BAI513 - PROTOCOLS SNMP BAIST – Network Management
Objectives Understand the basic principles and practices involved in managing modern networks Explain the role that the Simple Network Management Protocol can plan on an IP-based network Understand the basic structure and function SNMP management data, including Management Information Bases, Abstract Syntax Notation, and related SNMP management objects Explain the function of the standard remote monitoring SNMP Management Information Base known as RMON
Understanding Network Management Practices and Principles The tasks involved in managing a network depend on the ability to collect data about a network and detect network-related occurrences, usually called events This means being able to monitor and control all of the devices that go into a modern network, from hubs and routers, to server, switches, and gateways of various kinds To some extent, network management is a term that’s open to multiple interpretations
Network Management Architectures End stations are usually known as managed devices, and may be any kind of system—a desktop computer, server, router, hub, switch, PBX, or some other kind of equipment involved in networking— where management-related software is installed and running At each managed device, a special piece of software called a management agent responds to polls for collected data, where the management agent itself has custody of a management database (MDB) of information that it collects and maintains over time
Network Management Architectures On the data collection end, two kinds of activities occur within a management utility or facility, called a management entity, whose job is to provide access to management data, controls, and behaviors: 1.When alerts are received, appropriate responses must be generated 2.Regular polling or sampling of management data occurs, whereby the management entity requests updates from managed devices to reflect recent data intervals related to traffic characterization and error and utilization levels, and reports on application- or service-specific activity
Network Management Architectures Management entities usually function within the context of a network management system (NMS), in which agents and entities use specific network management protocols to communicate and exchange data Management proxies at a lower level in the hierarchy communicate with higher-level management entities to deliver status and event information
Network Management Architectures
Understanding SNMP SNMP is a request/ response-based protocol used to transport management messages between an SNMP agent (the client process) and an SNMP manager (the server process) There are several versions of SNMP currently defined: –SNMP version 1 (SNMPv1) –SNMP version 2 (SNMPv2) –SNMP version 3 (SNMPv3)
Understanding SNMP SNMPv1 consists of the following basic elements: –Management Information Base (MIB) objects –SNMP agents –SNMP managers –SNMP messages
Management Information Base (MIB) Objects A Management Information Base (MIB) is a database of manageable objects for a device The following lists some of the MIBs implemented on SNMP-managed networks: –MIB-2 (RFC 1213) –ATM MIB (RFC 2515) –Printer MIB (RFC 1759) –IPv6 MIB (RFC 2465)
MIB Objects Within any given MIB, a formal specification, known as the Structure of Management Information (SMI), defines the format for all objects maintained in that MIB In fact, SMI defines object formats in any MIB using a particular form of notation called Abstract Syntax Notation One (ASN.1) ASN.1 is a language used to describe a type of object and the object identifier (OID)
MIB Objects In SNMP, the object identifier is used to reference a single MIB object The object identifier is a sequence of non- negative integers that traverses an object tree The tree starts with the root The “branches” of the object tree are referred to as subordinates In SNMP, objects are identified by writing the path used to get to a specific device identifier on an object tree
ASN.1 Representation Uses a Structured Object Identifier
SMI Tree Branches
Using Object Identifiers The network management object identifiers are under the iso(1), org(3), dod(6), internet(1), or branch of the name space
Using Object Identifiers Currently, MIB-2 is the popular general MIB supported by most SNMP-managed devices In some instances, vendors may implement a private MIB that focuses specifically on a particular product’s manageable elements
MIB-2 Subordinates
SNMP Agents SNMP agent software is placed on devices that can be managed by SNMP managers The agent software contains the MIB for the device being managed SNMP agents answer to the SNMP manager’s queries for information about the objects in the agent’s MIB
SNMP Managers SNMP managers query SNMP agents for the information maintained about MIB objects SNMP managers also set thresholds on the SNMP agents
SNMP Messages SNMP managers and agents communicate over UDP with a specific set of commands These commands are as follows: –GET-REQUEST –GET-RESPONSE –GET-NEXT –SET –TRAP
SNMP Messages Both SNMPv1 & SNMPv2 messages consist of a header and PDU Both SNMPv1 & SNMPv2 message headers consist of 2 fields –Version Number –Community Name
SNMPv1 PDU Formats
SNMPv2 PDU Formats
Core SNMP Commands
GET Commands (GET-REQUEST/GET-RESPONSE) The GET-REQUEST command is used to read a single entry within a MIB The SNMP manager transmits the GET-REQUEST command and indicates the MIB entry of interest using its ASN.1 representation The GET-RESPONSE command is sent in reply
GET-NEXT When an SNMP manager wants to read a series of entries in a MIB table, it uses the GET-NEXT command The MIB objects desired follow the GET-NEXT command
SET The SET command is used to set thresholds on SNMP agents These thresholds can be referred to generically as event thresholds, not alarm thresholds, because they signify only that an event occurred
TRAP TRAP messages are unique among SNMP commands These messages are sent unsolicited by the SNMP agent to the SNMP manager when an event setting is exceeded
SNMP Security SNMP requests include a community name, which is a type of password There are three basic community names: –Read-Only (or Monitor) community name –Read/Write (or Control) community name –Alert (or Trap) community name Each community name typically has a different word associated with it In SNMPv1 and SNMPv2, these community names cross the network in plain text, making them even more insecure
Remote Monitoring (RMON) The RMON MIB is used to monitor and administer remote segments of a distributed network A distributed environment is usually fairly large with many devices to manage Distributed networks usually evolve over time and become heterogeneous environments (contain dissimilar equipment running different versions of software)
Remote Monitoring (RMON) In a distributed environment, you generally do not have personnel at each facility, who can assist in managing and troubleshooting, so you must find a cost- effective solution RMON places agents, called network probes, at various locations on the distributed network Probes are standalone devices that contain a NIC, a processor, memory, and software
Remote Monitoring (RMON) The probes are attached to the network like any other physical device The first version of RMON, as outlined in RFC 1757, was Ethernet-based Its OID is ( ) and it has nine distinct groups of objects The implementation of any or all of these groups is not mandatory
Remote Monitoring (RMON) The following lists some of the commonly used groups: –Ethernet statistics –History control –Alarm –Host –HostTopN –Matrix –Filter –Packet capture –Event
Summary Understand the basic principles and practices involved in managing modern networks Explain the role that the Simple Network Management Protocol can plan on an IP-based network Understand the basic structure and function SNMP management data, including Management Information Bases, Abstract Syntax Notation, and related SNMP management objects Explain the function of the standard remote monitoring SNMP Management Information Base known as RMON