1

SNMPSimple network management protocol

Group: Techno

Presented by:

Karthik Gottiparthy

Gautami Parulkar

Neeraj Sharma

Jigar Patel

Hariharan Venkataraman

2

Agenda

• Introduction• Basic Concepts• MIB• RMON• SNMPv3

3

• SNMP is a tool (protocol) that allows for remote and local management of items on the network including servers, workstations, routers, switches and other managed devices.

• It operates over the UDP UDP Port 161 - SNMP Message UDP Port 162 - SNMP Trap Messages

SNMP

4

Basic ComponentsThe network management contains four key elements

• Management station(NMS) It is an interface by which the network manager may monitor and

control the network

• Management Agent It responds to requests for information and actions from management

station( hosts, bridges, routers and hubs)

• Management information base It functions as a collection of access points at the agent for the

management station

• Network Management protocol(SNMP) The management station and agents are linked by this

5

6

SNMP Commands

• SNMP has 5 different functions referred to as Protocol Data Units (PDU’s), which are:

• GetRequest(Get) - Retrieves the value of a MIB variable stored on the agent machine(integer, string, or address of another MIB variable)

• GetNextRequest(GetNext) - Retrieves the next value in MIB table (continued till the end of the MIB table)

• GetResponse(Response) - Response from a SNMP agent to Get, GetNext and Set commands

• SetRequest(Set) - Changes the value of a MIB variable

• Trap - Asynchronous notification. -SNMP agents can be programmed to send a trap

7

8

SNMP communities

• An SNMP community is the group of agents and management stations using SNMP protocol.

• A community name is used to identify a group.

• It will not respond to requests from management stations that do not belong to one of its communities. SNMP default communities are:

• Write = private

• Read = public

9

10

SNMP

• Management Information Base (MIB)

• Structure of Management Information.

• MIB Object Definition.

11

MIB(Management Information Base)

•Each resource to be managed is represented by an object.Collections of these objects is MIB.

•Each object is a data variable that represents one aspect of the managed agent.e.g.: these aspects may be the TCP,IP,UDP connections done .

•MIB is a text file that describes the managed object using syntax of ASN.1(Abstract Syntax Notation).

12

STRUCTURE OF MANAGEMENT INFORMATION

• SMI generates a framework within which a MIB can be defined and constructed.

• SMI identifies the data types used in MIB and specifies how resources within the MIB can be represented and named.

• Defines individual object including the syntax and the value of the object.

13

Data Types:1.SIMPLE TYPES:

2.APPLICATION-WIDE TYPES:

• INTEGER • OBJECT STRING• OBJECT IDENTIFIER

• Gauge • Counter• Time Ticks• IP Address• Opaque• Network Address

STRUCTURE OF MANAGEMENT INFORMATION

14

MIB Structure

• Each Type of object is associated with an identifier called Object Identifier(OID).

• Identifier serves to name the object and also a value is associated with the type of the object.

• An OID is represented by a sequence of integers separated by decimal points.

• Set of defined objects has a Tree Structure.

15

MIB Object Group

iso(1)

org(3)

dod(6)

internet(1)

directory(1)

private(4)

mgmt(2)

experimental(3)

16

MIB Object Group Cond’t

mgmt (2) mib-2(1)

system (1)

snmp(11)

transmission(10)

egp (8)

udp (7)

tcp (6)

icmp (50)

ip (40)

at (3)

interface (2)

17

Organization of Managed objects

Example: When a SNMP manager requests for the object, it will send first an OID to the SNMP agent requesting the information about the object.

The OID : 1.3.6.1.2.1.6.4

iso.org.dod.internet.mgmt.mib-2.tcp.tcpMaxConn

1 3 6 1 2 1 6 4

18

Example of an Object DefinitiontcpMaxConn OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION “The limit on the total

number of TCP connections the

entity can support. In entities where the

maximum number of connection is dynamic, this object should contain the value –1.”

::= {tcp 4}

tcp(mib-2 6)

tcpMaxConn(4)

tcpRtoMax(3)

tcpRtoMin(2)

tcpRtoAlgorithm(1)

19

Object Definition

• Object-Type: - String that describes the MIB object.• SYNTAX: - Defines what kind of info is stored in the MIB object.• ACCESS: -read-only,read-write,write-only,not accessible.• STATUS: -state of the object in regards the SNMP .

i.e. mandatory,optional,obsolete,deprecated.• DESCRIPTION: - Reason why the MIB object exists.

20

SNMP-MIB Browser

21

SNMP – MIB Browser (3)

Navigation…

- MIB Tree System

sysUpTime

-Notice Lower LHS

- Notice OID

22

SNMP – MIB Browser (4)

SNMP PDU’s…(1) Get

- Select ‘Go’ ‘Get’

- RHS has values.

- OID – Value

23

SNMP – MIB Browser (5)

SNMP PDU’s…(2) GetNext

-Selected OID is:.1.3.6.1.2.1.1.5

-Returned value:(.1.3.6.1.2.1.1.6)or“DSG, O’Reilly Institute, F.35”

24

SNMP – MIB Browser (6)

SNMP…(3) Get SubTree

-Position of MIB:.1.3.6.1.2.1.1(a.k.a. system)

-RHS values:Returns all values below system.

25

SNMP – MIB Browser (7)

SNMP…(4) Walk

-MIB Location:.1.3.6.1.2.1(a.k.a. mib-2)

- Returns *ALL* values under mib-2

26

SNMP – MIB Browser (8)

Tables…

- MIB Location:.1.3.6.1.2.1.2.2

(or interfaces)

- Select ifTable, Go, then Table View.

- Refresh/Poll

27

SNMP – MIB Browser (9)SNMP…- Graph

- Select a value from the RHS, say sysUpTime

- Highlight and select ‘Go’, then ‘Graph’.

- Interval = 1s set.

28

RMON – Remote Network MonitoringWhat is RMON?

• specification of MIB

• provides vital information

• It defines a set of functions to support remote monitoring

Why RMON?

• problem with MIB II

• purely local

How is RMON differs from MIB II?

• Whole network

29

RMON Components

RMON MIB

NMS

RMON probe

Ethernet

30

RMON MIB Groups

• Statistics (1) – Ethernet stats• History (2) – snapshots based on stats(1)• Alarm (3) – ability to set threshold, generate

alarm on interesting event• Host (4) – per i/f host stats• HostTopN (5) – store/sort by top N hosts• Matrix (6) – X talks to Y• Filter (7) – filter pkts and capture/or cause event• Capture (8) – traditional pkt analyzer• Event (9) – table of events generated by probe• TokenRing (10) – maintains statistics and

configuration information for token ring subnets

31

RMON version

RMON v1:

• Defines 10 MIB groups

• Physical and Data link (MAC layer) layers of the OSI model.

RMON v2:

• An extension of RMON 1

• RMON2 has an emphasis on IP traffic and application-level traffic.

• monitor packets on all network layers.

32

Token ring LAN

Router

FDDI backbone

Router

Router

Router

Router

Router

Ethernet

Ethernet

Ethernet

Central Management Console with RMON

Local Management Console with RMON

PC withRMON probe

Router withRMON probe

1

2

3

B

A

33

SNMP v1,v2

•SNMP is a simple request/response protocol. This behavior is implemented by using one of four protocol operations: Get, GetNext, Set, and Trap.

•SNMPv1 operates over protocols such as User Datagram Protocol (UDP), Internet Protocol (IP), OSI Connectionless Network Service (CLNS), AppleTalk Datagram-Delivery Protocol (DDP), and Novell Internet Packet Exchange (IPX).

•SNMPv1 is widely used and is the de facto network-management protocol in the Internet community.

•SNMP version 2 (SNMPv2) is an evolution of the initial version Both versions contain lack of security.

34

SNMP v3

•The SNMPv3 architecture introduces the User-based Security Model (USM) for message security and the View-based Access Control Model (VACM) for access control.

•The architecture supports the concurrent use of different security, access control and message processing models.

•The security features:

•Message integrity - Ensuring that a packet has not been tampered with in-transit.

•Authentication - Determining the message is from a valid source.

•Encryption - Scrambling the contents of a packet prevent it from being seen by an unauthorized source.

35

•SNMPv3 also introduces the ability to dynamically configure the SNMP agent.

•This dynamic configuration support enables addition, deletion, and modification of configuration entries either locally or remotely.

•SNMP lacks any authentication capabilities, which results in vulnerability to a variety of security threats.

•It include masquerading occurrences, modification of information, message sequence and timing modifications, and disclosure.

•SNMPv3 Applications * Command Generators

* Command Responders * Notification Originators * Notification Receivers * Proxy Forwarders.

SNMP v3

36

?