Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Jim Binkley SNMPv2 Overview Network Mgmt/Sec.. 2 Jim Binkley Outline u intro u SMI u protocol (changes) u MIB (changes) u conclusion.

Published byBreonna Pollins Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Jim Binkley SNMPv2 Overview Network Mgmt/Sec.. 2 Jim Binkley Outline u intro u SMI u protocol (changes) u MIB (changes) u conclusion."— Presentation transcript:

1 1 Jim Binkley SNMPv2 Overview Network Mgmt/Sec.

2 2 Jim Binkley Outline u intro u SMI u protocol (changes) u MIB (changes) u conclusion

3 3 Jim Binkley bibliography (RFCS) u 1901 - Intro to Community-Based v2 u 1902 - SMI u 1903 - Textual Conventions u 1904 - Conformance Statements u 1905 - Protocol u 1906 - Transport Mappings (ipx is ok...) u 1907 - MIB u 1908 - Coexistance v1/v2

4 4 Jim Binkley focus areas: u managers can have managers - may enhance scalability –note: inform request PDU u getbulkrequest for one stop table retrieval –actually may not be one-stop, just less overhead u security (total failure, hence stick with community until v3) u anti-simplicity? (see previous page) u 64-bit counters

5 5 Jim Binkley SMI u basically additive vis-a-vis v1 u focus on: –object definitions –tables –notification definitions –information modules

6 6 Jim Binkley SMIv2 extends basic OID tree u directory(1) u mgmt(2) u expmt(3) u private(4) u security(5) u snmpv2(6)

7 7 Jim Binkley snmpV2(6) has sub-branches u snmpDomains (1) - transports u snmpProxys(2) - never mind u snmpModules(3) - module identities u “Collections of related objects are defined in MIB modules” - rfc1906 u snmpMIB {snmpModules 1} defined in rfc1906 (#1 MODULE-IDENTITY) –snmpMIBObjects lives under here (start with 4)

8 8 Jim Binkley ve haf objects... u OBJECT-TYPE macro redefined with a few changes –changes to application types –changes to access/view –status now: current | obsolete | deprecated –table index changes –optional UNITS clause, text for units associated with object (celsius, whatever)

9 9 Jim Binkley data types u integers may now include enumerated values red(0), green(1), blue(2) u Counter32 - nonnegative that may be incremented, not decremented –initial value not meaningful u Counter64 - max is 2**64-1 u Unsigned32 == Gauge32 u Gauge32 - may increase/decrease, latch at max u BITS - enumeration of named bits (bit flags)

10 10 Jim Binkley MAX-ACCESS (was ACCESS) u no write-only u from least access to most access –not-accessible –accessible-for-notify - for traps –read-only –read-write (can replace write-only too) –read-create, read/write/create (for rows) »use set to create row instance; for example

11 11 Jim Binkley tables u still: –row defined by SEQUENCE {type,type,type} –table is SEQUENCE OF rows u tables fall into two categories: –agent controlled - manager cannot create/delete »likely to be read-only rows –manager can create/delete rows u base conceptual row: basically row index u AUGMENTS can be used to add table extensions –vendor-specific objects added to normal table

12 12 Jim Binkley tables, cont u may use object for index that is not part of table –text description part must explain how this works u table creation/deletion done via so-called RMON-polka (use RowStatus variable) –done with state machine/set and get operations –RowStatus has read-create access value –called the status column for the row

13 13 Jim Binkley status value over-simplified u can have following values: –1. active - manager enables row –2. notInService - not available (manager can set) –3. notReady - not available yet –4. createAndGo - autoset to active –5. createAndWait - create and wait agent to setup/more complex setup (manager needed) –6. destroy - manager deletes row, etc.

14 14 Jim Binkley from rfc1906 u sysDescr OBJECT-TYPE SYNTAX DisplayString... MAX-ACCESS read-only STATUS current DESCRIPTION “A textual description of the entity. blah blah...” ::= {system 1}

15 15 Jim Binkley notification-type macro u used for traps, RFC1573 (son of interfaces) –linkUp NOTIFICATION-TYPE OBJECTS {ifIndex,ifAdminStatus,ifOperStatus} STATUS current DESCRIPTION “...ifOperStatus not down...” –::= {snmpTraps 4} u OBJECTS are communicated to manager upon trap

16 16 Jim Binkley information modules u 3 kinds of information modules –1. MIB modules which include OBJECT-TYPE and NOTIFICATION-TYPE –2. Compliance statements for said MIB modules, using OBJECT-GROUP and MODULE-COMPLIANCE macros –3. AGENT-CAPABILITIES, state what agents can do u All info modules must start with MODULE- IDENTIFY macro (documentation) u OBJECT-IDENTITY used to doc objects as well

17 17 Jim Binkley MODULE-IDENTITY u someMIB MODULE-IDENTITY LAST-UPDATED string ORGANIZATION string CONTACT-INFO string DESCRIPTION string REVISION string DESCRIPTION string ::= { snmpModules 1492 }

18 18 Jim Binkley conformance documentation u to define acceptable lower bounds of implementation && actual level of implementation u four macros: –OBJECT-GROUP –NOTIFICATION-GROUP –MODULE-COMPLIANCE –AGENT-CAPABILITIES

19 19 Jim Binkley OBJECT/NOTIFICATION GROUP u OBJECT-GROUP: vendor lists OBJECTS that are supported. –agents may not return a value for objects not implemented (unlike in v1) u NOTIFICATION-GROUP MACRO –simply list and describe traps supported

20 20 Jim Binkley MODULE COMPLIANCE, etc. u MODULE COMPLIANCE MACRO - statement of modules included in system u AGENT-CAPABILITIES MACRO - document level of support agent claims for a given MIB group –may allow manager to tune itself to agent

21 21 Jim Binkley protocol u SEQUENCE –version (value is 1) –community OCTET STRING –data ANY u similar to SNMPv1 although a few new messages u one LESS PDU format (trap like all the others)

22 22 Jim Binkley protocol PDU types u get-request u get-next-request u get-bulk-request u response u set-request u inform-request u snmpV2-trap u report (never mind) - used in sec documents and then dropped

23 23 Jim Binkley encapsulation of PDUs type id data1 data2 var. bindings data1, data2 depend on type of PDU variable bindings may be multiple OID, data note below nested in (version, community, X)

24 24 Jim Binkley PDU formats, cont. u Response-PDU returns error-status and error-index for data1/data2 u GetBulkRequest-PDU - nas non-repeaters and max-repetitions for data1/data2 u variable bindings may include: –OID and NULL used in retrieval requests –noSuchObject, noSuchInstance,endOfMibView

25 25 Jim Binkley format., cont. u noSuchObject - OID requested does not match u noSuchInstance - OID exists, but no such column object –e.g., non-existant row or row is not ready yet u endOfMibView - you walked off the end

26 26 Jim Binkley get-request, and get-next-request u similar to V1, but u in V1 request for all variable bindings must be atomic; i.e., either all or none u in V2, can be incomplete –return noSuchObject, noSuchInstance, endOfMibView possible for individual items

27 27 Jim Binkley get-bulk-request u not really possible to say “hey table, come over here” u however it is possible to essentially ask for objects row by row and optimize the overall transaction (get/response) u similar to get-next in that it uses lexicographical ordering u get-bulk includes a list of variables in variable-bindings AND 2 variables u non-repeaters - # of variables in beginning of var. binds. which have single lex.. successor u max-repetitions - count of lexicographical variables to be returned for rest of var. binding list

28 28 Jim Binkley get-bulk PDU remainder non-rep max-rep var. bindings if non-rep == 1, applies to vb(1) if max-rep == 2, applies to v2(2), on and asks for 2 lexico. variables beyond for each remaining variable vb(1) (2) (3) (4)

29 29 Jim Binkley conceptual example: u assume non-rep == 0, and max-rep == 2 u get-bulk(tcpConnState, tcpConnLocalAddress, tcpConnLocalPort, tcpConnRemAddress, tcpConnRemport) u would allow us to fetch tcp connection table two rows at a time u if request is too big, agent will send back as much data as it can

30 30 Jim Binkley set-request u only difference with v1 is with responses u still atomic (all variables are set or none) u basically more error codes possible

31 31 Jim Binkley snmpv2-Trap PDU u different format from v1 BUT u same format as other v2 messages u var.bindings includes –sysUpTime.0 –snmpTrapOID.0 (which trap) –OBJECTS of interest as specified –agent specific OBJECTS of interest

32 32 Jim Binkley Inform-Request PDU u sent by one manager to another to provide it with data (view as download) u X can tell Y about Z u OIDs of interest are passed to local app u the response must be echoed in toto u I have not seen this used (... yet...)

33 33 Jim Binkley transport mappings u basically SNMPv2 can use more than IP/UDP including: u IPX u Appletalk u OSI u we don’t care much, but IPX has used SNMP... sans UDP/IP

34 34 Jim Binkley interoperability with v1 u agents will speak v1 and/or v2 u managers may speak v2 –and must talk to v1 agents u a manager that speaks v1 will not have much luck with a v2 agent...

35 35 Jim Binkley SMI interoperability u key idea: MIB files should be refined to put in SMI/v2 garp BUT u implementations do not have to change u Changes should include –OBJECT definitions –TRAP definitions –Compliance definitions –Capabilities definitions

36 36 Jim Binkley protocol interoperability u manager must speak both kinds –can try snmp v2/v1 with agent and simply use whatever works –if agent doesn’t speak v2, it won’t respond (other than with error message) –manager can internally map v2 operations into v1 equivalents »getbulk turned into getnext

37 37 Jim Binkley snmpv2 MIB u snmpv2 MIB describes behavior of entity u includes 3 groups –system group extended to allow agent to dynamically describe configurable objects –snmp group extensions –MIB objects group - deals with traps and allows > 1 manager to cooperate

38 38 Jim Binkley system group u original plus a few new objects (object resource table mostly) u sysORLastChange(8) - time of last OR change u sysORTable(9) –sysOREntry(1) »sysORIndex »sysORID - OID »sysORDescr - string description »sysORUptime - time when row was instantiated u RO table of objects that can be dynamically configured

39 39 Jim Binkley snmp group u additions and deletions u RO except for snmpEnableAuthenTraps u basically SMALLER and hopefully more useful u next slide for revised group

40 40 Jim Binkley snmp group revised u snmpInPackets u snmpInBadVersions - version # wrong u snmpInBadcommunityNames u synmpInBadCommunityUses u snmpInASNParseErrs u snmpEnableAuthenTraps (RW) u snmpSilentDrops - no response u snmpProxyDrops - no response

41 41 Jim Binkley MIB objects group u for control of MIB objects (duh) u snmpMibObjects {snmpMIB 1) –snmpTrap »snmpTrapOID - current trap OID (being sent) »snmpTrapEnterprise - enterprise OID –snmpset »snmpSerialNo - basically test and set variable to support concurrent access (global and course and advisory lock...)

42 42 Jim Binkley interface group MIB u RFC 1573 improves interfaces group from RFC 1213, uses SMIv2 u fix problems with 1213 and notes problems in some cases u ifNumber can be problematic in terms of dynamic devices (no kidding) –value should not change until reboot u interfaces may have sub-layers –virtual circuits on circuit-oriented devices

43 43 Jim Binkley interfaces, cont u packet-oriented may be nonsense for bit-oriented devices u interface byte count insufficient - may wrap on fast devices u speed limited to 2**32-1 (2.2Gbps) insufficient (OC-48 is 2.448 gbps) u multicast/broadcast need to be counted explicitly u new ifType values

44 44 Jim Binkley more u four new tables including: –ifXTable - extensions –ifStackTable - the stack –ifTestTable - tests –ifRcvAddressTable u old ifInNUcastPkts, ifOutNUcastPkts deprecated u ifOutQLen and ifSpecific deprecated

45 45 Jim Binkley ifXEntry u ifName - string u ifInMulticastPkts - Counter32 u ifInBroadcastPkts - same u ifOutMulticastPkts - same u ifOutBroadcastPkts - same u ifHCInOctets - Counter64 “high-capacity” u ifHCInMulticastPkts - 64 u ifHCInBroadcastPkts - 64

46 46 Jim Binkley cont. u ifHCOutOctets u ifHCOutUcastPkts u ifHCOutMulticastPkts u ifHCOutBroadcastPkts u ifLinkUpDownTrapEnable u ifHighSpeed - Gauge32 u ifPromiscuousMode TruthValue u ifConnectorPresent TruthValue (true(1), falue(2))

47 47 Jim Binkley if stack table, etc. u describe architecture of stack u can theoretically create/destroy entries (and interfaces) u test table - manager can test objects here if they exist u rcv address - per interface list of addresses, should include unicast/multicast/bcast

48 48 Jim Binkley conclusions u how wide spread? u much ado about nothing? u get-bulk is useful –HPOV and full Inet/bgp routing tables u more clarity and certain ambiguities removed (a good thing) u not clear much of a win in MIB land -- primarily structural

Download ppt "1 Jim Binkley SNMPv2 Overview Network Mgmt/Sec.. 2 Jim Binkley Outline u intro u SMI u protocol (changes) u MIB (changes) u conclusion."

Similar presentations

Chapter 6 SNMPv2 6-1 Network Management: Principles and Practice

Chapter 6 SNMPv2 6-1 Network Management: Principles and Practice
SNMPv2 Network Management Spring 2014 Bahador Bakhshi CE & IT Department, Amirkabir University of Technology This presentation is based on the slides listed.

SNMPv2 Network Management Spring 2014 Bahador Bakhshi CE & IT Department, Amirkabir University of Technology This presentation is based on the slides listed.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 24 Network Management: SNMP.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 24 Network Management: SNMP.
TCP/IP Protocol Suite 1 Chapter 21 Upon completion you will be able to: Network Management: SNMP Understand the SNMP manager and the SNMP agent Understand.

TCP/IP Protocol Suite 1 Chapter 21 Upon completion you will be able to: Network Management: SNMP Understand the SNMP manager and the SNMP agent Understand.
SNMPv2 OVERVIEW: LIMITATIONS OF SNMPv1 HISTORY OF SNMPv2 HIERARCHIES SECURITY SNMPv2 PROTOCOL OPERATIONS TRANSPORT INDEPENDENCE RFCs Copyright © 2001 by.

SNMPv2 OVERVIEW: LIMITATIONS OF SNMPv1 HISTORY OF SNMPv2 HIERARCHIES SECURITY SNMPv2 PROTOCOL OPERATIONS TRANSPORT INDEPENDENCE RFCs Copyright © 2001 by.
1 Fundamentals of SNMP. 2 Simple Network Management Protocol Three Essentials Structure for Management Information (SMI) Set of rules for specifying management.

1 Fundamentals of SNMP. 2 Simple Network Management Protocol Three Essentials Structure for Management Information (SMI) Set of rules for specifying management.
Management Architecture and Standards II IACT 418 IACT 918 Corporate Network Planning Gene Awyzio Spring 2001.

Management Architecture and Standards II IACT 418 IACT 918 Corporate Network Planning Gene Awyzio Spring 2001.
CSEE W4140 Networking Laboratory Lecture 11: SNMP Jong Yul Kim 04.19.2010.

CSEE W4140 Networking Laboratory Lecture 11: SNMP Jong Yul Kim
CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.

CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.
IPv6 Mobility David Bush. Correspondent Node Operation DEF: Correspondent node is any node that is trying to communicate with a mobile node. This node.

IPv6 Mobility David Bush. Correspondent Node Operation DEF: Correspondent node is any node that is trying to communicate with a mobile node. This node.
Pertemuan 10 Perbedaan antar versi SNMP

Pertemuan 10 Perbedaan antar versi SNMP
1 SNMP Simple Network Management Protocol. 2 SNMP Overview Define mechanism for remote management of network devices (routers, bridges, etc.) Fundamental.

1 SNMP Simple Network Management Protocol. 2 SNMP Overview Define mechanism for remote management of network devices (routers, bridges, etc.) Fundamental.
MJ08/07041 Session 08 SNMPv2 Adapted from Network Management: Principles and Practice © Mani Subramanian 2000 and solely used for Network Management course.

MJ08/07041 Session 08 SNMPv2 Adapted from Network Management: Principles and Practice © Mani Subramanian 2000 and solely used for Network Management course.
COMP4690, by Dr Xiaowen Chu, HKBU

COMP4690, by Dr Xiaowen Chu, HKBU
1 Network Management and SNMP  What is Network Management?  ISO Network Management Model (FCAPS)  Network Management Architecture  SNMPv1 and SNMPv2.

1 Network Management and SNMP  What is Network Management?  ISO Network Management Model (FCAPS)  Network Management Architecture  SNMPv1 and SNMPv2.
SNMP Simple Network Management Protocol

SNMP Simple Network Management Protocol
Agenda SNMP Review SNMP Manager Management Information Base (MIB)

Agenda SNMP Review SNMP Manager Management Information Base (MIB)
Ch. 31 Q and A IS 333 Spring 2015 Victor Norman. SNMP, MIBs, and ASN.1 SNMP defines the protocol used to send requests and get responses. MIBs are like.

Ch. 31 Q and A IS 333 Spring 2015 Victor Norman. SNMP, MIBs, and ASN.1 SNMP defines the protocol used to send requests and get responses. MIBs are like.
1 Kyung Hee University Prof. Choong Seon HONG SNMP Management Information.

1 Kyung Hee University Prof. Choong Seon HONG SNMP Management Information.
Ch. 31 Q and A CS332 Spring 2014. Network management more than just Ethernet Q: Comer mentions that network managers need to be able to account for different.

Ch. 31 Q and A CS332 Spring Network management more than just Ethernet Q: Comer mentions that network managers need to be able to account for different.

Similar presentations

Ads by Google