Beruflich Dokumente
Kultur Dokumente
COMMONWEALTH OF AUSTRALIA
Copyright Regulation 1969
WARNING
This material has been copied and communicated to you by or on
behalf of Curtin University of Technology pursuant to Part VB
of the Copyright Act 1968 (the Act)
The material in this communication may be subject to copyright
under the Act. Any further copying or communication of this
material by you may be the subject of copyright protection under
the Act.
Do not remove this notice
1
Network Systems
Design 304
Simple Network Management
Protocol
2
Overview
Background (History)
SNMPv1
Structure of Management Information
Architecture/Protocol
SNMPv2
Summary
3
Historic Background
Prior to 1988, the only standardised management protocol for TCP/IP
networks was the Internet Control Message Protocol (ICMP)
Goals:
Minimise complexity of management functions
Flexible, extensible
Independent of the architecture and mechanisms of particular hosts and
gateways
4
Related IETF Documents
RFC 1155 – Structure of Management Information
(SMI)
5
SNMP Architecture & Model
Organisation
Components, functions, relationships
Information
Structure and organisation of information
Management Information Base
Communication
Transfer syntax/structure (PDUs)
administration
Functional
Configuration, Performance, Fault, Security, Accounting
No formal specifications
6
SNMPv1 (Organisation)
Directly derived from SGMP
SNMP Entities
Manager (client) – Initialisation, monitoring and control
Houses applications
Agent (server) – Receive, process and respond to requests and
generate event reports
Management Information Base (MIB)
Hierarchical architecture
2-tier (Inherently centralised)
1 manager, multiple agents
Multiple managers, multiple agents
3-tier - RMON
7
Information Model (SMI)
Management information within managed
systems must be represented as:
Scalars
Tables
Example MIBs:
Remote Network Monitoring MIB (RMON) – RFC 1757
MIB-II – RFC 1213
9
Object Identifiers
An OID is an ordered sequence of
non-negative integers, written from Root
left to right
1.2.2
2
11
Communication Model
Architecture
Operations between managers and agents (message format specified in ASN.1)
Communication semantics
Message Exchange
Connectionless
Stateless
Supports polling and interrupt-driven (traps) communications.
Agent port - UDP port 161
Trap daemon port – UDP port 162
Administrative Model
Use the concept of communities
Only members of the same community can communicate with each other
Community Profile:
SNMP MIB View – agent programmed only to view a subset of managed objects of a
network element
SNMP Access Mode – Each community name is assigned an access mode: read-only
and read-write
Community Profile = MIB view + access mode
12
Administrative Model (cont…) Manager 1
(Community 1)
Community 1
Agent 1 Agent 2
Community Profile 1 Community Profile 2
Manager 1
(Community 1, Community 2)
Community 2
Agent 3 Agent 4
Community Profile 3 Community Profile 4
Manager 3
(Community 2)
SNMP PDU
Fields of an
Administrative
SNMP fields
Tag Len Value: sequence of fields
message
VarBindList
Fields of an PDU
Version Community Control fields Tag Len Value: sequence of VarBinds
SNMP PDU Type
VarBind VarBind
Array of
Tag Len Value: pair of fields Tag Len Value: pair of fields
VarBinds
15
Sending/Receiving a Request
The top level actions for a manager to send a request
message are as follows:
1. Appropriate PDU is constructed based on the VarbindList and the
operation type
2. The PDU, security information and agent identity are input to a security
mechanism to apply authentication and encryption to the PDU
3. The result from the security mechanism and the community string are
used to generate an SNMPv1 message
4. The message is then serialised and sent using a transport service to
the specified SNMP agent
The top level actions for an agent to receive a request
message are as follows:
1. Incoming message is de-serialised to construct an ASN.1 message
2. Version number is verified
3. The community name, security information and the data found in the
SNMPv1 message are input to a security mechanism – Conceptually
in SNMPv1
4. The agent then performs a rudimentary parse of the ASN.1 object
returned from the security service to build an ASN.1 object 16
corresponding to an SNMPv1 PDU object
Sending/Receiving a Response
The top level actions for an agent to send a response
message are as follows:
1. It first constructs a GET-RESPONSE PDU using as input, the saved
request-id value and the values for error-status, error-index and
VarBindList returned from processing the request.
2. The PDU, security information and agent identity are input to a security
mechanism.
The result is just the original PDU in SNMPv1
3. The result from the security mechanism and the community string are
used to generate an SNMPv1 message
4. The message is serialised and then sent to the manger address from
the request.
The top level actions for a manager to receive a response
message are as follows:
1. Incoming message is de-serialised.
2. PDU version is verified.
3. The community name, security information and the data found in the
SNMPv1 message are input in the security mechanism.
4. The ASN.1 object is parsed. 17
SNMPv1 GET Request Processing
Retrieves the value of one or more instances of
management information.
Request
Get-Request ID
Error Status Error Index Name X Value X ...
Copy value Set to zero Set to zero Copy value Current Value
Request
Get-Response ID
Error Status Error Index Name X Value X ...
18
SNMPv1 GET Request Processing
On error, one of the following values is retuned in the
error-status field:
tooBig
noSuchName
genErr
Request
Get-Request ID
Error Status Error Index Name X Value X ...
Set to zero
Copy value Set to error or index Copy value Copy Value
Request
Get-Response ID
Error Status Error Index Name X Value X ...
19
SNMPv1 GETNEXT Request Processing
Request
GetNext-Request ID
Error Status Error Index Name X Value X ...
Copy value Set to zero Set to zero Determine next Current Value
Request
Get-Response ID
Error Status Error Index Name X Value X ...
20
Example - SNMP MIB Walk
Network ipRouteDest
Management
Station Agent 0.0.0.0 ipRouteDest.1
Get-Request: ipRouteDest.1
15.0.0.0 ipRouteDest.2
Get-Response: ipRouteDest.1 = 0.0.0.0
131.108.0.0 ipRouteDest.3
129.140.0.0 ipRouteDest.4
Time Time
21
Example - SNMP MIB Walk
Network ipRouteDest
Management
Station Agent 0.0.0.0 ipRouteDest.1
Get-Request: ipRouteDest.1
15.0.0.0 ipRouteDest.2
Get-Response: ipRouteDest.1 = 0.0.0.0
131.108.0.0 ipRouteDest.3
Get-Next-Request ipRouteDest.1
129.140.0.0 ipRouteDest.4
Get-Response: ipRouteDest.2 = 15.0.0.0
Time Time
22
Example - SNMP MIB Walk
Network ipRouteDest
Management
Station Agent 0.0.0.0 ipRouteDest.1
Get-Request: ipRouteDest.1
15.0.0.0 ipRouteDest.2
Get-Response: ipRouteDest.1 = 0.0.0.0
131.108.0.0 ipRouteDest.3
Get-Next-Request ipRouteDest.1
129.140.0.0 ipRouteDest.4
Get-Response: ipRouteDest.2 = 15.0.0.0
Get-Next-Request ipRouteDest.2
Get-Response: ipRouteDest.3 = 131.108.0.0
Time Time
23
Example - SNMP MIB Walk
Network ipRouteDest
Management
Station Agent 0.0.0.0 ipRouteDest.1
Get-Request: ipRouteDest.1
15.0.0.0 ipRouteDest.2
Get-Response: ipRouteDest.1 = 0.0.0.0
131.108.0.0 ipRouteDest.3
Get-Next-Request ipRouteDest.1
129.140.0.0 ipRouteDest.4
Get-Response: ipRouteDest.2 = 15.0.0.0
Get-Next-Request ipRouteDest.2
Get-Response: ipRouteDest.3 = 131.108.0.0
Get-Next-Request ipRouteDest.3
Get-Response: ipRouteDest.4 = 129.140.0.0
Time Time
24
Example - SNMP MIB Walk
Network ipRouteDest
Management
Station Agent 0.0.0.0 ipRouteDest.1
Get-Request: ipRouteDest.1
15.0.0.0 ipRouteDest.2
Get-Response: ipRouteDest.1 = 0.0.0.0
131.108.0.0 ipRouteDest.3
Get-Next-Request ipRouteDest.1
129.140.0.0 ipRouteDest.4
Get-Response: ipRouteDest.2 = 15.0.0.0
Get-Next-Request ipRouteDest.2
Get-Response: ipRouteDest.3 = 131.108.0.0
Get-Next-Request ipRouteDest.3
Get-Response: ipRouteDest.4 = 129.140.0.0
Get-Next-Request ipRouteDest.4
Get-Response: error (NoSuchName)
Time Time
25
Example Table Retrieval
xyzTable stu
GETNEXT
row retrieval xyzC1 xyzC2 xyzC3 xyzC4
Row index 1
Row index 3
Row index 6
xyzEntry
GETNEXT
row retrieval xyzC1 xyzC2 xyzC3 xyzC4
Row index 1
Row index 3
Row index 6 27
SNMPv1 SET Request Processing
Modifies the value of one or more instances of management information
Request
Set-Request ID
Error Status Error Index Name X Value X ...
Request
Get-Response ID
Error Status Error Index Name X Value X ...
28
Example – Row Creation
xyzTable
Row index 1
Row index 2
Row index 3
Row index 4 2 45
Row index 5
Row index 6
29
SNMP Traps
An unsolicited message an SNMP agent sends to the
manager.
Manager is responsible for configuring the trap on the agent
Used to reduce the length of time between when an event occurs
and when it is noticed by the manager
No response is expected
Manager Agent
Agents provide the specified data only when
request by managers.
The periodic gathering of data is called polling Pushing data
Manager Agent
Amount of time between an event and a
manager realising that an event has occurred
time Event realised
is called the event detection latency Event occurs
31
Event Triggering
There are 2 models for deciding
Monitored value
when events occur:
Event
threshold
Edge triggered events: Rearm
threshold
occurs when a monitored value rearm
event rearm event
first enters a range
monitored value must then enter
a potentially different range
Monitored value
before the event may occur again
– rearming the trigger
Event
level
Level triggered events:
occurs when a monitored value is
inside a range at the start of each
periodic time interval events
time
32
SNMPv1 Limitations
LIMITED ERROR CODES
LIMITED PERFORMANCE
Inefficient for large retrievals. (e.g. retrieving entire MIB or tables)
E.g. 2000 entry table with 4 columns 200ms RTT
Using GETNEXT-Requests: 2000 X 4 X 2 = 16000 packets or 2000 X 4 X .2 = 1600
seconds!!!
IDLE-RQ like performance
LACK OF HIERARCHIES
Inherently centralised
LACK OF SECURITY
33
Community Strings
SNMPv1 MIBs (SMI, MIB-II, RMON)
34
SMI (RFC1155) Defined Data Types
Integer – Signed 32 bit integer.
Enumerated Integer
Octet String – String of bytes
Object Identifier
NetworkAddress – An address from one of possibly
several protocol families
IpAddress – 32 bit IP address
Gauge – Nonnegative integer from 0 to 232 – 1, which
may increase or decrease
Counter – Nonnegative monotonically increasing
integer from 0 to 232 – 1
Timeticks – Non-negative integer which counts time in
hundredths of a second
Opaque – Arbitrary syntax 35
Gauge
Used to specify a value whose range includes only non-
negative 32bit integers
Max in
range
Min in
range
Time 36
Counter
Use to specify a non-negative value
whose range includes only positive Maximum
32-bit integers value
232 - 1
Values reported by counters are not
absolute, since the count is not
required to start at 0 and the count Starting value
may roll over is undefined
Counter rollover
0 and start at 0
Time
Counters are used by obtaining a
value v0 at to and then later obtaining
a value v1 at t1 232 - 1
Difference between v0 and v1 is the
count over the time period
Counter rollover can be detected iff v0
> v1 Computed rate
0
A periodic sampling of counter values
may be converted into a rate value: Time
if (vi > vi-1) then ri = (vi – vi-1) / T
else ri = ((Cmax – (vi-1 – vi) + 1) / T 37
Other Types
Timeticks - used to specify a non-negative value whose
range includes only non-negative integers
Units are in hundredths of seconds
Length of time between rollovers is 497 days
Network Address – used to specify a string a 4 octets
Currently used to store IPv4 addresses
Was designed to allow a network address of any type to be
specified
Obsolete – use IpAddress
Opaque – used to specify octets of binary information
Generic type
38
SMI Tree
RFC 1155 defines top of the
administrative domain managed ccitt (0) iso (1) Joint-iso-ccitt (2)
by the IETF:
1.3.6.1 org (3)
ifTable example:
ifIndex ifDescr ifOperStatus ifInUPackets ifSpeed
0 DEC Ethernet 1 1 8169 8000000
1 SUN Ethernet 1 2 16184 100000
42
Interfaces Group (cont…)
Example – Determining utilisation
43
IP Group
Provides information about the IP layer in a systems
network protocol stack
Information pertaining to errors and types of packets seen.
Routing table (i.e. ipRouteTable)
Configuration/Fault management objects
ipForwarding – If device is set up to route IP packets
ipAddrTable – Addresses on the device
ipRouteTable – Routing table
Performance management objects
ipInDiscards – Rate of input datagrams discarded
ipInHdrErrors – Rate of input header errors
ipInAddrErrors – Rate of input address errors
Accounting management objects
ipOutRequests – Number of IP datagrams sent
ipInDelivers – Number of IP datagrams received 44
ICMP Group
Provides information pertaining to systems ICMP
entity
icmpInRedirects – rate of redirect messages received
icmpOutDestUnreachs – rate of destination
unreachable errors sent.
icmpInSrcQuenchs – input rate of source quench
messages
icmpOutEchos – rate of output echo messages
45
TCP Group
TCP – The Transmission Control Protocol (TCP) provides reliable transport services
between applications (UDP is the unreliable transport service used in IP)
The User Datagram Protocol (UDP) group provides similar information. (e.g.
udpTable)
46
EGP Group Managing Host PC 1 PC 2
egpNeighTable
Server 1
Fault management objects: Network Drive 1
egpNeighState – state of egp neighbour Wide Area
Router 2
(up,down) Network
Network Drive 2 PC 3
Configuration management objects Router 3
Server 2
47
Transmission Group
Reserved for information pertaining to
specific media underlying the interfaces of
a system
Various RFCs:
RFC 1512 FDDI
RFC 1493 Bridge
RFC 1743 Token Ring
48
SNMP Group
Management protocols also need to be managed!!!
Useful to all 5 areas of network management
50
Remote Monitoring (RMON)
MANAGER
RMON
E
WAN T
H
E
R
N
E
T
Proactive monitoring: Probe can continuously run diagnostics and log network
performance
In the event of failures, probe may notify managers and provide useful diagnostics
Value-added data: Perform specific analysis on data collected in the network. Eg. –
determining top N hosts that generate the most traffic
52
RMON Groups
STATISTICS
HISTORY
HOST
HOST TOP N
TRAFFIC MATRIX
ALARMS
FILTERS
PACKET CAPTURE
EVENTS
53
Statistics Group
KEEPS STATISTICS PER ETHERNET SEGMENT:
PACKETS
OCTETS
BROADCASTS
MULTICASTS
COLLISIONS
ERRORS
54
History Group
Records periodic statistical samples from
information available in the statistics group
historyControlTable
etherHistoryTable
Host/Matrix/hostTopN Group
Consists of 1 control table and 1 or more data tables
55
Alarm Group
900
NOTIFICATION NOTIFICATION
800
700
RISING TRESHOLD
600
500
400
100
Hysteresis mechanism
TRIGGERS ON:
RISING ALARM
FALLING ALARM
RISING OR FALLING ALARM
56
Other Groups
FILTER GROUP
TO COUNT PACKETS THAT CARRY A SPECIFIC BIT-PATTERN – CHANNELS
EVENT GROUP
TO DEFINE THE VARIOUS EVENTS
TO DETERMINE ON LOGGING AND / OR TRANSMISSION OF TRAPS
57
SNMPv2 (Major Changes)
Enhancements to SMI
New data types
Protocol enhancements:
Performance - GetBulk-Request
Better handling/reporting of error conditions
Manager-to-manager capability
Administrative models
SNMPv2c – communities
SNMPv2u - user-based
SNMPv3
58
SMI Scalar Data Types
59
SNMPv2 Protocol Operations
60
GetBulk Operation
For efficient retrieval of many VarBinds
61
GetBulk Operation (cont…)
REQUEST(non-repeaters = N; max-repetitions = M;
VariableBinding-1; ... ; VariableBinding-N; VariableBinding-(N+1); ... ; VariableBinding-(N+R)
)
N-TIMES
RESPONSE(
VariableBinding-1; ... ; VariableBinding-N; VariableBinding-(N+1); ... ; VariableBinding-(N+R)
1st LEXICOGRAPHICAL SUCCESSOR VariableBinding-(N+1); ... ; VariableBinding-(N+R)
2nd LEXICOGRAPHICAL SUCCESSOR
VariableBinding-(N+1); ... ; VariableBinding-(N+R) M-TIMES
• Overshoot problem - GetBulk does not stop when it reaches the end of a table
62
• Still suffers from problem with sparse tables
GetBulk Operation (Example)
getBulk(max-repetitions = 4; 1.1)
response(
1.1.0 => 130.89.16.2
1.2.1.0 => printer-1
1.2.2.0 => 123456
1.3.1.1.2.1 => 2 )
getBulk( non-repeaters = 1; max-repetitions = 3; 1.1, 1.3.1.1;
1.3.1.2; 1.3.1.3)
response(
1.2.1 => 8;
1.3.1.1.2.1 => 2; 1.3.1.2.2.1 => 1; 1.3.1.3.2.1 => 2
1.3.1.1.3.1 => 3; 1.3.1.2.3.1 => 1; 1.3.1.3.3.1 => 3
1.3.1.1.5.1 => 5; 1.3.1.2.5.1 => 1; 1.3.1.3.5.1 => 2
)
63
Reading
Network Management: A Practical Perspective
Chapter 8 - SNMP
Chapter 10 - MIB-II
Chapter 11 - RMON
64
SNMPv2 Set Operation
CONCEPTUAL TWO PHASE COMMIT:
PHASE 1: PERFORM VARIOUS CHECKS
PHASE 2: PERFORM THE ACTUAL SET
SNMPv1 SNMPv2
PHASE 1: badValue wrongValue
badValue wrongEncoding
badValue wrongType
badValue wrongLength
badValue inconsistentValue
noSuchName noAccess
noSuchName notWritable
noSuchName noCreation
noSuchName inconsistentName
genErr resourceUnavailable
genErr genErr
POSSIBLE EXCEPTIONS:
noSuchObject
noSuchInstance
66
Inform Operation
Inform
CONFIRMED TRAP
ORIGINALLY TO INFORM A HIGHER
LEVEL MANAGER
SAME FORMAT AS TRAP PDU
POSSIBLE ERROR: tooBig
67
SNMPv2 GetNext Operation
SIMILAR TO SNMPv1, EXCEPT FOR
"EXCEPTIONS"
POSSIBLE EXCEPTIONS:
endOfMibView
EXAMPLE
getNext(1.4.0)
response(error-status => noError, 1.4.0 =>
endOfMibView)
68
SNMPv2 Trap Operation
SNMPv1:
COLD START
WARM START
LINK DOWN
LINK UP
AUTHETICATION FAILURE
EGP NEIGHBOR LOSS
SNMPv2:
MIBs MAY NOW INCLUDE NOTIFICATION TYPE MACROS
FIRST TWO VARBINDS: sysUptime AND snmpTrapOID
USES SAME FORMAT AS OTHER PDUs
69