SNMP

Simple
Simple Network
Network Management
Management Protocol
Protocol

MPSTME Shirpur Campus

What
What is
is Network
Network Management?
Management?

Basic tasks that fall under this category are:

•Configuration Management
•Keeping track of device settings and how they function

•Fault Management
•Dealing with problems and emergencies in the network
(router stops routing, server loses power, etc.)

•Performance Management
•How smoothly is the network running?
•Can it handle the workload it currently has?
Network
Network Management
Management must
must be...
be...

The management interface must be...

•Standardized
•Extendible
•Portable

The management mechanism must be...

•Inexpensive
•Implemented as software only
 Functional
Functional Areas
Areas of
of Network
Network
Management
Management

Configuration Management - inventory, configuration, provisioning

Fault Management - reactive and proactive network fault management
Performance Management - # of packets dropped, timeouts, collisions, CRC errors
Security Management - SNMP doesn’t provide much here
Accounting Management - cost management and chargeback assessment
Asset Management - statistics of equipment, facility, and administration personnel
Planning Management - analysis of trends to help justify a network upgrade or
bandwidth increase
Versions
Versions

•Two major versions SNMPv1, SNMPv2

•SNMPv1 is the recommended standard
•SNMPv2 has become split into:
•SNMPv2u - SNMPv2 with user-based security
•SNMPv2* - SNMPv2 with user-based security and additional features
•SNMPv2c - SNMPv2 without security
What
What is
is SNMP?
SNMP?

• SNMP is a tool (protocol) that allows for remote

and local management of items on the network
including servers, workstations, routers, switches
and other managed devices.
• Comprised of agents and managers

•Agent - process running on each managed node collecting

information about the device it is running on.

•Manager - process running on a management workstation that

requests information about devices on the network.
Advantages
Advantages of
of using
using SNMP
SNMP

• Standardized
• universally supported
• extendible
• portable
• allows distributed management access
• lightweight protocol
Client
Client Pull
Pull && Server
Server Push
Push

• SNMP is a “client pull” model

The management system (client) “pulls” data from

the agent (server).

• SNMP is a “server push” model

The agent (server) “pushes” out a trap message to a
(client) management system
Ports
Ports && UDP
UDP

•SNMP uses User Datagram Protocol (UDP) as the

transport mechanism for SNMP messages

Ethernet
Frame IP CRC
Packet
UDP
SNMP Message
Datagram

•Like FTP, SNMP uses two well-known ports to operate:

•UDP Port 161 - SNMP Messages

•UDP Port 162 - SNMP Trap Messages
The
The Three
Three Parts
Parts of
of SNMP
SNMP

SNMP network management is based on three parts:

•SNMP Protocol
•Defines format of messages exchanged by management
systems and agents.
•Specifies the Get, GetNext, Set, and Trap operations

•Structure of Management Information (SMI)

•Rules specifying the format used to define objects managed
on the network that the SNMP protocol accesses

•Management Information Base (MIB)

•A map of the hierarchical order of all managed objects and
how they are accessed
 Nodes
Nodes
Items in an SNMP Network are called nodes. There are
different types of nodes.
•Managed nodes
Typically runs an agent process that services requests from a management node

•Management nodes
Typically a workstation running some network management & monitoring software

•Nodes that are not manageable by SNMP

A node may not support SNMP, but may be manageable by SNMP through a proxy
agent running on another machine

Nodes can be both managed nodes and a management node at the same time
(typically this is the case, since you want to be able to manage the workstation that your management application is
running on.)
Community
Community Names
Names

Community names are used to define where an SNMP

message is destined for.
They mirror the same concept as a Windows NT or Unix
domain.
•Set up your agents to belong to certain communities.
•Set up your management applications to monitor and
receive traps from certain community names.
SNMP
SNMP Agents
Agents

Two basic designs of agents

•Extendible Agents
•Open, modular design allows for adaptations to new
management data and operational requirements

•Monolithic Agents
•not extendible
•optimized for specific hardware platform and OS
•this optimization results in less overhead (memory and system resources)
and quicker execution
 Proxy
Proxy && Gateway
Gateway Agents
Agents

Proxy & Gateway Agents extend the capabilities of SNMP by allowing it to:

•Manage a device that cannot support an SNMP agent

•Manage a device that supports a non-SNMP management agent
•Allow a non-SNMP management system to access an SNMP agent
•Provide firewall-type security to other SNMP agents (UDP packet filtering)
•Translate between different formats of SNMP messages (v1 and v2)
•Consolidate multiple managed nodes into a single network address (also to
provide a single trap destination)
Four
Four Basic
Basic Operations
Operations

•Get
Retrieves the value of a MIB variable stored on the agent machine
(integer, string, or address of another MIB variable)

•GetNext
Retrieves the next value of the next lexical MIB variable

•Set
Changes the value of a MIB variable

•Trap
An unsolicited notification sent by an agent to a management
application (typically a notification of something unexpected, like an error)
 Traps
Traps
•Traps are unrequested event reports that are sent to a
management system by an SNMP agent process
•When a trappable event occurs, a trap message is generated
by the agent and is sent to a trap destination (a specific,
configured network address)
•Many events can be configured to signal a trap, like a
network cable fault, failing NIC or Hard Drive, a “General
Protection Fault”, or a power supply failure
•Traps can also be throttled -- You can limit the number of
traps sent per second from the agent
•Traps have a priority associated with them -- Critical, Major,
Minor, Warning, Marginal, Informational, Normal, Unknown
 Trap
Trap Receivers
Receivers
•Traps are received by a management application.
•Management applications can handle the trap in a few ways:
•Poll the agent that sent the trap for more information about the event, and
the status of the rest of the machine.
•Log the reception of the trap.
•Completely ignore the trap.
•Management applications can be set up to send off an e-mail,
call a voice mail and leave a message, or send an alpha-
numeric page to the network administrator’s pager that says:
Your PDC just Blue-Screened at 03:46AM. Have a nice day. :)
Languages
Languages of
of SNMP
SNMP

•Structure of Management Information (SMI)

specifies the format used for defining managed objects that are
accessed via the SNMP protocol

•Abstract Syntax Notation One (ASN.1)

used to define the format of SNMP messages and managed
objects (MIB modules) using an unambiguous data description
format

•Basic Encoding Rules (BER)

used to encode the SNMP messages into a format suitable for
transmission across a network
SMIv1
SMIv1
Structure of Management Information
SMIv1 is described in RFCs 1155, 1212, 1215
These RFCs describe:
•How MIB modules are defined with CCITT X.208 ASN.1 data description
language
•The subset of the ASN.1 language that is used in MIBs
•The addition of the APPLICATION data type to ASN.1, specifically for use
with SNMP MIBs
•All ASN.1 constructs are serialized using the CCITT X.209 BER for
transmission across the wire
•definition of the high-level structure of the Internet branch
(iso(1).org(3).dod(6).internet(1)) of the MIB naming tree
•the definition and description of an SNMP managed object
SMIv2
SMIv2
Structure of Management Information
SMIv2 is described in RFCs 1442, 1443, 1444
These RFCs describe:
•SMIv2 is a backward compatible update to SMIv1
•The only exception is the Counter64 type defined by SMIv2
•Counter64 cannot be created in SMIv2
•RFC 2089 defines how bilingual (SMIv1 & SMIv2) agents handle the
Counter64 data type
•IETF requires that new and revised RFCs specify MIB modules using SMIv2
 ASN.1
ASN.1
Abstract Syntax Notation One

ASN.1 is nothing more than a language definition. It is

similar to C/C++ and other programming languages.

Syntax examples:
-- two dashes is a comment -- The C equivalent is written in the comment
MostSevereAlarm ::= INTEGER -- typedef MostSevereAlarm int;
circuitAlarms MostSevereAlarm ::= 3 -- MostSevereAlarm circuitAlarms = 3;
MostSevereAlarm ::= INTEGER (1..5) -- specify a valid range
ErrorCounts ::= SEQUENCE {
circuitID OCTET STRING,
erroredSeconds INTEGER,
unavailableSeconds INTEGER
} -- data structures are defined using the SEQUENCE keyword
 BER
BER
Basic Encoding Rules

The relationship between ASN.1 and BER parallels that of

source code and machine code.
CCITT X.209 specifies the Basic Encoding Rules
All SNMP messages are converted / serialized from ASN.1
notation into smaller, binary data (BER)
 SNMP
SNMP Data
Data Types
Types
Yellow items defined
•INTEGER -- signed 32-bit integer by ASN.1
•OCTET STRING Orange items defined
•OBJECT IDENTIFIER (OID) by RFC 1155

•NULL -- not actually data type, but data value

•IpAddress -- OCTET STRING of size 4, in network byte order (B.E.)
•Counter -- unsigned 32-bit integer (rolls over)
•Gauge -- unsigned 32-bit integer (will top out and stay there)
•TimeTicks -- unsigned 32-bit integer (rolls over after 497 days)
•Opaque -- used to create new data types not in SNMPv1
•DateAndTime, DisplayString, MacAddress, PhysAddress, TimeInterval,
TimeStamp, TruthValue, VariablePointer -- textual conventions used as types
Basic
Basic Message
Message Format
Format

Message Length
Message Version Message Preamble
Community String

PDU Header

SNMP Protocol
Data Unit
PDU Body