Transcript Chapter 6 SNMPv2 - Yen

SNMPv2
Yen-Cheng Chen
Department of Information Management
National Chi Nan University
Puli, Nantou, Taiwan
SNMPv1






SNMPv1 Protocol
 RFC 1157 – Simple Network Management Protocol
SMIv1 Data Definition Language
Full Standards:
 RFC 1155 - Structure of Management Information
 RFC 1212 - Concise MIB Definitions
Informational:
 RFC 1215 - A Convention for Defining Traps
SMIv1 MIB Modules
Full Standards:
 RFC 1213 - Management Information Base II
 RFC 1643 - Ethernet-Like Interface Types MIB
SNMPv2




SMIv2 Data Definition Language
Full Standards:
 RFC 2578 - Structure of Management Information
 RFC 2579 - Textual Conventions
 RFC 2580 - Conformance Statements
SMIv2 MIB Modules
Full Standards:
 RFC 2819 - Remote Network Monitoring MIB
 RFC 3411 - SNMP Framework MIB
 RFC 3412 - SNMPv3 MPD MIB
 RFC 3413 - SNMP Applications MIBs
 RFC 3414 - SNMPv3 USM MIB
 RFC 3415 - SNMP VACM MIB
 RFC 3418 - SNMP MIB
SNMPv3










SNMPv3 Protocol
Full Standards:
RFC 3411 - Architecture for SNMP Frameworks
RFC 3412 - Message Processing and Dispatching
RFC 3413 - SNMP Applications
RFC 3414 - User-based Security Model
RFC 3415 - View-based Access Control Model
RFC 3416 - Protocol Operations Version 2
RFC 3417 - Transport Mappings for SNMP
RFC 3418 - SNMP MIB
Major Changes









Bulk data transfer
Manager-to-manager message
Enhancements to SMI: SMIv2 (RFC 2578)
 Module definitions: MODULE-IDENTITY macro
 Object definitions: OBJECT-TYPE macro
 Trap definitions: NOTIFICATION-TYPE macro
Textual conventions (RFC 2579)
Conformance statements (RFC 2580)
Row creation and deletion in table
MIB enhancements
Transport mappings
Security Feature
Structure of Management
Information (SMI)
SMIv1, SMIv2

SMIv1:




SMI (RFC 1155)
Concise MIB (RFC 1212)
Trap-Type (RFC 1215)
SMIv2:



SMIv2 (RFC 2578)
Textual Conventions (RFC 2579)
Conformance Statements (RFC 2580)
Three Parts of SMIv2

Module definitions


Object definitions


MODULE-IDENTITY
OBJECT-TYPE
Notification difinitions

NOTIFICATION-TYPE
1. MODULE-IDENTITY
MODULE-IDENTITY Example
2. OBJECT-TYPE
OBJECT-TYPE MACRO ::=
BEGIN
TYPE NOTATION ::=
"SYNTAX" Syntax
UnitsPart
"MAX-ACCESS" Access
"STATUS" Status
"DESCRIPTION" Text
ReferPart
IndexPart
DefValPart
VALUE NOTATION ::=
value(VALUE ObjectName)
"SYNTAX" Syntax
Syntax ::=
-- Must be one of the following:
-- a base type (or its refinement),
-- a textual convention (or its refinement), or
-- a BITS pseudo-type
type
| "BITS" "{" NamedBits "}“
NamedBits ::= NamedBit
| NamedBits "," NamedBit
NamedBit ::= identifier "(" number ")“
-- number is nonnegative
(Example) SYNTAX BITS
protocolDirType OBJECT-TYPE
SYNTAX BITS {
extensible(0),
addressRecognitionCapable(1)
}
MAX-ACCESS read-only
STATUS
current
DESCRIPTION “…”
::= { protocolDirEntry 5 }
UnitsPart: UNITS
UnitsPart ::=
"UNITS" Text
| empty
hrDiskStorageCapacity OBJECT-TYPE
SYNTAX KBytes
UNITS
"KBytes"
MAX-ACCESS
read-only
STATUS
current
DESCRIPTION "The total size for this long-term storage
device. If the media is removable and is
currently removed, this value should be zero."
::= { hrDiskStorageEntry 4 }
Back to OBJECT-TYPE
"MAX-ACCESS" Access
Access ::=
"not-accessible"
| "accessible-for-notify"
| "read-only"
| "read-write"
| "read-create"
ordered from least to greatest:
"not-accessible":
indicates an auxiliary object
"accessible-for-notify": accessible only via a notification
"read-only":
read only
"read-write":
read and write, but create does not.
"read-create":
read, write and create
"STATUS" Status
Status ::=
"current"
| "deprecated"
| "obsolete"
“current”: the definition is current and valid.
“deprecated”: indicates an obsolete definition, it permits
new/continued implementation.
“obsolete”: the definition is obsolete and should not be
implemented.
ReferPart
ReferPart ::=
"REFERENCE" Text
| empty
ipForwardTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpForwardEntry
MAX-ACCESS not-accessible
STATUS obsolete
DESCRIPTION
"This entity's IP Routing table."
REFERENCE
"RFC 1213 Section 6.6, The IP Group“
::= { ipForward 2 }
3. NOTIFICATION-TYPE
NOTIFICATION-TYPE MACRO ::= BEGIN
TYPE NOTATION ::=
ObjectsPart
"STATUS" Status
"DESCRIPTION" Text
ReferPart
VALUE NOTATION ::=
value(VALUE NotificationName)
ObjectsPart ::= "OBJECTS" "{" Objects "}“ | empty
Objects ::= Object | Objects "," Object
Object ::= value(ObjectName)
Status ::= "current" | "deprecated" | "obsolete"
ReferPart ::= "REFERENCE" Text | empty
Text ::= value(IA5String)
END
NotificationName ::= OBJECT IDENTIFIER
NOTIFICATION-TYPE Example
Reference: SNMPv2-MIB (RFC 1907)
OBJECT ??
• OBJECT IDENTIFIER defines the
administrative
identification of a node in the MIB
• OBJECT-IDENTITY macro assigns an object
identifier to an object identifier in the MIB
• OBJECT-TYPE macro defines the type of a
managed object
OBJECT-IDENTITY / OBJECT-TYPE
• OBJECT-IDENTITY is high level description
• OBJECT-TYPE details description needed for implementation
isiRouter OBJECT-IDENTITY
STATUS
current
DESCRIPTION
"An 8-slot IP router in the IP router
family."
REFERENCE "ISI Memorandum No. ISI-R123 dated
January. 20, 1997"
::= {private.enterprises.isi 1}
(a) Example of OBJECT-IDENTITY Macro
OBJECT-TYPE
routerIsi123
OBJECT-TYPE
SYNTAX
DisplayString
MAX-ACCESS read-only
STATUS
current
DESCRIPTION
"An 8-slot IP router that can
switch up to 100 million packets
per second."
::= {isiRouter 1}
(b) Example of OBJECT-IDENTITY Macro
Figure 6.10
Table Expansion
• Augmentation of a table (dependent table)
adds additional columns to an existing table
(base table)
• Dense table enables addition of more rows to
base table
• Sparse table supplements less rows to a base table
Augmentation of Tables
Table 1
Table 2
table1
(T1)
table 2
(T2)
table1Entry
(E1)
table2Entry
(E2)
T1.E1.C1.1
T1.E1.C2.1
T1.E1.C3.1
T2.E2.C4.1
T2.E2.C5.1
T1.E1.C1.2
T1.E1.C2.2
T1.E1.C3.2
T2.E2.C4.2
T2.E2.C5.2
T1.E1.C1.3
T1.E1.C2.3
T1.E1.C3.3
T2.E2.C4.3
T2.E2.C5.3
T1.E1.C1.4
T1.E1.C2.4
T.E1.C3.4
T2.E2.C4.4
T2.E2.C5.4
INDEX
{ipAdEntAddr}
;;= {ipAddrTable 1}
ipAugAddrTable
SYNTAX
MAX-ACCESS
STATUS
DESCRIPTION
OBJECT-TYPE
SEQUENCE OF IpAugAddrEntry
not-accessible
current
"The augmented table to IP
address table defining board and
port numbers"
::= {ipAug 1}
ipAugAddrEntry
OBJECT-TYPE
SYNTAX
IpAugAddrEntry
MAX-ACCESS not-accessible
STATUS
current
DESCRIPTION "The addressing information …"
AUGMENTS
{ipAddrEntry}
::= {ipAugAddrTable 1}
Figure 6.13 Example of Augmentation of Tables
Appending a Spare Table
hrDeviceTable OBJECT-TYPE
SYNTAX SEQUENCE OF HrDeviceEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The (conceptual) table of devices…"
::= { hrDevice 2 }
hrDiskStorageTable OBJECT-TYPE
SYNTAX SEQUENCE OF HrDiskStorageEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The (conceptual) table of long-term
storage devices contained by the host..."
::= { hrDevice 6 }
hrDeviceEntry OBJECT-TYPE
SYNTAX HrDeviceEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A (conceptual) entry for one device
contained by the host. …"
INDEX { hrDeviceIndex }
::= { hrDeviceTable 1 }
hrDiskStorageEntry OBJECT-TYPE
SYNTAX HrDiskStorageEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A (conceptual) entry for one long-term
storage devices contained by the host..."
INDEX { hrDeviceIndex }
::= { hrDiskStorageTable 1 }
Textual Convention
• Enables defining new data types
• Makes semantics of data types consistent and
human readable
• Creates new data types using existing ones
and applies restrictions to them
• An important textual convention in SNMPv2,
RowStatus creates and deletes rows
• SNMPV1:
DisplayString ::= OCTET STRING
-- This data type is used to model textual information taken
-- from the NVT ASCII character set. By convention, objects
-- with this syntax are declared as having
-- SIZE (0..255)
• SNMPv2:
Also see Page 251
DisplayString ::= TEXTUAL-CONVENTION
DISPLAY-HINT
"255a"
STATUS
current
DESCRIPTION
"Represents textual
information taken from the NVT
ASCII character set, as defined in
pages 4, 10-11 of RFC 854. …."
SYNTAX
OCTET STRING (SIZE (0..255) )
InterfaceIndex ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d"
STATUS
current
DESCRIPTION
"A unique value, greater than zero, for each interface or
interface sub-layer in the managed system. It is
recommended that values are assigned contiguously starting
from 1. The value for each interface sub-layer must remain
constant at least from one re-initialization of the entity's
network management system to the next re-initialization."
SYNTAX
Integer32 (1..2147483647)
Creation of Row: RowStatus
Table 6.4 RowStatus Textual Convention
State
EnumerDescription
ation
active
1
Row exists and is operational
notInService
2
Operation on the row is suspended
notReady
3
Row does not have all the columnar objects
needed
createAndGo
4
This is a one-step process of creation of a
row; immediately goes into active state
createAndWait
5
Row is under creation and should not be
commissioned into service
destroy
6
Same as Invalid in EntryStatus. Row should
be deleted
table1
entry1
status.1
index.1
data.1
status.2
index.2
data.2
status.3
index.3
data.3
Row to be created / deleted
Create-and-Go Row Creation
Manager
Process
Agent
Process
SetRequest (
status.3 = 4,
index.3 = 3,
data.3 = DefData )
Response (
status.3 = 1,
index.3 = 3,
data.3 = DefData )
Managed
Entity
Create Instance
Instance Created
Manager
Process
Create-and-Wait:
Row Creation
Agent
Process
Response (
status.3 = 3,
index.3 = 3 )
SetRequest (
status.3 = 5,
index.3 = 3 )
GetRequest (
data.3 )
Response (
data.3 = noSuchInstance)
SetRequest (
data.3 = DefData )
Response (
status.3 = 2
data.3 = DefData )
SetRequest (
status.3 = 1 )
Response (
status.3 = 1 )
Row Deletion
Manager
Process
Agent
Process
SetRequest (
status.3 = 6 )
Managed
Entity
Delete Instance
Instance Deleted
Response (
status.3 = 6 )
Figure 6.22 Row Deletion
SNMPv2 MIB
directory
(1)
mgmt
(2
Internet
{1 3 6 1}
experimental
(3)
private
(4)
snmpdomains
(1)
mib-2
(1)
system
(1)
security
(5)
snmpProxys
(2)
snmpv2
(6)
snmpModules
(3)
snmpMIB
(1)
snmp
(11)
snmpMIBObjects
(1)
snmpMIBConf ormance
(2)
Conformance Statements for
SMIv2 (RFC 2580)

I
E
MI
TCs
OIs
MIB MODULE






OTs
NTs
OGs
NGs
MCs





IMPORTS
EXPORTS
MODULE-IDENTITY
TEXTUAL-CONVENTION
OBJECT IDENTIFIER
Application Data Types
OBJECT-TYPE
NOTIFICATION-TYPE
OBJECT-GROUP
NOTIFICATION-GROUP
MODULE-COMPLIANCE
OI
MI
I
datatypes
types
data
OI
TC
TC
NG
OG
OG
E
NT
OT
OT
OT
OT
OT
OT
NT
OT
NG
NT
OG
OG
NG
NG
NT
MC
MC
NT
Four Macros in SNMPv2-CONF




OBJECT-GROUP macro
NOTIFICATION-GROUP macro
MODULE-COMPLIANCE macro
AGENT-CAPABILITIES macro
Conformance: OBJECT-GROUP
• Conformance defined by
• OBJECT-GROUP macro
• NOTIFICATION-GROUP macro
• OBJECT-GROUP
• Compiled during implementation, not at run time
• OBJECTS clause names each object
• Every object belongs to an OBJECT-GROUP
• Access defined by MAX-ACCESS, the maximum
access privilege for the object
OBJECT-GROUP
OBJECT-GROUP MACRO ::= BEGIN
TYPE NOTATION ::=
ObjectsPart
"STATUS" Status
"DESCRIPTION" Text
ReferPart
VALUE NOTATION ::=
value(VALUE OBJECT IDENTIFIER)
ObjectsPart ::= "OBJECTS" "{" Objects "}"
Objects ::= Object | Objects "," Object
Object ::= value(ObjectName)
Status ::= "current" | "deprecated" | "obsolete"
ReferPart ::= "REFERENCE" Text | empty
Text ::= value(IA5String)
END
OBJECT-GROUP Example
hrSWRunGroup OBJECT-GROUP
OBJECTS {
hrSWOSIndex, hrSWRunIndex, hrSWRunName,
hrSWRunID, hrSWRunPath, hrSWRunParameters,
hrSWRunType, hrSWRunStatus
}
STATUS current
DESCRIPTION
"The Host Resources Running Software Group."
::= { hrMIBGroups 4 }
Conformance: NOTIFICATION-GROUP
• NOTIFICATION-GROUP
• Contains trap entities defined in SMIv1
• NOTIFICATIONS clause identifies the
notifications in the group
• NOTIFICATIONS-GROUP macro compiled
during implementation, not at run time
NOTIFICATION-GROUP
NOTIFICATION-GROUP MACRO ::= BEGIN
TYPE NOTATION ::=
NotificationsPart
"STATUS" Status
"DESCRIPTION" Text
ReferPart
VALUE NOTATION ::=
value(VALUE OBJECT IDENTIFIER)
NotificationsPart ::= "NOTIFICATIONS" "{" Notifications "}"
Notifications ::= Notification | Notifications "," Notification
Notification ::= value(NotificationName)
Status ::= "current" | "deprecated" | "obsolete"
ReferPart ::= "REFERENCE" Text | empty
Text ::= value(IA5String)
END
NOTIFICATION-GROUP Example
linkUpDownNotificationsGroup NOTIFICATION-GROUP
NOTIFICATIONS { linkUp, linkDown }
STATUS current
DESCRIPTION
"The notifications which indicate specific changes in the
value of ifOperStatus."
::= { ifGroups 14 }
Compliance
• Compliance has two classes of groups
• MANDATORY-GROUPS ... Required
• GROUP
…Optional
MODULE-COMPLIANCE
MODULE-COMPLIANCE MACRO ::= BEGIN
TYPE NOTATION ::=
"STATUS" Status
"DESCRIPTION" Text
ReferPart
ModulePart
VALUE NOTATION ::=
value(VALUE OBJECT IDENTIFIER)
ModulePart
ModulePart ::= Modules
Modules ::= Module | Modules Module
Module ::=
"MODULE" ModuleName
MandatoryPart
CompliancePart
ModuleName ::= identifier ModuleIdentifier | empty
ModuleIdentifier ::= value(OBJECT IDENTIFIER) | empty
MandatoryPart ::= "MANDATORY-GROUPS" "{" Groups "}“ | empty
Groups ::= Group | Groups "," Group
Group ::= value(OBJECT IDENTIFIER)
CompliancePart (1/2)
CompliancePart ::= Compliances | empty
Compliances ::= Compliance | Compliances Compliance
Compliance ::= ComplianceGroup | Object
ComplianceGroup ::=
"GROUP" value(OBJECT IDENTIFIER)
"DESCRIPTION" Text
Object ::=
"OBJECT" value(ObjectName)
SyntaxPart
WriteSyntaxPart
AccessPart
"DESCRIPTION" Text
CompliancePart (2/2)
SyntaxPart ::= "SYNTAX" Syntax | empty
-- must be a refinement for object's SYNTAX clause
WriteSyntaxPart ::= "WRITE-SYNTAX" Syntax | empty
Syntax ::= type | "BITS" "{" NamedBits "}"
NamedBits ::= NamedBit | NamedBits "," NamedBit
NamedBit ::= identifier "(" number ")"
AccessPart ::= "MIN-ACCESS" Access | empty
Access ::=
"not-accessible" | "accessible-for-notify"
| "read-only" | "read-write" | "read-create"
MODULE-COMPLIANCE Example
hrMIBCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The requirements for conformance to the Host Resources MIB."
MODULE -- this module
MANDATORY-GROUPS { hrSystemGroup, hrStorageGroup, hrDeviceGroup }
OBJECT hrSystemDate
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.“
GROUP hrSWRunGroup
DESCRIPTION
"The Running Software Group. Implementation of this group is mandatory
only when the hrSWRunPerfGroup is implemented."
…
::= { hrMIBCompliances 1 }
OBJECT
ifAdminStatus
SYNTAX
INTEGER { up(1), down(2) }
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required, nor is support for the value
testing(3)."
OBJECT-GROUP
systemGroup
OBJECTS
OBJECT-GROUP
{sysDescr, sysObjectID, sysUpTime, sysContact, sysName,
sysLocation, sysServices, sysORLastChange, sysORID,
sysORUptime, sysORDesc}
STATUS
current
DESCRIPTION
"The system group defines objects which are common
to all managed systems."
::= {snmpMIBGroups 6}
Figure 6.25 Example of OBJECT-GROUP Macro
Agent Capabilities
• AGENT-CAPABILITIES macro
• SUPPORTS modules and includes groups
• VARIATION identifies additional features
AGENT-CAPABILITIES
routerIsi123 AGENT-CAPABILITIES
PRODUCT-RELEASE
"InfoTech Router isiRouter123 release 1.0"
STATUS
current
DESCRIPTION
"InfoTech High Speed Router"
SUPPORTS
snmpMIB
INCLUDES
{systemGroup, snmpGroup, snmpSetGroup,
snmpBasicNotificationsGroup }
VARIATION
coldStart
DESCRIPTION
"A coldStart trap is generated on all
reboots."
SUPPORTS
IF-MIB
INCLUDES
{ifGeneralGroup, ifPacketGroup}
SUPPORTS
IP MIB
INCLUDES
{ipGroup, icmpGroup}
SUPPORTS
TCP-MIB
INCLUDES
{tcpGroup}
SUPPORTS
UDP-MIB
INCLUDES
{udpGroup}
SUPPORTS
EGP-MIB
INCLUDES
{egpGroup}
::= { isiRouter 1 }
Figure 6.30 Example of AGENT-CAPABILITIES Macro
SNMPv2 Internet Group
Internet
{1 3 6 1}
SNMPv2
directory
(1)
mgmt
(2)
experimental
(3)
private
(4)
Figure 6.1 SNM Pv2 Inte rne t Group
security
(5)
snmpv2
(6)
SNMP Manager
SNMP
SNMP
PDU
Application
PDU
SNMP
SNMP
PDU
SNMP
UDP
UDP
UDP
IP
IP
IP
DLC
DLC
DLC
PHY
PHY
PHY
Physical Medium
Physical Medium
Figure 6.2 SNM Pv2 Ne tw ork M anage m e nt Archite cture
snmpV2-trap
response
set-request
SNMP Agent
Application
get-bulk-request
snmpV2-trap
response
set-request
get-bulk-request
get-next-request
get-request
SNMP Manager
Application
inform-request
snmpV2-trap
response
set-request
get-bulk-request
get-next-request
get-request
inform-request
SNMP Manager
Application
get-next-request
Application
PDU
SNMP Agent
get-request
SNMP Manager
SNMPv2 New Messages
• inform-request
• manager-to-manager message
• get-bulk-request
• transfer of large data
• SNMPv2-Trap
• transfer of notifications
• Report
• not used
SNMPv2 PDU
PDU
RequestID
Type
Error
Status
Error
Index
VarBind 1
name
VarBind 1
value
Figure 6.37 SNMPv2 PDU (All but Bulk)
...
V
SNMPv2 PDU
Table 6.11 Values for Types of PDU and Error-status Fields in
SNMPv2 PDU
Field
PDU
Error Status
Type
0
1
2
3
4
5
6
7
0
1
2
3
4
Value
Get-Request-PDU
GetNextRequest-PDU
Response-PDU
Set-Request- PDU
obsolete
GetBulkRequest-- PDU
InformRequest- PDU
SNMPv2 - Trap- PDU
noError
tooBig
noSuchName
badValue
readOnly
SNMPv2 Error
Error Status
3
4
Status
5
6
7
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Set-Request- PDU
obsolete
GetBulkRequest-- PDU
InformRequest- PDU
SNMPv2 - Trap- PDU
noError
tooBig
noSuchName
badValue
readOnly
genErr
noAccess
wrongType
wrongLength
wrongEncoding
wrongValue
noCreation
inconsistentValue
resourceUnavailable
commitFailed
undoFailed
authorizationError
notWritable
inconsistentName
SNMPv2 GetBulkRequest PDU
PDU
NonRequestID
Type
Repeaters
Max
Repetitions
VarBind 1
name
VarBind 1
value
...
Figure 6.38SNMPv2 GetBulkReque st PDU
• Error status field replaced by Non-repeaters
• Error index field replaced by Max repetitions
• No one-to-one relationship between request and response
A
B
T
Z
E
Get-Bulk-Request:
1.1
2.1
3.1
1.2
2.2
3.2
1.3
2.3
3.3
1.4
2.4
3.4
Figure 6.39 M IB for Ope ration Se que nce s in Figure s 6.40 and 6.41
A
B
Manager
Process
T
GetRequest ( A,B )
GetResponse (A,B)
GetNextRequest (T.E.1.T.E.2,T.E.3)
GetResponse (T.E.1.1,T.E.2.1,T.E.3.1)
GetNextRequest (T.E.1.1,T.E.2.1,T.E.3.1)
GetResponse (T.E.1.2,T.E.2.2,T.E.3.2)
GetNextRequest (T.E.1.2,T.E.2.2,T.E.3.2)
GetResponse (T.E.1.3,T.E.2.3,T.E.3.3)
GetNextRequest (T.E.1.3,T.E.2.3,T.E.3.3)
GetResponse (T.E.1.4,T.E.2.4,T.E.3.4)
GetNextRequest (T.E.1.4,T.E.2.4,T.E.3.4)
GetResponse (T.E.2.1,T.E.3.1,Z)
Agent
Process
E
T.E.1.1
T.E.2.1
T.E.3.1
T.E.1.2
T.E.2.2
T.E.3.2
T.E.1.3
T.E.2.3
T.E.3.3
T.E.1.4
T.E.2.4
T.E.3.4
Z
A
Get-Bulk-Request Operation
B
GetBulkRequest ( 2,3,
A,B,T.E.1, T.E.2, T.E.3 )
Agent
Process
Response ( A, B,
T.E.1.1, T.E.2.1, T.E.3.1
T.E.1.2, T.E.2.2, T.E.3.2
T.E.1.3, T.E.2.3, T.E.3.3 )
T
E
GetBulkRequest ( 0,3,
T.E.1.3, T.E.2.3, T.E.3.3 )
T.E.1.1
T.E.2.1
T.E.3.1
T.E.1.2
T.E.2.2
T.E.3.2
T.E.1.3
T.E.2.3
T.E.3.3
T.E.1.4
T.E.2.4
T.E.3.4
Response ( T.E.1.4, T.E.2.4, T.E.3.4, Z , " endOfMib View")
Z
Manager
Process
Agent
Process
GetBulkRequest ( 1,3,
sy sUpTime,
atPhy sAddress )
Response( (sy sUpTime.0 = "315131795"),
(atPhy sAddress.13.172.46.46.1 = "0000000C3920AC")
(atPhy sAddress.16.172.46.49.1 = "0000000C3920AF")
(atPhy sAddress.23.172.17.3.1 = "0000000C3920B4") )
GetBulkRequest ( 1,3,
sy sUpTime,
atPhy sAddress.23.192.168.3.1 )
Response( (sy sUpTime.0 = "315131800"),
(ipForwarding.0 = "1") )
The response is fragmented to five IP datagrams.
2
1
3
1
2
snmpbulkget (net-snmp)
Non-repeaters
Max repetitions
snmpbulkget -v 2c -c public -Cn1 -Cr5 163.22.32.77 sysUpTime ifDescr
ifType ifSpeed
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (216992003) 25 days, 2:45:20.03
IF-MIB::ifDescr.1 = STRING: Software Loopback Interface 1
IF-MIB::ifType.1 = INTEGER: softwareLoopback(24)
IF-MIB::ifSpeed.1 = Gauge32: 1073741824
IF-MIB::ifDescr.2 = STRING: WAN Miniport (SSTP)
IF-MIB::ifType.2 = INTEGER: tunnel(131)
IF-MIB::ifSpeed.2 = Gauge32: 1073741824
IF-MIB::ifDescr.3 = STRING: WAN Miniport (L2TP)
IF-MIB::ifType.3 = INTEGER: tunnel(131)
IF-MIB::ifSpeed.3 = Gauge32: 1073741824
IF-MIB::ifDescr.4 = STRING: WAN Miniport (PPTP)
IF-MIB::ifType.4 = INTEGER: tunnel(131)
IF-MIB::ifSpeed.4 = Gauge32: 1073741824
IF-MIB::ifDescr.5 = STRING: WAN Miniport (PPPOE)
IF-MIB::ifType.5 = INTEGER: ppp(23)
IF-MIB::ifSpeed.5 = Gauge32: 1073741824
snmpgetbulk.java
http://www.im.ncnu.edu.tw/ycchen/nm/snmpgetbulk.java
java snmpgetbulk [-m MIB_files] [-c community]
[-nr non-repeaters] [-mr max-repetitions]
host OID [OID] ...
Example:
java snmpgetbulk -m RFC1213-MIB -c comm123
-nr 2 -mr 20 10.10.20.73 sysDescr sysUpTime ifIndex
ifDescr ifType
C:\snmp>java snmpgetbulk -m RFC1213-MIB -c public -nr 2 -mr 9 10.10.32.84
sysDescr sysUpTime ifIndex ifDescr ifType > 84bulk.txt
84bulk.txt:
sysDescr.0:-->DES-3526 Fast-Ethernet Switch
sysUpTime.0:-->15 days, 18 hours, 57 minutes, 11 seconds.
Repeaters:
ifIndex.1:-->1
ifIndex.2:-->2
ifIndex.3:-->3
ifIndex.4:-->4
ifIndex.5:-->5
ifIndex.6:-->6
ifIndex.7:-->7
ifIndex.8:-->8
ifIndex.9:-->9
ifDescr.1:-->RMON Port
ifDescr.2:-->RMON Port
ifDescr.3:-->RMON Port
ifDescr.4:-->RMON Port
ifDescr.5:-->RMON Port
ifDescr.6:-->RMON Port
ifDescr.7:-->RMON Port
ifDescr.8:-->RMON Port
ifDescr.9:-->RMON Port
1 on Unit 1
2 on Unit 1
3 on Unit 1
4 on Unit 1
5 on Unit 1
6 on Unit 1
7 on Unit 1
8 on Unit 1
9 on Unit 1
ifType.1:-->ethernet-csmacd(6)
ifType.2:-->ethernet-csmacd(6)
ifType.3:-->ethernet-csmacd(6)
ifType.4:-->ethernet-csmacd(6)
ifType.5:-->ethernet-csmacd(6)
ifType.6:-->ethernet-csmacd(6)
ifType.7:-->ethernet-csmacd(6)
ifType.8:-->ethernet-csmacd(6)
ifType.9:-->ethernet-csmacd(6)
C:\snmp>java snmpgetbulk -m RFC1213-MIB -c public -nr 2 -mr 9 10.10.34.169
sysDescr sysUpTime ifIndex ifDescr ifType > 169bulk.txt
169bulk.txt:
sysDescr.0:-->Hardware: x86 Family 15 Model 3 Stepping 4 AT/AT COMPATIBLE…
sysUpTime.0:-->12 days, 8 hours, 12 minutes, 10 seconds.
Repeaters:
fIndex.1:-->1
ifDescr.1:-->Loopback interface
ifType.1:-->softwareLoopback(24)
ifIndex.2:-->2
ifDescr.2:-->Intel(R) PRO/100
ifType.2:-->ethernet-csmacd(6)
ifDescr.1:-->Loopback interface
ifType.1:-->softwareLoopback(24)
ifMtu.1:-->1520
ifDescr.2:-->Intel(R) PRO/100
ifType.2:-->ethernet-csmacd(6)
ifMtu.2:-->1500
ifType.1:-->softwareLoopback(24) ifMtu.1:-->1520
ifSpeed.1:-->10000000
ifType.2:-->ethernet-csmacd(6)
ifMtu.2:-->1500
ifSpeed.2:-->100000000
ifMtu.1:-->1520
ifSpeed.1:-->10000000
ifPhysAddress.1:-->
ifMtu.2:-->1500
ifSpeed.2:-->100000000
ifPhysAddress.2:-->00 11 2f c9 b1 9f
ifSpeed.1:-->10000000
ifPhysAddress.1:-->
ifAdminStatus.1:-->up(1)
snmpgetbulk.java
SnmpTarget target = new SnmpTarget();
target.setLoadFromCompiledMibs(true);
target.setSnmpVersion( SnmpTarget.VERSION2C ) ;
target.setTargetHost( "10.10.20.73");
target.setCommunity( "public" );
target.setNonRepeaters(2);
int nonRepeaters = 2;
target.setMaxRepetitions(20);
target.loadMibs("RFC1213-MIB");
String oids[] = {"sysDescr","sysUpTime","ifIndex", "ifType", "ifSpeed"};
SnmpVarBind result[][] = target.snmpGetBulkVariableBindings();
for (int i=0;i<nonRepeaters;i++)
System.out.println(target.getMibOperations().toString(result[i][0]));
StringBuffer sb = new StringBuffer("\nRepeaters:\n");
for (int j=0;j<result[0].length;j++) {
for (int i=nonRepeaters;i<oids.length;i++)
sb.append(target.getMibOperations().toString(result[i][j])+" \t ")
sb.append("\n");
}
System.out.println(sb.toString());
Issues in Bulk Data Transfer

Latency


Network overhead


End-to-end delay caused by a number of
request/response message exchanges
Amount of non-data octets carried in each PDU
Table retrieval problems



holes in tables
table consistency
GetBulk overshoot
Improvements









SNMP over TCP
OID compression
Other encoding methods
Mobile agent
GetCols
GetBulkBumper
GetSubtree
GetPrev
GetModify
SNMPv2 Trap
PDU
Type
RequestID
Error
Status
Error
Index
VarBind 1
sysUpTime
VarBind 1
value
VarBind 2
snmpTrapOID
VarBind 2
value
Figure 6.43 SNM Pv2 Trap PDU
• Addition of NOTIFICATION-TYPE macro
• OBJECTS clause, if present, defines order of variable
bindings
• Positions 1 and 2 in VarBindList are sysUpTime and
snmpTrapOID
..
.
NOTIFICATION-TYPE
linkUp NOTIFICATION-TYPE
OBJECTS
{ ifIndex }
STATUS
current
DESCRIPTION
"A linkUp trap signifies that the SNSMPv2 entity,
acting in an agent role, recognizes that one of the
communication links represented in its configuration
has come up."
Figure 6.44 Example of OBJECTS Clause in NOTIFICATION-TYPE
NOTIFICATION-TYPE
Inform-Request
PDU
Type
RequestID
Error
Status
Error
Index
VarBind 1
sysUpTime
VarBind 1
value
VarBind 2
snmpTrapOID
VarBind 2
value
• Inform-Request behaves as trap in that the
message goes from one manager to another
unsolicited
• The receiving manager sends response to the
sending manager
..
.
Counter64
ObjectSyntax ::= CHOICE {
simple
SimpleSyntax,
application-wide ApplicationSyntax }
SimpleSyntax ::= CHOICE {
integer-value INTEGER (-2147483648..2147483647),
string-value
OCTET STRING (SIZE (0..65535)),
objectID-value OBJECT IDENTIFIER }
ApplicationSyntax ::= CHOICE {
ipAddress-value
IpAddress,
counter-value
Counter32,
timeticks-value
TimeTicks,
arbitrary-value
Opaque,
big-counter-value
Counter64,
unsigned-integer-value Unsigned32 }
Counter64 ::= [APPLICATION 6] IMPLICIT INTEGER
(0..18446744073709551615)
SNMPv2-MIB
- RFC 3418
Obsoletes1907
Yen-Cheng Chen
IM, NCNU
April, 2006
SNMPv2 SNMP MIB
snmp
(mib-2 11)
snmpInPkts(1)
snmpInBadVersions (3)
snmpInBadCommunityNames (4)
snmpInBadCommunityUses (5)
snmpProxyDrops (32)
snmpSilentDrops (31)
snmpEnableAuthenTraps (30)
snmpInASNParseErrors (6)
SNM P Group Obje cts
1,3,6,30,31,32
4,5
7,23
2,8-23, 24-29
snmpGroup
snmpCommunity Group
not used
snmpObsoleteGroup
snmpMIBObjects
(snmpMIB 1)
snmpTrap
(4)
snmpTrapOID
(1)
snmpTraps
(5)
snmpTrapEnterprise
(3)
coldStart (1)
snmpSet
(6)
snmpSetSerialNo
(1 )
authenticationFailure (5)
w armStart (2)
linkUp (4)
linkDow n (3)
Figure 6.34 M IB M odule s unde r s nm pM IBObje cts
system group { mib-2 1 }







sysDescr
sysObjectID
sysUpTime
sysContact
sysName
sysLocation
sysServices
Object Resources
- describe the SNMP entity's
support of various MIB modules.
 sysORLastChange

sysORTable
 sysOREntry




sysORIndex
sysORID
sysORDescr
sysORUpTime
sysORTable Example
snmp group { mib-2 11 }








snmpInPkts
snmpInBadVersions
snmpInBadCommunityNames
snmpInBadCommunityUses
snmpInASNParseErrs
snmpSilentDrops
snmpProxyDrops
snmpEnableAuthenTraps
{ snmp 1 }
{ snmp 3 }
{ snmp 4 }
{ snmp 5 }
{ snmp 6 }
{ snmp 31 }
{ snmp 32 }
{ snmp 30 }
enabled(1), disabled(2)

snmpSetSerialNo
- for atomic operations
{ snmpset 1 }
Object Types for SNMPv2 Traps
Notification Types
coldStart, warmStart
authenticationFailure
LinkDown, LinkUp (RFC 2233)