SNMP Network Management (I)* *Mani Subramanian “Network Management: Principles and practice”, Addison-Wesley, 2000.

SNMP Network Management Organization Model Communication Model Information Model Structure of Management Information (SMI) Managed Objects Management Information Base (MIB) SNMP Administrative Model SNMP Protocol Specs

Organization Model Describes components of a network management system Focuses on functions and infrastructure Objects are network elements such as hubs, bridges, routers, etc. Managed elements have a process running on them called an agent Manager queries the agent, gets information, processes it and stores it in the MIB MIB SNMP Manager agent agent Managed Objects Unmanaged Objects A simplified hierarchical (2-tier) setup

Organization Model Multiple managers, 1 agent An agent responds to any management system that communicates with it using SNMP A NMS provided by a vendor is in a better position to manage, monitor and configure all NEs coming from that same vendor MIB SNMP Manager SNMP Manager Managed Object agent Managed Objects Managers may have restricted access to managed objects

Organization Model Limiting the data that a manager wishes to obtain! RMON (Remote Monitoring): acts as an agent and a manager RMON gathers data from MO, analyses the data, and stores the data Communicates the statistics to the manager MIB SNMP Manager SNMP Manager Managed Object agent Managed Objects RMON Probe Managers may have restricted access to managed objects 3-tier architecture

Organization Model Proxy server converts non-SNMP data from non- SNMP objects to SNMP compatible objects and messages MIB SNMP Manager Proxy Server Managed Object agent Wireless LAN Managed Objects unmanaged Objects

Introduction to SNMP

SNMP Network Management Organization Model Communication Model Information Model Structure of Management Information (SMI) Managed Objects Management Information Base (MIB) SNMP Administrative Model SNMP Protocol Specs

Communication Model MANAGER AGENTS SNMP Polling MIB Trap

Communication Model Communicate mgnt information between network mgnt stations and managed elements Goals: Management functions maintained by agents are kept simple Protocol flexibility (addition of new aspects of operation and management) Transparency (should not be affected by the architecture of particular hosts and gateways) Operation: 5 messages get-request, get-next request, set-request get-response, trap SNMP messages are exchanged using UDP (connection less) transport protocol: ports 161 and 162

Communication Model Manages objects SNMP messages Network or Internet SNMP Manager Application Get-Response Get-Request GetNext-Request Set-Request Trap UDP IP DLC PHY SNMP Agent SNMP agent Physical Medium Manage- ment Data Network or Internet Manages objects SNMP messages

Communication Model-SNMP Traps Type Indication Cold-start of a system Agent is reinitializing itself since its configuration has changed Warm-start of a system Agent is reinitializing itself but its configuration has not changed Link down Link failure Link up Link restoral Failure of Authentication Request does not have proper authentication e.g., wrong SNMP community string EGP neighbor loss Exterior Gateway protocol neighbor gone Enterprise specific Specific to vendor implementing it

Communication Model-SNMP Traps Type Cold-start of a system Warm-start of a system Link down Link up Failure of Authentication EGP neighbor loss Enterprise specific Format generic-trap INTEGER { coldStart (0), warmStart (1), linkDown (2), linkUp (3), authenticationFailure (4), egpNeighborLoss (5), enterpriseSpecific (6) }

SNMP Network Management Organization Model Communication Model Information Model Structure of Management Information (SMI) Managed Objects Management Information Base (MIB) SNMP Administrative Model SNMP Protocol Specs

Structure of Management Information RFC 1155: Structure of Management Information A common representation for data between both manager and agent Defines the syntax (using ASN.1) to describe management information Data types and Rules used to define managed objects in a MIB Generic objects and private (vendor specific) objects conforming to SMI rules (RFC 1155) can be managed by SNMP

SMI, Objects and Instances Objects have: object types and object instances SMI is concerned with types and not instances Object type Name (unique descriptor and object identifier) Syntax (ASN.1) Encoding (BER) Object Instance Type Encoding: BER Syntax: ASN.1 Name: OBJECT IDENTIFIER Managed Object : Type and Instance

SMI, Objects and Instances 172.16.46.1 Backbone Network Hub 1 172.16.46.2 Hub 2 172.16.46.3 Router 1 172.17.252.1 Router 2 NMS 192.168.252.110 A Managed LAN Network Object Instance Type Encoding: BER Syntax: ASN.1 Name: OBJECT IDENTIFIER Managed Object : Type and Instance A hub is an object type A hub with IP 172.16.46.3 is an instance of the object

SMI, Objects and Instances Type Encoding: BER Syntax: ASN.1 Name: OBJECT IDENTIFIER Managed Object : Type with Multiple Instances Instance 2 Instance 1

SMI, Names root ccitt(0) iso(1) joint-iso-ccitt(2) org(3) dod(6) internet(1) private(4) mgmt(2) experimental(3) enterprise(1) mib-2(1) Each managed object is associated with an identifier (OBJECT IDENTIFIER) Identifiers are used to name objects and they are unique for managed objects identifier is a sequence of integers internet OBJECT IDENTIFIER ::= { iso(1) org(3) dod(6) 1 } ::= {1 3 6 1 } ::= {iso standard dod internet} Name of managed object

SMI, Names Sub-nodes under Internet To identify objects used {1 3 6 1} directory mgmt experimental private (1) (2) (3) (4) To identify objects used in Internet experiments Reserved for future use Used for objects defined in IAB-approved documents Used heavily by commercial vendors Sub-nodes under Internet

SMI, Names Internet {1 3 6 1} directory mgmt experimental private (1) (2) (3) (4) mib-2 (1) system (1) interfaces (2) at (3) ip (4) icmp (5) snmp (11) transmission (10) cmot (9) egp (8) udp (7) tcp (6)

SMI, Names Internet {1 3 6 1} directory mgmt experimental private (1) (2) (3) (4) enterprises (1) hp (11) cisco (9) 3Com (43) Cabletron (52)

SMI, SNMP Syntax SNMP ASN.1 Data Type Defined or Application Constructor Structured Simple Primitive Number Tag Structure Class Universal Context- specific Private

SNMP Primitive Data Types Data Type Comments INTEGER Subtype INTEGER (n1..nN) Special case: Enumerated INTEGER type OCTET STRING 8-bit bytes binary and textual data Subtypes can be specified by either range or fixed OBJECT IDENTIFIER Object position in MIB NULL Placeholder Special case of INTEGER data type (enumeration): Subtype: INTEGER (0..255) OCTET STRING (SIZE 0..255) OCTET STRING (SIZE 8)

Application-Wide SNMP Types 231 IpAddress ::= [APPLICATION 0] IMPLICIT OCTET STRING (SIZE (4)) Counter ::= [APPLICATION 1] IMPLICIT INTEGER (0..4294967295) Gauge ::= [APPLICATION 2] IMPLICIT INTEGER (0..4294967295) TimeTicks ::= [APPLICATION 3] IMPLICIT INTEGER (0..4294967295) Opaque ::= [APPLICATION 4] IMPLICIT OCTET STRING 160.85.128.1 [ms] 10 1 20 2 A0 55 80 01 Counter, also known as roll over counter (may be incremented but not decremented) e.g., counts the number of packets sent or received at a particular interface Gauge: may increase and decrease e.g., counts the current number of packets stored in the queue. Time ticks, time is measured relative to some event (such as startup or re- initialization) within the managed system

SNMP Structured Types SEQUENCE,SEQUENCE OF SET and SET OF of ASN.1 are not included in SNMP- based management Used to build lists and tables SEQUENCE {<type1>, <type2>,….., <typeN>} Managed objects Their location in the MIB Their data types

SNMP Structured Types ipAddrTable is made up of instances of IpAddrEntry object

SMI, Encoding Basic Encoding Rules, BER Data Types and Tags Type Tag OBJECT IDENTIFIER UNIVERSAL 6 SEQUENCE UNIVERSAL 16 IpAddress APPLICATION 0 Counter APPLICATION 1 Gauge APPLICATION 2 TimeTicks APPLICATION 3 Opaque APPLICATION 4 Encoding of Object Identifiers: Packs the first two integers into a single sub-identifier

SMI, Encoding enterprise OBJECT IDENTIFIER ::= {iso(1) org(3) dod(6) internet(1) private(4) 1} Z = 40·X + Y X Y 43 6 1 4 06 05 2B 01 04

Managed Objects Textual name: mnemonic; always begins with lower case sysDescr(1) sysObjectID(2) sysContact(4) sysUpTime(3) system(1) Textual name: mnemonic; always begins with lower case OBJECT IDENTIFIER: unique position of the managed object in the MIB Syntax: the ASN.1 definition of the object type Access: read-only, read-write, not-accessible (e.g., tables) Status: mandatory, optional, obsolete Definition: textual description of the object type

Managed Objects sysDescr(1) sysObjectID(2) sysContact(4) sysUpTime(3) system(1)

Macros for Managed Objects A formal definition for managed objects

SMI Definitions

Macros for Managed Objects Using OBJECT-TYPE MACRO to define a managed object of the system group in the MIB sysDescr OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) ACCESS read-only STATUS mandatory DESCRIPTION “A textual description of the entity. This value should include the full name and version identification of the system’s hardware type, software operating-system, and networking software. It is mandatory that this only contain printable ASCII characters.” ::= { system 1 } This is how objects are defined in the MIB This definition is valid as long as the MACRO OBJECT TYPE is imported from RFC1155

Macros for Managed Objects sysDescr(1) sysObjectID(2) sysContact(4) sysUpTime(3) system(1) sysUpTime OBJECT-TYPE SYNTAX TimeTicks ACCESS read-only STATUS mandatory DESCRIPTION "The time (in hundredths of a second) since the network management portion of the system was last re-initialized." ::= { system 3 }

Aggregate Objects Example: IP address table A group of related objects (also called tabular objects) Represented by a table with Columns of objects Rows of instances Example: IP address table Consists of objects: IP address Interface Subnet mask (which subnet this address belongs to) Broadcast address (value of l.s.b. in IP broadcast address) Largest IP datagram that can be assembled Multiple instances of these objects associated with the node

Aggregate Object Macro-ipAddrTable (RFC 1155) ipAddrTable OBJECT-TYPE Syntax SEQUENCE OF IpAddrEntry Access not-accessible STATUS mandatory Definition "The table of addressing information relevant to this entity's IP addresses." ::={ip 20} ipAddrEntry OBJECT-TYPE Syntax IpAddrEntry Definition "The addressing information for one of this entity's IP addresses..„ INDEX {ipAdEntAddr} ::={ipAddrTable 1} IpAddrEntry ::= SEQUENCE { ipAdEntAddr IpAddress, ipAdEntIfIndex INTEGER, ipAdEntNetMask IpAddress, ipAdEntBcastAddr INTEGER, ipAdEntReasmMaxSize INTEGER (0..65535)}

Aggregate Object Macro-ipAddrTable (RFC 1155) ipAdEntAddr OBJECT-TYPE Syntax IpAddress Access read-only STATUS mandatory Definition "The IP address to which this entry's addressing information pertains." ::={ipAddrEntry 1} ipAdEntIfIndex OBJECT-TYPE Syntax INTEGER Definition "The index value that uniquely identifies the interface to which this entry is applicable. The interface identified by a particular value of this index is the same interface as identified by the same value of IfIndex." INDEX {ipAdEntAddr} ::={ipAddrEntry 2} .

Columnar Objects Aggregate objects type contains one or more subtypes each could have multiple instances, with a value associated with each instance It is convenient to conceptually define a tabular structure for objects with multiple values e.g., IP address table TABLE T ENTRY E COLUMNAR OBJECT 5 Multiple Instance Managed Object OBJECT 4 OBJECT 3 OBJECT 1 OBJECT 2 The objects TABLE T and ENTRY E are logical objects define grouping, are not accessible Columnar objects are objects that represent the attributes hence are accessible Each instance of E is a row of columnar objects 1 through 5 Multiple instances of E are represented by multiple rows

Columnar Objects T T.E T.E.1.1 T.E.5.1 T.E.2.1 T.E.3.1 T.E.4.1 T.E.1.2 T.E.5.2 T.E.2.2 T.E.3.2 T.E.4.2 T.E.1.3 T.E.5.3 T.E.2.3 T.E.3.3 T.E.4.3 T.E.1.4 T.E.5.4 T.E.2.4 T.E.3.4 T.E.4.4 Example of 5 Columnar Object with 4 Instances (rows) Object ID Not accessible {Table, Entry, Object, Index} Row 3: the third instance of the object Notice that the column-row numeric designation is reverse of that used in matrix representation (row-column)

Columnar Objects - Example ipAddrTable {1.3.6.1.2.1.4.20} ipAddrEntry (1) ipAdEntAddr (1) ipAdEntIfIndex (2) ipAdEntNetMask (3) ipAdEntBcastAddr (4) ipAdEntReasmMaxSize (5) Columnar object ID of ipAdEntBcastAddr is (1.3.6.1.2.1.4.20.1.4): iso org dod internet mgmt mib ip ipAddrTable ipAddrEntry ipAdEntBcastAddr 1 3 6 1 2 1 4 20 1 4 Columnar objects under ipAddrEntry Row ipAdEntAddr ipAdEntIfIndex IpAdEntNetMask IpAdEntBcastAddr IpAdEntReasmMaxSize 1 123.45.2.1 255.255.255.0 12000 2 123.45.3.4 3 255.255.0.0 165.8.9.25 10000 4 9.96.8.138 15000 4 instances of the Columnar object Index of table Object instances of ipAddrTable (1.3.6.1.2.1.4.20)

Columnar Objects - Example Row ipAdEntAddr ipAdEntIfIndex IpAdEntNetMask IpAdEntBcastAddr IpAdEntReasmMaxSize 1 123.45.2.1 255.255.255.0 12000 2 123.45.3.4 3 255.255.0.0 165.8.9.25 10000 4 9.96.8.138 15000 Object instances of ipAddrTable (1.3.6.1.2.1.4.20) Node 1 under ipAddrEntry Columnar Object Row # Object Identifier ipAdEntAddr 1.3.6.1.2.1.4.20.1.1 2 {1.3.6.1.2.1.4.20.1.1.123.45.3.4} ipAdEntIfIndex 1.3.6.1.2.1.4.20.1.2 3 {1.3.6.1.2.1.4.20.1.2.165.8.9.25} ipAdEntBcastAddr 1.3.6.1.2.1.4.20.1.4 1 {1.3.6.1.2.1.4.20.1.4.123.45.2.1} IpAdEntReasmMaxSize 1.3.6.1.2.1.4.20.1.5 4 {1.3.6.1.2.1.4.20.1.5.9.96.8.138} Index of the object instance Object ID for ipAddrEntry Object Id for specific instances

Management Information Base (MIB) RFC 1213 MIB is a database containing information about elements to be managed For SNMP, the MIB is a structured database (tree) Each resource to be managed is represented by an object Each system (e.g., a router) maintains a MIB that reflects the status of its managed resources A NMS monitors/controls the resources by reading/modifying the values of objects in the MIB

MIB, RFC1213 mgmt (2) directory (1) experimental (3) private (4) Internet {1 3 6 1} mib-2 Internet MIB-II Group system (1) interfaces (2) at (3) ip (4) icmp (5) snmp (11) transmission (10) cmot (9) egp (8) udp (7) tcp (6) Implementation can be done as needed (e.g., objects essential for fault or configuration management are added) If a group is implemented by a vendor, all its components are implemented (e.g. OSPF and all its group objects) <module name> DEFINITIONS ::= BEGIN <imports> <definitions> END

MIB, RFC1213 -- groups in MIB-II RFC1213-MIB DEFINITIONS ::= BEGIN system OBJECT IDENTIFIER ::= { mib-2 1} interfaces OBJECT IDENTIFIER ::= { mib-2 2 } at OBJECT IDENTIFIER ::= { mib-2 3 } ip OBJECT IDENTIFIER ::= { mib-2 4 } icmp OBJECT IDENTIFIER ::= { mib-2 5 } tcp OBJECT IDENTIFIER ::= { mib-2 6 } udp OBJECT IDENTIFIER ::= { mib-2 7 } egp OBJECT IDENTIFIER ::= { mib-2 8 } cmot OBJECT IDENTIFIER ::= { mib-2 9 } transmission OBJECT IDENTIFIER ::= {mib-2 10} snmp OBJECT IDENTIFIER ::= { mib-2 11 } . END RFC1213-MIB DEFINITIONS ::= BEGIN IMPORT mgmt, NetworkAddress, IpAddress, Counter, Gauge, TimeTicks FROM RFC1155-SMI OBJECT-TYPE FROM RFC-1212; -- This MIB module uses the extended -- OBJET-TYPE macro as defined in [14]; -- MIB-II (same prefix as MIB-I) mib-2 OBJECT IDENTIFIER ::= { mgmt 1 } -- textual conventions DisplayString ::= OCTET STRING -- This data type is used to model textual -- information taken from the NVT ASCII character -- set. By convention, objects -- with this syntax are declared as having -- -- SIZE (0..255) PhysAddress ::= -- This data type is used to model media -- addresses. For many types of media, this will -- be in a binary representation. For example, -- an ethernet address would be represented as -- a string of 6 octets.

MIB, System Group sysServices (7) sysLocation (6) sysDescr (1) system -- the System group -- Implementation of the System group is -- mandatory for all systems. If an agent is not -- configured to have a value for any of these -- variables, a string of length 0 is returned. sysDescr OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) ACCESS read-only STATUS mandatory DESCRIPTION "A textual description of the entity. ……." ::= { system 1 } sysServices (7) sysLocation (6) sysDescr (1) system (mib-2 1) sysObjectId (2) sysUpTime (3) sysName (5) sysContact (4) sysObjectID OBJECT-TYPE SYNTAX OBJECT IDENTIFIER ACCESS read-only STATUS mandatory DESCRIPTION "The vendor's authoritative identification of the network management subsystem contained in the entity." ::= { system 2 } sysUpTime OBJECT-TYPE SYNTAX TimeTicks ACCESS read-only STATUS mandatory DESCRIPTION "The time (in hundredths of a second) since the network management portion of the system was last reinitialized." ::= { system 3 }

MIB, System Group Fault monitoring: By periodically polling each agent for this value; if the current value is less than the most recent value, then the agent has been restarted since last poll! Programmed by vendor of objects during manufacturing time

MIB, Interface Group ifTable (2) ifNumber (1) interfaces (mib-2 2) ifEntry ifIndex (1) ifDescr (2) ifType (3) ifMtu (4) ifSpeed (5) ifPhysAddress (6) ifAdminstatus (7) ifOperStatus (8) ifLastChange (9) ifInOctets (10) ifInUcastPkts (11) ifSpecific (22) ifOutQLen (21) ifOutErrors (20) ifOutDiscards (19) ifOutNUcastPkts (18) ifOutUcastPkts (17) ifOutOctets (16) ifUnknownProtos (15) ifInErrors (14) ifInDiscards (13) ifInNUcastPkts (12) It specifies the number of interfaces in a network component and the managed objects associated with each interface E.g., Ethernet bridge with many network interface cards Implementation: mandatory interfaces OBJECT IDENTIFIER ::= { mib-2 2 }

MIB, Interface Group ifNumber OBJECT-TYPE SYNTAX INTEGER ifTable (2) ifNumber (1) interfaces (mib-2 2) ifEntry ifNumber OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The number of network interfaces (regardless of their current state) present on this system." ::= { interfaces 1 } ifEntry OBJECT-TYPE SYNTAX IfEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "An interface entry containing objects at the sub-network layer and below for a particular interface." INDEX { ifIndex } ::= { ifTable 1 } ifTable OBJECT-TYPE SYNTAX SEQUENCE OF IfEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A list of interface entries. The number of entries is given by the value of ifNumber." ::= { interfaces 2 } IfEntry ::= SEQUENCE {ifIndex INTEGER, ifDescr DisplayString, ifType INTEGER, ifMtu INTEGER, ifSpeed Gauge, ifPhysAddress PhysAddress, ifAdminStatus INTEGER, ifOperStatus INTEGER, ifLastChange TimeTicks, ifInOctets Counter, ……}

MIB, Interface Group ifTable (2) ifNumber (1) interfaces (mib-2 2) ifEntry ifIndex (1) ifDescr (2) ifType (3) ifMtu (4) ifSpeed (5) ifPhysAddress (6) ifAdminstatus (7) ifOperStatus (8) ifLastChange (9) ifInOctets (10) ifInUcastPkts (11) ifSpecific (22) ifOutQLen (21) ifOutErrors (20) ifOutDiscards (19) ifOutNUcastPkts (18) ifOutUcastPkts (17) ifOutOctets (16) ifUnknownProtos (15) ifInErrors (14) ifInDiscards (13) ifInNUcastPkts (12) Basic information useful for network management such as performance monitoring and fault control Examples 1)-measuring the queue length or the total number of octets into/out of the system-- indicators for detecting congestion 2)- measuring the traffic rate on a given interface! ifInUcastPkts/second, ifOutUcastPkts/second Counter data types, always incrementing!

MIB, IP Group ipRoutingDiscards (23) ip (mib-2 4) ipForwarding (1) ipDefaultTTL (2) ipInReceives (3) ipInHdrErrors (4) ipInAddrErrors (5) ipForwDatagrams (6) ipInUnknownProtos (7) ipInDiscards (8) ipInDelivers (9) ipOutRequests(10) ipNetToMediaTable (22) ipRouteTable (21) ipAddrTable (20) ipFragCreates (19) ipFragFails (18) ipFragOKs (17) ipReasmFails (16) ipReasmOKs (15) ipReasmReqds (14) ipOutDiscards (11) ipReasmTimeout (13) ipOutNoRoutes (12) Contains information relevant to the implementation and operation of IP at a node Routers periodically execute routing algorithms and update routing tables IP Address Table contains table of IP addresses IP Route Table contains an entry for each route IP Network-to-Media Table is address translation table mapping IP addresses to physical addresses

MIB, IP Group Gateway or router TTL in IP header Total # packets ipRoutingDiscards (23) ip (mib-2 4) ipForwarding (1) ipDefaultTTL (2) ipInReceives (3) ipInHdrErrors (4) ipInAddrErrors (5) ipForwDatagrams (6) ipInUnknownProtos (7) ipInDiscards (8) ipInDelivers (9) ipOutRequests(10) ipNetToMediaTable (22) ipRouteTable (21) ipAddrTable (20) ipFragCreates (19) ipFragFails (18) ipFragOKs (17) ipReasmFails (16) ipReasmOKs (15) ipReasmReqds (14) ipOutDiscards (11) ipReasmTimeout (13) ipOutNoRoutes (12) Gateway or router TTL in IP header Total # packets received from interfaces # of discarded datagrams due to header errors

MIB, IP Group ipAddrTable (ip 20) ipAddrEntry (ipAddrTable 1) ipAdEntAddr (1) ipAddrEntry (ipAddrTable 1) ipAdEntReasmMaxSize (5) ipAdEntBcastAddr (4) ipAddrTable (ip 20) ipAdEntIfIndex (2) ipAdEntNetMask (3)

MIB, IP Group Contains information used for Internet routing ipRouteEntry ipRouteTable (1) ipRouteDest (1) ipRouteIfIndex (2) ipRouteMetric1 (3) ipRouteMetric2 (4) ipRouteMetric3 (5) ipRouteInfo (13) ipRouteMetric5 (12) ipRouteMask 11) ipRouteAge (10) ipRouteProto (9) ipRouteMetric4 (6) ipRouteType (8) ipRouteNextHop (7) ipRouteTable (ip 21) Contains information used for Internet routing ipRouteTable information is useful for: configuration monitoring, controlling the routing process as well as fault isolation

MIB, TCP Group Contains info. relevant to the implementation/operation of connection-oriented TCP tcp (mib-2 6) tcpRtoAlgorithm (1) tcpRtoMin (2) tcpRtoMax (3) tcpMaxConn (4) tcpActiveOpens (5) tcpOutRsts (15) tcpInErrors (14) tcpConnTable 13) tcpRetranSegs (12) tcpOutSegs (11) tcpPassiveOpens (6) tcpInSegs (10) tcpCurrEstab (9) tcpAttemptFails (7) tcpEstabResets (8) Timeout algorithm for retransmission Minimum value for retransmission timer # segments retransmitted Maximum value for retransmission timer # segments received # segments sent Maximum nb of TCP connections

MIB, TCP Group tcpConnEntry (1) tcpConnState (1) tcpConnLocalAddress (2) tcpCommRemPort (5) tcpConnRemAddress(4) tcpConnLocalPort (3) tcpConnTable (tcp 13)

SNMP Network Management Organization Model Communication Model Information Model Structure of Management Information (SMI) Managed Objects Management Information Base (MIB) SNMP Administrative Model SNMP Protocol Specs

SNMPv1 Administrator Model SNMP Entities: SNMP application entities Reside in management stations and network elements Manager and agent Pairing of both entities forms SNMP community SNMP protocol entities Communication processes (PDU handlers) Peer processes that support application entities Administrative model defines administrative relationship between communicating entities Management stations, each manages all or a subset of the managed stations in the configuration Subsets may overlap Each managed station controls its local MIB control the use of MIB by a number of management stations

SNMPv1 Administrator Model SNMP Community It is a relation: between one SNMP agent and a set of managers defines authentication, access control and proxy charct. SNMP Manager Authentication Scheme SNMP Agent Authentic Messages Multiple pairs can belong to the same community A community name is a string of octets Two application entities in the same community can communicate with each other This essentially defines a filter module or authentication scheme between manager and agent Security in SNMPv1 is therefore community-based no encryption

SNMPv1 Administrator Model SNMP Community Profile Operations such as get, set and trap can be performed on objects 2,3,4 SNMP Agent Object 2 read-only READ- ONLY WRITE SNMP Access Mode SNMP MIB View MIB Access Object 3 write-only Object 1 not-accessible Object 4 read-write only get, and trap are performed on objects 2,3,4 Community profile: MIB view + SNMP access mode MIB View: a subset of the managed objects an agent is permitted to manage/view A community name is also assigned an SNMP access mode READ ONLY, READ-WRITE Operations on an object is determined by community profile and the access mode of the object Total of four access privileges Read-only, write-only, read- write, not-accessible Some objects, such as table and table entry, are non-accessible

SNMPv1 Administrator Model SNMP Access Policy Community Community Profile 1 Community Profile 2 Agent 2 Agent 1 Manager Pair of “SNMP community” and “community profile” define SNMP access policy Access policy allow a managed agent to give different access privileges to different managers Manager manages network components of communities 1 and 2 via Agents 1 and 2 Agent 1 has only view of Community Profile 1, e.g. Cisco components Agent 2 has only view of Community Profile 2, e.g. 3Com components Manager has total view of both Cisco and 3Com components

SNMPv1 Administrator Model SNMP Access Policy Community 1 Community Profile 1 Community Profile 2 Manager 3 (Community 1, Community 2) Agent 2 Agent 1 Community 2 Community Profile 3 Community Profile 4 Agent 4 Agent 3 Manager 2 (Community 2) Manager 1 (Community 1) Manager 1 manages community 1, manager 2 community 2,and manager 3 (MoM) both communities 1 and 2 Example: Enterprise management

SNMPv1 Administrator Model SNMP Proxy Access Policy Proxy agent enables non- SNMP community elements to be managed by an SNMP manager An SNMP MIB is created to handle the non-SNMP objects SNMP Community non-SNMP Community Proxy Agent SNMP Agent SNMP Manager (Community 1)

SNMP Network Management Organization Model Communication Model Information Model Structure of Management Information (SMI) Managed Objects Management Information Base (MIB) SNMP Administrative Model SNMP Protocol Specs

Message Format version community data Protocol entities support application entities Communication between remote peer processes Message consists of : Version identifier Community name Protocol Data Unit Message encapsulated in UDP datagrams and transmitted SNMP uses two well-known ports to operate: UDP Port 161 - SNMP Messages UDP Port 162 - SNMP Trap Messages

Message Format version community data SNMP message format is defined using ASN.1, encoded for transmission over UDP using BER Message ::= SEQUENCE { version INTEGER {version-1(0)}, community OCTET STRING, data PDUs } 3 different versions: SNMPv1, SNMPv2, SNMPv3

Message Format-Set/Get PDU version community data Message ::= SEQUENCE { version INTEGER {version-1(0)}, community OCTET STRING, data PDUs } PDUs::= CHOICE { get-request [0] IMPLICIT PDU, get-next-request [1] IMPLICIT PDU, get-response [2] IMPLICIT PDU, set-request [3] IMPLICIT PDU, trap [4] IMPLICIT Trap-PDU }

Message Format-Set/Get PDU request- id error- status variable-bindings error- index PDU- type request-id: track a message and indicate loss of a message (e.g., timeout, etc.) error-status: indicate the occurrence of error error-index: indicate the occurrence of error (position in the list of variables) variable-bindings: grouping of number of operations in a single message: e.g., one request to get all values and one response listing all values PDU ::= SEQUENCE { request-id INTEGER, error-status INTEGER { noError (0), tooBig (1), noSuchName(2), badValue (3), readOnly (4), genErr (5) }, error-index INTEGER, variable-bindings VarBindList }

Message Format-variable bindings name value var-bind 1 var-bind 2 var-bind n . . . VarBindList ::= SEQUENCE OF VarBind VarBind ::= SEQUENCE { name ObjectName, value ObjectSyntax } ObjectName ::= OBJECT IDENTIFIER ObjectSyntax ::= CHOICE { simple SimpleSyntax, application-wide ApplicationSyntax }

Message Format-variable bindings SimpleSyntax ::= CHOICE { number INTEGER, string OCTET STRING, object OBJECT IDENTIFIER, empty NULL } ApplicationSyntax::= CHOICE { address NetworkAddress, counter Counter, gauge Gauge, ticks TimeTicks, arbitrary Opaque } NetworkAddress::= CHOICE { internet IpAddress }

Message Format-Trap PDU Entreprise Agent Address variable-bindings Generic Trap Type PDU- type Specific Time Stamp Trap-PDU ::= SEQUENCE { enterprise OBJECT IDENTIFIER, agent-addr NetworkAddress, generic-trap INTEGER { coldStart (0), warmStart (1), linkDown (2), linkUp (3), authenticationFailure(4), egpNeighborLoss (5), enterpriseSpecific (6) }, specific-trap INTEGER, time-stamp TimeTicks, variable-bindings VarBindList } Pertain to the system generating the trap (sysObjectID) -IP address of the objetc Specific code to identify the trap cause… Elapsed time since last re-initialization