Internet Network Management

About This Presentation

Title:

Internet Network Management

Description:

specify the kinds of accounting information to be recorded at various nodes ... NMA is a collection of software for performing network monitoring and control ... – PowerPoint PPT presentation

Number of Views:174

Avg rating:3.0/5.0

Slides: 171

Provided by: dpnmPos

Category:

more less

Transcript and Presenter's Notes

Title: Internet Network Management

1
InternetNetwork Management
J. Won-Ki Hong DPNM Lab. Dept. of Computer
Science and Engineering POSTECH, Pohang
Korea Tel 82-562-279-2244 Email
jwkhong_at_postech.ac.kr http//dpnm.postech.ac.kr/
(1)
2
Contents

Overview of Network Management
Internet Network Management Framework
ASN.1 BER
CASE Diagrams
SNMPv1, RMON, SNMPv2, SNMPv3
Summary
References

3
Overview of Network Management

Todays Networks
Network Management Requirements
Network Management Systems
NMS Software Architecture
Distributed Network Management
Proxy Agent
Standard Management Frameworks

4
Todays Networks
SDH
FDDI
Access Networks
ATM
Token Ring
PCS
SS7
PSDN
WANs
Fast Ethernet
PSTN
Gigabit Ethernet
ISDN
B-ISDN
IN/AIN
Ethernet
Computer Networks
Telecom Networks
5
NM Users Requirements

Controlling corporate strategic assets
effective control of network computing
resources
Controlling complexity
continued growth of devices, users, applications
protocols
Improving service
users expect better service with increased
resources
Balancing various needs
must assign and control resources to balance
various needs
Reducing downtime
more users and applications depend on
availability
Controlling costs
effective resource utilization in order to
control costs

6
NM Functional Requirements

Fault Management
detection, isolation and correction of abnormal
operations
Configuration Management
identify managed resources and their
connectivity, discovery
Accounting Management
keep track of usage for charging
Performance Management
monitor and evaluate the behavior of managed
resources
Security Management
allow only authorized access and control

7
Fault Management

concerned with
providing a reliable networking environment
ensuring that the systems as a whole, and each
essential component individually, are in proper
working order
redundant components and routes can be used to
increase fault tolerance
when a fault occurs, the manager should be able
to
determine exactly where the fault (i.e., abnormal
condition) is
isolate the rest of the network from failure
reconfigure or modify the network for continued
operation
repair or replace the failed components to
restore the network

8
Configuration Management

concerned with
initializing shutting down part or all of the
network
maintaining, adding and updating the
relationships among components
monitoring the status of components during
network operation
the network manager should be able to
startup and shutdown operations on a network
identify the components that comprise the network
(discovery)
change the connectivity of the components
(possibly as a result of network upgrade, fault
recovery or security checks)
detect changes in the network configuration

9
Accounting Management

concerned with
keeping track of the usage of network resources
charging the use of network resources
monitoring the end-user activities for possible
abuse, for suggesting better usage to users and
for network planning
the manager should be able to
specify the kinds of accounting information to be
recorded at various nodes
specify the algorithms to be used in calculating
the charging
generate accounting reports

10
Performance Management

concerned with
providing an efficient communication environment
monitoring and analyzing the performance of the
components
making proper adjustments to improve network
performance
the manager should be able to
determine the capacity utilization, throughput,
the average and worst-case response times
monitor and gather data on the activities of
components
analyze the gathered data and assess performance
levels
determine the sources of performance problems
fix them
use the performance stats for future network
planning

11
Security Management

concerned with
providing a secure networking environment
preventing hacking, illegal and unauthorized
access
managing information protection and
access-control facilities
the manager should be able to
generate, distribute and store encryption keys
maintain and distribute passwords and other
authorization or access-control information
monitor and control access to networks
collect, store and examine audit records and
security logs
enable disable the logging facilities

12
Network Management Systems

A network management system (NMS) is a collection
of tools for network monitoring and control
based on the manager-agent paradigm
the manager sends mgmt requests to one or more
agents
an agent performs requested operation and returns
results
when agents detect faults and they report to the
manager
NMS typically provides a GUI through which most
or all management tasks can be performed
Many commercial and freely available NMSs exist
HP OpenView, IBM NetView, Sun Net Manager, etc.
research prototypes from CMU, MIT, UC Davis, U.
of Twente

13
(No Transcript)
14
Elements of a NMS
15
Network Management Entity (NME)

NME is a collection of software devoted to the
network management tasks
is typically known as an management agent
Each NME performs the following tasks
collects statistics on network-related activities
stores statistics locally
responds to commands from the network manager,
including commands to
transmit collected stats to network manager
change an attribute value
provide status information
generate artificial traffic to perform a test

16
Network Mgmt Application (NMA)

NMA is a collection of software for performing
network monitoring and control
is typically known as network manager
NMA provides an operator interface to allow an
authorized user to manage the network
NMA responds to user commands by displaying
information and/or issuing commands to NMEs
Standard protocols (e.g., SNMP, CMIP) are used to
manage a multi-vendor network
there may be more than one NMA in a large network
which can lead to the need of a hierarchy of
managers (e.g., top level manager, middle level
managers, etc.)

17
NM Software Architecture

User Presentation Software
interfaces between user and NM software
a unified user interface desirable
includes graphical tools to display summarized NM
information
Network Management Software
a set of NM applications (configuration,
performance, etc.)
a set of application elements (alarm handling,
logging, etc.)
NM data transport service
Communication and Database Support Software
local Management Information Base (MIB) access
module
communications protocol stack (e.g., TCP/IP, OSI)
to interact with remote agents and managers

18
Architectural Model of NMS
19
Distributed Network Management

Resources to be managed are widely distributed
widespread use of departmental LANs
need for local control optimization of
distributed applications
Hierarchical NM architecture desirable
distributed NMSs are given limited access for
network monitoring and control of departmental
resources
top-level NMS has a global access rights and the
ability to manage all network resources
Benefits of Distributed NM
NM traffic overhead is minimized - traffic is
localized
Dist. mgmt offers greater scalability
use of multiple NMSs eliminates the single point
of failure

20
Typical Dist. Mgmt System Architecture
21
Proxy Agents

Managed resources may have various mgmt
interfaces
some with different mgmt protocols (e.g., OSI vs.
SNMP)
some with proprietary mgmt interfaces (e.g.,
older systems)
small systems not capable of possessing NME
(e.g., modems)
Proxy agents are used to manage these devices
managers use standard protocols to communicate
with proxies
proxy agents use proprietary protocols to
communicate with proprietary devices
proxy agents perform translations between
managers and proprietary devices
an agent to the manager and a manager to
proprietary devices

22
Proxy Agent Architecture
23
Standard Mgmt Frameworks

Internet Network Management Framework (IETF)
SNMPv1, SNMPv2, SNMPv3
OSI Network Management Framework (ISO/ITU-T)
CMIP (X.700 Series)
Telecommunication Management Network (ITU-T)
TMN (M.3000 Series)
Distributed Management Task Force (DMTF)
DMI, CIM, WBEM

24
Summary of NM Overview

Network Management Requirements
Users Requirements
Functional Requirements (FCAPS)
Network Management Systems
Network Management Entity (NME)
Network Management Application (NMA)
NMS Software Architecture
Distributed Network Management
Proxy Agent
Standard Management Frameworks

25
Intro to Internet Network Management

Background
Origins of Internet
Origins of Internet Network Management
Evolution of SNMP
SNMP Standards and RFCs
SNMP Basic Concepts
Network Management Architecture
SNMP Protocol Architecture
Proxies

3
26
Internet Network Management

Also referred to as SNMP-based Network Management
Simple Network Management Protocol (SNMP) is
often referred to as the Internet Network
Management Framework which includes
management architecture
structure of management information
management protocol
plus related concepts...
Most widely used in computer communication
networks
Internet Engineering Task Force (IETF) is
responsible for SNMP standardization

3
27
Origins of Internet

ARPANET (formed by US DoD, 1969) connecting four
geographically separated computers in US
23 computers in ARPANET (1971)
Computers in UK and Norway were connected (1973)
TCP/IP protocol suite as ARPANETs standard
protocol (late 70s)
TCP/IP as NFSNETs standard protocol (1984)
Continued growth throughout the 80s, 90s and
00s
Need for the management of rapidly growing
Internet!

3
28
Origins of Internet NM

Internet Control Message Protocol (ICMP)
until late 70s, e.g., Ping utility
Simple Gateway Monitoring Protocol (SGMP) - 1987
High-level Entity Management System (HEMS)
generalized version of Host Monitoring Protocol
(HMP)
SNMP
enhanced version of SGMP
originally as an interim solution but it has
found its place - very widely deployed
CMIP over TCP/IP (CMOT)
long-term solution
did not go very far

3
29
Evolution of SNMP

SNMPv1
draft came out in 1988 and became full Internet
standard in 1990
most workstations, bridges, routers, switches and
hubs are now equipped with SNMP agent
many resource MIBs (e.g., systems applications)
have been defined
RMON (1995)
Remote Monitoring, extends the SNMPv1 MIB and
functions
SNMPv2
attempted to improve the deficiencies of SNMPv1
several versions have appeared and became
obsolete
some RFCs obtained full standard, others will not
likely become obsolete
SNMPv3
internet drafts came out in Feb. 1998
currently Draft Standard --- standardization
still continues.

3
30
IETF Standardization Process

IETF forms a working group (WG) for a specific
task
WG generates one or more internet drafts (ID)
ID document can follow one of three tracks
(1) standards track, (2) informational, (3)
experimental
Internet documents are published as RFCs
Internet Proposed Standard
Internet Draft Standard
Internet Full Standard
Other status
Obsolete a document that is replaced by an
updated version
Historic a document that is retired
The latest status on IETF NM RFCs can be found
from http//wwwsnmp.cs.utwente.nl/ietf/rfc/rfcbyst
atus.shtml

3
31
SNMP Protocol RFCs
3
32
SNMPv1 Standards
3
33
SNMP NM Architecture

The manager resides in Network Management Station
(NMS) while the agent resides in the managed
Network Node
The manager requests the agent to perform Set and
Get operations on the variables in the Management
information Base (MIB)
By means of traps the agent occasionally notifies
the manager about some events related to network
operation

Networked Node
Networked Node
2
34
SNMP Protocol Architecture
2
35
The Role of SNMP
2
36
SNMP Proxy Agent
Proxy agent
Management station
Proxied device
Mapping function
Management process
Manager process
Agent process
SNMP
SNMP
Protocol architecture used by proxied device
Protocol architecture used by proxied device
UDP
UDP
IP
IP
Network-dependent protocols
Network-dependent protocols
Network-dependent protocols
Network-dependent protocols
2
37
What will be covered next...

Structure of Management Information
Abstract Syntax Notation 1 (ASN.1)
MIB Definitions
Standard SNMP MIBs
SNMP Operations
Developing MIBs
etc.

3
38
ASN.1 BER

Abstract Syntax Notation One (ASN.1)
Overview
Properties Restrictions
Type and Value Definitions
ASN.1 Simple Types
ASN.1 Structured Types
ASN.1 Macro Definitions
Basic Encoding Rules (BER)
Overview
Tags, Lengths Values
Encoding Examples

39
Overview of ASN.1

a machine independent data description language
CCITT (X.208) and ISO (ISO 8824) standard
define abstract syntax of application data
define the structure of application and
presentation protocol data units (PDUs)
define SNMP and OSI Management Information Base
(MIB)

40
ASN.1 Terminology

Abstract Syntax
describes the generic structure of data
allows data types and values to be defined
Data Type
a named set of values -- may be simple or
structured
Encoding
sequence of octets used to represent a data value
Encoding Rules
specifies the mapping from one syntax to another
Transfer Syntax
describes how data are actually represented in
terms of bit patterns while in transit

41
Abstract Transfer Syntaxes
42
ASN.1 Module Definition

ltmodulenamegt DEFINITIONS
BEGIN
EXPORTS
IMPORTS
AssignmentList
END

43
Lexical Conventions

Comments begin with two hyphens (--) and
terminated either by another set (--) or the
end of line character
Identifiers begin with a letter, and may contain
letters, digits, and hyphens, but may not end
with a hyphen or contain two consecutive hyphens
The type identifier must start with an uppercase
letter
The value identifier must start with a lowercase
letter
Reserved keywords are all uppercase
Multiple spaces and blank lines can be considered
as a single space

44
Categories of Data Types

Simple (Primitive)
atomic types, with no components
Structured
types with components
Tagged
types derived from other types
Other
CHOICE or ANY types
Every ASN.1 data type, with the exception of
CHOICE and ANY types, has an associated TAG

45
Classes of TAG

UNIVERSAL
Built-in types, application independent types
APPLICATION
Application specific types
CONTEXT-SPECIFIC
limited to a context within an application
PRIVATE
defined by users and not covered by any standard

46
ASN.1 Simple Types

INTEGER
the positive and negative whole numbers,
including zero
OCTET STRING
a sequence of zero or more octets (8-bit bytes)
OBJECT IDENTIFIER
the set of values associated with information
objects allocated by the standard
NULL
the single value NULL
Other ASN.1 simple types include boolean, bit
string, real, enumerated, PrintableString, etc.

47
ASN.1 Structured Types

SET
a collection of one or more types
SET OF
a collection of zero or more occurrences of a
given type
SEQUENCE
an ordered collection of one or more types
SEQUENCE OF
an ordered collection of zero or more occurrences
of a given type
CHOICE
a list of alternatives

48
ASN.1 Example
Informal Description of Personnel Record

Name James W Hong
Title Associate Professor
Employee Number 20292
Date of Hire May 26, 1995
Name of Spouse In-Young B Hong
Number of Children 2
Child Information
Name Suk D Hong
Date of Birth 29 March 1988
Child Information
Name Myungdo M Hong
Date of Birth 10 August 1994

49
ASN.1 Description of the Record Structure

PersonalRecord APPLICATION 0 IMPLICIT SET
Name,
title 0 VisibleString,
number EmployeeNo,
dateOfHire 1 Date,
nameOfSpouse 2 Name,
children 3 IMPLICIT SEQUENCE OF ChildInfo
DEFAULT
ChildInfo SET
Name,
dateOfBirth 0 Date
Name APPLICATION 1 IMPLICIT SEQUENCE
givenName VisibleString,
initial VisibleString,
familyName VisibleString
EmployeeNo APPLICATION 2 IMPLICIT INTEGER

50
ASN.1 Description of a Record Value

givenName James, initial W,
familyName Hong,
title Associate Professor
number 20292
dateOfHire 19950526
nameOfSpouse givenName In-Young, initial
B,
familyName Hong,
children
givenName Suk, initial D,
familyName Hong,
dateOfBirth 19880329,
givenName Myungdo, initial M,
familyName Hong,
dateOfBirth 19940810

51
ASN.1 Macro Definitions

ASN.1 macro notation can be used to extend the
syntax of ASN.1 to define new types and values
a macro definition is expressed in the macro
notation and used to define a set of macro
instances
a macro instance is generated from a macro
definition by substituting values for variables
the macro is used to extend the ASN.1 syntax but
does not extend the encoding

52
Macro Definition Format

ltmacronamegt MACRO
BEGIN
TYPE NOTATION ltnew-type-syntaxgt
VALUE NOTATION ltnew-value-syntaxgt
ltsupporting-productionsgt
END

53
Macro Definition Example

OBJECT-TYPE MACRO
BEGIN
TYPE NOTATION SYNTAX type (TYPE
ObjectSyntax)
ACCESS Access
STATUS Status
VALUE NOTATION value (VALUE ObjectName)
Access read-only read-write
write-only
not-accessible
Status mandatory optional
obsolete
END

54
Overview of BER

an encoding specification
CCITT (X.209) and ISO (ISO 8825) standard
describes a method for encoding values of each
ASN.1 type as a string of octets
based on the use of a type-length-value (TLV)
structure

Fields of a BER encoded ASN.1 value
55
BER Type Field
56
Tag Values for SNMP Types
57
BER Length Field

two forms of length field exist
short form specified in a single octet
long form specified in multiple octets

58
BER Examples - Integers
What value was encoded?
59
BER Example - Octet String
Value of Octet String encoded is EB069937
60
BER Example - SEQUENCE

Message SEQUENCE
version INTEGER version-1(0) ,
community OCTET STRING
Given the above definition,
what is the BER encoding of
sampleMessage 0, EB069937h ?

61
... and its BER encoding is
62
Summary

We have covered a subset of ASN.1 and BER which
are used in SNMP and OSI Management Frameworks
ASN.1 is widely used in defining application data
and protocol data units
BER is widely used in defining transfer syntaxes
Reference
Stallings, SNMP, SNMPv2, SNMPv3 and RMON 1 and 2,
3rd Edition, Addison-Wesley, Appendix B

63
SNMP Management Information

Structure of Management Information
Overview
Meanings of MIB
SNMP MIB Structure
MIB Object Syntax
Defining MIB Objects
Defining MIB Tables

64
Overview of SNMP SMI

Structure of Management Information (SMI)
RFC 1155 (Full Standard)
defines the general framework for defining SNMP
MIBs
describes how the managed objects (MOs) can be
defined in the MIB, data types and values MOs can
have and how MOs are named
SNMP SMI uses a subset of ASN.1 BER
SNMP MIB can store only simple data types
scalars
2-dimensional arrays of scalars

65
Meanings of MIB

a MIB - a single MO definition
the MIB - the union of all MO definitions
MIB - the actual values of management
information in a system

management information
66
MIB Structure

all MOs are structured hierarchically
Leaf objects in the tree are real MOs
Each MO has an OBJECT IDENTIFIER (OID)

67
Object Identifier (OID)

uniquely identifies an MO in the MIB
internet OBJECT IDENTIFIER
iso(1) org(3) dod(6) 1
can be written as 1 3 6 1 or 1.3.6.1
OID for tcpConnTable is 1.3.6.1.2.1.6.13
iso org dod internet mgmt mib-2 tcp tcpConnTable
1 3 6 1 2 1
6 13
What is the OID for the object ifInOctets? (Hint
see MIB-II interfaces group)

68
Managed Object Syntax

ASN.1 notation is used to define MOs and the
entire MIB structure

Universal Types
INTEGER
OCTET STRING
NULL
OBJECT IDENTIFIER
SEQUENCE
SEQUENCE-OF

Application-wide Types
Networkaddress
Ipaddress
Counter
Gauge
Timeticks
Opaque

69
Defining Managed Objects

the macro definition used for SNMP MIBs was
initially defined in RFC 1155 (SMI) and later
expanded in RFC 1212 (Concise MIB Definition)
RFC 1155 is used for defining MOs in MIB-I
RFC 1212 is used for defining MOs in MIB-II which
is implemented in most SNMP agents today
OBJECT TYPE MACRO definition is used to define
MOs
see Figure 5.3 (Macro for Managed Objects - RFC
1212)
see Figure 5.4 (SMI - RFC 1155)

70
Defining MO Tables

SNMP MIB structure is a simple 2-dimensional
table with scalar-valued entries
A table typically consists of a SEQUENCE OF some
entry
A table entry typically consists of a SEQUENCE
that includes a number of scalar elements
See Figure 5.6 (MIB-II Specification of TCP
Connection Table - RFC 1213)

71
CASE Diagrams SNMP Standard MIB

Case Diagrams
MIB-II

72
CASE Diagrams

a useful tool for developing MIBs
developed by Jeffrey Case in 1989
for many MIB groups, it is necessary to record
the traffic pattern at a particular protocol
layer
must make sure that every PDU received at a layer
or issued from a layer is accounted for,
including valid PDUs and PDUs with various types
of errors
Case Diagrams can be used to describe the flow of
packets within individual layers

73
CASE Diagram Elements

a main path in each direction between the layer
below and a layer above
a horizontal line cutting across a main path
corresponds to a counter that counts all passing
PDUs
an arrow leaving the main path indicates a
counter for an error condition or flow that
results in PDUs not continuing on the main path
an arrow into the main path indicates a counter
for a point where additional PDUs are injected
into the main path

74
Case Diagram - Example
75
Case Diagram Example Counters

InReceives InErrors ReasmReqds ForwPDUs -
ReasmOKs InDelivers
OutSends OutRequests ForwPDUs
- FragOKs FragCreates

76
MIB-II

Internet Full Standard (RFC 1213)
a superset of MIB-I (RFC 1156)
the most important of the MIB specifications,
covering a broad range of managed objects
consists of 10 groups of objects
all objects in MIB-II are mandatory but only
groups applicable to managed devices need to be
implemented
e.g., bridge or router need not implement the tcp
group

77
MIB-II
78
MIB-II Groups
79
MIB-II system Group
80
system Group Objects
81
sysServices Meanings
Service Layer Value
Application 7 64
Transport 4 8
Network 3 4
Data-link 2 2
Physical 1 1
Examples repeater (physical device)
1 bridge (data-link device) 2 router
(network device) 2 4 6 W/S host 64 8
72 PC 64 8 4 76 printer 64
82
Case Diagram for MIB-II interfaces Group
83
MIB Compiler Browser

MIB Compiler
MIB Browser

84
What is MIB Compiler?

Allows a user to compile MIBs using a GUI
checks whether the MIBs written in SMIv1 or SMIv2
defined correctly
Some tools provide MIB editor as well
Example tools
MG Soft MIB Compiler
available from http//www.mg-soft.com
SMIC (SNMP MIB Compiler)
written by David Perkins
Supported on MS-DOS, Windows95, NT, AIX, HP-UX,
Linux, Solaris platforms
available from http//www.snmpinfo.com/sismic.htm

85
What is MIB Browser?

Allows a user to browse MIBs using a GUI
Some browsers can function as an SNMP manager
send SNMP queries to SNMP agents
browse actual MIB in a system
Example tool
MG Soft MIB Browser
Supported on Windows95, NT
available from http//www.mg-soft.com/

86
Snapshot of MG-SOFT MIB Compiler
87
Snapshots of MG-SOFT MIB Browser
88
Remote SNMP Agent Discovery window on a given IP
range, Community string and SNMP port number.
Info window monitoring (using the default OID set
to monitor)
89
Setting value in a Remote SNMP Agent
Tringer-SNMP Trap Notification console.
90
SNMPv1 (RFC 1157)

SNMP Operations
Protocol Specification
Transport-Level Support
Limitations of SNMPv1

91
SNMP Operations

Operations supported in SNMP are the inspection
and modification of variables
GET operation
retrieves management information (values of
scalar objects)
SET operation
updates management information (values on scalar
objects)
TRAP operation
sends unsolicited scalar object values to notify
problems

92
SNMP Operations (contd)

Not possible to change the structure of a MIB
cannot add or delete object instances
No explicit action is supported
Access is provided only to leaf objects in the
MIB tree
not possible to access an entire table or a row
of a table with a single atomic action
These simplify the implementation of SNMP but
limit the capability of the NMS

93
SNMP Security Concepts

Authentication service
agent may wish to limit access to the MIB to
authorized managers
Access policy
agent may wish to give different access
privileges to different managers
Proxy service
agent may act as a proxy to other managed devices
this may require authentication service and
access policy for other managed devices on the
proxy
SNMP provides only a primitive and limited
security capability via the concept of community

94
SNMP Community

is a relationship between an agent and a set of
managers that defines authentication, access
control proxy characteristics
a community is locally defined by the agent
each community is given a unique community name
an agent may establish a number of communities
the community name is needed for all get and set
operations
the same community name may be used by different
agents
SNMP authentication service
every SNMP message from a manager includes a
community name (used as a password) --- very
primitive
most agents only allow GET operations

95
SNMP Community (contd)

SNMP Access Policy
an agent can provide different categories of MIB
access using the following concepts SNMP MIB
View Access Mode
SNMP MIB View
a subset of objects within a MIB
different MIB views may be defined for each
community
the set of objects in a view need not belong to a
single subtree
SNMP Access Mode
an access mode READ-ONLY, READ-WRITE is defined
for each community
the access mode is applied uniformly to all
objects in the MIB view
SNMP Community Profile
a combination of a MIB view and an access mode

96
MIB ACCESS Category vs. SNMP Access Mode
97
SNMP Administrative Concepts
98
Object Instance Identification

SNMP defines two techniques for identifying a
specific object instance
Serial access technique (via lexicographic
ordering of objects)
Random access technique
Random access technique
objects in MIB tables are referred to as columnar
objects
the object identifier is not sufficient to
identify the instance
SNMP convention
concatenate the scalar object identifier with the
values of INDEX objects, listed in the order
which the INDEX objects are defined
see the example in Table 7.2 on page 169

99
Lexicographical Ordering

is used for accessing MIB objects serially
given the tree structure of a MIB, the OID for a
particular object may be derived by tracing a
path from the root to the object
lexicographical ordering is also referred to as
preorder traversal (root, left, right) of a tree
depth-first search
useful for examining MIBs whose structure is not
known to NMS

100
Lexicographical Ordering Example
101
SNMP Protocol Specification

SNMP manager and agent exchange requests and
management information using SNMP messages
SNMP message includes a version number (e.g., 0
for SNMPv1, 1 for SNMPv2), a community name and
one of five types of protocol data units (PDUs)
PDU Types GetRequest, GetNext-Request,
SetRequest, GetResponse, Trap

102
SNMP Message Formats
103
SNMP Message Fields
104
SNMP Message Fields (contd)
105
Transmission of SNMP Message

1. The PDU is constructed using ASN.1
2. This PDU is passed to an authentication
service with a community name and source
destination transport addresses passed
the authentication service performs any required
transformations such as encryption or the
inclusion of an authentication code
3. The protocol entity then constructs a message,
consisting of a version field, the community
name, and the result from step 2
4. This new ASN.1 object is then encoded using
BER and passed to the transport service

106
Receipt of SNMP Message

1. The SNMP entity performs basic syntax-check of
the message and discards it if it fails to parse
2. It verifies the version number and discards it
if there is a mismatch
3. It then passes the community name, the PDU
portion of the message and the source/destination
transport address to an authentication service
if authentication fails, the message is discarded
if authentication succeeds, the authentication
service returns a PDU in the form of an ASN.1
object
4. If the PDU passes a basic syntax-check, the
appropriate SNMP access policy is selected and
the PDU is processed accordingly

107
SNMP PDU Sequences
108
GetRequest PDU

is issued by an SNMP manager on behalf of NMS to
retrieve information from an agent
includes PDU type, request-id variablebindings
GetResponse PDU containing the same request-id is
used for the reply
operation is atomic (all values are returned or
none is)
possible error-status
noSuchName object instance cannot be found or it
is an aggregate type
tooBig the size of resulting values exceed a
local limitation
genErr may not be able to supply a value for at
least one of the objects for some other reason

109
GetNextRequest PDU

is also issued by an SNMP manager on behalf of
NMS to retrieve information from an agent
the PDU is the same as GetRequest PDU except
In the GetRequest PDU, each variable in the
variablebindings list refers to an object
instance whose value is to be returned
In the GetNextRequest PDU, for each variable in
the variablebindings, the value of the object
instance that is next in lexicographic order is
returned
allows NMS to discover the structure of a MIB
view dynamically
provides an efficient mechanism for searching a
table whose entries are unknown

110
SetRequest PDU

is issued by an SNMP manager on behalf of NMS to
modify information in an agent
the operation is also atomic
if any one of the values cant be set, then the
whole operation fails
GetResponse PDU containing the same request-id is
used for the reply
if the operation succeeds, a GetResponse PDU is
returned with the same variablebindings as in the
original SetRequest PDU
possible error-status
noSuchName, tooBig, genErr plus
badValue PDU contains at least one pair of
variable name and value that is inconsistent

111
Trap PDU

is issued by an SNMP agent to notify NMS of some
significant event
Trap PDU does not require a response and is not
acknowledged -- can get lost
Generic Trap types
coldStart (0) unexpected restart due to a crash
or major fault
warmStart (1) routine restart
linkDown (2) a communication link is
inoperational
linkUp (3) the link is back in operation
authenticationFailure (4) received
authentication-failed message
egpNeighborLoss (5) EGP neighbor is down
enterpriseSpecific (6) some enterprise-specific
event occurred

112
Transport-Level Support

SNMP requires the use of a transport service for
the delivery of SNMP messages.
SNMP makes no assumption about whether the
underlying service is reliable or unreliable,
connectionless or connection-oriented
Most SNMP implementations use UDP
It is possible to use CLTS
UDP
Unreliable, connectionless transport service in
Internet
CLTS
Unreliable, connectionless transport service in
the OSI architecture

113
Issues in using UDP

since UDP provides unreliable transport service,
SNMP messages can get lost
What happens if a GetRequest or GetNextRequest
message is lost?
What happens if a SetRequest message is lost?
What happens if a Trap message is lost?

114
Limitations of SNMPv1

SNMP may not be suitable for the mgmt of truly
large networks because of the performance
limitations of polling
SNMP is not well suited for retrieving large
volumes of data, such as an entire routing table
SNMP traps are unacknowledged may not be
delivered
SNMP provides only trivial authentication
SNMP does not support explict actions
SNMP MIB model is limited (does not support mgmt
queries based on object types or values)
SNMP does not support manager-to-manager
communications
Many of these problems are addressed in SNMPv2!

115
Remote Network Monitoring (RMON)

Basic Concepts
RMON Goals
RMON MIB Table Management
RMON MIB Groups
RMON2

116
RMON Basic Concepts

Extends the SNMP functionality without changing
the protocol
Allows the monitoring of remote networks
(internetwork management)
MAC-layer (layer 2 in OSI) monitoring
Defines a Remote MONitoring (RMON) MIB that
supplements MIB-II
with MIB-II, the manager can obtain information
on individual devices only
with RMON MIB, the manager can obtain information
on the LAN as a whole
called network monitors, analyzers or probes

117
RMON RFCs
118
RMON Goals

Monitoring subnetwork-wide behavior
Reducing the burden on agents and managers
Continuous off-line monitoring in the presence of
failures (in network or manager)
Proactive monitoring
perform some of the manager functions (e.g.,
diagnostics)
Problem detection and reporting
Provide value-added (analyzed) data
Support multiple managers

119
Example Configuration for Remote Monitoring
120
Example of RMON with two interfaces
121
Control of Remote Monitors

RMON MIB contains features that support extensive
control from NMS
Configuration control
Action Invocation
RMON MIB is organized into a number of functional
groups
Each group may contain one or more control tables
and one or more data tables
Control table (typically read-write) contains
parameters that describe the data in a data table
(typically read-only)

122
Configuration Control

At configuration time, NMS sets the appropriate
control parameters to configure the remote
monitor to collect the desired data
the parameters are set by adding a new row to the
control table or by modifying an existing row
a control table may contain objects that specify
the source of data to be collected, the type of
data, the collection timing, etc.
To modify or disable a particular data collection
function
it is necessary first to invalidate the control
row
this causes the deletion of that row and the
deletion of all associated rows in data tables
NMS can create a new control row with the
modified parameters

123
RMON MIB Table Mgmt (1)

The RMON specification includes a set of textual
conventions and procedural rules for row addition
and deletion
Textual conventions
OwnerString DisplayString
EntryStatus INTEGER
valid (1),
createRequest (2),
underCreation (3),
invalid (4)

124
RMON MIB Table Mgmt (2)

Row Addition
is achieved by using the SNMP SetRequest PDU
which includes instance objects and their values
Row Deletion
is achieved by setting the status object for that
row to invalid
Row Modification
is achieved by first invalidating the row and
then adding the row with new object instance
values

125
Example Control Data Tables
126
Transitions of EntryStatus State
127
RMON MIB
128
RMON MIB Groups

1. statistics maintains MAC-level utilization
and error stats
2. history records periodic statistical samples
from the stats group
3. alarm allows NMS to set sampling interval
alarm threshold
4. host contains counters for traffic from hosts
on the subnetwork
5. hostTopN contains sorted host stats that top
a list based on some parameter in the host table
6. matrix shows utilization and error stats in
matrix for host pairs
7. filter allows the monitor to observe packets
that match a filter
8. capture specifies how data is sent to NMS
9. event specifies events to be generated by the
RMON probe
10. tokenRing maintains stats config info for
token ring subnet

129
RMON MIB2

RMON MIB monitors MAC-level subnet traffic
RMON MIB2 can monitor traffic of packets at
layers 3 to 7 of the OSI Reference Model
Provides Network-layer Visibility
can distinguish between local LAN and remote LAN
traffic
Provides Application-layer Visibility
can analyze traffic to and from hosts for
particular applications
can determine which applications are putting the
load on the net
RMON MIB2 is basically an extension of RMON MIB

130
RMON MIB2
131
RMON MIB2 Groups

11. protocolDir a master directory of all of the
protocols that the probe can interpret
12. protocolDist aggregate stats on the amount
of traffic generated by each protocol, per LAN
segment
13. addressMap contains MAC and port addresses
of the devices
14. nlHost network layer traffic stats per host
15. nlMatrix network layer traffic stats per
pairs of hosts
16. alHost application layer traffic stats per
host
17. alMatrix application layer traffic stats per
pairs of hosts
18. userHistory periodically samples and logs
user-defined data
19. probeConfig defines standard configuration
parameters for RMON probes

132
Summary

RMON extends the SNMP functionality without
changing the protocol
RMON can monitor information on a whole
subnetwork
RMON is used extensively in analyzing network
traffic for problem detection and network
planning
RMON2 allows monitoring of traffic at layers 3 to
7 in the OSI Model
RMON2 can be used to analyze network traffic more
accurately even to the application level

133
SNMPv2

The Birth of SNMPv2
SNMPv2 RFCs
SNMPv2 Enhancements
SNMPv2 Protocol Operations
SNMPv2 Coexistence with SNMPv1

134
The Birth of SNMPv2

a major problem with SNMP is the lack of security
secure SNMP was proposed (July 1992) to solve
this problem in SNMP
Simple Management Protocol (SMP) was also
proposed (July 1992) to extend the SNMP
functionality
secure SNMP SMP SNMPv2 (March 1993)
a major security flaw was detected in this
proposal and the security aspects were dropped
and the result is community-based SNMPv2 (Jan.
1996)

135
SNMPv2 RFCs

RFC 1901 (experimental)
Introduction to Community-based SNMPv2
RFC 1902 (draft)
Structure of Management Information for SNMPv2
(SMIv2)
RFC 1903 (draft)
Textual Conventions for SNMPv2
RFC 1904 (draft)
Conformance Statements for SNMPv2

136
SNMPv2 RFCs (contd)

RFC 1905 (draft)
Protocol Operations for SNMPv2
RFC 1906 (draft)
Transport Mappings for SNMPv2
RFC 1907 (draft)
Management Information Base for SNMPv2
RFC 1908 (draft)
Coexistence between Version 1 and Version 2 of
the Internet-standard Network Management Framework

137
SNMPv2 Key Enhancements

SMIv2 (a superset of SMIv1)
provides more elaborate specification and
documentation of managed objects and MIB modules
object type macros expanded (see Fig. 11.1, 11.2
Table 11.2)
creating and deleting conceptual rows in a table
(as used in RMON)
notification definitions
information modules
new SNMP MIB definitions are defined using SMIv2
Manager-to-Manager Capability
for managing large, distributed networks
Protocol Operations
bulk management information retrieval
manager-to-manager communication

138
Comparison of Data Types
139
Notification Type MACRO
NOTIFICATION-TYPE MACRO BEGIN TYPE NOTATION
ObjectsPart
STATUS Status
DESCRIPTION Text
ReferPart VALUE NOTATION value
(VALUE NotificationName) ObjectsPart
OBJECTS Objects empty Objects
Object Objects , Object Object value
(Name ObjectName) Status current
deprecated obsolete ReferPart
REFERENCE Text empty Text string
END
140
Notification Type Example
coldStart NOTIFICATION-TYPE STATUS
current DESCRIPTION "A coldStart trap
signifies that the SNMPv2 entity, acting in
an agent role, is reinitializing itself and
that its configuration may have been
altered." snmpTraps 1 -- From RFC
1907
141
Module Identity MACRO
MODULE-IDENTITY MACRO BEGIN TYPE NOTATION
LAST-UPDATED value (Update UTCTime)
ORGANIZATION Text
CONTACT-INFO
Text
DESCRIPTION Text
RevisionPart VALUE NOTATION value
(VALUE OBJECT IDENTIFIER) RevisionPart
Revisions empty Revisions Revision
Revisions Revision Revision REVISION value
(Update UTCTime)
DESCRIPTION Text Text string END
142
Module Identity Example
rmon MODULE-IDENTITY LAST-UPDATED
"9605270000Z" ORGANIZATION "IETF RMON MIB
Working Group" CONTACT-INFO "Steve
Waldbusser (WG Editor) Postal
International Network Services 650
Castro Street, Suite 260 Mountain
View, CA 94041 Phone 1 415 254 4251
Email waldbusser_at_ins.com
DESCRIPTION "The MIB module for managing
remote monitoring device implementations.
This MIB module augments the original RMON
MIB as specified in RFC 1757." mib-2
16
143
Object Identity MACRO
OBJECT-IDENTITY MACRO BEGIN TYPE NOTATION
STATUS Status
DESCRIPTION Text
ReferPart VALUE NOTATION value
(VALUE OBJECT IDENTIFIER) Status current
deprecated obsolete ReferPart
REFERENCE Text empty Text string
END
144
Object Identity Example
snmpUDPDomain OBJECT-IDENTITY STATUS
current DESCRIPTION "The SNMPv2 over
UDP transport domain. The corresponding
transport address is of type SnmpUDPAddress."
snmpDomains 1 -- from RFC 1906
145
SNMPv2 MIB Access
146
SNMPv2 Operations

GetRequest - get the value for each listed object
GetNextRequest - get next value for each listed
object
GetBulkRequest - get multiple values
Response - respond to manager request
SetRequest - set value for each listed object
InformRequest - send unsolicited information from
a manager to another
SNMPv2-Trap - send unsolicited information from
an agent to a manager

147
SNMPv2 PDU Formats
(d) variable-bindings
148
GetBulkRequest

used to minimize the exchanges required to
retrieve a large amount of information
selection principle is the same as GetNextRequest
the next object instance in lexicographic order
includes a list of (N R) variable names in the
variable-bindings list
the first N variables for retrieving single
values
the next R variables for retrieving multiple
values
non-repeaters and max-repetition fields are used
to indicate the number of N and R variables

149
Interpretation of GetBulkRequest Fields
For last R variables provide M values
each (first M lexicographic successors)
L number of names in variable-bindings field N
MAX MIN (non-repeaters, L), 0 M MAX
max-repetitions, 0 R L - N
150
GetBulkRequest Example
151
SNMPv2-Trap and InformRequest

SNMPv2-Trap
is sent from an agent to a manager when an
unusual event occurs
no response is required
InformRequest
is sent from a manager for passing information to
an application running in another manager
Response PDU is used to acknowledge the request
for hierarchical or distributed management where
multiple managers are involved

152
SNMPv2 PDU Sequences
153
PDU Comparisons
154
Transport Mappings

RFC 1906 specifies the mapping of SNMPv2 onto the
following transport protocols
User Datagram Protocol (UDP)
OSI Connectionless-Mode Network Service (CLNS)
OSI Connection-Oriented Network Service (CONS)
Novell Internetwork Packet Exchange (IPX)
Appletalk
The SNMPv2 document states that UDP is the
preferred mapping

155
Coexistence by Means of Proxy Agent
156
Coexistence - Bilingual Manager
157
SNMPv2 Summary

SNMPv2 is a natural extension of SNMPv1
Key enhancements in SNMPv2 are
more elaborate MIB specification capability
(SMIv2)
Manager-to-Manager communication
Bulk information transfer
SNMPv2 failed to improve on security
More powerful but more complex than SNMPv1
SNMPv3 work is currently underway, which promises
to improve on security

158
SNMPv3

The Birth of SNMPv3
SNMPv3 Security Models and Levels
Comparison with SNMPv1 SNMPv2

159
The Birth of SNMPv3

SNMPv1 SNMPv2 both lack strong security
features
Internet being open environment, how to provide
secure access between manager and managed devices
has been a big concern
SNMPv3 was born to solve this problem
Security features provided in SNMPv3
Authentication determining a message is from a
valid source
Encryption scrambling the contents of a packet
prevents it from being seen by an unauthorized
source

160
Recall Internet NM Framework

Basically, SNMPv3 is a natural extension of
SNMPv1 SNMPv2
Internet NM Framework consists of
1. Manager-agent interaction model
2. a data definition language
3. definitions of management information (MIB)
4. management protocol
5. security and administration
SNMPv3 inherited 1, 2, 3 4 from SNMPv2 and
added new set of documents for 5

161
SNMP Security Models Levels (1)

SNMPv3 provides for both security models levels
Security model an authentication strategy that
is set up for a user and the group in which the
user resides
Security level the permitted level of security
within a model
Three security models available - SNMPv1, SNMPv2,
SNMPv3
Three security levels available - noauth, auth,
priv
Authenticates a packet by using
noauth a string match of the user name
auth either the HMAC MD5 or SHA algorithms
priv either HMAC MD5 or SHA algorithms and
encrypts the packet using the CBC-DES(DES-56)
algorithm

162
SNMP Security Models Levels (2)

DES (Data Encryption Standard)
MD5 SHA-1 Secure Hash Function
HMAC Message Authentication Code

163
SNMPv1 vs. SNMPv3
164
SNMPv2 vs. SNMPv3

RFCs 1902-1907 is incomplete in that it does not
meet the original design goals of SNMPv2
The unmet goals include provision of commercial
grade security
authentication origin identification, message
integrity, replay protection
privacy confidentiality
authorization and access control
suitable remote configuration and administration
capabilities for these features
SNMPv3 attempts to provide these

165
SNMPv3 Documents

RFC 2570 "Introduction to version 3 of the
Internet-standard Network Management Framework,"
provides an overview of SNMPv3.
RFC 2571 "An Architecture for Describing SNMP
Management Frameworks," describes the overall
architecture with special emphasis on the
architecture for security and administration.
RFC 2572 "Message Processing and Dispatching
for the Simple Network Management Protocol
(SNMP)," describes the possibly multiple message
processing models and the dispatcher portion that
can be a part of an SNMP protocol engine.
RFC 2573 "SNMPv3 Applications," describes the
five types of applications that can be associated
with an SNMPv3 engine and their elements of
procedure.
RFC 2574 "The User-Based Security Model for
Version 3 of the Simple Network Management
Protocol (SNMPv3)," describes the threats,
mechanisms, p