Chapter 5 SNMPv1: Communication and Functional Models

SNMP Architecture Network 網路介面 SNMP UDP IP SNMP ManagerSNMP Agent SNMP Manager Application Get-Request GetNext-Request Set-Request Get-Response Trap 網路介面 SNMP UDP IP SNMP Agent Application Get-Request GetNext-Request Set-Request Get-Response Trap

SNMP Messages Get-Request Get-Next-Request Set-Request Get-Response Trap Generic trap Specific trap

Administrative Model Based on community profile and policy SNMP Entities: SNMP application entities - Reside in management stations and network elements - Manager and agent SNMP protocol entities - Communication processes (PDU handlers) - Peer processes that support application entities

SNMP Community Security in SNMPv1 is community-based Authentication scheme in manager and agent Community: Pairing of two application entities Community name: String of octets Two applications in the same community communicate with each other Application could have multiple community names Communication is not secured in SNMPv1 - no encryption

SNMP Community Community Relationship between an Agent and Managers. Community Name Used to validate the SNMP messages. Password SNMP Password. Default ‘ Get ’ community name: “ public ”. Authentication Failure Agent sends “ Authentication Failure Trap ” to Manager.

SNMP Community

Community Profile MIB view An agent is programmed to view only a subset of managed objects of a network element Access mode Each community name is assigned an access mode:: read-only and read-write Community profile = MIB view + access mode Operations on an object determined by community profile and the access mode of the object Total of four access privileges Some objects, such as table and table entry are non-accessible

Community Profile community

Access Policy Administration model is SNMP access policy SNMP community paired with SNMP community profile is SNMP access policy

Access Policy

GeneralizedAdministrationModelGeneralizedAdministrationModel

Proxy Access Policy

Protocol Entities

Default UDP Ports for SNMP 網路介面 SNMP UDP IP Manager Management Station Network Elements (NEs) 網路介面 SNMP UDP IP Agent 162 Any 161 Any

Protocol Entities Protocol entities support application entities Communication between remote peer processes Message consists of Version identifier Community name Protocol Data Unit Message encapsulated and transmitted

SNMP Message Version Identifier Community Name Protocol Data Unit The length of SNMP messages should not exceed 484 octets. Message ::= SEQUENCE { versionINTEGER {version-1(0)}, communityOCTET STRING, data ANY } Version Community SNMP PDU

SNMP PDUs

SNMP PDU PDU ::= SEQUENCE { request-id INTEGER, error-status INTEGER { noError(0), tooBig(1), noSuchName(2), badValue(3), readOnly(4), genErr(5)}, error-index INTEGER, variable-bindings SEQUENCE OF { nameObjectName, valueObjectSyntax } GetRquest ::= GetNextRequest ::= GetResponse ::= SetRequest ::= Trap ::= [0] PDU [1] PDU [2] PDU [3] PDU [4] Trap-PDU Five SNMP PDUs: PDU: Protocol Data Unit

error-status noError(0) tooBig(1) The size of the GetResponse-PDU to be generated exceeds a local limitation. noSuchName(2) Any object name in the variable-bindings does not match the name of some object available in the MIB view. badValue(3) The value of any object named in the variable-bindings field does not manifest a type, length, and value that is consistent with that required for the variable. readOnly(4) To set the value of an object with read-only access mode. genErr(5) Any object named in the variable-bindings field cannot be accessed for reasons not covered by any of the foregoing rules.

error-index The index of the first variable, in the variable-bindings, with an error as indicated in the error-status field. If there are more than one error in the variable-bindings? Only the first error is indicated. For those variables without any error? Atomic vs. Best-effort SNMP is atomic!

SNMP PDU (cont.) PDU typerequest-id00variable-bindings GetRequest, GetNextRequest, SetRequest PDU typerequest-id error-statuserror-index variable-bindings GetResponse variable-bindings name value name value name value...

Trap-PDU Trap-PDU ::= [4] IMPLICIT SEQUENCE { enterprise OBJECT IDENTIFIER, agent-addr NetworkAddress, generic-trap INTEGER { coldStart(0), warmStart(1), linkDown(2), linkUp(3), authenticationFailure(4), egpNeighborLoss(5), enterpriseSpecific(6)}, specific-trapINTEGER, time-stampTimeTicks, variable-bindingsVarBindList } Enterprise Enterprise: Type of Object generating trap. Agent Address Agent Address: Address of object generating trap. Generic Trap Generic Trap: Generic trap type. Specific Trap Specific Trap: Enterprise specific trap. Time Stamp Time Stamp: Time elapsed between the last initialization of the network entity and the generation of the trap. Variable Bindings “Interesting” information PDU type enterprise agent-addr generic - trap variable-bindings specific - trap time-stamp

Trap Type

Generic Trap Example Enterprise: Agent-Address: Generic-Trap: 4 Specific-Trap: 0 Timestamp: #VarBinds: 0

Enterprise-Specific Traps Traps defined by enterprises Identification of Enterprise-Specific Traps Enterprise  Enterprise OID Generic-Trap  6 Specific-Trap  an Integer

Enterprise Trap Example Enterprise: Agent-Address: Generic-Trap: 6 Specific-Trap: 4 Timestamp: VariableBindings: (4) : 02:18: : : (Info): Station 00092d Associated : AssociationOK

Manager Agent

Get-Next Request A B T E Z

Lexicographic Order

Get-Next Request :Non-Leaf Object :Leaf Object MIB Tree : In SNMP, Only leaf objects have values. ＊

Get-Next Requests with Indices

SNMP Get-Request Example >> snmpget -d Transmitted 41 bytes to camry ( ) port 161: Initial Timeout: 0.80 seconds 0: c a0 1a 02 0'.....public... 0: c a0 1a 02 0'.....public... 16: bc e 30 0c b : bc e 30 0c b : : : SNMP MESSAGE (0x30): 39 bytes 0: SNMP MESSAGE (0x30): 39 bytes 2: INTEGER VERSION (0x2) 1 bytes: 0 (SNMPv1) 2: INTEGER VERSION (0x2) 1 bytes: 0 (SNMPv1) 5: OCTET-STR COMMUNITY (0x4) 6 bytes: "public" 5: OCTET-STR COMMUNITY (0x4) 6 bytes: "public" 13: GET-REQUEST-PDU (0xa0): 26 bytes 13: GET-REQUEST-PDU (0xa0): 26 bytes 15: INTEGER REQUEST-ID (0x2) 2 bytes: : INTEGER REQUEST-ID (0x2) 2 bytes: : INTEGER ERROR-STATUS (0x2) 1 bytes: noError(0) 19: INTEGER ERROR-STATUS (0x2) 1 bytes: noError(0) 22: INTEGER ERROR-INDEX (0x2) 1 bytes: 0 22: INTEGER ERROR-INDEX (0x2) 1 bytes: 0 25: SEQUENCE VARBIND-LIST (0x30): 14 bytes 25: SEQUENCE VARBIND-LIST (0x30): 14 bytes 27: SEQUENCE VARBIND (0x30): 12 bytes 27: SEQUENCE VARBIND (0x30): 12 bytes 29: OBJ-ID (0x6) 8 bytes: : OBJ-ID (0x6) 8 bytes: : NULL (0x5) 0 bytes 39: NULL (0x5) 0 bytes

SNMP Get-Response Example Received 69 bytes from port 161: 0: c a C.....public.6. 0: c a C.....public.6. 16: bc a b *0(..+ 16: bc a b *0(..+ 32: c e e 4d Sun SNM 32: c e e 4d Sun SNM 48: e 74 2c e 57 2c 55 6c P Agent, SUNW,Ul 48: e 74 2c e 57 2c 55 6c P Agent, SUNW,Ul 64: d tra : d tra : SNMP MESSAGE (0x30): 67 bytes 0: SNMP MESSAGE (0x30): 67 bytes 2: INTEGER VERSION (0x2) 1 bytes: 0 (SNMPv1) 2: INTEGER VERSION (0x2) 1 bytes: 0 (SNMPv1) 5: OCTET-STR COMMUNITY (0x4) 6 bytes: "public" 5: OCTET-STR COMMUNITY (0x4) 6 bytes: "public" 13: RESPONSE-PDU (0xa2): 54 bytes 13: RESPONSE-PDU (0xa2): 54 bytes 15: INTEGER REQUEST-ID (0x2) 2 bytes: : INTEGER REQUEST-ID (0x2) 2 bytes: : INTEGER ERROR-STATUS (0x2) 1 bytes: noError(0) 19: INTEGER ERROR-STATUS (0x2) 1 bytes: noError(0) 22: INTEGER ERROR-INDEX (0x2) 1 bytes: 0 22: INTEGER ERROR-INDEX (0x2) 1 bytes: 0 25: SEQUENCE VARBIND-LIST (0x30): 42 bytes 25: SEQUENCE VARBIND-LIST (0x30): 42 bytes 27: SEQUENCE VARBIND (0x30): 40 bytes 27: SEQUENCE VARBIND (0x30): 40 bytes 29: OBJ-ID (0x6) 8 bytes: : OBJ-ID (0x6) 8 bytes: : OCTET-STR (0x4) 28 bytes: "Sun SNMP Agent, SUNW,Ultra-1" 39: OCTET-STR (0x4) 28 bytes: "Sun SNMP Agent, SUNW,Ultra-1" system.sysDescr.0 : DISPLAY STRING- (ascii): Sun SNMP Agent, SUNW,Ultra-1

SNMP-Walk - Use of SNMP Get-Next Request snmpwalk snmpwalk system.sysDescr.0 : DISPLAY STRING- (ascii): Sun SNMP Agent, SUNW,Ultra-1 system.sysObjectID.0 : OBJECT IDENTIFIER:.iso.org.dod.internet.private.enterprises system.sysUpTime.0 : Timeticks: ( ) 22 days, 22:36:39.58 system.sysContact.0 : DISPLAY STRING- (ascii): system.sysName.0 : DISPLAY STRING- (ascii): camry system.sysLocation.0 : DISPLAY STRING- (ascii): Information Technology Laboratory 3F system.sysServices.0 : INTEGER: 72 ( )B

SNMP Trap Example Transmitted 64 bytes to port 162: 0: 30 3e c a >.....public.1. 0: 30 3e c a >.....public.1. 16: 09 2b a : 09 2b a : f C : f C : 04 2b Trap test 48: 04 2b Trap test 0: SNMP MESSAGE (0x30): 62 bytes 0: SNMP MESSAGE (0x30): 62 bytes 2: INTEGER VERSION (0x2) 1 bytes: 0 (SNMPv1) 2: INTEGER VERSION (0x2) 1 bytes: 0 (SNMPv1) 5: OCTET-STR COMMUNITY (0x4) 6 bytes: "public" 5: OCTET-STR COMMUNITY (0x4) 6 bytes: "public" 13: V1-TRAP-PDU (0xa4): 49 bytes 13: V1-TRAP-PDU (0xa4): 49 bytes 15: OBJ-ID ENTERPRISE (0x6) 9 bytes: : OBJ-ID ENTERPRISE (0x6) 9 bytes: : IPADDRESS AGENT-ADDR (0x40) 4 bytes: : IPADDRESS AGENT-ADDR (0x40) 4 bytes: : INTEGER GENERIC-TRAP (0x2) 1 bytes: 6 32: INTEGER GENERIC-TRAP (0x2) 1 bytes: 6 35: INTEGER SPECIFIC-TRAP (0x2) 3 bytes: : INTEGER SPECIFIC-TRAP (0x2) 3 bytes: : TIMETICKS TIME-STAMP (0x43) 1 bytes: 0 (0x0) 40: TIMETICKS TIME-STAMP (0x43) 1 bytes: 0 (0x0) 43: SEQUENCE VARBIND-LIST (0x30): 19 bytes 43: SEQUENCE VARBIND-LIST (0x30): 19 bytes 45: SEQUENCE VARBIND (0x30): 17 bytes 45: SEQUENCE VARBIND (0x30): 17 bytes 47: OBJ-ID (0x6) 4 bytes: : OBJ-ID (0x6) 4 bytes: : OCTET-STR (0x4) 9 bytes: "Trap test" 53: OCTET-STR (0x4) 9 bytes: "Trap test"

net-snmp (Windows) Download: binaries/ binaries/ Choose net-snmp x64.exe or net-snmp x86.exe Installation: if php-snmp or GetIf has been installed before net-snmp, the mib directory will be C:\usr\mibs Copy "C:\Program Files\net-snmp\usr\share\snmp\mibs" to C:\usr\mibs Unzip to C:\usr\mibshttp://ycchen.im.ncnu.edu.tw/nm/macroRemoved.zip Commands: snmpget, snmpgetnext, snmpset, snmpwalk,... See Examples: snmpget -v 1 -c public snmpget -v 1 -c public ifNumber.0 sysUpTime.0 snmpget -v 2c -c public SNMPv2-MIB::sysUpTime.0 snmpwalk -v 1 -c public system snmpgetnext -d -v 1 -c public ifInOctets.1

snmptrapd, snmptrap snmptrapd -L o snmptrapd.conf "\usr\etc\snmp\snmptrapd.conf" authCommunity log comm logOption o 或 logOption f C:\logs\snmptraps.log snmptrap snmptrap -v 1 -c comm "" ifIndex.3 i 3 snmptrap -v 1 -c comm "" snmptrap -v 1 -c comm managerIP enterpriseOID agentAddress genericTrap SpecificTrap timeStamp oid type value oid type value … TYPE: i INTEGER u UNSIGNED c COUNTER3 2 s STRING x HEX STRING d DECIMAL STRING n NULLOBJ o OBJID t TIMETICKS a IPADDRESS b BITS

注意事項 Windows 作業系統本身也有 snmptrap 指令，但與 net-snmp 之 snmptrap 指令不同。 在 Command Line 模式下，執行 snmptrap 後，若 snmptrapd 沒收到 trap ，可能是執行 Windows 的 snmptrap 。 解決之道 將 net-snmp 之 snmptrap.exe 改名 snmptrap.exe 位於目錄 "usr\bin\" "snmptrap.exe"  "netsnmptrap.exe" netsnmptrap -v 1 -c comm …

Get System Information Get “ System Group ” of MIB II Use get_request or get_next_request sysDescr sysObjectID sysUptime sysContact sysName sysLocation

Get Interface Information Get “ Interface Group ” of MIB II Repeatedly Use “ get_next_request ” Note: We don ’ t know the ifIndex values in ifTable. + First get the next object of.ifTable.ifEntry.0  Then repeatedly “ get_next ” + Until the whole subtree is visited.

Traffic Monitoring Get “ ifInOctets ” and “ ifOutOctets ” of MIB II Interface Group t 1 : C 1 t 2 : C 2 (C 2 - C 1 )  8 (t 2 - t 1 )  Bandwidth  100% Utilization (%) =

SNMP MIB Group