Simple Network Simple Network Management ProtocolManagement Protocol

Week 6Week 6

MIB data is input in encoded form.MIB data is input in encoded form. Information is then compiled into the Information is then compiled into the

central MIB in the NCS.central MIB in the NCS.

NetworkControl Station

BridgeRouter

Router

Manageable Devices

ProxiesProxies Many devices to be managed do not Many devices to be managed do not

support appropriate protocols (UDP and support appropriate protocols (UDP and IP). Devices that were not intended to IP). Devices that were not intended to operate in a TCP/IP environment (eg operate in a TCP/IP environment (eg bridges and modems) or for which full bridges and modems) or for which full management support is not preferable management support is not preferable (PCs, workstations, etc) may use a proxy.(PCs, workstations, etc) may use a proxy.

A proxy may function for one or many of A proxy may function for one or many of these devices.these devices.

Manager process

SNMP

UDP

IP

Network Interface

Agent process

SNMP

UDP

IP

Network

Interface

Protocolarchitectureused byproxied device

Protocolarchitectureused byproxied deviceNetwork

Interface

Network

Interface

Mgt Process

Mapping functionManagement Station

Proxy Agent

Proxied Device

SNMP - Simple Network Management ProtocolSNMP - Simple Network Management Protocol

How do NCSs receive or send How do NCSs receive or send management information?management information?

Messages are sent using SNMP Messages are sent using SNMP Protocol Data Units (PDUs)Protocol Data Units (PDUs)

Version Community SNMP PDU

SNMP MESSAGE

PDU Type request-id 0 0 variablebindings

GetRequest PDU, GetNextRequest PDU,SetRequest PDU

PDU Type request-id error- error- variablebindings status index

GetResponse PDU

PDU enterprise agent- generic- specific- time- variable-Type addr trap trap stamp bindings

Trap PDU

Name1 value1 ……. namen valuen

variablebindings

Operations performed on objects:Operations performed on objects:

Get, Set and Trap.Get, Set and Trap. Note that it is not possible to request Note that it is not possible to request

operations to be performed, just to operations to be performed, just to request a change to the state of a request a change to the state of a value associated with an object.value associated with an object.

1212

Manager Agent Manager Agent

Get values Get next values

Set values Send trap

GetRequest PDU GetNextRequest PDU

GetResponse PDU GetResponse PDU

GetResponse PDU

SetRequest PDUTrap PDU

SNMP Message TransmissionSNMP Message Transmission

PDU is constructed using ASN.1PDU is constructed using ASN.1 PDU may be passed to an PDU may be passed to an

authentication serviceauthentication service Message is then constructedMessage is then constructed ASN.1 object encoded and passed to ASN.1 object encoded and passed to

transport servicetransport service

SNMP Message ReceptionSNMP Message Reception

Message syntax is checked and is Message syntax is checked and is discarded if unable to parsediscarded if unable to parse

Message version number is checked Message version number is checked and discarded if there is a mismatchand discarded if there is a mismatch

SNMP Message ReceptionSNMP Message Reception

Authentication is attempted:Authentication is attempted:– If authentication fails, trap is issuedIf authentication fails, trap is issued– If authentication succeeds, PDU is then If authentication succeeds, PDU is then

examinedexamined PDU syntax is checked and discarded PDU syntax is checked and discarded

if fails to parseif fails to parse SNMP operation is performedSNMP operation is performed

Variable Bindings Variable Bindings

For multiple-object requests and For multiple-object requests and responses, all values for the scalar responses, all values for the scalar objects in a particular group from a objects in a particular group from a particular agent may be transferred particular agent may be transferred in the one PDUin the one PDU

GetRequest PDUGetRequest PDU

Control station may generateControl station may generate Type = GetRequestType = GetRequest request-id = unique identifier for request-id = unique identifier for

each outstanding request (correlate each outstanding request (correlate requests, ignore duplicates)requests, ignore duplicates)

variablebindings = list of object variablebindings = list of object instances for which values are instances for which values are requestedrequested

GetRequest PDUGetRequest PDU

Request to read value(s) from Request to read value(s) from objects within the managed device.objects within the managed device.

GetNextRequest PDUGetNextRequest PDU

Type = GetNextRequestType = GetNextRequest request-id = unique identifier for request-id = unique identifier for

each outstanding request (correlate each outstanding request (correlate requests, ignore duplicates)requests, ignore duplicates)

variablebindings = list of object variablebindings = list of object instances for which next the value in instances for which next the value in order are requestedorder are requested

GetNextRequest PDUGetNextRequest PDU

Permits the requesting of a series of Permits the requesting of a series of values in order.values in order.

May allow the request of values for May allow the request of values for unknown objectsunknown objects

SetRequest PDUSetRequest PDU

Type = SetRequestType = SetRequest request-id = unique identifier for request-id = unique identifier for

each outstanding request (correlate each outstanding request (correlate requests, ignore duplicates)requests, ignore duplicates)

variablebindings = list of object variablebindings = list of object instances for which next the value in instances for which next the value in order are requestedorder are requested

SetRequest PDUSetRequest PDU

Request to write value(s) to objects Request to write value(s) to objects in a managed device.in a managed device.

Trap PDUTrap PDU

Agent notification of a significant event.Agent notification of a significant event. PDU Type = Trap PDUPDU Type = Trap PDU enterprise = management subsystem enterprise = management subsystem

that generated the trapthat generated the trap agent-addr = IP address of the object agent-addr = IP address of the object

generating the trapgenerating the trap generic-trap = type of trapgeneric-trap = type of trap specific-trap = nature of the trapspecific-trap = nature of the trap

Trap PDUTrap PDU

time-stamp = time between last init time-stamp = time between last init of device and the generation of the of device and the generation of the traptrap

variablebindings = additional info variablebindings = additional info relating to the traprelating to the trap

No response is expected to this No response is expected to this message.message.

PDU LossPDU Loss

Since all sets and gets have a Since all sets and gets have a response returned, if this does not response returned, if this does not return within a given time period it return within a given time period it can be assumed that the response can be assumed that the response was lost. Repeat messages may be was lost. Repeat messages may be sent until management station gives sent until management station gives up (agent is down or unreachable).up (agent is down or unreachable).

PDU LossPDU Loss

Trap message loss will not be Trap message loss will not be detected. Thus traps should be used detected. Thus traps should be used for early warning of a significant for early warning of a significant event, not as the only indication of event, not as the only indication of an event of significance.an event of significance.

SNMP GetRequest for data item SNMP GetRequest for data item sysDescrsysDescr

Selection of a Management StationSelection of a Management Station

Features:Features: Extended MIB supportExtended MIB support Intuitive InterfaceIntuitive Interface Automatic DiscoveryAutomatic Discovery Programmable EventsProgrammable Events Advanced Network ControlAdvanced Network Control OO ManagementOO Management Custom IconsCustom Icons

PollingPolling

To obtain information from manageable To obtain information from manageable devices, an NCS must perform devices, an NCS must perform GetRequest and GetNextRequest GetRequest and GetNextRequest operations. operations.

The management station polls the The management station polls the devices for the requested information.devices for the requested information.

The NCS must regularly poll devices to The NCS must regularly poll devices to obtain an up-to-date view of the network obtain an up-to-date view of the network conditions (congestion, device failure, conditions (congestion, device failure, etc).etc).

PollingPolling The load on the management station The load on the management station

may be significant if the number of may be significant if the number of polled devices is large.polled devices is large.

Also, the network load due to polling Also, the network load due to polling traffic may be excessive.traffic may be excessive.

The balance between loading and up-The balance between loading and up-to-date information is not easy to to-date information is not easy to compute.compute.

Trap directed Polling may limit trafficTrap directed Polling may limit traffic

SNMPv2SNMPv2

In SNMPv1 community variable being In SNMPv1 community variable being sent in set messages means that sent in set messages means that systems could be attacked at any systems could be attacked at any opportunity.opportunity.

New data structures where added.New data structures where added.

SNMPv3SNMPv3

AuthenticationAuthentication TimelinessTimeliness PrivacyPrivacy Discovery (from other SNMP engines)Discovery (from other SNMP engines) Key ManagementKey Management

WINSNMPWINSNMP

Microsoft and associated partners Microsoft and associated partners have developed support for SNMP in have developed support for SNMP in Windows Operating Systems via an Windows Operating Systems via an engine designed to support SNMP engine designed to support SNMP protocols. protocols.

Many developers have provided 16 Many developers have provided 16 and 32-bit WINSNMP.DLL support.and 32-bit WINSNMP.DLL support.

Programming for SNMP Programming for SNMP

management can be in any language management can be in any language that supports calls to the DLL via that supports calls to the DLL via libraries or via function calls.libraries or via function calls.

Examples Examples Ref: Optivity SNMP Debugging for Dummies, Bay NetworksRef: Optivity SNMP Debugging for Dummies, Bay Networks

So let’s put the information absorbed So let’s put the information absorbed so far into an example. If you were to so far into an example. If you were to write the complete path to the write the complete path to the mgmtmgmt node, you would write it as:node, you would write it as:

iso(1) org(3) dod(6) internet(1) iso(1) org(3) dod(6) internet(1) mgmt(2)mgmt(2)

which is equivalent to the numerical which is equivalent to the numerical OID string of:OID string of:

.1.3.6.1.2.1.3.6.1.2

ExamplesExamples

These 5 groups are mandatory for These 5 groups are mandatory for any SNMP manageable object:any SNMP manageable object:

system(1)system(1) interfaces(2) at(3) interfaces(2) at(3) ip(4) icmp(5)ip(4) icmp(5)

A MIB-II compliant SNMP agent may A MIB-II compliant SNMP agent may support more groups than these five, support more groups than these five, but it is expected to support at least but it is expected to support at least these five groups.these five groups.

ExamplesExamples Let’s call the combination of agent and object an “entity” for Let’s call the combination of agent and object an “entity” for

simplicity’s sake. Here are some (but not all) of the objects in this simplicity’s sake. Here are some (but not all) of the objects in this group:group:

sysDescr(1)sysDescr(1) - - A description of the entity in somewhat “human” A description of the entity in somewhat “human” terms. This description may contain some very good information. terms. This description may contain some very good information. Then again, it may not. Then again, it may not.

sysObjectID(2)sysObjectID(2) - A complete OID string defined by the vendor - A complete OID string defined by the vendor who created the entity. This object is used extensively by Optivity who created the entity. This object is used extensively by Optivity (and other SNMP applications) to quickly identify what kind of (and other SNMP applications) to quickly identify what kind of SNMP agent the application is talking to.SNMP agent the application is talking to.

sysUpTime(3)sysUpTime(3) - Hey! This is the MIB object of our example. Go - Hey! This is the MIB object of our example. Go back and read the DESCRIPTION to see what this object does.back and read the DESCRIPTION to see what this object does.

sysContact(4)sysContact(4) - This object could possibly contain the name of - This object could possibly contain the name of the person locally responsible for the entity. Many times, this field the person locally responsible for the entity. Many times, this field will be blank. It may be blank because no one remembered to set will be blank. It may be blank because no one remembered to set a value for it. It might be blank because no one really wants to a value for it. It might be blank because no one really wants to take responsibility for the entity.take responsibility for the entity.

The other objects in this group may be blank as well, since they The other objects in this group may be blank as well, since they represent things like the represent things like the Name Name and and LocationLocation of the entity. of the entity.

ExamplesExamples

The complete path to the The complete path to the sysUpTime(3)sysUpTime(3) object is: object is:

iso(1) org(3) dod(6) internet(1) iso(1) org(3) dod(6) internet(1) mgmt(2) mib(1) system(1) mgmt(2) mib(1) system(1) sysUpTime(3)sysUpTime(3)

oror .1.3.6.1.2.1.1.3.1.3.6.1.2.1.1.3

ExamplesExamples

.1.3.6.1.2.1.1.1.3.6.1.2.1.1

which is equivalent to which is equivalent to iso(1) org(3) dod(6) internet(1) mgmt(2) iso(1) org(3) dod(6) internet(1) mgmt(2)

mib(1) system(1)mib(1) system(1)

when queried, it would return the value forwhen queried, it would return the value for sysDescrsysDescr, , sysObjectIDsysObjectID, , sysUpTimesysUpTime, ,

sysContactsysContact, and all the other objects , and all the other objects within the within the system(1)system(1) node. node.

ExampleExample Each MIB object also has what is called an Each MIB object also has what is called an

instanceinstance. . Imagine a router - a device with multiple Imagine a router - a device with multiple network interfaces. There exists a MIB object network interfaces. There exists a MIB object that contains information about the type of that contains information about the type of interface(s) used by an entity (where in this interface(s) used by an entity (where in this case, the entity is a router). This MIB object is:case, the entity is a router). This MIB object is:

iso(1) org(3) dod(6) internet(1) mgmt(2) iso(1) org(3) dod(6) internet(1) mgmt(2) mib(1) interfaces(2) ifTable(2) ifEntry(1) mib(1) interfaces(2) ifTable(2) ifEntry(1) ifType(3)ifType(3)So in our example, we have four instances:So in our example, we have four instances:

ifType.1, ifType.2, ifType.3, and ifType.4.ifType.1, ifType.2, ifType.3, and ifType.4.

Common ProblemsCommon ProblemsRef: Optivity SNMP Debugging for Dummies, Bay NetworksRef: Optivity SNMP Debugging for Dummies, Bay Networks

The agent is not responding to any The agent is not responding to any network requests at all, or the network requests at all, or the network that the agent is on is not network that the agent is on is not reachable. You can quickly check reachable. You can quickly check this by attempting to this by attempting to pingping the device the device in question.in question.

The request sent used an The request sent used an SNMP SNMP Community stringCommunity string to which the agent to which the agent was not authorized to respond. was not authorized to respond.

Common ProblemsCommon Problems

Beware of Beware of pingping- uses a different transport to SNMP- uses a different transport to SNMP

TCP traffic may be getting through TCP traffic may be getting through whilst UPD based is getting droppedwhilst UPD based is getting dropped- traffic congestion- traffic congestion

Use MIB browser (if SNMP traffic is ok)Use MIB browser (if SNMP traffic is ok)- Sun package is under Solstice Suite of - Sun package is under Solstice Suite of Management Utilities, or snmpwalkManagement Utilities, or snmpwalk

Common ProblemsCommon Problems

Network Management System (NMS) Network Management System (NMS) reporting incorrect network utilisation – reporting incorrect network utilisation – Debug.Debug.

The first basic step is to determine if the The first basic step is to determine if the agent itself is the source of this agent itself is the source of this misinformation. misinformation. Once this has been established, the issue Once this has been established, the issue becomes much more defined and easier to becomes much more defined and easier to debug.debug.

Common ProblemsCommon Problems

How to find in which MIB a particular How to find in which MIB a particular MIB object resides. Once you have MIB object resides. Once you have the name of the MIB object (which the name of the MIB object (which you figured out by referencing you figured out by referencing snpx.nnnsnpx.nnn), all you have to do is use ), all you have to do is use the the grepgrep command. command.

$ cd /mibs/mibs/s5000$ cd /mibs/mibs/s5000 $ grep s5AgInfoCurDfltGwAddr *.mib$ grep s5AgInfoCurDfltGwAddr *.mib

Common ProblemsCommon Problems You can also use this method to look for a MIB object You can also use this method to look for a MIB object

that youthat you think think might exist. For example, someone asks might exist. For example, someone asks you if there is a MIB object for the you if there is a MIB object for the NNext ext AActive ctive UUpstream pstream NNeighbor (eighbor (NAUNNAUN) during a beacon condition ) during a beacon condition on a Token Ring network made up of System 5000 hubs on a Token Ring network made up of System 5000 hubs (5510 NMMs). So, the first step would probably be to (5510 NMMs). So, the first step would probably be to grepgrep for “Beacon” within the System 5000 mibs. for “Beacon” within the System 5000 mibs.

$ cd /mibs/mibs/s5000$ cd /mibs/mibs/s5000 Scanning through this output, you should notice the line:Scanning through this output, you should notice the line: s5tok121.mib:s5tok121.mib: s5TrRingInfoBeaconNaun MacAddress,s5TrRingInfoBeaconNaun MacAddress, This tells us that the This tells us that the s5tok121.mibs5tok121.mib file contains a file contains a

reference to something called an reference to something called an “s5TrRingInfoBeaconNaun”. This sounds like a pretty “s5TrRingInfoBeaconNaun”. This sounds like a pretty close match. close match.