Network Management

1
Network Management

• Chapter 3
• SNMP and MIB

2
Outline

• SNMPv1 Simple Network Management Protocol
• SMI Structure of Management Information
• MIB Management Information Base
• SNMPv3

3
SNMPv1 Packet

• SNMPv1 packet has the form

• Version ? the version of SNMP
• SNMPv1 is 0 in version field
• Community name ? like a password
• Agent can control who can access what
• Sent as plaintext, so not secure
• Improved by SNMPv3

4
SNMPv1 PDU

• SNMP has different types of packets, each with
  different format.
• PDU for Get-Request, Get-Next-Request and
  Set-Request has fields

• Request ID ? an integer, like a sequence number
• Error status ? error in Get-Response
• Error index ? an integer which identifies the
  first variable in VarBindList that caused error

5
SNMPv1 PDU

• Error status
• 0 noError
• 1 tooBig (PDU has too many bytes)
• 2 noSuchName (no object with requested name)
• 3 badValue (invalid no. for PDU type)
• 4 readOnly (incorrect implementation of SNMP)
• 5 genErr (any other error)

6
SNMPv1 PDU

• VarBindList ? a list of Variable ID and Variable
  Value

• Variable ID ? Object Identifier of the variable
  defined in SMI specification
• Variable Value ? actual value, which could be
  integer, IP address, etc.

7
SNMP Commands

• SNMPv1 commands (numbered 0 thru 4)
• Get-Request ? request value(s) from agent MIB
• Get-Next-Request ? request next MIB element
  (based on object identifier) in lexicographic
  order
• Can use this to walk the MIB tree
• Get-Response ? response from agent
• Set-Request ? write a value in agents MIB
• Trap ? unsolicited message from agent, to inform
  the managing entity of exceptional events
• SNMPv2 has two more commands
• Get-Bulk-Request ? get values in large block of
  data
• Inform-Request ? used by a managing entity to
  notify another managing entity of MIB information

8
SNMP Trap

• Trap PDU is of the form

• Enterprise ? Object Identifier for device that
  created trap message
• Agent address ? IP address of device
• Generic trap number ? 7 categories
• Specific trap number ? code number
• Time stamp ? time since device initialized
• VarBindList ? same as defined previously

9
SMI MIB

• The agent needs to find the Variable Value
  based on the Variable ID.
• Its better to define a data structure.
• Object Identifier mapped to value stored on
  subsystem
• E.g., NIC is a subsystem, its MAC address could
  be the desired value

10
SMI MIB

• Each object in the MIB has a name
• Groups of related objects also defined
• Each object has a type
• For example, integer
• Types can be
• Simple ? a single value
• Constructed ? multiple objects of simple type
• SMI Structure of Management Information
• RFC 1155
• The language used to define MIBs

11
SMI

• SMI specification uses subset of Abstract Syntax
  Notation One (ASN.1)
• Formal specification of MIB objects
• ASN.1 used to specify
• Name of object
• Type of object
• Read, read-write, or not accessible
• Brief description of object

12
Data types of SMI (RFC 2578)

• INTEGER
• Interger32
• Unsigned32
• OCTET STRING
• IPaddress
• Counter32
• Counter64
• Etc.

13
Higher-Level Constructs

• OBJECT-TYPE
• To specify the data type, status, and semantics
  of a managed object
• Four clauses
• SYNTAX specify the basic data type
• MAX-ACCESS whether the object can be read
  written, created, etc.
• STATUS valid, obsolete, or deprecated
• DESCRIPTION human-readable textual definition

14
Higher-Level Constructs

• MODULE-IDENTITY
• Allow related objects to be grouped together
  within a module
• E.g., RFC2012 defines the MIB module for TCP,
  RFC2013 defines the MIB module for UDP, RFC2021
  defines the MIB module for RMON

15
MIBManagement Information Base

• A virtual information store, holding managed
  objects whose values collectively reflect the
  current state of the network.
• The values may be queried and/or set by a
  managing entity by SNMP messages.
• Managed objects are specified using the
  OBJECT-TYPE SMI construct, and gathered into MIB
  modules using the MODULE-IDENTITY construct.

16
Object Identifier Tree

• 0 is the root
• Example
• Object ID of tcp is 1.3.6.1.2.1.6

17
Object Identifier Tree

• MIB objects identified as on previous slide
• Tree can be arbitrarily deep
• MIB-2 defined with 10 groups
• System, interfaces, address translation, IP,
  ICMP, TCP, UDP, EGP, transmission, SNMP
• Later added 13 more groups (extensions)
• Group can contain many objects, and these objects
  can be constructed type

18
Proprietary MIBs and RMON

• If not enough groups in MIB-2
• can create a proprietary MIB
• Proprietary MIBs are listed under enterprise
• Enterprise is a sub-node of private (4)
• RMON
• Remote Monitoring Standard
• An extension of MIB-2
• Deals with traffic on a network segment

19
Security

• We mentioned previously the SNMP method of
  authentication
• A community name acts like a password
• More than one mgmt station may have access
• Authorization is also a concern
• Assuming that you have access
• then what are you allowed to do?

20
Security

• SNMP security features

• SNMP community profile
• Access mode specifies type of access
• MIB view specifies access or not

21
SNMPv3

• SNMPv3 can be thought of as SNMPv2 with
  additional security and administration
  capabilities.
• SNMP applications
• Command generator generates GetRequest,
  GetNextRequest, SetRequest, etc.
• Notification generator generates Traps
• Proxy forwarder forwards request, notification,
  and response

22
SNMPv3

• A PDU sent by and SNMP application next passes
  through the SNMP Engine.
• A security module is provided by SNMPv3
• User-based security RFC3414
• Encryption
• Authentication
• Protection against playback attacks RFC3414
• Access control RFC3415

23
SNMPv3