• Save
SNMP
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

SNMP

on

  • 1,323 views

SNMP is a tool (protocol) that allows for remote and local management of items on the network including servers, workstations, routers, switches and other managed devices. ...

SNMP is a tool (protocol) that allows for remote and local management of items on the network including servers, workstations, routers, switches and other managed devices.
•It is an application level protocol and is designed for application layer so that it can monitor devices made by different manufacturers and installed on different physical networks.
•In other words SNMP frees management tasks from both the physical characteristics of managed devices and the underlying network technology.
•It is based on the concept of manager and agent.
–Agent - process running on each managed node collecting information about the device it is running on. It is a router or a host that runs SNMP server program
–Manager - process running on a management workstation that requests information about devices on the network. It is a host that runs the SNMP client program.

Statistics

Views

Total Views
1,323
Views on SlideShare
1,321
Embed Views
2

Actions

Likes
0
Downloads
0
Comments
0

1 Embed 2

http://www.linkedin.com 2

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

SNMP Presentation Transcript

  • 1. SPC2517 CNP Presentation SNMP Anshuman Biswal PT 2012 Batch, Reg. No.: CJB0412001M. Sc. (Engg.) in Computer Science and Networking Module Leader: Narasimha Murthy K. R. Module Name: Computer Networks and Protocols Module Code : SPC2517 M. S. Ramaiah School of Advanced Studies 1
  • 2. Marking Head Maximum ScoreTechnical Content 10Grasp and Understanding 10Delivery – Technical and 10General AspectsHandling Questions 10 Total 40 M. S. Ramaiah School of Advanced Studies 2
  • 3. Presentation Outline• Network Management History• SNMP Versions• What is SNMP ?• How SNMP works?• SNMP management component – SMI • SMI data Type • SMI encoding method • Codes of data types – MIB • Accessing MIB variables• SNMP PDU ( Protocol Data Unit)• SNMP PDU Formats• SNMP Messages• SNMP UDP Ports• SNMP v3 Architecture• SNMP v3 Management Architecture• SNMP v3 Agent Architecture M. S. Ramaiah School of Advanced Studies 3
  • 4. Network Management History• 1983 - TCP/IP replaces ARPANET at U.S. Dept. of Defense, effective birth of Internet• First model for net management - HEMS - High-Level Entity Management System (RFCs 1021,1022,1024,1076)• 1987 - ISO OSI proposes CMIP - Common Management Information Protocol, and CMOT (CMIP over TCP) for the actual network management protocol for use on the internet• Nov. 1987 - SGMP - Simple Gateway Monitoring protocol (RFC 1028)• 1989 - Marshall T. Rose heads up SNMP working group to create a common network management framework to be used by both SGMP and CMOT to allow for transition to CMOT• Apr. 1989 - SNMP promoted to recommended status as the de facto TCP/IP network management framework (RFC 1098)• June 1989 - IAB committee decides to let SNMP and CMOT develop separately• Aug. 1989 - “Internet-standard Network Management Framework” defined (RFCs 1065, 1066, 1067)• May 1990 - IAB promotes SNMP to a standard protocol with a recommended status (RFC 1157)• Mar. 1991 - format of MIBs and traps defined (RFCs 1212, 1215)• TCP/IP MIB definition revised to create SNMPv1 (RFC 1213) M. S. Ramaiah School of Advanced Studies 4
  • 5. SNMP Versions• Two major versions SNMPv1, SNMPv2• SNMPv1 is the recommended standard• SNMPv2 has become split into: – SNMPv2u - SNMPv2 with user-based security – SNMPv2* - SNMPv2 with user-based security and additional features – SNMPv2c - SNMPv2 without security • Adds “GetBulk” function and some new types • Adds RMON (remote monitoring) capability• SNMPv3 – SNMPv3 started from SNMPv1 (and not SNMPv2c) – Addresses security M. S. Ramaiah School of Advanced Studies 5
  • 6. What is SNMP ?• SNMP is a tool (protocol) that allows for remote and local management of items on the network including servers, workstations, routers, switches and other managed devices.• It is an application level protocol and is designed for application layer so that it can monitor devices made by different manufacturers and installed on different physical networks.• In other words SNMP frees management tasks from both the physical characteristics of managed devices and the underlying network technology.• It is based on the concept of manager and agent. – Agent - process running on each managed node collecting information about the device it is running on. It is a router or a host that runs SNMP server program – Manager - process running on a management workstation that requests information about devices on the network. It is a host that runs the SNMP client program. M. S. Ramaiah School of Advanced Studies 6
  • 7. How SNMP works? Management with SNMP is based on 3 basic ideas. 1. A manager checks an agent by requesting information that reflects the behavior of the agent. 2. A manager forces an agent to perform a task by resetting values in the agent database. 3. An agent contributes to management process by warning the manager of an unusual situation through traps . Commands Responses NotificationsManager Agent Internet M. S. Ramaiah School of Advanced Studies 7
  • 8. SNMP Management Component SNMP SMI MIB Structure of Management Information Management Information Base1. It defines the format of the 1. It defines general rules for 1. It creates a collection of named packet exchanged between a naming objects, defining object objects, their types and their manager and an agent. types ( including range and relationships to each other in an2. It also interprets the results and length ) and showing how to entity to be managed. create the statistics ( often with encode objects and values. the help of other management Note:- SMI does not define the software.) number of objects an entity3. The SNMP packets exchanged should manage or name the contains the objects( variables) objects to be managed or define names and their status ( the association between the values).SNMP is responsible for objects and their values. reading and changing their values.Analogy:1. For writing a program we need rules i.e. syntax. It also defines structure variable (simple, structured, pointer and so on) how the variables must be named and type of data to be used. In network management SMI does this task.2. Most computer language require that variables be declared. The declaration names each variable and defines the predefine type and size. In network management this is done by MIB.3. After declaration the program needs to write statements to store values in variables and change them if needed. In network management this is done by SNMP. M. S. Ramaiah School of Advanced Studies 8
  • 9. Structure of Management Information (SMI) • SMI is a guideline for SNMP. It emphasizes three attributes to handle an object: name, data type and encoding method. • Name: root• SMI requires that each managed object have itu-t iso-itu-uthe unique name. 0 iso 2•To name objects globally, SMI uses an object 1identifier which is a hierarchical identifierbased on a tree structure. org•The tree structure starts with an unnamed root. 3•Each object is defined by sequence of integersseparated by dots. dod 6•The tree structure can also define an object byusing a sequence of textual names separated by internet 1.3.6.1dots. 1 (iso.org.dod.internet)•The integer dot representation is used bySNMP and the textual dot representation is used mgmtby people. 2•The objects that are used in SNMP are located (iso.org.dod.internet,mgmt.mib-2)under the MIB-2 object, so their identifiers mib-2always start with 1.3.6.1.2.1 1 1.3.6.1.2.1 M. S. Ramaiah School of Advanced Studies 9
  • 10. SMI Data Type• Data Type: To define data types SMI uses fundamental ASN.1 ( Abstract Syntax Notation) definitions and add some new definitions.• Two Types: Simple Type and Structure Typea. Simple Type: These are atomic data types. Some of them are taken directly by ASN.1 and others are added by SMI.b. Structure types are two types: Sequence and Sequence of a. Sequence: A sequence data type is a combination of simple data type not necessarily of same type. It is analogous to struct or record of C language. b. Sequence of: A sequence of data type is a homogeneous combination of simple data type or a homogeneous combination of sequence data type. It is analogous to arrays in C language. M. S. Ramaiah School of Advanced Studies 10
  • 11. SMI Data Type (continued) Type Size DescriptionINTEGER 4 bytes An integer with a value between _231 and 231 - 1Integer32 4 bytes Same as INTEGERUnsigned32 4 bytes Unsigned with a value between 0 and 232 - 1 VariableOCTET STRING Byte string up to 65,535 bytes longOBJECTIDENTIFIER Variable An object identifierIPAddress 4 bytes An IP address made of four integers An integer whose value can be incremented from 0 to 232; when it reaches its maximum value, it wraps backCounter32 4 bytes to O.Counter64 8 bytes 64-bit counter Same as Counter32, but when it reaches its maximumGauge32 4 bytes value, it does not wrap; it remains there until it is resetTimeTicks 4 bytes A counting value that records time in 1/100 secondsBITS A string of bitsOpaque Variable Uninterrupted string ASN.1 data type SMI data type M. S. Ramaiah School of Advanced Studies 11
  • 12. SMI Encoding Method• SMI uses another standard , BER ( Basic Encoding rules), to encode data to be transmitted over network.BER specifies that each piece of data be encoded in triplet format: tag, length and value.• Tag: It is a 1 byte field that defines the type of data. It is composed of class(2 bits), format(1 bit) and Number (5 bits).• Class: defines scope of data. There are 4 classes: Universal (00), application wide (01), context specific(10) and private (11).• Universal data types: taken from ASN.1 ( INTEGER, OCTET STRING and Object Identifier)• Application wide: are added by SMI( IP Address, Counter, Gauge and Time Ticks)• The 5 context specific data types varies from protocol to protocol• The Private data types are vendor specific.• The format sub field indicate whether data is simple(0) or structured(1).• The number subfield further divides simple or structured data type into sub groups.• Length: The length field can be one or more bytes. – If it is 1 byte, the MSB is 0 and the other 7 bits define length of data. – If it is more than 1 byte, the MSB of the first byte must be 1.The other 7 bits of first byte define the number of bytes needed to define length.• Value: The value field codes the value of data according to the rules in BER. M. S. Ramaiah School of Advanced Studies 12
  • 13. Codes of Data typesExample: How to define INTEGER 14 02 04 00 00 00 0E 00000010 00000100 00000000 00000000 00000000 00001110tag(INTEGER) Length(4 bytes) Value(14) M. S. Ramaiah School of Advanced Studies 13
  • 14. Management Information Base (MIB) • The MIB-2(Management Information Base version 2 ) is the second component used in the network management. • Each agent (router) has its own MIB-2 which is the collection of all objects that a manager can manage. • The objects in MIB-2 are categorized under 10 different groups 1.3.6.1.2.1sys snmp 1 12 Mib-2 if trans 2 11 at 3 egp ip 8 4 icmp udp 5 tcp 7 6 M. S. Ramaiah School of Advanced Studies 14
  • 15. Accessing MIB variables•To access any simple variables we use the id of the group (1.3.6.1.2.1.7) followed by idof the variable.So to access following variablesudpInDatagrams = 1.3.6.1.2.1.7.1,udpNoPorts = 1.3.6.1.2.1.7.2etc.• But these object identifiers define variables and not the instance contents. To show theinstance or the contents we must add an instance suffix. The instance suffix for a simplevariable is simply a O. In other words, to show an instance of the above variables, weuse the following:udpInDatagrams.O = 1.3.6.1.2.1.7.1.0, udpNoPorts.O=1.3.6.1.2.1.7.2.0• To identify a table, we first use the table id. The udp group has only one table(with id 5) . So to access the table, we use the following: udpTable = 1.3.6.1.2.1.7.5 M. S. Ramaiah School of Advanced Studies 15
  • 16. Accessing MIB variables (continued)• However, the table is not at the leaf level in the tree structure. We cannot access the table; we define the entry (sequence) in the table (with id of 1), as follows: udpEntry = 1.3.6.1.2.1.7.5.1. This entry is also not a leaf and we cannot access it. We need to define each entity (field) in the entry udpLocalAddress = 1.3.6.1.2.1.7.5.1.1 and udpLocalPort = 1.3.6.1.2.1.7.5.1.2. These two variables are at the leaf of the tree.• Although we can access their instances, we need to define which instance. At any moment, the table can have several values for each local address/local port pair. To access a specific instance (row) of the table, we add the index to the above ids.• In MIB, the indexes of arrays are not integers (like most programming languages). The indexes are based on the value of one or more fields in the entries. The index of each row is a combination of two values say it can be a combination of local port number and local address. e.g. udpLocalAddress.181.23.45.14.23 = 1.3.6.1.2.7.5.1.1.181.23.45.14.23• Note that not all tables are indexed in the same way. Some tables are indexed by using the value of one field, others by using the value of two fields, and so on. M. S. Ramaiah School of Advanced Studies 16
  • 17. SNMP PDU(Protocol Data Unit) GetRequest The GetRequest PDU is sent from the manager (client) to the agent (server) to retrieve the value of a variable or a set of variables. GetNextRequest The GetNextRequest PDU is sent from the manager to the agent to retrieve the value of a variable.It is mostly used to retrieve the values of the entries in a table.If the manager does not know the indexes of the entries, it cannot retrieve the values. However,it can use GetNextRequest and define the ObjectId of the table. Because the first entry has the ObjectId immediately after the ObjectId of the table, the value of the first entry is returned. The manager can use this ObjectId to get the value of the next one, and so on GetBulkRequest The GetBulkRequest PDU is sent from the manager to the agent to retrieve a large amount of data. It can be used instead of multiple GetRequest and GetNextRequest PDUs SetRequest The SetRequest PDU is sent from the manager to the agent to set (store) a value in a variable. Response The Response PDU is sent from an agent to a manager in response to GetRequest or GetNextRequest. It contains the value(s) of the variable(s) requested by the manager. Trap The Trap (also called SNMPv2 Trap to distinguish it from SNMPv1 Trap) PDU is sent from the agent to the manager to report an event. For example, if the agent is rebooted, it informs the manager and reports the time of rebooting. InformRequest The InfornRequest PDU is sent from one manager to another remote manager to get the value of some variables from agents under the control of the remote manager. The remote manager responds with a Response PDU. Report The Report PDU is designed to report some types of errors between managers.It is not yet in use M. S. Ramaiah School of Advanced Studies 17
  • 18. SNMP PDU Format• PDU type - This field defines the type of the PDU.• Request ID- This field is a sequence number used by the manager in a Request PDU andrepeated by the agent in a response. It is used to match a request to a response.• Error status- This is an integer that is used only in Response PDUs to show the types of errorsreported by the agent. Its value is 0 in Request PDUs Status Name Meaning 0 noError No error 1 tooBig Response too big to fit in one message 2 noSuchName Variable does not exist 3 badValue The value to be stored is invalid 4 readOnly The value cannot be modified 5 genErr Other errors M. S. Ramaiah School of Advanced Studies 18
  • 19. SNMP PDU Format (continued)• Nonrepeaters - This field is used only in GetBulkRequest and replaces the error status field, which is empty in Request PDUs.• Error index - The error index is an offset that tells the manager which variable caused the error.• Max-repetition - This field is also used only in GetBulkRequest and replaces the error index field, which is empty in Request PDUs• VarBind list - This is a set of variables with the corresponding values the manager wants to retrieve or set. The values are null in GetRequest and GetNextRequest.• Note: The GetBulkRequest PDU differs from the others in two areas – Error status and error index values are zeros for all request messages except GetBulkRequest. – Error status field is replaced by nonrepeater field and error index field is replaced by max-repetitions field in GetBulkRequest. M. S. Ramaiah School of Advanced Studies 19
  • 20. SNMP Messages• SNMP does not send only a PDU, it embeds the PDU in a message.• A message in SNMPv3 is made of four elements: version, header, security parameters, and data (which include the encoded PDU).• Because the length of these elements is different from message to message, SNMP uses BER to encode each element. Remember that BER uses the tag and the length to define a value.• Version - defines the current version (3).• Header - contains values for message identification, maximum message size (the maximum size of the reply), message flag (one octet of data type OCTET STRING where each bit defines security type, such as privacy or authentication, Or other information), and a message security model (defining the security protocol).• security parameter - is used to create a message digest. M. S. Ramaiah School of Advanced Studies 20
  • 21. SNMP Messages (Continued ) • Data – It contains the PDU. If the data are encrypted, there is information about the encrypting engine (the manager program that did the encryption) and the encrypting context (the type of encryption) followed by the encrypted PDU. If the data are not encrypted, the data consist of just the PDU. To define the type of PDU, SNMP uses a tag. The class is context-sensitive (10), the format is structured (1), and the numbers are 0, 1,2, 3, 5, 6, 7, and 8 M. S. Ramaiah School of Advanced Studies 21
  • 22. SNMP UDP Ports• SNMP uses the services of UDP on two well-known ports, 161 and 162. port 161 is used by the server (agent), and the port 162 is used by the client (manager). Management Station Network Elements (NEs) Manager Agent SNMP SNMP 162 Any 161 Any UDP UDP IP IP Network Interface Network Interface M. S. Ramaiah School of Advanced Studies 22
  • 23. SNMP UDP Ports (continued)• The agent (server) issues a passive open on port 161. It then waits for a connection from a manager (client).• A manager (client) issues an active open, using an ephemeral port. The request messages are sent from the client to the server, using the ephemeral port as the source port and the well-known port 161 as the destination port.• The response messages are sent from the server to the client, using the well-known port 161 as the source port and the ephemeral port as the destination port.• The manager (client) issues a passive open on port 162.• It then waits for a connection from an agent (server).• Whenever it has a Trap message to send, an agent (server) issues an active open, using an ephemeral port. This connection is only one-way, from the server to the client. M. S. Ramaiah School of Advanced Studies 23
  • 24. SNMP v3 Architecture SNMP ENTITY SNMP APPLICATIONS COMMAND COMMAND NOTIFICATION NOTIFICATION PROXY GENERATOR RESPONDER ORIGINATOR RECEIVER FORWARDER OTHER OTHER SNMP ENGINE MESSAGE PROCESSING SECURITY ACCESS CONTROL DISPATCHER SUBSYSTEM SUBSYSTEM SUBSYSTEM• SNMP engine - An SNMP engine provides services for sending and receiving messages, authenticating and encrypting messages, and controlling access to managed objects. There is a one-to-one association between an SNMP engine and the SNMP entity which contains it. The engine contains: 1) a Dispatcher, 2) a Message Processing Subsystem, 3) a Security Subsystem, and 4) an Access Control Subsystem.• SNMP engine has a unique SNMP engine id. Since there is a one-to- one association between SNMP engines and SNMP entities, it also uniquely and unambiguously identifies the SNMP entity within that administrative domain. M. S. Ramaiah School of Advanced Studies 24
  • 25. SNMP v3 Architecture (continued)• Dispatcher- There is only one Dispatcher in an SNMP engine. It allows for concurrent support of multiple versions of SNMP messages in the SNMP engine. It does so by: - – sending and receiving SNMP messages to/from the network, – determining the version of an SNMP message and interacting with the corresponding Message Processing Model, – providing an abstract interface to SNMP applications for delivery of a PDU to an application. – providing an abstract interface for SNMP applications that allows them to send a PDU to a remote SNMP entity.• Message Processing Subsystem - The Message Processing Subsystem is responsible for preparing messages for sending, and extracting data from received messages. The Message Processing Subsystem potentially contains multiple Message Processing Models, like SNMP v1 MPM,SNMP v2 MPM,SNMP v2c MPM. Each Message Processing Model defines the format of a particular version of an SNMP message and coordinates the preparation and extraction of each such version-specific message format. M. S. Ramaiah School of Advanced Studies 25
  • 26. SNMP v3 Architecture (continued)• Security Subsystem - The Security Subsystem provides security services such as the authentication and privacy of messages and potentially contains multiple Security Models. • A Security Model specifies the threats against which it protects, the goals of its services, and the security protocols used to provide security services such as authentication and privacy • A Security Protocol specifies the mechanisms, procedures, and MIB objects used to provide a security service such as authentication or privacy.• Access Control Subsystem - The Access Control Subsystem provides authorization services by means of one or more Access Control Models. • An Access Control Model defines a particular access decision function in order to support decisions regarding access rights• Applications - There are several types of applications, including: – command generators, which monitor and manipulate management data, - – command responders, which provide access to management data, – notification originators, which initiate asynchronous messages, – notification receivers, which process asynchronous messages, and – proxy forwarders, which forward messages between entities. These applications make use of the services provided by the SNMP engine. M. S. Ramaiah School of Advanced Studies 26
  • 27. SNMPv3 Manager Architecture• An SNMP entity containing one or more command generator and/or notification receiver applications (along with their associated SNMP engine) has traditionally been called an SNMP manager. COMMAND NOTIFICATION GENERATOR RECEIVER PDU MESSAGE PROCESSING SECURITY SUBSYSTEM DISPATCHER SUBSYSTEM SNMPv1 COMMUNITY BASED SECURITY MODEL MESSAGE DISPATCHER SNMPv2C USER BASED SECURITY MODEL SNMPv3 OTHER TRANSPORT SECURITY MODEL OTHER MAPPINGS M. S. Ramaiah School of Advanced Studies 27
  • 28. SNMPv3 Agent Architecture• An SNMP entity containing one or more command responder and/or notification originator applications (along with their associated SNMP engine) has traditionally been called an SNMP agent. MANAGEMENT INFORMATION BASE ACCESS CONTROL SUBSYSTEM COMMAND VIEW BASED NOTIFICATION RESPONDER ORIGINATOR ACCESS CONTROL PDU MESSAGE PROCESSING SECURITY SUBSYSTEM DISPATCHER SUBSYSTEM SNMPv1 COMMUNITY BASED SECURITY MODEL MESSAGE DISPATCHER SNMPv2C USER BASED SECURITY MODEL SNMPv3 OTHER TRANSPORT SECURITY MODEL OTHER MAPPINGS M. S. Ramaiah School of Advanced Studies 28
  • 29. Conclusion• Simple Network Management Protocol (SNMP) is a framework for managing devices in an internet using the TCP/IP protocol suite.• A manager, usually a host, controls and monitors a set of agents, usually routers.• The manager is a host that runs the SNMP client program and the agent is a router or host that runs the SNMP server program.• SNMP frees management tasks from both the physical characteristics of the managed devices and the underlying networking technology.• SNMP uses the services of two other protocols: Structure of Management Information (SMI) and Management Information Base (MIB).• SMI names objects, defines the type of data that can be stored in an object, and encodes the data.• SMI objects are named according to a hierarchical tree structure.• SMI data types are defined according to Abstract Syntax Notation 1 (ASN.l).• SMI uses Basic Encoding Rules (BER) to encode data.• MIB is a collection of groups of objects that can be managed by SNMP.• MIB uses lexicographic ordering to manage its variables.• SNMP functions in three ways: 1. A manager can retrieve the value of an object defined in an agent. 2. A manager can store a value in an object defined in an agent. 3. An agent can send an alarm message to the manager.• SNMP defines eight types of packets: GetRequest, GetNextRequest, SetRequest,GetBulkRequest, Trap, InformRequest, Response, and Report.• SNMP uses the services of UDP on two well-known ports, 161 and 162.• SNMPv3 architecture ,SNMP v3 Manager and SNMP v3 Agent Architecture. M. S. Ramaiah School of Advanced Studies 29
  • 30. References[1] Forouzan B. A. (2000) Data Communication and Networking, 2nd edition, Tata McGraw-Hill.[2] Harrington,D.,Presuhn,R.,Wijnen,B.,(2002) An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks,RFC3411[Online]AvailableFrom: http://www.ietf.org/rfc/rfc3411.txt (Accessed:11 October 2012)[3] Rahul,B.(2002) Internetworking Technologies- An Engineering perspective, Prentice hall Of India M. S. Ramaiah School of Advanced Studies 30