SNMP introduction presented by Amin komeili August 2016

1. SNMP
Simple Network Management Protocol
By : Amin Komeili
A.Komeili@ymail.com

2. Contents
 1- SNMP & Network Management History & RFCs
 2- What is Network Management?
 3- What is SNMP?
 4- Advantages of using SNMP
 5-Ports and protocol (L4)
 6- Structure of Management Packet
 7- Structure of Management Information (SMI)
 8-Management Information Base (MIB)
 9- Simple Network Management Protocol (SNMP)
 10-Snmp Versions
 11- SNMPv1 & SNMPv2 Message Format
 12-SNMP Traps
 13- SNMPv3 Security Models & Levels
 14- SNMPv3 Message Format
 15- SNMP Disadvantage

3. SNMP & Network Management History
 1983 - TCP/IP replaces ARPANET at U.S. Dept. of Defense, effective birth of Internet
 First model for net management - HEMS - High-Level Entity Management System
(RFCs 1021,1022,1024,1076)
 1987 - ISO OSI proposes CMIP - Common Management Information Protocol, and
CMOT (CMIP over TCP) for the actual network management protocol for use on the
internet
 Nov. 1987 - SGMP - Simple Gateway Monitoring protocol (RFC 1028)
 1989 - Marshall T. Rose heads up SNMP working group to create a common network
management framework to be used by both SGMP and CMOT to allow for transition to
CMOT
 Aug. 1989 - “” defined (RFCs 1065, 1066, 1067) Internet-standard Network
Management Framework
 Apr. 1989 - SNMP promoted to recommended status as the de facto TCP/IP network
management framework (RFC 1098)
 June 1989 - IAB committee decides to let SNMP and CMOT develop separately
 May 1990 - IAB promotes SNMP to a standard protocol with a recommended status
(RFC 1157)
 Mar. 1991 - format of MIB2 and traps defined (RFCs 1212, 1215)
 TCP/IP MIB definition revised to create SNMPv1 (RFC 1213)
1

4. RFC Description Published Current Status
1065 SMIv1 Aug-88 Obsoleted by 1155
1066 SNMPv1 MIB Aug-88 Obsoleted by 1156
1067 SNMPv1 Aug-88 Obsoleted by 1098
1098 SNMPv1 Apr-89 Obsoleted by 1157
1155 SMIv1 May-90 Standard
1156 SNMPv1 MIB May-90 Historic
1157 SNMPv1 May-90 Standard
1158 SNMPv1 MIB-II May-90 Obsoleted by 1213
1212 SNMPv1 MIB definitions Mar-91 Standard
1213 SNMPv1 MIB-II Mar-91 Standard
1215 SNMPv1 traps Mar-91 Informational
1351 Secure SNMP administrative model Jul-92 Proposed Standard
1352 Secure SNMP managed objects Jul-92 Proposed Standard
1353 Secure SNMP security protocols Jul-92 Proposed Standard
1441 Introduction to SNMPv2 Apr-93 Proposed Standard
1442 SMIv2 Apr-93 Obsoleted by 1902
1443 Textual conventions for SNMPv2 Apr-93 Obsoleted by 1903
1444 Conformance statements for SNMPv2 Apr-93 Obsoleted by 1904
1445 SNMPv2 administrative model Apr-93 Historic
1446 SNMPv2 security protocols Apr-93 Historic
1447 SNMPv2 party MIB Apr-93 Historic
1448 SNMPv2 protocol operations Apr-93 Obsoleted by 1905
1449 SNMPv2 transport mapping Apr-93 Obsoleted by 1906
1450 SNMPv2 MIB Apr-93 Obsoleted by 1907
1451 Manger-to-manger MIB Apr-93 Historic
1452 Coexistence of SNMPv1 and SNMPv2 Apr-93 Obsoleted by 1908
1901 Community-Based SNMPv2 Jan-96 Experimental
1902 SMIv2 Jan-96 Draft Standard
1903 Textual conventions for SNMPv2 Jan-96 Draft Standard
1904 Conformance statements for SNMPv2 Jan-96 Draft Standard
1905 Protocol operations for SNMPv2 Jan-96 Draft Standard
1906 Transport mapping for SNMPv2 Jan-96 Draft Standard
1907 SNMPv2 MIB Jan-96 Draft Standard
1908 Coexistence of SNMPv1 and SNMPv2 Jan-96 Draft Standard
1909 Administrative infrastructure for SNMPv2 Feb-96 Experimental
1910 User-based security for SNMPv2 Feb-96 Experimental
SNMP RFC’s
2

5. What is Network Management?
Network management is the process of controlling a complex
data network to maximize its efficiency and productivity
The overall goal of network management is to help with the
complexity of a data network and to ensure that data can go
across it with maximum efficiency and transparency to the
users
Basic tasks that fall under this category are:
•Fault Management
•Dealing with problems and emergencies in the network (router stops
routing, server loses power, etc.)
•Performance Management
•How smoothly is the network running?
•Can it handle the workload it currently has?
•# of packets dropped, timeouts, …
•Configuration Management
•Keeping track of device settings and how they function (- inventory,
configuration, ..)
3

6. What is SNMP?
 SNMP is a layer 7 protocol that allows for remote
and local management of items on the network
including servers, workstations, routers, switches
and other managed devices.
 Comprised of Agents and NMS and Managed Devices
•Agent - process running on each managed node collecting
information about the device it is running on.
•Network Management system (NMS) - process running
on a management workstation that requests information about
devices on the network.
•Managed Devices - A managed device is a network node that
implements an SNMP interface that allows unidirectional (read-only)
or bidirectional (read and write) access to node-specific information
4

7. SNMP Operational Model
5

8. Advantages of using SNMP
Standardized protocol: SNMP is the standard network management
protocol for TCP/IP networks and IPX and Appletalk
Universal acceptance: All major vendors support SNMP. All SNMP-
managed devices use the same type of management interface to
support a common set of network management information.
Portability: SNMP is independent of operating system and
programming language. The functional design of SNMP is also
portable and it defines a core set of operations that must function
identically in all devices that support SNMP.
Extendibility: SNMP is a core set of operations that remain the same
on all managed devices. SNMP has the capability of supporting any
type of information on any type of device that may be part of any type
of network devices.
6

9. Ports & Protocol
•SNMP uses User Datagram Protocol (UDP) as the
transport mechanism for SNMP messages
•UDP Port 161 - SNMP Messages
•UDP Port 162 - SNMP Trap Messages
•Like FTP, SNMP uses two well-known ports to operate:
Ethernet
Frame IP
Packet
UDP
Datagram
SNMP Message CRC
7

10. Companion of network management
To do management tasks, SNMP uses two
components: Structure of Management
Information (SMI) and Management Information
Base (MIB). In other words, management on the
Internet is done through the cooperation of three
protocols: SNMP, SMI, and MIB, as shown in
Figure
8

11. Comparing computer programming and
network management
9

12. Structure of Management Information (SMI)
The SMI, is a component for network management. Performs the
functions such as
- To name objects.
- To define the type of data that can be stored in an object.
- To show how to encode data for transmission over the
network.
SMI is guideline for SNMP, it emphasizes three attributes to
handle an object: name, data type and encoding method
10

13. Structure of SMI
Name:
13
 Define a Names and specific Object Identifier (OID):
 Global identifier for a particular object type.
 An OID consists of a sequence of integers, which specify the position of
the object in the global object identifier tree.
root
ccitt iso joint-iso-ccitt
directory
0 1 2
reg
authority
member
body
org1 2
3
dod
internet
6
1
1
2 4mgmt private
MIB II
system
1
interface
2
at
3
IP
4
ICMP
5
TCP
6
UDP
7
EGP
8
Trans.
9
SNMP
10
1 1
enterprises
1.3.6.1.2.1.2 1.3.6.1.4.1
1.3.6.1.2.1
MIB
interface
enterprises
11

14. Structure of SMI
Name:
•The SMI, requires that each managed object (such as a
router, a variable in a router, a value) have a unique name.
•To name objects globally, SMI uses an “Object Identifier”,
which is a hierarchical identifier based on tree structure.
•Tree structure starts with an unnamed root, each object can
be defined by using a sequence of integers separated by dots
(used by SNMP).
•Tree structure can also define an object by using a sequence
of textual names separated by dots (used by people).
- for example:
iso.org.dod.internet.mgmt.mib = 1.3.6.1.2.1
The objects that are used in SNMP are located under mib
object, so their identifiers always starts with 1.3.6.1.2.1
12

15. Structure of the SMI Object Name Hierarchy
oWithin iso(1), the ISO has created a subtree for use by other
organizations, called org(3).
ccitt(0): For ITU (formerly the CCITT) standards
ojoint-iso-ccitt(2): For joint standards
Following the iso(1) node, we see the following at the next several levels:
oWithin org(3), there is a subtree for the United States Department of
Defense, which as you may recall was the originator of the Internet: dod(6).
Within dod(6), there is a subtree called internet(1).
Everything we work with in SNMP is under this one very specific subtree:
1.3.6.1, which if we used the text labels would be “iso.org.dod.internet”.
Within this part of the name space, there are six subtrees below:
odirectory(1): Reserved for future use by ISO.
13

16. omgmt(2): The primary subtree where MIB objects are
located. This is “1.3.6.1.2”. It contains a subtree called mib(1),
which is 1.3.6.1.2.1. When MIB-II was created, a subtree
called mib-2(1) was created using the same number,
1.3.6.1.2.1.
experimental(3): Contains objects used for standards under
development. This is “1.3.6.1.3”.
oprivate(4): Used for objects defined by private companies.
This node, 1.3.6.1.4, has a subtree called enterprise(1), which
is 1.3.6.1.4.1.
security(5): Reserved for security use.
osnmpV2(6): Defines objects used specifically for SNMP
version 2.
Structure of the SMI Object Name Hierarchy 14

17. Structure of SMI
Type of data:
• The second attribute of an object is the type of data stored
in it.
• To define the data type, SMI uses fundamental Abstract
Syntax Notation 1 (ASN.1) definitions and adds some new
definitions i.e. SMI is both a subset and superset of ASN.1.
• It has 2 categories of data types: simple and structured.
15

18. Structure of SMI
Type of data:
• Simple data type: the first five are from ASN.1; next
seven are defined by SMI.
Type Size Description
INTEGER 4 bytes An integer with a value between -231 and 231-1
Integer32 4 bytes Same as INTEGER
Unsigned32 4 bytes Unsigned with value between 0 and 232-1
OCTECT STRING Variable Byte string up to 65,535 bytes long
OBJECT
IDENTIFIER
Variable An Object Identifier
IPAddress 4 bytes An IP Address made of 4 integers
Counter32 4 bytes An Integer whose value can be incremented from 0 to 232; when
it reaches its maximum value, it wraps back to 0
Counter64 8 bytes 64-bit counter
Gauge32 4 bytes Same as Counter32, but when it reaches its maximum value, it
does not wrap; it remains there until it is reset.
TimeTicks 4 bytes A counting value that records time in 1/100 second
16

19. Structure of SMI
Type of data:
•Structured data type: SMI defines two structured data types-
Sequence and Sequence of.
•Sequence: it is a combination of simple data types, not
necessarily same type. It is like the concept of struct in C.
•Sequence of: it is a combination of simple data types all of
same type. It is like the concept of array in C.
17

20. Structure of SMI
Data Encoding Method:
Following table shows the data types and their tags in binary and
Hexadecimal numbers.
Data Type Format Number Tag
(Binary)
Tag
(Hex)
INTEGER 0 00010 00000010 02
OCTECT STRING 0 00100 00000100 04
OBJECT IDENTIFIER 0 00110 00000110 06
NULL 0 00101 00000101 05
Sequence, Sequence
of
1 10000 00110000 30
IPAddress 0 00000 01000000 40
Counter 0 00001 01000001 41
Gauge 0 00010 01000010 42
TimeTicks 0 00011 01000011 43
18

21. Comparing computer programming and
network management
19

22. MIB (Management Information Base)
MIB : is a second component used in network management.
Each agent has its own MIB, which is a collection of all objects that
the manager can manage.
The objects in MIB are categorized under different groups: system,
interface, address translation, ip, icmp, tcp, udp, egp, and etc
These groups are under MIB object in the object identifier tree. Each
group has defined variables and/ or tables.
20

23. MIB (Management Information Base)
Following is a brief description of some of the objects.
sys: system object defines general information about the node (system)
such as name, location, and lifetime.
if: interface object defines information about all the interfaces of the node
including interface no. physical address.
at: address translation object defines information about the ARP table.
ip: this object defines information related to IP (routing table, IP address).
icmp: this object defines information about the ICMP (no. of packets sent
and received and total errors created).
tcp: this object defines information about the TCP (connection table, time-
out value, no. of ports and no. of packets sent and received ).
udp: this object defines information about the UDP ( no. of ports and no. of
packets sent and received ).
Snmp: this object defines information about SNMP (itself).
EGP: Contains information about the implementation and operation of EGP
at the managed system.
21

24. MIB (Management Information Base)
Accessing MIB variables:
Simple variables: to access the simple variables, we use the id of
the group followed by the id of the variable. Following figure shows
how to access each variable.
For example: we use the group udp, then
variables under udp group can be accessed
as follows.
udpInDatagrams 1.3.6.1.2.1.7.1
udpNoPorts 1.3.6.1.2.1.7.2
udpInErrors 1.3.6.1.2.1.7.3
22

25. MIB (Management Information Base) 23

26. MIB (Management Information Base) 24

27. MIB (Management Information Base)
Get “System Group” of MIB II
Use get_request or get_next_request
sysDescr .1.3.6.1.2.1.1.1.0
sysTemperature .1.3.6.1.2.1.1.2.0
sysUptime .1.3.6.1.2.1.1.3.0
sysContact .1.3.6.1.2.1.1.4.0
sysName .1.3.6.1.2.1.1.5.0
sysSupply .1.3.6.1.2.1.1.6.0
25
Information about objects:
1-MIB2 RFC 1213
2-MIB File

28. OID View
http://www.oidview.com/mibs
26

29. MIB (Management Information Base) Private
27

30. MIB (Management Information Base) Private
28

31. 31
Private MIB Registration
 Companies can register their private MIB extensions in the global MIB
tree by contacting the Internet Assigned Numbers Authority (IANA).
http://www.iana.org/
 Currently assigned enterprise subtrees
ftp://ftp.isi.edu/in-notes/iana/assignments/enterprise-numbers
29

32. Comparing computer programming and
network management
30

33. SNMP Versions
•SNMPv1 is the recommended standard
•SNMPv2 has become split into:
•SNMPv3 Secure Version with Authentication and Hashing Algorithm
•SNMPv2u - SNMPv2 with security
•SNMPv2* - SNMPv2 security and additional features
•SNMPv2c - SNMPv2 without security
31

34. SNMP (Simple Network Management Protocol)
SNMP uses both SMI and MIB in Internet network management. It is an
application program that allows
1- A manager to retrieve the value of an object defined in an agent.
2- A manager to store a value in an object defined in an agent.
3- An agent to send an alarm message about an abnormal situation (such as
it’s rebooting) to the manager.
32

35. SNMP (Simple Network Management Protocol)
33

36. GetRequest
GetNextRequest
GetBulkRequest
Mgr-to-agent: “get me data”
(instance,next in list, block)
Message type Function
InformRequest
Report
Mgr-to-Mgr: here’s MIB value
SetRequest Mgr-to-agent: set MIB value
GetResponse Agent-to-mgr: value, response to
Request
Trap Agent-to-mgr: inform manager
of exceptional event
(typically a notification of something unexpected,
like an error)
SNMP (Simple Network Management Protocol)
34

37. SNMP: Codes for SNMP Messages
Types of Errors Status:
Status Name Meaning
0 noError No error
1 tooBig Response too big to fit in one
message
2 noSuchName Variables does not exist
3 badValue The value to be stored is invalid
4 readOnly The value can not be modified
5 genErr Other errors
35

38. 36

39. Traps
•Traps are unrequested event reports that are sent to a management system by an
SNMP agent process
•When a trappable event occurs, a trap message is generated by the agent and is
sent to a trap destination (a specific, configured network address)
•Many events can be configured to signal a trap, like a network cable fault, failing
NIC or Hard Drive, a “General Protection Fault”, or a power supply failure
•Traps can also be throttled -- You can limit the number of traps sent per second from
the agent
•Each Service has its own traps that you should enable for receiving them on NMS
37

40. SNMP Security models & Levels
SNMPv3 has added two new features to the previous version:
security and remote administration. SNMPv3 allows a manager to
choose one or more levels of security when accessing an agent.
Different aspects of security can be configured by the manager to
allow message authentication, confidentiality, and integrity.
SNMPv3 also allows remote configuration of security aspects without
requiring the administrator to actually be at the place where the device
is located.
38

41. SNMPv3 Message Format
msgVersion msgGlobalData msgSecurityParms msgData
msgID msgMaxSize msgFlags msgSecurityModel
A unique number
to identify each
security model
Security
Model
Specific
Message type and security services, present legal values are:
'100'b - a noAuthNoPriv request
'000'b - a noAuthNoPriv response or unacknowledged notification
'101'b - an authNoPriv request
'001'b - an authNoPriv response or unacknowledged notification
'111'b - an authPriv request
'011'b - an authPriv response or unacknowledged notification
39

42. SNMPv3 Message Format
NoAuthNoPriv
AuthPriv
40

43. SNMP Disadvantages
• One such problem is the inefficiency of SNMP for
retrieving bulk MIB data.
- SNMP shows poor performance when retrieving
several thousands of MIB variables in a single logical
transaction.
Reasons:
– CPU overhead
– Bandwidth inefficiency due to OID naming
overhead
– High latency caused by a large number of
request/response interactions.
• Packet Sniffing on SNMPv1 and SNMPv2
41

44. Thank
YOU