SNMP

(Simple Network Management Protocol)

What is SNMP ?
Why SNMP is required ?
SNMP versions
SNMP messages

OPM

SNMP
SNMP is developed by IETF.
SNMP operates in application layer of Internet Protocol Suit.
It is an Internet-standard protocol for managing devices on IP
networks and is a component (part) of the Internet Protocol Suit
(TCP/IP).
It is used to monitor, control and coordinate network-attached
devices for conditions that warrant administrative attention.
OPM

SNMP (cont.)

An SNMP-managed network consists of three key components:

Managed device.
Agent
Manager
The Agent contains only MIB while Manager contains both MDB & MIB.

The SNMP agent receives Manager requests on UDP port 161. The manager
may send requests from any available source port to port 161 to the agent.

The agent response is sent back to the source port on the manager. The manager
receives notifications/Traps on UDP port 162.

OPM

The features of SNMP which make it popular:

Its design is simple, easier to implement for network of any size.
Its simple design makes it easy for a user to program variables
need to be managed.

It is popular and extensible.

OPM

SNMP (INTERNET) Model

SNMP Network
Management

Organization
submodel

Information
subModel

OPM

Communication
subModel

Functional
subModel

SNMP (INTERNET) Model (Cont.)

Organization Model

Relationship between network element, agent, and manager

Hierarchical architecture

Information Model

Uses ASN.1 syntax

SMI (Structure of Management Information)
MIB ( Management Information Base)

Communication Model

Transfer syntax
SNMP over TCP/IP
Communication services addressed by messages

Functional model

addressed in terms of operations, administration and security.

The accounting function is not addressed by the SNMP model.
OPM

Two-Tier Organization Model

SNMP
Manager

SNMP
Manager

SNMP
Manager

SNMPAgent

Network Agent

Network
Element

Network
Element

(a) One Manager - One Agent Model

(b) Multiple Managers - One Agent Model

OPM

Three-Tier Organization Model: RMON

SNMP
Manager

RMON
Probe
Managed
Objects

OPM

Three-Tier Organization Model:

Proxy Server
SNMP
Manager

Proxy
Server

Non-SNMP
Managed
Objects

SNMP
Managed
Objects
OPM

An NMS behaving as Manager and Agent

SNMP
Manager

SNMP
Agent

SNMP
Agent

SNMP
Manager

SNMP Agent

SNMP Agent

Network
Element

Network
Element

OPM

10

Information model

It deals with Structure of Management Information (SMI) and Management

Information Base (MIB).

Structure of Management Information (SMI)

Defines standard unique names and identifiers for objects
Defines standard formats (syntax) for objects to use in MIB
Management Information Base (MIB)
MIB is a simple database
Hierarchy of information about a device is maintained.
Uniquely identifies specific information on a specific device
Object Type
Name and Object Identifier
Relationship between various managed objects
OPM

11

Object names and identifiers

iso (1)

org (3)

The object
identifier of
internet is 1.3.6.1

dod (6)

internet
(1)

internet OBJECT IDENTIFIER ::= {iso(1) org(3) dod(6) internet(1)}

OPM

12

Subnodes under internet node in SNMPv1

internet
(1 3 6 1)

directory
(1)

mgmt
(2)

experimental
(3)

OPM

private
(4)

13

Subnodes under internet node in SNMPv1

(cont.)
The directory (1) is reserved for future use (now used by SNMPv2 & SNMPv3
to manage OSI based & other networks) of OSI directory in the internet.

The mgmt (2) node is used to identify all IETF recommended and IAB (Internet
Architecture Board) approved subnodes and objects.
The experimental (3) objects under IETF experiments.
The private (4) is heavily used node, Commercial vendors can acquire a number
under enterprises (1).

OPM

14

A private subtree for commercial vendors

internet
(1 3 6 1)
private
(4)

enterprises
(1)

ibm
(2)

cisco
(9)

hp
(11)

3Com
(43)

Cabletron
(52)

* 37519 enterprise numbers has been issuedOPM

under enterprises node up to 3 March 2011
15
and list is growing day by day.

MIB Management Information Base

iso(1)

Object IDentifier (OID)

1
org(3)

- Example .1.3.6.1.2.1.1

dod(6)

6
internet(1)

- iso(1) org(3) dod(6) internet(1)

mgmt(2)
mib-2(1)
system(1)

private(4)

directory(1)

1
2

mgmt(2)

experimental(3)

mib-2(1)

tcp(6)

system(1)

interfaces(2)

2
OPM

ip(4)

4
16

MIB Management Information Base

Maintains SNMP instances (values)
- Each MIB object can have an instance.
iso(1) org(3) dod(6) internet(1) mgmt(2) mib-2(1) interfaces(2) ifTable(2) ifEntry(1) ifType(3)

- One MIB object definition can represent multiple instances

through Tables, Entries, and Indexes.

OPM

17

MIB-II
Internet
{1 3 6 1}

directory
(1)

mgmt
(2)

experimental
(3)

private
(4)

mib-2
(1)

system (1)
interfaces (2)
at (3)
ip (4)
icmp (5)

snmp (11)
transmission (10)
cmot (9)
egp (8)
udp (7)
tcp (6)

Internet MIB-II Group

OPM

MIB-II objects are divided into 11

group but may increase in future
Objects that are related, are
grouped into object group 18

MIB-II groups
System group contains the objects that describe system administration
Interface group defines the interfaces of the network components and network
parameters associated with each interface.
Address Translation (AT) group is a cross-reference table between the IP address
and the MAC (physical) address.

IP (Internet Protocol) network layer protocol

ICMP (Internet Control Management Protocol)
TCP (Transport Control Protocol) connection oriented transport layer protocol
UDP (User Datagram Protocol) connectionless transport layer protocol
EGP (External Gateway Protocol) is a routing protocol
CMOT (CMIP over TCP/IP) is used to manage internet using CMIP
The above mentioned protocol groups contain objects of corresponding protocol

Transmission group was created as a place holder for network transmission

related parameters
SNMP group is the communication protocol group associated with SNMP
OPM
management

19

Communication model

To exchange management information between Manager and Agent following

messages are used:
SNMP (SNMPv1) (total 5 messages)

Get-Request
Get-Next-Request
Set-Request
Get-Response
Trap

SNMPv2 and SNMPv3 consists of two more messages (total 7 including 5

mentioned above)
Get-Bulk-Request
Inform-Request

OPM

20

SNMP Communication
SNMP Manager

SNMP

SNMP

UDP

UDP

IP

IP

DLC

DLC

PHY

PHY

OPM
Phys ical Medium

Trap

Get-Response

GetNext-Request

Get-Request

SNMP Agent
Application

Trap

Get-Response

Set-Request

GetNext-Request

Get-Request

SNMP Manager
Application

Set-Request

Management
Data

SNMP Agent

21

Basic operations contd..

get_request

get_response

port 161

get_response

port 161

get_next_request

Manager

Agent

set_request
get_response
trap

port 162

OPM

port 161

port 161

22

SNMP Messages
Get-Request
Sent by manager requesting specific data from agent

Get-Next-Request
Sent by manager requesting data of the next Managed Object to the one
specified

Set-Request
Initializes or changes the value of network element/parameter

Get-Response
Agent responds with data for get and set requests from the manager

Trap (Notification)
Alarm generated by an agent
OPM

23

SNMP Message transmission

(GetRequest, GetNextRequest, SetRequest, GetResponce)

PDU type

SNMP Message

SNMP
Version

Application Layer
Transport Layer
IP
header

Network Layer
Data Link Layer
Physical Layer

Request
ID

PHY
header

Error
status

SNMP
Community

UDP
header

SNMP Message

UDP
header

SNMP Message

MAC
header

IP
header

UDP
header

SNMP Message

MAC
header

IP
header

UDP
header

SNMP Message

OPM

Modulation information

Transport Medium

Error
index

Variable
bindings

SNMP PDU

24

SNMP PDU fields

PDU type- Specifies the type of PDU transmitted: GetRequest
[0], GetNextRequest [1], SetRequest [2], GetResponse [3] and
Trap [4] .
Request ID- Associates SNMP requests with responses.
Error status- Indicates one of the errors and error types. Only the
response operation sets this field. Other operations set this field to
zero.

0x00 No error occurred

0x01 Response message too large to transport
0x02 The name of the requested object not found
0x03 A data type in the request did not match the data type in the
SNMP agent
0x04 The SNMP manager attempted to set a read-only parameter
0x05 General Error (some error
other than the one listed above)25
OPM

SNMP PDU fields (cont.)

Error index- Associates an error with a particular object instance.
Only the response operation sets this field. Other operations set this
field to zero.
Variable bindings- Serves as the data field of the SNMPv1 PDU.
Each variable binding associates a particular object instance with
its current value (except Get and GetNext requests, for which the
value is ignored).

OPM

26

SNMP version & community

SNMP version:
SNMPv1 (0), SNMPv2 (1), SNMPv3 (2)
SNMP Community Strings :
An SNMP community string is a text string that acts as a password.
It is used to authenticate messages that are sent between the management
station and the device (the SNMP agent).
The community string is included in every packet that is transmitted between
the SNMP manager and the SNMP agent.

OPM

27

Fields in SNMP message

OPM

28

SNMP Message transmission

(Trap PDU)
PDU type

enterprise

Agentaddress

Generic
trap

Specific
trap

Time
stamp

Variable
binding

SNMP Message
SNMP
Version

Application Layer
UDP
header

SNMP Message

IP
header

UDP
header

SNMP Message

IP
header

UDP
header

SNMP Message

Transport Layer
Network Layer
MAC
header

Data Link Layer

Physical Layer

SNMP
Community

SNMP PDU

PHY
header

Transport Medium
OPM

Modulation information

29

SNMP PDU fields (trap message)

PDU type --Specifies the type of PDU (Trap=4).

Enterprise -- Identifies the management enterprise under whose registration

authority the trap was defined.

Agent address- - IP address of the agent, used for further identification.

Specific trap type -- Used to identify a non-generic trap when the Generic Trap
Type is enterprise specific.

Timestamp -- Value of the sysUpTime object, representing the amount of time

elapsed between the last (re-)initialization and the generation of that Trap.

OPM

30

SNMP PDU (trap) fields (cont.)

Generic trap type -- Field describing the event being reported. The following
seven values are defined:
Generic Trap Type

Description (brief)

coldStart (0)

Sending protocol entity is reinializing itself; agents configuration or

protocol entity implementation may be altered

warmStart (1)

Sending protocol entity is reinializing itself; agents configuration or

protocol entity implementation will not alter

linkDown (2)

Failure of one of the communication link

linkUp (3)

One of the link has come up

authenticationFailure (4)

Authentication failure

egpNeighborLoss (5)

Loss of EGP neighbor

enterpriseSpecific (6)

Enterprise-specific trap
OPM

31

SNMP Message transmission

(GetBulkRequest PDU)

PDU type

SNMP Message

SNMP
Version

Application Layer
Transport Layer
IP
header

Network Layer
MAC
header

Data Link Layer

Physical Layer

Request
ID

IP
header

NonMax
Repeaters Repetition

SNMP
Community

UDP
header

SNMP Message

UDP
header

SNMP Message

UDP
header

Variable
bindings

SNMP PDU

SNMP Message

PHY
header

Transport
Medium
OPM

Modulation information

32

SNMP PDU (GetBulkRequest) fields

PDU type value is 5.
Two new fields in SNMP PDU are:
Non-Repeaters field indicates the number of non-repetitive
field value requested.
Max Repetitions field designates the maximum number of
table rows requested.

OPM

33

SNMP message (InformRequest)

The packet format of InformRequest message is same as of GetRequest,

GetNextRequest, SetRequest , GetResponce messages.
PDU type value is 6.

Generally InformRequest is used to send notification from one SNMP Manager

to another SNMP manager.

The SNMP manager that receives an Inform Request message acknowledges

the message with an SNMP Response PDU.

Traps are unreliable because the receiver does not send any acknowledgment
when it receives a trap. The sender cannot determine if the trap was received.

In some cases InformRequest message is used at place of Traps message due

to reliability for notification from Agent to Manager.
OPM

34

Functional Model

It consists of:
Operation (Configuration , Fault & Performance ) Management
Administration (Authentication)
[Accounting management is left open for service providers]

Security (Community String, ACCESS)

OPM

35

SNMP Security
SNMP Community Strings (like passwords)
ACCESS:
- READ-ONLY: You can send out a Get & GetNext to the SNMP agent, and
if the agent is using the same read-only string it will process the request.
- READ-WRITE: Get, GetNext, and Set. If a MIB object has an ACCESS
value of read-write, then a Set PDU can change the value of that object
with the correct read-write community string.

OPM

36

Security in SNMPv1 & SNMPv2

SNMPv1 uses plain text community strings for authentication as
plain text without encryption.
SNMPv2 was supposed to fix security problems beyond SNMP
community, but effort de-railed (The c in SNMPv2c stands for
community).

OPM

37

SNMPv3 Security
SNMPv3 has numerous security features:
Ensures that a packet has not been tampered with (integrity due to encryption)
Ensures that a message is from a valid source (authentication using login ID &
password)
Ensures that a message cannot be read by unauthorized (privacy due to
encryption).

Security model of SNMPv3 has two components:

1.Instead of granting access rights to a community, SNMPv3 grants access to users
(after verifying authentication).

2. Access can be restricted to sections of the MIB:

by specifying a range of valid IP addresses for a user or community,
or by specifying the part of the MIB tree that can be accessed.
OPM

38

RMON (Remote network MONitoring)

Remote Monitoring (RMON) is a standard monitoring specification that enables

various network Probes or monitors that send monitoring data to manager.

Probe consists of physical object/device with Processor

(Router/Switch/Computer) and Agent function with RMON specification .

There are 2 versions of RMON: RMON1 (RMONv1)and RMON2 (RMONv2).

OPM

39

Diagram of the RMON MIB

Root
ISO

RMON

Org

DoD
RMON1
Internet
Mgmt
Private 1. Statistics
2. History
MIB 1&2
3. Alarm
4. Hosts
MIB 1

5. Host Top N
6. Matrix

MIB 2

7. Filter

8. Capture
9. Event

10. Token Ring

OPM

RMON2
11. Protocol Directory
12. Protocol Distribution
13. Address Map
14. Network-Layer Host
15. Network-Layer Matrix

16. Application-Layer Host

17. Application-Layer Matrix
18. User History

19. Probe Configuration

20. RMON Conformance
40

RMON1 MIB Groups

Statistics - Traffic and error rates on a segment of network

History - Above statistics with a time stamp
Alarm - User defined threshold alarms on any RMON variable
Hosts - Traffic and error rates for each host by MAC address
Host Top N - Sorts hosts by top traffic and/or error rates
Matrix - Conversation matrix between hosts
Filter - Definition of what type of packet to capture and store
Packet Capture - Creates a capture buffer on the probe that
can be requested and decoded by the management application
Event - Generates login entries and/or SNMP traps
Token Ring - Token Ring extensions, most complex group
OPM

41

RMON2 MIB Groups

Protocol Directory - List of protocols the probe can monitor
Protocol Distribution - Traffic statistics for each protocol
Address Map - Maps network-layer to MAC-layer addresses

Network-Layer Host - Traffic statistics to and from each discovered host

Network-Layer Matrix - Traffic statistics on conversations between pairs of
discovered hosts
Application-Layer Host - Traffic statistics to and from each host by protocol
providing insight into the use and growth of applications
Application-Layer Matrix - Traffic statistics on conversations between pairs of
hosts by protocol
User History Collection - Periodic samples of user-specified variables
Probe Configuration - Remote configuration of probe parameters

RMON Conformance - Requirements for RMON2 MIB conformance (specify

mandatory or optional group)
OPM

42

RMON Groups

RMON delivers information in RMON1 and RMON2 groups of monitoring

elements, each group provides specific sets of data to meet common
network-monitoring requirements.

Each group is optional so that vendors do not need to support all the groups
within the Management Information Base (MIB).

Some RMON groups require support of other RMON groups to function

properly.

OPM

43

RMON operation

RMON solutions are comprised of two components: a probe ( or a monitor or

RMON agent), and Clint usually a management station (Manager).

Probes (RMON agent) store network information within their RMON MIB
and are normally found as embedded software on network hardware such as
routers and switches although they can be a program running on a Computer.

Probes can only see the traffic that flows through them so they must be placed on
each LAN segment or WAN link that is to be monitored.

Management stations (Manager) communicate with the RMON agent or probe,

using SNMP messages to obtain and correlate RMON data.

OPM

44