An Introduction to SNMP &

Versions of SNMP
By
Dr.R.Lalitha
Professor,CSE
Sri Muthukumaran Institute of Technology
Chennai
 Evolution of SNMP
• 1983 - TCP/IP replaces ARPANET at U.S. Dept. of
Defense, effective birth of Internet
• First model for net management - HEMS - High-Level
Entity Management System
• 1987 - ISO OSI proposes CMIP - Common Management
Information Protocol, and CMOT (CMIP over TCP) for
the actual network management protocol for use on the
internet
• Nov. 1987 - SGMP - Simple Gateway Monitoring
protocol
• 1989 - Marshall T. Rose heads up SNMP working group
to create a common network management framework to
be used by both SGMP and CMOT to allow for transition
to CMOT
 Evolution of SNMP
• Aug. 1989 - “Internet-standard Network
Management Framework” was defined
• Apr. 1989 - SNMP promoted to recommended
status as the de facto TCP/IP network
management framework
• May 1990 - SNMP became a standard
protocol with a recommended status
• Mar. 1991 - format of MIBs and traps defined
TCP/IP MIB definition revised to create SNMPv1
 Functional Areas of Network
Management
• Configuration Management - configuration provisioning
• Fault Management - reactive and proactive network fault
management
• Performance Management - # of packets dropped,
timeouts, collisions, CRC errors
• Security Management - SNMP doesn’t provide much
here
• Accounting Management - cost management and
chargeback assessment
• Asset Management - statistics of equipment, facility, and
administration personnel
• Planning Management - analysis of trends to help justify
a network upgrade or bandwidth increase
 SNMP Versions
Two major versions SNMPv1, SNMPv2 are:

1. SNMPv1 is the recommended standard

2. SNMPv2 is divided as :
– SNMPv2u - SNMPv2 with user-based security
– SNMPv2* - SNMPv2 with user-based security and
additional features
– SNMPv2c - SNMPv2 without security
 Model of SNMP
SNMP is a “client pull” and “server push”
model.
The management system (client) “pulls”
data from the agent (server)
The agent (server) “pushes” out a trap
message to a (client) management system
 SNMP & OSI MODEL
7 Application Layer Management & Agent APIs
SNMP
6 Presentation Layer ASN.1 & BER
5 Session Layer RPC & NetBIOS
4 Transport Layer TCP & UDP
3 Network Layer IP & IPX
2 Data Link Layer Ethernet, Token Ring & FDDI

1 Physical Layer
 Transport Mechanism
• SNMP uses User Datagram Protocol
(UDP) as transport mechanism to transmit
messages

• UDP Port 161 - SNMP Messages

• UDP Port 162 - SNMP Trap Messages
 Traps
• Traps are messages that are asynchronously sent by an
agent to a manager
• Traps are triggered by an event
• Defined traps include:
– linkDown: Even that an interface went down
– coldStart - unexpected restart (i.e., system crash)
– warmStart - soft reboot
– linkUp - the opposite of linkDown
– (SNMP) AuthenticationFailure
 SNMP STRUCTURE
MANAGER AGENT

Management Application
MIB

SNMP PDUs

CONNECTIONLESS TRANSPORT SERVICE PROVIDER

UDP
 Simple Network Management
Protocol
• SNMP is a framework that provides facilities for
managing and monitoring network resources on the
Internet.
• Components of SNMP:
– SNMP agents
– SNMP managers
– Management Information Bases (MIBs) SNMP agent
SNMP
– SNMP protocol itself manager
SNMP agent
SNMP
protocol
messages
SNMP agent
Traditional SNMP Manager
Traditional SNMP Agent
PRINCIPLE OPERATION
MANAGER

SNMP

AGENTS

MIB
PRINCIPLE OPERATION
MANAGER

POLLING

TRAPS

AGENTS

MIB
PRINCIPLE OPERATIONMANAGER

GET / SET

TRAP

AGENTS

MIB
PRINCIPLE OPERATION
MANAGER

AGENTS

TABLES
VARIABLES
 Simple Network Management
Protocol
• SNMP agent is software that runs on a piece of network
equipment (host, router, printer, or others) and that maintains
information about its configuration and current state in a
database
• Information in the database is described by Management
Information Bases (MIBs)
• An SNMP manager is an application program that contacts
an SNMP agent to query or modify the database at the agent.
• SNMP protocol is the application layer protocol used by
SNMP agents and managers to send and receive data.
Protocol context of SNMP
Proxy Configuration
 MIBS
• A MIB specifies the managed objects
• MIB is a text file that describes managed objects using
the syntax of ASN.1 (Abstract Syntax Notation 1)
• ASN.1 is a formal language for describing data and its
properties

• In Linux, MIB files are in the directory

/usr/share/snmp/mibs
– Multiple MIB files
– MIB-II (defined in RFC 1213) defines the managed
objects of TCP/IP networks
 Organization of managed
objects
• Managed objects are . root

organized in a tree-like
hierarchy and the OIDs iso(1)

reflect the structure of the

org (3)
hierarchy.
• Each OID represents a dod (6)
node in the tree.
internet (1)
• The OID 1.3.6.1.2.1
(iso.org.dod.internet.mgmt. directory (1) mgmt (2) experimental (3) private (4)
mib-2) is at the top of the
hierarchy for all managed
mib-2 (1)
objects of the MIB-II.
• Manufacturers of system (1) at (3) icmp (5) udp (7) snmp (11)
networking equipment can
add product specific interface (2) ip (4) tcp (6) egp (8) transmiss
objects to the hierarchy.
ipForwDatagrams (6)
 Managed Objects
• Each managed object is assigned an object identifier (OID)
• The OID is specified in a MIB file.
• An OID can be represented as a sequence of integers
separated by decimal points or by a text string:
Example:
– 1.3.6.1.2.1.4.6.
– iso.org.dod.internet.mgmt.mib-2.ip.ipForwDatagrams

• When an SNMP manager requests an object, it sends the

OID to the SNMP agent.
 SNMP Protocol
• SNMP manager and an SNMP agent communicate using the SNMP
protocol
– Generally: Manager sends queries and agent responds
– Exception: Traps are initiated by agent.

get-request
get-response Port 161

SNMP manager
get-next-request
SNMP agent
get-response Port 161

set-request
get-response Port 161

Port 162 trap

 SNMP Protocol
• Get-request. Requests the values of one or more
objects
• Get-next-request. Requests the value of the next
object, according to a lexicographical ordering of OIDs.
• Set-request. A request to modify the value of one or
more objects
• Get-response. Sent by SNMP agent in response to a
get-request, get-next-request, or set-request message.
• Trap. An SNMP trap is a notification sent by an SNMP
agent to an SNMP manager, which is triggered by
certain events at the agent.
 SNMP Versions
• Three versions are in use today:
– SNMPv1 (1990)
– SNMPv2c (1996)
• Adds “GetBulk” function and some new types
• Adds RMON (remote monitoring) capability
– SNMPv3 (2002)
• SNMPv3 started from SNMPv1 (and not SNMPv2c)
• Addresses security
• Many SNMP agents and managers support all three
versions of the protocol.
 Format of SNMP Packets
• SNMPv1 Get/Set messages:
Version Community SNMP PDU

Cleartext string that is

used as a password
PDU Type Request ID
PDU type, e.g.:
32: SNMPv1 Get Error Status Error Index
64: SNMPv2 Get
Object 1, Value 1

Unique ID to match Object 2, Value 2

requests with replies
...
Sequence of name-value
pairs
 SNMP Commands

• SNMP has 5 different functions referred to

as Protocol Data Units (PDU’s), which are:

(1) GetRequest, aka Get

(2) GetNextRequest, aka GetNext
(3) GetResponse, aka Response
(4) SetRequest, aka Set
(5) Trap
 SNMP Commands [Get]

• GetRequest [Get]
- Most common PDU.
- Used to ask SNMP agent for value of a
particular MIB agent.
- NMS sends out 1 Get PDU for each instance,
which is a unique OID string.
 SNMP Commands [GetNext]

• GetNextRequest [GetNext]
- NMS application uses GetNext to ‘walk’ down a
table within a MIB.
- Designed to ask for the OID and value of the MIB
instance that comes after the one asked for.
- Once the agent responds the NMS application
can increment its count and generate a GetNext.
- This can continue until the NMS application
detects that the OID has changed, i.e. it has
reached the end of the table.
 SNMP Commands [GetResponse]

• GetResponse [Response]
- Simply a response to a Get, GetNext or Set.
- SNMP agent responds to all requests or
commands via this PDU.
 SNMP Commands [SetRequest]

• SetRequest [Set]
- Issued by an NMS application to change a MIB
instance to the variable within the Set PDU.
- For example, you could issue a
- GetRequest against a KDEG server asking for
sysLocation.0 and may get ‘ORI’ as the response.
- Then, if the server was moved, you could issue a
Set against that KDEG server to change its
location to ‘INS’.
- You must have the correct permissions when using
the set PDU.
 SNMP Commands [Trap]
• Trap

- Asynchronous notification.
- SNMP agents can be programmed to send a trap
when a certain set of circumstances arise.
- Circumstances can be view as thresholds, i.e. a trap
may be sent when the temperature of the core
breaches a predefined level.
 SNMP Security

• SNMP Community Strings (like passwords)

- 3 kinds:
- READ-ONLY: You can send out a Get & GetNext to
the SNMP agent, and if the agent is using the same
read-only string it will process the request.
- READ-WRITE: Get, GetNext, and Set. If a MIB
object has an ACCESS value of read-write, then a
Set PDU can change the value of that object with the
correct read-write community string.
- TRAP: Allows administrators to cluster network
entities into communities. Fairly redundant.
 Advantages
• Standardized
• universally supported
• extendible
• portable
• allows distributed management access
• lightweight protocol
 SNMP v1 and v2

• SNMPv1 is ”connectionless” since it

utilizes UDP (rather than TCP) as the
transport layer protocol.

• SNMPv2 allows the use of TCP for

”reliable, connection-oriented” service.
 Comparison of SNMPv1 and SNMPv2
SNMPv1 PDU SNMPv2 PDU Direction Description
GetRequest GetRequest Manager to agent Request value for
each listed object
GetRequest GetRequest Manager to agent Request next value
for each listed object
------ GetBulkRequest Manager to agent Request multiple
values
SetRequest SetRequest Manager to agent Set value for each
listed object
------ InformRequest Manager to manager Transmit unsolicited
information
GetResponse Response Agent to manager or Respond to
Manage to manager request
manager(SNMPv2)
Trap SNMPv2-Trap Agent to manager Transmit unsolicited
information
 SNMPv1 Community Facility
• SNMP Community – Relationship between
an SNMP agent and SNMP managers.
• Three aspect of agent control:
– Authentication service
– Access policy
– Proxy service
SNMPv1 Administrative
Concepts
 SNMPV2
• SNMPv2 revised version of SNMPv1
includes improvements in the areas of
performance, security, confidentiality, and
manager-to-manager communications.
• It introduced GetBulkRequest, an
alternative to iterative GetNextRequests
for retrieving large amounts of
management data in a single request.
 SNMPv1 & V2 interoperability
• SNMPv2 is incompatible with SNMPv1 in
two key areas:
• message formats
• protocol operations.
SNMPv2c messages use different header
and protocol data unit (PDU) formats from
SNMPv1 messages. SNMPv2c also uses
two protocol operations that are not
specified in SNMPv1.
 SNMPv2 Proxy Agent
• A SNMPv2 agent can act as a proxy agent on behalf of
SNMPv1 managed devices, as follows:
• A SNMPv2 NMS issues a command intended for a
SNMPv1 agent.
• The NMS sends the SNMP message to the SNMPv2
proxy agent.
• The proxy agent forwards Get, GetNext, and Set
messages to the SNMPv1 agent unchanged.
• GetBulk messages are converted by the proxy agent to
GetNext messages and then are forwarded to the
SNMPv1 agent.
• The proxy agent maps SNMPv1 trap messages to
SNMPv2 trap messages and then forwards them to the
NMS.
 Bilingual SNMPv2
• BilingualSNMPv2 network-management systems
support both SNMPv1 and SNMPv2. To support
this dual-management environment, a
management application in the bilingual NMS
must contact an agent. The NMS then examines
information stored in a local database to
determine whether the agent supports SNMPv1
or SNMPv2. Based on the information in the
database, the NMS communicates with the
agent using the appropriate version of SNMP.
 SNMPv2 Operations
get set
MIB MIB
response response

manager agent manager agent

getNext trap
MIB
response MIB

manager agent manager agent

getBulk inform
MIB
response response MIB

manager agent manager "agent"

 Summary of snmpv2
• Improved communication model
• Traps have same format as other pdus
• Get-bulk pdu
• Additional error codes for sets
• Two security models
snmpv2c: Community based
snmpv2u: User based
• Independence of underlying transport
• Additional data types
• Notifications
 SNMPv3
• SNMPv3 defines a security capability to
be used in conjunction with SNMPv1 or v2
SNMPv3 Flow
SNMP3 Message Format with
User Security Model (USM)
 User Security Model (USM)
• Designed to secure against:
– Modification of information
– Masquerade
– Message stream modification
– Disclosure
• Not intended to secure against:
– Denial of Service (DoS attack)
– Traffic analysis
 SNMPV3
• Command Generator
• Command Responder
• Notification Originator
• Notification Receiver
• The Proxy Forwarder
 SNMP Security
• SNMPv1 uses plain text community strings for
authentication as plain text without encryption
• SNMPv2 was supposed to fix security problems, but effort
de-railed (The “c” in SNMPv2c stands for “community”).
• SNMPv3 has numerous security features:
– Ensure that a packet has not been tampered with
(integrity),
– Ensures that a message is from a valid source
(authentication)
– Ensures that a message cannot be read by
unauthorized (privacy).
 SNMP Security
• Security model of SNMPv3 has two components:
1.Instead of granting access rights to a community,
SNMPv3 grants access to users.
2. Access can be restricted to sections of the MIB
(Version-based Access Control Module (VACM).
Access rights can be limited
• by specifying a range of valid IP addresses for a
user or community,
• or by specifying the part of the MIB tree that can
be accessed.
 Security levels in SNMPv2
SNMP has three security levels:
• noAuthNoPriv: Authentication with matching a user
name.
• authNoPriv: Authentication with MD5 or SHA message
digests.
• authPriv: Authentication with MD5 or SHA message
digests, and encryption with DES encryption
Thank You