SNMP - Computer Science and Engineering

Download Report

Transcript SNMP - Computer Science and Engineering

Simple Network
Management Protocol
By - Suparna
Sri
Agenda









Introduction
Network Level Architecture
Operation of Protocol
Applications of Protocol
Event flows
Message Formats
Extensions, Performance & Security Issue
Conclusion
References
Introduction



SNMP is an application layer protocol that
facilitates the exchange of management
information between network devices.
It is used for collecting information from, and
configuring, network devices, such as servers,
printers, hubs, switches, and routers on an
Internet Protocol (IP) network.
SNMP enables network administrators to
manage network performance, find and solve
network problems, and plan for network
growth.
Basic Components of SNMP

NMS (Network Management Station)

Managed Devices

Agents

MIB (Management Information Base)



NMS executes applications that monitor and control managed
devices.
It executes applications that monitor and control managed
devices. One or more NMS’s must exist on any managed
network.
NMS is a general purpose computer running special software



Managed Device is a network node that contains an
SNMP agent and that resides on a managed network.
Managed devices collect and store management information
and make this information available to NMSs using SNMP.
Managed devices, sometimes called network elements, can
be routers and access servers, switches and bridges, hubs,
computer hosts, or printers.


Agents is a network-management software module
that resides in a managed device.
An agent has local knowledge of management
information and translates that information into a
form compatible with SNMP.
Network Level Architecture
MIB Structure

Every management station or an agent in an SNMP
architecture maintains a local database having
information related to the network management.

This virtual information store is called MIB- objects
database

An SNMP MIB contains definitions and information about
the properties of managed resources and the services
that the agents support. The manageable features of
resources, as defined in an SNMP MIB, are called
managed objects
Management Information Base
MIB object identifiers




Each object in the MIB has an object identifier
(OID)
Management station uses ODI to request the
object's value from the agent.
An OID is a sequence of integers that uniquely
identifies a managed object by defining a path
to that object through a tree-like structure
called the OID tree or registration tree.
When an SNMP agent needs to access a
specific managed object, it traverses the OID
tree to find the object.
SNMP ODI Hierarchy Format
Operation of Protocol

Read: It is used by an NMS to monitor managed devices.
The NMS examines different variables that are
maintained by managed devices.

Write: It is used by an NMS to control managed devices.
The NMS changes the values of variables stored within
managed devices.

Trap: The trap command is used by managed devices
to asynchronously report events to the NMS. When
certain types of events occur, a managed device sends a
trap to the NMS.
Operation of the Protocol









Get
Get next
Get-bulk
Set
Set response
Trap
Notification
Inform
Report
‘get’ and ‘getnext’ Operation

The get request is initiated by the NMS, which sends the
request to the agent. The agent receives the request and
processes it to best of its ability.

The get command is useful for retrieving a single MIB
object at a time.

The get-next operation lets you issue a sequence of
commands to retrieve a group of values from a MIB
‘get’ Operation
‘get bulk’ operation




SNMPv2 defined the get-bulk operation which allows a
management application to retrieve a large section of a table at
once.
The standard get operation can attempt to retrieve more than
one MIB object at once, but message sizes are limited by the
agent's capabilities. If the agent can't return all the requested
responses, it returns an error message with no data.
Get bulk command consists of two fields non-repeaters and
max – repetitions and these fields are set when issuing a getbulk command non-repeaters and max-repetitions.
Non-repeaters tells the get-bulk command that the first N
objects can be retrieved with a simple get-next operation. Maxrepetitions tells the get-bulk command to attempt up to M getnext operations to retrieve the remaining objects
‘get bulk’ Operation
‘set’ Operation

The set command is used to change the value of a
managed object or to create a new row in a table. Objects
that are defined in the MIB as read-write or write-only can
be altered or created using this command. It is possible
for an NMS to set more than one object at a time.
‘trap’ Operation


Trap: A trap is a way for an agent to tell the NMS that
something bad has happened.
The trap originates from the agent and is sent to the trap
destination, as configured within the agent itself. The trap
destination is typically the IP address of the NMS.
Scenarios when ‘trap’ occurs

A network interface on the device (where the agent is
running) has gone down.

A network interface on the device (where the agent is
running) has come back up.

An incoming call to a modem rack was unable to
establish a connection to a modem.

The fan on a switch or router has failed.
Generic types of ‘trap’

Coldstart(0) :Indicates that the agent has rebooted. All
management variables will be reset; specifically, Counters and
Gauges will be reset to zero (0). It can also be used to
determine when new hardware is added to the network.

Warmstart(1):Indicates that the agent has reinitialized itself.
None of the management variables will be reset.

Linkdown(2): Sent when an interface on a device goes down.
The first variable binding identifies which interface went down.

Linkup(3): Sent when an interface on a device comes back up.
Generic types of ‘trap’

authenticationFailure(4):Indicates that someone has
tried to query your agent with an incorrect community
string; useful in determining if someone is trying to gain
unauthorized access to one of your devices.

egpNeighborloss(5): Indicates that an Exterior Gateway
Protocol (EGP) neighbor has gone down.

Enterprisespecific(6): Indicates that the trap is
enterprise-specific which are used by SNMP to define
their own traps under the private-enterprise branch of the
SMI object tree.
Other SNMP operations

SNMP notification: As the PDUs of snmpv1,v2 and
v3,notification-type is used as a means of
notification for this.

SNMP inform: inform mechanism provides
communication between manager-manager

SNMP report: Allows the SNMP engines to
communicate with each other mainly to report the
problems with processing SNMP messages
Message Sent Between an SNMP Manager and its Managed Devices
Event Flow of SNMP protocol



Represents Interactions and timing
of the SNMP protocol between the
SNMP manager and the SNMP
agent.
Traps are unsolicited messages sent
from the agent to the manager.
There are four functions of SNMP:
get request, trap, get next and set
request.
Event Flow of SNMP operations
Network Management System
SNMPv3 Applications
Five types of application which can be associated with an SNMP
engine are described in RFC 2273. These applications are :
- Command generators, which monitor and manipulate
management data,
- Command responders, which provide access to
management data,
- Notification originators, which initiate asynchronous
messages,
- Notification receivers, which process asynchronous
messages, and
- Proxy forwarders, which forward messages between
entities.
Flow diagram of Command Generator and Command Responder
PRIMITIVES BETWEEN MODULES
APPLICATIONS
APPLICATIONS
ACCESS
CONTROL
SUBSYSTEM
DISPATCHER
SECURITY
SUBSYSTEM
MESSAGE
PROCESSING
SUBSYSTEM
Parameters
ACCESS
CONTROL
SUBSYSTEM
DISPATCHER
SECURITY
SUBSYSTEM
MESSAGE
PROCESSING
SUBSYSTEM
contextEngineID
contextName
destTransportAddress
destTransportDomain
expectResponse
globalData
maxMessageSize
maxSizeResponseScopedPDU
messageProcessingModel
outgoingMessage
outgoingMessageLength
PDU
pduType
pduVersion
scopedPDU
stateReference
statusInformation
securityEngineID
securityLevel
securityModel
securityName
securityParameters
securityStateReference
sendPduHandle
transportAddress
transportDomain
variableName
viewType
wholeMsg
wholeMsgLength
sendPdu
Parameters
APPLICATIONS
APPLICATIONS
sendPdu
ACCESS
CONTROL
SUBSYSTEM
DISPATCHER
SECURITY
SUBSYSTEM
MESSAGE
PROCESSING
SUBSYSTEM
ACCESS
CONTROL
SUBSYSTEM
DISPATCHER
SECURITY
SUBSYSTEM
MESSAGE
PROCESSING
SUBSYSTEM
contextEngineID
contextName
destTransportAddress
destTransportDomain
expectResponse
globalData
maxMessageSize
maxSizeResponseScopedPDU
messageProcessingModel
outgoingMessage
outgoingMessageLength
PDU
pduType
pduVersion
scopedPDU
stateReference
statusInformation
securityEngineID
securityLevel
securityModel
securityName
securityParameters
securityStateReference
sendPduHandle
transportAddress
transportDomain
variableName
viewType
wholeMsg
wholeMsgLength
prepareOutgoingMessage
APPLICATIONS
Parameters
APPLICATIONS
ACCESS
CONTROL
SUBSYSTEM
DISPATCHER
SECURITY
SUBSYSTEM
MESSAGE
PROCESSING
SUBSYSTEM
prepareOutgoingMessage
ACCESS
CONTROL
SUBSYSTEM
DISPATCHER
SECURITY
SUBSYSTEM
MESSAGE
PROCESSING
SUBSYSTEM
contextEngineID
contextName
destTransportAddress
destTransportDomain
expectResponse
globalData
maxMessageSize
maxSizeResponseScopedPDU
messageProcessingModel
outgoingMessage
outgoingMessageLength
PDU
pduType
pduVersion
scopedPDU
stateReference
statusInformation
securityEngineID
securityLevel
securityModel
securityName
securityParameters
securityStateReference
sendPduHandle
transportAddress
transportDomain
variableName
viewType
wholeMsg
wholeMsgLength
generateRequestMsg
Parameters
APPLICATIONS
APPLICATIONS
ACCESS
CONTROL
SUBSYSTEM
DISPATCHER
SECURITY
SUBSYSTEM
MESSAGE
PROCESSING
SUBSYSTEM
generateRequestMsg
ACCESS
CONTROL
SUBSYSTEM
DISPATCHER
SECURITY
SUBSYSTEM
MESSAGE
PROCESSING
SUBSYSTEM
contextEngineID
contextName
destTransportAddress
destTransportDomain
expectResponse
globalData
maxMessageSize
maxSizeResponseScopedPDU
messageProcessingModel
outgoingMessage
outgoingMessageLength
PDU
pduType
pduVersion
scopedPDU
stateReference
statusInformation
securityEngineID
securityLevel
securityModel
securityName
securityParameters
securityStateReference
sendPduHandle
transportAddress
transportDomain
variableName
viewType
wholeMsg
wholeMsgLength
send / receive
Parameters
APPLICATIONS
APPLICATIONS
ACCESS
CONTROL
SUBSYSTEM
DISPATCHER
SECURITY
SUBSYSTEM
MESSAGE
PROCESSING
SUBSYSTEM
send and receive
ACCESS
CONTROL
SUBSYSTEM
DISPATCHER
SECURITY
SUBSYSTEM
MESSAGE
PROCESSING
SUBSYSTEM
contextEngineID
contextName
destTransportAddress
destTransportDomain
expectResponse
globalData
maxMessageSize
maxSizeResponseScopedPDU
messageProcessingModel
outgoingMessage
outgoingMessageLength
PDU
pduType
pduVersion
scopedPDU
stateReference
statusInformation
securityEngineID
securityLevel
securityModel
securityName
securityParameters
securityStateReference
sendPduHandle
transportAddress
transportDomain
variableName
viewType
wholeMsg
wholeMsgLength
prepareDataElements
APPLICATIONS
Parameters
APPLICATIONS
ACCESS
CONTROL
SUBSYSTEM
DISPATCHER
SECURITY
SUBSYSTEM
MESSAGE
PROCESSING
SUBSYSTEM
ACCESS
CONTROL
SUBSYSTEM
DISPATCHER
SECURITY
SUBSYSTEM
MESSAGE
PROCESSING
SUBSYSTEM
prepareDataElements
contextEngineID
contextName
destTransportAddress
destTransportDomain
expectResponse
globalData
maxMessageSize
maxSizeResponseScopedPDU
messageProcessingModel
outgoingMessage
outgoingMessageLength
PDU
pduType
pduVersion
scopedPDU
stateReference
statusInformation
securityEngineID
securityLevel
securityModel
securityName
securityParameters
securityStateReference
sendPduHandle
transportAddress
transportDomain
variableName
viewType
wholeMsg
wholeMsgLength
processIncomingMsg
Parameters
APPLICATIONS
APPLICATIONS
ACCESS
CONTROL
SUBSYSTEM
DISPATCHER
SECURITY
SUBSYSTEM
MESSAGE
PROCESSING
SUBSYSTEM
ACCESS
CONTROL
SUBSYSTEM
DISPATCHER
SECURITY
SUBSYSTEM
MESSAGE
PROCESSING
SUBSYSTEM
processIncomingMsg
contextEngineID
contextName
destTransportAddress
destTransportDomain
expectResponse
globalData
maxMessageSize
maxSizeResponseScopedPDU
messageProcessingModel
outgoingMessage
outgoingMessageLength
PDU
pduType
pduVersion
scopedPDU
stateReference
statusInformation
securityEngineID
securityLevel
securityModel
securityName
securityParameters
securityStateReference
sendPduHandle
transportAddress
transportDomain
variableName
viewType
wholeMsg
wholeMsgLength
processPd
Parameters
APPLICATIONS
APPLICATIONS
processPdu
ACCESS
CONTROL
SUBSYSTEM
DISPATCHER
SECURITY
SUBSYSTEM
MESSAGE
PROCESSING
SUBSYSTEM
ACCESS
CONTROL
SUBSYSTEM
DISPATCHER
SECURITY
SUBSYSTEM
MESSAGE
PROCESSING
SUBSYSTEM
contextEngineID
contextName
destTransportAddress
destTransportDomain
expectResponse
globalData
maxMessageSize
maxSizeResponseScopedPDU
messageProcessingModel
outgoingMessage
outgoingMessageLength
PDU
pduType
pduVersion
scopedPDU
stateReference
statusInformation
securityEngineID
securityLevel
securityModel
securityName
securityParameters
securityStateReference
sendPduHandle
transportAddress
transportDomain
variableName
viewType
wholeMsg
wholeMsgLength
isAccessAllowed
Parameters
APPLICATIONS
APPLICATIONS
isAccessAllowed
ACCESS
CONTROL
SUBSYSTEM
DISPATCHER
SECURITY
SUBSYSTEM
MESSAGE
PROCESSING
SUBSYSTEM
ACCESS
CONTROL
SUBSYSTEM
DISPATCHER
SECURITY
SUBSYSTEM
MESSAGE
PROCESSING
SUBSYSTEM
contextEngineID
contextName
destTransportAddress
destTransportDomain
expectResponse
globalData
maxMessageSize
maxSizeResponseScopedPDU
messageProcessingModel
outgoingMessage
outgoingMessageLength
PDU
pduType
pduVersion
scopedPDU
stateReference
statusInformation
securityEngineID
securityLevel
securityModel
securityName
securityParameters
securityStateReference
sendPduHandle
transportAddress
transportDomain
variableName
viewType
wholeMsg
wholeMsgLength
returnResponsePdu
Parameters
APPLICATIONS
APPLICATIONS
returnResponsePdu
ACCESS
CONTROL
SUBSYSTEM
DISPATCHER
SECURITY
SUBSYSTEM
MESSAGE
PROCESSING
SUBSYSTEM
ACCESS
CONTROL
SUBSYSTEM
DISPATCHER
SECURITY
SUBSYSTEM
MESSAGE
PROCESSING
SUBSYSTEM
contextEngineID
contextName
destTransportAddress
destTransportDomain
expectResponse
globalData
maxMessageSize
maxSizeResponseScopedPDU
messageProcessingModel
outgoingMessage
outgoingMessageLength
PDU
pduType
pduVersion
scopedPDU
stateReference
statusInformation
securityEngineID
securityLevel
securityModel
securityName
securityParameters
securityStateReference
sendPduHandle
transportAddress
transportDomain
variableName
viewType
wholeMsg
wholeMsgLength
prepareResponseMessage
Parameters
APPLICATIONS
APPLICATIONS
ACCESS
CONTROL
SUBSYSTEM
DISPATCHER
SECURITY
SUBSYSTEM
MESSAGE
PROCESSING
SUBSYSTEM
ACCESS
CONTROL
SUBSYSTEM
DISPATCHER
SECURITY
SUBSYSTEM
MESSAGE
PROCESSING
SUBSYSTEM
prepareResponseMessage
contextEngineID
contextName
destTransportAddress
destTransportDomain
expectResponse
globalData
maxMessageSize
maxSizeResponseScopedPDU
messageProcessingModel
outgoingMessage
outgoingMessageLength
PDU
pduType
pduVersion
scopedPDU
stateReference
statusInformation
securityEngineID
securityLevel
securityModel
securityName
securityParameters
securityStateReference
sendPduHandle
transportAddress
transportDomain
variableName
viewType
wholeMsg
wholeMsgLength
generateResponseMsg
Parameters
APPLICATIONS
APPLICATIONS
ACCESS
CONTROL
SUBSYSTEM
DISPATCHER
SECURITY
SUBSYSTEM
MESSAGE
PROCESSING
SUBSYSTEM
ACCESS
CONTROL
SUBSYSTEM
DISPATCHER
SECURITY
SUBSYSTEM
MESSAGE
PROCESSING
SUBSYSTEM
generateResponseMsg
contextEngineID
contextName
destTransportAddress
destTransportDomain
expectResponse
globalData
maxMessageSize
maxSizeResponseScopedPDU
messageProcessingModel
outgoingMessage
outgoingMessageLength
PDU
pduType
pduVersion
scopedPDU
stateReference
statusInformation
securityEngineID
securityLevel
securityModel
securityName
securityParameters
securityStateReference
sendPduHandle
transportAddress
transportDomain
variableName
viewType
wholeMsg
wholeMsgLength
send / receive
Parameters
APPLICATIONS
APPLICATIONS
ACCESS
CONTROL
SUBSYSTEM
DISPATCHER
SECURITY
SUBSYSTEM
MESSAGE
PROCESSING
SUBSYSTEM
send and receive
ACCESS
CONTROL
SUBSYSTEM
DISPATCHER
SECURITY
SUBSYSTEM
MESSAGE
PROCESSING
SUBSYSTEM
contextEngineID
contextName
destTransportAddress
destTransportDomain
expectResponse
globalData
maxMessageSize
maxSizeResponseScopedPDU
messageProcessingModel
outgoingMessage
outgoingMessageLength
PDU
pduType
pduVersion
scopedPDU
stateReference
statusInformation
securityEngineID
securityLevel
securityModel
securityName
securityParameters
securityStateReference
sendPduHandle
transportAddress
transportDomain
variableName
viewType
wholeMsg
wholeMsgLength
prepareDataElements
Parameters
APPLICATIONS
APPLICATIONS
ACCESS
CONTROL
SUBSYSTEM
DISPATCHER
SECURITY
SUBSYSTEM
MESSAGE
PROCESSING
SUBSYSTEM
prepareDataElements
ACCESS
CONTROL
SUBSYSTEM
DISPATCHER
SECURITY
SUBSYSTEM
MESSAGE
PROCESSING
SUBSYSTEM
contextEngineID
contextName
destTransportAddress
destTransportDomain
expectResponse
globalData
maxMessageSize
maxSizeResponseScopedPDU
messageProcessingModel
outgoingMessage
outgoingMessageLength
PDU
pduType
pduVersion
scopedPDU
stateReference
statusInformation
securityEngineID
securityLevel
securityModel
securityName
securityParameters
securityStateReference
sendPduHandle
transportAddress
transportDomain
variableName
viewType
wholeMsg
wholeMsgLength
processIncomingMsg
Parameters
APPLICATIONS
APPLICATIONS
ACCESS
CONTROL
SUBSYSTEM
DISPATCHER
SECURITY
SUBSYSTEM
MESSAGE
PROCESSING
SUBSYSTEM
processIncomingMsg
ACCESS
CONTROL
SUBSYSTEM
DISPATCHER
SECURITY
SUBSYSTEM
MESSAGE
PROCESSING
SUBSYSTEM
contextEngineID
contextName
destTransportAddress
destTransportDomain
expectResponse
globalData
maxMessageSize
maxSizeResponseScopedPDU
messageProcessingModel
outgoingMessage
outgoingMessageLength
PDU
pduType
pduVersion
scopedPDU
stateReference
statusInformation
securityEngineID
securityLevel
securityModel
securityName
securityParameters
securityStateReference
sendPduHandle
transportAddress
transportDomain
variableName
viewType
wholeMsg
wholeMsgLength
processResponsePdu
Parameters
APPLICATIONS
APPLICATIONS
processResponsePdu
ACCESS
CONTROL
SUBSYSTEM
DISPATCHER
SECURITY
SUBSYSTEM
MESSAGE
PROCESSING
SUBSYSTEM
ACCESS
CONTROL
SUBSYSTEM
DISPATCHER
SECURITY
SUBSYSTEM
MESSAGE
PROCESSING
SUBSYSTEM
contextEngineID
contextName
destTransportAddress
destTransportDomain
expectResponse
globalData
maxMessageSize
maxSizeResponseScopedPDU
messageProcessingModel
outgoingMessage
outgoingMessageLength
PDU
pduType
pduVersion
scopedPDU
stateReference
statusInformation
securityEngineID
securityLevel
securityModel
securityName
securityParameters
securityStateReference
sendPduHandle
transportAddress
transportDomain
variableName
viewType
wholeMsg
wholeMsgLength
Five areas of network management





Performance management : to quantify, measure, report, analyze and
control the performance of network components.
Fault management : to detect, log, notify users of, and (to the extent
possible) automatically fix network problems to keep the network
running effectively.
Configuration management : to monitor network and system
configuration information so that the effects on network operation of
various versions of hardware and software elements can be tracked and
managed.
Accounting management : to measure network utilization parameters
so that individual or group uses on the network can be regulated
appropriately.
Security management : to control access to network resources
according to local guidelines so that the network cannot be sabotaged
and sensitive information cannot be accessed by those without
appropriate authorization.
SNMP Message Format
SNMP uses two well-known ports to operate:
•UDP/TCP Port 161 – SNMP Request/Response Messages
•UDP/TCP Port 162 - SNMP Trap Messages
Ethernet
Frame
IP
Packet
UDP
Datagram
SNMPv3 defines a security capability to be
used in conjunction with SNMPv1 (runs
over UDP) or SNMPv2 (also runs over TCP)
SNMP Message
CRC
SNMP General Message Format
Subfield Name
Object Name
Table 211: SNMP Variable Binding Format
Syntax
Sequence of
Integer
Size (bytes)
Variable
variable bindings:
NAME 1 VALUE 1 NAME 2 VALUE 2
•••
•••
NAME n VALUE n
SNMP PDU:
*
PDU TYPE
REQUEST
ID
ERROR
STATUS
ERROR
INDEX
VARIABLE BINDINGS
SNMP message:
VERSION
COMMUNITY
SNMP PDU
Object Value
Variable
Variable
Description
Object Name: The numeric
object identifier of the
MIB object, specified as
a sequence of integers.
For example, the object
sysLocation has the
object identifier
1.3.6.1.2.1.1.6, so it
would be specified as “1
3 6 1 2 1 1 6” using
ASN.1
Object Value: In any type of
“get” request, this
subfield is a
“placeholder”; it is
structured using the
appropriate syntax for
the object but has no
value (since the “get”
request is asking for that
value!)
In a “set” request
(SetRequest-PDU) or in
a reply message
carrying requested data
(GetResponse-PDU or
Response-PDU), the
value of the object is
placed here.
SNMP V1 General Message Format
Table 212: SNMP Version 1 (SNMPv1) General Message Format
Field Name
Version
General Message Format
Syntax
Integer
Size (bytes)
Description
4
Version Number: Describes the
SNMP version number of this
message; used for ensuring
compatibility between versions.
For SNMPv1, this value is
actually 0, not 1.
Community
Octet String
Variable
Community String: Identifies the
SNMP community in which the
sender and recipient of this
message are located. This is
used to implement the simple
SNMP.
PDU
—
Variable
Protocol Data Unit: The PDU being
communicated as the body of
the message.
SNMP v1 PDU Format
PDU Format
Table 213: SNMP Version 1 (SNMPv1) Common PDU Format
Field
Name
Syntax
Size
(bytes)
PDU Type
Integer
(Enumerated)
4
Request
ID
Integer
4
Error
Status
Integer
(Enumerated)
4
Error
Index
Integer
4
Variable
Bindings
Variable
Variable
Description
Request Identifier: A number used to
match requests with replies. It is
generated by the device that sends a
request and copied into this field in a
GetResponse-PDU by the responding
SNMP entity.
Error Index: When Error Status is nonzero, this field contains a pointer that
specifies which object generated the
error. Always zero in a request.
Variable Bindings: A set of namevalue pairs identifying the MIB objects
in the PDU, and in the case of a
SetRequest-PDU or GetResponsePDU, containing their values..
SNMP V1 Trap- PDU Format
Table 214: SNMP Version 1 (SNMPv1) Trap-PDU Format
Field Name
Syntax
Size (bytes)
PDU Type
Integer
(Enumerated)
4
Enterprise
Sequence of
Integer
Variable
Enterprise: An object identifier for a group, which
indicates the type of object that generated the
trap.
PDU Type: An integer value that indicates the PDU
type, which is 4 for a Trap-PDU message.
Agent Addr
NetworkAddress
4
Agent Address: The IP address of the SNMP agent
that generated the trap. This is of course also
in the IP header at lower levels but inclusion in
the SNMP message format allows for easier
trap logging within SNMP. Also, in the case of
a multihomed host, this specifies the preferred
address.
Generic Trap
Integer
(Enumerated)
4
Generic Trap Code: A code value specifying one of a
number of predefined “generic” trap types.
Specific Trap
Integer
4
Specific Trap Code: A code value indicating an
implementation-specific trap type.
TimeTicks
4
Time Stamp: The amount of time since the SNMP
entity sending this message last initialized or
reinitialized. Used to time stamp traps for
logging purposes.
Variable
Variable
Time Stamp
Variable
Bindings
Trap-PDU Format
Description
Variable Bindings: A set of name-value pairs
identifying the MIB objects in the PDU.
SNMP v2 Message Format
The SNMPv2 GetBulk PDU
SNMPv2 Get, GetNext, Inform, Response, Set,
and Trap PDUs Contain the Same Fields
SNMP v3 General Message Format
SNMP v3 General Message Format
Table 221: SNMP Version 3 (SNMPv3) General Message Format
Field
Name
Syntax
Size
(bytes)
Msg
Version
Integer
4
Message Version Number: Describes the SNMP version
number of this message; used for ensuring compatibility
between versions. For SNMPv3, this value is 3.
Description
Msg ID
Integer
4
Message Identifier: A number used to identify an SNMPv3
message and to match response messages to request
messages. The use of this field is similar to that of the
Request ID field in the PDU format, but they are not
identical. This field was created to allow matching at the
message processing level regardless of the contents of the
PDU, to protect against certain security attacks. Thus, Msg ID
and Request ID are used independently.
Msg Max
Size
Integer
4
Maximum Message Size: The maximum size of message that
the sender of this message can receive. Minimum value of
this field is 484.
Msg
Flags
Octet
String
1
Msg
Security
Model
Integer
4
Message Security Model: An integer value indicating which
security model was used for this message. For the user-based
security model (the default in SNMPv3) this value is 3.
Message Security Parameters: A set of fields that contain
parameters required to implement the particular security
model used for this message. The contents of this field are
specified in each document describing an SNMPv3 security
model. For example, the parameters for the user-based model
are in RFC 3414.
Msg
Security
Paramete
rs
—
Variable
Scoped
PDU
—
Variable
Security services




Data Integrity is provision of the property that data or data sequences
has not been altered or destroyed in an unauthorized manner.
Data Origin Authentication is the provision of the property that the
claimed identity of the user on whose behalf received data was
originated is corroborated.
Data Confidentiality is the provision of the property that information
is not made available or disclosed to unauthorized individuals, entities,
entities, or processes.
Message timeliness and limited replay protection is the provision of
the property that a message whose generation time is outside of a
specified time window is not accepted.
Performance and Security Issues




Modification of Information
The modification threat is the danger that some unauthorized entity may alter in-transit
SNMP messages generated on behalf of an authorized principal in such a way as to
effect unauthorized management operations, including falsifying the value of an object.
Masquerade
The masquerade threat is the danger that management operations not authorized for
some user may be attempted by assuming the identity of another user that has the
appropriate authorizations.
Disclosure
The disclosure threat is the danger of eavesdropping on the exchanges between managed
agents and a management station. Protecting against this threat may be required as a
matter of local policy.
Message Stream Modification
The SNMP protocol is typically based upon a connection-less transport service which
may operate over any sub-network service. The re-ordering, delay or replay of messages
can and does occur through the natural operation of many such sub-network services.
The message stream modification threat is the danger that messages may altered, in
order to effect unauthorized management operations.
Extensions (SNMPv2 protocol)






Two new protocol operations have been added in SNMPv2. “Get-bulk-request” supports
efficient transfer of large amount of MIB data, and “Inform-request” enables a manager
to inform another manager of significant events.
The main problems of the SNMPv1 are the authentication of the message source,
protecting these message from disclosure and placing access controls on MIB database.
Those problems are solved in SNPM v2 by changing the format of SNMP PDUs.
In SNMPv1, traps had a different format than all of the other PDUs. SNMPv2
simplify traps by giving them the same format as the get and set PDUs.
In SNMPv1, if too much data are asked in an ordinary get-request you receive a
message "too big" error message without data. In SNMPv2 “Get-bulk-request” allows
you to retrieve a lot of information and will receive as much data as it is possible in
your response message.
In SNMPv2, if a multiple requested value, in a get-request, one is not valid or does not
exist, there will be answers for the other request that have been well dealt. Whereas
for SNMPv1, no response at all was given, only the error message.
SNMPv2 security framework deals with the problem of the authentication of the
message sender, its contents and the eavesdropper problems. It also supports the use
of authentication protocol to identify the sources reliability and to prevent message
modification.
It also supports the use of encryption to keep messages privacy. SNMPv1 don’t have
all these security features.
SNMP Security
Security in SNMP versions
 SNMPv1 uses plain text community strings for authentication as plain text
without encryption
 SNMPv2 was supposed to fix security problems, but effort de-railed.
 SNMPv3 has numerous security features:
•
•
•
Ensure that a packet has not been tampered with (integrity),
Ensures that a message is from a valid source (authentication)
Ensures that a message cannot be read by unauthorized (privacy).
SNMP has three security levels for:
 Monitoring ( no authentication / no privacy) : Authentication with matching
a user name

Control (authentication / no privacy) : Authentication with MD5 or SHA
message digests.

Downloading secrets (authentication / privacy) : Authentication with MD5
or SHA message digests, and encryption with DES encryption.
SNMP GUI OpenView Severity Levels
Severity
Color
------------------------------------------------------------------Unknown
Blue
Normal
Green
Warning
Cyan
Minor
Yellow
Major
Orange
Critical
Red
Conclusions






Standardized
universally supported
extendible
portable
allows distributed management access
lightweight protocol
Review Questions
1. What are the components in network management architecture and
define them?
slide 5-7
2. What are MIBs, and how are they accessed?
slide 9
3. What are the types of messages between SNMP manager and agent?
slide 25
References





http://www.faqs.org/rfcs/
http://www.ietf.org/rfcs/
http://www.icg.isy.liu.se/courses/tsin02ici/slides/11_Snmp-v3.pdf
http://www.dpstele.com/layers/l2/snmp_l2_t
ut_part1.html
http://www.cisco.com/warp/public/535/3.ht
ml
THANK YOU