• • RUN-TIME BEHAVIOUR MUST BE DEFINED AT IMPLEMENTATION RUN-TIME BEHAVIOUR MUST BE DEFINED AT IMPLEMENTATION TIMETIME

poll

inform command

M

M

M

A A AAA

HIERARCHIES: STATUSHIERARCHIES: STATUS

WORK HAS MOVED TO A SEPARATE WORK HAS MOVED TO A SEPARATE DISTRIBUTED MANAGEMENT DISTRIBUTED MANAGEMENT GROUPGROUP(DISMAN)(DISMAN)

THREE APPROACHES ARE STANDARDIZED:THREE APPROACHES ARE STANDARDIZED:

– • • MIB BASED MIB BASED (EXPRESSION, EVENT AND NOTIFICATION LOG (EXPRESSION, EVENT AND NOTIFICATION LOG MIB)MIB)

– • • SCRIPT BASED SCRIPT BASED (SCRIPT AND SCHEDULE MIB)(SCRIPT AND SCHEDULE MIB)

– • • REMOTE OPERATIONS BASED REMOTE OPERATIONS BASED (REMOPS MIB)(REMOPS MIB)

SNMPv2 SECURITY: WHAT SNMPv2 SECURITY: WHAT HAPPENEDHAPPENED??

APRIL 1993:APRIL 1993: PROPOSED STANDARDPROPOSED STANDARD FOUR EDITORSFOUR EDITORS SECURITY BASED ON SECURITY BASED ON PARTIESPARTIES FIRST PROTOTYPES APPEARED SOONFIRST PROTOTYPES APPEARED SOON

JUNE 1995:JUNE 1995: PROPOSED STANDARD REJECTED BY TWO OF THE ORIGINAL EDITORS!PROPOSED STANDARD REJECTED BY TWO OF THE ORIGINAL EDITORS!

AUGUST 1995:AUGUST 1995: GENERAL AGREEMENT THAT PARTY BASED MODEL WAS TOO COMPLEX!GENERAL AGREEMENT THAT PARTY BASED MODEL WAS TOO COMPLEX! MANY NEW PROPOSALS APPEARED:MANY NEW PROPOSALS APPEARED: • • SNMPv2C: COMMUNITY BASEDSNMPv2C: COMMUNITY BASED • • SNMPv2U: USER BASEDSNMPv2U: USER BASED • • ......

1997:1997: NEW SNMPv3 WORKING GROUP WAS FORMEDNEW SNMPv3 WORKING GROUP WAS FORMED WITH NEW EDITORSWITH NEW EDITORS

SNMPv2 PROTOCOL SNMPv2 PROTOCOL OPERATIONSOPERATIONS

getNext

response

MIB

manager agent

set

response

MIB

manager agent

get

response

MIB

manager agent

getBulk

response

MIB

manager agent

trap

MIB

manager agent

response

inform

MIB

manager "agent"

GETGET

SIMILAR TO SNMPv1, EXCEPT FOR "EXCEPTIONS"SIMILAR TO SNMPv1, EXCEPT FOR "EXCEPTIONS"

POSSIBLE EXCEPTIONSPOSSIBLE EXCEPTIONS- noSuchObject- noSuchObject

- - noSuchInstancenoSuchInstance

EXCEPTIONS ARE CODED WITHIN THE VARBINDSEXCEPTIONS ARE CODED WITHIN THE VARBINDS

EXCEPTIONS EXCEPTIONS DO NOTDO NOT RAISE ERROR STATUS AND RAISE ERROR STATUS AND INDEXINDEX

manager agentget

response

MIB

GET EXAMPLESGET EXAMPLES

get(1)get(1) response(error-status => response(error-status => noErrornoError, 1.2 => , 1.2 => noSuchObjectnoSuchObject))

get(1.1)get(1.1) response(error-status => response(error-status => noErrornoError, 1.2.0 => , 1.2.0 => noSuchInstancenoSuchInstance))

get(1.1.9)get(1.1.9) response(error-status => response(error-status => noErrornoError, 1.2.0 => , 1.2.0 => noSuchInstancenoSuchInstance))

get(1.2)get(1.2) response(error-status => response(error-status => noErrornoError, 1.4.0 => , 1.4.0 => noSuchObjectnoSuchObject))

get(1.4.0)get(1.4.0) response(error-status => response(error-status => noErrornoError, 1.4.0 => , 1.4.0 => noSuchObjectnoSuchObject))

get(1.1.0, 1.4.0)get(1.1.0, 1.4.0) response(error-status => response(error-status => noErrornoError, 1.1.0 => , 1.1.0 => 130.89.16.2, 130.89.16.2, 1.4.0 => 1.4.0 =>

noSuchObjectnoSuchObject))

GET-NEXTGET-NEXT

SIMILAR TO SNMPv1, EXCEPT FOR SIMILAR TO SNMPv1, EXCEPT FOR "EXCEPTIONS""EXCEPTIONS"

POSSIBLE EXCEPTIONS:POSSIBLE EXCEPTIONS: • • endOfMibViewendOfMibView

EXAMPLEEXAMPLE getNext(1.4.0)getNext(1.4.0) response(error-status => response(error-status => noErrornoError, 1.4.0 => , 1.4.0 => endOfMibViewendOfMibView))

manager agentgetNext

response

MIB

GET-BULKGET-BULK

NEW IN SNMPv2NEW IN SNMPv2

TO RETRIEVE A LARGE NUMBER OF TO RETRIEVE A LARGE NUMBER OF VARBINDSVARBINDS

IMPROVES PERFORMANCE!IMPROVES PERFORMANCE!

manager agentgetBulk

response

MIB

GETBULK PERFORMANCEGETBULK PERFORMANCESource: Steve Waldbusser, Carnegie-Mellon University

210

3300

v1

v2

NO SECURITY

195

2910

110

1600

WITH AUTHENTICATION WITH ENCRYPTION

Figures based on original (party based) SNMPv2

GET-BULKGET-BULK getBulkgetBulk REQUEST HAS TWO ADDITIONAL REQUEST HAS TWO ADDITIONAL

PARAMETERS:PARAMETERS:– • • non-repeatorsnon-repeators

– • • max-repetitionsmax-repetitions

THE FIRST THE FIRST NN ELEMENTS ( ELEMENTS (non-repeatorsnon-repeators) OF ) OF THE VARBIND LIST ARE TREATED AS IF THE THE VARBIND LIST ARE TREATED AS IF THE OPERATION WAS A NORMAL OPERATION WAS A NORMAL getnext getnext OPERATIONOPERATION

• • THE NEXT ELEMENTS OF THE VARBIND THE NEXT ELEMENTS OF THE VARBIND LIST ARE TREATED AS IF THE OPERATIONLIST ARE TREATED AS IF THE OPERATIONCONSISTED OF A NUMBER (CONSISTED OF A NUMBER (max-repetitionsmax-repetitions) ) OF REPEATED OF REPEATED getnextgetnext OPERATIONS OPERATIONS

GET-BULKGET-BULKREQUEST(non-repeaters = N; max-repetitions = M;

VariableBinding-1; ... ; VariableBinding-N; VariableBinding-(N+1); ... ; VariableBinding-(N+R)

RESPONSE(

)

VariableBinding-1; ... ; VariableBinding-N; VariableBinding-(N+1); ... ; VariableBinding-(N+R)

VariableBinding-(N+1); ... ; VariableBinding-(N+R)


...


)

1st LEXICOGRAPHICAL SUCCESSOR

2nd LEXICOGRAPHICAL SUCCESSOR

3th LEXICOGRAPHICAL SUCCESSOR

Mth LEXICOGRAPHICAL SUCCESSOR

N-TIMES

M-TIMES

GET-BULK EXAMPLEGET-BULK EXAMPLE

getBulkgetBulk((max-repetitionsmax-repetitions = 4; 1.1) = 4; 1.1)

responseresponse((1.1.0 => 1.1.0 => 130.89.16.2130.89.16.2

1.2.1.0 1.2.1.0 => => printer-1printer-1

1.2.2.0 1.2.2.0 => => 123456123456

1.3.1.1.1.3.1.1.2.12.1 => => 2 2 ))

GET-BULK EXAMPLEGET-BULK EXAMPLE

getBulkgetBulk((max-repetitionsmax-repetitions = 3; 1.3.1.1; 1.3.1.2; = 3; 1.3.1.1; 1.3.1.2; 1.3.1.3)1.3.1.3)

responseresponse((1.3.1.1.1.3.1.1.2.12.1 => => 22; 1.3.1.2.; 1.3.1.2.2.12.1 => => 11; 1.3.1.3.; 1.3.1.3.2.12.1 => => 22

1.3.1.1.1.3.1.1.3.13.1 => => 33; 1.3.1.2.; 1.3.1.2.3.13.1 => => 11; 1.3.1.3.; 1.3.1.3.3.13.1 => => 33

1.3.1.1.1.3.1.1.5.15.1 => => 55; 1.3.1.2.; 1.3.1.2.5.15.1 => => 11; 1.3.1.3.; 1.3.1.3.5.15.1 => => 2 2

))

SETSET

SIMILAR TO SNMPv1SIMILAR TO SNMPv1

CONCEPTUAL TWO PHASE COMMIT:CONCEPTUAL TWO PHASE COMMIT:– • • PHASE 1: PERFORM VARIOUS CHECKSPHASE 1: PERFORM VARIOUS CHECKS

– • • PHASE 2: PERFORM THE ACTUAL SETPHASE 2: PERFORM THE ACTUAL SET

MANY NEW ERROR CODES ARE DEFINEDMANY NEW ERROR CODES ARE DEFINED

manager agentset

response

MIB

NEW ERROR CODES FOR NEW ERROR CODES FOR SETSSETS

wrongValuewrongEncodingwrongTypewrongLengthinconsistentValuenoAccessnotWritablenoCreationinconsistentNameresourceUnavailablegenErr

CommitFailedundoFailed

badValuebadValuebadValuebadValuebadValuenoSuchNamenoSuchNamenoSuchNamenoSuchNamegenErrgenErr

genErrgenErr

SNMPv1 SNMPv2

PHASE 1:

PHASE 2:

TRAPTRAP

SNMPv1:SNMPv1:• • COLD STARTCOLD START

• • WARM STARTWARM START

• • LINK DOWNLINK DOWN

• • LINK UPLINK UP

• • AUTHETICATION FAILUREAUTHETICATION FAILURE

• • EGP NEIGHBOR LOSSEGP NEIGHBOR LOSS

SNMPv2:SNMPv2:• • MIBs MAY NOW INCLUDE NOTIFICATION TYPE MACROSMIBs MAY NOW INCLUDE NOTIFICATION TYPE MACROS

• • FIRST TWO VARBINDS: FIRST TWO VARBINDS: sysUptimesysUptime AND AND snmpTrapOIDsnmpTrapOID

• • USES SAME FORMAT AS OTHER PDUsUSES SAME FORMAT AS OTHER PDUs

manager agent

trapMIB

EXAMPLE OF NOTIFICATION EXAMPLE OF NOTIFICATION TYPE MACROTYPE MACRO

linkUplinkUpNOTIFICATION-TYPENOTIFICATION-TYPE

OBJECTSOBJECTS{ifIndex}{ifIndex}

STATUSSTATUScurrentcurrent

DESCRIPTIONDESCRIPTION"A linkUp trap signifies that the entity"A linkUp trap signifies that the entity

has detected that the has detected that the ifOperStatusifOperStatus

object has changed object has changed to Upto Up""

=::=:: {{snmpTraps 4snmpTraps 4}}

INFORMINFORM

CONFIRMED TRAPCONFIRMED TRAP

ORIGINALLY TO INFORM A HIGHER LEVEL MANAGERORIGINALLY TO INFORM A HIGHER LEVEL MANAGER

SAME FORMAT AS TRAP PDUSAME FORMAT AS TRAP PDU

POSSIBLE ERROR: POSSIBLE ERROR: tooBigtooBig

manager "agent"

Response

inform MIB

REPORTREPORT

NEW PDU TO SIGNAL PROTOCOL NEW PDU TO SIGNAL PROTOCOL EXCEPTIONS / ERRORSEXCEPTIONS / ERRORS

NO SEMANTICS DEFINED IN SNMPv2NO SEMANTICS DEFINED IN SNMPv2

manager agent

report

TRANSPORT DEPENDANCETRANSPORT DEPENDANCE

SNMPv1:SNMPv1:– UDP OnlyUDP Only

SNMPv2:SNMPv2:– UDPUDP

– CLNS (OSI)CLNS (OSI)

– DDP (APPLETALK)DDP (APPLETALK)

– IPXIPX

SNMPv2 RFCsSNMPv2 RFCs COMMUNICATION MODELCOMMUNICATION MODEL • • DRAFT STANDARDDRAFT STANDARD • • RFC 1905, RFC1906RFC 1905, RFC1906

SECURITY MODEL - SNMPv2C:SECURITY MODEL - SNMPv2C: • • COMMUNITY BASED SNMPCOMMUNITY BASED SNMP • • SAME ‘SECURITY MECHANISMS’ AS SNMPv1SAME ‘SECURITY MECHANISMS’ AS SNMPv1 • • EXPERIMENTAL STATUSEXPERIMENTAL STATUS • • RFC 1901RFC 1901

SECURITY MODEL - SNMPv2U:SECURITY MODEL - SNMPv2U: • • USER BASED SECURITY (AUTHENTICATION / ENCRYPTION / USER BASED SECURITY (AUTHENTICATION / ENCRYPTION /

ACCESS CONTROL)ACCESS CONTROL) • • EXPERIMENTAL STATUSEXPERIMENTAL STATUS • • RFC 1909, RFC1910RFC 1909, RFC1910

INFORMATION MODEL:INFORMATION MODEL: • • STANDARDSTANDARD • • RFC2578, RFC2579, RFC2580RFC2578, RFC2579, RFC2580





الشبكات إدارة نظم وأهمية الشبكات تعريف إدارة نظم وأهمية تعريف الشبكات إدارة نظم الشبكات مكونات إدارة نظم مكونات نظم بروتوكوالت تطور عن تاريخية نظم لمحة بروتوكوالت تطور عن تاريخية لمحة

الشبكات الشبكات إدارة إدارة البرتوكول البرتوكولSNMPv1SNMPv1


البرتوكول البرتوكولSNMPv2SNMPv2األساسية – والوظائف اإلدارة األساسية نموذج والوظائف اإلدارة والمزايا والمزايا نموذج

بـ بـ مقارن SNMPV1SNMPV1مقارنالبرتوكول – رزم وتفاصيل البرتوكول محددات رزم وتفاصيل محدداتالبيانات – قاعدة البيانات بنية قاعدة MIBMIBبنيةالجداول – مع الجداول التعامل مع التعامل

البرتوكول البرتوكولSNMPv3SNMPv3بعد برتوكولبرتوكول عن بعد اإلدارة عن RMONRMON اإلدارةWeb-based ManagementWeb-based Management

TABLESTABLES

EXAMPLE: ROUTING TABLEEXAMPLE: ROUTING TABLE

TO RETRIEVE INDIVIDUAL TABLE ENTRIES

EACH ENTRY SHOULD GET A NAME

destination next

2 2

3

5

7

3

2

2

8

9

3

3

1

2

9

3

5

7

8

NAMING OF TABLE ENTRIES - INAMING OF TABLE ENTRIES - IPOSSIBILITY 1POSSIBILITY 1 (NOT BEING USED BY SNMP)(NOT BEING USED BY SNMP): USE ROW NUMBERS: USE ROW NUMBERS

1

address (1) info (2) routeTable (3)

name (1) uptime (2)

130.89.16.2

printer-1 123456

dest(1) next(2)

2 2

3

5

7

3

2

2

8

9

3

3

NEW-MIB:

this is row 5

EXAMPLE: THE VALUE OF NEW-MIB routeTable next 5 IS 3

NAMING OF TABLE ENTRIES - IINAMING OF TABLE ENTRIES - II

POSSIBILITY 2 POSSIBILITY 2 (USED BY SNMP)(USED BY SNMP): INTRODUCE AN INDEX COLUMN: INTRODUCE AN INDEX COLUMN

1

address (1) info (2) routeTable (3)

name (1) uptime (2)

130.89.16.2

printer-1 123456

dest(1) next(2)

2 2

3

5

7

3

2

2

8

9

3

3

NEW-MIB:

EXAMPLE: THE VALUE OF NEW-MIB routeTable next 5 IS 2

TABLE INDEXINGTABLE INDEXING

GENERAL SCHEMEGENERAL SCHEME

OID of Table Column number Index value

X.C.I

EXAMPLES:

OID of Table = 1.31.3.1.5 >= 5 1.3.2.5 >= 21.3.1.9 >=9 1.3.2.9 >= 31.3.2.7 >=2

1.3.1.1 >=entry does not exist1.3.2.1 >=entry does not exist

TABLE INDEXING - NON-TABLE INDEXING - NON-INTEGER INDEXINTEGER INDEX

AN INDEX NEED NOT BE AN INTEGERAN INDEX NEED NOT BE AN INTEGERrouteTable (3)

dest (1) next (2)

130.89.16.1 130.89.16.1

130.89.16.4

130.89.16.23

130.89.19.121

130.89.16.4

130.89.16.1

130.89.16.1

192.1.23.24

193.22.11.97

130.89.16.4

130.89.16.4EXAMPLES:

OID of Table = 1.31.3.1.130.89.16.23 => 130.89.16.23 1.3.2.130.89.16.23 => 130.89.16.1

1.3.1.193.22.11.97 => 193.22.11.971.3.2.193.22.11.97 => 130.89.16.4

1.3.2.130.89.19.121 => 130.89.16.1

TABLE INDEXING - MULTIPLE TABLE INDEXING - MULTIPLE INDEX FIELDSINDEX FIELDS

USE OF MULTIPLE INDEX FIELDSUSE OF MULTIPLE INDEX FIELDS

OID of Table Column number Index value 1

X.C.I1.I2

Index value 2

TABLE INDEXING - MULTIPLE INDEX TABLE INDEXING - MULTIPLE INDEX FIELDS: EXAMPLEFIELDS: EXAMPLE

EXAMPLE:EXAMPLE:

routeTable (3)

dest (1) policy (2) next (3)

130.89.16.23 1 130.89.16.23

130.89.16.23

130.89.19.121

192.1.23.24

2

1

1

130.89.16.23

130.89.16.1

130.89.16.1

192.1.23.24

193.22.11.97

2

1

130.89.16.4

130.89.16.1

1 = low costs2 = high reliability

1.3.3.192.1.23.24.1 => 130.89.16.1

1.3.3.192.1.23.24.2 => 130.89.16.4

TABLE DEFINITIONTABLE DEFINITION---- Definition of the route table Definition of the route table

routeTablerouteTable OBJECT-TYPEOBJECT-TYPE

SYNTAXSYNTAX SEQUENCE OF RouteEntrySEQUENCE OF RouteEntry

MAX-ACCESSMAX-ACCESS not-accessiblenot-accessible


DESCRIPTIONDESCRIPTION ""This entity’s routing tableThis entity’s routing table""

::=::= {{NEW-MIB 3NEW-MIB 3}}

routeEntryrouteEntry OBJECT-TYPEOBJECT-TYPE

SYNTAXSYNTAX RouteEntryRouteEntry

MAX-ACCESSMAX-ACCESS not-accessiblenot-accessible


DESCRIPTIONDESCRIPTION ""A route to a particular destinationA route to a particular destination""

INDEXINDEX {dest, policy}{dest, policy}

::=::= {{routeTable 1routeTable 1}}

TABLE DEFINITION (cont. 1)TABLE DEFINITION (cont. 1)

RouteEntry RouteEntry ::=::=

SEQUENCESEQUENCE {{

destdest ipAddress,ipAddress,

policypolicy INTEGER,INTEGER,

nextnext ipAddressipAddress

}}

TABLE DEFINITION (cont. 2)TABLE DEFINITION (cont. 2)destdest OBJECT-TYPEOBJECT-TYPE

SYNTAXSYNTAX ipAddressipAddressACCESSACCESS read-onlyread-onlySTATUSSTATUS currentcurrentDESCRIPTIONDESCRIPTION ""The address of a particular The address of a particular destinationdestination""::=::= {{route-entry 1route-entry 1}}

policypolicy OBJECT-TYPEOBJECT-TYPESYNTAXSYNTAX INTEGER {INTEGER {

costs(1)costs(1)-- lowest delay-- lowest delay

reliability(2)} reliability(2)} -- highest reliability-- highest reliability

ACCESSACCESS read-onlyread-onlySTATUSSTATUS currentcurrentDESCRIPTIONDESCRIPTION ""The routing policy to reach that The routing policy to reach that destinationdestination""::=::= {{route-entry 2route-entry 2}}

nextnext OBJECT-TYPEOBJECT-TYPESYNTAXSYNTAX ipAddressipAddressACCESSACCESS read-writeread-writeSTATUSSTATUS currentcurrentDESCRIPTIONDESCRIPTION ""The internet address of the next hopThe internet address of the next hop""::=::= {{route-entry 3route-entry 3}}

DEFINITION OF NEW TYPESDEFINITION OF NEW TYPESTEXTUAL CONVENTIONSTEXTUAL CONVENTIONS

TO REFINE SEMANTICS OF EXISTING TYPESTO REFINE SEMANTICS OF EXISTING TYPES

EXAMPLE:EXAMPLE:

RunState ::= RunState ::= TEXTUAL CONVENTIONTEXTUAL CONVENTION


DESCRIPTIONDESCRIPTION ""......""

SYNTAXSYNTAX INTEGER{INTEGER{

running(1)running(1)

runable(2)runable(2)

waiting(3)waiting(3)

exiting(4)}exiting(4)}

TEXTUAL CONVENTIONSTEXTUAL CONVENTIONS

•• PhysAddressPhysAddress

• • MacAddressMacAddress

• • TruthValueTruthValue

• • AutonomousTypeAutonomousType

• • InstancePointerInstancePointer

• • VariablePointerVariablePointer

• • RowPointerRowPointer

• • RowStatusRowStatus

• • TimeStampTimeStamp

• • TimeIntervalTimeInterval

• • DateAndTime DateAndTime

• • StorageTypeStorageType

• • TDomainTDomain

• • TAddressTAddress

ROW-STATUS TEXTUAL ROW-STATUS TEXTUAL CONVENTIONCONVENTION

USED TO CHANGE TABLE ROWSUSED TO CHANGE TABLE ROWSTO: VIA:

130.89.16.4

130.89.18.2

130.89.1.1

130.89.1.4

ACTIVE

STATUS:

130.89.1.4130.89.18.7ACTIVEACTIVE

130.89.17.6 130.89.1.1 NOT READY

ROW-STATUS - STATE ROW-STATUS - STATE DIAGRAMDIAGRAM

status columndoes not exist

status columnis active

status columnis notReady

status columnis notInService

1

6

1 2

1 23

4

4

31

5

6

6

12

3 34

4

5 35

4

4

6

5

2

2 2

noError

noError

noError

noError

6

6

1

2

3

4

5

6

set status column to createAndGo

set status column to createAndWait

set status column to active

set status column to notInService

set status column to destroy

set any other column to some value

4 6 4 6or

NOTIFICATION TYPESNOTIFICATION TYPESSMIv2:SMIv2:

• • MIBs MAY NOW INCLUDE NOTIFICATION TYPE MACROSMIBs MAY NOW INCLUDE NOTIFICATION TYPE MACROS

EXAMPLE:EXAMPLE:

linkUp linkUp NOTIFICATION-TYPENOTIFICATION-TYPE

OBJECTSOBJECTS {ifIndex}{ifIndex}


DESCRIPTIONDESCRIPTION

"A linkUp trap signifies that the"A linkUp trap signifies that the

entity has detected that theentity has detected that the

ifOperStatus object has changed to Up"ifOperStatus object has changed to Up"

::= {::= {snmpTraps 4snmpTraps 4}}

DEFINITION OF IMPLEMENTATION DEFINITION OF IMPLEMENTATION REQUIREMENTSREQUIREMENTS

THE MODULE-COMPLIANCE CONSTRUCTTHE MODULE-COMPLIANCE CONSTRUCT

DEFINES IMPLEMENTATION REQUIREMENTS FOR AGENTSDEFINES IMPLEMENTATION REQUIREMENTS FOR AGENTS

newMibCompliance MODULE-COMPLIANCESTATUS ...DESCRIPTION ...

MODULE 1

MODULE n

::= { ... }

MODULE ...MANDATORY-GROUPS ...GROUP ...OBJECT ...

OBJECT GROUP CONSTRUCTOBJECT GROUP CONSTRUCTTO DEFINE A SET OF RELATED OBJECT TYPESTO DEFINE A SET OF RELATED OBJECT TYPES

EXAMPLE:EXAMPLE:

newMibScalarGroup newMibScalarGroup OBJECT-GROUPOBJECT-GROUP

OBJECTS {OBJECTS { address, name, uptime address, name, uptime }}

STATUSSTATUS current current

DESCRIPTIONDESCRIPTION "The collection of "The collection of scalar objects."scalar objects."

::= {::= { demoGroups 1 demoGroups 1 }}

SNMPv2 - SUMMARYSNMPv2 - SUMMARY IMPROVED COMMUNICATION MODELIMPROVED COMMUNICATION MODEL • • TRAPS HAVE SAME FORMAT AS OTHER PDUSTRAPS HAVE SAME FORMAT AS OTHER PDUS • • GET-BULK PDUGET-BULK PDU • • ADDITIONAL ERROR CODES FOR SETSADDITIONAL ERROR CODES FOR SETS

TWO SECURITY MODELSTWO SECURITY MODELS • • SNMPv2C: COMMUNITY BASEDSNMPv2C: COMMUNITY BASED • • SNMPv2U: USER BASEDSNMPv2U: USER BASED

INDEPENDENCE OF UNDERLYING TRANSPORTINDEPENDENCE OF UNDERLYING TRANSPORT • • MIB-II SPLIT INTO MODULESMIB-II SPLIT INTO MODULES

SECURITY AND HIERARCHIES TO SNMPv3 & DISMANSECURITY AND HIERARCHIES TO SNMPv3 & DISMAN

IMPROVED INFORMATION MODEL (SMIv2)IMPROVED INFORMATION MODEL (SMIv2) • • ADDITIONAL DATA TYPESADDITIONAL DATA TYPES • • TEXTUAL CONVENTIONSTEXTUAL CONVENTIONS E.G. ROW STATUSE.G. ROW STATUS • • NOTIFICATIONSNOTIFICATIONS









Network Management - Dr. Moutasem ShafaAmry - Damascus University

SNMPv3 outline

OVERVIEW:

• DESIGN DECISIONS

• ARCHITECTURE

• SNMP MESSAGE STRUCTURE

• SECURE COMMUNICATIONUSER SECURITY MODEL (USM)

• ACCESS CONTROL– VIEW BASED ACCESS CONTROL MODEL (VACM)

• IMPLEMENTATIONS

• RFCsCopyright © 2001 by Aiko Pras



DESIGN DECISIONS

ADDRESS THE NEED FOR SECURY SET SUPPORT

DEFINE AN ARCHITECTURE THAT ALLOWS FOR LONGEVITY OF SNMP

ALLOW THAT DIFFERENT PORTIONS OF THE ARCHITECTUREMOVE AT DIFFERENT SPEEDS TOWARDS STANDARD STATUS

ALLOW FOR FUTURE EXTENSIONS

KEEP SNMP AS SIMPLE AS POSSIBLE

ALLOW FOR MINIMAL IMPLEMENTATIONS

SUPPORT ALSO THE MORE COMPLEX FEATURES,WHICH ARE REQUIRED IN LARGE NETWORKS

RE-USE EXISTING SPECIFICATIONS, WHENEVER POSSIBLE


SNMPv3 ARCHITECTURE

OTHERNOTIFICATIONORIGINATOR

COMMANDRESPONDER

COMMANDGENERATOR

NOTIFICATIONRECEIVER

PROXYFORWARDER

SNMP APPLICATIONS

SNMP ENGINE

MESSAGE PROCESSINGSUBSYSTEM

DISPATCHERSECURITY

SUBSYSTEMACCESS CONTROL

SUBSYSTEM

SNMP ENTITY

OTHER


SNMPv3 ARCHITECTURE: MANAGER

NOTIFICATIONRECEIVER

COMMANDGENERATOR

PDUDISPATCHER

COMMUNITY BASEDSECURITY MODEL

USER BASEDSECURITY MODEL

OTHERSECURITY MODEL

SECURITY SUBSYSTEM

SNMPv1

SNMPv2C

SNMPv3

OTHER


MESSAGEDISPATCHER

TRANSPORTMAPPINGS


SNMPv3 ARCHITECTURE: AGENT

PDUDISPATCHER

COMMUNITY BASEDSECURITY MODEL

USER BASEDSECURITY MODEL

OTHERSECURITY MODEL

SECURITY SUBSYSTEM

SNMPv1

SNMPv2C

SNMPv3

OTHER


MESSAGEDISPATCHER

TRANSPORTMAPPINGS

MANAGEMENT INFORMATION BASE

VIEW BASEDACCESS CONTROL

ACCESS CONTROL SUBSYSTEM

NOTIFICATIONORIGINATOR

COMMANDRESPONDER


CONCEPTS: snmpEngineID

O TH ER

SNMP ENGINE

SNMP ENTITY

snmpEngineID=4

O TH ER

SNMP ENGINE

SNMP ENTITY

snmpEngineID=2

O TH ER

SNMP ENGINE

SNMP ENTITY

snmpEngineID=3

OT HE R

SNMP ENGINE

SNMP ENTITY

snmpEngineID=1


CONCEPTS: Context

OTHER

COMMAND RESPONDER APPLICATION

SNMP ENGINE

SNMP ENTITY

snmpEngineID=1

contextEngineID=1The context can be reached from this engine, thus:

MIB

contextName=card1

MIB

contextName=card2


PRIMITIVES BETWEEN MODULES


sendPdu

DISPATCHER

ACCESSCONTROL

SUBSYSTEM

MESSAGEPROCESSINGSUBSYSTEM

SECURITYSUBSYSTEM DISPATCHER

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

Parameters

transportDomaintransportAddress

messageProcessingModel

securityModelsecurityName

securityLevel

contextEngineIDcontextName

pduVersion

PDU

expectResponse

maxSizeResponseScopedPDU

stateReferencestatusInformation

sendPduHandle

destTransportDomaindestTransportAddress

outgoingMessageoutgoingMessageLength

wholeMsgwholeMsgLength

pduType

viewTypevariableName

globalDatamaxMessageSize

securityEngineID

scopedPDU

securityParameterssecurityStateReference

sendPdu

APPLICATIONS


prepareOutgoingMessage

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS



ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


prepareOutgoingMessage

DISPATCHER


generateRequestMsg

DISPATCHER

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


generateRequestMsg



send / receive

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS



ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


send and receive

DISPATCHER


prepareDataElements

DISPATCHER

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


prepareDataElements

DISPATCHER


processIncomingMsg

DISPATCHER

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS



ACCESSCONTROL

SUBSYSTEM

APPLICATIONS

SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


processIncomingMsg



processPd

DISPATCHER

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


processPdu

DISPATCHER


isAccessAllowed

DISPATCHER

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS



ACCESSCONTROL

SUBSYSTEM


SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


isAccessAllowed

APPLICATIONS


returnResponsePdu

DISPATCHER

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS



ACCESSCONTROL

SUBSYSTEM


SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


returnResponsePdu

APPLICATIONS


prepareResponseMessage

DISPATCHER

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


prepareResponseMessage

DISPATCHER


generateResponseMsg

DISPATCHER

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS



ACCESSCONTROL

SUBSYSTEM

APPLICATIONS

SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


generateResponseMsg



send / receive

DISPATCHER

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


send and receive

DISPATCHER


prepareDataElements

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS



ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


prepareDataElements

DISPATCHER


processIncomingMsg

DISPATCHER

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


processIncomingMsg



processResponsePdu

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS



ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


processResponsePdu

DISPATCHER


MODULES OF THE SNMPv3 ARCHITECTURE

DISPATCHER AND MESSAGE PROCESSING MODULE• SNMPv3 MESSAGE STRUCTURE

• snmpMPDMIB• RFC 2572

APPLICATIONS• snmpTargetMIB

• snmpNotificationMIB• snmpProxyMIB

• RFC 2573

SECURITY SUBSYSTEM• USER BASED SECURITY MODEL

• snmpUsmMIB• RFC 2574

ACCESS CONTROL SUBSYSTEM• VIEW BASED ACCESS CONTROL MODEL

• snmpVacmMIB• RFC 2575


SNMPv3 MESSAGE STRUCTURE

msgVersionmsgID

msgMaxSizemsgFlags

msgSecurityModel

msgSecurityParameters


PDU

USED BY MESSAGE PROCESSING SUBSYSTEM

USED BY SNMPv3 PROCESSING MODULE

USED BY SECURITY SUBSYSTEM

USED BY ACCESS CONTROL SUBSYSTEMAND APPLICATIONS


SNMPv3 PROCESSING MODULE PARAMETERS

msgVersionmsgID

msgMaxSizemsgFlags

msgSecurityModel

msgSecurityParameters


PDU

authFlagprivFlagreportableFlag

SNMPv1SNMPv2cUSM

484..2147483647

0..2147483647


SECURE COMMUNICATION VERSUS ACCESS CONTROL

MIB

MANAGER

APPLICATION PROCESSES

TRANSPORT SERVICE

MANAGER AGENT

GET / GET-NEXT / GETBULKSET / TRAP / INFORM

SECURE COMMUNICATION

ACCESS CONTROL


USM: SECURITY THREATS

THREAT ADDRESSED? MECHANISM

REPLAY YES TIME STAMP

MASQUERADE YES MD5 / SHA-1

INTEGRITY YES (MD5 / SHA-1)

DISCLOSURE YES DES

DENIAL OF SERVICE YES

TRAFFIC ANALYSIS YES


USM MESSAGE STRUCTURE

msgVersionmsgID

msgMaxSizemsgFlags

msgSecurityModelmsgAuthoritativeEngineID

msgAuthoritativeEngineBootsmsgAuthoritativeEngineTime

msgUserNamemsgAuthenticationParameters

msgPrivacyParameterscontextEngineID

contextName

PDU

REPLAY

MASQUERADE/INTEGRITY/DISCLOSURE

DISCLOSURE

MASQUERADE/INTEGRITY


IDEA BEHIND REPLAY PROTECTION

LOCAL NOTION OFREMOTE CLOCK

ALLOWEDLIFETIME

LOCALCLOCK

+ >?

ID BOOTS TIME DATA ID BOOTS TIME DATA

Authoritative EngineNonauthoritative Engine


IDEA BEHIND DATA INTEGRITY AND AUTHENTICATION

HASH FUNCTION

DATAKEY

MAC

ADD THE MESSAGE AUTHENTICATION CODE (MAC) TO THE DATAAND SEND THE RESULT


IDEA BEHIND AUTHENTICATION

HASH FUNCTION

KEY

MAC

DATAUSER MAC

DATA

HASH FUNCTION

KEY

MAC

DATAUSER MAC

DATA

=?


IDEA BEHIND THE DATA CONFIDENTIALITY (DES)

DES ALGORITHM

DATADES-KEY

ENCRYPTED DATA


IDEA BEHIND ENCRYPTION

DES ALGORITHM

DATADES-KEY

ENCRYPTED DATA

ENCRYPTED DATAUSER

DES ALGORITHM

DATADES-KEY

ENCRYPTED DATA

ENCRYPTED DATAUSER


VIEW BASED ACCESS CONTROL MODEL

ACCESS CONTROL TABLE

MIB VIEWS


ACCESS CONTROL TABLES

GET / GETNEXTInterface Table John, Paul Authentication

•••••• ••• •••

•••••• ••• •••

SETInterface Table JohnAuthentication

GET / GETNEXTSystems Group George None

•••••• ••• •••

•••••• ••• •••

Encryption

MIB VIEWALLOWED

MANAGERSREQUIRED LEVEL

OF SECURITYALLOWED

OPERATIONS


MIB VIEWS


SNMPv3 IMPLEMENTATIONS

ACE*COMMAdventNet

BMC SoftwareCisco

EpilogueGambit communications

HalcyonIBMISI

IWLMG-SOFT

MultiPort CorporationSimpleSoft

SNMP Research

SNMP++ TU of Braunschweig

UCDUniversity of Quebec


SNMPv3 RFCs

OTHER

SNMP APPLICATIONS

SNMP ENGINE


DISPATCHERSECURITY

SUBSYSTEMACCESS CONTROL

SUBSYSTEM

SNMP ENTITY

RFC 2573

RFC 2571

RFC 2572 RFC 2572 USM: RFC 2574 VACM: RFC 2575










REMOTE MONITORING

RMON1 (RFC 1757 - DRAFT)TOKEN RING EXTENSIONS TO RMON (RFC 1513 - PROPOSED)

RMON2 (RFC 2021 - PROPOSED)SMON (RFC 2613 - PROPOSED)

ETHERNET

MANAGER

RMON

WAN

Copyright © 2001 by Aiko Pras



RMON1 GROUPS

NINE GROUPS:

• STATISTICS

• HISTORY

• HOST

• HOST TOP N

• TRAFFIC MATRIX

• ALARMS

• FILTERS

• PACKET CAPTURE

• EVENTS


STATISTICS GROUP

KEEPS STATISTICS PER ETHERNET SEGMENT

SHOWS:• PACKETS• OCTETS

• BROADCASTS• MULTICASTS• COLLISIONS

• ERRORS

KEEPS TRACK OF PACKET SIZE DISTRIBUTION:• 65 - 127 OCTETS

• 128 - 255 OCTETS• 256 - 511 OCTETS

• 512 - 1023 OCTETS• 1024 - 1518 OCTETS


STATISTICS GROUP - ERRORS

< 64 Bytes64 to 1518>1518 bytes

WELL-FORMED PACKETS

undersizeGOOD!oversize

BAD FCS ERRORSfragmentsCRC oralignment errors

jabber


HISTORY GROUP

STORES INFORMATION OF STATISTICS GROUPEXCEPT PACKET SIZE DISTRIBUTION

USES A CIRCULAR BUFFER• BUCKETS

• SIZE MAY BE SET BY MANAGER

MANAGER MAY SET:• THE ETHERNET SEGMENTS (INTERFACES)

• SAMPLING INTERVAL


HOST INFORMATION

• HOST• HOST TOP N

IN / OUT:PACKETS / OCTETS

OUT:BROADCASTSMULTICASTS

ERRORS

INFORMATION INDEXED BY:• INTERFACE AND MAC ADDRESS (hostTable)

• CREATION TIME (hostTimetable)• SORTED ON SOME VARIABLE VALUE (hostTopN)


TRAFFIC MATRIX

FOR EACH SOURCE & DESTINATION• PACKETS• OCTETS• ERRORS

USEFUL:• TO PROVIDE "WHAT IF" ANALYSIS

• TO DETECT INTRUDERS


ALARM GROUP

ABSOLUTE OR DELTA VALUES

TRIGGERS ON:• RISING ALARM

• FALLING ALARM• RISING OR FALLING ALARM

900

800

700

600

500

400

300

200

100

RISING TRESHOLD

FALLING TRESHOLD

NOTIFICATION

NOTIFICATION

NOTIFICATION


OTHER GROUPS

FILTER GROUP• TO COUNT PACKETS THAT CARRY A SPECIFIC BIT-PATTERN

PACKET CAPTURE GROUP• TO STORE SPECIFIC PACKETS

EVENT GROUP• TO DEFINE THE VARIOUS EVENTS

• TO DETERMINE ON LOGGING AND / OR TRANSMISSION OF TRAPS

ALARMS

FILTER

EVENTS TRAPS

CAPTURETABLE

LOGTABLE

MIB VARIABLES


RMON2

TO MONITOR ALL HIGHER LAYER PROTOCOLS

EXTENDS RMON1 WITH FOLLOWING GROUPS:• PROTOCOL DIRECTORY GROUP

• PROTOCOL DISTRIBUTION GROUP• ADDRESS MAPPING GROUP

• NETWORK LAYER HOST GROUP• NETWORK LAYER MATRIX GROUP• APPLICATION LAYER HOST GROUP

• APPLICATION LAYER MATRIX GROUP• USER HISTORY GROUP

• PROBE CONFIGURATION GROUP









Documents

NETWORK MANAGEMENT Principles, Objectives & Components مادة إدارة الشبكات السنة الخامسة - اختصاص نظم وشبكات By Dr. Moutasem SHAFA’AMRY