Chapter 4 SNMPv1: Organization and Information Models

Internet SNMP Management Internet Engineering Task Force (IETF) 1990SNMPv1 1995SNMPv2 1998SNMPv3 Internet documents: Request for Comments (RFC) IETF STD Internet Standard FYI For your information

SNMP MIB RFC 3418 SNMP MIB RFC 3418 SMIv2 RFC 2578 SMIv2 Conventions RFC 2579 SMIv2 Conformances RFC 2580 SNMP MIB RFC 3418 SNMPv2 Protocol Ops RFC 3416 `

SNMP Model Organization Model Relationship between network element, agent, and manager Hierarchical architecture Information Model Uses ASN.1 syntax SMI (Structure of Management Information MIB (Management Information Base) Communication Model Transfer syntax SNMP over TCP/IP Communication services addressed by messages Security framework community-based model

Two-Tier Organization Model

Three-Tier Organization Model: RMON RMON Remote Monitoring RMON I RMON II

Three-Tier Organization Model: Proxy

SNMP System Architecture Network 網路介面 SNMP UDP IP 網路介面 SNMP UDP IP 網路介面 SNMP UDP IP ManagerAgent... Management Station HostRouter Network Elements (NEs) Network Management Protocol SNMP

SNMP Services Four Services  Get, Set, GetNext, Trap Five SNMP Messages  GetRequest, SetRequest, GetNextRequest, GetResponse, Trap ManagerAgent(s) Get, Set, GetNext Request Get Response Trap

SNMP Services Get Request Get Response ManagerAgent GetNext Request Get Response ManagerAgent Set Request Get Response ManagerAgent Trap Request ManagerAgent GetGetNextSetTrapGetGetNextSetTrap

SNMP Services (cont.) Get Request:  Retrieve the values of objects in the MIB of an agent. Get-Next Request:  Retrieve the values of the next objects in the MIB of an agent. Set Request:  Update the values of objects in the MIB of an agent. Trap Request  Report extraordinary events to the manager.

4.7 Information Model Structure of Management Information (SMI) (RFC 1155, RFC 1212) Managed Object Scalar Aggregate or tabular object Management Information Base (RFC 1213)

Managed Object Object TypeObject Instance

Managed Object: Multiple Instances Object TypeObject Instance

Object Name Object is uniquely defined by DESCRIPTOR OBJECT IDENTIFIER

Internet Subnodes directoryOBJECT IDENTIFIER ::= {internet 1} mgmtOBJECT IDENTIFIER ::= {internet 2} experimentalOBJECT IDENTIFIER ::= {internet 3} privateOBJECT IDENTIFIER ::= {internet 4}

root ccitt iso joint-iso-ccitt directory std reg authority member body org dod internet mgmt experimental private MIB II system 1 interface 2 at 3 IP 4 ICMP 5 TCP 6 UDP 7 EGP 8 Trans. 10 SNMP enterprises MIB II interface enterprises

Private MIB Example Enterprise Number

SNMP ASN.1 Data Type

Primitive Data Types subtype: INTEGER (0..255) OCTET STRING (SIZE ) OCTET STRING (SIZE 8)

Enumerated Special case of INTEGER data type

Defined or Application Data Type

Constructor or Structured Data Type: SEQUENCE List Marker SEQUENCE {,,…, } IpAddrEntry ::= SEQUENCE{ ipAdEntAddrIpAddress, ipAdEntIfIndexINTEGER, ipAdEntNetMaskIpAddress, ipAdEntBcastAddrINTEGER, ipAdEntReasmMaxSizeINTEGER ( ) }

Constructor or Structured Data Type: SEQUENCE OF SEQUENCE OF where is a list constructor ipAddrTable OBJECT-TYPE SYNTAX SEQUENCE OF IpAddrEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "The table of addressing information relevant to this entity's IP addresses." ::= { ip 20 }

Example: IP Address Table Each row (table entry) is a sequence: IpAddrEntry. The ipAddrTable table is a sequence of rows (entries), i.e. a sequence of ipAddrEntry.

Encoding Basic Encoding Rules (BER) - Type, Length, and Value (TLV)

SNMP Data Types and Tags TypeTag OBJECT IDENTIFIERUNIVERSAL 6 SEQUENCEUNIVERSAL 16 IpAddressAPPLICATION 0 CounterAPPLICATION 1 Gauge APPLICATION 2 TimeTicksAPPLICATION 3 OpaqueAPPLICATION 4

4.7.3 Managed Object: Structure

SMIv1, SMIv2 SMIv1:  SMI (RFC 1155)RFC 1155  Concise MIB (RFC 1212)RFC 1212  Trap-Type (RFC 1215)RFC 1215 SMIv2:  SMIv2 (RFC 2578)  Textual Conventions (RFC 2579)  Conformance Statements (RFC 2580)

OBJECT-TYPE MACRO ::= BEGIN TYPE NOTATION ::="SYNTAX" type (TYPE ObjectSyntax) TYPE NOTATION ::="SYNTAX" type (TYPE ObjectSyntax) "ACCESS" Access "ACCESS" Access "STATUS" Status "STATUS" Status VALUE NOTATION ::= value (VALUE ObjectName) VALUE NOTATION ::= value (VALUE ObjectName) Access ::= "read-only" | "read-write" | "write-only | "not-accessible" Access ::= "read-only" | "read-write" | "write-only | "not-accessible" Status ::= "mandatory" | "optional" | "obsolete" Status ::= "mandatory" | "optional" | "obsolete"END Object-Type Macro (RFC 1155)

OBJECT-TYPE MACRO (RFC1212) OBJECT-TYPE MACRO ::= BEGIN TYPE NOTATION ::= "SYNTAX" type(ObjectSyntax) "ACCESS" Access "STATUS" Status DescrPart ReferPart IndexPart DefValPart VALUE NOTATION ::= value (VALUE ObjectName)    ObjectName ::= OBJECT IDENTIFIER    

OBJECT-TYPE Example sysLocation OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) ACCESS read-write STATUS mandatory DESCRIPTION "The physical location of this node (e.g., `telephone closet, 3rd floor')." ::= { system 6 } DisplayString ::= OCTET STRING (SIZE (0..255)) Go to Next Example

"SYNTAX" type(ObjectSyntax) ObjectSyntax ::= CHOICE { simple SimpleSyntax, application-wide ApplicationSyntax } SimpleSyntax ::= CHOICE { numberINTEGER, stringOCTET STRING, objectOBJECT IDENTIFIER, empty NULL } ApplicationSyntax ::= CHOICE { addressNetworkAddress, counterCounter, gaugeGauge, ticksTimeTicks, arbitraryOpaque } Back to OBJECT TYPE

ApplicationSyntax NetworkAddress ::= CHOICE { internetIpAddress } IpAddress ::= [APPLICATION 0] IMPLICIT OCTET STRING (SIZE (4)) Counter ::= [APPLICATION 1] IMPLICIT INTEGER ( ) Gauge ::= [APPLICATION 2] IMPLICIT INTEGER ( ) TimeTicks ::= [APPLICATION 3] IMPLICIT INTEGER ( ) Opaque ::= [APPLICATION 4] IMPLICIT OCTET STRING Back to OBJECT TYPE

"ACCESS" Access "STATUS" Status Access ::= "read-only" | "read-write" | "write-only" | "not-accessible Status ::= "mandatory" | "optional" | "obsolete" | "deprecated" Back to OBJECT TYPE

DescrPart DescrPart ::= "DESCRIPTION" value (description DisplayString) | empty ReferPart ::= "REFERENCE" value (reference DisplayString) | empty ReferPart Back to OBJECT TYPE

DefValPart ifNumber OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DEFVAL 1 DESCRIPTION "The number of network interfaces (regardless of their current state) present on this system.“ ::= { interfaces 1 } DefValPart ::= "DEFVAL" "{" value (defvalue ObjectSyntax) "}" | empty Example: Back to OBJECT TYPE

IndexPart IndexTypes ::= IndexType | IndexTypes "," IndexType IndexType ::= value (indexobject ObjectName) | type (indextype) IndexSyntax ::= CHOICE { number INTEGER (0..MAX), string OCTET STRING, object OBJECT IDENTIFIER, address NetworkAddress, ipAddress IpAddress } IndexPart ::= "INDEX" "{" IndexTypes "}" Back to OBJECT TYPE

instance-identifier ( INDEX) integer-valued  3  3 string-valued, fixed-length strings  ‘ c2e’H  string-valued, variable-length strings  “IIS Admin”  object identifier-valued   NetworkAddress-valued   IpAddress-valued  

Index - variable-length string svSvcTable OBJECT-TYPE SYNTAX SEQUENCE OF SvSvcEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A list of service entries describing network services installed on this server.“ ::= { server 3 } svSvcEntry OBJECT-TYPE SYNTAX SvSvcEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "The names of the network services installed on this server." INDEX { svSvcName } ::= { svSvcTable 1 } Back to OBJECT TYPE

OBJECT-TYPE Example dot1dBasePortEntry OBJECT-TYPE SYNTAX Dot1dBasePortEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A list of information for each port of the bridge." REFERENCE "IEEE 802.1D-1990: Section 6.4.2, 6.6.1" INDEX { dot1dBasePort } ::= { dot1dBasePortTable 1 }

Aggregate Object A group of objects tabular objectsAlso called tabular objects Can be represented by a table with Columns of objects Rows of instances Table of Objects List of Objects Objects

Aggregate M.O. Macro: Table Object ipAddrTable OBJECT-TYPE SYNTAX SEQUENCE OF IpAddrEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "The table of addressing information relevant to this entity's IP addresses." ::= {ip 20}

Aggregate M.O. Macro: Entry Object ipAddrEntry OBJECT-TYPE SYNTAX IpAddrEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "The addressing information for one of this entity's IP addresses." INDEX { ipAdEntAddr } ::= { ipAddrTable 1 } ipAddrEntry: OBJECT-TYPE IpaddrEntry: SYNTAX

Aggregate M.O. Macro: Entry Object IpAddrEntry ::= SEQUENCE { ipAdEntAddrIpAddress, ipAdEntIfIndexINTEGER, ipAdEntNetMaskIpAddress, ipAdEntBcastAddrINTEGER, ipAdEntReasmMaxSizeINTEGER ( ) }

Aggregate M.O. Macro: Columnar Objects ipAdEntAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "The IP address to which this entry's addressing information pertains.” ::= { ipAddrEntry 1 }

Tabular Representation of Aggregate Object

Multiple Instances of Aggregate Managed Object

Example

Identification of Managed Objects Use Object Identifier (OID) OID = Object Type OID. Instance Identifier Object Type OID:  Each Object type has a unique OID Instance Identifier:  Identify instances of object type E.g.mib-2.interface.ifTable.ifEntry.ifDescr. 2

Two Kinds of Managed Objects Type-Specific Objects:  sysDescr OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) ::= {system 1}  OID: mib-2.system.1. 0 Columnar Objects  OID: mib-2.interface.ifTable.ifEntry.ifDescr.2 mib-2.interface.ifTable.ifEntry.ifDescr.6 mib-2.interface.ifTable.ifEntry.ifType.2 mib-2.interface.ifTable.ifEntry.ifType.6

Columnar Objects ifTable OBJECT-TYPE SYNTAX SEQUENCE OF IfEntry … ::= { interface 2 } IfEntry ::= SEQUENCE { ifIndexINTEGER, ifDescrDisplayString, ifTypeINTEGER, … } ifEntry OBJECT-TYPE SYNTAX IfEntry … INDEX {ifIndex } ::= { ifTable 1} ifDescr OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) ACCESS read-only STATUS madatory... ::= {ifEntry 2}

Columnar Objects ifIndex ifDescr ifType... 1 le llc lo le ifTable.ifEntry.1 ( ).ifTable.ifEntry.2 ( ).ifTable.ifEntry.3 ( )

Index in MIB II ifEntry{ifIndex} atEntry{atNetIfIndex, atNetAddress} ipAddrEntry{ipAdEntAddr } ipRouteEntry{ipRouteDest} ipNetToMediaEntry{ipNetToMediaIfIndex, ipNetToMediaNetAddress} tcpConnEntry {tcpConnLocalAddress, tcpConnLocalPort, tcpConnRemoteAddress, tcpConnRemotePort} udpEntry{udpLocalAddress, udpLocalPort} egpNeighEntry{egpNeighAddr}

Index Example To get the state of the TCP connection: : 3125 ===> : 80 Use snmp_get_req. to get the “tcpConnState” of the tcpConnTable in MIB II. tcpConnState ==>

tcpConnTable

4.7.4 MIB-II MIB-II (RFC 1213) is superset of MIB-I Objects that are related grouped into object groups MIB module comprises module name, imports from other modules, and definitions of current module RFC 1213 defines eleven groups

MIB II (RFC 1213) System Group  Provide general information about the managed system. Interfaces Group  Contains generic information about the physical interfaces. Address-Translation Group  Contains information about the mapping between network addresses and physical addresses for each physical interface. IP Group  Contains information about the implementation and operation of IP at the managed system. ICMP Group  Contains information about the implementation and operation of ICMP at the managed system.

MIB-II (cont.) TCP Group  Contains information about the implementation and operation of TCP at the managed system. UDP Group  Contains information about the implementation and operation of UDP at the managed system. EGP Group  Contains information about the implementation and operation of EGP at the managed system. CMOT Group  Placeholder for OSI (CMIP Over TCP/IP) Transmission Group  Provides details about the underlying transmission media for each interface. SNMP Group  Provides the statistics of SNMP operations at the managed system.

System Group

sysServices OBJECT-TYPE SYNTAX INTEGER (0..127) ACCESS read-only STATUS mandatory DESCRIPTION "A value which indicates the set of services that this entity primarily offers. The value is a sum. This sum initially takes the value zero, Then, for each layer, L, in the range 1 through 7, that this node performs transactions for, 2 raised to (L - 1) is added to the sum. For example, a node which performs primarily routing functions would have a value of 4 (2^(3-1)). In contrast, a node which is a host offering application services would have a value of 72 (2^(4-1) + 2^(7-1)). Note that in the context of the Internet suite of protocols, values should be calculated accordingly: layer functionality 1 physical (e.g., repeaters) 2 datalink/subnetwork (e.g., bridges) 3 internet (e.g., IP gateways) 4 end-to-end (e.g., IP hosts) 7 applications (e.g., mail relays) For systems including OSI protocols, layers 5 and 6 may also be counted." ::= { system 7 } 72=

System Information

Interfaces Group

iFEntry

ifType

ifAdminStatus OBJECT-TYPE SYNTAX INTEGER { up(1), -- ready to pass packets down(2), testing(3) -- in some test mode } ACCESS read-write STATUS mandatory DESCRIPTION "The desired state of the interface. The testing(3) state indicates that no operational packets can be passed." ::= { ifEntry 7 } ifOperStatus OBJECT-TYPE SYNTAX INTEGER { up(1), -- ready to pass packets down(2), testing(3) -- in some test mode } ACCESS read-only STATUS mandatory DESCRIPTION "The current operational state of the interface. The testing(3) state indicates that no operational packets can be passed." ::= { ifEntry 8 }

ifTable

ifTable (cont.)

IP Group

ipForwarding: forwarding(1) not-forwarding(2) IP Address Table contains table of IP addresses IP Route Table contains an entry for each route IP Network-to-Media Table is address translation table mapping IP addresses to physical addresses

IP Address Table

ipAddrTable

IP Routing Table

ipRouteTable Example other(1), invalid(2), direct(3), indirect(4) other(1), local(2), netmgmt(3), icmp(4), egp(5), ggp(6), hello(7), rip(8), is-is(9), s-is(10), ciscoIgrp(11), bbnSpfIgp(12), ospf(13), bgp(14) Sec.

IP Address Translation Table

IPNetToMediaTable = ARP Table other(1), invalid(2) invalid(2), dynamic(3), static(4) read-write

ICMP Group

ICMP Objects associated with ping icmpOutEchos - # ICMP echo messages sent icmpInEchoReps -# ICMP echo reply messages received Objects associated with traceroute/tracert icmpInTimeExcs # ICMP time exceeded messages received

TCP Group

TCP Connection Table

tcpConnState OBJECT-TYPE SYNTAX INTEGER { closed(1), listen(2), synSent(3), synReceived(4), established(5), finWait1(6), finWait2(7), closeWait(8), lastAck(9), closing(10), timeWait(11), deleteTCB(12) } ACCESS read-write STATUS mandatory … ::= { tcpConnEntry 1 } TCP Connection State

tcpConnTable

UDP Group

udpTable