Copyright Warning

COMMONWEALTH OF AUSTRALIA
Copyright Regulation 1969
WARNING
This material has been copied and communicated to you by or on
behalf of Curtin University of Technology pursuant to Part VB
of the Copyright Act 1968 (the Act)
The material in this communication may be subject to copyright
under the Act. Any further copying or communication of this
material by you may be the subject of copyright protection under
the Act.
Do not remove this notice

1
Network Systems
Design 304
Simple Network Management
Protocol

2
Overview
 Background (History)

 SNMPv1
 Structure of Management Information
 Architecture/Protocol

 Management Information Bases (MIBs)

 MIB-II
 RMON

 SNMPv2

 Summary
3
 Historic Background
 Prior to 1988, the only standardised management protocol for TCP/IP
networks was the Internet Control Message Protocol (ICMP)

 In 1988, development of three network management protocols was being

pursued:
 Common Management Information Services and Protocol over TCP (CMOT)
 High-level Entity Management System (HEMS)
 Simple Gateway Monitoring Protocol (SGMP)
 RFC 1052 - IAB Recommendations for the Development of Internet Network
Management Standards

 Goals:
 Minimise complexity of management functions
 Flexible, extensible
 Independent of the architecture and mechanisms of particular hosts and
gateways

4
 Related IETF Documents
 RFC 1155 – Structure of Management Information
(SMI)

 RFC 1157 – SNMPv1 protocol operations

 RFC 1212 – Defines structure and syntax of MIBs

 RFC 1213 – MIB-II (core management information)

5
SNMP Architecture & Model
 Organisation
 Components, functions, relationships
 Information
 Structure and organisation of information
 Management Information Base
 Communication
 Transfer syntax/structure (PDUs)
 administration
 Functional
 Configuration, Performance, Fault, Security, Accounting
 No formal specifications

6
SNMPv1 (Organisation)
 Directly derived from SGMP

 SNMP Entities
 Manager (client) – Initialisation, monitoring and control
 Houses applications
 Agent (server) – Receive, process and respond to requests and
generate event reports
 Management Information Base (MIB)

 Hierarchical architecture
 2-tier (Inherently centralised)
 1 manager, multiple agents
 Multiple managers, multiple agents
 3-tier - RMON

7
Information Model (SMI)
 Management information within managed
systems must be represented as:
 Scalars
 Tables

 The SNMP protocol can only exchange (a

list of) scalars

 Defined in terms of ASN.1 constructs.

8
 Information Model (Management
Information Bases)
 A MIB is a precise definition of the information accessible through a network
management protocol
 Defined using the Abstract Syntax Notion 1 (ASN.1) language (next week’s
lecture).

 MIBs follow a structured tree-like hierarchical naming convention.

 Root node  SMI (defined in RFC 1155)
 All nodes in a MIB are uniquely identified through Object Identifiers (OIDs)
 A leaf node in a MIB defines an object class that can be instantiated:
 Variable or Object Instance

 A MIB can extend/import a parent MIB/Specification (e.g. MIB-II –

transmission, SMI)

 Example MIBs:
 Remote Network Monitoring MIB (RMON) – RFC 1757
 MIB-II – RFC 1213
9
 Object Identifiers
 An OID is an ordered sequence of
non-negative integers, written from Root
left to right

 A rooted tree is often used to Node (1) Node (2)

illustrate the numbers in the
sequences that correspond to OID
values Node (1) Node (2)

 E.g. objectA is { 1.2.1.1 }

Object (1) Object (2)
 Object Instances/Variables NodeA (1)
 The identity for a variable is based on the
identity of its class and its identification
within its class ObjectA (1)
OID prefix + OID suffix = OID value

 OIDs in a MIB are lexicographically

ordered 10
 MIB Tree Traversal
 The lexicographical ordering of the
MIB tree allows you to discover, Root

without prior knowledge of its

structure, all the object identifiers
that a given network device can
support. Node (1) Node (2)

 The lexicographical order of this Node (1) Node (2)

MIB is:
 1
 1.1 Object (1) Object (2)
 1.1.1 NodeA (1)
 1.2
 1.2.1
 1.2.1.1 ObjectA (1)

 1.2.2
 2
11
 Communication Model
 Architecture
 Operations between managers and agents (message format specified in ASN.1)
 Communication semantics
 Message Exchange
 Connectionless
 Stateless
 Supports polling and interrupt-driven (traps) communications.
 Agent port - UDP port 161
 Trap daemon port – UDP port 162

 Administrative Model
 Use the concept of communities
 Only members of the same community can communicate with each other
 Community Profile:
 SNMP MIB View – agent programmed only to view a subset of managed objects of a
network element
 SNMP Access Mode – Each community name is assigned an access mode: read-only
and read-write
 Community Profile = MIB view + access mode
12
Administrative Model (cont…) Manager 1
(Community 1)

Community 1

Agent 1 Agent 2
Community Profile 1 Community Profile 2

Manager 1
(Community 1, Community 2)

Community 2

Agent 3 Agent 4
Community Profile 3 Community Profile 4

Manager 3
(Community 2)

 Authentication in SNMPv1 is facilitated through the community string in an

SNMP PDU
 Community strings are analogous to passwords.
 No concept of multiple users in SNMPv1
 The default community string is “public”
 The community string is sent in cleartext!!!
13
SNMP Operations
 Set-Request
 Initialises or changes the value of
network element
 Get-Request
 Sent by manager requesting data from
agent
 Get-Next-Request
 Sent by manager requesting data on the
next managed object to the one specified
 Get-Response
 Agent responds with data to get and set
requests from he manager
 Trap
 Alarm generated by agent
14
 SNMP Message Format
SNMP
Tag Len Value: sequence of fields
Message

SNMP PDU
Fields of an
Administrative
SNMP fields
Tag Len Value: sequence of fields
message

VarBindList
Fields of an PDU
Version Community Control fields Tag Len Value: sequence of VarBinds
SNMP PDU Type

VarBind VarBind
Array of
Tag Len Value: pair of fields Tag Len Value: pair of fields
VarBinds

Value: identification of Value: value of

Tag Len Tag Len
management information management information

15
 Sending/Receiving a Request
 The top level actions for a manager to send a request
message are as follows:
1. Appropriate PDU is constructed based on the VarbindList and the
operation type
2. The PDU, security information and agent identity are input to a security
mechanism to apply authentication and encryption to the PDU
3. The result from the security mechanism and the community string are
used to generate an SNMPv1 message
4. The message is then serialised and sent using a transport service to
the specified SNMP agent
 The top level actions for an agent to receive a request
message are as follows:
1. Incoming message is de-serialised to construct an ASN.1 message
2. Version number is verified
3. The community name, security information and the data found in the
SNMPv1 message are input to a security mechanism – Conceptually
in SNMPv1
4. The agent then performs a rudimentary parse of the ASN.1 object
returned from the security service to build an ASN.1 object 16
corresponding to an SNMPv1 PDU object
 Sending/Receiving a Response
 The top level actions for an agent to send a response
message are as follows:
1. It first constructs a GET-RESPONSE PDU using as input, the saved
request-id value and the values for error-status, error-index and
VarBindList returned from processing the request.
2. The PDU, security information and agent identity are input to a security
mechanism.
 The result is just the original PDU in SNMPv1
3. The result from the security mechanism and the community string are
used to generate an SNMPv1 message
4. The message is serialised and then sent to the manger address from
the request.
 The top level actions for a manager to receive a response
message are as follows:
1. Incoming message is de-serialised.
2. PDU version is verified.
3. The community name, security information and the data found in the
SNMPv1 message are input in the security mechanism.
4. The ASN.1 object is parsed. 17
SNMPv1 GET Request Processing
 Retrieves the value of one or more instances of
management information.

 Each VarBind element of array VarBindList specifies the

identify of an instance of management information.
Not used Not used Not used

Request
Get-Request ID
Error Status Error Index Name X Value X ...

Copy value Set to zero Set to zero Copy value Current Value

Request
Get-Response ID
Error Status Error Index Name X Value X ...

18
SNMPv1 GET Request Processing
 On error, one of the following values is retuned in the
error-status field:
 tooBig
 noSuchName
 genErr

Not used Not used Not used

Request
Get-Request ID
Error Status Error Index Name X Value X ...

Set to zero
Copy value Set to error or index Copy value Copy Value

Request
Get-Response ID
Error Status Error Index Name X Value X ...

19
SNMPv1 GETNEXT Request Processing

Not used Not used Not used

Request
GetNext-Request ID
Error Status Error Index Name X Value X ...

Copy value Set to zero Set to zero Determine next Current Value

Request
Get-Response ID
Error Status Error Index Name X Value X ...

20
Example - SNMP MIB Walk
Network ipRouteDest
Management
Station Agent 0.0.0.0 ipRouteDest.1
Get-Request: ipRouteDest.1
15.0.0.0 ipRouteDest.2
Get-Response: ipRouteDest.1 = 0.0.0.0
131.108.0.0 ipRouteDest.3
129.140.0.0 ipRouteDest.4

Time Time

21
Example - SNMP MIB Walk
Network ipRouteDest
Management
Station Agent 0.0.0.0 ipRouteDest.1
Get-Request: ipRouteDest.1
15.0.0.0 ipRouteDest.2
Get-Response: ipRouteDest.1 = 0.0.0.0
131.108.0.0 ipRouteDest.3
Get-Next-Request ipRouteDest.1
129.140.0.0 ipRouteDest.4
Get-Response: ipRouteDest.2 = 15.0.0.0

Time Time

22
Example - SNMP MIB Walk
Network ipRouteDest
Management
Station Agent 0.0.0.0 ipRouteDest.1
Get-Request: ipRouteDest.1
15.0.0.0 ipRouteDest.2
Get-Response: ipRouteDest.1 = 0.0.0.0
131.108.0.0 ipRouteDest.3
Get-Next-Request ipRouteDest.1
129.140.0.0 ipRouteDest.4
Get-Response: ipRouteDest.2 = 15.0.0.0
Get-Next-Request ipRouteDest.2
Get-Response: ipRouteDest.3 = 131.108.0.0

Time Time

23
Example - SNMP MIB Walk
Network ipRouteDest
Management
Station Agent 0.0.0.0 ipRouteDest.1
Get-Request: ipRouteDest.1
15.0.0.0 ipRouteDest.2
Get-Response: ipRouteDest.1 = 0.0.0.0
131.108.0.0 ipRouteDest.3
Get-Next-Request ipRouteDest.1
129.140.0.0 ipRouteDest.4
Get-Response: ipRouteDest.2 = 15.0.0.0
Get-Next-Request ipRouteDest.2
Get-Response: ipRouteDest.3 = 131.108.0.0

Get-Next-Request ipRouteDest.3
Get-Response: ipRouteDest.4 = 129.140.0.0

Time Time

24
Example - SNMP MIB Walk
Network ipRouteDest
Management
Station Agent 0.0.0.0 ipRouteDest.1
Get-Request: ipRouteDest.1
15.0.0.0 ipRouteDest.2
Get-Response: ipRouteDest.1 = 0.0.0.0
131.108.0.0 ipRouteDest.3
Get-Next-Request ipRouteDest.1
129.140.0.0 ipRouteDest.4
Get-Response: ipRouteDest.2 = 15.0.0.0
Get-Next-Request ipRouteDest.2
Get-Response: ipRouteDest.3 = 131.108.0.0

Get-Next-Request ipRouteDest.3
Get-Response: ipRouteDest.4 = 129.140.0.0

Get-Next-Request ipRouteDest.4
Get-Response: error (NoSuchName)

Time Time

25
 Example Table Retrieval
xyzTable stu

xyzEntry stuS1 stuS2 stuS3

GETNEXT
row retrieval xyzC1 xyzC2 xyzC3 xyzC4

Row index 1
Row index 3
Row index 6

index xyzC1 xyzC2 xyzC3 xyzC4

1 GETNEXT(xyzC1, xyzC2, xyzC3, xyzC4)
RESPONSE(xyzC1.1, xyzC2.1, xyzC3.1, xyzC4.1)
3 GETNEXT(xyzC1.1, xyzC2.1, xyzC3.1, xyzC4.1)
RESPONSE(xyzC1.3, xyzC2.3, xyzC3.3, xyzC4.3)
6 GETNEXT(xyzC1.3, xyzC2.3, xyzC3.3, xyzC4.3)
RESPONSE(xyzC1.6, xyzC2.6, xyzC3.6, xyzC4.6)
GETNEXT(xyzC1.6, xyzC2.6, xyzC3.6, xyzC4.6) 26
stuS1 RESPONSE(xyzC2.1, xyzC3.1, xyzC4.1, stuS1)
 Sparse Tables
 It is possible that not all columns in a table have an instance in a row

 GETNEXT operations skip over the non-existing instances in the table

 Manager has to perform additional checking

xyzTable

xyzEntry

GETNEXT
row retrieval xyzC1 xyzC2 xyzC3 xyzC4

Row index 1
Row index 3
Row index 6 27
 SNMPv1 SET Request Processing
 Modifies the value of one or more instances of management information

 Also creates new instances and delete existing instances of management

information

 Operation either completely succeeds or completely fails

 In snmpv1, there are 3 types of error messages that can be returned:

 noSuchName
 badValue
 genErr Not used Not used

Request
Set-Request ID
Error Status Error Index Name X Value X ...

Set to zero Set to zero

Copy value or error or index Copy value Copy value

Request
Get-Response ID
Error Status Error Index Name X Value X ...
28
 Example – Row Creation
xyzTable

SET ((xyzC2.4, 2), (xyzC3.4,45))

xyzEntry

xyzC1 xyzC2 xyzC3 xyzC4

Row index 1
Row index 2
Row index 3
Row index 4 2 45
Row index 5
Row index 6

29
 SNMP Traps
 An unsolicited message an SNMP agent sends to the
manager.
 Manager is responsible for configuring the trap on the agent
 Used to reduce the length of time between when an event occurs
and when it is noticed by the manager

 No response is expected

 MIB-II defines 7 types of traps:

 Coldstart of a system
 Warmstart of a system
 Link Down
 Link Up
 Authentication Failure
 Exterior Gateway Protocol (EGP) neighbour loss
 Enterprise Specific
30
 Use of Events Pulling data

Manager Agent
 Agents provide the specified data only when
request by managers.
 The periodic gathering of data is called polling Pushing data
Manager Agent
 Amount of time between an event and a
manager realising that an event has occurred
time Event realised
is called the event detection latency Event occurs

 Another model of management is based on

agents in managed systems sending data to Event
configured managers Manager
polls
Manager
polls
detection
latency
Manager
polls
 Traps (Pushing)
 However, during a communication failure, an
event report would never reach a manager time
Event occurs
 The snmp solution to this dilemma is called
trap directed polling
Manager Manager Manager Manager
polls polls polls polls
 Can reduce polling latency but may consume earlier
additional resources Event detection
latency
than
normal
minimised

31
 Event Triggering
 There are 2 models for deciding
Monitored value
when events occur:
Event
threshold
 Edge triggered events: Rearm
threshold
 occurs when a monitored value rearm
event rearm event
first enters a range
 monitored value must then enter
a potentially different range
Monitored value
before the event may occur again
– rearming the trigger
Event
level
 Level triggered events:
 occurs when a monitored value is
inside a range at the start of each
periodic time interval events

time

32
 SNMPv1 Limitations
 LIMITED ERROR CODES

 LIMITED DATA TYPES

 Reduction in complexity of SNMP has resulted in some increase in complexity of
MIB understanding and design

 LIMITED TRAP NOTIFICATIONS

 LIMITED PERFORMANCE
 Inefficient for large retrievals. (e.g. retrieving entire MIB or tables)
 E.g. 2000 entry table with 4 columns 200ms RTT
Using GETNEXT-Requests: 2000 X 4 X 2 = 16000 packets or 2000 X 4 X .2 = 1600
seconds!!!
IDLE-RQ like performance

 LACK OF HIERARCHIES
 Inherently centralised

 LACK OF SECURITY
33
 Community Strings
SNMPv1 MIBs (SMI, MIB-II, RMON)

34
 SMI (RFC1155) Defined Data Types
 Integer – Signed 32 bit integer.
 Enumerated Integer
 Octet String – String of bytes
 Object Identifier
 NetworkAddress – An address from one of possibly
several protocol families
 IpAddress – 32 bit IP address
 Gauge – Nonnegative integer from 0 to 232 – 1, which
may increase or decrease
 Counter – Nonnegative monotonically increasing
integer from 0 to 232 – 1
 Timeticks – Non-negative integer which counts time in
hundredths of a second
 Opaque – Arbitrary syntax 35
Gauge
 Used to specify a value whose range includes only non-
negative 32bit integers

 RFC 1155 – this application-wide type represents a non-

negative integer, which may increase or decrease, but
which latches at a maximum value
Dashed line is the actual value
Solid line is value reported by gauge type

Max in
range

Min in
range

Time 36
 Counter
 Use to specify a non-negative value
whose range includes only positive Maximum
32-bit integers value
232 - 1
 Values reported by counters are not
absolute, since the count is not
required to start at 0 and the count Starting value
may roll over is undefined
Counter rollover
0 and start at 0
Time
 Counters are used by obtaining a
value v0 at to and then later obtaining
a value v1 at t1 232 - 1
 Difference between v0 and v1 is the
count over the time period
 Counter rollover can be detected iff v0
> v1 Computed rate
0
 A periodic sampling of counter values
may be converted into a rate value: Time
if (vi > vi-1) then ri = (vi – vi-1) / T
else ri = ((Cmax – (vi-1 – vi) + 1) / T 37
Other Types
 Timeticks - used to specify a non-negative value whose
range includes only non-negative integers
 Units are in hundredths of seconds
 Length of time between rollovers is 497 days
 Network Address – used to specify a string a 4 octets
 Currently used to store IPv4 addresses
 Was designed to allow a network address of any type to be
specified
 Obsolete – use IpAddress
 Opaque – used to specify octets of binary information
 Generic type

38
 SMI Tree
 RFC 1155 defines top of the
administrative domain managed ccitt (0) iso (1) Joint-iso-ccitt (2)

by the IETF:
 1.3.6.1 org (3)

 Directory - reserved for use with a

future memo that discusses how dod (6)
the OSI Directory may be used in
the Internet internet (1)
 Mgmt – area for items defined in
standards track documents.
directory (1) mgmt (2) experimental (3) private (4)
 Experimental – area for IETF
experimental items
mib (1) enterprise (1)
 Private – area for delegation of
subtrees to enterprises, that is,
anyone who asks for an enterprise
number 39
 MIB II
 MIB-II defines 11 separate groups:
 system (1)
 interfaces (2)
 address translation (3)
 IP (4)
 ICMP (5)
 tcp (6)
 udp (7)
 egp (8)
 cmot (9) CMIS over TCP (for historic reasons only)
 transmission (10)
 snmp (11)

 RFC1213 defines 2 additional data types

 DisplayString
 PhysAddress 40
System Group
 Contains data pertaining to the system where the agent is
residing in

 Fault management objects:

 SysObjectID – System Manufacturer
 sysServices – Protocol layers that device services – using formula
2(L-1)
 e.g. host that runs transport + application layer services
 2(4-1) + 2(7-1) = 72
 sysUptime – Amount of time system has been operational

 Configuration management objects:

 sysDescr – Description of the system
 sysLocation – System’s physical location
 sysContact – System’s name
41
Interfaces Group
 The interfaces group provides information pertaining to
each specific network interface (ifTable)

 Useful for configuration, performance, fault and accounting

management

 ifNumber - number of interfaces

 ifTable example:
ifIndex ifDescr ifOperStatus ifInUPackets ifSpeed
0 DEC Ethernet 1 1 8169 8000000
1 SUN Ethernet 1 2 16184 100000

42
Interfaces Group (cont…)
 Example – Determining utilisation

Total bytes = (ifInOctectsy – ifInOctectsx) +

(ifOutOctectsy – ifOutOctectsx)
Total bytes per sec = Total bytes / (y-x)
Utilisation = (total bytes per sec* 8) / ifSpeed

43
 IP Group
 Provides information about the IP layer in a systems
network protocol stack
 Information pertaining to errors and types of packets seen.
 Routing table (i.e. ipRouteTable)
 Configuration/Fault management objects
 ipForwarding – If device is set up to route IP packets
 ipAddrTable – Addresses on the device
 ipRouteTable – Routing table
 Performance management objects
 ipInDiscards – Rate of input datagrams discarded
 ipInHdrErrors – Rate of input header errors
 ipInAddrErrors – Rate of input address errors
 Accounting management objects
 ipOutRequests – Number of IP datagrams sent
 ipInDelivers – Number of IP datagrams received 44
ICMP Group
 Provides information pertaining to systems ICMP
entity
 icmpInRedirects – rate of redirect messages received
 icmpOutDestUnreachs – rate of destination
unreachable errors sent.
 icmpInSrcQuenchs – input rate of source quench
messages
 icmpOutEchos – rate of output echo messages

45
 TCP Group
 TCP – The Transmission Control Protocol (TCP) provides reliable transport services
between applications (UDP is the unreliable transport service used in IP)

 Configuration management objects:

 tcpRtoAlgorithm – Retransmission algorithm
 tcpConnTable – Connection table (i.e. netstat).

 Performance management objects:

 tcpAttemptFails – Number of failed attempts to make a connection
 tcpEstabResets – Number of resets in established connections

 Accounting management objects:

 tcpActiveOpens – Number of times this system has opened a connection
 tcpInSegs – Number of TCP segments received

 Security management objects:

 tcpConnTable – Connection table (i.e. netstat)

 The User Datagram Protocol (UDP) group provides similar information. (e.g.
udpTable)

46
 EGP Group Managing Host PC 1 PC 2

 EGP (RFC 904) is a protocol that tests for

the reachability of IP networks.
 An IP network can be divided into networks of Printer 1 Router 1
autonomous systems
Printer 2

 egpNeighTable
Server 1
 Fault management objects: Network Drive 1
 egpNeighState – state of egp neighbour Wide Area
Router 2
(up,down) Network

Network Drive 2 PC 3
 Configuration management objects Router 3

 egpIntervalHello – hello message interval.

 egpAs – local egp autonomous system.

Server 2
47
Transmission Group
 Reserved for information pertaining to
specific media underlying the interfaces of
a system

 Various RFCs:
 RFC 1512 FDDI
 RFC 1493 Bridge
 RFC 1743 Token Ring

48
 SNMP Group
 Management protocols also need to be managed!!!
 Useful to all 5 areas of network management

 Fault management objects:

 snmpInASNParseErrrors – Number of malformed SNMP messages
 snmpInNoSuchNames – Number of requests to invalid objects

 Configuration management objects:

 EnableAuthenTraps – Enables entity to send traps when authentication errors
occur

 Performance/Accounting management objects:

 snmpInPkts – Rate of SNMP packets input
 snmpInTraps – Rate of traps input

 Security management objects:

 snmpInBadCommunityNames – Number of authentication failures
 snmpInBadCommunityUses – Number of requests without sufficient privileges
49
Topology Discovery Revisited
1. temporarySet = get_default_router()

2. foreach router in temporarySet do

a. ping(this_router)
b. if (this_router is alive) then
permanentSet = permanentSet + this_router
c. hostList = SNMP_GetArpTable(this_router)
d. permanentSet = permanentSet + hostList
e. routerList = SNMP_GetIpRouteTable(router)
f. permanentSet = permanentSet + routerList
g. temporarySet = temporarySet + routerList

50
Remote Monitoring (RMON)
MANAGER

RMON

E
WAN T
H
E
R
N
E
T

 Goal - A remote monitoring device to help perform management

on a network segment while reducing on agents and
management stations

 RMON1 (RFC 1757 - DRAFT) - Ethernet

 TOKEN RING EXTENSIONS TO RMON (RFC 1513 - PROPOSED)
 RMON2 (RFC 2021 - PROPOSED) 51
 Objectives
 Off-line operation: Limit or halt routine polling of a monitor by a network manager
 Performance reasons
 May cease if there is a communications failure
 Probe continues to accumulate statistics that may be retrieved at a later time

 Proactive monitoring: Probe can continuously run diagnostics and log network
performance
 In the event of failures, probe may notify managers and provide useful diagnostics

 Problem detection and reporting: Active probing of consumption of resources on the

network to check for error and exceptional conditions

 Value-added data: Perform specific analysis on data collected in the network. Eg. –
determining top N hosts that generate the most traffic

 Multiple managers: Reasons to support multiple managers is to

 improve reliability
 perform different functionality
 provide management capability to different units within an organisation
 Concurrency

52
RMON Groups
 STATISTICS
 HISTORY
 HOST
 HOST TOP N
 TRAFFIC MATRIX
 ALARMS
 FILTERS
 PACKET CAPTURE
 EVENTS

53
 Statistics Group
 KEEPS STATISTICS PER ETHERNET SEGMENT:
 PACKETS
 OCTETS
 BROADCASTS
 MULTICASTS
 COLLISIONS
 ERRORS

 KEEPS TRACK OF PACKET SIZE DISTRIBUTION:

 65 - 127 OCTETS
 128 - 255 OCTETS >1518
< 64 Bytes 64 to 1518
 256 - 511 OCTETS bytes
 512 - 1023 OCTETS
 1024 - 1518 OCTETS WELL-FORMED undersize GOOD! oversize
PACKETS

BAD FCS fragments CRC or jabber

ERRORS alignment
errors

54
History Group
 Records periodic statistical samples from
information available in the statistics group
 historyControlTable
 etherHistoryTable

 USES A CIRCULAR BUFFER

 BUCKETS – sampling interval
 SIZE MAY BE SET BY MANAGER

 MANAGER MAY SET:

 THE ETHERNET SEGMENTS (INTERFACES)
 SAMPLING INTERVAL

 Host/Matrix/hostTopN Group
 Consists of 1 control table and 1 or more data tables
55
 Alarm Group
900
NOTIFICATION NOTIFICATION
800

700
RISING TRESHOLD

600

500

400

300 FALLING TRESHOLD

200
NOTIFICATION

100

 Absolute or delta values

 Hysteresis mechanism

 TRIGGERS ON:
 RISING ALARM
 FALLING ALARM
 RISING OR FALLING ALARM

56
Other Groups

 FILTER GROUP
 TO COUNT PACKETS THAT CARRY A SPECIFIC BIT-PATTERN – CHANNELS

 PACKET CAPTURE GROUP

 TO STORE SPECIFIC PACKETS

 EVENT GROUP
 TO DEFINE THE VARIOUS EVENTS
 TO DETERMINE ON LOGGING AND / OR TRANSMISSION OF TRAPS

57
SNMPv2 (Major Changes)
 Enhancements to SMI
 New data types

 Protocol enhancements:
 Performance - GetBulk-Request
 Better handling/reporting of error conditions

 Manager-to-manager capability

 Administrative models
 SNMPv2c – communities
 SNMPv2u - user-based
 SNMPv3
58
SMI Scalar Data Types

59
SNMPv2 Protocol Operations

60
GetBulk Operation
 For efficient retrieval of many VarBinds

 getBulk REQUEST HAS TWO ADDITIONAL PARAMETERS:

 non-repeators
 max-repetitions

 THE FIRST N ELEMENTS (non-repeators) OF THE VARBIND LIST ARE

TREATED AS IF THE OPERATION WAS A NORMAL getnext
OPERATION

 THE NEXT ELEMENTS OF THE VARBIND LIST ARE TREATED AS IF

THE OPERATION CONSISTED OF A NUMBER (max-repetitions) OF
REPEATED getnext OPERATIONS

61
 GetBulk Operation (cont…)
REQUEST(non-repeaters = N; max-repetitions = M;
VariableBinding-1; ... ; VariableBinding-N; VariableBinding-(N+1); ... ; VariableBinding-(N+R)
)

N-TIMES

RESPONSE(
VariableBinding-1; ... ; VariableBinding-N; VariableBinding-(N+1); ... ; VariableBinding-(N+R)
1st LEXICOGRAPHICAL SUCCESSOR VariableBinding-(N+1); ... ; VariableBinding-(N+R)
2nd LEXICOGRAPHICAL SUCCESSOR
VariableBinding-(N+1); ... ; VariableBinding-(N+R) M-TIMES

3 th LEXICOGRAPHICAL SUCCESSOR ...

VariableBinding-(N+1); ... ; VariableBinding-(N+R)
)
M th LEXICOGRAPHICAL SUCCESSOR

• Overshoot problem - GetBulk does not stop when it reaches the end of a table
62
• Still suffers from problem with sparse tables
GetBulk Operation (Example)
 getBulk(max-repetitions = 4; 1.1)
 response(
1.1.0 => 130.89.16.2
1.2.1.0 => printer-1
1.2.2.0 => 123456
1.3.1.1.2.1 => 2 )
 getBulk( non-repeaters = 1; max-repetitions = 3; 1.1, 1.3.1.1;
1.3.1.2; 1.3.1.3)
response(
1.2.1 => 8;
1.3.1.1.2.1 => 2; 1.3.1.2.2.1 => 1; 1.3.1.3.2.1 => 2
1.3.1.1.3.1 => 3; 1.3.1.2.3.1 => 1; 1.3.1.3.3.1 => 3
1.3.1.1.5.1 => 5; 1.3.1.2.5.1 => 1; 1.3.1.3.5.1 => 2
)
63
Reading
 Network Management: A Practical Perspective
 Chapter 8 - SNMP
 Chapter 10 - MIB-II
 Chapter 11 - RMON

 Unit Resources webpage

 Siamwalla, R., Sharma, R. and Keshav, S., Discovering Internet
Topology. 1999
 RFC 1155 (SMI) and
 RFC 1157 (SNMPv1)
 RFC 1213 (MIB-II)
 RFC 1757 (RMON)

64
SNMPv2 Set Operation
 CONCEPTUAL TWO PHASE COMMIT:
 PHASE 1: PERFORM VARIOUS CHECKS
 PHASE 2: PERFORM THE ACTUAL SET
SNMPv1 SNMPv2
PHASE 1: badValue wrongValue
badValue wrongEncoding
badValue wrongType
badValue wrongLength
badValue inconsistentValue
noSuchName noAccess
noSuchName notWritable
noSuchName noCreation
noSuchName inconsistentName
genErr resourceUnavailable
genErr genErr

PHASE 2: genErr CommitFailed

genErr undoFailed 65
SNMPv2 Get Operation
 SIMILAR TO SNMPv1, EXCEPT FOR "EXCEPTIONS"

 POSSIBLE EXCEPTIONS:
 noSuchObject
 noSuchInstance

 EXCEPTIONS ARE CODED WITHIN THE VARBINDS

 EXCEPTIONS DO NOT RAISE ERROR STATUS AND

INDEX

66
Inform Operation
 Inform
CONFIRMED TRAP
 ORIGINALLY TO INFORM A HIGHER
LEVEL MANAGER
 SAME FORMAT AS TRAP PDU
 POSSIBLE ERROR: tooBig

67
SNMPv2 GetNext Operation
 SIMILAR TO SNMPv1, EXCEPT FOR
"EXCEPTIONS"

 POSSIBLE EXCEPTIONS:
 endOfMibView

 EXAMPLE
 getNext(1.4.0)
 response(error-status => noError, 1.4.0 =>
endOfMibView)

68
SNMPv2 Trap Operation
 SNMPv1:
 COLD START
 WARM START
 LINK DOWN
 LINK UP
 AUTHETICATION FAILURE
 EGP NEIGHBOR LOSS

 SNMPv2:
 MIBs MAY NOW INCLUDE NOTIFICATION TYPE MACROS
 FIRST TWO VARBINDS: sysUptime AND snmpTrapOID
 USES SAME FORMAT AS OTHER PDUs

69