Transcript Fundamentals of SNMP - IST Department at RIT
Fundamentals of SNMP
1
Simple Network Management Protocol
Three Essentials Structure for Management Information (SMI) Set of rules for specifying management information Management Information Base Structured collection of all the managed objects and data The protocol 2
Structure for Management Information
How to define management Information?
What is the architecture to be used?
How to define an object?
Specify a language to define an object 3
Object Type and Object
What is an Object Type?
Abstract definition for a managed object What is a managed object?
An entity in a managed system (node), about which we want information, to manage the node E.g. system up time, packets sent, packets received, number of interfaces 4
Structuring managed objects
SMI specifies a hierarchical tree structure for naming and managing objects iso(1) org(3) dod(6) internet(1) directory(1) mgmt(2) experimental(1) private(4) 5
Contd..
dod object is identified as {iso org(3) dod(6)} or simply {1.3.6} mgmt object is identified as {iso org(3) dod(6) internet (1) mgmt (2) } or simply {1.3.6.1.2} {1.3.6}, {1.3.6.1.2} are authoritative identification for the two objects. They also specify how to access the object 6
Mgmt sub tree
mgmt(2) mib-2(1) system(1) interfaces(2) at(3) ip(4) icmp(5) tcp(6) udp(7) egp(8) transmission(10) snmp(11) sysDescr(1) sysObjectID(2) sysUpTime(3) sysContact(4) sysName(5) sysLocation(6) sysServices(7) SysDescr is {1.3.6.1.2.1.1.1} SysName is {1.3.6.1.2.1.1.5} 7
Contd..
sysDescr and sysName are managed objects There could be more than one instance of a managed object Instances of object type V V1 V2 V3 V4 C1 C2 C3 C4 Instances of object type C Managed Node 8
Object Definitions
Specify the name, its properties, how to identify it etc. Example (Name of the Object) OBJECT-TYPE Property 1 Property 2 ..............
::= OBJECT IDENTIFIER 9
Contd..
OBJECT IDENTIFIER Machine recognizable Name of the Object Human readable 10
Contd..example
SnmpInPackets OBJECT-TYPE SYNTAX MAX_ACCESS Counter32 read-only STATUS DESCRIPTION current “the total number of packets received by the SNMP entity from the transport service” REFERENCE “from the RFC1213 MIB.snmpInPkts” ::= {snmp 1} 11
Contd..
Instead of {snmp 1} – could have been {1.3.6.1.2.1.11.1} Interpretation SnmpInPkts is an object delimitation for an object that requires a counter of 32 bits to store, is currently active and is used to identify the number of packets received by the SNMP entity from the transport service and reference to this can be found in “RFC1213-MIB.snmpInPkts” 12
Contd.
is o 1- iso, 0- itu-t, 2- joint-iso-itu-t org 3-org dod 6-dod internet 1-internet directory mgm t 2 1 mib-2(1) 1 s y s tem interfaces 1 at ip icmp tcp udp egp trans mis s ion s nmp 11 1 SnmpIn Pkts 13
Contd..
SYNTAX, MAX ACCESS etc are properties of the object 14
Object type and instances
Objects can be scalar or tabular Scalar objects One instance for that object E.g. SnmpInPkts To access the object instance use 1.3.6.1.2.1.11.1.0
15
Aggregate Objects
Tabular or aggregate objects ipAddrTable SYNTAX ACCESS OBJECT-TYPE SEQUENCE OF IpAddrEntry not-accessible STATUS DESCRIPTION mandatory “the table of addressing information relevant to this entity’s IP addresses” ::= {ip 20} 16
Contd..
ipAddrTable is made up of a sequence of IpAddrEntry objects (rows of the table) ipAddrEntry OBJECT-TYPE SYNTAX IpAddrEntry ACCESS not-accessible DESCRIPTION …..
INDEX {ipAdEntAddr} ::={IpAddrTable 1} 17
Contd..
IpAddrEntry :: = SEQUENCE { ipAdEntrAddr IpAddress ipAdEntIfIndex ipAdEntNetMASK INTEGER IpAddress ipAdEntBCastAddr ipAdEntReasmMaxSize INTEGER INTEGER (0..65535) } 18
4 3 1 2
Object instances of ipAddrTable
Row ipAdEntAddr ioAdEntIfIndex ipAdEntBcastAddr 123.45.2.1
123.45.3.4
1 3 255.255.0.0
255.255.0.0
165.8.9.25
2 255.255.0.0
9.96.8.138
4 255.0.0.0
19
Accessing instances of the table objects
Columnar object Row no Object id ipAdEntAddr 1.3.6.1.21.4.20.1.1
IpAdEntIfIndex 1.3.6.1.2.1.4.20.1.2
2 3 {1.3.6.1.2.1.4.20.1.1.3} {1.3.6.1.2.1.4.20.1.2. 2} IpAdEntBcastAddr 1.3.6.1.2.1.4.20.1.4
1 {1.3.6.1.2.1.4.20.1.4. 1} IpAdEntReasmMaxSize 4 1.3.6.1.2.1.4.20.1.5
ipAdEntAddr is index {1.3.6.1.2.1.4.20.1.5. 4} 20
MIBS
MIB modules define a collection of related managed objects A large module has groups MIB II has the following groups System, interfaces, ip, tcp, snmp, udp etc.
21
SNMP – the protocols
Request Operations Get, getnext, getbulk, set Request id – helps manager application to distinguish between outstanding requests Get, getnext, getbulk – collets values Set – sets the specified value for the object Variable-bindings – list of variables, containing a name and value MIB view 22
Contd..
Response Returned by the Agent Request id repeated Error status - non-zero indicates error occurrence – ignore the information in the variable bindings field Error index - index tells which variable is in error 23
Get Operation – general example
Agent Process Manager Process GetRequest(sysDescr.0) GetResponse(sysDescr.0 =”SunOs) GetRequest(sysObjectID.0) GetResponse(sysObjectID.0 =enterprises.11.2.3.10.1.2) GetRequest(sysUpTime.0) GetResponse(sysUpTime.0 = 2247349530) 24
Getnext
Manager Process GetRequest(sysDescr.0) GetResponse(sysDescr.0 =”SunOs) Agent Process GetNextRequest(sysDescr.0) GetResponse(sysObjectID.0 =enterprises.11.2.3.10.1.2) GetNextRequest(sysObjectID.0) GetResponse(sysUpTime.0 = 2247349530) 25
Getnext contd..
Makes use of the ordering of the variable Returns name and value of next instance in MIB If no next instance – endOfMibView Try: getnext (ver) (host) 0.0
26
Getnext with indices
AtIfIndex
AtPhyAddress
23
0000000C3920B4
AtNetAddress 192.168.3.1
13 16
0000000C3920AC 0000000C3920AF
172.16.46.1
172.16.49.1
27
Contd.. Indices retrieved automatically
Manager Process GetRequest(sysObjectID, atPhysAddress) Agent Process Response(sysUpTime.0=31513795, atPhyAddress.13.172.16.46.1=0000000C3920AC) GetRequest(sysObjectID, atPhysAddress.13.172.16.46.1) Response(sysUpTime.0=31513800, atPhyAddress.16.172.16.49.1=0000000C3920AF) GetRequest(sysObjectID, atPhysAddress.16.172.16.49.1) Response(sysUpTime.0=31513805, atPhyAddress.23.192.168.3.1=0000000C3920B4) GetRequest(sysObjectID, atPhysAddress. 23.192.168.3.1) Response(sysUpTime.0=31513810, ipForwarding.0=’1’) 28
getbulk
Executes getnext repeatedly E.g getbulk non-repeaters max-repetitions Getbulk (2, 3, A, B, C, D) On A and B getnext executed only once On C, D getnext executed 3 times 29
others
Set – agent will update the value of the variable and return a response Notification – unsolicited interaction from Agent – on detecting an abnormal condition Trap – similar to notification – expects no response from manager 30
Trap
Request id included Sent to UDP port 162 Includes Timestamp – indicating when the trap was generated Identity of the trap Some traps are generic Cold start, warm start, link down 31
Manager Application
A browser, which polls Agents to retrieve values Modest processing on values Display information to user Sophisticated Applications Interpret variables to system behavior 32
Agent features
Timestamps Counters Error codes Other capabilities 33
Timestamp
MA uses this information to determine when the agent observed something Agent knowledge of time is not absolute Agent may not know the time when the device is off MA and managed device times may not be synchronised TimeStamp is a snapshot of the TimeTick value TimeTick is in hundredths of a second 34
Time stamp example
Snmpget –v 2c localhost system.sysUpTime.0
Response system.sysUpTime.0 =Timeticks (5996352) 16:39:23.52
35
Counters
Can be used to calculate rates Observe difference between 2 consecutive measures Beware of wrap around More than once Restarting device may reset the counter to 0 36
Counters example
Snmpget –v 2c localhost system.sysUpTime.0 ip.ipInreceives.0
Response system.sysUpTime.0 = Timeticks: (6017853) 16:42:58.53 ip.ipInReceives.0 = 1637824 Repeat after some time IP datagram incoming rate = ip.ipInReceives.0 (2) - ip.ipInReceives.0 (1) Timeticks (2) – Timeticks (1) 37
Utilization
rx.utilisation=delta(ifInOctets)*8 *100 ifSpeed*delta (timeticks) tx.utilisation = delta(ifOutOctets)*8 * 100 ifSpeed*delta (timeticks) utilization of an Ethernet segment = tx.utilisation + rx.utilisation
38
Broadcast storms
Percentage of overall broadcast packet? High broadcast packet rate?
receive b/m pkt rate = delta(ifInNUcastPkts) delta (seconds) transmit b/m pkt rate = delta(ifOutNUcastPkts) delta (seconds) 39
Agent Capabilities
MA uses this to customize its interaction with an agent Agent implementing a MIB group should implement all objects in the MIB Not all objects are present – instrumentation limitations MAX-ACCESS – can be read-write, but underlying instrumentation may allow only read and no control 40
Contd..
SYNTAX – range of values that an object may take – only a subset may be possible Table access Agent should permit adding new rows MA should know Agent capabilities to customize its interaction 41
Authentication
Managed Station may wish to limit access of their MIBs to authorized Management Stations Community name is the password for authentication – in snmpv1 42
Community
Defines a relationship between an SNMP agent and a set of SNMP managers in terms of authentication, access control and proxy characteristics Managed System establishes one community for each desired combination the community is a unique name within the agent, and management station pair Management Station and agents in that community must employ the community name in all get and set operations 43
Contd..
An agent may establish a number of communities Pairing of a Management Station and a Managed Station is called an SNMP community 44
Access Policy
Managed stations wish to give different access privileges t o different management stations By using a different community name – agent can provide different categories of access to different management stations 45
SNMP Access Policy
Network Elements comprise many managed objects Standard Private An Agent can view a subset – MIB view MIB view and Access provide the community profile 46
SNMP Agents Read Only Read Write SNMP Access Mode not-accessible Object 1 read-only Object 2 write-only Object 3 read-write MIB Access Object 4 SNMP MIB View 47
Agent1 Manager 1 (Community1) Community1 Community Profile 1 Community Profile 2 Agent2 Manager 3 (Community1, Community2) Agent3 Community2 Community Profile 3 Community Profile 4 Agent4 Manager 2 (Community2) 48
SNMP versions – version 1
Primitive types Defined types Derived types Constructive types 49
SNMP versions – Version 1
INTEGER 32 bit value in 2’s complement -2147483648 to 2147483647 can be used to represent enumerated types OCTET STRING zero or more octets Each octet has a value 0-255 Text string Ex: system description OBJECT IDENTFIER Sequence of integers NULL -placeholder 50
Derived types
Network Address Counter – 32 bit nonnegative integer wraps around on reaching max value Gauge - 32 bit non negative integer – may increase or decrease –capped Timeticks: time in hundredth’s of second – 32 bit non-negative integer Wraps around in 497 days 51
32 bit counter wrap around time Interface speed Wrap around time 10 Mbps 100 Mbps 155 Mbps 1 Gbps 57.26 min 5.73 min 3.69 min 0.57 min Gigabit interface polling < 0.57 min Use two 32 bit counters 52
Constructor types
SEQUENCE – list SEQUENCE OF – table 53
Key words
ACCESS BEGIN – macro definition DESCRIPTION Counter Gauge INTEGER 54
MIB groups
System Interfaces Address Translation IP ICMP TCP UDP EGP CMOT transmission SNMP 55
SNMP v1 operations
Get Getnext Set trap 56
Traps in SNMPv1
Six generic traps have been defined Encoded in the SNMP message field between 0-5 Other specific traps Generic Trap field in message is 6 Vendor specific – problems?
57
SNMPv2 – additions and changes
Bulk data transfer request and receive bulk data manager-to-manager message interoperability of two Network Management Systems Module definitions, Object definitions, trap definitions RFC1155, 1212, 1215, 1902, 1904 58
Contd..
Textual conventions To help define new data types Conformance statements Vendors claim to product capability Table enhancements Expand a table by augmenting another table – helps add columnar objects 59
Data Types in SNMPv2
Integer32 – same as INTEGER Counter32 – same as Counter Gauge32 – same as Gauge Unsigned32 – similar to Gauge32 Counter64 60
Contd.. Tables
RowPointer Row status – useful in changing rows active notInService notReady createAndGo createAndWait destroy 61
SMIv2
OBJECT-IDENTITY macro introduced Defines information about an OBJECT_IDENTIFIER Routers can be defined in general using OBJECT-IDENTITY A specific router is defined using an OBJECT_IDENTIFIER 62
Table Augmentation
Extending aggregate objects from single to multiple tables Helps expand managed objects when the columnar objects needs to be increased Base table and augmented table Index in base table is also the index in the augmented table 63
Contd..
ipAddrTable SYNTAX SEQUENCE OF IpAddrEntry MAX-ACCESS OBJECT-TYPE not-accessible STATUS current DESCRIPTION “.......” ::= {ip 20} 64
Contd.
ipAddrEntry SYNTAX OBJECT-TYPE IpAddrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION “.......” INDEX {ipAdEntAddr} ::= {ipAddrTable 1} 65
ipAugAddrTable SYNTAX OBJECT-TYPE SEQUENCE OF IpAugAddrEntry MAX-ACCESS ::= {ipAug 1} not-accessible STATUS current DESCRIPTION “.......” 66
ipAugAddrEntry SYNTAX OBJECT-TYPE IpAugAddrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION “.......” AUGMENT {ipAddrEntry} ::= {ipAugAddrTable 1} 67
Internet MIB Groups in SNMPv2 directory {1.3.6.1.1} mgmt {1.3.6.1.2} Internet {1.3.6.1} expmtal {1.3.6.1.3} private {1.3.6.1.4} security {1.3.6.1.5} snmpv2 {1.3.6.1.6} mib-2 (1) snmpdomains (1) snmpProxys (2) snmpMib (1) snmpModules (3) system (1) snmp (11) snmpMibObjects (1) snmpMibConformance (2) 68
Traps in SNMPv2
Traps are defined using NOTIFICATION-TYPE Generic traps of snmpv1 have an object id under snmpTraps (a new object in SMIv2) Each trap has a unique id 69
Others
Getbulk Get and getnext may recover only variables that are available SNMPv2 can be run over various other transport protocols IPX/SPX, Appletalk SNMPv1 and SNMPv2 can coexist Proxy server essential 70
SNMPv3
Addresses three issues Better administration Security Modular architecture – easy extendability SNMP Agent and Manager are considered as SNMP entity An SNMP entity consists of SNMP Engine SNMP applications 71
Modular architecture
SNMP entity SNMP engine SNMP engine Dispatcher Message Processing Subsystem Security Subsystem Access Control Subsystem Application(s) Command Gnr Command Rspn Notification Rx Notification Org Proxy forwarder Other 72
SNMP engine
Dispatcher Message Processing Subsystem Security Subsystem Access Control Subsystem 73
Dispatcher
Responsible for sending and receiving messages Determines version number and sends to appropriate message processing model Action taken if message can not be understood 74
Message Processing Subsystem
Message Processing Subsystem SNMPv3 MP Model SNMPv1 MP Model SNMPv2c MP Model Other MP Model Prepares messages to be sent Extracts data from received messages 75
Security
Decrypts the data portion Checks for proper authentication Forwards to proper SNMP application Security Model defines Security threats against which to protect Services provided Security protocols 76
Access Control Subsystem
Access Control Subsystem View-Based Access Control Model Others Others is called by Applications that need to access managed objects 77
Applications
Internal applications – generate messages, respond to received messages, generate/rx notifications, forward messages between SNMP entities Command Generator (SNMP mgr?) Command responder (SNMP agent?) Notification originator (SNMP agent?) Notification receiver (SNMP mgr?) Proxy forwarder 78