Internet Standard Management Framework w.lilakiatakun

Definitions of network management objects, known as MIB objects Definitions of network management objects, known as MIB objects A data definition language, known as SMI (structure of Management Information) A data definition language, known as SMI (structure of Management Information) –Define data types, an object model and rules for writing and revising management information A protocol, SNMP (Simple Network Management Protocol) A protocol, SNMP (Simple Network Management Protocol) –For conveying information between a manager and agent Security and administration capabilities Security and administration capabilities –Major enhancement in SNMPv3 over SNMPv2

SMI (Structure of Management Information)

SMI is the language used to define the management information residing in a managed entity SMI is the language used to define the management information residing in a managed entity SMI(v2) for SNMPv3 are RFC 2578,RFC2579, RFC2580 SMI(v2) for SNMPv3 are RFC 2578,RFC2579, RFC2580 SMI is based on the ASN.1 (Abstract Syntax Notation One, ISO1987) SMI is based on the ASN.1 (Abstract Syntax Notation One, ISO1987)

SMI base data types

Object types Scalar – object types that will be instantiated only once in an agent Scalar – object types that will be instantiated only once in an agent Columnar – object types that can be instantiated multiple times Columnar – object types that can be instantiated multiple times –It impose a tabular structure on an ordered collection of MIB objects using the SEQUENCE OF construct

SMI higher-level Constructs (1) SMI provides higher-level language constructs SMI provides higher-level language constructs The OBJECT-TYPE construct is used to specify the data type, status and semantics of a managed object The OBJECT-TYPE construct is used to specify the data type, status and semantics of a managed object The MODULE-IDENTITY construct allows related objects to be grouped together within a module The MODULE-IDENTITY construct allows related objects to be grouped together within a module The NOTIFICATION-TYPE construct is used to specify information regarding SNMPv2-Trap and InformationRequest messages generated by an agent or a managing entity The NOTIFICATION-TYPE construct is used to specify information regarding SNMPv2-Trap and InformationRequest messages generated by an agent or a managing entity

SMI higher-level Constructs (2) The MODULE-COMPLIANCE construct defines the set of managed objects within a module that an agent must implement The MODULE-COMPLIANCE construct defines the set of managed objects within a module that an agent must implement The AGENT-CAPABILITIES construct specifies the capabilities of agents with respect to object ad event notification definitions The AGENT-CAPABILITIES construct specifies the capabilities of agents with respect to object ad event notification definitions

The OBJECT-TYPE construct SYNTAX – specify the basic data type associated with the object SYNTAX – specify the basic data type associated with the object MAX-ACCESS – specify whether the managed object can be read, be written, be created. MAX-ACCESS – specify whether the managed object can be read, be written, be created. STATUS – indicate whether the object definition is current and valid, obsolete or deprecated (obsolete but implement for backward compatibility) STATUS – indicate whether the object definition is current and valid, obsolete or deprecated (obsolete but implement for backward compatibility) DESCRIPTION – textual definition of the object DESCRIPTION – textual definition of the object

OBJECT-TYPE construct Page 796 Page 796

MODULE- IDENTITY construct

Management Information Base

Categories of management information State information State information Physical configuration information Physical configuration information Logical configuration information Logical configuration information Historical information Historical information

State information It is about the current state of physical and logical resources along with any operational data It is about the current state of physical and logical resources along with any operational data –Whether the device is functioning properly –What current alarm conditions –How long the system has been up It is most relevant for monitoring a network It is most relevant for monitoring a network Frequent and rapid change characteristics Frequent and rapid change characteristics It can be retrieved but cannot be modified (owned by the devices) It can be retrieved but cannot be modified (owned by the devices) Not to cache in a management app. Not to cache in a management app.

Physical configuration information It is about how the managed devices is physically configured It is about how the managed devices is physically configured –The device type –MAC address –Serial number of devices Also, it can be retrieved but cannot be modified (owned by the devices) Also, it can be retrieved but cannot be modified (owned by the devices) Not change frequently, management app. might cache in its database Not change frequently, management app. might cache in its database

Logical configuration information It is about the parameter setting and configured logical resources on the device It is about the parameter setting and configured logical resources on the device –IP addresses –Protocols It is controlled and can be changed by the management app. It is controlled and can be changed by the management app. It might be cached in a management app. but need to be aware of many app. usage It might be cached in a management app. but need to be aware of many app. usage It can be divided It can be divided –Start up configuration information –Transient (running) configuration information

Historical information It includes snapshots of performance- related state information It includes snapshots of performance- related state information –Packet counts for each 15 minute interval over 24 hours It also includes logs of various types of events It also includes logs of various types of events –Firewall log of recent remote connection It is different from other types of management information because it does not reflect actual managed resources It is different from other types of management information because it does not reflect actual managed resources

MIB (Management Information Base) It represents as a collections of managed objects that form a virtual information store It represents as a collections of managed objects that form a virtual information store MIB is not the same as database MIB is not the same as database –Does not store information about the real world in a file system –It actually connected to the real world and simply offers a view of it

What is contained in MIB Many individual pieces of management information about the managed entity Many individual pieces of management information about the managed entity Individual pieces of management information are referred as “managed objects” Individual pieces of management information are referred as “managed objects” –Physical Ports/ interfaces / line card Ports/ interfaces / line card –Logical Version of installed software Version of installed software Protocols Protocols Features of communication services Features of communication services

MIB and Managed Objects

Arrangement of MIB It is arranged into a conceptual tree It is arranged into a conceptual tree Every definition in a MIB module is represented by a node in that tree Every definition in a MIB module is represented by a node in that tree Each node is named as the “ object identifier (OID)” Each node is named as the “ object identifier (OID)” OID consists of a sequence of integer OID consists of a sequence of integer –OID (internet ) =

MIB-2 Object Identifier Tree Fig 9.3 Fig 9.3

An Example: MIB-2 RFC1213-MIB DEFINITIONS::= BEGIN mib-2 OBJECT IDENTIFIER ::= {mgmt 1} - Establish mib-2 as a new node underneath a supernode called mgmt inside the Internet object identifier tree - OID is

Groups in MIB-2 Fig – page 193 Fig – page 193

MIB-2 naming structure Fig 6-13 Fig 6-13

Example of modules Fig page Fig page

Definition of object type SYNTAX – using the universal and application -wide type such as SYNTAX – using the universal and application -wide type such as –DisplayString with a maximum length 255 chars. –TimeTicks ACCESS – specify whether the object is a parameter that can be set (read-write) or only read ACCESS – specify whether the object is a parameter that can be set (read-write) or only read –Read-only/read-write/write-only/Not-accessible Status – definition life cycle Status – definition life cycle –Mandatory/optional –Current/deprecated/obsolete Description – explanation of the object type Description – explanation of the object type OID relative to containing node OID relative to containing node

Definition of a table (columnar) object

Definition of the rows of the table

TcpConnEntry data type Fig 197 Fig 197

Sequence of Vs Sequence The overall table consists of a SEQUENCE OF TcpConnEntry The overall table consists of a SEQUENCE OF TcpConnEntry –One or more elements, all of the same type Each row consists of a SEQUENCE that include 5 scalar elements Each row consists of a SEQUENCE that include 5 scalar elements –Fixed number of elements, possibly more than one type –Ex. Contains element of type INTEGER, IpAddress, INTEGER( ),IpAddress,INTEGER( )

tcpConnState

tcpConnLocalAddress tcpConnLocalPort Fig 198 Fig 198

tcpConnRemAddress tcpConnRemPort Fig 199 Fig 199

Structure of SNMP MIB OID Fig 6-14 Fig 6-14

Object identifier tree for MIB tables Fig 6-15 Fig 6-15

Identification of instances Scalar – add.0 to the OID Scalar – add.0 to the OID –sysUPtime is Columnar – add index to the OID Columnar – add index to the OID –Local address – –Local port – 227 –Remote address – –Remote address – 228. –OID

Subtree under MIB-II (RFC1213) (1) system(1): overall information about the system system(1): overall information about the system interfaces(2); information about the interfaces interfaces(2); information about the interfaces at(3) (Address translation) at(3) (Address translation) ip(4): information related to the implementation of IP ip(4): information related to the implementation of IP

Subtree under MIB-II (2) tcp(5): information related to the implementation of TCP tcp(5): information related to the implementation of TCP udp(6): information related to the implementation of UDP udp(6): information related to the implementation of UDP egp(7): information related to the implementation of EGP egp(7): information related to the implementation of EGP dot3(8): information related to Ethernet protocol at each interface dot3(8): information related to Ethernet protocol at each interface snmp(9): information related to the implementation of SNMP snmp(9): information related to the implementation of SNMP

System Group (1) sysServices(7) – has a value that is interpreted as a 7-bit code sysServices(7) – has a value that is interpreted as a 7-bit code –Each bit corresponds to a layer in TCP/IP or OSI architecture –Ex. Host offering app. services would have binary of –It means services are provided for layer 4 (transport layer) and layer 7 (application layer)

System Group (2) sysUptime (3) indicate amount of time since the network management portion of the system was last reinitiated. sysUptime (3) indicate amount of time since the network management portion of the system was last reinitiated. Determine how much the counters have changed over a specific time interval Determine how much the counters have changed over a specific time interval Fault monitoring : current value < most recent value Fault monitoring : current value < most recent value

System group (3)

System group (4) Table 6-1 Table 6-1

Interfaces Group ifPhysAddress(6) : physical address ifPhysAddress(6) : physical address –For all LAN, it contains MAC address ifOperStatus(8) : current operational status ifOperStatus(8) : current operational status –Up (1) /down (2) ifSpeed (5) : current capacity of interface in bit per second ifSpeed (5) : current capacity of interface in bit per second Used to detect congestion Used to detect congestion –Measured total number of octets into or out of the system o –The queue length for output

Address Translation Group Consists of a single table Consists of a single table Each row in the table corresponds to one of the physical interface of the system Each row in the table corresponds to one of the physical interface of the system The row provide a mapping from a network address to a physical address The row provide a mapping from a network address to a physical address

IP Group (MIB-II con’t) Contains some basic counters of traffic flow into and out of IP layer Contains some basic counters of traffic flow into and out of IP layer 3 tables are included in the IP group 3 tables are included in the IP group ipAddrTable - information relevant to the IP address assigned to this entity ipAddrTable - information relevant to the IP address assigned to this entity ipRouteTable – information used for Internet routing ipRouteTable – information used for Internet routing ipNetToMediaTable – an address translation table that provides a correspondence between physical address and IP address ipNetToMediaTable – an address translation table that provides a correspondence between physical address and IP address

ipAddrEntry Each entry consists of 5 columns Each entry consists of 5 columns –ipAdEntAddr (RO) – IP address –ipAdEntIfIndex (RO) – Index –ipAdEntNetMask (RO) – Subnet Mask –ipAdEntBcastAddr (RO) – Least significant byte –ipAdEntReasmMaxSize (RO) – size of largest IP datagram that can reassemble

Other scalar objects in IP Group ipForwarding (RW) – acting as IP Gateway : 1 - yes, 2 -no ipForwarding (RW) – acting as IP Gateway : 1 - yes, 2 -no ipInReceives (RO) – total number of input datagram received from interfaces ipInReceives (RO) – total number of input datagram received from interfaces ipInHdrErrors (RO) – total number of input datagram discarded due to error in IP header ipInHdrErrors (RO) – total number of input datagram discarded due to error in IP header ipIndiscards (RO) – number of discarded datagram that are non-error packets (lack of buffer) ipIndiscards (RO) – number of discarded datagram that are non-error packets (lack of buffer) ipOutNoRoutes (RO) - number of discarded datagram that no route ipOutNoRoutes (RO) - number of discarded datagram that no route

ICMP Group ICMP provides feedback about problems in the communication environment ICMP provides feedback about problems in the communication environment icmpInMsgs (RO) – total number of ICMP messages that the entity received icmpInMsgs (RO) – total number of ICMP messages that the entity received icmpInError (RO) – number of ICMP messages received but determined to have ICMP-specific error icmpInError (RO) – number of ICMP messages received but determined to have ICMP-specific error icmpInDestUnreachs (RO) – number of ICMP Destination Unreachable messages received icmpInDestUnreachs (RO) – number of ICMP Destination Unreachable messages received

icmpOutDestUnreachs (RO) – number of ICMP destination Unreachable messages sent icmpOutDestUnreachs (RO) – number of ICMP destination Unreachable messages sent icmpOutTimeExcds (RO) – number of ICMP Time Exceeded messages sent icmpOutTimeExcds (RO) – number of ICMP Time Exceeded messages sent icmpOutEchos (RO) – number of ICMP Echo (request) messages sent icmpOutEchos (RO) – number of ICMP Echo (request) messages sent icmpOutEchoReps (RO) – number of ICMP Echo Reply messages sent icmpOutEchoReps (RO) – number of ICMP Echo Reply messages sent

TCP Group Only one table – tcpConnTable sequence of tcpConnEntry Only one table – tcpConnTable sequence of tcpConnEntry –tcpConnState (RW) – TCP connection state –tcpConnLocalAddress (RO) – Local IP address –tcpConnLocalPort (RO) – Local Port number –tcpConnRemoteAddress (RO) – Remote IP address –tcpConnRemotePort (RO) – Remote Port number

TCP scalar objects tcpActiveOpens (RO) – number of active open connection tcpActiveOpens (RO) – number of active open connection tcpCurrEstab (RO) – number of TCP connection in ESTABLISH or CLOSE-WAIT state tcpCurrEstab (RO) – number of TCP connection in ESTABLISH or CLOSE-WAIT state tcpAttemptFails (RO) – number of failed connection attempts tcpAttemptFails (RO) – number of failed connection attempts tcpInsegs (RO) – total number of segment received including error segment tcpInsegs (RO) – total number of segment received including error segment tcpOutSegs (RO) – total number of segment sent tcpOutSegs (RO) – total number of segment sent

UDP Group Only one table – udpTable sequence of udpEntry Only one table – udpTable sequence of udpEntry –udpLocalAddress (RO) –udpLocalPort (RO) udpInDatagrams (RO) – total number of UDP datagrams delivered to UDP users udpInDatagrams (RO) – total number of UDP datagrams delivered to UDP users udpInError (RO) – total number of UDP datagram that could not be delivered udpInError (RO) – total number of UDP datagram that could not be delivered udpOutDatagrams (RO) – total number of UDP datagram sent udpOutDatagrams (RO) – total number of UDP datagram sent