TCP/IP Protocol Suite 1 Chapter 21 Upon completion you will be able to: Network Management: SNMP Understand the SNMP manager and the SNMP agent Understand the roles of SMI and MIB in network management Be familiar with SMI object attributes and encoding methods Know how an MIB variable is accessed Be familiar with the SNMP PDU and format Objectives
TCP/IP Protocol Suite CONCEPT SNMP defines a manager, which is typically a host that controls and monitors a set of agents, and usually routers. Note: SNMP has gone thru 3 versions. SNMP v1 was very common. SNMP v2 is rare. Many installations have skipped v2 and gone straight to v3. The topics discussed in this section include: Managers and Agents
TCP/IP Protocol Suite 3 Figure 21.1 SNMP concept One or more
TCP/IP Protocol Suite MANAGEMENT COMPONENTS SNMP requires the use of two other protocols: Structure of Management Information (SMI) and Management Information Base (MIB). Network management on the Internet is done through the cooperation of SNMP, SMI, and MIB. The topics discussed in this section include: Role of SNMP Role of SMI Role of MIB An Analogy An Overview
TCP/IP Protocol Suite 5 Figure 21.2 Components of network management on the Internet We will discuss each of these components in turn, but first …
TCP/IP Protocol Suite 6 SNMP defines the format of packets exchanged between a manager and an agent. It reads and changes the status (values) of objects (variables) in SNMP packets. Note:
TCP/IP Protocol Suite 7 SMI defines the general rules for naming objects, defining object types (including range and length), and showing how to encode objects and values. SMI defines neither the number of objects an entity should manage, nor names the objects to be managed, nor defines the association between the objects and their values. Note:
TCP/IP Protocol Suite 8 MIB creates a collection of named objects, their types, and their relationships to each other in an entity to be managed. Note:
TCP/IP Protocol Suite 9 We can compare the task of network management to the task of writing a program. ❏ Both tasks need rules. In network management this is handled by SMI. ❏ Both tasks need variable declarations. In network management this is handled by MIB. ❏ Both tasks have actions performed by statements. In network management this is handled by SNMP. Note:
TCP/IP Protocol Suite 10 Figure 21.3 Management overview Example: A manager station (SNMP client) wants to send a message to an agent station (SNMP server) to find the number of UDP datagrams received by the agent. SNMP client SNMP server
TCP/IP Protocol Suite SMI SMI is a component used in network management. It names objects, defines the type of data that can be stored in an object, and shows how data can be encoded for transmission over the network The topics discussed in this section include: NameType Encoding Method
TCP/IP Protocol Suite 12 Figure 21.4 Object attributes Each object has three attributes: name, type, and encoding method. Each managed object (such as a router or a variable in a router) has to have a unique name. Use the following hierarchical design to name an object.
TCP/IP Protocol Suite 13 Figure 21.5 Object identifier The objects that are used in SMNP are located under the mib-2 object, so their identifiers always start with
TCP/IP Protocol Suite 14 Figure 21.6 Data type The second attribute of an object is the data type. To define the data type, SMI uses Abstract Syntax Notation 1 (ASN.1). SMI has two broad categories of data type: simple and structured.
TCP/IP Protocol Suite 15 Table 21.1 Simple data types First 5 are from ASN.1; next 7 are defined by SMI.
TCP/IP Protocol Suite 16 Figure 21.7 Conceptual data types SMI defines two structured data types: sequence and sequence of. Sequence is similar to C’s struct or record
TCP/IP Protocol Suite 17 Figure 21.8 Encoding format SMI uses another standard – Basic Encoding Rules (BER) – to encode data to be transmitted over the network. BER specifies that each piece of data be encoded in triplet format: tag, length, and value. The Class subfield defines the scope of the data: 00 – universal, 01 – application-wide, 10 – context-specific, 11 – private. The universal data types are shown in the first 5 rows of the next table. The application-wide types are the last 5 rows. Format bit: simple is 0 and structured is 1. The number field further divides simple or structured into subgroups.
TCP/IP Protocol Suite 18 Table 21.2 Codes for data types
TCP/IP Protocol Suite 19 Figure 21.9 Length format If length is only 1 byte, first bit = 0 If length is >1 byte, first bit is 1 and remaining seven bits define how many bytes in the length.
TCP/IP Protocol Suite 20 Figure shows how to define INTEGER 14. Example 1 See Next Slide
TCP/IP Protocol Suite 21 Figure Example 1, INTEGER 14
TCP/IP Protocol Suite 22 Example 2 See Next Slide Figure shows how to define the OCTET STRING “HI.”
TCP/IP Protocol Suite 23 Figure Example 2, OCTET STRING “HI”
TCP/IP Protocol Suite 24 Figure shows how to define ObjectIdentifier (iso.org.dod.internet). Example 3 See Next Slide
TCP/IP Protocol Suite 25 Figure Example 3, ObjectIdentifier
TCP/IP Protocol Suite 26 Figure shows how to define IPAddress Example 4 See Next Slide
TCP/IP Protocol Suite 27 Figure Example 4, IPAddress
TCP/IP Protocol Suite MIB MIB (Management Information Base) is the second component used in network management. Each agent has its own MIB, a collection of all the objects that the manager can manage. The topics discussed in this section include: Accessing MIB Variables Lexicographic Ordering
TCP/IP Protocol Suite 29 Figure mib-2 The objects in an MIB are categorized under 10 different groups. sys: general info about the node (system) if: defines information about all of the interfaces of the node at: info about the ARP table ip: defines info related to IP, such as routing table and IP address icmp: info related to ICMP, such as number of packets sent, total errors tcp: data such as connection table, time-out values, number of ports udp: data such as number of ports, number of packets sent and received snmp: general info related to SNMP itself
TCP/IP Protocol Suite 30 Figure udp group Say you want to reference the variable udpIn Datagrams. The id of the variable would be To reference udpLocal Address: But these only reference the variable. If you want to show the contents of each variable, add a 0 to the end. So the value of updIn Datagrams is in
TCP/IP Protocol Suite 31 Figure udp variables and tables
TCP/IP Protocol Suite 32 Figure Indexes for udpTable Note that entries in a table are not referenced by simple integer, as they are in most programming languages. Table entries are indexed by local IP address and local port number.
TCP/IP Protocol Suite 33 Figure Lexicographic ordering Data is ordered by columns.
TCP/IP Protocol Suite SNMP SNMP v3 is an application program that allows 1) a manager to retrieve the value of an object defined in an agent; 2) a manager to store a value in an object defined in an agent; and 3) an agent to send an alarm message about an abnormal situation to the manager. SNMP uses both SMI and MIB to accomplish this. The topics discussed in this section include: PDUsFormat
TCP/IP Protocol Suite 35 Figure SNMP PDUs SNMP defines 8 types of packets (or PDUs): GetRequest – sent from manager (client) to agent (server) GetNextRequest – mostly used to retrieve values of the entries in a table GetBulkRequest – to retrieve a large amount of data SetRequest – sent from manager to agent to set(store) a value Response – in response to GetRequest or GetNextRequest Trap – reports an event. For example, if the agent is rebooted, it informs the manager and reports the time of rebooting. InformRequest – sent from one manager to another remote manager to get the values of some variables under the control of the remote manager Report – to report some types of errors between managers. Not yet in use.
TCP/IP Protocol Suite 36 Figure SNMP PDUs
TCP/IP Protocol Suite 37 Figure SNMP PDU format Format for the 8 PDUs: PDU Type – See Table 21.4 Error Status – Used in Response PDUs; see Table Error Index – offset that tells which variable caused error VarBind List – set of variables the manager wants to retrieve (or set)
TCP/IP Protocol Suite 38 Table 21.3 Types of errors
TCP/IP Protocol Suite MESSAGES SNMP does not just send PDUs, it embeds the PDU in a message. A message in SNMP is made of four elements: version, header, security parameters, and data (which includes the encoded PDU). (See the next figure)
TCP/IP Protocol Suite 40 Figure SNMP message
TCP/IP Protocol Suite 41 Table 21.4 Codes for SNMP messages
TCP/IP Protocol Suite 42 In this example, a manager station (SNMP client) uses the GetRequest message to retrieve the number of UDP datagrams that a router has received. There is only one VarBind entity. The corresponding MIB variable related to this information is udpInDatagrams with the object identifier The manager wants to retrieve a value (not to store a value), so the value defines a null entity. Figure shows the conceptual view of the packet showing the hierarchical nature of sequences. We have used white and color boxes for the sequence and a gray one for the PDU. Example 5 See Next Slide
TCP/IP Protocol Suite 43 The VarBind list has only one VarBind. The variable is of type 06 and length 09. The value is of type 05 and length 00. The whole is a sequence of length 0D (13). The VarBind list is also a sequence of length 0F (15). The GetRequest PDU is of length 1D (29). Now we have three OCTET STRINGs related to security parameter, security model, and flags. Then we have two integers defining maximum size (1024) and message ID (64). The header is a sequence of length 12, which we left blank for simplicity. There is one integer, version (version 3). The whole message is a sequence of 52 bytes. Figure shows the actual message sent by the manager station (client) to the agent (server). Example 5 See Next Slide
TCP/IP Protocol Suite 44 Figure Example 5 object identifier, length 9, udpInDatagrams ( ) Security parameter, security model, flags BER notation: 30 means Sequence of, 34 is length (Table 21.2) Max. size and Msg.ID Get Request PDU Table 21.4 Request ID, Error Status, Error Index (Fig 21.20)
TCP/IP Protocol Suite 45 Figure GetRequest message
TCP/IP Protocol Suite UDP PORTS SNMP uses the services of UDP on two well-known ports, 161 and 162. The well-known port 161 is used by the server (agent), and the well- known port 162 is used by the client (manager).
TCP/IP Protocol Suite 47 Figure Port numbers for SNMP
TCP/IP Protocol Suite SECURITY The main difference between SNMPv3 and SNMPv2 is the enhanced security. SNMPv3 provides two types of security: general and specific. SNMPv3 provides message authentication, privacy, and manager authorization.