Simple network management protocol
This presentation is the property of its rightful owner.
Sponsored Links
1 / 47

Simple Network Management Protocol PowerPoint PPT Presentation


  • 39 Views
  • Uploaded on
  • Presentation posted in: General

Simple Network Management Protocol. Week 6. MIB data is input in encoded form. Information is then compiled into the central MIB in the NCS. Manageable Devices. Router. Bridge. Network Control Station. Router. Proxies.

Download Presentation

Simple Network Management Protocol

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Simple network management protocol

Simple Network Management Protocol

Week 6


Simple network management protocol

  • MIB data is input in encoded form.

  • Information is then compiled into the central MIB in the NCS.


Simple network management protocol

Manageable Devices

Router

Bridge

Network

Control Station

Router


Proxies

Proxies

  • Many devices to be managed do not support appropriate protocols (UDP and IP). Devices that were not intended to operate in a TCP/IP environment (eg bridges and modems) or for which full management support is not preferable (PCs, workstations, etc) may use a proxy.

  • A proxy may function for one or many of these devices.


Simple network management protocol

Proxy Agent

Management Station

Mapping function

Proxied Device

Mgt Process

Agent process

SNMP

UDP

IP

Network

Interface

Manager process

SNMP

UDP

IP

Network Interface

Protocol

architecture

used by

proxied

device

Protocol

architecture

used by

proxied

device

Network

Interface

Network

Interface


Snmp simple network management protocol

SNMP - Simple Network Management Protocol

  • How do NCSs receive or send management information?

  • Messages are sent using SNMP Protocol Data Units (PDUs)


Simple network management protocol

Version Community SNMP PDU

SNMP MESSAGE

PDU Type request-id 0 0 variablebindings

GetRequest PDU,

GetNextRequest PDU,

SetRequest PDU


Simple network management protocol

PDU Type request-id error- error- variablebindings

status index

GetResponse PDU

PDU enterprise agent- generic- specific- time- variable-

Type addr trap trap stamp bindings

Trap PDU

Name1 value1 ……. namen valuen

variablebindings


Operations performed on objects

Operations performed on objects:

  • Get, Set and Trap.

  • Note that it is not possible to request operations to be performed, just to request a change to the state of a value associated with an object.


Simple network management protocol

Manager Agent Manager Agent

GetNextRequest

PDU

GetRequest PDU

GetResponse PDU

GetResponse PDU

Get values Get next values

SetRequest PDU

Trap PDU

GetResponse PDU

Set values Send trap


Snmp message transmission

SNMP Message Transmission

  • PDU is constructed using ASN.1

  • PDU may be passed to an authentication service

  • Message is then constructed

  • ASN.1 object encoded and passed to transport service


Snmp message reception

SNMP Message Reception

  • Message syntax is checked and is discarded if unable to parse

  • Message version number is checked and discarded if there is a mismatch


Snmp message reception1

SNMP Message Reception

  • Authentication is attempted:

    • If authentication fails, trap is issued

    • If authentication succeeds, PDU is then examined

  • PDU syntax is checked and discarded if fails to parse

  • SNMP operation is performed


Variable bindings

Variable Bindings

  • For multiple-object requests and responses, all values for the scalar objects in a particular group from a particular agent may be transferred in the one PDU


Getrequest pdu

GetRequest PDU

  • Control station may generate

  • Type = GetRequest

  • request-id = unique identifier for each outstanding request (correlate requests, ignore duplicates)

  • variablebindings = list of object instances for which values are requested


Getrequest pdu1

GetRequest PDU

  • Request to read value(s) from objects within the managed device.


Getnextrequest pdu

GetNextRequest PDU

  • Type = GetNextRequest

  • request-id = unique identifier for each outstanding request (correlate requests, ignore duplicates)

  • variablebindings = list of object instances for which next the value in order are requested


Getnextrequest pdu1

GetNextRequest PDU

  • Permits the requesting of a series of values in order.

  • May allow the request of values for unknown objects


Setrequest pdu

SetRequest PDU

  • Type = SetRequest

  • request-id = unique identifier for each outstanding request (correlate requests, ignore duplicates)

  • variablebindings = list of object instances for which next the value in order are requested


Setrequest pdu1

SetRequest PDU

  • Request to write value(s) to objects in a managed device.


Trap pdu

Trap PDU

  • Agent notification of a significant event.

  • PDU Type = Trap PDU

  • enterprise = management subsystem that generated the trap

  • agent-addr = IP address of the object generating the trap

  • generic-trap = type of trap

  • specific-trap = nature of the trap


Trap pdu1

Trap PDU

  • time-stamp = time between last init of device and the generation of the trap

  • variablebindings = additional info relating to the trap

  • No response is expected to this message.


Pdu loss

PDU Loss

  • Since all sets and gets have a response returned, if this does not return within a given time period it can be assumed that the response was lost. Repeat messages may be sent until management station gives up (agent is down or unreachable).


Pdu loss1

PDU Loss

  • Trap message loss will not be detected. Thus traps should be used for early warning of a significant event, not as the only indication of an event of significance.


Snmp getrequest for data item sysdescr

SNMP GetRequest for data item sysDescr


Selection of a management station

Selection of a Management Station

Features:

  • Extended MIB support

  • Intuitive Interface

  • Automatic Discovery

  • Programmable Events

  • Advanced Network Control

  • OO Management

  • Custom Icons


Polling

Polling

  • To obtain information from manageable devices, an NCS must perform GetRequest and GetNextRequest operations.

  • The management station polls the devices for the requested information.

  • The NCS must regularly poll devices to obtain an up-to-date view of the network conditions (congestion, device failure, etc).


Polling1

Polling

  • The load on the management station may be significant if the number of polled devices is large.

  • Also, the network load due to polling traffic may be excessive.

  • The balance between loading and up-to-date information is not easy to compute.

  • Trap directed Polling may limit traffic


Snmpv2

SNMPv2

  • In SNMPv1 community variable being sent in set messages means that systems could be attacked at any opportunity.

  • New data structures where added.


Snmpv3

SNMPv3

  • Authentication

  • Timeliness

  • Privacy

  • Discovery (from other SNMP engines)

  • Key Management


Winsnmp

WINSNMP

  • Microsoft and associated partners have developed support for SNMP in Windows Operating Systems via an engine designed to support SNMP protocols.

  • Many developers have provided 16 and 32-bit WINSNMP.DLL support.


Programming for snmp

Programming for SNMP

  • management can be in any language that supports calls to the DLL via libraries or via function calls.


Examples ref optivity snmp debugging for dummies bay networks

Examples Ref: Optivity SNMP Debugging for Dummies, Bay Networks

  • So let’s put the information absorbed so far into an example. If you were to write the complete path to the mgmt node, you would write it as:

  • iso(1) org(3) dod(6) internet(1) mgmt(2)

  • which is equivalent to the numerical OID string of:

  • .1.3.6.1.2


Examples

Examples

  • These 5 groups are mandatory for any SNMP manageable object:

  • system(1)interfaces(2) at(3) ip(4) icmp(5)

  • A MIB-II compliant SNMP agent may support more groups than these five, but it is expected to support at least these five groups.


Examples1

Examples

  • Let’s call the combination of agent and object an “entity” for simplicity’s sake. Here are some (but not all) of the objects in this group:

  • sysDescr(1) -A description of the entity in somewhat “human” terms. This description may contain some very good information. Then again, it may not.

  • sysObjectID(2) - A complete OID string defined by the vendor who created the entity. This object is used extensively by Optivity (and other SNMP applications) to quickly identify what kind of SNMP agent the application is talking to.

  • sysUpTime(3) - Hey! This is the MIB object of our example. Go back and read the DESCRIPTION to see what this object does.

  • sysContact(4) - This object could possibly contain the name of the person locally responsible for the entity. Many times, this field will be blank. It may be blank because no one remembered to set a value for it. It might be blank because no one really wants to take responsibility for the entity.

  • The other objects in this group may be blank as well, since they represent things like the Name and Location of the entity.


Examples2

Examples

  • The complete path to the sysUpTime(3) object is:

  • iso(1) org(3) dod(6) internet(1) mgmt(2) mib(1) system(1) sysUpTime(3)

    or

  • .1.3.6.1.2.1.1.3


Examples3

Examples

  • .1.3.6.1.2.1.1

    which is equivalent to

  • iso(1) org(3) dod(6) internet(1) mgmt(2) mib(1) system(1)

    when queried, it would return the value for

  • sysDescr, sysObjectID, sysUpTime, sysContact, and all the other objects within the system(1) node.


Example

Example

  • Each MIB object also has what is called an instance.

    Imagine a router - a device with multiple network interfaces. There exists a MIB object that contains information about the type of interface(s) used by an entity (where in this case, the entity is a router). This MIB object is:

  • iso(1) org(3) dod(6) internet(1) mgmt(2) mib(1) interfaces(2) ifTable(2) ifEntry(1) ifType(3)

    So in our example, we have four instances:

  • ifType.1, ifType.2, ifType.3, and ifType.4.


Common problems ref optivity snmp debugging for dummies bay networks

Common ProblemsRef: Optivity SNMP Debugging for Dummies, Bay Networks

  • The agent is not responding to any network requests at all, or the network that the agent is on is not reachable. You can quickly check this by attempting to ping the device in question.

  • The request sent used an SNMP Community string to which the agent was not authorized to respond.


Common problems

Common Problems

  • Beware of ping- uses a different transport to SNMP

  • TCP traffic may be getting through whilst UPD based is getting dropped- traffic congestion

  • Use MIB browser (if SNMP traffic is ok)- Sun package is under Solstice Suite of Management Utilities, or snmpwalk


Common problems1

Common Problems

  • Network Management System (NMS) reporting incorrect network utilisation – Debug.

  • The first basic step is to determine if the agent itself is the source of this misinformation. Once this has been established, the issue becomes much more defined and easier to debug.


Common problems2

Common Problems

  • How to find in which MIB a particular MIB object resides. Once you have the name of the MIB object (which you figured out by referencing snpx.nnn), all you have to do is use the grep command.

  • $ cd /mibs/mibs/s5000

  • $ grep s5AgInfoCurDfltGwAddr *.mib


Common problems3

Common Problems

  • You can also use this method to look for a MIB object that you think might exist. For example, someone asks you if there is a MIB object for the Next Active Upstream Neighbor (NAUN) during a beacon condition on a Token Ring network made up of System 5000 hubs (5510 NMMs). So, the first step would probably be to grep for “Beacon” within the System 5000 mibs.

  • $ cd /mibs/mibs/s5000

  • Scanning through this output, you should notice the line:

  • s5tok121.mib:s5TrRingInfoBeaconNaun MacAddress,

  • This tells us that the s5tok121.mib file contains a reference to something called an “s5TrRingInfoBeaconNaun”. This sounds like a pretty close match.


  • Login