SNMPv2 Yen-Cheng Chen Department of Information Management National Chi Nan University Puli, Nantou, Taiwan
SNMPv1 SNMPv1 Protocol RFC 1157 RFC 1157 – Simple Network Management Protocol RFC 1157 RFC 1157 SMIv1 Data Definition Language Full Standards: RFC 1155 RFC Structure of Management Information RFC 1155 RFC 1155 RFC 1212 RFC Concise MIB Definitions RFC 1212 RFC 1212 Informational: RFC A Convention for Defining Traps RFC 1215 SMIv1 MIB Modules Full Standards: RFC 1213 RFC Management Information Base II RFC 1213 RFC 1213 RFC Ethernet-Like Interface Types MIB RFC 1643
SNMPv2 SMIv2 Data Definition Language Full Standards: RFC 2578 RFC Structure of Management Information RFC 2578 RFC 2578 RFC Textual Conventions RFC 2579 RFC Conformance Statements RFC 2580 SMIv2 MIB Modules Full Standards: RFC 2819 RFC Remote Network Monitoring MIB RFC 2819 RFC 2819 RFC SNMP Framework MIB RFC 3411 RFC SNMPv3 MPD MIB RFC 3412 RFC SNMP Applications MIBs RFC 3413 RFC SNMPv3 USM MIB RFC 3414 RFC SNMP VACM MIB RFC 3415 RFC SNMP MIB RFC 3418
SNMPv3 SNMPv3 Protocol Full Standards: RFC Architecture for SNMP Frameworks RFC 3411 RFC Message Processing and Dispatching RFC 3412 RFC SNMP Applications RFC 3413 RFC User-based Security Model RFC 3414 RFC View-based Access Control Model RFC 3415 RFC 3416 RFC Protocol Operations Version 2 RFC 3416 RFC 3416 RFC Transport Mappings for SNMP RFC 3417 RFC SNMP MIB RFC 3418
Major Changes Bulk data transfer Manager-to-manager message Enhancements to SMI: SMIv2 (RFC 2578) Module definitions: MODULE-IDENTITY macro Object definitions: OBJECT-TYPE macro Trap definitions: NOTIFICATION-TYPE macro Textual conventions (RFC 2579) Conformance statements (RFC 2580) Row creation and deletion in table MIB enhancements Transport mappings Security Feature
Structure of Management Information (SMI)
SMIv1, SMIv2 SMIv1: SMI (RFC 1155)RFC 1155 Concise MIB (RFC 1212)RFC 1212 Trap-Type (RFC 1215)RFC 1215 SMIv2: SMIv2 (RFC 2578)RFC 2578 Textual Conventions (RFC 2579)RFC 2579 Conformance Statements (RFC 2580)RFC 2580
Three Parts of SMIv2 Module definitions MODULE-IDENTITY Object definitions OBJECT-TYPE Notification difinitions NOTIFICATION-TYPE
1. MODULE-IDENTITY
MODULE-IDENTITY Example
2. OBJECT-TYPE OBJECT-TYPE MACRO ::= BEGIN TYPE NOTATION ::= "SYNTAX" Syntax UnitsPart "MAX-ACCESS" Access "STATUS" Status "DESCRIPTION" Text ReferPart IndexPart DefValPart VALUE NOTATION ::= value(VALUE ObjectName)
"SYNTAX" Syntax Syntax ::= -- Must be one of the following: -- a base type (or its refinement), -- a textual convention (or its refinement), or -- a BITS pseudo-type type | "BITS" "{" NamedBits "}“ NamedBits ::= NamedBit | NamedBits "," NamedBit NamedBit ::= identifier "(" number ")“ -- number is nonnegative
(Example) SYNTAX BITS protocolDirType OBJECT-TYPE SYNTAXBITS { extensible(0), addressRecognitionCapable(1) } MAX-ACCESS read-only STATUS current DESCRIPTION “…” ::= { protocolDirEntry 5 }
UnitsPart: UNITS hrDiskStorageCapacity OBJECT-TYPE SYNTAX KBytes UNITS "KBytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The total size for this long-term storage device. If the media is removable and is currently removed, this value should be zero." ::= { hrDiskStorageEntry 4 } UnitsPart ::= "UNITS" Text | empty Back to OBJECT-TYPE
"MAX-ACCESS" Access Access ::= "not-accessible" | "accessible-for-notify" | "read-only" | "read-write" | "read-create" ordered from least to greatest: not-accessible "not-accessible": indicates an auxiliary object accessible-for-notify "accessible-for-notify": accessible only via a notification read-only "read-only": read only read-write "read-write": read and write, but create does not. read-create "read-create": read, write and create
"STATUS" Status Status ::= "current" | "deprecated" | "obsolete" current “current”: the definition is current and valid. deprecated “deprecated”:indicates an obsolete definition, it permits new/continued implementation. obsolete “obsolete”: the definition is obsolete and should not be implemented.
ReferPart ReferPart ::= "REFERENCE" Text | empty ipForwardTable OBJECT-TYPE SYNTAX SEQUENCE OF IpForwardEntry MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "This entity's IP Routing table." REFERENCE "RFC 1213 Section 6.6, The IP Group“ ::= { ipForward 2 }
3. NOTIFICATION-TYPE NOTIFICATION-TYPE MACRO ::= BEGIN TYPE NOTATION ::= ObjectsPart "STATUS" Status "DESCRIPTION" Text ReferPart VALUE NOTATION ::= value(VALUE NotificationName) ObjectsPart ::= "OBJECTS" "{" Objects "}“ | empty Objects ::= Object | Objects "," Object Object ::= value(ObjectName) Status ::= "current" | "deprecated" | "obsolete" ReferPart ::= "REFERENCE" Text | empty Text ::= value(IA5String) END NotificationName ::= OBJECT IDENTIFIER
Reference: SNMPv2-MIB (RFC 1907) NOTIFICATION-TYPE Example
OBJECT IDENTIFIER defines the administrative identification of a node in the MIB OBJECT-IDENTITY macro assigns an object identifier to an object identifier in the MIB OBJECT-TYPE macro defines the type of a managed object OBJECT ??
OBJECT-IDENTITY / OBJECT-TYPE OBJECT-IDENTITY is high level description OBJECT-TYPE details description needed for implementation
OBJECT-TYPE
Table Expansion Augmentation of a table (dependent table) adds additional columns to an existing table (base table) Dense table enables addition of more rows to base table Sparse table supplements less rows to a base table
Augmentation of Tables
hrDeviceTable OBJECT-TYPE SYNTAX SEQUENCE OF HrDeviceEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The (conceptual) table of devices…" ::= { hrDevice 2 } hrDeviceEntry OBJECT-TYPE SYNTAX HrDeviceEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A (conceptual) entry for one device contained by the host. …" INDEX { hrDeviceIndex } ::= { hrDeviceTable 1 } hrDiskStorageTable OBJECT-TYPE SYNTAX SEQUENCE OF HrDiskStorageEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The (conceptual) table of long-term storage devices contained by the host..." ::= { hrDevice 6 } hrDiskStorageEntry OBJECT-TYPE SYNTAX HrDiskStorageEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A (conceptual) entry for one long-term storage devices contained by the host..." INDEX { hrDeviceIndex } ::= { hrDiskStorageTable 1 } Appending a Spare Table
Textual Convention Enables defining new data types Makes semantics of data types consistent and human readable Creates new data types using existing ones and applies restrictions to them An important textual convention in SNMPv2, RowStatus creates and deletes rows
SNMPv2: SNMPV1: Also see Page 251 DisplayString ::= OCTET STRING -- This data type is used to model textual information taken -- from the NVT ASCII character set. By convention, objects -- with this syntax are declared as having -- SIZE (0..255)
InterfaceIndex ::= TEXTUAL-CONVENTION DISPLAY-HINT "d" STATUS current DESCRIPTION "A unique value, greater than zero, for each interface or interface sub-layer in the managed system. It is recommended that values are assigned contiguously starting from 1. The value for each interface sub-layer must remain constant at least from one re-initialization of the entity's network management system to the next re-initialization." SYNTAX Integer32 ( )
Creation of Row: RowStatus
Create-and-Go Row Creation SetRequest ( status.3 = 4, index.3 = 3, data.3 = DefData ) Response ( status.3 = 1, index.3 = 3, data.3 = DefData ) Manager Process Agent Process Managed Entity Create Instance Instance Created
Create-and-Wait: Row Creation
Row Deletion
SNMPv2 MIB
Conformance Statements for SMIv2 (RFC 2580)
MIB MODULE IMPORTS EXPORTS MODULE-IDENTITY TEXTUAL-CONVENTION OBJECT IDENTIFIER Application Data Types OBJECT-TYPE NOTIFICATION-TYPE OBJECT-GROUP NOTIFICATION-GROUP MODULE-COMPLIANCE I E MI TCs OIs OTs NTs OGs NGs MCs
MC OT OG OT OG NT NG NT NG OI I E data types TC OG NG MC MI
Four Macros in SNMPv2-CONF OBJECT-GROUP macro NOTIFICATION-GROUP macro MODULE-COMPLIANCE macro AGENT-CAPABILITIES macro
Conformance: OBJECT-GROUP Conformance defined by OBJECT-GROUP macro NOTIFICATION-GROUP macro OBJECT-GROUP Compiled during implementation, not at run time OBJECTS clause names each object Every object belongs to an OBJECT-GROUP Access defined by MAX-ACCESS, the maximum access privilege for the object
OBJECT-GROUP OBJECT-GROUP MACRO ::= BEGIN TYPE NOTATION ::= ObjectsPart "STATUS" Status "DESCRIPTION" Text ReferPart VALUE NOTATION ::= value(VALUE OBJECT IDENTIFIER) ObjectsPart ::= "OBJECTS" "{" Objects "}" Objects ::= Object | Objects "," Object Object ::= value(ObjectName) Status ::= "current" | "deprecated" | "obsolete" ReferPart ::= "REFERENCE" Text | empty Text ::= value(IA5String) END
OBJECT-GROUP Example hrSWRunGroup OBJECT-GROUP OBJECTS { hrSWOSIndex, hrSWRunIndex, hrSWRunName, hrSWRunID, hrSWRunPath, hrSWRunParameters, hrSWRunType, hrSWRunStatus } STATUS current DESCRIPTION "The Host Resources Running Software Group." ::= { hrMIBGroups 4 }
Conformance: NOTIFICATION-GROUP NOTIFICATION-GROUP Contains trap entities defined in SMIv1 NOTIFICATIONS clause identifies the notifications in the group NOTIFICATIONS-GROUP macro compiled during implementation, not at run time
NOTIFICATION-GROUP NOTIFICATION-GROUP MACRO ::= BEGIN TYPE NOTATION ::= NotificationsPart "STATUS" Status "DESCRIPTION" Text ReferPart VALUE NOTATION ::= value(VALUE OBJECT IDENTIFIER) NotificationsPart ::= "NOTIFICATIONS" "{" Notifications "}" Notifications ::= Notification | Notifications "," Notification Notification ::= value(NotificationName) Status ::= "current" | "deprecated" | "obsolete" ReferPart ::= "REFERENCE" Text | empty Text ::= value(IA5String) END
NOTIFICATION-GROUP Example linkUpDownNotificationsGroup NOTIFICATION-GROUP NOTIFICATIONS { linkUp, linkDown } STATUS current DESCRIPTION "The notifications which indicate specific changes in the value of ifOperStatus." ::= { ifGroups 14 }
Compliance Compliance has two classes of groups MANDATORY-GROUPS... Required GROUP …Optional
MODULE-COMPLIANCE MODULE-COMPLIANCE MACRO ::= BEGIN TYPE NOTATION ::= "STATUS" Status "DESCRIPTION" Text ReferPart ModulePart VALUE NOTATION ::= value(VALUE OBJECT IDENTIFIER)
ModulePart ModulePart ::= Modules Modules ::= Module | Modules Module Module ::= "MODULE" ModuleName MandatoryPart CompliancePart ModuleName ::= identifier ModuleIdentifier | empty ModuleIdentifier ::= value(OBJECT IDENTIFIER) | empty MandatoryPart ::= "MANDATORY-GROUPS" "{" Groups "}“ | empty Groups ::= Group | Groups "," Group Group ::= value(OBJECT IDENTIFIER)
CompliancePart (1/2) CompliancePart ::= Compliances | empty Compliances ::= Compliance | Compliances Compliance Compliance ::= ComplianceGroup | Object ComplianceGroup ::= "GROUP" value(OBJECT IDENTIFIER) "DESCRIPTION" Text Object ::= "OBJECT" value(ObjectName) SyntaxPart WriteSyntaxPart AccessPart "DESCRIPTION" Text
CompliancePart (2/2) SyntaxPart ::= "SYNTAX" Syntax | empty -- must be a refinement for object's SYNTAX clause WriteSyntaxPart ::= "WRITE-SYNTAX" Syntax | empty Syntax ::= type | "BITS" "{" NamedBits "}" NamedBits ::= NamedBit | NamedBits "," NamedBit NamedBit ::= identifier "(" number ")" AccessPart ::= "MIN-ACCESS" Access | empty Access ::= "not-accessible" | "accessible-for-notify" | "read-only" | "read-write" | "read-create"
hrMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The requirements for conformance to the Host Resources MIB." MODULE -- this module MANDATORY-GROUPS { hrSystemGroup, hrStorageGroup, hrDeviceGroup } OBJECT hrSystemDate MIN-ACCESS read-only DESCRIPTION "Write access is not required.“ GROUP hrSWRunGroup DESCRIPTION "The Running Software Group. Implementation of this group is mandatory only when the hrSWRunPerfGroup is implemented." … ::= { hrMIBCompliances 1 } MODULE-COMPLIANCE Example
OBJECT ifAdminStatus SYNTAX INTEGER { up(1), down(2) } MIN-ACCESS read-only DESCRIPTION "Write access is not required, nor is support for the value testing(3)."
OBJECT-GROUP
Agent Capabilities AGENT-CAPABILITIES macro SUPPORTS modules and includes groups VARIATION identifies additional features
AGENT-CAPABILITIES
SNMPv2 Internet Group
inform-request manager-to-manager message get-bulk-request transfer of large data SNMPv2-Trap transfer of notifications Report not used SNMPv2 New Messages
SNMPv2 PDU
SNMPv2 Error Status
SNMPv2 GetBulkRequest PDU Error status field replaced by Non-repeaters Error index field replaced by Max repetitions No one-to-one relationship between request and response
Get-Bulk-Request:
Manager Process
Get-Bulk-Request Operation
The response is fragmented to five IP datagrams.
1 2 3
1 2
snmpbulkget (net-snmp) snmpbulkget -v 2c -c public -Cn1 -Cr sysUpTime ifDescr ifType ifSpeed DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: ( ) 25 days, 2:45:20.03 IF-MIB::ifDescr.1 = STRING: Software Loopback Interface 1 IF-MIB::ifType.1 = INTEGER: softwareLoopback(24) IF-MIB::ifSpeed.1 = Gauge32: IF-MIB::ifDescr.2 = STRING: WAN Miniport (SSTP) IF-MIB::ifType.2 = INTEGER: tunnel(131) IF-MIB::ifSpeed.2 = Gauge32: IF-MIB::ifDescr.3 = STRING: WAN Miniport (L2TP) IF-MIB::ifType.3 = INTEGER: tunnel(131) IF-MIB::ifSpeed.3 = Gauge32: IF-MIB::ifDescr.4 = STRING: WAN Miniport (PPTP) IF-MIB::ifType.4 = INTEGER: tunnel(131) IF-MIB::ifSpeed.4 = Gauge32: IF-MIB::ifDescr.5 = STRING: WAN Miniport (PPPOE) IF-MIB::ifType.5 = INTEGER: ppp(23) IF-MIB::ifSpeed.5 = Gauge32: Non-repeaters Max repetitions
java snmpgetbulk [-m MIB_files] [-c community] [-nr non-repeaters] [-mr max-repetitions] host OID [OID]... Example: java snmpgetbulk -m RFC1213-MIB -c comm123 -nr 2 -mr sysDescr sysUpTime ifIndex ifDescr ifType snmpgetbulk.java
C:\snmp>java snmpgetbulk -m RFC1213-MIB -c public -nr 2 -mr sysDescr sysUpTime ifIndex ifDescr ifType > 84bulk.txt 84bulk.txt: sysDescr.0:-->DES-3526 Fast-Ethernet Switch sysUpTime.0:-->15 days, 18 hours, 57 minutes, 11 seconds. Repeaters: ifIndex.1:-->1 ifDescr.1:-->RMON Port 1 on Unit 1 ifType.1:-->ethernet-csmacd(6) ifIndex.2:-->2 ifDescr.2:-->RMON Port 2 on Unit 1 ifType.2:-->ethernet-csmacd(6) ifIndex.3:-->3 ifDescr.3:-->RMON Port 3 on Unit 1 ifType.3:-->ethernet-csmacd(6) ifIndex.4:-->4 ifDescr.4:-->RMON Port 4 on Unit 1 ifType.4:-->ethernet-csmacd(6) ifIndex.5:-->5 ifDescr.5:-->RMON Port 5 on Unit 1 ifType.5:-->ethernet-csmacd(6) ifIndex.6:-->6 ifDescr.6:-->RMON Port 6 on Unit 1 ifType.6:-->ethernet-csmacd(6) ifIndex.7:-->7 ifDescr.7:-->RMON Port 7 on Unit 1 ifType.7:-->ethernet-csmacd(6) ifIndex.8:-->8 ifDescr.8:-->RMON Port 8 on Unit 1 ifType.8:-->ethernet-csmacd(6) ifIndex.9:-->9 ifDescr.9:-->RMON Port 9 on Unit 1 ifType.9:-->ethernet-csmacd(6)
C:\snmp>java snmpgetbulk -m RFC1213-MIB -c public -nr 2 -mr sysDescr sysUpTime ifIndex ifDescr ifType > 169bulk.txt 169bulk.txt: sysDescr.0:-->Hardware: x86 Family 15 Model 3 Stepping 4 AT/AT COMPATIBLE… sysUpTime.0:-->12 days, 8 hours, 12 minutes, 10 seconds. Repeaters: fIndex.1:-->1 ifDescr.1:-->Loopback interface ifType.1:-->softwareLoopback(24) ifIndex.2:-->2 ifDescr.2:-->Intel(R) PRO/100 ifType.2:-->ethernet-csmacd(6) ifDescr.1:-->Loopback interface ifType.1:-->softwareLoopback(24) ifMtu.1:-->1520 ifDescr.2:-->Intel(R) PRO/100 ifType.2:-->ethernet-csmacd(6) ifMtu.2:-->1500 ifType.1:-->softwareLoopback(24) ifMtu.1:-->1520 ifSpeed.1:--> ifType.2:-->ethernet-csmacd(6) ifMtu.2:-->1500 ifSpeed.2:--> ifMtu.1:-->1520 ifSpeed.1:--> ifPhysAddress.1:--> ifMtu.2:-->1500 ifSpeed.2:--> ifPhysAddress.2:--> f c9 b1 9f ifSpeed.1:--> ifPhysAddress.1:--> ifAdminStatus.1:-->up(1)
SnmpTarget target = new SnmpTarget(); target.setLoadFromCompiledMibs(true); target.setSnmpVersion( SnmpTarget.VERSION2C ) ; target.setTargetHost( " "); target.setCommunity( "public" ); target.setNonRepeaters(2); int nonRepeaters = 2; target.setMaxRepetitions(20); target.loadMibs("RFC1213-MIB"); String oids[] = {"sysDescr","sysUpTime","ifIndex", "ifType", "ifSpeed"}; SnmpVarBind result[][] = target.snmpGetBulkVariableBindings(); for (int i=0;i<nonRepeaters;i++) System.out.println(target.getMibOperations().toString(result[i][0])); StringBuffer sb = new StringBuffer("\nRepeaters:\n"); for (int j=0;j<result[0].length;j++) { for (int i=nonRepeaters;i<oids.length;i++) sb.append(target.getMibOperations().toString(result[i][j])+" \t ") sb.append("\n"); } System.out.println(sb.toString()); snmpgetbulk.java
Issues in Bulk Data Transfer Latency End-to-end delay caused by a number of request/response message exchanges Network overhead Amount of non-data octets carried in each PDU Table retrieval problems holes in tables table consistency GetBulk overshoot
Improvements SNMP over TCP OID compression Other encoding methods Mobile agent GetCols GetBulkBumper GetSubtree GetPrev GetModify
SNMPv2 Trap Addition of NOTIFICATION-TYPE macro OBJECTS clause, if present, defines order of variable bindings Positions 1 and 2 in VarBindList are sysUpTime and snmpTrapOID
NOTIFICATION-TYPE
Inform-Request Inform-Request behaves as trap in that the message goes from one manager to another unsolicited The receiving manager sends response to the sending manager
Counter64 ObjectSyntax ::= CHOICE { simple SimpleSyntax, application-wide ApplicationSyntax } SimpleSyntax ::= CHOICE { integer-value INTEGER ( ), string-value OCTET STRING (SIZE ( )), objectID-value OBJECT IDENTIFIER } ApplicationSyntax ::= CHOICE { ipAddress-value IpAddress, counter-value Counter32, timeticks-value TimeTicks, arbitrary-value Opaque, big-counter-value Counter64, unsigned-integer-value Unsigned32 } Counter64 ::= [APPLICATION 6] IMPLICIT INTEGER ( )
SNMPv2-MIB - RFC 3418 Yen-Cheng Chen IM, NCNU April, 2006 Obsoletes 1907
SNMPv2 SNMP MIB
system group { mib-2 1 } sysDescr sysObjectID sysUpTime sysContact sysName sysLocation sysServices Object Resources - describe the SNMP entity's support of various MIB modules. sysORLastChange sysORTable sysOREntry sysORIndex sysORID sysORDescr sysORUpTime
sysORTable Example
snmp group { mib-2 11 } snmpInPkts snmpInBadVersions snmpInBadCommunityNames snmpInBadCommunityUses snmpInASNParseErrs snmpSilentDrops snmpProxyDrops snmpEnableAuthenTraps snmpSetSerialNo { snmp 1 } { snmp 3 } { snmp 4 } { snmp 5 } { snmp 6 } { snmp 31 } { snmp 32 } { snmp 30 } { snmpset 1 } enabled(1), disabled(2) - for atomic operations
Object Types for SNMPv2 Traps
Notification Types coldStart, warmStart
authenticationFailure
LinkDown, LinkUp (RFC 2233)