simple network management protocol by - suparna sri
TRANSCRIPT
Simple Network Management Protocol
By - Suparna
Sri
Agenda Introduction Network Level Architecture Operation of Protocol Applications of Protocol Event flows Message Formats Extensions, Performance & Security Issue Conclusion References
Introduction
SNMP is an application layer protocol that facilitates the exchange of management information between network devices.
It is used for collecting information from, and configuring, network devices, such as servers, printers, hubs, switches, and routers on an Internet Protocol (IP) network.
SNMP enables network administrators to manage network performance, find and solve network problems, and plan for network growth.
Basic Components of SNMP
NMS (Network Management Station)
Managed Devices
Agents
MIB (Management Information Base)
NMS executes applications that monitor and control managed devices.
It executes applications that monitor and control managed devices. One or more NMS’s must exist on any managed network.
NMS is a general purpose computer running special software
Managed Device is a network node that contains an SNMP agent and that resides on a managed network. Managed devices collect and store management information
and make this information available to NMSs using SNMP. Managed devices, sometimes called network elements, can
be routers and access servers, switches and bridges, hubs, computer hosts, or printers.
Agents is a network-management software module that resides in a managed device.
An agent has local knowledge of management information and translates that information into a form compatible with SNMP.
Network Level Architecture
MIB Structure Every management station or an agent in an SNMP
architecture maintains a local database having information related to the network management.
This virtual information store is called MIB- objects database
An SNMP MIB contains definitions and information about the properties of managed resources and the services that the agents support. The manageable features of resources, as defined in an SNMP MIB, are called managed objects
Management Information Base
MIB object identifiers Each object in the MIB has an object identifier
(OID) Management station uses ODI to request the
object's value from the agent. An OID is a sequence of integers that uniquely
identifies a managed object by defining a path to that object through a tree-like structure called the OID tree or registration tree.
When an SNMP agent needs to access a specific managed object, it traverses the OID tree to find the object.
SNMP ODI Hierarchy Format
Operation of Protocol
Read: It is used by an NMS to monitor managed devices. The NMS examines different variables that are
maintained by managed devices. Write: It is used by an NMS to control managed devices.
The NMS changes the values of variables stored within managed devices.
Trap: The trap command is used by managed devices to asynchronously report events to the NMS. When certain types of events occur, a managed device sends a trap to the NMS.
Operation of the Protocol
Get Get next Get-bulk Set Set response Trap Notification Inform Report
‘get’ and ‘getnext’ Operation
The get request is initiated by the NMS, which sends the request to the agent. The agent receives the request and
processes it to best of its ability.
The get command is useful for retrieving a single MIB object at a time.
The get-next operation lets you issue a sequence of commands to retrieve a group of values from a MIB
‘get’ Operation
‘get bulk’ operation SNMPv2 defined the get-bulk operation which allows a
management application to retrieve a large section of a table at once.
The standard get operation can attempt to retrieve more than one MIB object at once, but message sizes are limited by the agent's capabilities. If the agent can't return all the requested responses, it returns an error message with no data.
Get bulk command consists of two fields non-repeaters and max – repetitions and these fields are set when issuing a get-bulk command non-repeaters and max-repetitions.
Non-repeaters tells the get-bulk command that the first N objects can be retrieved with a simple get-next operation. Max-repetitions tells the get-bulk command to attempt up to M get-next operations to retrieve the remaining objects
‘get bulk’ Operation
‘set’ Operation
The set command is used to change the value of a managed object or to create a new row in a table. Objects that are defined in the MIB as read-write or write-only can be altered or created using this command. It is possible for an NMS to set more than one object at a time.
‘trap’ Operation
Trap: A trap is a way for an agent to tell the NMS that something bad has happened.
The trap originates from the agent and is sent to the trap destination, as configured within the agent itself. The trap destination is typically the IP address of the NMS.
Scenarios when ‘trap’ occurs
A network interface on the device (where the agent is running) has gone down.
A network interface on the device (where the agent is running) has come back up.
An incoming call to a modem rack was unable to establish a connection to a modem.
The fan on a switch or router has failed.
Generic types of ‘trap’ Coldstart(0) :Indicates that the agent has rebooted. All
management variables will be reset; specifically, Counters and Gauges will be reset to zero (0). It can also be used to determine when new hardware is added to the network.
Warmstart(1):Indicates that the agent has reinitialized itself. None of the management variables will be reset.
Linkdown(2): Sent when an interface on a device goes down. The first variable binding identifies which interface went down.
Linkup(3): Sent when an interface on a device comes back up.
Generic types of ‘trap’ authenticationFailure(4):Indicates that someone has
tried to query your agent with an incorrect community string; useful in determining if someone is trying to gain unauthorized access to one of your devices.
egpNeighborloss(5): Indicates that an Exterior Gateway Protocol (EGP) neighbor has gone down.
Enterprisespecific(6): Indicates that the trap is enterprise-specific which are used by SNMP to define their own traps under the private-enterprise branch of the SMI object tree.
Other SNMP operations
SNMP notification: As the PDUs of snmpv1,v2 and v3,notification-type is used as a means of notification for this.
SNMP inform: inform mechanism provides communication between manager-manager
SNMP report: Allows the SNMP engines to communicate with each other mainly to report the problems with processing SNMP messages
Message Sent Between an SNMP Manager and its Managed Devices
Event Flow of SNMP protocol
Represents Interactions and timing of the SNMP protocol between the SNMP manager and the SNMP agent.
Traps are unsolicited messages sent from the agent to the manager.
There are four functions of SNMP:
get request, trap, get next and set request.
Event Flow of SNMP operations
Network Management System
SNMPv3 Applications Five types of application which can be associated with an SNMP
engine are described in RFC 2273. These applications are : - Command generators, which monitor and manipulate
management data, - Command responders, which provide access to
management data, - Notification originators, which initiate asynchronous messages, - Notification receivers, which process asynchronous messages, and - Proxy forwarders, which forward messages between entities.
Flow diagram of Command Generator and Command Responder
PRIMITIVES BETWEEN MODULES
DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
sendPdu
DISPATCHER
ACCESSCONTROL
SUBSYSTEM
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
sendPdu
APPLICATIONS
prepareOutgoingMessage
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
prepareOutgoingMessage
DISPATCHER
generateRequestMsg
DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
SECURITYSUBSYSTEM DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
generateRequestMsg
MESSAGEPROCESSINGSUBSYSTEM
send / receive
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
send and receive
DISPATCHER
prepareDataElements
DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
prepareDataElements
DISPATCHER
processIncomingMsg
DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
processIncomingMsg
MESSAGEPROCESSINGSUBSYSTEM
processPd
DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
processPdu
DISPATCHER
isAccessAllowed
DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM DISPATCHER
ACCESSCONTROL
SUBSYSTEM
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
isAccessAllowed
APPLICATIONS
returnResponsePdu
DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM DISPATCHER
ACCESSCONTROL
SUBSYSTEM
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
returnResponsePdu
APPLICATIONS
prepareResponseMessage
DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
prepareResponseMessage
DISPATCHER
generateResponseMsg
DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
generateResponseMsg
MESSAGEPROCESSINGSUBSYSTEM
send / receive
DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
send and receive
DISPATCHER
prepareDataElements
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
prepareDataElements
DISPATCHER
processIncomingMsg
DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
SECURITYSUBSYSTEM DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
processIncomingMsg
MESSAGEPROCESSINGSUBSYSTEM
processResponsePdu
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM DISPATCHER
ACCESSCONTROL
SUBSYSTEM
APPLICATIONS
MESSAGEPROCESSINGSUBSYSTEM
SECURITYSUBSYSTEM
Parameters
transportDomaintransportAddress
messageProcessingModel
securityModelsecurityName
securityLevel
contextEngineIDcontextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReferencestatusInformation
sendPduHandle
destTransportDomaindestTransportAddress
outgoingMessageoutgoingMessageLength
wholeMsgwholeMsgLength
pduType
viewTypevariableName
globalDatamaxMessageSize
securityEngineID
scopedPDU
securityParameterssecurityStateReference
processResponsePdu
DISPATCHER
Five areas of network management
Performance management : to quantify, measure, report, analyze and control the performance of network components.
Fault management : to detect, log, notify users of, and (to the extent possible) automatically fix network problems to keep the network running effectively.
Configuration management : to monitor network and system configuration information so that the effects on network operation of various versions of hardware and software elements can be tracked and managed.
Accounting management : to measure network utilization parameters so that individual or group uses on the network can be regulated appropriately.
Security management : to control access to network resources according to local guidelines so that the network cannot be sabotaged and sensitive information cannot be accessed by those without appropriate authorization.
SNMP Message Format
•UDP/TCP Port 161 – SNMP Request/Response Messages
•UDP/TCP Port 162 - SNMP Trap Messages
SNMP uses two well-known ports to operate:
Ethernet Frame
IP Packet
UDP Datagram
SNMP MessageCRC
SNMPv3 defines a security capability to be used in conjunction with SNMPv1 (runs over UDP) or SNMPv2 (also runs over TCP)
SNMP General Message Format Table 211: SNMP Variable Binding Format
Subfield Name Syntax Size (bytes) Description
Object NameSequence of
IntegerVariable
Object Name: The numeric object identifier of the MIB object, specified as a sequence of integers. For example, the object sysLocation has the object identifier 1.3.6.1.2.1.1.6, so it would be specified as “1 3 6 1 2 1 1 6” using ASN.1
Object Value Variable Variable
Object Value: In any type of “get” request, this subfield is a “placeholder”; it is structured using the appropriate syntax for the object but has no value (since the “get” request is asking for that value!)
In a “set” request (SetRequest-PDU) or in a reply message carrying requested data (GetResponse-PDU or Response-PDU), the value of the object is placed here.
NAME 1 VALUE 1 NAME 2 VALUE 2 ••• ••• NAME n VALUE n
PDU TYPE* ERROR
VARIABLE BINDINGSSTATUSREQUEST
IDERRORINDEX
VERSION COMMUNITY SNMP PDU
variable bindings:
SNMP PDU:
SNMP message:
SNMP V1 General Message Format
Table 212: SNMP Version 1 (SNMPv1) General Message Format
Field Name Syntax Size (bytes) Description
Version Integer 4
Version Number: Describes the SNMP version number of this message; used for ensuring compatibility between versions. For SNMPv1, this value is actually 0, not 1.
Community Octet String Variable
Community String: Identifies the SNMP community in which the sender and recipient of this message are located. This is used to implement the simple SNMP.
PDU — VariableProtocol Data Unit: The PDU being
communicated as the body of the message.
General Message Format
SNMP v1 PDU Format
Table 213: SNMP Version 1 (SNMPv1) Common PDU Format
Field Name
SyntaxSize
(bytes)Description
PDU TypeInteger
(Enumerated)4
Request ID
Integer 4
Request Identifier: A number used to match requests with replies. It is generated by the device that sends a request and copied into this field in a GetResponse-PDU by the responding SNMP entity.
Error Status
Integer (Enumerated)
4
Error Index
Integer 4
Error Index: When Error Status is non-zero, this field contains a pointer that specifies which object generated the error. Always zero in a request.
Variable Bindings
Variable Variable
Variable Bindings: A set of name-value pairs identifying the MIB objects in the PDU, and in the case of a SetRequest-PDU or GetResponse-PDU, containing their values..
PDU Format
Table 214: SNMP Version 1 (SNMPv1) Trap-PDU Format
Field Name Syntax Size (bytes) Description
PDU TypeInteger
(Enumerated)4
PDU Type: An integer value that indicates the PDU type, which is 4 for a Trap-PDU message.
EnterpriseSequence of
IntegerVariable
Enterprise: An object identifier for a group, which indicates the type of object that generated the trap.
Agent Addr NetworkAddress 4
Agent Address: The IP address of the SNMP agent that generated the trap. This is of course also in the IP header at lower levels but inclusion in the SNMP message format allows for easier trap logging within SNMP. Also, in the case of a multihomed host, this specifies the preferred address.
Generic TrapInteger
(Enumerated)4
Generic Trap Code: A code value specifying one of a number of predefined “generic” trap types.
Specific Trap Integer 4Specific Trap Code: A code value indicating an
implementation-specific trap type.
Time Stamp TimeTicks 4
Time Stamp: The amount of time since the SNMP entity sending this message last initialized or reinitialized. Used to time stamp traps for logging purposes.
Variable Bindings
Variable VariableVariable Bindings: A set of name-value pairs
identifying the MIB objects in the PDU.
Trap-PDU Format
SNMP V1 Trap- PDU Format
SNMP v2 Message Format
SNMPv2 Get, GetNext, Inform, Response, Set, and Trap PDUs Contain the Same Fields
The SNMPv2 GetBulk PDU
SNMP v3 General Message Format
SNMP v3 General Message Format
Table 221: SNMP Version 3 (SNMPv3) General Message Format
Field Name
SyntaxSize
(bytes)Description
Msg Version
Integer 4Message Version Number: Describes the SNMP version number of this message; used for ensuring compatibility between versions. For SNMPv3, this value is 3.
Msg ID Integer 4
Message Identifier: A number used to identify an SNMPv3 message and to match response messages to request messages. The use of this field is similar to that of the Request ID field in the PDU format, but they are not identical. This field was created to allow matching at the message processing level regardless of the contents of the PDU, to protect against certain security attacks. Thus, Msg ID and Request ID are used independently.
Msg Max Size
Integer 4Maximum Message Size: The maximum size of message that the sender of this message can receive. Minimum value of this field is 484.
Msg Flags
Octet String
1
Msg Security Model
Integer 4Message Security Model: An integer value indicating which security model was used for this message. For the user-based security model (the default in SNMPv3) this value is 3.
Msg Security
Parameters
— Variable
Message Security Parameters: A set of fields that contain parameters required to implement the particular security model used for this message. The contents of this field are specified in each document describing an SNMPv3 security model. For example, the parameters for the user-based model are in RFC 3414.
Scoped PDU
— Variable
Security services
Data Integrity is provision of the property that data or data sequences has not been altered or destroyed in an unauthorized manner.
Data Origin Authentication is the provision of the property that the claimed identity of the user on whose behalf received data was originated is corroborated.
Data Confidentiality is the provision of the property that information is not made available or disclosed to unauthorized individuals, entities, entities, or processes.
Message timeliness and limited replay protection is the provision of the property that a message whose generation time is outside of a specified time window is not accepted.
Performance and Security Issues
Modification of Information The modification threat is the danger that some unauthorized entity may alter in-transit
SNMP messages generated on behalf of an authorized principal in such a way as to effect unauthorized management operations, including falsifying the value of an object.
MasqueradeThe masquerade threat is the danger that management operations not authorized for some user may be attempted by assuming the identity of another user that has the appropriate authorizations.
DisclosureThe disclosure threat is the danger of eavesdropping on the exchanges between managed agents and a management station. Protecting against this threat may be required as a matter of local policy.
Message Stream ModificationThe SNMP protocol is typically based upon a connection-less transport service which may operate over any sub-network service. The re-ordering, delay or replay of messages can and does occur through the natural operation of many such sub-network services.The message stream modification threat is the danger that messages may altered, in order to effect unauthorized management operations.
Extensions (SNMPv2 protocol)
Two new protocol operations have been added in SNMPv2 SNMPv2. “Get-bulk-request” supports efficient transfer of large amount of MIB data, and “Inform-request” enables a manager to inform another manager of significant events.
The main problems of the SNMPv1 SNMPv1 are the authentication of the message source, protecting these message from disclosure and placing access controls on MIB database. Those problems are solved in SNPM v2SNPM v2 by changing the format of SNMP PDUs.
In SNMPv1SNMPv1, traps had a different format than all of the other PDUs. SNMPv2SNMPv2 simplify traps by giving them the same format as the get and set PDUs.
In SNMPv1SNMPv1, if too much data are asked in an ordinary get-request you receive a message "too big" error message without data. In SNMPv2SNMPv2 “Get-bulk-request” allows you to retrieve a lot of information and will receive as much data as it is possible in your response message.
In SNMPv2SNMPv2, if a multiple requested value, in a get-request, one is not valid or does not exist, there will be answers for the other request that have been well dealt. Whereas for SNMPv1SNMPv1, no response at all was given, only the error message.
SNMPv2SNMPv2 security framework deals with the problem of the authentication of the message sender, its contents and the eavesdropper problems. It also supports the use of authentication protocol to identify the sources reliability and to prevent message modification. It also supports the use of encryption to keep messages privacy. SNMPv1SNMPv1 don’t have all these security features.
SNMP Security
Security in SNMP versions SNMPv1 uses plain text community strings for authentication as plain text
without encryption SNMPv2 was supposed to fix security problems, but effort de-railed. SNMPv3 has numerous security features:
• Ensure that a packet has not been tampered with (integrity), • Ensures that a message is from a valid source (authentication) • Ensures that a message cannot be read by unauthorized (privacy).
SNMP has three security levels for: Monitoring ( no authentication / no privacy) : Authentication with matching
a user name Control (authentication / no privacy) : Authentication with MD5 or SHA
message digests. Downloading secrets (authentication / privacy) : Authentication with MD5
or SHA message digests, and encryption with DES encryption.
SNMP GUI OpenView Severity Levels
Severity Color ------------------------------------------------------------------- Unknown Blue Normal Green Warning Cyan Minor Yellow Major Orange Critical Red
Conclusions Standardized universally supported extendible portable allows distributed management access lightweight protocol
Review Questions
1. What are the components in network management architecture and define them?
slide 5-7
2. What are MIBs, and how are they accessed?
slide 9
3. What are the types of messages between SNMP manager and agent?
slide 25
References
http://www.faqs.org/rfcs/ http://www.ietf.org/rfcs/ http://www.icg.isy.liu.se/courses/tsin02-ici/
slides/11_Snmp-v3.pdf http://www.dpstele.com/layers/l2/snmp_l2_
tut_part1.html http://www.cisco.com/warp/public/535/3.ht
ml
THANK YOU