Simple Network Management Protocol SNMP

1
Simple Network Management Protocol (SNMP)
2
Contents

• Define and describe the functions of managed
  devices, agents, and NMSs in an SNMP managed
  network
• Describe the four key SNMP commands
• Read, Write, Trap, and Traversal operations
• Define and describe the functions of the MIB,
  managed objects, and object identifiers
• Abstract Syntax Notation One (ASN.1)
• Discusses ASN.1 and its function in network
  management.
• Identify the function of ASN.1 in relation to
  SNMP
• Identify the key differences between SNMPv1,
  SNMPv2 and SNMPv3 in the area of protocol
  operations
• Identify and describe two methods for running
  SNMP on the same managed network.

3
SNMP Overview

• An application layer protocol that facilitates
  the exchange of management information between
  network devices.
• Part of the Transmission Control Protocol/
  Internet Protocol (TCP/IP) protocol suite.
• Allows network administrators to manage network
  performance, find and solve network problems, and
  plan for network growth.
• In 1988, the Internet Activities Board IAB
  committee proposed the SNMP as the short-term
  solution for network management.
• Since then, the simple structure and good
  performance of SNMP has make it popular around
  the world. It is likely that SNMP will be a
  long-term solution.

4
Popularity of SNMP

• Simplicity easy to learn and inexpensive to
  implement, no rigid administrative structure
• Wide industry Support support network using
  TCP/IP, because of popularity of Internet,
  hundreds of vendors supports SNMP
• Efficient use of resource requires low memory
  and CPU cycles
• Standardization and stability a standard
  supported by IAB and is a relatively stable
  protocol
• Centralized administration based on
  query-response mechanism, allow administrator to
  manage a large network from one location
• Portability enables transparent management on
  devices which can be hardware and software.

5
SNMP Basic Components

• Three key components of a SNMP managed network
  are
• Management Entity (or NMS)
• Managed Device
• Agent

6
Network Management Entity

• An network management entity executes
  applications that monitor and control managed
  devices.
• They provide the bulk of the processing and
  memory resources required for network management.
  
• One or more NMSs must exist on any managed
  network.
• Many NMS are available
• usually support both Unix and Windows
• support both command line and GUI
• Command line interface Microsoft SNMPUTIL
• GUI SunNet Manager, HP OpenView
• support FCAPS model

7
Common NMS applications

• Popular NMS supporting SNMP
• WhatsUp Gold pupular, low cost, simple. Buddle
  with Cisco NMS
• Scotty popular in Unix/Linux. Written in TCL/TK.
  Support both SNMPv1, SNMPv2 and SNMPv3
• HP OpenView industrial standard. Enterprise
  grade NMS, support 3rd party tools. e.g.
  Synoptics Optivity Tools to improve NM
  functionality of Synoptics devices
• IBM Netview developed in 1986. mainly to support
  IBM mainframes
• SunNet Manager use proxy agent to gather
  information about non-Sun machines.

8
Managed Device

• a network node that contains an SNMP agent and
  resides on a managed network.
• collects and stores management information and
  make this information available to network
  management systems (NMSs) using SNMP.
• a.k.a network elements, can be routers and access
  servers, switches and bridges, hubs, computer
  hosts, or printers

9
Agent

• An agent is a network management software module
  that resides in a managed device.
• It has local knowledge of management information
  and translates that information into a form
  compatible with SNMP

10
Combined functions of NMS and agent

• SNMP is a distributed management protocol, so a
  system / device can operate as shown in figure
• a network management system (NMS) exclusively
• an agent
• a NMS and agent
• When a system is operating as both an NMS and as
  an agent, another NMS might require that the
  system query managed devices and provide a
  summary of the information learned, or that it
  report locally stored management information.

11
Versions of SNMP

• SNMP Version 1 (SNMPv1)
• SNMP Version 2 (SNMPv2)
• Both versions have a number of features in
  common.
• SNMPv2 offers such enhancements as additional
  protocol operations

12
SNMP Basic Commands

• Managed devices are monitored and controlled
  using four basic SNMP commands
• Read
• Write
• Trap

• Traversal Operations

13
SNMP Read

• The read command is used by a network management
  system (NMS) to monitor managed devices.
• Snmpget specifies a single variable by name,
  i.e. system.sysDescr
• Get at ip X, OID1.3.6.1.2.1.1.1
• Response return value cisco 5505
• Snmpwalk reads a portion of the MIB sub-tree
  from a device

14
SNMP Write

• The write command is used by an NMS to control
  managed devices.
• The NMS changes the values of variables stored
  within managed devices.
• Snmpset
• /opt/OV/bin/snmpset -c private orarouter1
  .1.3.6.1.2.1.1.4.0 \
• octetstring "Meg A. Byte 555-1212"
• system.sysContact.0 DISPLAY STRING- (ascii)
  Meg A. Byte 555-1212

15
SNMP Traps

• The trap command is used by managed device to
  asynchronously report events to the NMS.
• When certain types of events occur, a managed
  device sends a trap to the NMS
• Trap Types
• coldStart (0) authenticationFailure (4)
• warmStart (1) egpNeighborLoss (5)
• linkDown (2) enterpriseSpecific (6)
• linkUp (3)

16
SNMP Traps (2)

• coldStart (0)
• agent send the trap when initializing itself
• warmStart (1)
• agent send the trap when re-initalizing itself
• linkDown (2)
• specific link on the source device has failed
• linkUp (3)
• specific link on the source device has come up

17
SNMP Traps (3)

• authenticationFailure (4)
• agent determines that a request does not provide
  proper authentication (e.g. wrong SNMP community
  string)
• egpNeighborLoss (5)
• agent report the loss of an EGP neighbor
• enterpriseSpecific (6)
• implemented by a vendor to provide additional
  functionality that complements the generic traps.

18
SNMP - Traversal Operations

• Traversal operations are used by the NMS to
  determine which variables a managed device
  supports and to sequentially gather information
  in variable tables (such as a routing table).
• Snmpget-next specifies OID, but value returned
  is next lexicographic OID and its value
• Get-next sysDescr, and you get sysObjectId
• Get-next sysObjectId and you get sysUpTime

19
Structure of Management Information (SMI)
20
SMI overview

• For manager / agent paradigm, managed network
  objects must be logically accessible
• Management information must be stored in such a
  way it can be easily retrievable and modifiable
• SNMP performs the retrieval and modification
• SMI determine the way information is organized
• SMI is a master document explains how the name,
  structure, and encode SNMP management information

21
SNMP and SMI

• SMI states each managed object must satisfy the
  following requirements
• must have a name, syntax and encoding
• Name MIB composes of a sequence of identifier
  which can uniquely identifies the object
• Syntax defines the data type (or grammar) of a
  object, such as an integer, a string of a octets
• Encoding describe how information associated
  with the managed objects is serialized for
  transmission between machines
• SMIs implementation in SNMP
• The names used for called object identifier (OID)
  a human readable format
• The syntax used for SNMP is called ASN.1
• The encoding used for SNMP is called BER (Basic
  Encoding Rules)

22
Object Naming

• address
• Object ID 1.1
• Object Instance 1.1.0
• Value of Instance 130.89.16.2
• info
• Object ID 1.2

• name
• Object ID 1.2.1
• Object Instance 1.2.1.0
• Value of Instance printer-1
• uptime
• Object ID 1.2.2
• Object Instance 1.2.2.0
• Value of Instance 123456

23
Object Identifiers and OID tree

• An object identifier (or object ID) uniquely
  identifies a managed object in the MIB hierarchy.
  
• The MIB hierarchy can be depicted as a tree, with
  a nameless root, the levels of which are assigned
  by different organizations.

24
Object Identifiers and MIB

• MIB is a collection of OID that is organized
  hierarchically.
• Define the properties of the managed object
• MIB tree is a hierarchical relationship of
  managed objects (MIB tree branch and tree node)
• managed objects can be accessed using the syntax
  specified by a network management protocol such
  as SNMP.

25
ASN.1

• Abstract Syntax Notation One (ASN.1) is a
  language that consistently represents the managed
  objects of a Management Information Base (MIB) in
  a machine-independent format.
• ASN.1 uses variables and statement similar to
  that other programming language.
• can be considered as a meta-language
• provide a vendor-neutral, cross-platform
  standard-based languages that allows developers
  to describe the workings of protocols, systems
  and machines.
• ASN.1 is the basis for a human-readable syntax of
  MIB tree
• The use of a consistent language like ASN.1
  allows different types of computers to
  successfully share information between computers
  more efficient

26
ASN.1

• ASN.1 is a data representation format used by
  SNMP to create actual MIB object
• ASN.1 existed long before SNMP, MIB of SNMP was
  developed to make the full advantages of ASN.1
• ASN.1 is defined as part of the Open Systems
  Interconnection (OSI) specification described in
  the ISO 8824 standard.
• Management protocols, such as the SNMP, use ASN.1
  to define both the packets exchanged by the
  management protocol and the objects that are to
  be managed.

27
Managed Objects

• A managed object (sometimes called a MIB object,
  an object) is one of any number of specific
  characteristics of a managed device
• Managed object can be accessed by SNMP on a
  managed tree node.
• Managed objects are composed of one or more
  object instances, which are essentially
  variables.
• The MIB within an agents can have multiple
  managed objects

28
Types of Managed Objects

• Scalar object
• define a single object instance.
• OID of each managed object ends with an instance
  number zero
• e.g. system.sysUpTime.0
• Tabular object
• define multiple related object instances
• These instances are grouped together in MIB
  tables.
• Instance numbers for table entries start from 1

29
index naming convention SMI

• NEW-MIB routeTable next 5 give the value of 3

30
index naming convention SNMP

• NEW-MIB routeTable next 5 give the value of 2

31
index naming convention SNMP

• An index need not be an integer
• It is still possible to use it as the index
• Examples
• Assume OID of Table 1.3
• 1.3.1.130.89.16.23 gt 130.89.16.23
• 1.3.2.130.89.16.23 gt 130.89.16.1
• 1.3.1.193.22.11.97 gt 193.22.11.97
• 1.3.2.193.22.11.97 gt 130.89.16.4
• 1.3.2.130.89.19.121 gt 130.89.16.1

32
index naming convention multiple index

• An index can have multiple index field
• It is still possible to locate the value
• Examples (Assume OID of Table 1.3)
• 1.3.3.192.1.23.24.1 gt 130.89.16.1
• 1.3.3.192.1.23.24.2 gt 130.89.16.4

33
Example of Managed Object

• Object Name / Descriptor
• An example of a managed object is atInput, which
  is a scalar object.
• It contains a single object instance, the integer
  value that indicates the total number of input
  AppleTalk packets on a router interface.
• The managed object atInput can be uniquely
  identified either by the object name
  iso.identified-organization.dod.internet.private.e
  nterprise.cisco.temporary variables.AppleTalk.atIn
  put,
• or by the equivalent object descriptor,
  1.3.6.1.4.1.9.3.3.1.

34
MIB Tree Structure

• The top-level MIB object IDs belong to different
  standards organizations, while lower-level object
  IDs are allocated by associated organizations.
• Internet is a subtree
• 1.3.6.1 implies ISO gt Org gt DOD gt Internet
• Vendors can define their own private branches
  that include managed objects for their own
  products.
• Cisco has branches
• 1.3.6.1.4.1.9 implies private gt enterprise gt
  Cisco
• MIBs that have not been standardized are
  typically positioned in the experimental branch.

35
MIB-I

• MIB-I
• developed in 1988 (RFC1156 and RFC1212).
• defined more than 100 configurable managed
  objects
• 8 object groups
• System object group (1.3.6.1.2.1.1)
• Interface object group (1.3.6.1.2.1.2)
• Address translation object group (1.3.6.1.2.1.3)
• IP object group (1.3.6.1.2.1.4)
• ICMP object group (1.3.6.1.2.1.5)
• TCP object group (1.3.6.1.2.1.6)
• UDP object group (1.3.6.1.2.1.7)
• EGP object group (1.3.6.1.2.1.8)

36
MIB-II

• developed in 1990 (RFC 1158 and RFC 1213)
• A total of 11 object groups and contains 171
  objects
• superset of MIB-I and provide additional
  functionality required SNMPv2
• New object group in MIB-II
• Transmission object group (1.3.6.1.2.1.9)
• CMOT object group (1.3.6.1.2.1.10)
• SNMP object group (1.3.6.1.2.1.11)

37
MIB-II (2)
38
SNMP ver 1
39
Quiz

• The following table shows example definitions of
  a table object (ifTable). Each row of the table
  is an instance of an entry (ifEntry). OIDs are
  allocated to each definition. This table has one
  entry for each network interface present on a
  machine
• Interface mib-2 2 1.3.6.1.2.1.2
• IfTable interfaces 2 1.3.6.1.2.1.2.2
• IfEntry ifTable 1 1.3.6.1.2.1.2.2.1
• IfIndex ifEntry 1 1.3.6.1.2.1.2.2.1.1
  lt column
• IfDescr ifEntry 2 1.3.6.1.2.1.2.2.1.2
  lt column
• IfType ifEntry 3 1.3.6.1.2.1.2.2.1.3
  lt column
• IfMtu ifEntry 4 1.3.6.1.2.1.2.2.1.4
  lt column
• What is the OID for the Ethernet MTU in the above
  table would be?

40
SNMP Version 1

• SNMPv1 is the initial implementation of the SNMP
  protocol.
• Based on 4 RFCs
• RFC-1155 Structure of Management Infomration
• RFC-1157 Simple Network Management Protocol
• RFC-1212 Concise MIB Definitions
• RFC-1213 Management Information Base II
• Operates over such protocols
• User datagram Protocol (UDP)
• Internet Protocol (IP)
• OSI Connectionless Network Service (CLNS)
• Apple Talk Datagram Delivery Protocol (DDP)
• Novell Internet Packet Exchange (IPX).

41
SNMPv1 Protocol Operation

• SNMP is a simple request-response protocol.
• The network management system issues a request,
  and managed devices return responses.
• This behavior is implemented using protocol
  operations.

• SNMP message has the format
• Version Number
• Community Name - kind of a password
• One or more SNMP PDUs - assuming trivial
  authentication
• SNMPv1 defines five protocol operations
• Get
• GetNext
• Set
• Trap

42
SNMPv1 Protocol Operation (2)

• Get
• This operation is used by the NMS to retrieve the
  value of one or more object instances from an
  agent. If the agent responding to Get operation
  cannot provide values for all of the object
  instances in a list, it does not provide any
  values.
• GetNext
• This operation is used by the NMS to retrieve the
  value of the next object instance in a table or
  list within an agent.

43
SNMPv1 Protocol Operation (3)

• Set
• This operation is used by the NMS to set the
  values of object instances within an agent.
• Trap
• This operation is used by agents to
  asynchronously inform the NMS of a significant
  event.

44
Get and set information

• NMS uses get, getNext and set command to get and
  retrieve information from managed device.
• for instance, NMS to query the IP routing table
  on a device (note routing table is dynamic in
  size, and you dont know the number of rows in
  the table)
• use get command to get the 1st row
• use getNext command to get the information in
  lexigraphical order until the end of table

45
Get and set information (2)
agent

• 1 query ipRouteDest get gt
• lt Response value0.0.0.0
• 2 query ipRouteDest.1 getNext gt
• lt Response value15.0.0.0
• 3 query ipRouteDest.2 getNext gt
• lt Response value131.108.0.0
• 4 query ipRouteDest.3 getNext gt
• lt Response value129.140.0.0

• Convention
• Get(ipRouteDest)
• Getnext(ipRouteDest(1))
• Getnext(ipRouteDest(2))
• Getnext(ipRouteDest(3))
• Getnext(ipRouteDest(4))

46
Quiz

• Write a simple iterative algorithm to allow the
  whole table to be traversed using Getnext().

47
SNMP message

• SNMP message divided into two parts
• SNMP Header
• version number (SNMPv1, SNMPv2, SNMPv3)
• community string
• PDU type (0 - 4)
• SNMP PDU

48
SNMP PDU

• Each SNMP PDU (except trap) has the following
  format
• request id - request sequence number
• error status - zero if no error otherwise one of
  a small set
• error index - if non zero indicates which of the
  OIDs in the PDU caused the error2
• name - OIDs
• values - values are null for get and get next

49
SNMP PDU (2)

• SNMP Trap PDUs have the following format
• enterprise - identifies the type of object
  causing the trap
• agent address - IP address of agent which sent
  the trap
• generic trap id - the common standard traps
• specific trap id - proprietary or enterprise trap
  
• time stamp - when trap occurred in time ticks
• list of OIDs and values - OIDs that may be
  relevant to send to the NMS

50
SNMP and Data Representation

• SNMP must account for and adjust to
  incompatibilities between managed devices.
• Different computers use different
  data-representation techniques, which can
  compromise the ability of SNMP to exchange
  information between managed devices.
• SNMP uses a subset of Abstract Syntax Notation
  One (ASN.1) to allow communication between
  diverse systems.

51
SNMPv1 and SMI

• SNMP use SMI to define naming, structure,and
  encoding management information (I.e. ASN.1.)
• RFC 1155 - Structure and Identification of
  Management Information for TCP/IP-based Internet
• RFC 2578 - Structure of Management Information
  Version 2 (SMIv2)
• Three tasks
• name (or identify)
• create (or construct)
• transfer manageable object (or MIBs)

52
SNMPv1 and SMI (2)

• SNMPv1 SMI specifies the use of a number of
  SMI-specific data types, which are divided into
  two categories
• simple data types
• Integers, Octet strings and Object IDs
• application-wide data types
• 7 types

53
SNMPv1 and SMI (3)

• Simple Data Type three simple data types
  defined in the SNMPv1 SMI, all of which are
  unique values
• Integers These values are signed integers in
  the range of -2,147,483,648 to 2,147,483,647.
• Octet strings These strings are an ordered
  sequence of zero to 65,535 octets.
• Object IDs These values are from the set of all
  object identifiers allocated according to the
  rules specified in ASN.1.

54
SNMPv1 and SMI (4)

• 7 application-wide data types in the SNMPv1 SMI
• Network addresses
• Counters
• Gauges
• Time ticks
• Opaque
• Integers
• Unsigned integers

55
Data Type in SNMPv1 SMI (I)

• Network addresses
• A Network addresses represent an address from a
  particular protocol family. SNMPv1 supports only
  32-bit IP addresses.
• Counters
• Counters are nonnegative integers that increase
  until they reach a maximum value, and then return
  to zero. In SNMPv1, a 32-bit counter size is
  specified.
• Gauges
• Gauges are nonnegative integers that can increase
  or decrease, but retain the maximum value
  reached.
• Time ticks
• A time tick represents a hundredth of a second
  since some event.

56
Data Type in SNMPv1 SMI (II)

• Opaque
• represents an arbitrary encoding that is used to
  pass arbitrary information strings that do not
  conform to the strict data typing used by the
  SMI.
• Integer
• represents signed integer-valued information.
  This data type redefines the integer data type,
  which has arbitrary precision in ASN.1 but
  bounded precision in the SMI.
• Unsigned integer
• represents unsigned integer-valued information.
  It is useful when values are always nonnegative.
  This data type redefines the integer data type,
  which has arbitrary precision in ASN.1, but
  bounded precision in the SMI.

57
SNMP MIB Tables

• defines the data type (or grammar) of the object
  (e.g. integer or string)
• It is the syntax of SMI
• The SNMPv1 SMI defines highly structured tables
  that are used to group the instances of a tabular
  object (that is, an object that contains multiple
  variables).
• Tables are composed of zero or more rows, which
  are indexed in a way that allows SNMP to retrieve
  or alter an entire row with a single Get,
  GetNext, or Set command.

58
SMI encoding

• describes how information associated with a
  managed object is formatted as a series of data
  items for transmission over the network.
• encoding schemes used for SNMP
• BER

59
SNMP Version 2

• An evolution of the initial version of SNMPv1.
• SNMPv2 functions within the specifications of the
  Structure of Management Information (SMI).
• In theory, SNMPv2 offers a number of improvements
  to SNMPv1, including additional protocol
  operations.
• SNMPv2 never become a standard because vendors
  could not agree on security
• Different version of SNMPv2 are in use
• SNMPv2c lt most popular
• SNMPv2u
• SNMP2

60
SNMPv2 and SMI

• SMI defines the rules for describing management
  information, using ASN.1.
• Bit strings
• Bit strings are defined only in SNMPv2. They
  comprise zero or more named bits that specify a
  value.
• Network addresses
• represent an address from a particular protocol
  family. SNMPv1 supports only 32-bit IP addresses.
  SNMPv2 can support other types of addresses as
  well.
• Counters
• nonnegative integers that increase until they
  reach a maximum value, and then return to zero.
  In SNMPv1, a 32-bit counter size is specified. In
  SNMPv2, 32-bit and 64-bit counters are defined.

61
SMI Information Models

• SNMPv2 SMI also specifies information modules.
  SMI information modules specify a group of
  related definitions.
• There are three types of SMI information modules
  
• MIB modules
• Compliance statements for MIB modules
• Capability statements for agents

62
SMI Information Models (II)

• MIB modules
• contain definitions of interrelated managed
  objects.
• Compliance statements for MIB modules
• provide a systematic way to describe a group of
  managed objects that must be implemented for
  conformance to a standard.
• Capability statements for agents
• indicate the precise level of support that an
  agent claims with respect to a MIB group. An NMS
  can adjust its behavior toward agents according
  to the capabilities statements associated with
  each agent

63
SNMPv2 Protocol Operation

• The Get, GetNext, and Set operations used in
  SNMPv1 are exactly the same as those used in
  SNMPv2.
• SNMPv2 Trap operation serves the same function as
  that used in SNMPv1. However, it uses a different
  message format and is designed to replace the
  SNMPv1 Trap.

64
New Protocol Operations in SNMPv2

• GetBulk
• This operation is used by the NMS to efficiently
  retrieve large blocks of data, such as multiple
  rows in a table. GetBulk fills a response message
  with as much of the requested data as will fit.
• Inform
• This operation allows one NMS to send Trap
  information to another NMS and receive a
  response.

65
SNMPv3

• SNMPv1 and SNMPv2c do not have any security (that
  is, authentication or privacy) mechanisms to keep
  SNMP packet traffic on the wire confidential. As
  a result, packets on the wire can be detected and
  SNMP community strings compromised.
• Development of SNMPv3 began in late 1997, first
  draft was completed in 1998
• Important features of SNMPv3
• Address the need for security
• Inexpensive to deploy a minimal conforming
  implementation
• new architecture to extend the useful life of SNMP

66
SNMPv3 (II)

• The following security features are provided in
  SNMPv3
•   Message integrity
• Ensures that nothing has interfered with a packet
  during transmission.
•   Authentication
• Determines that the message is from a valid
  source.
•   Encryption
• Scrambles the contents of a packet to prevent it
  from being seen by an unauthorized source.

67
SNMPv3 (III)

• The SNMPv3 agent can be used in the following
  modes
• noAuthNoPriv mode
• no security mechanisms turned on for packets,
  same as SNMPv1 and SNMPv2c
• AuthNoPriv mode
• for packets that do not need to be encrypted
  using the privacy algorithm DES 56
• AuthPriv mode
• for packets that must be encrypted privacy
  requires that authentication be performed on the
  packet

68
Quiz

• What is the main difference between SNMP v3 and
  the previous SNMP versions?
• ans in notes pages

69
Summary

• Components of network management NMS, agent,
  devices
• SNMP features, versions and basic command
• Network Management application using SNMP
• MIB MIB-1, MIB-II
• SNMPv1, SNMPv2, SNMPv3

70
Summary (2)

• NMS sends Get, GetNext and Set messages
• to retrieve single or multiple object variables
• to establish the value of a single variable
• managed agent sends
• a Response message to complete the Get, GetNext
  or Set command
• managed agent sends
• an event notification, called a trap to the NMS
  to identify the occurrence of conditions