Presentation is loading. Please wait.

Presentation is loading. Please wait.

SNMP Network Management (I)*

Published byMargaret Adams Modified over 8 years ago

Similar presentations

Presentation on theme: "SNMP Network Management (I)*"— Presentation transcript:

1 SNMP Network Management (I)*
*Mani Subramanian “Network Management: Principles and practice”, Addison-Wesley, 2000.

2 SNMP Network Management
Organization Model Communication Model Information Model Structure of Management Information (SMI) Managed Objects Management Information Base (MIB) SNMP Administrative Model SNMP Protocol Specs

3 Organization Model Describes components of a network management system
Focuses on functions and infrastructure Objects are network elements such as hubs, bridges, routers, etc. Managed elements have a process running on them called an agent Manager queries the agent, gets information, processes it and stores it in the MIB MIB SNMP Manager agent agent Managed Objects Unmanaged Objects A simplified hierarchical (2-tier) setup

4 Organization Model Multiple managers, 1 agent
An agent responds to any management system that communicates with it using SNMP A NMS provided by a vendor is in a better position to manage, monitor and configure all NEs coming from that same vendor MIB SNMP Manager SNMP Manager Managed Object agent Managed Objects Managers may have restricted access to managed objects

5 Organization Model Limiting the data that a manager wishes to obtain!
RMON (Remote Monitoring): acts as an agent and a manager RMON gathers data from MO, analyses the data, and stores the data Communicates the statistics to the manager MIB SNMP Manager SNMP Manager Managed Object agent Managed Objects RMON Probe Managers may have restricted access to managed objects 3-tier architecture

6 Organization Model Proxy server converts non-SNMP data from non- SNMP objects to SNMP compatible objects and messages MIB SNMP Manager Proxy Server Managed Object agent Wireless LAN Managed Objects unmanaged Objects

7 Introduction to SNMP

8 SNMP Network Management
Organization Model Communication Model Information Model Structure of Management Information (SMI) Managed Objects Management Information Base (MIB) SNMP Administrative Model SNMP Protocol Specs

9 Communication Model MANAGER AGENTS SNMP Polling MIB Trap

10 Communication Model Communicate mgnt information between network mgnt stations and managed elements Goals: Management functions maintained by agents are kept simple Protocol flexibility (addition of new aspects of operation and management) Transparency (should not be affected by the architecture of particular hosts and gateways) Operation: 5 messages get-request, get-next request, set-request get-response, trap SNMP messages are exchanged using UDP (connection less) transport protocol: ports 161 and 162

11 Communication Model Manages objects SNMP messages Network or Internet
SNMP Manager Application Get-Response Get-Request GetNext-Request Set-Request Trap UDP IP DLC PHY SNMP Agent SNMP agent Physical Medium Manage- ment Data Network or Internet Manages objects SNMP messages

12 Communication Model-SNMP Traps
Type Indication Cold-start of a system Agent is reinitializing itself since its configuration has changed Warm-start of a system Agent is reinitializing itself but its configuration has not changed Link down Link failure Link up Link restoral Failure of Authentication Request does not have proper authentication e.g., wrong SNMP community string EGP neighbor loss Exterior Gateway protocol neighbor gone Enterprise specific Specific to vendor implementing it

13 Communication Model-SNMP Traps
Type Cold-start of a system Warm-start of a system Link down Link up Failure of Authentication EGP neighbor loss Enterprise specific Format generic-trap INTEGER { coldStart (0), warmStart (1), linkDown (2), linkUp (3), authenticationFailure (4), egpNeighborLoss (5), enterpriseSpecific (6) }

14 SNMP Network Management
Organization Model Communication Model Information Model Structure of Management Information (SMI) Managed Objects Management Information Base (MIB) SNMP Administrative Model SNMP Protocol Specs

15 Structure of Management Information
RFC 1155: Structure of Management Information A common representation for data between both manager and agent Defines the syntax (using ASN.1) to describe management information Data types and Rules used to define managed objects in a MIB Generic objects and private (vendor specific) objects conforming to SMI rules (RFC 1155) can be managed by SNMP

16 SMI, Objects and Instances
Objects have: object types and object instances SMI is concerned with types and not instances Object type Name (unique descriptor and object identifier) Syntax (ASN.1) Encoding (BER) Object Instance Type Encoding: BER Syntax: ASN.1 Name: OBJECT IDENTIFIER Managed Object : Type and Instance

17 SMI, Objects and Instances
Backbone Network Hub 1 Hub 2 Router 1 Router 2 NMS A Managed LAN Network Object Instance Type Encoding: BER Syntax: ASN.1 Name: OBJECT IDENTIFIER Managed Object : Type and Instance A hub is an object type A hub with IP is an instance of the object

18 SMI, Objects and Instances
Type Encoding: BER Syntax: ASN.1 Name: OBJECT IDENTIFIER Managed Object : Type with Multiple Instances Instance 2 Instance 1

19 SMI, Names root ccitt(0) iso(1) joint-iso-ccitt(2) org(3) dod(6) internet(1) private(4) mgmt(2) experimental(3) enterprise(1) mib-2(1) Each managed object is associated with an identifier (OBJECT IDENTIFIER) Identifiers are used to name objects and they are unique for managed objects identifier is a sequence of integers internet OBJECT IDENTIFIER ::= { iso(1) org(3) dod(6) 1 } ::= { } ::= {iso standard dod internet} Name of managed object

20 SMI, Names Sub-nodes under Internet To identify objects used
{ } directory mgmt experimental private (1) (2) (3) (4) To identify objects used in Internet experiments Reserved for future use Used for objects defined in IAB-approved documents Used heavily by commercial vendors Sub-nodes under Internet

21 SMI, Names Internet {1 3 6 1} directory mgmt experimental private (1)
(2) (3) (4) mib-2 (1) system (1) interfaces (2) at (3) ip (4) icmp (5) snmp (11) transmission (10) cmot (9) egp (8) udp (7) tcp (6)

22 SMI, Names Internet {1 3 6 1} directory mgmt experimental private (1)
(2) (3) (4) enterprises (1) hp (11) cisco (9) 3Com (43) Cabletron (52)

23 SMI, SNMP Syntax SNMP ASN.1 Data Type Defined or Application
Constructor Structured Simple Primitive Number Tag Structure Class Universal Context- specific Private

24 SNMP Primitive Data Types
Data Type Comments INTEGER Subtype INTEGER (n1..nN) Special case: Enumerated INTEGER type OCTET STRING bit bytes binary and textual data Subtypes can be specified by either range or fixed OBJECT IDENTIFIER Object position in MIB NULL Placeholder Special case of INTEGER data type (enumeration): Subtype: INTEGER (0..255) OCTET STRING (SIZE ) OCTET STRING (SIZE 8)

25 Application-Wide SNMP Types
231 IpAddress ::= [APPLICATION 0] IMPLICIT OCTET STRING (SIZE (4)) Counter ::= [APPLICATION 1] IMPLICIT INTEGER ( ) Gauge ::= [APPLICATION 2] IMPLICIT INTEGER ( ) TimeTicks ::= [APPLICATION 3] IMPLICIT INTEGER ( ) Opaque ::= [APPLICATION 4] IMPLICIT OCTET STRING [ms] 10 1 20 2 A Counter, also known as roll over counter (may be incremented but not decremented) e.g., counts the number of packets sent or received at a particular interface Gauge: may increase and decrease e.g., counts the current number of packets stored in the queue. Time ticks, time is measured relative to some event (such as startup or re- initialization) within the managed system

26 SNMP Structured Types SEQUENCE,SEQUENCE OF
SET and SET OF of ASN.1 are not included in SNMP- based management Used to build lists and tables SEQUENCE {<type1>, <type2>,….., <typeN>} Managed objects Their location in the MIB Their data types

27 SNMP Structured Types ipAddrTable is made up of instances of IpAddrEntry object

28 SMI, Encoding Basic Encoding Rules, BER Data Types and Tags
Type Tag OBJECT IDENTIFIER UNIVERSAL 6 SEQUENCE UNIVERSAL 16 IpAddress APPLICATION 0 Counter APPLICATION 1 Gauge APPLICATION 2 TimeTicks APPLICATION 3 Opaque APPLICATION 4 Encoding of Object Identifiers: Packs the first two integers into a single sub-identifier

29 SMI, Encoding enterprise OBJECT IDENTIFIER ::=
{iso(1) org(3) dod(6) internet(1) private(4) 1} Z = 40·X + Y X Y 43 6 1 4 06 05 2B 01 04

30 Managed Objects Textual name: mnemonic; always begins with lower case
sysDescr(1) sysObjectID(2) sysContact(4) sysUpTime(3) system(1) Textual name: mnemonic; always begins with lower case OBJECT IDENTIFIER: unique position of the managed object in the MIB Syntax: the ASN.1 definition of the object type Access: read-only, read-write, not-accessible (e.g., tables) Status: mandatory, optional, obsolete Definition: textual description of the object type

31 Managed Objects sysDescr(1) sysObjectID(2) sysContact(4) sysUpTime(3)
system(1)

32 Macros for Managed Objects
A formal definition for managed objects

33 SMI Definitions

34 Macros for Managed Objects
Using OBJECT-TYPE MACRO to define a managed object of the system group in the MIB sysDescr OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) ACCESS read-only STATUS mandatory DESCRIPTION “A textual description of the entity. This value should include the full name and version identification of the system’s hardware type, software operating-system, and networking software. It is mandatory that this only contain printable ASCII characters.” ::= { system 1 } This is how objects are defined in the MIB This definition is valid as long as the MACRO OBJECT TYPE is imported from RFC1155

35 Macros for Managed Objects
sysDescr(1) sysObjectID(2) sysContact(4) sysUpTime(3) system(1) sysUpTime OBJECT-TYPE SYNTAX TimeTicks ACCESS read-only STATUS mandatory DESCRIPTION "The time (in hundredths of a second) since the network management portion of the system was last re-initialized." ::= { system 3 }

36 Aggregate Objects Example: IP address table
A group of related objects (also called tabular objects) Represented by a table with Columns of objects Rows of instances Example: IP address table Consists of objects: IP address Interface Subnet mask (which subnet this address belongs to) Broadcast address (value of l.s.b. in IP broadcast address) Largest IP datagram that can be assembled Multiple instances of these objects associated with the node

37 Aggregate Object Macro-ipAddrTable (RFC 1155)
ipAddrTable OBJECT-TYPE Syntax SEQUENCE OF IpAddrEntry Access not-accessible STATUS mandatory Definition "The table of addressing information relevant to this entity's IP addresses." ::={ip 20} ipAddrEntry OBJECT-TYPE Syntax IpAddrEntry Definition "The addressing information for one of this entity's IP addresses..„ INDEX {ipAdEntAddr} ::={ipAddrTable 1} IpAddrEntry ::= SEQUENCE { ipAdEntAddr IpAddress, ipAdEntIfIndex INTEGER, ipAdEntNetMask IpAddress, ipAdEntBcastAddr INTEGER, ipAdEntReasmMaxSize INTEGER ( )}

38 Aggregate Object Macro-ipAddrTable (RFC 1155)
ipAdEntAddr OBJECT-TYPE Syntax IpAddress Access read-only STATUS mandatory Definition "The IP address to which this entry's addressing information pertains." ::={ipAddrEntry 1} ipAdEntIfIndex OBJECT-TYPE Syntax INTEGER Definition "The index value that uniquely identifies the interface to which this entry is applicable. The interface identified by a particular value of this index is the same interface as identified by the same value of IfIndex." INDEX {ipAdEntAddr} ::={ipAddrEntry 2} .

39 Columnar Objects Aggregate objects type contains one or more subtypes
each could have multiple instances, with a value associated with each instance It is convenient to conceptually define a tabular structure for objects with multiple values e.g., IP address table TABLE T ENTRY E COLUMNAR OBJECT 5 Multiple Instance Managed Object OBJECT 4 OBJECT 3 OBJECT 1 OBJECT 2 The objects TABLE T and ENTRY E are logical objects define grouping, are not accessible Columnar objects are objects that represent the attributes hence are accessible Each instance of E is a row of columnar objects 1 through 5 Multiple instances of E are represented by multiple rows

40 Columnar Objects T T.E T.E.1.1 T.E.5.1 T.E.2.1 T.E.3.1 T.E.4.1 T.E.1.2 T.E.5.2 T.E.2.2 T.E.3.2 T.E.4.2 T.E.1.3 T.E.5.3 T.E.2.3 T.E.3.3 T.E.4.3 T.E.1.4 T.E.5.4 T.E.2.4 T.E.3.4 T.E.4.4 Example of 5 Columnar Object with 4 Instances (rows) Object ID Not accessible {Table, Entry, Object, Index} Row 3: the third instance of the object Notice that the column-row numeric designation is reverse of that used in matrix representation (row-column)

41 Columnar Objects - Example
ipAddrTable { } ipAddrEntry (1) ipAdEntAddr (1) ipAdEntIfIndex (2) ipAdEntNetMask (3) ipAdEntBcastAddr (4) ipAdEntReasmMaxSize (5) Columnar object ID of ipAdEntBcastAddr is ( ): iso org dod internet mgmt mib ip ipAddrTable ipAddrEntry ipAdEntBcastAddr Columnar objects under ipAddrEntry Row ipAdEntAddr ipAdEntIfIndex IpAdEntNetMask IpAdEntBcastAddr IpAdEntReasmMaxSize 1 12000 2 3 10000 4 15000 4 instances of the Columnar object Index of table Object instances of ipAddrTable ( )

42 Columnar Objects - Example
Row ipAdEntAddr ipAdEntIfIndex IpAdEntNetMask IpAdEntBcastAddr IpAdEntReasmMaxSize 1 12000 2 3 10000 4 15000 Object instances of ipAddrTable ( ) Node 1 under ipAddrEntry Columnar Object Row # Object Identifier ipAdEntAddr 2 { } ipAdEntIfIndex 3 { } ipAdEntBcastAddr 1 { } IpAdEntReasmMaxSize 4 { } Index of the object instance Object ID for ipAddrEntry Object Id for specific instances

43 Management Information Base (MIB)
RFC 1213 MIB is a database containing information about elements to be managed For SNMP, the MIB is a structured database (tree) Each resource to be managed is represented by an object Each system (e.g., a router) maintains a MIB that reflects the status of its managed resources A NMS monitors/controls the resources by reading/modifying the values of objects in the MIB

44 MIB, RFC1213 mgmt (2) directory (1) experimental (3) private (4) Internet { } mib-2 Internet MIB-II Group system (1) interfaces (2) at (3) ip (4) icmp (5) snmp (11) transmission (10) cmot (9) egp (8) udp (7) tcp (6) Implementation can be done as needed (e.g., objects essential for fault or configuration management are added) If a group is implemented by a vendor, all its components are implemented (e.g. OSPF and all its group objects) <module name> DEFINITIONS ::= BEGIN <imports> <definitions> END

45 MIB, RFC1213 -- groups in MIB-II RFC1213-MIB DEFINITIONS ::= BEGIN
system OBJECT IDENTIFIER ::= { mib-2 1} interfaces OBJECT IDENTIFIER ::= { mib-2 2 } at OBJECT IDENTIFIER ::= { mib-2 3 } ip OBJECT IDENTIFIER ::= { mib-2 4 } icmp OBJECT IDENTIFIER ::= { mib-2 5 } tcp OBJECT IDENTIFIER ::= { mib-2 6 } udp OBJECT IDENTIFIER ::= { mib-2 7 } egp OBJECT IDENTIFIER ::= { mib-2 8 } cmot OBJECT IDENTIFIER ::= { mib-2 9 } transmission OBJECT IDENTIFIER ::= {mib-2 10} snmp OBJECT IDENTIFIER ::= { mib-2 11 } . END RFC1213-MIB DEFINITIONS ::= BEGIN IMPORT mgmt, NetworkAddress, IpAddress, Counter, Gauge, TimeTicks FROM RFC1155-SMI OBJECT-TYPE FROM RFC-1212; -- This MIB module uses the extended -- OBJET-TYPE macro as defined in [14]; -- MIB-II (same prefix as MIB-I) mib OBJECT IDENTIFIER ::= { mgmt 1 } -- textual conventions DisplayString ::= OCTET STRING -- This data type is used to model textual information taken from the NVT ASCII character -- set. By convention, objects -- with this syntax are declared as having -- SIZE (0..255) PhysAddress ::= -- This data type is used to model media -- addresses. For many types of media, this will -- be in a binary representation. For example, -- an ethernet address would be represented as -- a string of 6 octets.

46 MIB, System Group sysServices (7) sysLocation (6) sysDescr (1) system
-- the System group -- Implementation of the System group is -- mandatory for all systems. If an agent is not -- configured to have a value for any of these -- variables, a string of length 0 is returned. sysDescr OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) ACCESS read-only STATUS mandatory DESCRIPTION "A textual description of the entity. ……." ::= { system 1 } sysServices (7) sysLocation (6) sysDescr (1) system (mib-2 1) sysObjectId (2) sysUpTime (3) sysName (5) sysContact (4) sysObjectID OBJECT-TYPE SYNTAX OBJECT IDENTIFIER ACCESS read-only STATUS mandatory DESCRIPTION "The vendor's authoritative identification of the network management subsystem contained in the entity." ::= { system 2 } sysUpTime OBJECT-TYPE SYNTAX TimeTicks ACCESS read-only STATUS mandatory DESCRIPTION "The time (in hundredths of a second) since the network management portion of the system was last reinitialized." ::= { system 3 }

47 MIB, System Group Fault monitoring:
By periodically polling each agent for this value; if the current value is less than the most recent value, then the agent has been restarted since last poll! Programmed by vendor of objects during manufacturing time

48 MIB, Interface Group ifTable (2) ifNumber (1) interfaces (mib-2 2) ifEntry ifIndex (1) ifDescr (2) ifType (3) ifMtu (4) ifSpeed (5) ifPhysAddress (6) ifAdminstatus (7) ifOperStatus (8) ifLastChange (9) ifInOctets (10) ifInUcastPkts (11) ifSpecific (22) ifOutQLen (21) ifOutErrors (20) ifOutDiscards (19) ifOutNUcastPkts (18) ifOutUcastPkts (17) ifOutOctets (16) ifUnknownProtos (15) ifInErrors (14) ifInDiscards (13) ifInNUcastPkts (12) It specifies the number of interfaces in a network component and the managed objects associated with each interface E.g., Ethernet bridge with many network interface cards Implementation: mandatory interfaces OBJECT IDENTIFIER ::= { mib-2 2 }

49 MIB, Interface Group ifNumber OBJECT-TYPE SYNTAX INTEGER
ifTable (2) ifNumber (1) interfaces (mib-2 2) ifEntry ifNumber OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The number of network interfaces (regardless of their current state) present on this system." ::= { interfaces 1 } ifEntry OBJECT-TYPE SYNTAX IfEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "An interface entry containing objects at the sub-network layer and below for a particular interface." INDEX { ifIndex } ::= { ifTable 1 } ifTable OBJECT-TYPE SYNTAX SEQUENCE OF IfEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A list of interface entries. The number of entries is given by the value of ifNumber." ::= { interfaces 2 } IfEntry ::= SEQUENCE {ifIndex INTEGER, ifDescr DisplayString, ifType INTEGER, ifMtu INTEGER, ifSpeed Gauge, ifPhysAddress PhysAddress, ifAdminStatus INTEGER, ifOperStatus INTEGER, ifLastChange TimeTicks, ifInOctets Counter, ……}

50 MIB, Interface Group ifTable (2) ifNumber (1) interfaces (mib-2 2) ifEntry ifIndex (1) ifDescr (2) ifType (3) ifMtu (4) ifSpeed (5) ifPhysAddress (6) ifAdminstatus (7) ifOperStatus (8) ifLastChange (9) ifInOctets (10) ifInUcastPkts (11) ifSpecific (22) ifOutQLen (21) ifOutErrors (20) ifOutDiscards (19) ifOutNUcastPkts (18) ifOutUcastPkts (17) ifOutOctets (16) ifUnknownProtos (15) ifInErrors (14) ifInDiscards (13) ifInNUcastPkts (12) Basic information useful for network management such as performance monitoring and fault control Examples 1)-measuring the queue length or the total number of octets into/out of the system-- indicators for detecting congestion 2)- measuring the traffic rate on a given interface! ifInUcastPkts/second, ifOutUcastPkts/second Counter data types, always incrementing!

51 MIB, IP Group ipRoutingDiscards (23) ip (mib-2 4) ipForwarding (1) ipDefaultTTL (2) ipInReceives (3) ipInHdrErrors (4) ipInAddrErrors (5) ipForwDatagrams (6) ipInUnknownProtos (7) ipInDiscards (8) ipInDelivers (9) ipOutRequests(10) ipNetToMediaTable (22) ipRouteTable (21) ipAddrTable (20) ipFragCreates (19) ipFragFails (18) ipFragOKs (17) ipReasmFails (16) ipReasmOKs (15) ipReasmReqds (14) ipOutDiscards (11) ipReasmTimeout (13) ipOutNoRoutes (12) Contains information relevant to the implementation and operation of IP at a node Routers periodically execute routing algorithms and update routing tables IP Address Table contains table of IP addresses IP Route Table contains an entry for each route IP Network-to-Media Table is address translation table mapping IP addresses to physical addresses

52 MIB, IP Group Gateway or router TTL in IP header Total # packets
ipRoutingDiscards (23) ip (mib-2 4) ipForwarding (1) ipDefaultTTL (2) ipInReceives (3) ipInHdrErrors (4) ipInAddrErrors (5) ipForwDatagrams (6) ipInUnknownProtos (7) ipInDiscards (8) ipInDelivers (9) ipOutRequests(10) ipNetToMediaTable (22) ipRouteTable (21) ipAddrTable (20) ipFragCreates (19) ipFragFails (18) ipFragOKs (17) ipReasmFails (16) ipReasmOKs (15) ipReasmReqds (14) ipOutDiscards (11) ipReasmTimeout (13) ipOutNoRoutes (12) Gateway or router TTL in IP header Total # packets received from interfaces # of discarded datagrams due to header errors

53 MIB, IP Group ipAddrTable (ip 20) ipAddrEntry (ipAddrTable 1)
ipAdEntAddr (1) ipAddrEntry (ipAddrTable 1) ipAdEntReasmMaxSize (5) ipAdEntBcastAddr (4) ipAddrTable (ip 20) ipAdEntIfIndex (2) ipAdEntNetMask (3)

54 MIB, IP Group Contains information used for Internet routing
ipRouteEntry ipRouteTable (1) ipRouteDest (1) ipRouteIfIndex (2) ipRouteMetric1 (3) ipRouteMetric2 (4) ipRouteMetric3 (5) ipRouteInfo (13) ipRouteMetric5 (12) ipRouteMask 11) ipRouteAge (10) ipRouteProto (9) ipRouteMetric4 (6) ipRouteType (8) ipRouteNextHop (7) ipRouteTable (ip 21) Contains information used for Internet routing ipRouteTable information is useful for: configuration monitoring, controlling the routing process as well as fault isolation

55 MIB, TCP Group Contains info. relevant to the implementation/operation of connection-oriented TCP tcp (mib-2 6) tcpRtoAlgorithm (1) tcpRtoMin (2) tcpRtoMax (3) tcpMaxConn (4) tcpActiveOpens (5) tcpOutRsts (15) tcpInErrors (14) tcpConnTable 13) tcpRetranSegs (12) tcpOutSegs (11) tcpPassiveOpens (6) tcpInSegs (10) tcpCurrEstab (9) tcpAttemptFails (7) tcpEstabResets (8) Timeout algorithm for retransmission Minimum value for retransmission timer # segments retransmitted Maximum value for retransmission timer # segments received # segments sent Maximum nb of TCP connections

56 MIB, TCP Group tcpConnEntry (1) tcpConnState (1)
tcpConnLocalAddress (2) tcpCommRemPort (5) tcpConnRemAddress(4) tcpConnLocalPort (3) tcpConnTable (tcp 13)

57 SNMP Network Management
Organization Model Communication Model Information Model Structure of Management Information (SMI) Managed Objects Management Information Base (MIB) SNMP Administrative Model SNMP Protocol Specs

58 SNMPv1 Administrator Model
SNMP Entities: SNMP application entities Reside in management stations and network elements Manager and agent Pairing of both entities forms SNMP community SNMP protocol entities Communication processes (PDU handlers) Peer processes that support application entities Administrative model defines administrative relationship between communicating entities Management stations, each manages all or a subset of the managed stations in the configuration Subsets may overlap Each managed station controls its local MIB control the use of MIB by a number of management stations

59 SNMPv1 Administrator Model
SNMP Community It is a relation: between one SNMP agent and a set of managers defines authentication, access control and proxy charct. SNMP Manager Authentication Scheme SNMP Agent Authentic Messages Multiple pairs can belong to the same community A community name is a string of octets Two application entities in the same community can communicate with each other This essentially defines a filter module or authentication scheme between manager and agent Security in SNMPv1 is therefore community-based no encryption

60 SNMPv1 Administrator Model
SNMP Community Profile Operations such as get, set and trap can be performed on objects 2,3,4 SNMP Agent Object 2 read-only READ- ONLY WRITE SNMP Access Mode SNMP MIB View MIB Access Object 3 write-only Object 1 not-accessible Object 4 read-write only get, and trap are performed on objects 2,3,4 Community profile: MIB view + SNMP access mode MIB View: a subset of the managed objects an agent is permitted to manage/view A community name is also assigned an SNMP access mode READ ONLY, READ-WRITE Operations on an object is determined by community profile and the access mode of the object Total of four access privileges Read-only, write-only, read- write, not-accessible Some objects, such as table and table entry, are non-accessible

61 SNMPv1 Administrator Model
SNMP Access Policy Community Community Profile 1 Community Profile 2 Agent 2 Agent 1 Manager Pair of “SNMP community” and “community profile” define SNMP access policy Access policy allow a managed agent to give different access privileges to different managers Manager manages network components of communities 1 and 2 via Agents 1 and 2 Agent 1 has only view of Community Profile 1, e.g. Cisco components Agent 2 has only view of Community Profile 2, e.g. 3Com components Manager has total view of both Cisco and 3Com components

62 SNMPv1 Administrator Model
SNMP Access Policy Community 1 Community Profile 1 Community Profile 2 Manager 3 (Community 1, Community 2) Agent 2 Agent 1 Community 2 Community Profile 3 Community Profile 4 Agent 4 Agent 3 Manager 2 (Community 2) Manager 1 (Community 1) Manager 1 manages community 1, manager 2 community 2,and manager 3 (MoM) both communities 1 and 2 Example: Enterprise management

63 SNMPv1 Administrator Model
SNMP Proxy Access Policy Proxy agent enables non- SNMP community elements to be managed by an SNMP manager An SNMP MIB is created to handle the non-SNMP objects SNMP Community non-SNMP Community Proxy Agent SNMP Agent SNMP Manager (Community 1)

64 SNMP Network Management
Organization Model Communication Model Information Model Structure of Management Information (SMI) Managed Objects Management Information Base (MIB) SNMP Administrative Model SNMP Protocol Specs

65 Message Format version community data
Protocol entities support application entities Communication between remote peer processes Message consists of : Version identifier Community name Protocol Data Unit Message encapsulated in UDP datagrams and transmitted SNMP uses two well-known ports to operate: UDP Port SNMP Messages UDP Port SNMP Trap Messages

66 Message Format version community data SNMP message format is defined using ASN.1, encoded for transmission over UDP using BER Message ::= SEQUENCE { version INTEGER {version-1(0)}, community OCTET STRING, data PDUs } 3 different versions: SNMPv1, SNMPv2, SNMPv3

67 Message Format-Set/Get PDU
version community data Message ::= SEQUENCE { version INTEGER {version-1(0)}, community OCTET STRING, data PDUs } PDUs::= CHOICE { get-request [0] IMPLICIT PDU, get-next-request [1] IMPLICIT PDU, get-response [2] IMPLICIT PDU, set-request [3] IMPLICIT PDU, trap [4] IMPLICIT Trap-PDU }

68 Message Format-Set/Get PDU
request- id error- status variable-bindings error- index PDU- type request-id: track a message and indicate loss of a message (e.g., timeout, etc.) error-status: indicate the occurrence of error error-index: indicate the occurrence of error (position in the list of variables) variable-bindings: grouping of number of operations in a single message: e.g., one request to get all values and one response listing all values PDU ::= SEQUENCE { request-id INTEGER, error-status INTEGER { noError (0), tooBig (1), noSuchName(2), badValue (3), readOnly (4), genErr (5) }, error-index INTEGER, variable-bindings VarBindList }

69 Message Format-variable bindings
name value var-bind 1 var-bind 2 var-bind n . . . VarBindList ::= SEQUENCE OF VarBind VarBind ::= SEQUENCE { name ObjectName, value ObjectSyntax } ObjectName ::= OBJECT IDENTIFIER ObjectSyntax ::= CHOICE { simple SimpleSyntax, application-wide ApplicationSyntax }

70 Message Format-variable bindings
SimpleSyntax ::= CHOICE { number INTEGER, string OCTET STRING, object OBJECT IDENTIFIER, empty NULL } ApplicationSyntax::= CHOICE { address NetworkAddress, counter Counter, gauge Gauge, ticks TimeTicks, arbitrary Opaque } NetworkAddress::= CHOICE { internet IpAddress }

71 Message Format-Trap PDU
Entreprise Agent Address variable-bindings Generic Trap Type PDU- type Specific Time Stamp Trap-PDU ::= SEQUENCE { enterprise OBJECT IDENTIFIER, agent-addr NetworkAddress, generic-trap INTEGER { coldStart (0), warmStart (1), linkDown (2), linkUp (3), authenticationFailure(4), egpNeighborLoss (5), enterpriseSpecific (6) }, specific-trap INTEGER, time-stamp TimeTicks, variable-bindings VarBindList } Pertain to the system generating the trap (sysObjectID) -IP address of the objetc Specific code to identify the trap cause… Elapsed time since last re-initialization

Download ppt "SNMP Network Management (I)*"

Similar presentations

CN8861 Network & Service Management Spring 2014 Lecture 1 Recap Dept. of Electrical & Computer Engineering Ryerson University.

CN8861 Network & Service Management Spring 2014 Lecture 1 Recap Dept. of Electrical & Computer Engineering Ryerson University.
Communication and Functional Models

Communication and Functional Models
SNMP Management: Organization and Information Model

SNMP Management: Organization and Information Model
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 24 Network Management: SNMP.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 24 Network Management: SNMP.
TCP/IP Protocol Suite 1 Chapter 21 Upon completion you will be able to: Network Management: SNMP Understand the SNMP manager and the SNMP agent Understand.

TCP/IP Protocol Suite 1 Chapter 21 Upon completion you will be able to: Network Management: SNMP Understand the SNMP manager and the SNMP agent Understand.
CSEE W4140 Networking Laboratory Lecture 11: SNMP Jong Yul Kim 04.19.2010.

CSEE W4140 Networking Laboratory Lecture 11: SNMP Jong Yul Kim
CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.

CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.
1 Pertemuan 07 Model Komunikasi Matakuliah: H0372/Manajemen Jaringan Tahun: 2005 Versi: 1/0.

1 Pertemuan 07 Model Komunikasi Matakuliah: H0372/Manajemen Jaringan Tahun: 2005 Versi: 1/0.
MJ04/07041 Session 04 Arsitektur SNMP Organization Model Adapted from Network Management: Principles and Practice © Mani Subramanian 2000 and solely used.

MJ04/07041 Session 04 Arsitektur SNMP Organization Model Adapted from Network Management: Principles and Practice © Mani Subramanian 2000 and solely used.
1 SNMP Simple Network Management Protocol. 2 SNMP Overview Define mechanism for remote management of network devices (routers, bridges, etc.) Fundamental.

1 SNMP Simple Network Management Protocol. 2 SNMP Overview Define mechanism for remote management of network devices (routers, bridges, etc.) Fundamental.
Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 1 Simple Network Management Protocol (SNMP) Shivkumar Kalyanaraman Rensselaer Polytechnic Institute.

Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 1 Simple Network Management Protocol (SNMP) Shivkumar Kalyanaraman Rensselaer Polytechnic Institute.
COMP4690, by Dr Xiaowen Chu, HKBU

COMP4690, by Dr Xiaowen Chu, HKBU
SNMP Simple Network Management Protocol

SNMP Simple Network Management Protocol
SNMPv1 Communication and Functional Models

SNMPv1 Communication and Functional Models
1 Kyung Hee University Prof. Choong Seon HONG SNMP Management Information.

1 Kyung Hee University Prof. Choong Seon HONG SNMP Management Information.
SNMP (Simple Network Management Protocol) Jon Sevy Geometric and Intelligent Computing Laboratory Department of Mathematics and Computer Science Drexel.

SNMP (Simple Network Management Protocol) Jon Sevy Geometric and Intelligent Computing Laboratory Department of Mathematics and Computer Science Drexel.
Simple Network Management Protocol Week 6.  MIB data is input in encoded form.  Information is then compiled into the central MIB in the NCS.

Simple Network Management Protocol Week 6.  MIB data is input in encoded form.  Information is then compiled into the central MIB in the NCS.
Chapter 6 Overview Simple Network Management Protocol

Chapter 6 Overview Simple Network Management Protocol
McGraw-Hill The McGraw-Hill Companies, Inc., 2000 SNMP Simple Network Management Protocol.

McGraw-Hill The McGraw-Hill Companies, Inc., 2000 SNMP Simple Network Management Protocol.
TCP/IP Protocol Suite 1 Chapter 21 Upon completion you will be able to: Network Management: SNMP Understand the SNMP manager and the SNMP agent Understand.

TCP/IP Protocol Suite 1 Chapter 21 Upon completion you will be able to: Network Management: SNMP Understand the SNMP manager and the SNMP agent Understand.

Similar presentations

Ads by Google