Chapter 5 SNMP Management Network Administration CNET-443 Chapter 5 SNMP Management

Outline SNMPV3 key features SNMPV3 documentation architecture SNMPV3 architecture Elements of an entity Names Abstract service interfaces SNMPV3 applications Command generator Command responder Notification originator Notification receiver Proxy forwarder SNMPV3 management information base Security Security threats Security model Message format

SNMP V3 Features Modularization of Architecture and Documentation Continued usage of legacy SNMP entities Application services and primitives Formulizes messages in use in earlier versions Improved Security Continued and formulized Access Policy

SNMPV3 Documentation Architecture SNMP document architecture addresses how existing documents and new documents could be designed to be autonomous and at the same time be integrated to describe different SNMP frameworks. Represented as follows:

SNMPV3 Architecture SNMP network management consists of several nodes, each with an SNMP entity. Interact with each other to monitor and manage the network and resources. Architecture of an SNMP entity is defined as the elements of an entity the names associated with them. Three kinds of naming: Naming of entities Naming of identities Naming of management information

SNMPV3 Architecture: Elements of an Entity

Names Naming of entities, identities and management information is part of SNMPv3 specifications Two names are associated with identities: Principal and securityName Principal is the who requesting services. It could be a person or an application. The securityName is a human readable string representing a principal. The principal could be a single user. The principal can be given a security name administratively.

Abstract Services Interfaces Subsystems in an SNMP entity communicate across an interface. Abstract services interface is generic and independent of specific implementation. See Figure:

SNMPV3 Applications SNMPv3 formally defines five types of applications. Not same as the functional model that the OSI model addresses. May be considered as application service elements. They are: Command Generator Command Responder Notification Originator Notification Receiver Proxy Forwarder

Command Generator Used to generate get-request, get-next-request, get-bulk and set-request messages. Processes the response received for the command sent. Command generator application is associated with the network manager process. Command Generator Application:

Command Responder Processes the get and set requests destined for it. Received the legitimate non-authoritative remote entity. Performs the appropriate action of get or set on the network element. Prepares a get response message. Sends it to the remote entity that made the request. As shown in Figure:

Notification Originator Generates either a trap or an inform message. Function is somewhat similar to command responder. Except it needs to find out where to send the message Also what SNMP version and security parameters to use. The target that the notification should be sent is obtained from the target group.

Notification Receiver Receives SNMP notification messages. Registers with the SNMP engine to receive these messages. Same as the command responder does to receive get and set messages.

Proxy Forwarder Performs a function similar to proxy server. The term proxy is used to refer to a proxy forwarder application that forwards SNMP requests, notifications and responses. Proxy forwarder handles four types of messages: Messages generated by command generator Command responder Notification Generator Report indicator

SNMPV3 MIB Sikandar Bhai

SNMPV3 MIB

Security One of the main objectives in developing SNMPv3. Following aspects have been discussed in SNMPv3 specifications: Authentication Privacy of information Authorization Access Controls

Security Threats Four types of threats: Modification of information Masquerade Message stream modification Disclosure As shown in following figure:

Security Model

Message Format

Thanks