1 Fundamentals of SNMP

2 Simple Network Management Protocol Three Essentials Structure for Management Information (SMI) Set of rules for specifying management information Management Information Base Structured collection of all the managed objects and data The protocol

3 Structure for Management Information How to define management Information? What is the architecture to be used? How to define an object? Specify a language to define an object

4 Object Type and Object What is an Object Type? Abstract definition for a managed object What is a managed object? An entity in a managed system (node), about which we want information, to manage the node E.g. system up time, packets sent, packets received, number of interfaces

5 Structuring managed objects SMI specifies a hierarchical tree structure for naming and managing objects

6 Contd.. dod object is identified as {iso org(3) dod(6)} or simply {1.3.6} mgmt object is identified as {iso org(3) dod(6) internet (1) mgmt (2) } or simply { } {1.3.6}, { } are authoritative identification for the two objects. They also specify how to access the object

7 Mgmt sub tree

8 Contd.. sysDescr and sysName are managed objects There could be more than one instance of a managed object

9 Object Definitions Specify the name, its properties, how to identify it etc. Example (Name of the Object) OBJECT-TYPE Property 1 Property ::= OBJECT IDENTIFIER

10 Contd.. OBJECT IDENTIFIER Machine recognizable Name of the Object Human readable

11 Contd..example SnmpInPackets OBJECT-TYPE SYNTAXCounter32 MAX_ACCESSread-only STATUScurrent DESCRIPTION “the total number of packets received by the SNMP entity from the transport service” REFERENCE “from the RFC1213- MIB.snmpInPkts” ::= {snmp 1}

12 Contd.. Instead of {snmp 1} – could have been { } Interpretation SnmpInPkts is an object delimitation for an object that requires a counter of 32 bits to store, is currently active and is used to identify the number of packets received by the SNMP entity from the transport service and reference to this can be found in “RFC1213-MIB.snmpInPkts”

13 Contd.

14 Contd.. SYNTAX, MAX ACCESS etc are properties of the object

15 Object type and instances Objects can be scalar or tabular Scalar objects One instance for that object E.g. SnmpInPkts To access the object instance use

16 Aggregate Objects Tabular or aggregate objects ipAddrTableOBJECT-TYPE SYNTAXSEQUENCE OF IpAddrEntry ACCESSnot-accessible STATUSmandatory DESCRIPTION“the table of addressing information relevant to this entity’s IP addresses” ::= {ip 20}

17 Contd.. ipAddrTable is made up of a sequence of IpAddrEntry objects (rows of the table) ipAddrEntry OBJECT-TYPE SYNTAXIpAddrEntry ACCESSnot-accessible DESCRIPTION ….. INDEX{ipAdEntAddr} ::={IpAddrTable 1}

18 Contd.. IpAddrEntry :: = SEQUENCE { ipAdEntrAddrIpAddress ipAdEntIfIndexINTEGER ipAdEntNetMASKIpAddress ipAdEntBCastAddrINTEGER ipAdEntReasmMaxSizeINTEGER ( ) }

19 Object instances of ipAddrTable RowipAdEntAddrioAdEntIfIndexipAdEntBcastAddr

20 Accessing instances of the table objects ipAdEntAddr is index Columnar objectRow noObject id ipAdEntAddr { } IpAdEntIfIndex { } IpAdEntBcastAddr { } IpAdEntReasmMaxSize { }

21 MIBS MIB modules define a collection of related managed objects A large module has groups MIB II has the following groups System, interfaces, ip, tcp, snmp, udp etc.

22 SNMP – the protocols Request Operations Get, getnext, getbulk, set Request id – helps manager application to distinguish between outstanding requests Get, getnext, getbulk – collets values Set – sets the specified value for the object Variable-bindings – list of variables, containing a name and value MIB view

23 Contd.. Response Returned by the Agent Request id repeated Error status - non-zero indicates error occurrence – ignore the information in the variable bindings field Error index - index tells which variable is in error

24 Get Operation – general example

25 Getnext

26 Getnext contd.. Makes use of the ordering of the variable Returns name and value of next instance in MIB If no next instance – endOfMibView Try: getnext (ver) (host) 0.0

27 Getnext with indices AtIfIndexAtPhyAddressAtNetAddress C3920B C3920AC C3920AF

28 Contd.. Indices retrieved automatically

29 getbulk Executes getnext repeatedly E.g getbulk non-repeaters max-repetitions Getbulk (2, 3, A, B, C, D) On A and B getnext executed only once On C, D getnext executed 3 times

30 others Set – agent will update the value of the variable and return a response Notification – unsolicited interaction from Agent – on detecting an abnormal condition Trap – similar to notification – expects no response from manager

31 Trap Request id included Sent to UDP port 162 Includes Timestamp – indicating when the trap was generated Identity of the trap Some traps are generic Cold start, warm start, link down

32 Manager Application A browser, which polls Agents to retrieve values Modest processing on values Display information to user Sophisticated Applications Interpret variables to system behavior

33 Agent features Timestamps Counters Error codes Other capabilities

34 Timestamp MA uses this information to determine when the agent observed something Agent knowledge of time is not absolute Agent may not know the time when the device is off MA and managed device times may not be synchronised TimeStamp is a snapshot of the TimeTick value TimeTick is in hundredths of a second

35 Time stamp example Snmpget –v 2c localhost system.sysUpTime.0 Response system.sysUpTime.0 =Timeticks ( ) 16:39:23.52

36 Counters Can be used to calculate rates Observe difference between 2 consecutive measures Beware of wrap around More than once Restarting device may reset the counter to 0

37 Counters example Snmpget –v 2c localhost system.sysUpTime.0 ip.ipInreceives.0 Response system.sysUpTime.0 = Timeticks: ( ) 16:42:58.53 ip.ipInReceives.0 = Repeat after some time IP datagram incoming rate = ip.ipInReceives.0 (2) - ip.ipInReceives.0 (1) Timeticks (2) – Timeticks (1)

38 Utilization rx.utilisation=delta(ifInOctets)*8 *100 ifSpeed*delta (timeticks) tx.utilisation = delta(ifOutOctets)*8 * 100 ifSpeed*delta (timeticks) utilization of an Ethernet segment = tx.utilisation + rx.utilisation

39 Broadcast storms Percentage of overall broadcast packet? High broadcast packet rate? receive b/m pkt rate = delta(ifInNUcastPkts) delta (seconds) transmit b/m pkt rate = delta(ifOutNUcastPkts) delta (seconds)

40 Agent Capabilities MA uses this to customize its interaction with an agent Agent implementing a MIB group should implement all objects in the MIB Not all objects are present – instrumentation limitations MAX-ACCESS – can be read-write, but underlying instrumentation may allow only read and no control

41 Contd.. SYNTAX – range of values that an object may take – only a subset may be possible Table access Agent should permit adding new rows MA should know Agent capabilities to customize its interaction

42 Authentication Managed Station may wish to limit access of their MIBs to authorized Management Stations Community name is the password for authentication – in snmpv1

43 Community Defines a relationship between an SNMP agent and a set of SNMP managers in terms of authentication, access control and proxy characteristics Managed System establishes one community for each desired combination the community is a unique name within the agent, and management station pair Management Station and agents in that community must employ the community name in all get and set operations

44 Contd.. An agent may establish a number of communities Pairing of a Management Station and a Managed Station is called an SNMP community

45 Access Policy Managed stations wish to give different access privileges  o different management stations By using a different community name – agent can provide different categories of access to different management stations

46 SNMP Access Policy Network Elements comprise many managed objects Standard Private An Agent can view a subset – MIB view MIB view and Access provide the community profile

47

48

49 SNMP versions – version 1 Primitive types Defined types Derived types Constructive types

50 SNMP versions – Version 1 INTEGER 32 bit value in 2’s complement to can be used to represent enumerated types OCTET STRING zero or more octets Each octet has a value Text string Ex: system description OBJECT IDENTFIER Sequence of integers NULL -placeholder

51 Derived types Network Address Counter – 32 bit nonnegative integer wraps around on reaching max value Gauge - 32 bit non negative integer – may increase or decrease –capped Timeticks: time in hundredth’s of second – 32 bit non-negative integer Wraps around in 497 days

52 32 bit counter wrap around time Gigabit interface polling < 0.57 min Use two 32 bit counters Interface speedWrap around time 10 Mbps57.26 min 100 Mbps5.73 min 155 Mbps3.69 min 1 Gbps0.57 min

53 Constructor types SEQUENCE – list SEQUENCE OF – table

54 Key words ACCESS BEGIN – macro definition DESCRIPTION Counter Gauge INTEGER

55 MIB groups System Interfaces Address Translation IP ICMP TCP UDP EGP CMOT transmission SNMP

56 SNMP v1 operations Get Getnext Set trap

57 Traps in SNMPv1 Six generic traps have been defined Encoded in the SNMP message field between 0-5 Other specific traps Generic Trap field in message is 6 Vendor specific – problems?

58 SNMPv2 – additions and changes Bulk data transfer request and receive bulk data manager-to-manager message interoperability of two Network Management Systems Module definitions, Object definitions, trap definitions RFC1155, 1212, 1215, 1902, 1904

59 Contd.. Textual conventions To help define new data types Conformance statements Vendors claim to product capability Table enhancements Expand a table by augmenting another table – helps add columnar objects

60 Data Types in SNMPv2 Integer32 – same as INTEGER Counter32 – same as Counter Gauge32 – same as Gauge Unsigned32 – similar to Gauge32 Counter64

61 Contd.. Tables RowPointer Row status – useful in changing rows active notInService notReady createAndGo createAndWait destroy

62 SMIv2 OBJECT-IDENTITY macro introduced Defines information about an OBJECT_IDENTIFIER Routers can be defined in general using OBJECT-IDENTITY A specific router is defined using an OBJECT_IDENTIFIER

63 Table Augmentation Extending aggregate objects from single to multiple tables Helps expand managed objects when the columnar objects needs to be increased Base table and augmented table Index in base table is also the index in the augmented table

64 Contd.. ipAddrTableOBJECT-TYPE SYNTAXSEQUENCE OF IpAddrEntry MAX-ACCESSnot-accessible STATUScurrent DESCRIPTION “ ” ::= {ip 20}

65 Contd. ipAddrEntryOBJECT-TYPE SYNTAXIpAddrEntry MAX-ACCESSnot-accessible STATUScurrent DESCRIPTION “ ” INDEX{ipAdEntAddr} ::= {ipAddrTable 1}

66 ipAugAddrTableOBJECT-TYPE SYNTAXSEQUENCE OF IpAugAddrEntry MAX-ACCESSnot-accessible STATUScurrent DESCRIPTION “ ” ::= {ipAug 1}

67 ipAugAddrEntryOBJECT-TYPE SYNTAXIpAugAddrEntry MAX-ACCESSnot-accessible STATUScurrent DESCRIPTION “ ” AUGMENT{ipAddrEntry} ::= {ipAugAddrTable 1}

68 Internet MIB Groups in SNMPv2

69 Traps in SNMPv2 Traps are defined using NOTIFICATION-TYPE Generic traps of snmpv1 have an object id under snmpTraps (a new object in SMIv2) Each trap has a unique id

70 Others Getbulk Get and getnext may recover only variables that are available SNMPv2 can be run over various other transport protocols IPX/SPX, Appletalk SNMPv1 and SNMPv2 can coexist Proxy server essential

71 SNMPv3 Addresses three issues Better administration Security Modular architecture – easy extendability SNMP Agent and Manager are considered as SNMP entity An SNMP entity consists of SNMP Engine SNMP applications

72 Modular architecture

73 SNMP engine Dispatcher Message Processing Subsystem Security Subsystem Access Control Subsystem

74 Dispatcher Responsible for sending and receiving messages Determines version number and sends to appropriate message processing model Action taken if message can not be understood

75 Message Processing Subsystem Prepares messages to be sent Extracts data from received messages

76 Security Decrypts the data portion Checks for proper authentication Forwards to proper SNMP application Security Model defines Security threats against which to protect Services provided Security protocols

77 Access Control Subsystem is called by Applications that need to access managed objects

78 Applications Internal applications – generate messages, respond to received messages, generate/rx notifications, forward messages between SNMP entities Command Generator (SNMP mgr?) Command responder (SNMP agent?) Notification originator (SNMP agent?) Notification receiver (SNMP mgr?) Proxy forwarder