Transcript Chapter 5
Chapter 5
Chapter 5
SNMPv1:
Communication and Functional Models
Network Management: Principles and Practice
© Mani Subramanian 2000
5-1
Chapter 5
SNMP Architecture
SN M P M anager
SNMP
SNMP
UDP
UDP
IP
IP
DLC
DLC
PHY
PHY
T ra p
G e t-R e s p o n s e
G e tN e x t-R e q u e s t
G e t-R e q u e s t
SNMP Agent
A p p lic a tio n
T ra p
G e t-R e s p o n s e
S e t- R e q u e s t
G e tN e x t-R e q u e s t
G e t-R e q u e s t
SN M P M anager
A p p lic a tio n
S e t- R e q u e s t
M anagem ent
D a ta
SNMP Agent
P h y s ic a l M e d iu m
F ig u r e 4 .9 S N M P N e tw o r k M a n a g e m e n t A r c h ite c tu r e
Notes
• Truly simple network management protocol
• Five messages, three from manager and two from agent
Network Management: Principles and Practice
© Mani Subramanian 2000
5-2
Chapter 5
SNMP Messages
•
•
•
•
•
Get-Request
Get-Next-Request
Set-Request
Get-Response
Trap
• Generic trap
• Specific trap
• Time stamp
Notes
• Generic trap
• coldStart
• warmStart
• linkDown
• linkUp
• authenticationfailure
• egpNeighborLoss
• enterpriseSpecific
• Specific trap
• for special measurements such as statistics
• Time stamp: Time since last initialization
Network Management: Principles and Practice
© Mani Subramanian 2000
5-3
Chapter 5
Administrative Model
• Based on community profile and policy
• SNMP Entities:
• SNMP application entities
- Reside in management stations and network
elements
- Manager and agent
• SNMP protocol entities
- Communication processes (PDU handlers)
- Peer processes that support application entities
Notes
Network Management: Principles and Practice
© Mani Subramanian 2000
5-4
Chapter 5
SNMP Community
SNMP Manager
SNMP Manager
SNMP Manager
A u th e n tic a tio n S c h e m e
A u th e n tic a tio n S c h e m e
A u th e n tic a tio n S c h e m e
A u th e n tic M e s s a g e s
A u th e n tic a tio n S c h e m e
SNMP Agent
F ig u re 5 .1 S N M P C o m m u n ity
Notes
• Security in SNMPv1 is community-based
• Authentication scheme in manager and agent
• Community: Pairing of two application entities
• Community name: String of octets
• Two applications in the same community
communicate with each other
• Application could have multiple community names
• Communication is not secured in SNMPv1 - no
encryption
Network Management: Principles and Practice
© Mani Subramanian 2000
5-5
Chapter 5
Community Profile
SNMP Agent
READONLY
READW R IT E
SN M P Access M ode
n o t-a c c e s s ib le
re a d -o n ly
w rite -o n ly
re a d -w rite
O b je c t 1
O b je c t 2
O b je c t 3
O b je c t 4
M IB A c c e s s
S N M P M IB V ie w
F ig u r e 5 .2 S N M P C o m m u n ity P r o file
Notes
• MIB view
• An agent is programmed to view only a subset
of managed objects of a network element
• Access mode
• Each community name is assigned an access
mode:: read-only and read-write
• Community profile: MIB view + access mode
• Operations on an object determined by community
profile and the access mode of the object
• Total of four access privileges
• Some objects, such as table and table entry are
non-accessible
Network Management: Principles and Practice
© Mani Subramanian 2000
5-6
Chapter 5
Administration Model
• Administration model is SNMP access policy
• SNMP community paired with SNMP
community profile is SNMP access policy
Notes
Parameters:
• Community / communities
• Agent / Agents
• Manager / managers
Network Management: Principles and Practice
© Mani Subramanian 2000
5-7
Chapter 5
Access Policy
M anager
C o m m u n ity
Agent 1
C o m m u n ity P ro file 1
C o m m u n ity P ro file 2
Agent 2
Notes
• Manager manages Community 1 and 2 network
components via Agents 1 and 2
• Agent 1 has only view of Community Profile 1,
e.g. Cisco components
• Agent 2 has only view of Community Profile 2,
e.g. 3Com components
• Manager has total view of both Cisco and 3Com
components
Network Management: Principles and Practice
© Mani Subramanian 2000
5-8
Chapter 5
Generalized Administration Model
M anager 1
(C o m m u n ity 1 )
C o m m u n ity 1
Agent 1
C o m m u n ity P ro file 1
C o m m u n ity P ro file 2
Agent 2
M anager 3
(C o m m u n ity 1 , C o m m u n ity 2 )
C o m m u n ity 2
Agent 3
C o m m u n ity P ro file 3
C o m m u n ity P ro file 4
Agent 4
M anager 2
(C o m m u n ity 2 )
F ig u re 5 .3 S N M P A c c e s s P o lic y
Notes
• Manager 1 manages community 1, manager 2
community 2,and manager 3 (MoM) both communities
1 and 2
Network Management: Principles and Practice
© Mani Subramanian 2000
5-9
Chapter 5
Proxy Access Policy
SN M P M anager
(C o m m u n ity 1 )
SNMP
Agent
P ro x y A g en t
S N M P C o m m u n ity
n o n -S N M P
C o m m u n ity
F ig u r e 5 .4 S N M P P r o x y A c c e s s P o lic y
Notes
• Proxy agent enables non-SNMP community
elements to be managed by an SNMP manager.
• An SNMP MIB is created to handle the non-SNMP
objects
Network Management: Principles and Practice
© Mani Subramanian 2000
5-10
Chapter 5
Protocol Entities
SNMP
PDU
D a ta
A p p lic a tio n
PDU
A p p lic a tio n
H eader
T ra n s p o rt
PDU
UDP
H eader
N e tw o rk
PDU
IP
H eader
D a ta L in k
PDU
DLC
H eader
V ersio n
C o m m u nity
SNMP PDU
A p p lic a tio n P D U
T ra n s p o rt P D U
N e tw o rk P D U
F ig u r e 5 .5 E n c a p s u la te d S N M P M e s s a g e
Notes
• Protocol entities support application entities
• Communication between remote peer processes
• Message consists of
• Version identifier
• Community name
• Protocol Data Unit
• Message encapsulated and transmitted
Network Management: Principles and Practice
© Mani Subramanian 2000
5-11
Chapter 5
Get and Set PDU
PDU
R e q ue s tID
T yp e
E rro r
S ta tu s
E rro r
In d e x
V a rB in d 1
name
V a rB in d 1
va lu e
...
V a rB in d n
name
V a rB in d n
va lu e
F igu re 5 .8 G e t a n d S e t T yp e P D U s
Notes
• VarBindList: multiple instances of VarBind pairs
P D U s ::=
C H O IC E {
g e t-re q u e s t
G e tR e q u e s t-P D U ,
g e t-n e xt-re q u e s t
G e tN e xtR e q u e s t-P D U ,
g e t-re s p o n s e
G e tR e s p o n s e -P D U ,
s e t-re q u e st
S e tR e q u e st-P D U ,
tra p
T ra p -P D U
}
PDU Types: enumerated INTEGER
g e t-re q u e s t
[0 ]
g e t-n e xt-re q u e s t
[1 ]
s e t-re q u e st
[2 ]
g e t-re s p o n s e
[3 ]
tra p
[4 ]
Network Management: Principles and Practice
© Mani Subramanian 2000
5-12
Chapter 5
Error in Response
E rro rS ta tu s ::=
IN T E G E R {
n o E rro r(0 )
to o B ig (1 )
n o S u c h N a m e (2 )
b a d va lu e (3 )
re a d O n ly(4 )
g e n E rr(5 )
}
Error Index: No. of VarBind that the first error
occurred
Notes
Network Management: Principles and Practice
© Mani Subramanian 2000
5-13
Chapter 5
Trap PDU
PDU
Agent
Generic
Enterprise
Type
Address Trap Type
G e n e ric T rap T yp e
co ld S tart(0)
w a rm S ta rt(1 )
lin kD o w n (2 )
lin kU p (3 )
a u th e n tica tion F ailure (4)
e g p N eig h b orL o ss(5 )
e n te rprise S p e cific(6)
Specific
Trap Type
Timestamp
VarBind 1
name
VarBind 1
VarBind n
...
value
name
VarBind n
value
D e s c rip tio n (b rie f)
S e n d ing p ro to col e n tity is reinitializin g itself;
a g e n t's co n fig ura tio n o r pro to col en tity
im p le m e n ta tio n m a y b e a lte re d
S e n d ing p ro to col e n tity is reinitializin g itself;
a g e n t co nfig u ra tio n o r p ro to col e n tity
im p le m e n ta tio n n ot alte re d
F ailu re of o n e o f th e co m m u n ica tio n lin ks
O n e o f the lin ks h a s co m e u p
A u th e n tica tio n fa ilu re
L o ss o f E G P n eig h bo r
E n te rp rise-sp e cific tra p
Notes
• Enterprise and agent address pertain to the system
generating the trap
• Seven generic traps specified by enumerated
INTEGER
• Specific trap is a trap not covered by enterprise
specific trap
• time stamp indicates elapsed time since last reinitialization
Network Management: Principles and Practice
© Mani Subramanian 2000
5-14
Chapter 5
SNMP Operations
G e tR e q u e s t (s y s D e s c r.0 )
e tR e s p o n s e (s y s D e s c r .0 = "S u n O S " )
G e tR e q u e s t (s y s O b je c tID .0 )
G e tR e s p o n s e ( s y s O b je c tID .0 =e n te rp ris e s .1 1 .2 .3 .1 0 .1 .2 )
G e tR e q u e s t (s y s U p T im e .0 )
e s p o n s e (s y s U p T im e .0 = 2 2 4 7 3 4 9 5 3 0 )
G e tR e q u e s t (s y s C o n ta c t.0 )
G e tR e s p o n s e (s y s C o n ta c t.0 = " ")
G e tR e q u e s t (s y s N a m e .0 )
e tR e s p o n s e (s y s N a m e .0 = "n o c 1 ")
G e tR e q u e s t (s y s L o c a tio n .0 )
G e tR e s p o n s e (s y s L o c a tio n .0 = " ")
G e tR e q u e s t (s y s S e rv ic e s .0 )
G e tR e s p o n s e (s y s S e rv ic e s .0 = 7 2 )
F ig u re 5 .1 0 G e t-R e q u e s t O p e ra tio n fo r S y s te m G ro u p
Network Management: Principles and Practice
© Mani Subramanian 2000
5-15
Chapter 5
MIB for Get-Next-Request
A
B
T
Z
E
1 .1
2 .1
3 .1
1 .2
2 .2
3 .2
F ig u r e 5 .1 2 M IB fo r O p e r a tio n S e q u e n c e s in F ig u r e s 5 .1 3 a n d 5 .1 5
Notes
Network Management: Principles and Practice
© Mani Subramanian 2000
5-16
Chapter 5
Lexicographic Order
N u m e rical O rd e r
1
2
3
9
15
22
34
115
126
250
321
1118
2509
L e xico g ra phic o rde r
1
1118
115
126
15
2
22
250
2509
3
321
34
9
Notes
• Procedure for ordering:
• Start with leftmost digit as first position
• Before increasing the order in the first position,
select the lowest digit in the second position
• Continue the process till the lowest digit in
the last position is captured
• Increase the order in the last position until all
the digits in the last position are captured
• Move back to the last but one position and
repeat the process
• Continue advancing to the first position until all
the numbers are ordered
• Tree structure for the above process
Network Management: Principles and Practice
© Mani Subramanian 2000
5-17
Chapter 5
MIB Lexicographic Order
A
B
T
Z
E
1 .1
2 .1
3 .1
1 .2
2 .2
3 .2
Notes
A
B
T
E
1.1
1.2
2.1
2.2
3.1
3.2
Z
Network Management: Principles and Practice
© Mani Subramanian 2000
5-18
Chapter 5
A More Complex MIB Example
1
1
5
2
2
18
2
3
10
6
4
9
21
9
F ig u r e 5 .1 4 M IB E x a m p le fo r L e x ic o g r a p h ic O r d e r in g
Notes
1
1 .1
1 .1 .5
1 .1 .1 8
1 .2
1 .2 .6
2
2 .2
2 .1 0
2 .1 0 .9
3
3 .4
3 .2 1
9
Network Management: Principles and Practice
© Mani Subramanian 2000
5-19
ger
ss
Chapter 5
Get-Next-Request Operation
A
G e tR e q u e s t ( A )
G e tR e s p o n s e ( A )
Agent
P ro c e s s
B
G e tN e x tR e q u e s t ( A )
G e tR e s p o n s e ( B )
G e tN e x tR e q u e s t ( B )
T
G e tR e s p o n s e ( T .E .1 .1 )
G e tN e x tR e q u e s t (T .E .1 .1 )
G e tR e s p o n s e ( T .E .1 .2 )
E
G e tN e x tR e q u e s t (T .E .1 .2 )
G e tR e s p o n s e ( T .E .2 .1 )
G e tN e x tR e q u e s t (T .E .2 .1 )
G e tR e s p o n s e ( T .E .2 .2 )
T .E .1 .1
T .E .2 .1
T .E .1 .2
T .E .2 .2
G e tN e x tR e q u e s t (T .E .2 .2 )
G e tR e s p o n s e ( T .E .3 .1 )
G e tN e x tR e q u e s t (T .E .3 .1 )
G e tR e s p o n s e ( T .E .3 .2 )
G e tN e x tR e q u e s t (T .E .3 .2 )
Z
G e tR e s p o n s e ( Z )
G e tN e x tR e q u e s t ( Z )
G e tR e s p o n s e ( n o S u c h N a m e )
F ig u r e 5 .1 5 G e t-N e x t-R e q u e s t O p e r a tio n fo r M IB in F ig u r e 5 .1 2
Network Management: Principles and Practice
© Mani Subramanian 2000
5-20
Chapter 5
Get-Next-Request Operation
er
ss
Agent
P ro c e s s
G e tN e xtR e q u e st (sysU p T im e ,
a tP h ysA d d re ss)
G e tR e sp o n se ( (sysU p T im e .0 = " 3 1 5 1 3 1 7 9 5 " ),
(a tP h ysA d d re ss.1 3 .1 7 2 .1 6 .4 6 .1 = " 0 0 0 0 0 0 0 C 3 9 2 0 A C "))
G e tN e xtR e q u e st (sysU p T im e ,
a tP h ysA d d re ss.1 3 .1 7 2 .1 6 .4 6 .1 )
a tIfInde x
23
13
16
a tP h ysA d d re ss
0000000C 3920B 4
0000000C 3920A C
0000000C 3920A F
G e tR e sp o n se ( (sysU p T im e .0 = " 3 1 5 1 3 1 8 0 0 " ),
(a tP h ysA d d re ss.1 6 .1 7 2 .1 6 .4 9 .1 = " 0 0 0 0 0 0 0 C 3 9 2 0 A F " ) )
G e tN e xtR e q u e st (sysU p T im e ,
a tP h ysA d d re ss.1 6 .1 7 2 .1 6 .4 9 .1 )
G e tR e sp o n se ( (sysU p T im e .0 = " 3 1 5 1 3 1 8 0 5 " ),
(a tP h ysA d d re ss.2 3 .1 9 2 .1 6 8 .3 .1 = " 0 0 0 0 0 0 0 C 3 9 2 0 B 4 ") )
G e tN e xtR e q u e st (sysU p T im e ,
a tP h ysA d d re ss.2 3 .1 9 2 .1 6 8 .3 .1 )
G e tR e sp o n se ( (sysU p T im e .0 = " 3 1 5 1 3 1 8 1 0 " ),
(ip F o rw a rd in g .0 = " 1 " ) )
F ig u r e 5 .1 6 G e tN e x tR e q u e s t E x a m p le w ith In d ic e s
Network Management: Principles and Practice
© Mani Subramanian 2000
5-21
a tN
19
17
17
Chapter 5
Sniffer Data
1 4 :0 3 :3 6 .7 8 8 2 7 0 n oc 3 .b tc.g a tec h .e d u .1 6 4 >
n o c 1 .b tc.g a te c h.e d u .s nm p:
C o m m u n ity = p u b lic
G e tR e q u e s t(1 1 1 )
R e q u e s t ID = 4
s ys tem .s ys D esc r.0
s ys tem .s ysO b je ctID .0
s ys tem .s ys U p T im e.0
s ys tem .s ys C o nta ct.0
s ys tem .s ys N am e .0
s ys tem .s ys L oc a tio n .0
s ys tem .s ysS e rvic es .0
F ig u re 5 .1 7 (a ) G e t-R e q u e s t M e s s a g e fro m M a n a g e r-to -Ag e n t
1 4 :0 3 :3 6 .7 9 8 2 6 9 n oc 1 .b tc.g a tec h .e d u .s nm p >
n o c 3 .b tc.g a te c h.e d u .1 6 4 :
C o m m u n ity = p u b lic
G e tR e s p o n s e (1 9 6 )
R e q u e s t ID = 4
s ys tem .s ys D esc r.0 = "S u n O S n o c 1 5 .5 .1 G e n e ric _ 1 0 3 6 4 0 -0 8
sun4u"
s ys tem .s ysO b je ctID .0 = E :h p .2 .3.1 0 .1 .2
s ys tem .s ys U p T im e.0 = 2 4 7 3 9 6 4 5 3
s ys tem .s ys C o nta ct.0 = "B ra n d o n R h o d e s"
s ys tem .s ys N am e .0 = "n oc 1 "
s ys tem .s ys L oc a tio n .0 = "B T C N M L a b "
s ys tem .s ysS e rvic es .0 = 7 2
F ig u re 5 .1 7 (b ) G e t-R e s p o n s e M e s s ag e fro m Ag e n t-to M an a g e r (Afte r)
Network Management: Principles and Practice
© Mani Subramanian 2000
5-22
Chapter 5
SNMP MIB
snm p
(m ib -2 1 1 )
s n m p E n a b le A u
snm pOut
io n s (3 )
s n m p O u tG e tR e s p o
u n ity N a m e s (4 )
s n m p O u tS e tR e q u e
C o m m u n ity U s e s (5 )
s n m p O u tG e tN e x
n A S N P a rs e E rro rs (6 )
s n m p O u tG e tR e q u e s ts
n o t u s e d (7 )
s n m p O u tG e n E rrs (2
s n m p In T o o B ig s (8 )
-- n o t u s e d (2 3
s n m p In N o S u c h N a m e s (9 )
s n m p O u tB a d V a lu e s (2 2 )
s n m p In B a d V a lu e s (1 0 )
s n m p O u tN o S u c h N a m e s (2 1 )
s n m p In R e a d O n ly s (1 1 )
s n m p In G e n E rrs (1 2 )
s n m p In T o ta lR e q V a rs (1 3 )
s n m p In T o ta lS e tV a rs (1 4 )
s n m p In G e tR e q u e s ts (1 5 )
s n m p O u tT o o B ig s (2 0 )
s n m p In T ra p s (1 9 )
s n m p In G e tR e s p o n s e s
(1 8 )
s n m p In S e tR e q u e s ts (1 7 )
s n m p In G e tN e x ts (1 6 )
F ig u re 5 .2 1 S N M P G ro u p
Note: Most of the MIB objects were not used and hence
deprecated in SNMPv2
Network Management: Principles and Practice
© Mani Subramanian 2000
5-23