simple network management protocol - 國立中興大學
TRANSCRIPT
2016/2/23 SNM NCHU 1
SNMP –Simple Network
Management Protocol
Lecture 1Overview and Concept
Management Components, SMI, and Management Information
(supplementary: Chapter 1 & 2 of tutorial slides)
2016/2/23 SNM NCHU 2
Introduction SNMP Simple Network Management Protocol A set of standards for network management Protocol Database structure specification Data objects
A set of standardized tools that Control costs of network management Across various product types End system, bridges, routers,
telecommunications, …
2016/2/23 SNM NCHU 3
History of SNMP Development (1/2) In 1989
SNMP was adopted as TCP/IP-based Internet standards In 1991
RMON - Remote network MONitoring Supplement to SNMP to include management of LAN and LAN
devices In 1995
SNMPv2 Functional enhancements to SNMP SNMP on OSI-based networks
RMON2 (rfc 2021) In 1998
SNMPv3 (proposed) Further enhancements Security capability for SNMP
In 2002SNMPv3 Security, VACM (rfc 3415)
2016/2/23 SNM NCHU 4
History of SNMP Development (2/2) In 2008
Traffic Measurements and Trace Exchange Formats Context EngineID Discovery
In 2009 Transport Subsystem and Transport Security Model Relating SYSLOG to notification Secure Shell Transport Mode Remote Authentication Dial-In User Service (RADIUS)
Usage In 2010-2011
Expressing SNMP SMI Datatypes in XML Schema Definition Language
Transport layer security (TLS) transport model
2016/2/23 SNM NCHU 5
Network Management Requirements (5 MFAs)
Fault Management Detect, isolate, reconfigurate and repair the abnormal network
environment Problem tracking and control
Problem is truly resolved and no new ones are introduced Accounting Management
Track the use of network resources by end user to provide Impropriate usage tracing, charging, statistics
Configuration and Name Management Startup, shutdown, reconfigure network component when
Upgrade, fault recovery or security checks Performance Management
Capacity utilization, throughput, response time, bottleneck Collect information and assess current situation
Security Management Information protection and access control
2016/2/23 SNM NCHU 6
Additions to 5 MFAs Cost Management
Separate cost from mechanism Mobility Management
Improve mobile communication, such as handoff, QoS. Co-existence Management
Integration and co-existence with 3G/4G
2016/2/23 SNM NCHU 7
Fundamental Axiomof the Management Framework
The impact of adding network management to managed nodes must be minimal, reflecting a lowest common denominator.
1st tenet: If network management is viewed as an essential aspect of an Internet, then it must be universally deployed on the largest possible collection of devices in the network.
2nd tenet: When all else fails, network management must continue to function, if at all possible.
2016/2/23 SNM NCHU 8
Network Management System (1) A collection of tools for Network monitoring Network control Diagnostic report
These tools must be integrated Single operator interface with powerful but
user-friendly Minimal amount of separate equipment is
necessary
2016/2/23 SNM NCHU 9
Network Management System (2) Architecture of NMS NMA
Operator interface NME
Collect statistics Response to NMA Alert NMA when
environment changing
2016/2/23 SNM NCHU 10
Network Management Software Architecture
Presentation SW Unified interface and handle
information overload Network Management SW (SNMP)
NM applications Admin interested tools
Application element Fault, security, accounting
management Primitive and general-purpose NM
functions Generating alarm, summarizing data
Communication SW (UDP) Exchange management information Communication protocol stack
Database SW (MIB) MIB (Management Information
Base) Configuration and behavior Operation parameters
MIB access modules Convert local MIB to standard form
2016/2/23 SNM NCHU 11
In that time .. Network environment is simple ICMP is the only way to do network investigation
ping, traceroute, …. As Internet goes popular, three approaches are
proposed: HEMS: High-level Entity Management System
Considered to be the first network management tools SGMP and SNMP
SNMP was an enhanced version of the Simple Gateway Management Protocol
For TCP/IP-based network management standards Supposed to be short-term solution
CMIP over TCP/IP (CMOT) Common Management Information Protocol For ISO-based network management standards Supposed to be long-term solution
2016/2/23 SNM NCHU 12
SNMP Architectural Model
Network
網路介面
SNMPUDP
IP網路介面
SNMPUDP
IP網路介面
SNMPUDP
IP
Manager Agent Agent
. . .
ManagementStation Host Router
Network Elements (NEs)
Network Management
Protocol
SNMP
2016/2/23 SNM NCHU 13
Default UDP Ports for SNMP
網路介面
SNMPUDP
IP
Manager
ManagementStation
Network Elements (NEs)
網路介面
SNMPUDP
IP
Agent
162 Any 161 Any
2016/2/23 SNM NCHU 14
SNMP Architecture (1) 4 key elements Management Station
Serve as the interface between manager and devices Management applications User-friendly interface Translate manager’s requirements into actual monitoring or
control operations Database extracted from MIBs of all managed device
Management Agent Respond to request from management station Change settings in MIB of managed device Asynchronously report abnormal event (Trap)
Management Information Base (MIB) Each resource is represented as an object and MIB is a collection of objects
Network Management Protocol (SNMP) get, set, trap
2016/2/23 SNM NCHU 15
SNMP Architecture (2)
2016/2/23 SNM NCHU 16
SNMP Architecture (3) SNMP proxy Devices that do not support UDP/IP ex: Bridge, Modem
Devices that do not want to add burden of SNMP agent ex: PC, programmable controller
2016/2/23 SNM NCHU 17
Proxy Agent
Proxy agent exists between standard operations and proprietary operations for Administrative firewall – authenticate and authorize
requests
Caching firewall – cache info. to minimize the burden on a busy device
Transport bridging – support a multi-protocol environment
Protocol translation – translate between the device-specific form and the management form
2016/2/23 SNM NCHU 18
SNMP Message Information
Message Information Base (MIB) Collection of objects Each object represents certain resource of
managed device Interoperability of MIB Object that represents a particular resource
should be the same cross various system What objects MIB-I and MIB-II
Common representation format SMI (Structure of Management Information)
2016/2/23 SNM NCHU 19
SMI (RFC 1155) Set of rules on how managed objects should be
defined. Objects are defined using Abstract Syntax
Notation One (ASN.1) (ITU-T X.208 / ISO 8824) Identify the data type that can be used in MIB and
how resources are represented and named, including MIB structure Syntax and value of each object Encoding of object value
What is SMI for?
2016/2/23 SNM NCHU 20
SMI places a limit on the width and depth that an OID may take: At most 128 sub-identifiers Each sub-identifier must be in the range [0, 232- 1]
There are 3 kinds of object types (for SNMP):1. Simple – INTEGER, OBJECT IDENTIFIER, OCTET STRING,
BIT STRING2. Application-wide – IpAddress, Counter32, Gauge32,
TimeTicks, Opaque, Counter64, UInteger32, …3. Simple constructed – row, table
SMI Places Limit on OID
2016/2/23 SNM NCHU 21
<row> ::= (combination of different data types) SEQUENCE { <type1>, …,<typeN>}
<table> ::= SEQUENCE OF <row> (must be the same type)
E.g. ipRoutingTable OBJECT-TYPESYNTAX SEQUENCE OF IpRouteEntry…::= {ip 21}
ipRotueEntry OBJECT-TYPESYNTAX IpRouteEntry…INDEX { ipRouteDest }::= {ipRoutingTable 1}
Table Structure
2016/2/23 SNM NCHU 22
Simple Types ---INTEGER, BIT STRING, OCTET STRING, OBJECT IDENTIFIER, NULL
Constructed Types ---SEQUENCE, SEQUENCE OF
Tagged Types ---universal, application-wide, context-specific, private-use
Types and Values (in ASN.1)
2016/2/23 SNM NCHU 23
Other than Application-wide types, there are newly defined types, termed textual conventions.
Textual convention macro is invoked as NameOfType ::= TEXTUAL_CONVENTION
<<clauses>>SYNTAX TYPE
e.g. DisplayString ::= TEXTUAL-CONVENTIONDISPLAY-HINT “255a”STATUS currentDESCRIPTION “represents textual information …”SYNTAX OCTET STRING (SIZE (o..255))
Textual Conventions
2016/2/23 SNM NCHU 24
DisplayString OCTET STRING (SIZE (0..255)) PhysAddress OCTET STRING MacAddress OCTET STRING (SIZE (6)) TruthValue INTEGER { true(1), false(2)} TestAndIncr INTEGER (0..2147483647) AutonomousType - a value which points to an OID InstancePointer OBJECT IDENTIFIER RowStatus INTEGER { active(1), noInService(2),
notReady(3), createAndGo(4), createAndWait(5), destroy(6)} TimeStamp TimeTicks TimeInterval INTEGER (0.. 2147483647) DateAndTime OCTET STRING (SIZE 8 | 11)) Other range refinement, enumeration refinement, size
refinement, and repertoire refinement.
Pre-defined Textual Conventions
2016/2/23 SNM NCHU 25
ASN.1 macro is defined using the form:<<macro-name>> MACRO ::= BEGIN
TYPE NOTATION ::=….
VALUE NOTATION ::= value(…)…
END
Once a macro is defined, it can be used as:nameOfValue <<macrto-name>><<clauses>>::= VALUE
Definition of Macros
2016/2/23 SNM NCHU 26
OBJECT-TYPE MACRO ::= BEGIN
TYPE NOTATION ::=“SYNTAX” type(Syntax)UnitsPart“MAX-ACCESS” Access“DESCRIPTION” TextReferPart…
VALUE NOTATION ::= value(VALUE ObjectName)UnitsPart ::= “UNITS” Text | empty Status ::= “current” | “deprecated” | “obsolete”ReferPart ::= “REFERENCE” Text | emptyText ::= “”””string””””…
END
An Example of a Macro Definition
2016/2/23 SNM NCHU 27
OBJECT-IDENTITY MACRO ::= BEGIN
TYPE NOTATION ::=“STATUS” Status“DESCRIPTION” TextReferPart
VALUE NOTATION ::= value(VALUE OBJECT IDENTIFIER)
Status ::= “current” | “obsolete”ReferPart ::= “REFERENCE” Text | emptyText ::= “”””string””””
END
Note: Other macro definitions ca be found in p103, 106, 118, 134, 179 in the SIMPLE book.
Another Example of a Macro Definition
2016/2/23 SNM NCHU 28
nameOfValue MACRO-NAME<<clauses>>::= VALUE
e.g. ifEntry ::= OBJECT-TYPE { SYNTAX IfEntry…INDEX {ifIndex} ::= {ifTable 1}
NameOfType ::= TYPE (defined type)e.g.IpAddress ::= [APPLICATION 0]
IMPLICIT OCTET STRING (SIZE (4))
nameOfValue NameOfType ::= VALUE (defined value)e.g. internet OBJECT-IDENTIFIER ::= {iso 3 6 1}
Types and Values Definitions
2016/2/23 SNM NCHU 29
Modules (high level definition)<<module>> DEFINITIONS ::= BEGIN<<linkage>><<declarations>>ENDThree kinds of objects are defined using ASN.1
• macro --- consists entirely of uppercase letters
• type --- starts with an uppercase letter
• value --- starts with a lowercase letter
Or say, three level of definitions: macro definition, macro instance, and macro instance value.
2016/2/23 SNM NCHU 30
SMI (RFC1155)RFC1155-SMI DEFINITIONS ::= BEGINEXPORTS -- EVERYTHING
internet, directory, mgmt, experimental, private,enterprises, OBJECT-TYPE, ObjectName, ObjectSyntax, SimpleSyntax,ApplicationSyntax, NetworkAddress, IpAddress, Counter, Gauge, TimeTicks, Opaque;
internet OBJECT IDENTIFIER ::= { iso org(3) dod(6) 1 }directory OBJECT IDENTIFIER ::= { internet 1 }mgmt OBJECT IDENTIFIER ::= { internet 2 }experimental OBJECT IDENTIFIER ::= { internet 3 }private OBJECT IDENTIFIER ::= { internet 4 }enterprises OBJECT IDENTIFIER ::= { private 1 }
2016/2/23 SNM NCHU 31
SMI (cont.)OBJECT-TYPE MACRO ::=
BEGINTYPE NOTATION ::=
"SYNTAX" type (TYPE ObjectSyntax)"ACCESS" Access"STATUS" Status
VALUE NOTATION ::= value (VALUE ObjectName)Access ::= "read-only"
| "read-write"| "write-only"| "not-accessible"
Status ::= "mandatory" | "optional"| "obsolete"
END
ASN.1 Macro
2016/2/23 32
SMI v1 and v2 (RFC 2578) (1)Data Type
V1 V2__________________________
INTEGER Integer32
OCTET STRING (same)
OBJECT INDETIFIER (same)
NULL (same)
SEQUENCE/SEQUENCE OF (same)
IpAddress (same)
NetworkAddress (same)
Gauge Gauge32
TimeTicks (same)
Opaque (same)
Unsigned32, Counter32, Counter64
BITS
2016/2/23 SNM NCHU 33
SMI v1 and v2 (FRC 2578) (2)
Object Definition Enhancement
V1 V2__________________________ ACCESS of MAX-ACCESS of “read-only”, read-write”, write-only”, “read-only”, “read-write”, “read-create”,“not-accessible” “not-accessible”, “accessible-for-notify”
STATUS of STATUS of“current”, “obsolete”, “deprecated” “mandatory”, “obsolete”, “optional”
AUGMENTS adding one column to an existing table
2016/2/23 SNM NCHU 34
nameOfValue NameOfType ::= VALUE(Note: invocation once a MACRO is defined)
sysDesc OBJECT-TYPESYNTAX DisplayString (SIZE (0..255))ACCESS read-onlySTATUS mandatory
::= { system 1}
2016/2/23 SNM NCHU 35
ObjectName ::= OBJECT IDENTIFIER
ObjectSyntax ::=CHOICE {
simple SimpleSyntax,application-wide
ApplicationSyntax}
SimpleSyntax ::=CHOICE {
number INTEGER,string OCTET STRING,object OBJECT IDENTIFIER,empty NULL} }
ApplicationSyntax ::=CHOICE {
address NetworkAddress,counter Counter,gauge Gauge,ticks TimeTicks,arbitrary Opaque}
NetworkAddress ::=CHOICE {
internet IpAddress}IpAddress ::=
[APPLICATION 0]IMPLICIT OCTET STRING (SIZE (4))
Counter ::=[APPLICATION 1]IMPLICIT INTEGER (0..4294967295)
Gauge ::=[APPLICATION 2]IMPLICIT INTEGER (0..4294967295)
TimeTicks ::=[APPLICATION 3]IMPLICIT INTEGER (0..4294967295)
Opaque ::=[APPLICATION 4] IMPLICIT OCTET STRING
END
NameOfType ::= TYPE
2016/2/23 SNM NCHU 36
MIB structure Rooted tree The leaves are the actual managed objects Each object has an identifier (OBJECT
IDENTIFIER) Number with dot as delimiter
The internet node iso -> org -> dod -> internet object identifier of internet node: 1.3.6.1
Under internet node directory :OSI X.500 directory mgmt: used for objects defined in IAB (Internet
Activities Board) experimental: used for internet experiments private: unilaterally usage
MIB Structure
2016/2/23 SNM NCHU 37
Define additional objects Under mib-2 Under experimental Under enterprises
MIB Tree
2016/2/23 SNM NCHU 38
Concise MIB Definition (RFC 1212)OBJECT-TYPE MACRO ::=
BEGINTYPE NOTATION ::=
"SYNTAX" type(ObjectSyntax)"ACCESS" Access"STATUS" StatusDescrPartReferPartIndexPartDefValPart
VALUE NOTATION ::= value (VALUE ObjectName)
Access ::= “read-only”|”read-write” | “write-only” | ”not-accessible”Status ::= “mandatory” | “optional”| ”obslete” | ”deprecated”
DescrPart ::="DESCRIPTION" value (description DisplayString)
| emptyReferPart ::=
"REFERENCE" value (reference DisplayString)| empty
IndexPart ::="INDEX" "{" IndexTypes "}" | empty
IndexTypes ::=IndexType | IndexTypes "," IndexType
IndexType ::=value (indexobject ObjectName) | type (indextype)
DefValPart ::="DEFVAL" "{" value (defvalue ObjectSyntax) "}"
| emptyEND
2016/2/23 SNM NCHU 39
Examples: MIB II (RFC 1213)mib-2 OBJECT IDENTIFIER ::= { mgmt 1 }system OBJECT IDENTIFIER ::= { mib-2 1 }interfaces OBJECT IDENTIFIER ::= { mib-2 2 }at OBJECT IDENTIFIER ::= { mib-2 3 }ip OBJECT IDENTIFIER ::= { mib-2 4 }icmp OBJECT IDENTIFIER ::= { mib-2 5 }
tcp OBJECT IDENTIFIER ::= { mib-2 6 }udp OBJECT IDENTIFIER ::= { mib-2 7 }egp OBJECT IDENTIFIER ::= { mib-2 8 }-- cmot OBJECT IDENTIFIER ::= { mib-2 9 }
transmission OBJECT IDENTIFIER ::= { mib-2 10 }snmp OBJECT IDENTIFIER ::= { mib-2 11 }
ifEntry OBJECT-TYPESYNTAX IfEntryACCESS not-accessibleSTATUS mandatoryDESCRIPTION
"An interface entry containing objects at the subnetwork layer and below for a particular interface."
INDEX { ifIndex }::= { ifTable 1 }
ifTable OBJECT-TYPESYNTAX SEQUENCE OF IfEntry
ACCESS not-accessibleSTATUS mandatory
DESCRIPTION"A list of interface entries. The number of entries is givenby the value of ifNumber."
::= { interfaces 2 }
2016/2/23 SNM NCHU 40
Identification of Managed Objects
Use Object Identifier (OID)OID = Object Type OID . Instance IdentifierObject Type OID: Each Object type has a unique OID
Instance Identifier: Identify instances of object type
Eg. mib-2.interface.ifTable.ifEntry.ifDescr.2
2016/2/23 SNM NCHU 41
Two Kinds of Managed Objects
Type-Specific Objects (scalar objects): sysDescr OBJECT-TYPE
SYNTAX DisplayString (SIZE(0..255))::= {system 1}
OID: mib-2.system.1.0Columnar Objects OID:
mib-2.interface.ifTable.ifEntry.ifDescr.2mib-2.interface.ifTable.ifEntry.ifDescr.6mib-2.interface.ifTable.ifEntry.ifType.2mib-2.interface.ifTable.ifEntry.ifType.6
2016/2/23 SNM NCHU 42
Columnar Objects
ifTable OBJECT-TYPESYNTAX SEQUENCE OF IfEntry…::= { interface 2 }
IfEntry ::= SEQUENCE {ifIndex INTEGER,ifDescr
DisplayString,ifType INTEGER,…
}ifEntry OBJECT-TYPE
SYNTAX IfEntry…INDEX {ifIndex }::= { ifTable 1}
ifDescr OBJECT-TYPESYNTAX DisplayString (SIZE(0..255))ACCESS read-onlySTATUS madatory
...::= {ifEntry 2}
2016/2/23 SNM NCHU 43
Columnar Objects
ifIndex ifDescr ifType . . .
1 le0 6 . . .
6 llc0 1 . . .
7 lo0 24 . . .
9 le1 6 . . .
.ifTable.ifEntry.1 (1.3.6.1.2.1.2.2.1.1).ifTable.ifEntry.2 (1.3.6.1.2.1.2.2.1.2)
.ifTable.ifEntry.3 (1.3.6.1.2.1.2.2.1.3)
1.3.6.1.2.1.2.2.1.3.71.3.6.1.2.1.2.2.1.2.6
2016/2/23 SNM NCHU 44
Index Objects
Integer-valued: a single sub-identifier
String-valued, fixed-length strings: n sub-identifiers, n= length of the string
String-valued, variable-length strings:n+1 sub-identifiers, the first octet is n (= length)
OID-valued: n+1 sub-identifiers, 1st octet indicates the number of levels
2016/2/23 SNM NCHU 45
Index in MIB II (snapshot)
ifEntry {ifIndex}atEntry {atNetIfIndex, atNetAddress}ipAddrEntry {ipAdEntAddr }ipRouteEntry {ipRouteDest}ipNetToMediaEntry {ipNetToMediaIfIndex,
ipNetToMediaNetAddress}tcpConnEntry
{tcpConnLocalAddress, tcpConnLocalPort,tcpConnRemoteAddress, tcpConnRemotePort}
udpEntry {udpLocalAddress, udpLocalPort}egpNeighEntry {egpNeighAddr}
2016/2/23 SNM NCHU 46
SNMP Message Information –Object Syntax (1)
Definition of object Data type
Application-independent type (UNIVERSAL type) integer, octetstring, null, object identifier, sequence,
sequence of, choice Application-wide types (RFC 1155) Networkaddress -> ipaddress counter (0 ~ 232 -1), increasing only, wrap to 0 gauge (0 ~ 232 -1) timeticks opaque (encoded as OCTET STRING for transmission) threshold
Value ranges Relationships with other objects in MIB
2016/2/23 SNM NCHU 47
SNMP Message Information –Object Syntax (2)
ANS.1 Abstract Syntax Notation One A formal language developed by CCITT and ISO In SNMP, we use macro to define other types
and to define managed objects. Macro definition (template) Macro instance (particular type) Macro instance value
2016/2/23 SNM NCHU 48
SNMP Message Information –Object Syntax (3) OBJECT-TYPE macro
2016/2/23 SNM NCHU 49
SNMP Message Information –Object Syntax (4)
Example of object definition iso.org.dod.internet.mgmt.mib-2.tcp.tcpMaxConn 1.3.6.1.2.1.6.4
2016/2/23 SNM NCHU 50
SNMP Message Information –Object Syntax (5)
2-D table (Eg: tcpConnTable (RFC1213)) Two-dimensional array with scalar-valued entries
2016/2/23 SNM NCHU 51
SNMP Message Information –Object Syntax (6)
2016/2/23 SNM NCHU 52
SNMP Message Information –Object Syntax (7)
iso (1) -> org (3) -> dod (6) -> internet (1) -> mgmt (2) mib-2 (1) -> tcp (6) -> tcpConnTable(13)
2016/2/23 SNM NCHU 53
SNMP Message Information –Multiple Indexed Objects (8)
To get the state of the TCP connection: 10.144.18.118:1200 ===> 10.144.14.40:1600
Use snmp_get_req. to get the “tcpConnState” of the tcpConnTable in MIB II.
tcpConnState ==> .1.3.6.1.2.1.6.13.1.1
.1.3.6.1.2.1.6.13.1.1.10.144.18.118.1200.10.144.14.40.1600
2016/2/23 SNM NCHU 54
Standard MIBs
Lecture 2Standard Management Groups in
MIB-II(supplementary: Chapter 3 of tutorial slides)
2016/2/23 SNM NCHU 55
IETF MIBs
1212 Concise MIB definitions 1213 MIB-II 1316 Character Stream 1317 RS-232-like Hardware 1471 PPP 1513 RMON for Token Ring 1757 RMON 2021 RMON-II .....
2016/2/23 SNM NCHU 56
MIB-II Introduction (1)
RFC1213 MIB-I (RFC 1156) MIB-II is a superset of MIB-I
with some additional objects and groups
175 objects
2016/2/23 SNM NCHU 57
MIB-II Introduction (2)Object Identifier (OID): Global identifier for a particular object type. An OID consists of a sequence of integers, which
specify the position of the object in the global object identifier tree. root
ccitt iso joint-iso-ccitt
directory
0 1 2
std regauthority
memberbody org
0 1 2 3
dod
internet
6
1 2 3 4mgmt experimental private
MIB II
system1
interface2
at3
IP4
ICMP5
TCP6
UDP7
EGP8
Trans.10
SNMP11
1 1enterprises
1.3.6.1.2.1.2 1.3.6.1.4.1
1.3.6.1.2.1
MIB II
interface
enterprises
2016/2/23 SNM NCHU 58
system group (1) 1.3.6.1.2.1 sysServices
1 physical (ex: repeater) 2 datalink/subnetwork (ex: bridge) 3 internet (ex: router) 4 end-to-end (ex: IP hosts) 7 applications (ex: mail relays)
2016/2/23 SNM NCHU 59
system group (2)
system OBJECT IDENTIFIER ::= {mib-2 1} sysServices --- summed integer
for instance, a device supports services of layer 1, 2, and 3 has sysServices = 1+2+4=7
2016/2/23 SNM NCHU 60
interfaces group (1) interfaces OBJECT IDENTIFIER := {mib-2 2}
1.3.6.1.2.1.2
2016/2/23 SNM NCHU 61
interfaces group (2)
2016/2/23 SNM NCHU 62
tcp group
tcp OBJECT IDENTIFIER ::= {mib-2 6}
1.3.6.1.2.1.6
2016/2/23 SNM NCHU 63
ip group
1.3.6.1.2.1.4 ip OBJECT IDENTIFIER
::= {mib-2 4}
2016/2/23 SNM NCHU 64
INTERFACE STATISTICS MIB-IIIP, TCP & UDP STATISTICS MIB-IISNMP STATISTICS MIB-IIHOST JOB COUNTS HOSTHOST FILE SYSTEM INFORMATION HOSTLINK TESTING REPEATER BRIDGENETWORK TRAFFIC STATISTICS REPEATER BRIDGE RMONTABLE WITH ALL MAC ADDRESSES REPEATER RMONSTATISTICS PER HOST REPEATER RMONHISTORICAL STATISTICS RMONSPANNING TREE PERFORMANCE BRIDGEWIDE AREA LINK PERFORMANCE BRIDGETRESHOLDS FOR ANY VARIABLE RMONCONFIGURABLE STATISTICS RMONTRAFFIC MATRIX WITH ALL NODES RMON‘HOST TOP N’ INFORMATION RMONPACKET / PROTOCOL ANALYSIS RMONDISTRIBUTED LOGGING RMON
RELATION BETWEEN MIBs
2016/2/23 SNM NCHU 65
Hardware MIBs and Protocol MIBs
Refer to SimpleWeb mib-intro.pdf for deatails Previous introduction is about MIB-II groups, please also
refer to SimpleWeb mib-2.pdf for updated version.
system group => SNMPv2 MIB (RFC 3418)
interfaces group => IF-MIB (RFC 2863)
at group => deprecated
ip & icmp group => IP-MIB (RFC 2011)
tcp group => TCP-MIB (RFC 2012)
udp group => UDP-MIB (RFC 2013)
egp group => OUTDATED
snmp group => SNMPv2MIB (RFC 3418)
2016/2/23 SNM NCHU 66
Other MIBs
Refer to SimpleWeb and RFCs for IF MIB, IP MIB, TCP
MIB, UDP, MIB, HR MIB, …
2016/2/23 SNM NCHU 67
Simple Network Management Protocol
Lecture 3SNMPv1 (RFC 1157)
SNMPv2 (RFC1441-1452 )(supplementary: Chapter 4 of tutorial slides)
2016/2/23 SNM NCHU 68
SNMPv1 Protocol
Supported operations get, set, trap
Simplicity vs. limitations Not able to change the structure of MIB by adding
or deleting object instances Access is provided only to leaf objects Not able to access entire table or row in single action
2016/2/23 SNM NCHU 69
SNMPv1 Operations Support
Three general-purpose operations may be performed on scalar objects: Get:A management station retrieves a scalar
object value from a managed station. Set:A management station updates a scalar
object value in a managed station. Trap:A managed station sends an unsolicited
scalar object value to management station
2016/2/23 SNM NCHU 70
SNMP Protocol –management relationship
In management environment The management station and managed agent One-to-many relationship One station may manage all or a subset of target
The managed system and management station One-to-may relationship Each managed station controls its local MIB and
must be able to control the use of that MIB
2016/2/23 SNM NCHU 71
Three Management Services A managed station controls its own local MIB
and must be able to control the MIB access by a number of management stations Authentication service: The managed station may
wish to limit access to the MIB to authorized management stations.
Access policy: The managed station may wish to give different access privileges to different management stations.
Proxy service: A managed station may act as a proxy to other managed stations.
2016/2/23 SNM NCHU 72
MIB Access and SNMP Access Mode
2016/2/23 SNM NCHU 73
SNMP Access Policy
2016/2/23 SNM NCHU 74
Concept of Community
An SNMP community is A relationship between an SNMP agent and a set
of SNMP managers that defines Authentication, access control and proxy
The managed system establishes one community for each combination of authentication, access control and proxy
Each community has a unique “community name” Management station uses certain community
name in all get and set operations
2016/2/23 SNM NCHU 75
Authentication and Access Using Community
Authentication The community name (password)
Access policy Community profile SNMP MIB view A subset of MIB objects
SNMP access mode READ-ONLY, READ-WRITE
2016/2/23 SNM NCHU 76
SNMPv1
SNMP Message Version Identifier Community Name Protocol Data Unit
The length of SNMP messages should not exceed 484 octets.
Message ::=SEQUENCE {
version INTEGER {version-1(0)},community OCTET STRING,data ANY
}
Version Community SNMP PDU
2016/2/23 SNM NCHU 77
SNMP AuthenticationCommunity
Relationship between an Agent and Managers.Community Name
Used to validate the SNMP messages. SNMP Password. Default ‘Get’ community name: “public”.
Authentication Failure Agent sends “Authentication Failure Trap” to
Manager.
2016/2/23 SNM NCHU 78
SNMPv1 PDU PDU ::= SEQUENCE { request-id INTEGER, error-status INTEGER { noError(0), tooBig(1), noSuchName(2), badValue(3), readOnly(4) genErr(5)}, error-index INTEGER, variable-bindings SEQUENCE OF { name ObjectName, value ObjectSyntax } }
GetRquest :GetNextRequest :
GetResponse :SetRequest :
Trap :
[0] PDU[1] PDU[2] PDU[3] PDU[4] Trap-PDU
Five SNMP PDUs:
PDU: Protocol Data Unit
2016/2/23 SNM NCHU 79
SNMPv1 PDU (cont.)
PDU type request-id 0 0 variable-bindings
GetRequest, GetNextRequest, SetRequest
PDU type request-id error-status error-index variable-bindingsGetResponse
variable-bindingsname value name value name value. . .
2016/2/23 SNM NCHU 80
Trap-PDUTrap-PDU ::= [4]
IMPLICIT SEQUENCE {enterprise OBJECT IDENTIFIER,agent-addr NetworkAddress,generic-trap INTEGER {
coldStart(0),warmStart(1),linkDown(2),linkUp(3),authenticationFailure(4),egpNeighborLoss(5),enterpriseSpecific(6)},
specific-trap INTEGER,time-stamp TimeTicks,variable-bindings VarBindList
}
Enterprise:Type of Object generating trap.
Agent Address:Address of object generating trap.
Generic Trap:Generic trap type.
Specific Trap:Enterprise specific trap.
Time Stamp:Time elapsed between the last initialization of the network entity andthe generation of the trap.
Variable Bindings“Interesting” information
PDU type enterprise agent-addr generic-trap variable-bindingsspecific-traptime-stamp
2016/2/23 SNM NCHU 81
How does a Manager do?
Translates Internal Data to
ASN.1 Format
Sends RequestPDU to Agent
Translates ASN.1Package to Internal
Data Format
Received ResponsePDU from Agent
NMApplication
NMApplication
Agent
Agent
Manager
2016/2/23 SNM NCHU 82
How does an Agent do?
Received SNMP Request PDU from Manager
Translates ASN.1Structure to
Internal Data
Maps MIB Variables to
Internal Variables
Sends SNMP Response PDU
to Manager
Translates ResponsePDU to ASN.1
Format
Implement SNMP Request to Set orGet MIB Value
FromManager
ToManager
Agent
2016/2/23 SNM NCHU 83
Main Loop of Agent (1/2) Agent waits for an incoming datagram in Port 161 Reads the datagram from UDP and notes the
transport address of the sending entity. Increments the QUANTUM to keep track of the
logical request-id being processed by agent De-serializes the datagram into an ASN.1 structure. If
error occurs, log error and discard packet. The ASN.1 structure is translated into SNMP
message. If error occurs, log error and discard packet. Check on VERSION-NUMBER field. If error occurs,
log error and discard packet.
2016/2/23 SNM NCHU 84
Main Loop of Agent (2/2)Community name is looked up.
If community is unknown to agent, agent send authentication trap to Manager station in Port 162; log error and discard packet.
Agent loops through list of variables in the request. If no protocol type is found, return a get-response with
error noSuchName and discard package. Once protocol type is found, operation is checked against
community profile. If mismatch, return get-response with error noSuchName or readOnly and discard package.
Otherwise, agent invokes access routine to perform the desired operation.
2016/2/23 SNM NCHU 85
Transmission of an SNMP Message
Actions taken by a Transmitter: The PDU is constructed, using the ASN.1
structure defined in RFC 1157. This PDU is then passed to an authentication
service. The authentication service then performs any required transformation for this exchange.
The protocol entity then constructs a message, consisting of a version field, the community name, and the results from the last step.
This new ASN.1 object is then encoded using the BER and passed to the transport service.
2016/2/23 SNM NCHU 86
Receipt of an SNMP Message Actions taken by a Receiver: It does a basic syntax-check of the message and discards
the message if it fails to parse. It verifies the version number and discards the message if
there is a mismatch. The protocol entity then passes the user name, the PDU
portion of the message and the source and destination transport addresses to an authentication service. If authentication fails, the authentication service signals the
SNMP protocol entity, witch generates a trap and discards the message.
If authentication succeeds, the authentication service returns aPDU in the form of an ASN.1 object.
The protocol entity does a basic syntax-check of the PDU and using the named community, the appropriate SNMP access policy is selected and the PDU is processed.
2016/2/23 SNM NCHU 87
What's New in SNMPv2 No more Trap PDU, 3 New PDUs: getBulkReq, InformReq, SNMPv2-Trap
Added Security 18 Error Status Values (versus 6 in SNMPv1) SNMPv2 SMI / SNMPv2 MIB M-to-M Communications Enhanced Table Operations ...
(details until we talk about SNMPv3)
2016/2/23 SNM NCHU 88
OBJECT-TYPE MACRO ::=BEGIN
TYPE NOTATION ::="SYNTAX" SyntaxUnitsPart"MAX-ACCESS" Access"STATUS" Status"DESCRIPTION" TextReferPartIndexPartDefValPart
VALUE NOTATION ::=value(VALUE ObjectName)
Syntax ::= -- Must be one of the following:-- a base type (or its refinement),-- a textual convention (or its refinement),
or-- a BITS pseudo-type
type| "BITS" "{" NamedBits "}"
NamedBits ::= NamedBit| NamedBits "," NamedBit
NamedBit ::= identifier "(" number ")" -- number is nonnegative
UnitsPart ::="UNITS" Text
| empty
Access ::="not-accessible"
| "accessible-for-notify"| "read-only"| "read-write"| "read-create"
Status ::="current"
| "deprecated"| "obsolete"
ReferPart ::="REFERENCE" Text
| empty
IndexPart ::="INDEX" "{" IndexTypes "}"
| "AUGMENTS" "{" Entry "}"| empty
IndexTypes ::=IndexType
| IndexTypes "," IndexTypeIndexType ::=
"IMPLIED" Index| Index
Index ::=-- use the SYNTAX value of the-- correspondent OBJECT-TYPE invocation
value(ObjectName)Entry ::=
-- use the INDEX value of the-- correspondent OBJECT-TYPE invocation
value(ObjectName)
DefValPart ::= "DEFVAL" "{" Defvalue "}"| empty
Defvalue ::= -- must be valid for the type specified in-- SYNTAX clause of same OBJECT-TYPE macrovalue(ObjectSyntax)
| "{" BitsValue "}"
BitsValue ::= BitNames| empty
BitNames ::= BitName| BitNames "," BitName
BitName ::= identifier
-- a character string as defined in section 3.1.1Text ::= value(IA5String)
END
SNMPv2 macro for object definition
2016/2/23 SNM NCHU 89
ObjectName ::=OBJECT IDENTIFIER
NotificationName ::=OBJECT IDENTIFIER
-- syntax of objects-- the "base types" defined here are:-- 3 built-in ASN.1 types: INTEGER, OCTET STRING, OBJECT IDENTIFIER-- 8 application-defined types: Integer32, IpAddress, Counter32,-- Gauge32, Unsigned32, TimeTicks, Opaque, and Counter64ObjectSyntax ::=
CHOICE {simple
SimpleSyntax,-- note that SEQUENCEs for conceptual tables and-- rows are not mentioned here...
application-wideApplicationSyntax
}
-- built-in ASN.1 typesSimpleSyntax ::=
CHOICE {-- INTEGERs with a more restrictive range-- may also be usedinteger-value -- includes Integer32
INTEGER (-2147483648..2147483647),-- OCTET STRINGs with a more restrictive size-- may also be usedstring-value
OCTET STRING (SIZE (0..65535)),objectID-value
OBJECT IDENTIFIER}
-- indistinguishable from INTEGER, but never needs more than-- 32-bits for a two's complement representationInteger32 ::=
INTEGER (-2147483648..2147483647)
-- application-wide types
ApplicationSyntax ::=CHOICE {
ipAddress-valueIpAddress,
counter-valueCounter32,
timeticks-valueTimeTicks,
arbitrary-valueOpaque,
big-counter-valueCounter64,
unsigned-integer-value -- includes Gauge32Unsigned32
}
-- in network-byte order-- (this is a tagged type for historical reasons)IpAddress ::=
[APPLICATION 0]IMPLICIT OCTET STRING (SIZE (4))
-- this wrapsCounter32 ::=
[APPLICATION 1]IMPLICIT INTEGER (0..4294967295)
-- this doesn't wrapGauge32 ::=
[APPLICATION 2]IMPLICIT INTEGER (0..4294967295)
-- an unsigned 32-bit quantity-- indistinguishable from Gauge32Unsigned32 ::=
[APPLICATION 2]IMPLICIT INTEGER (0..4294967295)
Definitions associated with SNMPv2 macro for object definition
2016/2/23 SNM NCHU 90
-- hundredths of seconds since an epochTimeTicks ::=
[APPLICATION 3]IMPLICIT INTEGER (0..4294967295)
-- for backward-compatibility onlyOpaque ::=
[APPLICATION 4]IMPLICIT OCTET STRING
-- for counters that wrap in less than one hour with only 32 bitsCounter64 ::=
[APPLICATION 6]IMPLICIT INTEGER
(0..18446744073709551615)
2016/2/23 SNM NCHU 91
APPENDIX:Abstract Syntax Notation One (ASN.1) ASN.1: ISO/ITU-T Standards: ISO 8824/ITU-T X.208
Abstract Syntax: Use a syntax to define data/data structure
independent of machine-oriented structures and restrictions.
Use in SNMP Define SNMP PDU format Define management information (MIB)
2016/2/23 SNM NCHU 92
What are defined using ASN.1
Types: data structures e.g. Counter, Gauge, IpAddess, ...
Values: instances (variables) of a type e.g. sysContact, ifTable, ifSpeed, ...
Macros: used to change the actual grammar of ASN.1 e.g. OBJECT-TYPE, ACCESS, ...
2016/2/23 SNM NCHU 93
Modules
Module: A collection of ASN.1 descriptions Module Structure <module name> DEFINITION ::=
BEGIN<module body>END
Example EmptyModule DEFINITION ::=
BEGIN…END
2016/2/23 SNM NCHU 94
Tags and Types (1)
Tags Every type defined in ASN.1 is assigned a tag Tag = Class + P/C + Number Class: (Bit 8,7 in BER tag) Universal 0 0 Application 0 1 Context-specific 1 0 Private 1 1
P/C: primitive or constructed ASN.1 type Number: non-negative Integer
BER: Basic Encoding Rules
2016/2/23 SNM NCHU 95
Tags and Types (2)Universal Tag ASN.1 Type
1 BOOLEAN2 INTEGER3 BIT STRING4 OCTET STRING5 NULL6 OBJECT IDENTIFIER7 ObjectDescriptor8 EXTERNAL9 REAL10 ENUMERATED12-15 Reserved16 SEQUENCE, SEQUENCE OF17 SET, SET OF
Universal Tag ASN.1 Type18 NumericString19 PrintableString20 TeletexString21 VediotextString22 IA5String23 UTCTime24 GeneralizeTime25 GraphicString26 VisssibleString27 GeneralString28 CharacterString29-... Reserved
2016/2/23 SNM NCHU 96
Tags and Types (3) An ASN.1 type is either primitive or constructed If it is a primitive type, it may be sent either in a
primitive form (encoded in a single collection of octets) or in a constructed form (a resulting octet-encoding is sent).
If it is a constructed type, it is always sent in a constructed form. In most cases, SEQUENCE and SEQUENCE OF are two typical constructed types.
2016/2/23 SNM NCHU 97
Tags and Types (4) If the length of the encoding is known, it is termed the
definite form. Primitive encoding always uses definite form for primitive types.
If the length isn’t known ahead of time and that the receiving process should look for a special sequence of octets, end-of-contents, to detect the end of value, it is in indefinite form.
2nd way to calculate the length is to make two passes through the data, which could be inefficient.
If the value is less than 128, one octet is used to encode the length. If the length is longer, the msb of the first octet is set to 1, and remaining 7 bits indicates how many octets follow in the length field.
2016/2/23 SNM NCHU 98
Values in ASN.1
General format of a value assignment <valuereference> <type> ::= <value>
Examples: BOOLEAN Married ::= BOOLEAN currentStatus Married ::= FALSE
INTEGER Color ::= INTEGER{red (0), blue (1), yellow (2)} defaultColor Color ::= 1 defaultColor Color ::= blue
2016/2/23 SNM NCHU 99
Basic Encode Rules (BER) An ASN.1 encoding rule ISO/ITU-T Standards: ISO 8825/ITU-T X.209 Values from any abstract syntax defined using
ASN.1 can be encoded with BER BER uses Tag, Length, Value (TLV) encoding Tag: “identifier”, Length: length of content, Value:
“contents” Each value may itself be made up of one or
more TLV-encoded values
T TL TL V V
V
L
2016/2/23 SNM NCHU 100
BER Examples
Example 1 (from simple book) Example 2 (from W. Stallings)