Download presentation
Presentation is loading. Please wait.
1
SNMP Communication and Functional Models
In the Name of the Most High SNMP Communication and Functional Models by Behzad Akbari Fall 2008
2
Overview • We have covered the organization and information models of SNMPv1. • Here we will address the SNMPv1 communication and functional models • SNMPv1 does not formally define a functional model – What was the functional model? • Deals with the user oriented requirements: (configuration, fault, performance, security, and accounting) – The functions are actually built in the community based access policy of the SNMP administrative model
3
SNMP Architecture SNMP Manager SNMP Agent SNMP SNMP UDP UDP IP IP
Application SNMP Agent Application Get-Request GetNext-Request Set-Request Get-Response Trap Get-Request GetNext-Request Set-Request Get-Response Trap SNMP SNMP UDP UDP IP IP Data link Data link Network
4
SNMP Messages Get-Request Get-Next-Request Set-Request Get-Response
Trap Generic trap Specific trap
5
SNMP Trap Messages • Generic trap – coldStart – warmStart – linkDown – linkUp – authenticationfailure – egpNeighborLoss – enterpriseSpecific • Specific trap – for special measurements such as statistics • Time stamp: Time since last initialization
6
Administrative Model Based on community profile and policy
SNMP Entities: SNMP application entities - Reside in management stations and network elements - Manager and agent SNMP protocol entities - Communication processes (PDU handlers) - Peer processes that support application entities
7
SNMP Community Security in SNMPv1 is community-based
Authentication scheme in manager and agent Community: Pairing of two application entities Community name: String of octets Two applications in the same community communicate with each other Application could have multiple community names Communication is not secured in SNMPv1 - no encryption
8
SNMP Community Community Relationship between an Agent and Managers.
Community Name Used to validate the SNMP messages. SNMP Password. Default ‘Get’ community name: “public”. Authentication Failure Agent sends “Authentication Failure Trap” to Manager.
9
SNMP Community
10
Community Profile MIB view
An agent is programmed to view only a subset of managed objects of a network element Access mode Each community name is assigned an access mode:: read-only and read-write Community profile = MIB view + access mode Operations on an object determined by community profile and the access mode of the object Total of four access privileges Some objects, such as table and table entry are non-accessible
11
Community Profile community
12
Access Policy Administration model is SNMP access policy
SNMP community paired with SNMP community profile is SNMP access policy
13
Access Policy
14
Generalized Administration Model
15
Proxy Access Policy
16
Protocol Entities
17
Default UDP Ports for SNMP
Management Station Network Elements (NEs) Manager Agent SNMP SNMP 162 Any 161 Any UDP UDP IP IP Data link Data link
18
Protocol Entities Protocol entities support application entities
Communication between remote peer processes Message consists of Version identifier Community name Protocol Data Unit Message encapsulated and transmitted
19
SNMP Message SNMP Message
Version Identifier Community Name Protocol Data Unit The length of SNMP messages should not exceed 484 octets. Message ::= SEQUENCE { version INTEGER {version-1(0)}, community OCTET STRING, data ANY } Version Community SNMP PDU
20
SNMP PDUs
21
SNMP PDU Five SNMP PDUs: GetRquest ::= GetNextRequest ::=
PDU ::= SEQUENCE { request-id INTEGER, error-status INTEGER { noError(0), tooBig(1), noSuchName(2), badValue(3), readOnly(4), genErr(5)}, error-index INTEGER, variable-bindings SEQUENCE OF { name ObjectName, value ObjectSyntax } Five SNMP PDUs: GetRquest ::= GetNextRequest ::= GetResponse ::= SetRequest ::= Trap ::= [0] PDU [1] PDU [2] PDU [3] PDU [4] Trap-PDU PDU: Protocol Data Unit
22
SNMP PDU (cont.) . . . GetRequest, GetNextRequest, SetRequest PDU type
request-id variable-bindings GetResponse PDU type request-id error-status error-index variable-bindings variable-bindings . . . name value name value name value
24
Trap-PDU Enterprise: Agent Address: Generic Trap: Specific Trap:
Type of Object generating trap. Agent Address: Address of object generating trap. Generic Trap: Generic trap type. Specific Trap: Enterprise specific trap. Time Stamp: Time elapsed between the last initialization of the network entity and the generation of the trap. Variable Bindings “Interesting” information Trap-PDU ::= [4] IMPLICIT SEQUENCE { enterprise OBJECT IDENTIFIER, agent-addr NetworkAddress, generic-trap INTEGER { coldStart(0), warmStart(1), linkDown(2), linkUp(3), authenticationFailure(4), egpNeighborLoss(5), enterpriseSpecific(6)}, specific-trap INTEGER, time-stamp TimeTicks, variable-bindings VarBindList } PDU type enterprise agent-addr generic-trap specific-trap time-stamp variable-bindings
25
Trap Type
26
Generic Trap Example Enterprise: .1.3.6.1.4.1.311.1.1.3.1.1
Agent-Address: Generic-Trap: 4 Specific-Trap: 0 Timestamp: #VarBinds:
27
Enterprise-Specific Traps
Traps defined by enterprises Identification of Enterprise-Specific Traps Enterprise Enterprise OID Generic-Trap 6 Specific-Trap an Integer
28
Enterprise Trap Example
Agent-Address: Generic-Trap: 6 Specific-Trap: 4 Timestamp: VariableBindings: (4) : 02:18:25 : 14 : (Info): Station 00092d Associated : AssociationOK
29
Agent Manager
30
Get-Next Request A B T E 1.1 1.2 2.1 2.2 3.1 3.2 Z
31
Get-Next Request MIB Tree : * In SNMP, Only leaf objects have values.
4 5 6 :Non-Leaf Object 1 2 3 :Leaf Object
34
Get-Next Requests with Indices
35
SNMP Get-Request Example
>>snmpget -d Transmitted 41 bytes to camry ( ) port 161: Initial Timeout: 0.80 seconds 0: c a0 1a '.....public... 16: bc e 30 0c b 32: 0: SNMP MESSAGE (0x30): 39 bytes 2: INTEGER VERSION (0x2) 1 bytes: 0 (SNMPv1) 5: OCTET-STR COMMUNITY (0x4) 6 bytes: "public" 13: GET-REQUEST-PDU (0xa0): 26 bytes 15: INTEGER REQUEST-ID (0x2) 2 bytes: 6332 19: INTEGER ERROR-STATUS (0x2) 1 bytes: noError(0) 22: INTEGER ERROR-INDEX (0x2) 1 bytes: 0 25: SEQUENCE VARBIND-LIST (0x30): 14 bytes 27: SEQUENCE VARBIND (0x30): 12 bytes 29: OBJ-ID (0x6) 8 bytes: 39: NULL (0x5) 0 bytes
36
SNMP Get-Response Example
Received 69 bytes from port 161: 0: c a C.....public.6. 16: bc a b *0(..+ 32: c e e 4d Sun SNM 48: e 74 2c e 57 2c 55 6c P Agent, SUNW,Ul 64: d tra 0: SNMP MESSAGE (0x30): 67 bytes 2: INTEGER VERSION (0x2) 1 bytes: 0 (SNMPv1) 5: OCTET-STR COMMUNITY (0x4) 6 bytes: "public" 13: RESPONSE-PDU (0xa2): 54 bytes 15: INTEGER REQUEST-ID (0x2) 2 bytes: 6332 19: INTEGER ERROR-STATUS (0x2) 1 bytes: noError(0) 22: INTEGER ERROR-INDEX (0x2) 1 bytes: 0 25: SEQUENCE VARBIND-LIST (0x30): 42 bytes 27: SEQUENCE VARBIND (0x30): 40 bytes 29: OBJ-ID (0x6) 8 bytes: 39: OCTET-STR (0x4) 28 bytes: "Sun SNMP Agent, SUNW,Ultra-1" system.sysDescr.0 : DISPLAY STRING- (ascii): Sun SNMP Agent, SUNW,Ultra-1
37
SNMP-Walk - Use of SNMP Get-Next Request
system.sysDescr.0 : DISPLAY STRING- (ascii): Sun SNMP Agent, SUNW,Ultra-1 system.sysObjectID.0 : OBJECT IDENTIFIER: .iso.org.dod.internet.private.enterprises system.sysUpTime.0 : Timeticks: ( ) 22 days, 22:36:39.58 system.sysContact.0 : DISPLAY STRING- (ascii): system.sysName.0 : DISPLAY STRING- (ascii): camry system.sysLocation.0 : DISPLAY STRING- (ascii): Information Technology Laboratory 3F system.sysServices.0 : INTEGER: 72 ( )B
38
SNMP Trap Example Transmitted 64 bytes to 10.144.18.100 port 162:
0: 30 3e c a >.....public.1. 16: 09 2b a 32: f C 48: 04 2b Trap test 0: SNMP MESSAGE (0x30): 62 bytes 2: INTEGER VERSION (0x2) 1 bytes: 0 (SNMPv1) 5: OCTET-STR COMMUNITY (0x4) 6 bytes: "public" 13: V1-TRAP-PDU (0xa4): 49 bytes 15: OBJ-ID ENTERPRISE (0x6) 9 bytes: 26: IPADDRESS AGENT-ADDR (0x40) 4 bytes: 32: INTEGER GENERIC-TRAP (0x2) 1 bytes: 6 35: INTEGER SPECIFIC-TRAP (0x2) 3 bytes: 99999 40: TIMETICKS TIME-STAMP (0x43) 1 bytes: 0 (0x0) 43: SEQUENCE VARBIND-LIST (0x30): 19 bytes 45: SEQUENCE VARBIND (0x30): 17 bytes 47: OBJ-ID (0x6) 4 bytes: 53: OCTET-STR (0x4) 9 bytes: "Trap test"
39
Get System Information
Get “System Group” of MIB II Use get_request or get_next_request sysDescr sysObjectID sysUptime sysContact sysName sysLocation
40
Get Interface Information
Get “Interface Group” of MIB II Repeatedly Use “get_next_request” Note: We don’t know the ifIndex values in ifTable. First get the next object of .ifTable.ifEntry.0 Then repeatedly “get_next” Until the whole subtree is visited.
41
Traffic Monitoring (C2 - C1 ) 8 100% (t2 - t1) Bandwidth
Get “ifInOctets” and “ifOutOctets” of MIB II Interface Group t1: C1 t2: C2 (C2 - C1 ) 8 100% Utilization (%) = (t2 - t1) Bandwidth
42
Internet Traffic of Sharif University
43
SNMP MIB Group Page 223~224
Similar presentations
