1 / 47

Simple Network Management Protocol

Simple Network Management Protocol. Week 6. MIB data is input in encoded form. Information is then compiled into the central MIB in the NCS. Manageable Devices. Router. Bridge. Network Control Station. Router. Proxies.

ronald
Download Presentation

Simple Network Management Protocol

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Simple Network Management Protocol Week 6

  2. MIB data is input in encoded form. • Information is then compiled into the central MIB in the NCS.

  3. Manageable Devices Router Bridge Network Control Station Router

  4. Proxies • Many devices to be managed do not support appropriate protocols (UDP and IP). Devices that were not intended to operate in a TCP/IP environment (eg bridges and modems) or for which full management support is not preferable (PCs, workstations, etc) may use a proxy. • A proxy may function for one or many of these devices.

  5. Proxy Agent Management Station Mapping function Proxied Device Mgt Process Agent process SNMP UDP IP Network Interface Manager process SNMP UDP IP Network Interface Protocol architecture used by proxied device Protocol architecture used by proxied device Network Interface Network Interface

  6. SNMP - Simple Network Management Protocol • How do NCSs receive or send management information? • Messages are sent using SNMP Protocol Data Units (PDUs)

  7. Version Community SNMP PDU SNMP MESSAGE PDU Type request-id 0 0 variablebindings GetRequest PDU, GetNextRequest PDU, SetRequest PDU

  8. PDU Type request-id error- error- variablebindings status index GetResponse PDU PDU enterprise agent- generic- specific- time- variable- Type addr trap trap stamp bindings Trap PDU Name1 value1 ……. namen valuen variablebindings

  9. Operations performed on objects: • Get, Set and Trap. • Note that it is not possible to request operations to be performed, just to request a change to the state of a value associated with an object.

  10. Manager Agent Manager Agent GetNextRequest PDU GetRequest PDU GetResponse PDU GetResponse PDU Get values Get next values SetRequest PDU Trap PDU GetResponse PDU Set values Send trap

  11. SNMP Message Transmission • PDU is constructed using ASN.1 • PDU may be passed to an authentication service • Message is then constructed • ASN.1 object encoded and passed to transport service

  12. SNMP Message Reception • Message syntax is checked and is discarded if unable to parse • Message version number is checked and discarded if there is a mismatch

  13. SNMP Message Reception • Authentication is attempted: • If authentication fails, trap is issued • If authentication succeeds, PDU is then examined • PDU syntax is checked and discarded if fails to parse • SNMP operation is performed

  14. Variable Bindings • For multiple-object requests and responses, all values for the scalar objects in a particular group from a particular agent may be transferred in the one PDU

  15. GetRequest PDU • Control station may generate • Type = GetRequest • request-id = unique identifier for each outstanding request (correlate requests, ignore duplicates) • variablebindings = list of object instances for which values are requested

  16. GetRequest PDU • Request to read value(s) from objects within the managed device.

  17. GetNextRequest PDU • Type = GetNextRequest • request-id = unique identifier for each outstanding request (correlate requests, ignore duplicates) • variablebindings = list of object instances for which next the value in order are requested

  18. GetNextRequest PDU • Permits the requesting of a series of values in order. • May allow the request of values for unknown objects

  19. SetRequest PDU • Type = SetRequest • request-id = unique identifier for each outstanding request (correlate requests, ignore duplicates) • variablebindings = list of object instances for which next the value in order are requested

  20. SetRequest PDU • Request to write value(s) to objects in a managed device.

  21. Trap PDU • Agent notification of a significant event. • PDU Type = Trap PDU • enterprise = management subsystem that generated the trap • agent-addr = IP address of the object generating the trap • generic-trap = type of trap • specific-trap = nature of the trap

  22. Trap PDU • time-stamp = time between last init of device and the generation of the trap • variablebindings = additional info relating to the trap • No response is expected to this message.

  23. PDU Loss • Since all sets and gets have a response returned, if this does not return within a given time period it can be assumed that the response was lost. Repeat messages may be sent until management station gives up (agent is down or unreachable).

  24. PDU Loss • Trap message loss will not be detected. Thus traps should be used for early warning of a significant event, not as the only indication of an event of significance.

  25. SNMP GetRequest for data item sysDescr

  26. Selection of a Management Station Features: • Extended MIB support • Intuitive Interface • Automatic Discovery • Programmable Events • Advanced Network Control • OO Management • Custom Icons

  27. Polling • To obtain information from manageable devices, an NCS must perform GetRequest and GetNextRequest operations. • The management station polls the devices for the requested information. • The NCS must regularly poll devices to obtain an up-to-date view of the network conditions (congestion, device failure, etc).

  28. Polling • The load on the management station may be significant if the number of polled devices is large. • Also, the network load due to polling traffic may be excessive. • The balance between loading and up-to-date information is not easy to compute. • Trap directed Polling may limit traffic

  29. SNMPv2 • In SNMPv1 community variable being sent in set messages means that systems could be attacked at any opportunity. • New data structures where added.

  30. SNMPv3 • Authentication • Timeliness • Privacy • Discovery (from other SNMP engines) • Key Management

  31. WINSNMP • Microsoft and associated partners have developed support for SNMP in Windows Operating Systems via an engine designed to support SNMP protocols. • Many developers have provided 16 and 32-bit WINSNMP.DLL support.

  32. Programming for SNMP • management can be in any language that supports calls to the DLL via libraries or via function calls.

  33. Examples Ref: Optivity SNMP Debugging for Dummies, Bay Networks • So let’s put the information absorbed so far into an example. If you were to write the complete path to the mgmt node, you would write it as: • iso(1) org(3) dod(6) internet(1) mgmt(2) • which is equivalent to the numerical OID string of: • .1.3.6.1.2

  34. Examples • These 5 groups are mandatory for any SNMP manageable object: • system(1)interfaces(2) at(3) ip(4) icmp(5) • A MIB-II compliant SNMP agent may support more groups than these five, but it is expected to support at least these five groups.

  35. Examples • Let’s call the combination of agent and object an “entity” for simplicity’s sake. Here are some (but not all) of the objects in this group: • sysDescr(1) - A description of the entity in somewhat “human” terms. This description may contain some very good information. Then again, it may not. • sysObjectID(2) - A complete OID string defined by the vendor who created the entity. This object is used extensively by Optivity (and other SNMP applications) to quickly identify what kind of SNMP agent the application is talking to. • sysUpTime(3) - Hey! This is the MIB object of our example. Go back and read the DESCRIPTION to see what this object does. • sysContact(4) - This object could possibly contain the name of the person locally responsible for the entity. Many times, this field will be blank. It may be blank because no one remembered to set a value for it. It might be blank because no one really wants to take responsibility for the entity. • The other objects in this group may be blank as well, since they represent things like the Name and Location of the entity.

  36. Examples • The complete path to the sysUpTime(3) object is: • iso(1) org(3) dod(6) internet(1) mgmt(2) mib(1) system(1) sysUpTime(3) or • .1.3.6.1.2.1.1.3

  37. Examples • .1.3.6.1.2.1.1 which is equivalent to • iso(1) org(3) dod(6) internet(1) mgmt(2) mib(1) system(1) when queried, it would return the value for • sysDescr, sysObjectID, sysUpTime, sysContact, and all the other objects within the system(1) node.

  38. Example • Each MIB object also has what is called an instance. Imagine a router - a device with multiple network interfaces. There exists a MIB object that contains information about the type of interface(s) used by an entity (where in this case, the entity is a router). This MIB object is: • iso(1) org(3) dod(6) internet(1) mgmt(2) mib(1) interfaces(2) ifTable(2) ifEntry(1) ifType(3) So in our example, we have four instances: • ifType.1, ifType.2, ifType.3, and ifType.4.

  39. Common ProblemsRef: Optivity SNMP Debugging for Dummies, Bay Networks • The agent is not responding to any network requests at all, or the network that the agent is on is not reachable. You can quickly check this by attempting to ping the device in question. • The request sent used an SNMP Community string to which the agent was not authorized to respond.

  40. Common Problems • Beware of ping- uses a different transport to SNMP • TCP traffic may be getting through whilst UPD based is getting dropped- traffic congestion • Use MIB browser (if SNMP traffic is ok)- Sun package is under Solstice Suite of Management Utilities, or snmpwalk

  41. Common Problems • Network Management System (NMS) reporting incorrect network utilisation – Debug. • The first basic step is to determine if the agent itself is the source of this misinformation. Once this has been established, the issue becomes much more defined and easier to debug.

  42. Common Problems • How to find in which MIB a particular MIB object resides. Once you have the name of the MIB object (which you figured out by referencing snpx.nnn), all you have to do is use the grep command. • $ cd /mibs/mibs/s5000 • $ grep s5AgInfoCurDfltGwAddr *.mib

  43. Common Problems • You can also use this method to look for a MIB object that you think might exist. For example, someone asks you if there is a MIB object for the Next Active Upstream Neighbor (NAUN) during a beacon condition on a Token Ring network made up of System 5000 hubs (5510 NMMs). So, the first step would probably be to grep for “Beacon” within the System 5000 mibs. • $ cd /mibs/mibs/s5000 • Scanning through this output, you should notice the line: • s5tok121.mib: s5TrRingInfoBeaconNaun MacAddress, • This tells us that the s5tok121.mib file contains a reference to something called an “s5TrRingInfoBeaconNaun”. This sounds like a pretty close match.

More Related