Transcript encoding
Simple Network Management
Protocol (SNMP)
1
Contents
Define and describe the functions of managed devices,
agents, and NMSs in an SNMP managed network
Describe the four key SNMP commands
Read, Write, Trap, and Traversal operations
Define and describe the functions of the MIB, managed
objects, and object identifiers
Abstract Syntax Notation One (ASN.1)
Discuss ASN.1 and its function in network management
Identify the function of ASN.1 in relation to SNMP
Identify the key differences between SNMPv1, SNMPv2
and SNMPv3 in the area of protocol operations
2
SNMP Overview
An application layer protocol that facilitates the exchange
of management information between network devices.
Part of the Transmission Control Protocol/ Internet
Protocol (TCP/IP) protocol suite.
Allows network administrators to manage network
performance, find and solve network problems, and plan
for network growth.
In 1988, the Internet Activities Board (IAB) committee
proposed the SNMP as the short-term solution for network
management.
Since then, the simple structure and good performance of
SNMP has make it popular around the world. It is likely
that SNMP will be a long-term solution.
3
Popularity of SNMP
Simplicity: easy to learn and inexpensive to implement,
no rigid administrative structure
Wide industry Support: support network using TCP/IP,
because of popularity of Internet, hundreds of vendors
supports SNMP
Efficient use of resource: requires low memory and
CPU cycles
Standardization and stability: a standard supported
by IAB and is a relatively stable protocol
Centralized administration: based on query-response
mechanism, allow administrator to manage a large
network from one location
Portability: enables transparent management on devices
which can be hardware and software.
4
SNMP Basic Components
Key components
of a SNMP
managed
network are:
Management
Entity
(manager)
Managed
Device
Agent
Management
database
5
Network Management Entity
An network management entity (manager)
executes SNMP client applications that
monitor and control managed devices.
They provide the bulk of the processing and
memory resources required for network
management.
One or more NMSs must exist on any managed
network.
Many NMS are available in the market
usually support both Unix and Windows
support both command line and GUI
Command line interface: Microsoft SNMPUTIL
GUI: SunNet Manager, HP OpenView
support FCAPS model
6
Common NMS applications
Popular NMS supporting SNMP
WhatsUp Gold: pupular, low cost,
simple. Buddle with Cisco NMS
Scotty: popular in Unix/Linux.
Written in TCL/TK. Support both
SNMPv1, SNMPv2 and SNMPv3
HP OpenView: industrial standard.
Enterprise grade NMS, support
3rd party tools. e.g. Synoptics
Optivity Tools to improve NM
functionality of Synoptics devices
IBM Netview: developed in 1986.
mainly to support IBM
mainframes
SunNet Manager: use proxy
agent to gather information
about non-Sun machines.
7
Managed Device
a network node that contains an agent that
run SNMP server program.
collects and stores management information
and make this information available to network
management systems (NMSs) using SNMP.
a.k.a network elements, can be routers and
access servers, switches and bridges, hubs,
computer hosts, or printers
8
Agent
An agent is a network management software
module that resides in a managed device.
It is basically a SNMP server program
keep network information in its database
translates that information into a form compatible
with SNMP
send warning to NM manager if there is an
unusual situation
9
Versions of SNMP
SNMP Version 1
(SNMPv1)
SNMP Version 2
(SNMPv2)
Both versions have a
number of features in
common.
SNMPv2 offers such
enhancements as
additional protocol
operations
10
SNMP Basic Commands
Managed devices are monitored and
controlled using 3 basic SNMP
commands:
Read
GetRequest
Traversal
Operations
GetNext
GetBulk (in
SNMPv2)
Write
SetRequest
11
SNMP Read
The read command is used by a network
management system (NMS) to monitor
managed devices.
For instance, application programs in Linux
(e.g. net-SNMP) such as:
Snmpget – specifies a single variable by name,
i.e. system.sysDescr
Get at ip X, OID=1.3.6.1.2.1.1.1
Response return value “cisco 5505”
Snmpwalk – reads a portion of the MIB subtree from a device
12
SNMP Write
The write command is used by an NMS to
control managed devices.
The NMS changes the values of variables
stored within managed devices.
Snmpset
$ /opt/OV/bin/snmpset -c private
orarouter1 .1.3.6.1.2.1.1.4.0 \
octetstring "Meg A. Byte 555-1212"
system.sysContact.0 : DISPLAY STRING- (ascii):
Meg A. Byte 555-1212
13
SNMP Traps
The trap command is used by managed
device to asynchronously report events to the
NMS.
When certain types of events occur, a
managed device sends a trap to the NMS
7 Trap Types are defined
coldStart (0)
warmStart (1)
linkDown (2)
linkUp (3)
authenticationFailure (4)
egpNeighborLoss (5)
enterpriseSpecific (6)
14
SNMP Traps (2)
agent send the trap in the following situation
coldStart (0)
Agent send the trap when initializing itself
warmStart (1)
agent send the trap when re-initalizing itself
linkDown (2)
specific link on the source device has failed
linkUp (3)
specific link on the source device has come up
15
SNMP Traps (3)
authenticationFailure (4)
agent determines that a request does not
provide proper authentication (e.g. wrong
SNMP community string)
egpNeighborLoss (5)
agent report the loss of an EGP neighbor
enterpriseSpecific (6)
implemented by a vendor to provide additional
functionality that complements the generic
traps.
16
SNMP - Traversal Operations
Traversal operations are used by the NMS to
determine which variables a managed device
supports and to sequentially gather
information in variable tables (such as a
routing table).
Snmpget-next – specifies OID, but value returned
is next lexicographic OID and its value
Get-next sysDescr, and you get sysObjectId
Get-next sysObjectId and you get sysUpTime
17
Structure of Management
Information (SMI)
18
SMI overview
For manager / agent paradigm, managed network
objects must be logically accessible
Management information must be stored in such a way it
can be easily retrievable and modifiable
SNMP performs the retrieval and modification
SMI determine the way information is organized
SMI is a master document explains how the name,
structure, and encode SNMP management
information
SMI states each managed object must satisfy the
following requirements:
must have a name, syntax and encoding
19
SMI functions
to name objects
Name: MIB composes of a sequence of identifier which can
uniquely identifies the object
to define the type of data that can be stored in an
object
Syntax: defines the data type (or grammar) of a object, such
as an integer, a string of a octets
to show how to encode data for transmission over
the network
Encoding: describe how information associated with the
managed objects is serialized for transmission between
machines
20
SNMP and SMI
SMI’s implementation in SNMP
The names used for called object identifier
(OID) – a human readable format
The syntax used for SNMP is called ASN.1
The encoding used for SNMP is called BER (Basic
Encoding Rules)
21
Object Name: OID and OID tree
An object identifier (or object ID)
uniquely identifies a managed object in
the MIB hierarchy.
The MIB hierarchy can be depicted as
a tree, with a nameless root, the levels
of which are assigned by different
root (unamed)
ITU
0
define the properties of the managed
object
iso.org.dod.internet.mgmt.mib
<=>1.3.6.1.2.1
ITU-iso
2
org
3
dod
6
organizations.
MIB is a collection of OID that is
organized hierarchically.
iso
1
internet
1
directory
1
mgmt
2
experimental
3
private
4
mib
1
enterprise
1
cisco
9
22
Data type - ASN.1
The 2nd attribute of an object is the data type.
SMI uses some fundamental of ASN.1 definitions but
also adds some new definitions
Abstract Syntax Notation One (ASN.1) is a language that
consistently represents the managed objects of a
Management Information Base (MIB) in a machineindependent format.
ASN.1 uses variables and statement similar to that other
programming language.
can be considered as a meta-language
provide a vendor-neutral, cross-platform standard-based
languages that allows developers to describe the workings of
protocols, systems and machines.
ASN.1 is the basis for a human-readable syntax of MIB tree
The use of a consistent language like ASN.1 allows different
types of computers to successfully share information
between computers more efficient
23
ASN.1 (2)
ASN.1 is a data representation format used by
SNMP to create actual MIB object
ASN.1 existed long before SNMP, MIB of SNMP
was developed to make the full advantages of
ASN.1
ASN.1 is defined as part of the Open Systems
Interconnection (OSI) specification described in
the ISO 8824 standard.
Management protocols, such as the SNMP, use
ASN.1 to define both the packets exchanged by
the management protocol and the objects that
are to be managed.
24
Types of Managed Objects
simple type
scalar object
define a single object
instance.
1st three taken directly from
ASN.1, the four other added
by SMI
Integer (4 bytes)
String (variable)
ObjectIdentifier (variable)
IPAddress (4 bytes)
Counter (4 bytes)
Gauge (4 bytes)
TimeTicks (4 bytes)
structured type
combine simple and
structured data types
SMI define TWO structured
data types: sequence and
sequence of
Sequence: A sequence data
type is a combination of
simple data types. (c.f. a
record used in C)
Sequence of: A sequence of
data type is a combination of
simple type (of the same
types). (c.f. array in C)
25
Simple data type
Simple Data Type : three simple data types defined in the ASN.1, all
of which are unique values, the other four defined by SMI:
Integers – These values are signed integers in the range of 2,147,483,648 to 2,147,483,647.
Octet strings – These strings are an ordered sequence of zero to 65,535
octets.
Object IDs – These values are from the set of all object identifiers
allocated according to the rules specified in ASN.1.
Network addresses - A Network addresses represent an address from a
particular protocol family. SNMPv1 supports only 32-bit IP addresses.
Counters - Counters are nonnegative integers that increase until they
reach a maximum value, and then return to zero. In SNMPv1, a 32-bit
counter size is specified.
Gauges - Gauges are nonnegative integers that can increase or decrease,
but retain the maximum value reached.
Time ticks - A time tick represents a hundredth of a second since some
event.
26
Encoding method
SMI user Basic Encoding Rules (BER), to
encode data to be transmitted over the
network.
Data encoded into 3 parts
Tag (1 byte) - 3 sub-field
class (2 bit), format (1 bit), and number (5 bit)
Length
one or more bytes
Value
code the value of data according to rules defined in BER
27
Encoding Tag
Tag: 1 byte
Class (2bit) + format (1bit) + Number (5 bit)
Data type
Integer
String
OID
Sequence,
sequence of
IPAddress
Counter
Gauge
TimeTics
class
00
00
00
00
format
0
0
0
1
Number
00010
00100
00110
10000
Tag (bin)
00000010
00000100
00000110
00110000
01
01
01
01
0
0
0
0
00000
00001
00010
00011
01000000
01000001
01000010
01000011
Tag(Hex)
02
04
06
30
40
41
42
43
28
SMI encoding method for Tag
based on Basic Encoding Rule (BER), to encode
data to be transmitted over the network
format
tag: 1 byte. Class (2bit) + format (1bit) + Number (5
bit)
length: 1 or more byte.
value: depends of the object
29
Encoding length
The length field is one or more bytes.
If it is one byte, the most significant bit must be 0. The other 7
bits define the length of the data
If it is more than one byte, the MSB of the first byte must be 1.
The other 7 bits of the first byte define the number of bytes
needed to be define the length. sequence of
30
Encoding Value
The value field codes the value of the
data according to the rules defined in
BER
The followings are examples that show
how these 3 fields: tag, length and
value are encoded
31
SMI encoding method : examples
For example: integer 14
02 04 0 0 0 0E Integer + 4 byte value + 0 0 0 14
For example : message “HI”
04
02 48 49
String + 2 byte value + “H” + “I”
format : OID 1.3.6.1
06 04 01 03 06 01
format : IPAddress 131.21.14.8
40 04 83 15 0E 08
tag length
value
32
Encoding exercise
Show how the following array
(sequence of) integer is encoded
2345
1236
122
1236
See note page for answer
33
Encoding exercise #2
Show how following record (sequence) is
encoded
Integer String
IP Address
2345 “COMPUTER” 185.32.1.5
See answer in note page
34
MIB
MIB is another key component used in
network management
Object Name / Descriptor
objects in MIB are categorized under 11
different group (only 8 in SNMPv1)
35
MIB-I
MIB-I
developed in 1988 (RFC1156 and RFC1212).
defined more than 100 configurable managed
objects
8 object groups
system object group (1.3.6.1.2.1.1)
Interface object group (1.3.6.1.2.1.2)
Address translation object group (1.3.6.1.2.1.3)
IP object group (1.3.6.1.2.1.4)
ICMP object group (1.3.6.1.2.1.5)
TCP object group (1.3.6.1.2.1.6)
UDP object group (1.3.6.1.2.1.7)
EGP object group (1.3.6.1.2.1.8)
36
MIB-II
developed in 1990 (RFC 1158 and RFC 1213)
A total of 11 object groups and contains 171
objects
superset of MIB-I and provide additional
functionality required SNMPv2
New object group in MIB-II
Transmission object group (1.3.6.1.2.1.10)
SNMP object group (1.3.6.1.2.1.11)
37
MIB-II (2)
38
Details of MIB objects
Here are some example of key groups (5 other are not described here)
System Group 1.3.2.1.2.1.1
Give information about the whole system
sysDesc, SysObjectID, sysUpTime, sysContact, sysName, SysLocation, sysService
Interface Group 1.3.2.1.2.1.2
Give infomration about the interface
inNumber -> ifIndex, ifDescr … InOutLen, ifSpecific (total 22)
IP Group 1.3.2.1.2.1.4
Defines the pieces of information kept by the IP packet
ipForwarding, ipDefaultTTL, ipInReceive, ipInHdrErrors … ipFragCreates,
ipRoutingDiscards (total 20) + ipAddrTable (5 sub varables)+ ipRouteTable (13 subvariables)+ipNetMedia (3 sub variables)
ICMP Group 1.3.2.1.2.1.5
ICMP group stores information about the ICMP package
icmpInMsgs, icmpInErrors, … icmpOutAddrMaskReps (total 26)
TCP Group 1.3.2.1.2.1.6
TCP group stores information about the TCP segments
tcpRtoAlgroithm, tcpRtoMin, … tcpOutRsts (total 14)+ tcpConnState (5 sub-variables)
UDP Group 1.3.2.1.2.1.7
UDP group stores information about the UDP datagram
udpInDatagram, UdpNoPorts, udpInErrors, udpOutDatagrams (total 4) + udpTables
39
(2 sub variables)
Access MIB variables from udp
group
40
Access MIB variables from udp
group (2)
Use UDP group (1.3.6.1.2.1.7) as an example
4 simple variables
1 sequence of (table)
udpInDatagram 1.3.6.1.2.1.7.1
udpNoPort 1.3.6.1.2.1.7.2
udpInError 1.3.6.1.2.1.7.3
udpOutDatagram 1.3.6.1.2.1.7.4
udpTable 1.3.6.1.2.1.7.5
1.3.6.1.2.1.7.1
1.3.6.1.2.1.7.2
1.3.6.1.2.1.7.3
1.3.6.1.2.1.7.4
udpEntry 1.3.6.1.2.1.7.5.1
udpLocal Address 1.3.6.1.2.1.7.5.1.1
udpLocal Port 1.3.6.1.2.1.7.5.1.2
1.3.6.1.2.1.7.5
41
Access MIB instance
OID only define variable, not the instance
(contents)
to show the instance or the contents of each
variable
add instance suffix
for simple variable : add a zero
To access the instance (or the contents) of udp
group, use the following:
udpInDatagrams.0 => 1.3.6.1.2.1.7.1.0
udpNoPort.0 => 1.3.6.1.2.1.7.2.0
udpInError.0 => 1.3.6.1.2.1.7.3.0
udpOutDatagram.0 => 1.3.6.1.2.1.7.4.0
42
Access MIB instance (2)
To identify a udp table
udpTable => 1.3.6.1.2.1.7.5
udpEntry => 1.3.6.1.2.1.7.5.1
udpLocalAddress => 1.3.6.1.2.1.7.5.1.1
udpLocalPoart => 1.3.6.1.2.1.7.5.1.2
There are many udp entries, to access to each of these entries,
use the index.
In MIB, the index is not an integer. The indexes are based
on the value of one or more fields in the entries.
Show figure
To access the instance of the local address for the 1st row,
use the OID
udpLocalAddress.181.23.45.14.23
43
Index for updTable
updTable
1.3.6.1.2.1.7.5
udpEntry
1.3.6.1.2.1.7.5.1
udpLocalAddress
udplocalPort
Each of these are
with same OID
How to resolve
which is which?
181.23.45.14
23
192.13.5.10
161
227.2.45.18
180
230.20.5.24
212
44
Index for updTable (2)
To access the instance of
the local address for the
1st row, we use the OID
augmented with the
instance index:
udpLocalAddress.181.23.4
5.14.23
That is
1.3.6.1.2.1.7.5.1.1.181.23.
45.14.23
Note that not all tables are
indexed the same way.
Some tables are indexed
using the value of one
field, some suing the value
of two fields, and so on.
1.3.6.1.2.1.7.5.1.1.181.23.45.14.23
181.23.45.14
23
1.3.6.1.2.1.7.5.1.1.192.13.5.10.161
192.13.5.10
161
1.3.6.1.2.1.7.5.1.1.227.2.45.18.180
227.2.45.18
180
1.3.6.1.2.1.7.5.1.1.230.20.5.24.212
230.20.5.24
212
45
Index for updTable (3)
Tables are
ordered
according to
column-row
rules, which
means one
should go
column by
column as
shown in figure
1.3.6.1.2.1.7.5.1.1.181.23.45.14.23
181.23.45.14
23
1.3.6.1.2.1.7.5.1.1.192.13.5.10.161
192.13.5.10
161
1.3.6.1.2.1.7.5.1.1.227.2.45.18.180
227.2.45.18
180
1.3.6.1.2.1.7.5.1.1.230.20.5.24.212
230.20.5.24
212
46
SNMP ver 1
47
SNMP Version 1
SNMPv1 is the initial implementation of the SNMP protocol.
Based on 4 RFCs
RFC-1155: Structure of Management Information
RFC-1157: Simple Network Management Protocol
RFC-1212: Concise MIB Definitions
RFC-1213: Management Information Base II
Operates over such protocols
User datagram Protocol (UDP)
Internet Protocol (IP)
OSI Connectionless Network Service (CLNS)
Apple Talk Datagram Delivery Protocol (DDP)
Novell Internet Packet Exchange (IPX).
48
SNMPv1 Protocol Operation
SNMP is a simple request-response protocol.
The network management system issues a request, and managed
devices return responses.
This behavior is implemented using protocol operations.
SNMP message has the format:
Version Number
Community Name - kind of a password
One or more SNMP PDUs - assuming trivial authentication
SNMPv1 defines five protocol operations:
Get (Request)
GetNext (Request)
Set (Request)
Get (Response)
Trap
49
SNMPv1 message
50
SNMPv1 Protocol Operation (2)
Get (Request)
This operation is used by the NMS to retrieve the
value of one or more object instances from an
agent.
If the agent responding to Get operation cannot provide
values for all of the object instances in a list, it does not
provide any values.
GetNext (Request)
This operation is used by the NMS to retrieve the
value of the next object instance in a table or list
within an agent.
It is useful for NMS when it does not know the
indexes of entries.
51
SNMPv1 Protocol Operation (3)
Set (Request)
This operation is used by the NMS to set the
values of object instances within an agent.
Get (Response)
This operation is also used by agents to response
to Get (Request) and GetNext (Request) from
manager
Trap
This operation is used by agents to
asynchronously inform the NMS of a significant
event.
For example, if the agent is rebooted, it informs
the manager and reports the time of rebooting.
52
SNMP message format
SNMP message divided into
four parts: version, header,
security parameter and data
SNMP version
version number (SNMPv1,
SNMPv2 or SNMPv3)
SNMP Header
community string
SNMP security parameter
SNMP Data
Context Engine ID
Context Name
PDU (see next page)
53
SNMP PDU
Each SNMP PDU (except trap)
has the following format:
PDU type
request id - request sequence
number
error status - zero if no error
otherwise one of a small set
error index - if non zero
indicates which of the OIDs in
the PDU caused the error2
variable bind-list
variable name - OIDs
values - values are null for get and
54
SNMP PDU (trap)
SNMP Trap PDUs have the following format:
enterprise - identifies the type of object causing
the trap
agent address - IP address of agent which sent
the trap
generic trap id - the common standard traps
specific trap id - proprietary or enterprise trap
time stamp - when trap occurred in time ticks
variable bind-list
variable name - OIDs
values - values are null for get and get next
55
Encoding SNMP message
To encode a message, SNMP also uses the BER standard
Message are defined using tags
class
format
number => for different type of message
Data
GetRequest
GetNextRequest
GetResponse
SetRequest
Trap
class format Number Tag (bin)
10
10
10
10
10
1
1
1
1
1
00000
00001
00010
00011
00111
10100000
10100001
10100010
10100011
10100111
Tag(Hex)
A0
A1
A2
A3
A7
56
Examples for GetRequest Message
a manager station (snmp client) uses
the GetRequest message to retrieve the
number of UDP datagrams that a router
has received.
The agent (SNMP server) of the router
responses with a GetResponse message
57
Example: encoding GetRequest
GetRequest (from NM station to router)
30 33
02 04 00 00 00 00
04 06 70 75 62 6C 69 63
A0 23
02
02
02
30
04 00 01 06 11
04 00 00 00 00
04 00 00 00 00
0F
30 0D
06 09 010306010201070100
05 00
sequence of length 51=33
(30 is tag for sequence of)
integer of length 4, ver 0
(02 is tag for integer)
string of length 6, “public”
(04 is tag for string)
GetRequest (A0), length 35=23
integer of length 4, request 00010611
integer of length 4, error status=0
integer of length 4, error index=0
sequence of length 15
sequence of length 13
objectID of length 9, udpInDatagram
(1.3.6.1.2.1.7.1.0)
null entity of length 0
58
Example: encoding GetResponse
GetResponse (from router to NM Station)
30 37
02 04 00 00 00 00
04 06 70 75 62 6C 69 63
A2 27
02
02
02
30
04 00 01 06 11
04 00 00 00 00
04 00 00 00 00
13
30 11
06 09 010306010201070100
41 04 00 00 12 11
sequence of length 37(hex), 55(dec)
integer of length 4, ver 0
string of length 6, “public”
GetResponse (A2), length 39=27h
integer of length 4, request 00010611
integer of length 4, error status=0
integer of length 4, error index=0
sequence of length 19=13(hex)
sequence of length 17=11(hex)
objectID of length 9, udpInDatagram
(1.3.6.1.2.1.7.1.0)
counter of length 04 with value 12 11
59
Encoding message exercise
Decode the following:
02 04 01 02 14 32
30 0C 02 04 00 00 00 11 02 04 00 00 00 14
30 0B 04 03 41 43 42 02 04 00 00 14 14
30 0C 40 04 23 51 62 71 02 04 00 00 14 12
See answer in note page
60
SNMP Version 2
An evolution of the initial version of SNMPv1.
SNMPv2 functions within the specifications of the
Structure of Management Information (SMI).
In theory, SNMPv2 offers a number of
improvements to SNMPv1, including additional
protocol operations.
SNMPv2 never become a standard because
vendors could not agree on “security”
Different version of SNMPv2 are in use
SNMPv2c <= most popular
SNMPv2u
SNMP2*
61
SNMPv2 and SMI
SMI defines the rules for describing management
information, using ASN.1.
Bit strings
Bit strings are defined only in SNMPv2. They comprise zero or
more named bits that specify a value.
Network addresses
represent an address from a particular protocol family. SNMPv1
supports only 32-bit IP addresses. SNMPv2 can support other
types of addresses as well.
Counters
nonnegative integers that increase until they reach a maximum
value, and then return to zero. In SNMPv1, a 32-bit counter
size is specified. In SNMPv2, 32-bit and 64-bit counters are
defined.
62
SMI Information Models
SNMPv2 SMI also specifies information
modules. SMI information modules specify
a group of related definitions.
There are three types of SMI information
modules:
MIB modules
Compliance statements for MIB modules
Capability statements for agents
63
SMI Information Models (II)
MIB modules
contain definitions of interrelated managed objects.
Compliance statements for MIB modules
provide a systematic way to describe a group of
managed objects that must be implemented for
conformance to a standard.
Capability statements for agents
indicate the precise level of support that an agent
claims with respect to a MIB group. An NMS can adjust
its behavior toward agents according to the capabilities
statements associated with each agent
64
SNMPv2 Protocol Operation
The Get, GetNext, and Set operations used
in SNMPv1 are exactly the same as those
used in SNMPv2.
SNMPv2 Trap operation serves the same
function as that used in SNMPv1. However,
it uses a different message format and is
designed to replace the SNMPv1 Trap.
65
New Protocol Operations in SNMPv2
GetBulk (Request)
This operation is used by the NMS to
efficiently retrieve large blocks of data,
such as multiple rows in a table. GetBulk
fills a response message with as much of
the requested data as will fit.
Inform
This operation allows one NMS to send
Trap information to another NMS and
receive a response.
66
SNMPv3
SNMPv1 and SNMPv2c do not have any security
(that is, authentication or privacy) mechanisms to
keep SNMP packet traffic on the wire confidential.
As a result, packets on the wire can be detected
and SNMP community strings compromised.
Development of SNMPv3 began in late 1997, first
draft was completed in 1998
Important features of SNMPv3
Address the need for security
Inexpensive to deploy a minimal conforming
implementation
new architecture to extend the useful life of SNMP
67
SNMPv3 (II)
The following security features are
provided in SNMPv3:
Message integrity
Ensures that nothing has interfered with a
packet during transmission.
Authentication
Determines that the message is from a valid
source.
Encryption
Scrambles the contents of a packet to prevent
it from being seen by an unauthorized source.
68
SNMPv3 (III)
The SNMPv3 agent can be used in the
following modes:
noAuthNoPriv mode
no security mechanisms turned on for packets, same as
SNMPv1 and SNMPv2c
AuthNoPriv mode
for packets that do not need to be encrypted using the
privacy algorithm [DES 56]
AuthPriv mode
for packets that must be encrypted; privacy requires that
authentication be performed on the packet
69
Summary
Components of network management: NMS,
managed devices (agent, MIB)
Client: NMS (or manager)
Managed device (agent: program executed
(server), and database (MIB)
SNMP: features, versions and basic command
Features: protocol specifics the process of
management in TCP/IP
Versions: SNMPpv1, SNMPv2, SNMPv3
SNMPv1 command: GetRequest, GetNextRequest.
GetResponse, SetReponse, Trap
SNMPv2 command: GetBulk, Inform
70
Summary (2)
NMS (manager) sends Request message: GetRequest,
GetNextRequest and SetRequest
to retrieve single or multiple object variables
to establish the value of a single variable
managed agent (server) sends
a Response message to complete the request: GetResponse
managed agent sends
an event notification, called a trap to the NMS to identify the
occurrence of conditions
Network Management application using SNMP
Provide FCAPS functions
MIB: MIB-1, MIB-II
MIB-1: 8 types
sys, if, at, ip, icmp, tcp, udp, egp
MIB-2: 11 types (in total)
Trans, snmp
71
Further exercise
A manager wants to know the value of
icmpInParmProbs (OID is 1.3.6.1.2.1.5.5) in a
router.
Show the encoding of GetRequest and
GetResponse message if the value is 167(dec).
Note icmpInParmProbs define numbers of parameter
problem messages received (with Counter type: 41)
snmp version 1
Community String is public
Assume the request ID is 67092(dec)
72
Quiz
An OID define variable. Add a zero
suffix is to define _________
Ans: variable contents
73
Quiz
What are the roles of the following fields?
Community
Request ID
Error Status
Error Index
VarBindlist
See answer in note page
74