OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff

R
© MultiNET Services GmbH, Seite 1
MultiNET Services GmbH
SNMP
The forgotten classic
OSMC Nürnberg, October, 28th
2009
Dr. Michael Schwartzkopff, MultiNET Services GmbH

R
Outline
•SNMP: Why?
•The Building Blocks
– ASN.1 – The LanguagE
– MIB – The Definitions
– SNMP – The Protocol
•Implementation: Net-SNMP
– The client – side: Manager
– The server – side: Agents

R
SNMP - Why?
•Management of all entities in a network in a uniform
way
– Independent of the kind of the entity (network device,
host, operating system, application)
– Independent of the operation system
– Independent of the application, i.e. all kinds of applications
can be managed
– Independent of any vendor!
•Solution: A IETF standard (RFC) the meets all the
needs.

R
SNMP: History
● SNMP Version 1: Long time de-facto standard
● RFC 1155 ff. dating back to 1990.
● No need for security in that times: „Security is Not My
Problem“
● No real SNMP version 2 standard
● Every „guru“ had his own version
● Secure SNMP, 2p, 2u, 2c, 2*, ...
● In 2002 Jeff Case defined his own standard:
● Did not name it another v2, but version 3
● Only standard in effect. Others are obsolete.

R
The Language: ASN.1
•Since everybody has to talk anybody else the RFCs
define a common language. Abstract Syntax Notation
version 1 was chosen.
•ASN.1 is a formal language that defines data types
and their interpretation.
– All participants understand „10“ the same way.
•All definitions are written in ASN.1 so all participants
in the communication know the same.

R
Definition of the
Basis of Information
•Every manager must posses information about the
entities it wants to manage.
– What is this entity capable doing?
•Only the manufacturer has good knowledge about the
entity.
– The manufacturer describes the manageable information
of the entity and delivers it with the device, application, ...
•This description is also written in ASN.1
•The description is called Management Information
Base (MIB).

R
Structure by Object Identifiers
• All information has to be structured
– Otherwise nobody would find the interesting information.
• SNMP uses Object Identifier (OID)
– Information is structured in a tree. The branches are
separated by „.“
– IANA is the master of the internet part of the tree.
– All management information can be found under
iso.org.dod.internet (1.3.6.1)
• Standardized information is located in 1.3.6.1.2.1 (mib-2)
• Enterprise specific information can be found in 1.3.6.1.4.1
(private.enterprises)
• All enterprises get a unique number.

R
Management of OIDs
• Like numbers (or prime numbers) there are enough
OIDs. Not like IPv4 addresses.
• Standard information (mib-2 with fixed OIDs) is
defined in RFCs.
– You find information about nearly all topics covert by
RFCs: Internet Protocol, Host Information, Application
Information, ...
• No OID should be assigned twice
– OID – Management within the enterprise.
– If you made an error: Just abandon the tree and create a
new one.

R
Vendor MIBs
• Be sure you buy equipment with proper SNMP
support.
• Ask the right people for the MIBs.
– Most sales guys mix up SNMP with SMTP.
• Most applications come with SNMP support. You
just have to keep asking.
– Samples: Databases, Cluster software, Rack hardware
– Microsoft has sometimes surprisingly good SNMP support

R
Sample OIDs
Hersteller OID Bezeichnung
Standard ifOutOctects Number of bytes sent out on a interface
Standard hrStorageUsed Used space on a storage medium
APC ch Remaining time of a battery
Apache ApScoreBoardAccess
Count
Number of accesses to that server
Check Point haState State of the cluster
Cisco avgBusy5 Average CPU-load in the last 5 min.
F5 globalStatCurrentConn Number of connections
HP gdStatusPaperOut Paperstatus of the device
Microsoft servErrorSystem Number of internal errors
Oracle oraDBSysUserCalls „user calls“ from v$sysstat
Rittal statusDoor1 Door status (open/closed/locked)
Veritas jobState State of a NetBackup job

R
SNMP: Entities on the net
• In other applications the participants are called client
and server.
• In SNMP the two parties are called different:
– The agent is the part that provides the information. Thus it
is installed on the managed host.
– The manager collects and the information.
• Two ways of communication:
– The manager asks the agent for information (get).
– The agent notifies the manger about events (traps).

R
SNMPv1 – The protocol
The following messages exist:
GetRequest: The manager asks for some information.
GetNextRequest:The manager asks for the next
information
GetResponse: The agent answers a request providing
information
SetRequest: The manager sets some information on
the agent.
Trap: The agent notifies the manager about
some event.

R
SNMP encoding
• SNMP encodes all information in protocol data units
(PDUs) telling you
– Here comes some information of the type TYPE
– This information is NUMBER octets long
– The information is INFORMATION
• Same encoding scheme i.e. in LDAP, DHCP,
RADIUS, Kerberos, ...

R
SNMP myths
• „SNMP is not secure“
– Yes. SNMPv1 was not designed to be secure.
– SNMPv3 is secure. All massages can be authenticated
and encrypted.
– SNMPv3 provides a Role-based access model.
• „SNMP is not safe“ (Traps are not acknowledged)
– SNMPv3 provides Informs that are acknowledged
• „SNMP floods the net / overloads my router“
– Depends on how you deploy SNMP.
– A DNS server also can flood your net.

R
net-SNMP: The Open Source Tool
• Fully v1, v2c and v3 compatible with IPv4 and IPv6
• Command line management tools:
– snmpget, snmpgetnext, snmpwalk, ...
– snmpset
– snmptranslate
• Highly configurable SNMP agent: snmpd
– Extensible with subagents
• Send Traps: snmptrap
• Receive traps: snmptrapd

R
The Command Line
snmpwalk -v<version> -c<community> <host> <OID>
# snmpwalk -v 1 -c public localhost .system
SysDescr.0 = STRING: Linux mucnb005 2.6.28-11-generic
#42-Ubuntu SMP Fri Apr 17 01:57:59 UTC 2009
i686
SysContact.0 = STRING: misch@multinet.de
SysName.0 = STRING: mucnb005
SysLocation.0 = STRING: under you fingertips

R
Configuration of the SNMP Agent
• View-based access control model for v1, v2c and v3
• User-based security model for v1, v2c and v3
• Restrictions on the addresses listening
• Restrictions according to source addresses
• Subagent control
• Simple extension of the agent simply by editing the
config file

R
Process Monitoring
proc <process> [max [min]]
• prErrorFlag set if number of processes in ps -e
not within [min,max]
• Remote fix of the problem possible:
– Program defined in procfix is executed
– If the a flag prErrFix is set by the manager
• Simple monitoring. Just check prErrorFlag:
– „0“ means OK
– „1“ means not OK.

R
Storage Supervision
• Complete status of storage devices in hrStorage
– Size and Used Allocation Units of all attached devices.
– Part of the HOST-RESOURCES-MIB (Standard)
• Configuration option:
disk PATH [ MINSPACE | MINPERCENT% ]
– dskTotal, dskAvail, dskUsed, dskPercent
– if dskAvail < MINSPACE then dskErrorFlag=1
• Simple monitoring in nagios possible

R
System Load
load MAX1 [MAX5 [MAX15]]
• The agent includes system load counters:
laLoad, laLoadInt, laLoadFloat
• laErrFlag is set if the load is higher than the
configured options

R
Log File Monitoring
Monitoring size of log files
• Counting of occurrence of REGEXP in a file:
logmatch NAME FILE CYCLETIME REGEX
• Sample:
logmatch apache-GETs /var/log/apache/access.log
60 GET.*HTTP.*
– Counts all 60 seconds the number of accesses to the web
server
– Ideal for pnp4nagios

R
Arbitrary Extensions
• Running external commands (exec, extend, pass)
• extend [MIBOID] NAME PROG ARGS
indexes tables by the name of the program. So
identical OIDs in the configuration still lead to
different output.
• Reading the MIB gives return code and output of the
command.

R
More Extensions
• Embedded perl support
• Dynamically loadable modules
• Full proxy support
– Asking this agent what the other agent does
• Subagents: SMUX and AgentX

R
Simple Integration into nagios
• Plug-in check_snmp
• Check command in nagios:
define command {
command_name check_snmp_linux_disk1
command_line $USER1$/check_snmp
-H $HOSTADDRESS$ -o dskPercent.1
-w :85 -c :95
}

R
SNMP Myth (II)
„As if designed to make the Gods of Hypocrisy die of
laughter, SNMP is anything but simple.“
• Design goals of SNMP:
– Interoperable
– Easy to use, not to develop.
• SNMP is sufficient simple to get most of the tasks
done without too much effort.

R
© MultiNET Services GmbH, OSMC, Nürnberg, Nov, 28th, 2009. page: 26
Thank you very much for your
attention!
MultiNET Services GmbH

OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff

Similar to OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff (20)

Recently uploaded

Recently uploaded (20)

OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff