SNMP

(Simple Network Management Protocol)

What is SNMP ? Why SNMP is required ? SNMP versions SNMP messages

1 OPM

SNMP

SNMP is developed by IETF.

SNMP operates in application layer of Internet Protocol Suit.

It is an Internet-standard protocol for managing devices on IP networks and is a component (part) of the Internet Protocol Suit

(TCP/IP).

It is used to monitor, control and coordinate network-attached devices for conditions that warrant administrative attention.

2 OPM

SNMP (cont.)

An SNMP-managed network consists of three key components:

Managed device.

Agent

Manager

The Agent contains only MIB while Manager contains both MDB & MIB.

The SNMP agent receives Manager requests on UDP port 161. The manager may send requests from any available source port to port 161 to the agent.

The agent response is sent back to the source port on the manager. The manager receives notifications/Traps on UDP port 162.

3 OPM

The features of SNMP which make it popular:

Its design is simple, easier to implement for network of any size.

Its simple design makes it easy for a user to program variables need to be managed.

It is popular and extensible.

4 OPM

SNMP (INTERNET) Model

SNMP Network Management

Organization submodel

Information subModel

Communication subModel

Functional subModel

5 OPM

SNMP (INTERNET) Model (Cont.)

Organization Model Relationship between network element, agent, and manager Hierarchical architecture

Information Model Uses ASN.1 syntax SMI (Structure of Management Information) MIB ( Management Information Base)

Communication Model Transfer syntax SNMP over TCP/IP Communication services addressed by messages

Functional model addressed in terms of operations, administration and security. The accounting function is not addressed by the SNMP model.

6 OPM

Two-Tier Organization Model

Network

Element

SNMPAgent

SNMP

Manager

Network

Element

Network Agent

SNMP

Manager

SNMP

Manager

(a) One Manager - One Agent Model (b) Multiple Managers - One Agent Model

7 OPM

Three-Tier Organization Model: RMON

Managed

Objects

SNMP

Manager

RMON

Probe

8 OPM

Three-Tier Organization Model:

Proxy Server

Non-SNMP

Managed

Objects

SNMP

Manager

Proxy

Server

SNMP

Managed

Objects

9 OPM

An NMS behaving as Manager and Agent

SNMP

Agent

SNMP

Manager

SNMP

Agent

SNMP

Manager

SNMP Agent

Network

Element

Network

Element

SNMP Agent

10 OPM

Information model

It deals with Structure of Management Information (SMI) and Management Information Base (MIB).

Structure of Management Information (SMI)

Defines standard unique names and identifiers for objects

Defines standard formats (syntax) for objects to use in MIB

Management Information Base (MIB)

MIB is a simple database

Hierarchy of information about a device is maintained.

Uniquely identifies specific information on a specific device Object Type

Name and Object Identifier

Relationship between various managed objects

11 OPM

Object names and identifiers

internet OBJECT IDENTIFIER ::= {iso(1) org(3) dod(6) internet(1)}

The object identifier of internet is 1.3.6.1

iso (1)

org (3)

dod (6)

internet

(1)

12 OPM

Subnodes under internet node in SNMPv1

internet

(1 3 6 1)

directory

(1)

mgmt

(2)

experimental

(3)

private

(4)

13 OPM

Subnodes under internet node in SNMPv1

(cont.)

The directory (1) is reserved for future use (now used by SNMPv2 & SNMPv3 to manage OSI based & other networks) of OSI directory in the internet.

The mgmt (2) node is used to identify all IETF recommended and IAB (Internet Architecture Board) approved subnodes and objects.

The experimental (3) objects under IETF experiments.

The private (4) is heavily used node, Commercial vendors can acquire a number under enterprises (1).

14 OPM

A private subtree for commercial vendors

internet

(1 3 6 1)

private

(4)

Cabletron

(52)

3Com

(43)

hp

(11)

cisco

(9)

enterprises

(1)

ibm

(2)

* 37519 enterprise numbers has been issued under enterprises node up to 3 March 2011 and list is growing day by day.

15 OPM

MIB Management Information Base

Object IDentifier (OID)

- Example .1.3.6.1.2.1.1

- iso(1) org(3) dod(6) internet(1) mgmt(2) mib-2(1) system(1)

-

1

3

6

1

1

2 3

4

1

1

2 4

6

iso(1)

org(3)

dod(6)

internet(1)

directory(1)

mgmt(2) experimental(3)

private(4)

mib-2(1)

system(1)

interfaces(2) ip(4)

tcp(6)

16 OPM

MIB Management Information Base

Maintains SNMP instances (values)

- Each MIB object can have an instance.

iso(1) org(3) dod(6) internet(1) mgmt(2) mib-2(1) interfaces(2) ifTable(2) ifEntry(1) ifType(3)

- One MIB object definition can represent multiple instances

through Tables, Entries, and Indexes.

17 OPM

MIB-II

mgmt

(2)

directory

(1)

experimental

(3)

private

(4)

Internet

{1 3 6 1}

mib-2

(1)

Internet MIB-II Group

system (1)

interfaces (2)

at (3)

ip (4)

icmp (5)

snmp (11)

transmission (10)

cmot (9)

egp (8)

udp (7)

tcp (6)MIB-II objects are divided into 11 group but may increase in future

Objects that are related, are grouped into object group

18 OPM

MIB-II groups

System group contains the objects that describe system administration Interface group defines the interfaces of the network components and network parameters associated with each interface.

Address Translation (AT) group is a cross-reference table between the IP address and the MAC (physical) address.

IP (Internet Protocol) network layer protocol ICMP (Internet Control Management Protocol) TCP (Transport Control Protocol) connection oriented transport layer protocol UDP (User Datagram Protocol) connectionless transport layer protocol EGP (External Gateway Protocol) is a routing protocol CMOT (CMIP over TCP/IP) is used to manage internet using CMIP

The above mentioned protocol groups contain objects of corresponding protocol

Transmission group was created as a place holder for network transmission related parameters

SNMP group is the communication protocol group associated with SNMP

management 19 OPM

Communication model

To exchange management information between Manager and Agent following messages are used:

SNMP (SNMPv1) (total 5 messages) Get-Request

Get-Next-Request

Set-Request

Get-Response

Trap

SNMPv2 and SNMPv3 consists of two more messages (total 7 including 5 mentioned above)

Get-Bulk-Request

Inform-Request

20 OPM

SNMP Manager

Application

Get

-Res

pons

e

Get

-Req

uest

Get

Nex

t-Req

uest

Set

-Req

uest

Trap

SNMP Manager

SNMP

UDP

IP

DLC

PHY

SNMP Agent

Application

Get

-Res

pons

e

Trap

SNMP Agent

SNMP

UDP

IP

DLC

PHY

Physical Medium

Figure 4.9 SNMP Network Management Architecture

Manage-

ment

Data

Get

-Req

uest

Get

Nex

t-Req

uest

Set

-Req

uest

SNMP Communication

21 OPM

Basic operations contd..

Manager Agent

get_request

get_next_request

get_response port 161

port 161

port 161

port 161 port 162

get_response

get_response

set_request

trap

22 OPM

SNMP Messages

Get-Request Sent by manager requesting specific data from agent

Get-Next-Request Sent by manager requesting data of the next Managed Object to the one

specified

Set-Request Initializes or changes the value of network element/parameter

Get-Response Agent responds with data for get and set requests from the manager

Trap (Notification) Alarm generated by an agent

23 OPM

SNMP Message transmission (GetRequest, GetNextRequest, SetRequest, GetResponce)

IP

header

UDP

header

SNMP

Version

SNMP

Community

PDU type Request

ID

Error

status

Error

index

Variable

bindings

SNMP PDU

UDP

header

MAC

header

IP

header

UDP

header

Physical Layer

Application Layer

Transport Layer

Network Layer

Data Link Layer

Transport Medium

SNMP Message

PHY

header

Modulation information

SNMP Message

SNMP Message

SNMP Message

MAC

header

IP

header

UDP

header SNMP Message

24 OPM

SNMP PDU fields

PDU type- Specifies the type of PDU transmitted: GetRequest [0], GetNextRequest [1], SetRequest [2], GetResponse [3] and Trap [4] .

Request ID- Associates SNMP requests with responses.

Error status- Indicates one of the errors and error types. Only the response operation sets this field. Other operations set this field to zero. 0x00 No error occurred 0x01 Response message too large to transport 0x02 The name of the requested object not found 0x03 A data type in the request did not match the data type in the

SNMP agent 0x04 The SNMP manager attempted to set a read-only parameter 0x05 General Error (some error other than the one listed above)

25 OPM

SNMP PDU fields (cont.)

Error index- Associates an error with a particular object instance. Only the response operation sets this field. Other operations set this

field to zero.

Variable bindings- Serves as the data field of the SNMPv1 PDU. Each variable binding associates a particular object instance with

its current value (except Get and GetNext requests, for which the

value is ignored).

26 OPM

SNMP version & community

SNMP version:

SNMPv1 (0), SNMPv2 (1), SNMPv3 (2)

SNMP Community Strings :

An SNMP community string is a text string that acts as a password.

It is used to authenticate messages that are sent between the management station and the device (the SNMP agent).

The community string is included in every packet that is transmitted between the SNMP manager and the SNMP agent.

27 OPM

Fields in SNMP message

28 OPM

SNMP Message transmission (Trap PDU)

IP

header

UDP

header

SNMP

Version

SNMP

Community

PDU type enterprise Agent-

address

Generic

trap

Specific

trap

SNMP PDU

UDP

header

SNMP Message

MAC

header

IP

header

UDP

header

Physical Layer

Application Layer

Transport Layer

Network Layer

Data Link Layer

Transport Medium

Time

stamp

Variable

binding

SNMP Message

PHY

header

Modulation information

SNMP Message

SNMP Message

29 OPM

SNMP PDU fields (trap message)

PDU type --Specifies the type of PDU (Trap=4).

Enterprise -- Identifies the management enterprise under whose registration authority the trap was defined.

Agent address- - IP address of the agent, used for further identification.

Specific trap type -- Used to identify a non-generic trap when the Generic Trap Type is enterprise specific.

Timestamp -- Value of the sysUpTime object, representing the amount of time elapsed between the last (re-)initialization and the generation of that Trap.

30 OPM

SNMP PDU (trap) fields (cont.)

Generic trap type -- Field describing the event being reported. The following seven values are defined:

Generic Trap Type Description (brief) coldStart (0) Sending protocol entity is reinializing itself; agents configuration or

protocol entity implementation may be altered

warmStart (1) Sending protocol entity is reinializing itself; agents configuration or protocol entity implementation will not alter

linkDown (2) Failure of one of the communication link

linkUp (3) One of the link has come up

authenticationFailure (4) Authentication failure

egpNeighborLoss (5) Loss of EGP neighbor

enterpriseSpecific (6) Enterprise-specific trap 31 OPM

SNMP Message transmission (GetBulkRequest PDU)

IP

header

UDP

header

SNMP

Version

SNMP

Community

PDU type Request

ID

Non-

Repeaters

Max

Repetition

Variable

bindings

SNMP PDU

UDP

header

MAC

header

IP

header

UDP

header

Physical Layer

Application Layer

Transport Layer

Network Layer

Data Link Layer

Transport Medium

SNMP Message

PHY

header

Modulation information

SNMP Message

SNMP Message

SNMP Message

32 OPM

SNMP PDU (GetBulkRequest) fields

PDU type value is 5.

Two new fields in SNMP PDU are:

Non-Repeaters field indicates the number of non-repetitive field value requested.

Max Repetitions field designates the maximum number of table rows requested.

33 OPM

SNMP message (InformRequest)

The packet format of InformRequest message is same as of GetRequest, GetNextRequest, SetRequest , GetResponce messages.

PDU type value is 6.

Generally InformRequest is used to send notification from one SNMP Manager to another SNMP manager.

The SNMP manager that receives an Inform Request message acknowledges the message with an SNMP Response PDU.

Traps are unreliable because the receiver does not send any acknowledgment when it receives a trap. The sender cannot determine if the trap was received.

In some cases InformRequest message is used at place of Traps message due to reliability for notification from Agent to Manager.

34 OPM

Functional Model

It consists of:

Operation (Configuration , Fault & Performance ) Management

Administration (Authentication)

[Accounting management is left open for service providers]

Security (Community String, ACCESS)

35 OPM

SNMP Security

SNMP Community Strings (like passwords)

ACCESS:

- READ-ONLY: You can send out a Get & GetNext to the SNMP agent, and

if the agent is using the same read-only string it will process the request.

- READ-WRITE: Get, GetNext, and Set. If a MIB object has an ACCESS

value of read-write, then a Set PDU can change the value of that object

with the correct read-write community string.

36 OPM

Security in SNMPv1 & SNMPv2

SNMPv1 uses plain text community strings for authentication as plain text without encryption.

SNMPv2 was supposed to fix security problems beyond SNMP community, but effort de-railed (The c in SNMPv2c stands for

community).

37 OPM

SNMPv3 Security

SNMPv3 has numerous security features: Ensures that a packet has not been tampered with (integrity due to encryption)

Ensures that a message is from a valid source (authentication using login ID & password)

Ensures that a message cannot be read by unauthorized (privacy due to encryption).

Security model of SNMPv3 has two components: 1.Instead of granting access rights to a community, SNMPv3 grants access to users

(after verifying authentication).

2. Access can be restricted to sections of the MIB:

by specifying a range of valid IP addresses for a user or community,

or by specifying the part of the MIB tree that can be accessed.

38 OPM

RMON (Remote network MONitoring)

Remote Monitoring (RMON) is a standard monitoring specification that enables various network Probes or monitors that send monitoring data to manager.

Probe consists of physical object/device with Processor (Router/Switch/Computer) and Agent function with RMON specification .

There are 2 versions of RMON: RMON1 (RMONv1)and RMON2 (RMONv2).

39 OPM

Diagram of the RMON MIB

MIB 1&2

MIB 1

MIB 2

Root

ISO Org

DoD

Internet

Mgmt Private

RMON1

1. Statistics

9. Event

7. Filter

8. Capture

6. Matrix

5. Host Top N

4. Hosts

3. Alarm

2. History

10. Token Ring

RMON2

11. Protocol Directory

19. Probe Configuration

17. Application-Layer Matrix

18. User History

16. Application-Layer Host

15. Network-Layer Matrix

14. Network-Layer Host

13. Address Map

12. Protocol Distribution

20. RMON Conformance

RMON

40 OPM

RMON1 MIB Groups

Statistics - Traffic and error rates on a segment of network

History - Above statistics with a time stamp

Alarm - User defined threshold alarms on any RMON variable

Hosts - Traffic and error rates for each host by MAC address

Host Top N - Sorts hosts by top traffic and/or error rates

Matrix - Conversation matrix between hosts

Filter - Definition of what type of packet to capture and store

Packet Capture - Creates a capture buffer on the probe that can be requested and decoded by the management application

Event - Generates login entries and/or SNMP traps

Token Ring - Token Ring extensions, most complex group

41 OPM

RMON2 MIB Groups Protocol Directory - List of protocols the probe can monitor

Protocol Distribution - Traffic statistics for each protocol

Address Map - Maps network-layer to MAC-layer addresses

Network-Layer Host - Traffic statistics to and from each discovered host

Network-Layer Matrix - Traffic statistics on conversations between pairs of discovered hosts

Application-Layer Host - Traffic statistics to and from each host by protocol providing insight into the use and growth of applications

Application-Layer Matrix - Traffic statistics on conversations between pairs of hosts by protocol

User History Collection - Periodic samples of user-specified variables

Probe Configuration - Remote configuration of probe parameters

RMON Conformance - Requirements for RMON2 MIB conformance (specify mandatory or optional group)

42 OPM

RMON Groups

RMON delivers information in RMON1 and RMON2 groups of monitoring elements, each group provides specific sets of data to meet common

network-monitoring requirements.

Each group is optional so that vendors do not need to support all the groups within the Management Information Base (MIB).

Some RMON groups require support of other RMON groups to function properly.

43 OPM

RMON operation

RMON solutions are comprised of two components: a probe ( or a monitor or RMON agent), and Clint usually a management station (Manager).

Probes (RMON agent) store network information within their RMON MIB and are normally found as embedded software on network hardware such as

routers and switches although they can be a program running on a Computer.

Probes can only see the traffic that flows through them so they must be placed on each LAN segment or WAN link that is to be monitored.

Management stations (Manager) communicate with the RMON agent or probe, using SNMP messages to obtain and correlate RMON data.

44 OPM