Simple Network Management Protocol
-
Upload
prasenjit-gayen -
Category
Education
-
view
898 -
download
2
description
Transcript of Simple Network Management Protocol
Simple Network Management Protocol
What is SNMP?
Designed to be Simple-very few commands.
It concerns with Network Management.
It’s a Protocol-defined by IETF.
The Simple Network Management Protocol (SNMP) is an application layer protocol used to manage network resources.
What does SNMP manage?
…all SNMP compatible devices.
servers
workstations
routers
switches
printers
…many more.
SNMP Functionality?
Fault Management.
Configuration Management.
Accounting Management.
Performance Monitoring and Management.
Security Management.
Local and/or Remote
SNMP Components
SNMP Manager.
SNMP Agent.
MIB- Management Information Base.
SNMP Agent
Process
Trap
Request
MIB MIB
Response
SNMP Manager Process
N e t w o r k
SNMP Manager
Capable of querying any managed device - via polling.
Capable enforcing management decision in Network.
Normally runs on very few system compared to SNMP agents.
Software that runs on some administrative computer and manages the whole network.
SNMP Agent
Collects information from network device, on which it resides and stores in MIB.
Replies to manager with proper information when asked for.
Can initiate communication with SNMP manager using traps.
Small piece of code that runs on every SNMP managed device and gathers and sends data about that managed resource in response to
a request from the manager.
SNMP Proxy
A Proxy Agent is an SNMP agent that maintains information of one or more non-SNMP devices.
Proxy Agent does the conversion of control messages.
SNMP Manager
SNMP Agent Proxy Agent
Non-SNMP Community
SNMP Community
..may run some other NMS.
SNMP Internals
How Management Information will be stored?
SMI: Structure of Management Information
What Management Information data will be stored?
MIBs: Management Information Base
How information would be exchanged on network?
SNMP: Simple Network Management Protocol
SMI-Structure of Management Information
Defines the data types allowed in MIB.
Defines naming structure for each managed objects (MO).
Typically each MIB objects has six attributes- Object Name
Object Identifier
Syntax Field
Access field
Status Field
Text Descriptor
RFC-1155
Management Information Base
MIB is collection of network information.Contains the real values of managed objects in the agent in the form of
variables, tables of variables.
Access - through network management protocol.
MO in MIB - represent characteristics of a managed device.
Changes is done in agent MIB.
MIB definition is available in manager.RFC-1156
MIB Object Naming Tree
• Object Identifier – Uniquely identify an object in Management Information Base.
1.3.6.1.4.1.9
MIB Syntax
sysContact OBJECT-TYPE -- OBJECT-TYPE is a macro
SYNTAX DisplayString (SIZE (0..255))
ACCESS read-write -- or read-write, write-only, not-accessible
STATUS mandatory -- or optional, deprecated, obsolete
DESCRIPTION
“Chris Francois
(360)650-0000”
::= { system 4 }
8-14
MIB example: UDP moduleObject ID…....Name……………………Type…………………Comments……………………………………….
1.3.6.1.2.1.7.1 UDPInDatagrams Counter32 total # datagrams delivered at this time
1.3.6.1.2.1.7.2 UDPNoPorts Counter32 # underliverable datagrams no app at
portl
1.3.6.1.2.1.7.3 UDInErrors Counter32 # undeliverable datagrams all other
reasons
1.3.6.1.2.1.7.4 UDPOutDatagrams Counter32 # datagrams sent
1.3.6.1.2.1.7.5 udpTable SEQUENCE one entry for each port in use by
app, gives port #and IP address
SNMP Version1
Introduced in 1988, maintained by IETF.
SNMP protocol facilitates communication between managed device and SNMP manager.
Five messages was introduced in SNMP v1.GetRequestSetRequestGetNextRequestTrapResponse
Manager to Agent
Agent to Manager
SNMP Messages
Get-RequestSent by manager requesting specific data from agent.
Get-Next-RequestSent by manager requesting data on the next MO to the one specified.
Set-RequestInitializes or changes the value of network element.
Get-ResponseAgent responds with data for get and set requests from the manager.
TrapAlarm generated by an agent.
SNMP v1
Communication is via SNMP Protocol Data Units (PDUs) that are typically encapsulated in UDP packets.
UDP ports, 161 and 162, are the default ports reserved for SNMP.
The agent listens for requests and replies to them over port 161.
…reports asynchronous traps on port 162, unless it is instructed to use different ports.
SNMP Protocol Data Unit(PDU)
Request ID Error Status Error IndexObject 1Value 1
Object 2Value 2
PDU TYPE
PDU TYPE Enterprise Agent Addr Gen Trap Spec TrapTime
StampObject 1Value 1
Object 2Value 2
Trap PDU Structure
General PDU Structure
SNMP Request to Response association
Indicates one of a number of errors and error types.
Set by ‘Response’ operation.
Others set it to ‘0’
Associates error with object instance.
Set by ‘Response’ operation.
Others set it to ‘0’
4: Trap
Management Enterprise under whose registration authority trap was defined.
Agent’s IP Address(for further
identification)
Generic Trap Type:7 values are defined:coldStart(0)warmStart(1)linkDown(2)linkUp(3)authenticationFailure(4)egpNeighborLoss(5)enterpriseSpecific(6)
Specific Trap Type:Identifies non-generic trap when Generic Trap Type set to ‘enterpriseSpecific(6)’
Time elapsed between last network reinitialization and trap generation
0: GetRequest1: GetNextRequest2: SetRequest3: GetResponse
Data Field of SNMPv1 PDU.
Associates Object instance with current value.
Ignore for Get and GetNext
Issues with SNMP v1
Security- Very low standards.
× Passwords transmitted as plain text.
No provision for authenticating message source.
MIBs were not secured with ACL’s.
Limited number of error handling.
SNMP v2
Improvement over SNMP v1.
Improved security feature.
…added manager to manager communication.
Four version of SNMP v2-
SNMP v2p, SNMP v2c, SNMP v2u, SNMPv2*.
SNMP v2 is not backward compatible with SNMP v1.
SNMP v2 additional operations
Bulk Data TransferGetBulkRequest message was added.Manager can request multiple values from agent via this message.…faster retrieval of multiple records.
Manager to Manager communicationInformRequest -information sharing between two SNMP manager.
Improved error handlingSNMPv2 includes expanded error code that distinguishes kind of error
condition.
Interfacing SNMP v1
Bilingual Manager Implements both SNMP v1 and v2
interpreter in manager.
Interpreter module do all MIB and protocol conversion to and from SNMP agent.
SNMP PDU contains version number to identify the frame.
Bilingual Manager
SNMPv1 Interpreter
SNMPv2 Interpreter
S N M P v 1 A g e n t
S N M P v 2 A g e n t
Agent Profile
S N M P v 2 A g e n t
S N M P v 1 A g e n t
Interfacing SNMP v1
Proxy ServerRequests to and response from
SNMPv2 agents are processed by the SNMPv2 manager directly.
A proxy server is implemented as a front end module to the SNMPv2 manager to allow communication with SNMPv1 agents.
SNMPv2 Manager
Proxy Server
SNMP v2 PDU
Request ID Error Status Error IndexObject 1Value 1
Object 2Value 2
PDU TYPE
SNMPv2 PDU (except bulk)
SNMP Request to Response association
Indicates one of a number of errors and error types.
Set by ‘Response’ operation.
Others set it to ‘0’
Associates error with object instance.
Set by ‘Response’ operation.
Others set it to ‘0’
0: GetRequest1: GetNextRequest2: Response3: Set Request4. Obsolete5. GetBulkRequest6. InformRequest7. SNMPv2 Trap
Data Field of SNMPv1 PDU.
Associates Object instance with current value.
Ignore for Get and GetNext
SNMP v2 PDU
PDU TYPE Request ID Non-RepeatersMax
RepetitionsObject 1Value 1
Object 2Value 2
………………………...
Object nValue n
SNMPv2 GetBulkRequest PDU
Issues with SNMP v2
Multiple versions of SNMP v2- no consensus.
Security-not much improvement.
Incompatibility with earlier version (v1).
Overhead implementing Bilingual Manager or Proxy Server.
SNMP v3
A general framework for all three SNMP versions.
Implements SNMP v1 and v2 specifications along with proposed new
features.
Improved security feature.
Secure remote configuration.
Protection against modification of information.
SNMP v3 Security
Major security improvement of v3 from earlier versions are-
Message Integrity -ensures that data has not been modified or tampered while in transit.
Authentication-checks if the message is from a authorized source.Encryption-encrypt the data to prevent others from seeing the content.
Data can be collected securely from SNMP devices without fear of the data being tampered with or corrupted.
SNMP v3 Architecture
SNMP v3 Engine
Dispatcher- support concurrent multiple SNMP message.Send and receive SNMP message to and from the network.Determine SNMP version forward to corresponding message processing
subsystem.Interface between network and SNMP applications.
SNMP engine provides services for sending, receiving messages, authenticating
and encrypting messages, and controlling access to managed objects.
SNMP v3 Engine
Message processing SubsystemPrepares message for sending in network.Extract information from received message.
Security SubsystemProvides security services-authentication, encryption etc.Contains multiple subsystem.
Access Control SystemProvides authorization services.
SNMP v3 Architecture
SNMP v3 Applications
Command Generatorused to generate get-request, get-next-request, get-bulk and set-request messages.…also processes response received from the sent commands.
Command ResponderProcesses the get and set request destined for it.
Notification ReceiverReceives asynchronous messages and processes that.
Notification OriginatorInitiates asynchronous messages or traps.
Proxy ForwarderForwards requests and notification to other SNMP engines, according to contextNo matter what MO information contained in it.
Thank you!