SNMP Simple Network Management Protocol Team: Matrix CMPE-208 Fall 2006

What is Network Management? Maintenance and administration of networks at the top level Configuration ManagementConfiguration Management –Keeping track of network device settings Fault ManagementFault Management –Detect, isolate and correct problems in the network (alerts) Performance ManagementPerformance Management –Provide data for statistic and network performance Security ManagementSecurity Management - protect network against unauthorized access Bandwidth ManagementBandwidth Management - measuring and controlling communications on a network

What is SNMP? SNMP (Simple Network Management protocol): A protocol that enables a management station to configure, monitor, and receive trap (alarm) messages from network devicesSNMP (Simple Network Management protocol): A protocol that enables a management station to configure, monitor, and receive trap (alarm) messages from network devices

SNMP & Network Management History TCP/IP replaces ARPANET at U.S. DoD, effective birth of Internet TCP/IP replaces ARPANET at U.S. DoD, effective birth of Internet CMIP - Common Management Information Protocol CMIP - Common Management Information Protocol CMOT - CMIP over TCP CMOT - CMIP over TCP SGMP - Simple Gateway Monitoring protocol (RFC 1028) SGMP - Simple Gateway Monitoring protocol (RFC 1028) SNMP working group formed SNMP working group formed 1990 – SNMP promoted to a recommended status (RFC 1157)1990 – SNMP promoted to a recommended status (RFC 1157) 1991 – SNMPv1 defined with format of MIBs and traps1991 – SNMPv1 defined with format of MIBs and traps (RFCs 1212, 1215) (RFCs 1212, 1215)

SNMP Characteristics Widespread adoptionWidespread adoption -de facto standard for inter-network management. SimpleSimple -requires little code to implement -requires little code to implement -vendors can easily build SNMP agents to their products -vendors can easily build SNMP agents to their products ExtensibleExtensible -easy for vendors to add network management functions to products. Clean architectureClean architecture -separates management architecture from hardware devices’ architecture -separates management architecture from hardware devices’ architecture -broadens the base of multi-vendor support -broadens the base of multi-vendor support

Comprised of mainly agents and managers Major Components of SNMP Agent - process (software) running on each managed device collecting information about the device it is running on. Manager - process (software) running on a management workstation that requests information about devices on the network.

SNMP Architectural Model

SNMP network managed devices are dictated by: SNMP: Inside the Agents Structure of Management Information (SMI) Rules specifying the format used to define objects managed on the network that the SNMP protocol accesses Management Information Base (MIB) A map of the hierarchical order of all managed objects Leaves represent individual data items Abstract Syntax Notation One (ASN.1) Dictates how MIB variables must be defined and referenced

MIBs and Object Identifiers Let’s have a detailed look at MIBs... MIBS Object Identifiers (Ids) Uniquely identify or named the MIB objects Like telephone number--they are organized hierarchically with specific digits assigned by different organizations Uniquely identify or named the MIB objects Like telephone number--they are organized hierarchically with specific digits assigned by different organizations An abstract tree with an unnamed root, individual data items make up the leaves of the tree Tree is extensible by virtue of experimental and private branches (Vendors can define their own private branches to include instances of their own products)

MIB Sample Tree BEA Object ID = =

Four Basic Commands Get GetNext Set Trap Retrieves the value of a MIB variable stored on the agent machine Retrieves the next value of the next lexical MIB variable Changes the value of a MIB variable An Event/Alarm notification sent by an agent to a management application

SNMP OperationsSNMP Operations agent data Managed device managing entity response agent data Managed device managing entity trap request Request/Response ModeTrap Mode

SNMP Transport Messages SNMP uses User Datagram Protocol (UDP) as the transport mechanism for SNMP messages UDP Port SNMP Messages UDP Port SNMP Trap Messages Like FTP, SNMP uses two well-known ports to operate: Ethernet Frame IP Packet UDP Datagram SNMP Message CRC

SNMP Basic Message Format Message Length Message Version Community String PDU Header PDU Body Message Preamble SNMP Protocol Data Unit Community names are used to define where an SNMP message is destined for.

Message Length Message Version Community String PDU Type PDU Length Request ID Error Status Error Index Length of Variable Bindings Length of First Binding Additional Variable Bindings OID of First Binding Type of First Binding Value of First Binding Length of Second Binding OID of Second Binding Type of Second Binding Value of Second Binding Message Length Message Version Community String PDU Type PDU Length Enterprises MIB OID Agent IP Address Standard Trap Type Length of Variable Bindings Length of First Binding Additional Variable Bindings OID of First Binding Type of First Binding Value of First Binding Length of Second Binding OID of Second Binding Type of Second Binding Value of Second Binding Specific Trap Type Time Stamp PDU Body SNMP Message Preamble PDU Header SNMP Message Formats

SNMP MESSAGE SNMP PDU VARIABLE BINDINGS

SNMP Versions SNMP v1: RFC 1155 and RFC SNMP v2c: RFC 1901, RFC 1905, and RFC 1906 SNMP v3: RFC 1905, RFC 1906, RFC 2571, RFC 2572, RFC 2574, and RFC 2575.

SNMP v1 Most widely used of all versions Support GET GETNEXT SET TRAP Security based on Read-only and Read-Write community strings Defined in RFC 1157

SNMP v2c Same PDU structure for Trap and Get/Set request Updated protocol operations: Getbulk, Inform Updated data types: Counter32, Counter64,… Used the same community-based security from v1 Support Get, Get next, Get bulk, set, trap, inform Defined in RFCs 1901, 1905, and 1906

New Commands in SNMPv2c Get Bulk RequestGet Bulk Request – Retrieve N objects with simple get-next operation InformInform – Enable manager to send some information to another manger

SNMP v3 SNMPv2 protocol operations and data types Proxy support User-based security Defined in RFCs 2571, 2572, 2573, 2574, and 2575

SNMP v3 Protocol Operations GetBulk Report Inform Used by a manager to send an alert to another manager Contain Security information from Agent to Manager for connection establishment. Same as a v1 notification, except the PDU has the same structure as Get, GetNext, and Set Retrieves a potentially large amount MIB values without having the manager to send successive GetNext requests Get, GetNext, Set v2Trap

SNMP v3 User-Based Security User Security Model (USM) is designed to secure against the following principle threats: Modification of Information Masquerade Message Stream Modification Disclosure

SNMP v3 User-Based Security USM Message Processing

SNMP v3 User-Based Security USM authentication protocols: USM encryption: HMAC-MD5-96 HMAC-SHA-96 Cipher Block Chaining (CBC) mode of the Data Encryption Standard (DES)

SNMP RFC’s

SNMP References ____________________________________________________________ WEBSITES: “Simple Network Management Protocol (SNMP)” “The Simple Times” Volume 5, Number 1; December, “SNMPv3: A Security Enhancement for SNMP”, William Stallings BOOKS:.”Understanding SNMP MIBs”, David Perkins Evan McGinnis “SNMP, SNMPv2, and RMON”, William Stallings, 1996, ISBN# “Internetworking with TCP/IP”, 4th edition, Douglas E. Comer, 2000, ISBN#

Thank You

SUGGESTIONS and QUESTIONS