Upload
-
View
268
Download
2
Tags:
Embed Size (px)
DESCRIPTION
Simple Network Management Protocol
Citation preview
In the name of ALLAH, the most merciful and beneficent.
2
Group Members Muhammad Imran Shareef ( GL ) Muhammad Hassan Rasheed Hafiz Ali Raza Abdul Munam Awais Ghaffar Muhammad Kamil
3
SNMPSimple Network Management Protocol
4
Simple Network Management Protocol
¤ SNMP is "Internet-standard protocol for managing devices on IP networks”.
¤ Devices that support SNMP include routers, switches, Servers, workstations, printers, modem racks, and more.
¤ SNMP is used to monitor network-attached devices.
¤ SNMP is a component of the Internet Protocol Suite as defined by the Internet Engineering Task Force (IETF).
5
SNMP concept
6
SNMP & Network Management History
1983 - TCP/IP replaces ARPANET at U.S. Dept. Of Defense, effective Birth of internet.
First model for net management – HEMS – High Level Entity Management system ( RFCs 1021,1022,1024,1076)
1987 – CMIP - Common Management information protocol , and CMOT ( CMIP over TCP) for the actual network protocol for use on the internet.
Nov 1987- SGMP – Simple Gateway Monitoring protocol ( RFC 1028)
Aug 1989 – Internet Standard Network Management Frame work ( RFCs 1065, 1066, 1067)
7
SNMP & Network Management History
Apr 1989 – SNMP promoted to recommended status as the de fecto TCP/IP network management frame work ( RFC 1098 )
June 1989 – IAB committee decides to let SNMP and CMOT develop separately
May 1990 – IAB promotes SNMP to a standard protocol with a recommended status ( RFC 1157 )
Mar 1991 – Format of MIBs and traps defined ( RFCs 1212, 1215) TCP/IP MIB definition revised to create SNMP V1 ( RFC 1213 )
8
Components of network management on the Internet
9
SNMP Framework
SMI: Structure of Management Information
(Rules of describing management information
MIB: Management Information Base (Database on managed devices)
BER: Basic Encoding Rules
Protocol: “Manager-Agent” interaction
10
SMI : Structure of Management Information
SMI defines the general rules for naming objects, defining object types and showing how to encode objects and values.
SMI does not define the number of objects an entity should manage or name the objects to be managed
define the association between the objects and their values.
11
SMI Data Types (Examples)
• INTEGER -- signed 32-bit integer• OCTET STRING• OBJECT IDENTIFIER (OID)• NULL -- not actually data type, but data value• IpAddress -- OCTET STRING of size 4, in network byte order (B.E.)• Counter -- unsigned 32-bit integer (rolls over)• Gauge -- unsigned 32-bit integer (will top out and stay there)• TimeTicks -- unsigned 32-bit integer (rolls over after 497 days)• Opaque -- used to create new data types not in SNMPv1• DateAndTime, DisplayString, MacAddress, PhysAddress, TimeInterval, TimeStamp, TruthValue,
VariablePointer -- textual conventions used as types
12
MIB : Management Information Base
MIB creates a collection of named objects, their types, and their relationships to each other in an entity to be managed.
MIB is the definition of “objects” that should be provided on each managed node by the SNMP “agent”.
An “object” is a quantity or a field that describes one functional aspect of a device.
MIB objects are arranged in “groups” Some groups relate to “layer” of the protocol stack. Other groups relate to the system as a “whole”
13
MIB
14
BER – Basic Encoding Rules
The relationship between ASN.1 and BER parallels that of source code and machine code. CCITT X.209 specifies the Basic Encoding Rules All SNMP messages are converted / serialized from ASN.1 notation
into smaller, binary data (BER)
15
Features of SNMP
¤ Its design is simple , making it easier to implement on network of any size.
¤ Its simple design makes it easy for a user to program variables they would like to have monitored.
¤ It is popular and extensible. A device manufacturer can easily add new registers for
monitoring
16
Key Components of SNMP
¤ An SNMP-managed network consists of three key components.
Managed device Agent — software which runs on managed devices Network management system (NMS) — software
which runs on the manager
17
Managed Device
¤ A managed device is a network node that implements an SNMP interface.
¤ It allows unidirectional (read-only) or bidirectional access to node-specific information.
¤ Managed devices exchange node-specific information with the NMSs.
¤ The managed devices can be routers, servers, switches, bridges, hubs, IP telephones, IP video cameras ,printers etc.
18
SNMP Agent
¤ An agent is a network-management software module that resides on a managed device.
¤ An agent has local knowledge of management information.
19
SNMP Components
20
Network Management System
A network management system (NMS) executes applications that monitor and control managed devices.
NMSs provide the bulk of the processing And memory resources required for network management.
One or more NMSs may exist on any managed network
21
NETWORK MANAGEMENT SYSTEM
We can say that the functions performed by a network management system can be divided into five broad categories:
Configuration management Fault management Performance management Security management Accounting management
22
Functions of a network management system
23
Basic Task of NMS
Configuration management Keeping track of device settings and how they function
Fault management Dealing with problems and emergencies in networks ( Router stops routing , Server loses power etc)
Performance Management How smoothly is the network running? Can it handle the work load it currently has?
24
25
Proxy Agents
¤ Proxy Agents extend the capabilities of SNMP by allowing it:
Manage a device that cannot support an SNMP agent Manage a device that supports a non-SNMP management agent Allow a non-SNMP management system to access an SNMP agent Provide firewall-type security to other SNMP agents Translate between different formats of SNMP messages Consolidate multiple managed nodes into a single network address
26
SNMP Messages
Get-Request Sent by manager requesting specific data from agent
Get-Next-Request Sent by manager requesting data on the next MO to the one specified
Set-Request Initializes or changes the value of network element
Get-Response Agent responds with data for get and set requests from the manager
Trap Alarm generated by an agent
27
28
SNMP Operation
SNMP operates in the Application Layer of the OSI model. The SNMP agent receives requests on UDP port 161. The manager may send requests from any available source port to port 161
in the agent. The agent response will be sent back to the source port on the manager. The manager receives Traps and InformRequests on port 162. The agent may generate notifications from any available port. When used with Transport Layer Security or Datagram Transport Layer
Security requests are received on port 10161 and traps are sent to port 10162.[3]
29
SNMP Versions
¤ Two major versions SNMPV1, SNMPV2
¤SNMPV1 is the recommended standard¤SNMPV2 has become split into:
SNMPV2U – SNMP with user based security SNMPV2* - SNMP with user based security and additional features SNMPV2C – SNMPV2 Without security
30
SNMP Versions
SNMPv1 specifies five core protocol data units (PDUs). Two other PDUs, GetBulkRequest and InformRequest were added in SNMPv2 and carried over to SNMPv3.
All SNMP PDUs are constructed as follows:
Ip Header
UDP Header
Version Community PDU- Type Request id Error
Status Error Index Variable bindings
31
SNMP V1
Version 1 : SNMP version 1 is the initial implementation of the SNMP protocol. SNMPv1 operates over protocols such as User Datagram Protocol (UDP), Internet Protocol SNMPv1 is widely used and is the de facto network-management protocol in the Internet
community The first RFCs for SNMP, now known as SNMPv1, appeared in 1988: Version 1 has been criticized for its poor security. Authentication of clients is performed only by a "community string", in effect a type of
password, which is transmitted in clear text. '80s design of SNMP V1 was done by a group of collaborators who viewed the officially
sponsored OSI/IETF/NSF (National Science Foundation) effort (HEMS/CMIS/CMIP) as both implementable in the computing platforms of the time as well as potentially unworkable.
32
SNMP V2
SNMPv2 (RFC 1441–RFC 1452), revises version 1 Improvements in the areas of performance, security, confidentiality,
and manager-to-manager communications. It introduced Get Bulk Request, an alternative of Get Nex Requests for
retrieving large amounts of management data in a single request. The new party-based security system in SNMPv2, viewed by many as
overly complex, was not widely accepted.
33
SNMP V3
Version 3 :
Although SNMPv3 makes no changes to the protocol aside from the addition of cryptographic security
it looks much different due to new textual conventions, concepts, and terminology. SNMPv3 primarily added security and remote configuration enhancements to SNMP. Security has been the biggest weakness of SNMP since the beginning. Authentication in SNMP Versions 1 and 2 amounts to nothing more than a password (community
string) sent in clear text between a manager and agent. Each SNMPv3 message contains security parameters which are encoded as an octet string. The meaning of these security parameters depends on the security model being used. In practice, SNMP implementations often support multiple versions: typically SNMPv1, SNMPv2c,
and SNMPv3.
34
Advantages of using SNMP
¤ Standardized
¤ Universally supported
¤ Extendible
¤ Portable
¤Allows distributed management access
¤ Light weighted protocol
35
Disadvantages of SNMP
Reducing network bandwidth some large security gaps largest security problems
privacy of data authentication access control
so simple that the information it deals with is neither detailed nor well-organized enough to deal with the expanding networks
36
SNMP Architecture and model
Organization Model Functional ModelInformation Model Communication Model
Network management
37
SNMP & The OSI Model
Management and Agent APIs7 Application LayerSNMP
6 Presentation Layer ASN.1 and BER5 Session Layer RPC and NetBIOS4 Transport Layer TCP and UDP3 Network Layer IP and IPX2 Data Link Layer1 Physical Layer
Ethernet, Token Ring, FDDI
38
Ports & UDP
¤ SNMP uses User Datagram protocol (UDP) as the transport mechanism for SNMP message
¤ Like FTP, SNMP uses two well-known ports to operate UDP Port 161 – SNMP Message UDP Port 162– SNMP Trap Message
IP packet UDP datagram SNMP MessageEthernet Frame
39
Languages of SNMP
¤ Structure of Management Information ( SMI)Specifies the format used for defining managed objects that are accessed via the SNMP protocol
¤ Abstract Syntax Notation ( ASN .1)Used to define the format of SNMP message and managed objects( MIB modules
¤ Basic Encoding Rules ( BER )Used to encode the SNMP message into format suitable for transmission across a network
40
THANK YOU