Simple Network Management Protocol

2,501 views

Published on

Credits: Ankita Mathur, Prasenjit Gayen, Sanjoy Pandey

Published in: Education, Technology
0 Comments
5 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,501
On SlideShare
0
From Embeds
0
Number of Embeds
10
Actions
Shares
0
Downloads
519
Comments
0
Likes
5
Embeds 0
No embeds

No notes for slide

Simple Network Management Protocol

  1. 1. Simple Network Management Protocol
  2. 2. What is SNMP? The Simple Network Management Protocol (SNMP) is an application layer protocol used to manage network resources. Designed to be Simple-very few commands. It concerns with Network Management. It’s a Protocol-defined by IETF.
  3. 3. What does SNMP manage? …all SNMP compatible devices. servers workstations routers switches printers …many more.
  4. 4. SNMP Functionality?  Fault Management.  Configuration Management.  Accounting Management.  Performance Monitoring and Management.  Security Management. Local and/or Remote
  5. 5. SNMP Components SNMP Manager. SNMP Agent. MIB- Management Information Base. Network SNMP Manager Process MIB Request Response Trap SNMP Agent Process MIB
  6. 6. SNMP Manager Software that runs on some administrative computer and manages the whole network. Capable of querying any managed device - via polling. Capable enforcing management decision in Network. Normally runs on very few system compared to SNMP agents.
  7. 7. SNMP Agent Small piece of code that runs on every SNMP managed device and gathers and sends data about that managed resource in response to a request from the manager. Collects information from network device, on which it resides and stores in MIB. Replies to manager with proper information when asked for. Can initiate communication with SNMP manager using traps.
  8. 8. SNMP Proxy A Proxy Agent is an SNMP agent that maintains information of one or more non-SNMP devices. Proxy Agent does the conversion of control messages. ..may run some other NMS. SNMP Manager SNMP Agent SNMP Community Proxy Agent Non-SNMP Community
  9. 9. SNMP Internals How Management Information will be stored? SMI: Structure of Management Information What Management Information data will be stored? MIBs: Management Information Base How information would be exchanged on network? SNMP: Simple Network Management Protocol
  10. 10. SMI-Structure of Management Information Defines the data types allowed in MIB. Defines naming structure for each managed objects (MO). Typically each MIB objects has six attributes- Object Name Object Identifier Syntax Field Access field RFC-1155 Status Field Text Descriptor
  11. 11. Management Information Base  MIB is collection of network information. Contains the real values of managed objects in the agent in the form of variables, tables of variables.  Access - through network management protocol.  MO in MIB - represent characteristics of a managed device.  Changes is done in agent MIB.  MIB definition is available in manager. RFC-1156
  12. 12. MIB Object Naming Tree • Object Identifier – Uniquely identify an object in Management Information Base. 1.3.6.1.4.1.9
  13. 13. MIB Syntax sysContact OBJECT-TYPE -- OBJECT-TYPE is a macro SYNTAX DisplayString (SIZE (0..255)) ACCESS read-write -- or read-write, write-only, not-accessible STATUS mandatory -- or optional, deprecated, obsolete DESCRIPTION “Chris Francois cfrancois@acm.org (360)650-0000” ::= { system 4 }
  14. 14. MIB example: UDP module Object ID…....Name……………………Type…………………Comments………………………………………. 1.3.6.1.2.1.7.1 UDPInDatagrams Counter32 total # datagrams delivered at this time 1.3.6.1.2.1.7.2 UDPNoPorts Counter32 # underliverable datagrams no app at portl 1.3.6.1.2.1.7.3 UDInErrors Counter32 # undeliverable datagrams all other reasons 1.3.6.1.2.1.7.4 UDPOutDatagrams Counter32 1.3.6.1.2.1.7.5 udpTable SEQUENCE # datagrams sent one entry for each port in use by app, gives port #and IP address 8-14
  15. 15. SNMP Version1 Introduced in 1988, maintained by IETF. SNMP protocol facilitates communication between managed device and SNMP manager. Five messages was introduced in SNMP v1. GetRequest SetRequest GetNextRequest Trap Response Manager to Agent Agent to Manager
  16. 16. SNMP Messages  Get-Request Sent by manager requesting specific data from agent.  Get-Next-Request Sent by manager requesting data on the next MO to the one specified.  Set-Request Initializes or changes the value of network element.  Get-Response Agent responds with data for get and set requests from the manager.  Trap Alarm generated by an agent.
  17. 17. SNMP v1 Communication is via SNMP Protocol Data Units (PDUs) that are typically encapsulated in UDP packets. UDP ports, 161 and 162, are the default ports reserved for SNMP. The agent listens for requests and replies to them over port 161. …reports asynchronous traps on port 162, unless it is instructed to use different ports.
  18. 18. SNMP Protocol Data Unit(PDU)
  19. 19. 0: GetRequest 1: GetNextRequest 2: SetRequest 3: GetResponse SNMP Request to Response association Indicates one of a number of errors and error types. Set by ‘Response’ operation. Others set it to ‘0’ Associates error with object instance. Set by ‘Response’ operation. Others set it to ‘0’ General PDU Structure PDU TYPE 4: Trap Request ID Error Status Error Index Generic Trap Type: 7 values are defined: coldStart(0) warmStart(1) linkDown(2) linkUp(3) authenticationFailure(4) egpNeighborLoss(5) enterpriseSpecific(6) Management Enterprise under whose registration Agent’s IP Address (for further authority trap was identification) defined. Trap PDU Structure PDU TYPE Enterprise Agent Addr Gen Trap Spec Trap Object 1 Value 1 Data Field of SNMPv1 PDU.  Associates Object instance with current Object 2 value. Value 2 Ignore for Get and GetNext Specific Trap Type: Identifies non-generic trap when Generic Trap Type set to ‘enterpriseSpecific(6)’ Time elapsed between last network reinitialization and trap generation Time Stamp Object 1 Value 1 Object 2 Value 2
  20. 20. Issues with SNMP v1 Security- Very low standards. × Passwords transmitted as plain text. No provision for authenticating message source. MIBs were not secured with ACL’s. Limited number of error handling.
  21. 21. SNMP v2 Improvement over SNMP v1. Improved security feature. …added manager to manager communication. Four version of SNMP v2SNMP v2p, SNMP v2c, SNMP v2u, SNMPv2*. SNMP v2 is not backward compatible with SNMP v1.
  22. 22. SNMP v2 additional operations Bulk Data Transfer GetBulkRequest message was added. Manager can request multiple values from agent via this message. …faster retrieval of multiple records. Manager to Manager communication InformRequest -information sharing between two SNMP manager. Improved error handling SNMPv2 includes expanded error code that distinguishes kind of error condition.
  23. 23. Interfacing SNMP v1 Bilingual Manager Implements both SNMP v1 and v2 interpreter in manager. Interpreter module do all MIB and protocol conversion to and from SNMP agent. SNMP PDU contains version number to identify the frame. Bilingual Manager SNMPv1 Interpreter SNMP v1 Agent SNMPv2 Interpreter SNMP v2 Agent Agent Profile
  24. 24. Interfacing SNMP v1 Proxy Server Requests to and response from SNMPv2 agents are processed by the SNMPv2 manager directly. A proxy server is implemented as a front end module to the SNMPv2 manager to allow communication with SNMPv1 agents. SNMPv2 Manager Proxy Server SNMPv1 Agent SNMPv2 Agent
  25. 25. SNMP v2 PDU 0: GetRequest 1: GetNextRequest 2: Response 3: Set Request 4. Obsolete 5. GetBulkRequest 6. InformRequest 7. SNMPv2 Trap PDU TYPE SNMP Request to Response association Request ID Indicates one of a number of errors and error types. Set by ‘Response’ operation. Others set it to ‘0’ Error Status Error Index SNMPv2 PDU (except bulk) Associates error with object instance. Set by ‘Response’ operation. Others set it to ‘0’ Object 1 Value 1 Object 2 Value 2 Data Field of SNMPv1 PDU.  Associates Object instance with current value. Ignore for Get and GetNext
  26. 26. SNMP v2 PDU PDU TYPE Request ID Non-Repeaters Max Repetitions Object 1 Value 1 SNMPv2 GetBulkRequest PDU Object 2 Value 2 …………… …………... Object n Value n
  27. 27. Issues with SNMP v2  Multiple versions of SNMP v2- no consensus.  Security-not much improvement.  Incompatibility with earlier version (v1). Overhead implementing Bilingual Manager or Proxy Server.
  28. 28. SNMP v3  A general framework for all three SNMP versions. Implements SNMP v1 and v2 specifications along with proposed new features.  Improved security feature.  Secure remote configuration. Protection against modification of information.
  29. 29. SNMP v3 Security Major security improvement of v3 from earlier versions areMessage Integrity -ensures that data has not been modified or tampered while in transit. Authentication-checks if the message is from a authorized source. Encryption-encrypt the data to prevent others from seeing the content. Data can be collected securely from SNMP devices without fear of the data being tampered with or corrupted.
  30. 30. SNMP v3 Architecture
  31. 31. SNMP v3 Engine SNMP engine provides services for sending, receiving messages, authenticating and encrypting messages, and controlling access to managed objects. Dispatcher- support concurrent multiple SNMP message. Send and receive SNMP message to and from the network. Determine SNMP version forward to corresponding message processing subsystem. Interface between network and SNMP applications.
  32. 32. SNMP v3 Engine  Message processing Subsystem Prepares message for sending in network. Extract information from received message.  Security Subsystem Provides security services-authentication, encryption etc. Contains multiple subsystem.  Access Control System Provides authorization services.
  33. 33. SNMP v3 Architecture
  34. 34. SNMP v3 Applications Command Generator  used to generate get-request, get-next-request, get-bulk and set-request messages.  …also processes response received from the sent commands. Command Responder  Processes the get and set request destined for it. Notification Receiver  Receives asynchronous messages and processes that. Notification Originator  Initiates asynchronous messages or traps. Proxy Forwarder  Forwards requests and notification to other SNMP engines, according to context  No matter what MO information contained in it.
  35. 35. Thank you!

×