NETWORK MANAGEMENT: SNMP

Network Management can be defined as monitoring, testing, configuring and

troubleshooting network components to meet a set of requirements defined

by an organization.
Functions of Network Management System
Network Management System can be divided into five broad categories:
Configuration Management
• A large network is usually made up of hundreds of entities that are
physically or logically connected to one another.
• These entities have an initial configuration when the network is set up,
but can change with time.
• The configuration management system must know the status of each
entity and its relation to other entities.
Configuration management can be divided into two subsystems:
Reconfiguration and Documentation.
Reconfiguration
Reconfiguration means in a large network, the network components and
features are adjusted daily. There are three types of reconfiguration:
i. Hardware reconfiguration: It covers all changes to the hardware. These
are handled manually. Example: A sub network (Router) may be added or
removed from the network.
ii. Software reconfiguration: It covers all changes to the software. Most of
the software reconfiguration can be automated. Example: Updating
Operating system.
iii. User-account reconfiguration: It covers adding and deleting the users
on a system and it also considers user’s individual privileges and Group
privileges.
Example: A user may have read and write permission with regard to some
files, but only read permission with regard to other files.
Documentation
The network configuration and each subsequent change in hardware,
software and user accounts must be documented.
Hardware documentation
• It involves two sets of documents: Maps andSpecifications.
• Maps track each piece of hardware and its connection to the network.
• General maps that shows the logical relationship as well as physical
relationship between eachsub network.
• For each sub-network, there are one or more maps that show all pieces of equipment.
• Specification information such as hardware type, serial number, vendor
address and phone number, time of purchase and warranty information
must be included for each piece of hardware connected to the network.
Software Documentation It includes information such as the software type,
the version, the time installed etc.
User documentation Operating system utilities allows the documentation of
user accounts and their privileges. The information in these files are updated
and secured.
Fault Management
Fault management is the area of network management that handles the issues
in network components. Example: A fault may be a damaged
communication medium.
Fault management system has two subsystems: Reactive and Proactive.
Reactive Fault Management
The responsibilities of reactive fault management can be divided into 4 steps:
i. Detect the fault: Fault management system must have to detect the exact
location of the fault.
ii. Isolate the fault: If a fault is isolated that affects only a few users. After
isolation, the affected users are immediately notified and given an
estimated time of correction.
iii. Correct the fault: This may involve replacing or repairing the faulty components.
iv. Record the fault: After the fault is corrected, it must be recorded (i.e.
documented). The record should show the exact location of the fault, the
possible cause, the action or actions taken to correct the fault, the cost and
time it took for each step.
Proactive Fault Management
Proactive fault management tries to prevent faults from occurring. Some
failures can be predicted and prevented.

Performance Management
Performance management tries to monitor and control the network to ensure
that it is running as efficiently. It can be measured by the following concepts:
Capacity, Traffic, Throughput, Response time.
• Capacity of the Network Every network has a limited capacity, and the
performance management system must ensure that it is not used above this
capacity.
 Example: If a LAN is designed for 100 stations at an average data rate of2
Mbps, it will not operate properly if 200 stations are connected to the
network.
• Traffic Traffic can be measured in two ways: Internally and Externally.
Internal traffic is measured by the number of packets (or bytes) traveling
inside the network.
External traffic is measured by the exchange of packets (or bytes) outside the network.
• Throughput It can be measured by an individual device such as a router
or a part of the network. Throughput makes sure that, the device is not
reduced to unacceptable levels.
• Response Time It is measured from the time a user requests a service to
the time the service is granted.
Security Management
Security management is responsible for controlling access to the network
based on the predefined policy.
Accounting Management
• Accounting management is the control of users' access to network
resources through charges.
• Under accounting management, individual users, departments, divisions,
or even projects are charged for the services they receive from the
network.

SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP)

The Simple Network Management Protocol (SNMP) is a framework for
managing devices in an internet using the TCP/IP protocol suite. It provides a
set of fundamental operations for monitoring and maintaining an internet.
Concept of SNMP
• SNMP is an application level protocol that uses the concept of Manager and Agent.
• A manager controls and monitors a set ofagents.
• A manager may be a host and an Agent may be a router.
• SNMP can monitor devices made by different manufacturers and
installed on different physical networks.
• SNMP can be used in LANs and WANs connected by routers.
Managers and Agents
• A Manager or a management station is a host that runs the SNMP client program.
• An Agent or a Managed station is a router or a host that runs the SNMP server
program.
Management is achieved through simple interaction between a manager and an agent.
• Agent keeps performance information in a database.
• Manager has access to the values in the database.
Example: A router can store in variables such as the number of packets
received and forwarded. The manager can fetch and compare the values of
these two variables to see if the router is congested or not.
Management with SNMP is based on three basic ideas:
1. A manager checks an agent by requesting information that reflects the
behavior of the agent.
2. A manager forces an agent to perform a task by resetting values in the agent database.
3. An agent contributes to the management process by sending warning
message to the manager of an unusual situation. The warning message is
called the trap.
Management Components
• SNMP uses two other protocols to do management tasks: Structure of
Management Information (SMI) and Management Information
Base(MIB).
Structure of Management Information (SMI)
The Structure of Management Information version 2 (SMIv2) is a
component for network management. Functions of SMI are:

Name
• SMI requires that each managed object (such as a router, a variable in a
router, a value) have a unique name.
• To name objects globally SMI uses an object identifier, which is a
hierarchical identifier based on a tree structure. The tree structure starts
with an unnamed root.
 • Each object can be defined by using a sequence of integers separated by dots.
• Tree structure can also define an object by using a sequence of textual
names separated by dots.
• The integer-dot representation is used in SNMP. The name-dot notation
is used by people.
Example: The following shows the same object in two
different notations:
[Link]-2 [Link].2.1
Type
• To define the data type, SMI uses fundamental Abstract Syntax Notation 1(ASN.l).
• SMI has two broad categories of data type: Simple and Structured.
Simple Type
The simple data types are atomic data types such a as Integer32, Octet String, IP address
etc.
Structured Type
By combining simple and structured data types, we can make new
structured data types. SMI defines two structured data types: Sequence
and Sequence of.
• A Sequence data type is a combination of simple data types, not
necessarily of the same type. It is similar to the concept of a struct used in
C programming.
• A Sequence of data type is a combination of simple data types all of the
same type. It is similar to the concept of an array used in C-programming.
Encoding Method
SMI uses another standard Basic Encoding Rules (BER) to encode data to be
transmitted over the network. BER specifies data to be encoded in following
format: Tag, Length and Value.
Tag
The tag is a 1-byte field that defines the type of data. It is composed of three subfields:
• Class (2 bits): It defines the scope of the data.
Four classes are defined: 00- universal, 01-Application wide, 10- context
specific, 11- private.
• Format subfield indicates whether the data are simple (0) or structured(1).
• Number subfield further divides simple or structured data into subgroups.
Example: In the universal class with simple format, INTEGER has a value
of 2, OCTET STRING has a value of 4.
Length
• The length field is 1 or more bytes.
• If it is 1 byte, the most significant bit must be 0. Other 7 bits define the length of the
data.
• If it is more than 1 byte, the most significant bit of the first byte must be
1. The other 7 bits of the first byte define the number of bytes needed to
define the length.
Value field codes the value of the data according to the rules defined in BER.

Example: Show the following in encoding representation:

1. Define INTEGER14.

2. Define OCTET STRING“HI”

Management Information Base(MIB2)

The basic purpose of MIB in SNMP is to provide a standardized framework for

organizing, retrieving, and configuring data on network devices. This allows network
administrators to effectively monitor and manage network performance and
configurations across various devices.
• MIB version 2 is the second component used in network management.
• MIB creates a collection of named objects, their types and their
relationships to each other in an entity to be managed.
• Each agent has its own MIB2, which is a collection of all the objects that
the manager can manage.
• The objects in MIB2 are categorized under 10 different groups: system,
 interface, address translation, ip, icmp, tcp, udp, egp, transmission, and
snmp.
• These groups are under the MIB-2 object in the object identifier tree.
• Each group has defined variables and tables.

Accessing MIB Variables

Let us take UDP group to show how to access different variables. To access
any of the simple variables, we use the id of the group ([Link].2.1.7)
followed by the id of the variable.

The following shows how to access each variable:

UdpIn Datagrams [Link].[Link]
UdpNo Ports [Link].[Link]
UdpIn Errors [Link].[Link]
UdpOut Datagrams [Link].[Link]
The object identifiers define the variable not instances (contents). An
instance suffix “0” should be added to show the instance of each variable.
udpInDatagrams.0 [Link].[Link].0
udpNoPorts.0 [Link].[Link].0
udpInErrors.0 [Link].[Link].0
udpOutDatagrams.0 [Link].[Link].0
Tables
To identify a table, we first use the table id. To access the table, we have to
define the table entries.
Udp Table [Link].[Link]
udp Entry [Link].[Link].1
To access the entry we need to define each entity (field)
in the entry.
 Udp Local Address [Link].[Link].1.1
Udp Local Port [Link].[Link].1.2
• To access a specific instance (row) of the table, we add the index to the
above ids. To access the instance of the local address for the first row, we
use the identifier augmented with the instance index:
udpLocalAddress.[Link].23 [Link].[Link].[Link].14.23
Lexicographic Ordering
• The object identifiers follow in lexicographic order.
• Tables are ordered column by column from the top to the bottom.
• The lexicographic ordering enables a manager to access a set of variables
one after another by defining the first variable.
SNMP version3 (SNMPv3)
• SNMP defines the format of packets exchanged between a manager and an agent.
• SNMP interprets the result and creates statistics.
• The packets exchanged contain the object (variable) names and their status(values).
• SNMP is responsible for reading and changing these values.
• SNMP uses both SMI and MIB in Internet
network management. SNMPv3 defines eight types

of packets or PDUs.

1. GetRequest PDU is sent from the manager (client) to the agent (server)
to retrieve the value of a variable or a set of variables.
2. GetNextRequest PDU is sent from the manager to the agent to retrieve
the value of a variable. It is mostly used to retrieve the values of the
entries in a table.
3. GetBulkRequest PDU is sent from the manager to the agent to retrieve a
large amount of data.
4. SetRequest PDU is sent from the manager to the agent to set (store) a value in a
variable.
5. Response PDU is sent from an agent to a manager in response to
 GetRequest or GetNextRequest.
6. Trap PDU is sent from the agent to the manager to report an event. For
example, if the agent is rebooted, it informs the manager and reports the
time of rebooting.
7. InformRequest PDU is sent from one manager to another remote manager
to get the value of some variables from agents under the control of the
remote manager. The remote manager responds with a Response PDU.
8. Report PDU is designed to report some types of errors between managers.
It is not yet in use.