• Like
Simple Network Management Protocol
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Simple Network Management Protocol

  • 768 views
Published

Credits: Ankita Mathur, Prasenjit Gayen, Sanjoy Pandey

Credits: Ankita Mathur, Prasenjit Gayen, Sanjoy Pandey

Published in Education , Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
768
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
73
Comments
0
Likes
2

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Simple Network Management Protocol
  • 2. What is SNMP? The Simple Network Management Protocol (SNMP) is an application layer protocol used to manage network resources. Designed to be Simple-very few commands. It concerns with Network Management. It’s a Protocol-defined by IETF.
  • 3. What does SNMP manage? …all SNMP compatible devices. servers workstations routers switches printers …many more.
  • 4. SNMP Functionality?  Fault Management.  Configuration Management.  Accounting Management.  Performance Monitoring and Management.  Security Management. Local and/or Remote
  • 5. SNMP Components SNMP Manager. SNMP Agent. MIB- Management Information Base. Network SNMP Manager Process MIB Request Response Trap SNMP Agent Process MIB
  • 6. SNMP Manager Software that runs on some administrative computer and manages the whole network. Capable of querying any managed device - via polling. Capable enforcing management decision in Network. Normally runs on very few system compared to SNMP agents.
  • 7. SNMP Agent Small piece of code that runs on every SNMP managed device and gathers and sends data about that managed resource in response to a request from the manager. Collects information from network device, on which it resides and stores in MIB. Replies to manager with proper information when asked for. Can initiate communication with SNMP manager using traps.
  • 8. SNMP Proxy A Proxy Agent is an SNMP agent that maintains information of one or more non-SNMP devices. Proxy Agent does the conversion of control messages. ..may run some other NMS. SNMP Manager SNMP Agent SNMP Community Proxy Agent Non-SNMP Community
  • 9. SNMP Internals How Management Information will be stored? SMI: Structure of Management Information What Management Information data will be stored? MIBs: Management Information Base How information would be exchanged on network? SNMP: Simple Network Management Protocol
  • 10. SMI-Structure of Management Information Defines the data types allowed in MIB. Defines naming structure for each managed objects (MO). Typically each MIB objects has six attributes- Object Name Object Identifier Syntax Field Access field RFC-1155 Status Field Text Descriptor
  • 11. Management Information Base  MIB is collection of network information. Contains the real values of managed objects in the agent in the form of variables, tables of variables.  Access - through network management protocol.  MO in MIB - represent characteristics of a managed device.  Changes is done in agent MIB.  MIB definition is available in manager. RFC-1156
  • 12. MIB Object Naming Tree • Object Identifier – Uniquely identify an object in Management Information Base. 1.3.6.1.4.1.9
  • 13. MIB Syntax sysContact OBJECT-TYPE -- OBJECT-TYPE is a macro SYNTAX DisplayString (SIZE (0..255)) ACCESS read-write -- or read-write, write-only, not-accessible STATUS mandatory -- or optional, deprecated, obsolete DESCRIPTION “Chris Francois cfrancois@acm.org (360)650-0000” ::= { system 4 }
  • 14. MIB example: UDP module Object ID…....Name……………………Type…………………Comments………………………………………. 1.3.6.1.2.1.7.1 UDPInDatagrams Counter32 total # datagrams delivered at this time 1.3.6.1.2.1.7.2 UDPNoPorts Counter32 # underliverable datagrams no app at portl 1.3.6.1.2.1.7.3 UDInErrors Counter32 # undeliverable datagrams all other reasons 1.3.6.1.2.1.7.4 UDPOutDatagrams Counter32 1.3.6.1.2.1.7.5 udpTable SEQUENCE # datagrams sent one entry for each port in use by app, gives port #and IP address 8-14
  • 15. SNMP Version1 Introduced in 1988, maintained by IETF. SNMP protocol facilitates communication between managed device and SNMP manager. Five messages was introduced in SNMP v1. GetRequest SetRequest GetNextRequest Trap Response Manager to Agent Agent to Manager
  • 16. SNMP Messages  Get-Request Sent by manager requesting specific data from agent.  Get-Next-Request Sent by manager requesting data on the next MO to the one specified.  Set-Request Initializes or changes the value of network element.  Get-Response Agent responds with data for get and set requests from the manager.  Trap Alarm generated by an agent.
  • 17. SNMP v1 Communication is via SNMP Protocol Data Units (PDUs) that are typically encapsulated in UDP packets. UDP ports, 161 and 162, are the default ports reserved for SNMP. The agent listens for requests and replies to them over port 161. …reports asynchronous traps on port 162, unless it is instructed to use different ports.
  • 18. SNMP Protocol Data Unit(PDU)
  • 19. 0: GetRequest 1: GetNextRequest 2: SetRequest 3: GetResponse SNMP Request to Response association Indicates one of a number of errors and error types. Set by ‘Response’ operation. Others set it to ‘0’ Associates error with object instance. Set by ‘Response’ operation. Others set it to ‘0’ General PDU Structure PDU TYPE 4: Trap Request ID Error Status Error Index Generic Trap Type: 7 values are defined: coldStart(0) warmStart(1) linkDown(2) linkUp(3) authenticationFailure(4) egpNeighborLoss(5) enterpriseSpecific(6) Management Enterprise under whose registration Agent’s IP Address (for further authority trap was identification) defined. Trap PDU Structure PDU TYPE Enterprise Agent Addr Gen Trap Spec Trap Object 1 Value 1 Data Field of SNMPv1 PDU.  Associates Object instance with current Object 2 value. Value 2 Ignore for Get and GetNext Specific Trap Type: Identifies non-generic trap when Generic Trap Type set to ‘enterpriseSpecific(6)’ Time elapsed between last network reinitialization and trap generation Time Stamp Object 1 Value 1 Object 2 Value 2
  • 20. Issues with SNMP v1 Security- Very low standards. × Passwords transmitted as plain text. No provision for authenticating message source. MIBs were not secured with ACL’s. Limited number of error handling.
  • 21. SNMP v2 Improvement over SNMP v1. Improved security feature. …added manager to manager communication. Four version of SNMP v2SNMP v2p, SNMP v2c, SNMP v2u, SNMPv2*. SNMP v2 is not backward compatible with SNMP v1.
  • 22. SNMP v2 additional operations Bulk Data Transfer GetBulkRequest message was added. Manager can request multiple values from agent via this message. …faster retrieval of multiple records. Manager to Manager communication InformRequest -information sharing between two SNMP manager. Improved error handling SNMPv2 includes expanded error code that distinguishes kind of error condition.
  • 23. Interfacing SNMP v1 Bilingual Manager Implements both SNMP v1 and v2 interpreter in manager. Interpreter module do all MIB and protocol conversion to and from SNMP agent. SNMP PDU contains version number to identify the frame. Bilingual Manager SNMPv1 Interpreter SNMP v1 Agent SNMPv2 Interpreter SNMP v2 Agent Agent Profile
  • 24. Interfacing SNMP v1 Proxy Server Requests to and response from SNMPv2 agents are processed by the SNMPv2 manager directly. A proxy server is implemented as a front end module to the SNMPv2 manager to allow communication with SNMPv1 agents. SNMPv2 Manager Proxy Server SNMPv1 Agent SNMPv2 Agent
  • 25. SNMP v2 PDU 0: GetRequest 1: GetNextRequest 2: Response 3: Set Request 4. Obsolete 5. GetBulkRequest 6. InformRequest 7. SNMPv2 Trap PDU TYPE SNMP Request to Response association Request ID Indicates one of a number of errors and error types. Set by ‘Response’ operation. Others set it to ‘0’ Error Status Error Index SNMPv2 PDU (except bulk) Associates error with object instance. Set by ‘Response’ operation. Others set it to ‘0’ Object 1 Value 1 Object 2 Value 2 Data Field of SNMPv1 PDU.  Associates Object instance with current value. Ignore for Get and GetNext
  • 26. SNMP v2 PDU PDU TYPE Request ID Non-Repeaters Max Repetitions Object 1 Value 1 SNMPv2 GetBulkRequest PDU Object 2 Value 2 …………… …………... Object n Value n
  • 27. Issues with SNMP v2  Multiple versions of SNMP v2- no consensus.  Security-not much improvement.  Incompatibility with earlier version (v1). Overhead implementing Bilingual Manager or Proxy Server.
  • 28. SNMP v3  A general framework for all three SNMP versions. Implements SNMP v1 and v2 specifications along with proposed new features.  Improved security feature.  Secure remote configuration. Protection against modification of information.
  • 29. SNMP v3 Security Major security improvement of v3 from earlier versions areMessage Integrity -ensures that data has not been modified or tampered while in transit. Authentication-checks if the message is from a authorized source. Encryption-encrypt the data to prevent others from seeing the content. Data can be collected securely from SNMP devices without fear of the data being tampered with or corrupted.
  • 30. SNMP v3 Architecture
  • 31. SNMP v3 Engine SNMP engine provides services for sending, receiving messages, authenticating and encrypting messages, and controlling access to managed objects. Dispatcher- support concurrent multiple SNMP message. Send and receive SNMP message to and from the network. Determine SNMP version forward to corresponding message processing subsystem. Interface between network and SNMP applications.
  • 32. SNMP v3 Engine  Message processing Subsystem Prepares message for sending in network. Extract information from received message.  Security Subsystem Provides security services-authentication, encryption etc. Contains multiple subsystem.  Access Control System Provides authorization services.
  • 33. SNMP v3 Architecture
  • 34. SNMP v3 Applications Command Generator  used to generate get-request, get-next-request, get-bulk and set-request messages.  …also processes response received from the sent commands. Command Responder  Processes the get and set request destined for it. Notification Receiver  Receives asynchronous messages and processes that. Notification Originator  Initiates asynchronous messages or traps. Proxy Forwarder  Forwards requests and notification to other SNMP engines, according to context  No matter what MO information contained in it.
  • 35. Thank you!