Simple Network Management Protocol SNMP - PowerPoint PPT Presentation

1 / 27
About This Presentation
Title:

Simple Network Management Protocol SNMP

Description:

Operations supported in SNMP are the inspection ... prise. PDU. type. variablebindings. error. index. error. status. request. id. PDU. type. variablebindings ... – PowerPoint PPT presentation

Number of Views:115
Avg rating:3.0/5.0
Slides: 28
Provided by: jwh8
Category:

less

Transcript and Presenter's Notes

Title: Simple Network Management Protocol SNMP


1
Simple Network Management Protocol(SNMP)
  • J. Won-Ki Hong
  • Dept. of Computer Science and Engineering
  • POSTECH
  • Tel 054-279-2244
  • Email jwkhong_at_postech.ac.kr

2
Table of Contents
  • SNMP Operations
  • Protocol Specification
  • Transport-Level Support
  • Limitations of SNMPv1

3
SNMP Operations
  • Operations supported in SNMP are the inspection
    and modification of variables
  • GET operation
  • retrieves management information (values of
    scalar objects)
  • SET operation
  • updates management information (values on scalar
    objects)
  • TRAP operation
  • sends unsolicited scalar object values to notify
    problems

4
SNMP Operations (contd)
  • Not possible to change the structure of a MIB
  • cannot add or delete object instances
  • No explicit action is supported
  • Access is provided only to leaf objects in the
    MIB tree
  • not possible to access an entire table or a row
    of a table with a single atomic action
  • These simplify the implementation of SNMP but
    limit the capability of the NMS

5
SNMP Security Concepts
  • Authentication service
  • agent may wish to limit access to the MIB to
    authorized managers
  • Access policy
  • agent may wish to give different access
    privileges to different managers
  • Proxy service
  • agent may act as a proxy to other managed devices
  • this may require authentication service and
    access policy for other managed devices on the
    proxy
  • SNMP provides only a primitive and limited
    security capability via the concept of community

6
SNMP Community
  • is a relationship between an agent and a set of
    managers that defines authentication, access
    control proxy characteristics
  • a community is locally defined by the agent
  • each community is given a unique community name
  • an agent may establish a number of communities
  • the community name is needed for all get and set
    operations
  • the same community name may be used by different
    agents
  • SNMP authentication service
  • every SNMP message from a manager includes a
    community name (used as a password) --- very
    primitive
  • most agents only allow GET operations

7
SNMP Community (contd)
  • SNMP Access Policy
  • an agent can provide different categories of MIB
    access using the following concepts SNMP MIB
    View Access Mode
  • SNMP MIB View
  • a subset of objects within a MIB
  • different MIB views may be defined for each
    community
  • the set of objects in a view need not belong to a
    single subtree
  • SNMP Access Mode
  • an access mode READ-ONLY, READ-WRITE is defined
    for each community
  • the access mode is applied uniformly to all
    objects in the MIB view
  • SNMP Community Profile
  • a combination of a MIB view and an access mode

8
MIB ACCESS Category vs. SNMP Access Mode
9
SNMP Administrative Concepts
10
Object Instance Identification
  • SNMP defines two techniques for identifying a
    specific object instance
  • Serial access technique (via lexicographic
    ordering of objects)
  • Random access technique
  • Random access technique
  • objects in MIB tables are referred to as columnar
    objects
  • the object identifier is not sufficient to
    identify the instance
  • SNMP convention
  • concatenate the scalar object identifier with the
    values of INDEX objects, listed in the order
    which the INDEX objects are defined
  • see the example in Table 7.2 on page 169

11
Lexicographical Ordering
  • is used for accessing MIB objects serially
  • given the tree structure of a MIB, the OID for a
    particular object may be derived by tracing a
    path from the root to the object
  • lexicographical ordering is also referred to as
  • preorder traversal (root, left, right) of a tree
  • depth-first search
  • useful for examining MIBs whose structure is not
    known to NMS

12
Lexicographical OrderingExample
13
Protocol SpecificationSNMP Message Formats
  • SNMP manager and agent exchange requests and
    management information using SNMP messages
  • SNMP message includes a version number (e.g., 0
    for SNMPv1, 1 for SNMPv2), a community name and
    one of five types of protocol data units (PDUs)
  • PDU Types GetRequest, GetNext-Request,
    SetRequest, GetResponse, Trap

14
SNMP Message Formats
SNMP PDU
Version
Community
(a) SNMP message
variablebindings
0
0
request id
PDU type
(b) GetRequest PDU, GetNextRequest PDU, and
SetRequest PDU
variablebindings
error index
error status
request id
PDU type
(c) GetResponse PDU
variablebindings
time stamp
specific trap
generic trap
agent addr
enter- prise
PDU type
(d) Trap PDU
valueN
nameN
. . .
value2
name2
value1
name1
(e) variablebindings
15
SNMP Message Fields
16
SNMP Message Fields (contd)
17
Transmission of SNMP Message
  • 1. The PDU is constructed using ASN.1
  • 2. This PDU is passed to an authentication
    service with a community name and source
    destination transport addresses passed
  • the authentication service performs any required
    transformations such as encryption or the
    inclusion of an authentication code
  • 3. The protocol entity then constructs a message,
    consisting of a version field, the community
    name, and the result from step 2
  • 4. This new ASN.1 object is then encoded using
    BER and passed to the transport service

18
Receipt of SNMP Message
  • 1. The SNMP entity performs basic syntax-check of
    the message and discards it if it fails to parse
  • 2. It verifies the version number and discards it
    if there is a mismatch
  • 3. It then passes the community name, the PDU
    portion of the message and the source/destination
    transport address to an authentication service
  • if authentication fails, the message is discarded
  • if authentication succeeds, the authentication
    service returns a PDU in the form of an ASN.1
    object
  • 4. If the PDU passes a basic syntax-check, the
    appropriate SNMP access policy is selected and
    the PDU is processed accordingly

19
SNMP PDU Sequences
20
GetRequest PDU
  • is issued by an SNMP manager on behalf of NMS to
    retrieve information from an agent
  • includes PDU type, request-id variablebindings
  • GetResponse PDU containing the same request-id is
    used for the reply
  • operation is atomic (all values are returned or
    none is)
  • possible error-status
  • noSuchName object instance cannot be found or it
    is an aggregate type
  • tooBig the size of resulting values exceed a
    local limitation
  • genErr may not be able to supply a value for at
    least one of the objects for some other reason

21
GetNextRequest PDU
  • is also issued by an SNMP manager on behalf of
    NMS to retrieve information from an agent
  • the PDU is the same as GetRequest PDU except
  • In the GetRequest PDU, each variable in the
    variablebindings list refers to an object
    instance whose value is to be returned
  • In the GetNextRequest PDU, for each variable in
    the variablebindings, the value of the object
    instance that is next in lexicographic order is
    returned
  • allows NMS to discover the structure of a MIB
    view dynamically
  • provides an efficient mechanism for searching a
    table whose entries are unknown

22
SetRequest PDU
  • is issued by an SNMP manager on behalf of NMS to
    modify information in an agent
  • the operation is also atomic
  • if any one of the values cant be set, then the
    whole operation fails
  • GetResponse PDU containing the same request-id is
    used for the reply
  • if the operation succeeds, a GetResponse PDU is
    returned with the same variablebindings as in the
    original SetRequest PDU
  • possible error-status
  • noSuchName, tooBig, genErr plus
  • badValue PDU contains at least one pair of
    variable name and value that is inconsistent

23
Trap PDU
  • is issued by an SNMP agent to notify NMS of some
    significant event
  • Trap PDU does not require a response and is not
    acknowledged ? can get lost
  • Generic Trap types
  • coldStart (0) unexpected restart due to a crash
    or major fault
  • warmStart (1) routine restart
  • linkDown (2) a communication link is
    inoperational
  • linkUp (3) the link is back in operation
  • authenticationFailure (4) received
    authentication-failed message
  • egpNeighborLoss (5) EGP neighbor is down
  • enterpriseSpecific (6) some enterprise-specific
    event occurred

24
Transport-Level Support
  • SNMP requires the use of a transport service for
    the delivery of SNMP messages.
  • SNMP makes no assumption about whether the
    underlying service is reliable or unreliable,
    connectionless or connection-oriented
  • Most SNMP implementations use UDP
  • It is possible to use CLTS
  • UDP
  • Unreliable, connectionless transport service in
    Internet
  • CLTS
  • Unreliable, connectionless transport service in
    the OSI architecture

25
Issues in using UDP
  • Since UDP provides unreliable transport service,
    SNMP messages can get lost
  • What happens if a GetRequest or GetNextRequest
    message is lost?
  • What happens if a SetRequest message is lost?
  • What happens if a Trap message is lost?

26
Limitations of SNMP
  • SNMP may not be suitable for the mgmt of truly
    large networks because of the performance
    limitations of polling
  • SNMP is not well suited for retrieving large
    volumes of data, such as an entire routing table
  • SNMP traps are unacknowledged may not be
    delivered
  • SNMP provides only trivial authentication
  • SNMP does not support explict actions
  • SNMP MIB model is limited (does not support mgmt
    queries based on object types or values)
  • SNMP does not support manager-to-manager
    communications
  • Many of these problems are addressed in SNMPv2!

27
READING
  • Read Chapter 7 of Stallings
Write a Comment
User Comments (0)
About PowerShow.com