Simple Network Management Protocol

1
Simple Network Management Protocol

• CIT 443 Enterprise Network Management

2
Simple Network Management Protocol

• The features of SNMP which make it popular
• Its design is simple, making it is easier to
  implement on networks of any size
• Its simple design makes it easy for a user to
  program variables they would like to have
  monitored.
• It is popular and extensible,
• a device manufacturer can easily add new
  registers for monitoring

3
SNMP Architecture and Model
Network Management
Communication Model
Information Model
Organization Model
Functional Model
Similar to OSI Model
4
SNMP Model

• Organization Model
• Relationship between network element, agent, and
  manager
• Hierarchical architecture
• Information Model
• Uses ASN.1 syntax
• SMI (Structure of Management Information)
• MIB ( Management Information Base)
• Communication Model
• Transfer syntax
• SNMP over TCP/IP
• Communication services addressed by messages
• Security framework community-based model

5
SNMP Architecture and Model
Network Management
Communication Model
Information Model
Organization Model
Functional Model
6
Two-Tier Organization Model
7
Three-Tier Organization Model RMON
8
Three-Tier Organization ModelProxy Server
9
SNMP Messages

• Get-Request
• Sent by manager requesting specific data from
  agent
• Get-Next-Request
• Sent by manager requesting data on the next MO to
  the one specified
• Set-Request
• Initializes or changes the value of network
  element
• Get-Response
• Agent responds with data for get and set requests
  from the manager
• Trap
• Alarm generated by an agent

10
SNMP Architecture and Model
Network Management
Communication Model
Information Model
Organization Model
Functional Model
ASN.1 Format RFCs Define Specifics
11
Managed Object Multiple Instances
12
Object Naming

• Uniquely defined by
• DESCRIPTOR AND
• OBJECT IDENTIFIER

13
Management Information Base

• Hierarchy of information about a device
• Think of a MIB as a simple database
• Uniquely identifies specific information on a
  specific device
• Object Type
• Name
• Allowable Operations

14
Structure of Management Information (SMI)

• Defines standard unique names for objects
• Defines standard formats for objects for use in
  MIB
• Length
• Data type
• etc

15
MIB II
16
Chapter 4
Internet Subnodes

17
Chapter 4
Private MIB Example

18
SNMP Architecture and Model
Network Management
Communication Model
Information Model
Organization Model
Functional Model
19
SNMP Communication
20
Simple Network Management Protocol (SNMP)

• The features of SNMP which made it popular-
• Its design is simple, hence it is easy to
  implement on a large network
• Its simple design makes it easy for a user to
  program variables they would like to have
  monitored.
• It is popular and extensible, a device
  manufacturer can easily add new registers for
  monitoring

21
SNMP V2

• Enhancements of SNMPv2
• Expanded data types (e.g., 64 bit counter)
• Improved efficiency and performance (get-bulk
  operator)
• Confirmed event notification inter NMS
  communication (inform operator)
• Richer error handling (errors and exceptions)

22
SNMP V2

• SNMP Interoperability-
• As presently specified, SNMPv2 is incompatible
  with SNMPv1 in two key areas
• message formats
• protocol operations.
• SNMPv2 messages use different header and protocol
  data unit (PDU) formats than SNMPv1 messages.
  SNMPv2 also uses two protocol operations that are
  not specified in SNMPv1.

23
SNMP V2

• Bilingual Network-Management System
• Bilingual SNMPv2 network-management
  systems support both SNMPv1 and SNMPv2.
• To support this dual-management
  environment, a management application in the
  bilingual NMS must contact an agent. The NMS then
  examines information stored in a local database
  to determine whether the agent supports SNMPv1 or
  SNMPv2. Based on the information in the database,
  the NMS communicates with the agent using the
  appropriate version of SNMP.

24
SNMP V2

• However, the SNMPv2 Framework, as described
  in these documents, is incomplete in that it does
  not meet the original design goals of the
  SNMPv2 project.
• The unmet goals included provision of security
  and administration with authentication, privacy
  authorization, access control and suitable remote
  configuration and administration capabilities for
  these features.
• .

25
SNMPv2 SECURITY WHAT HAPPENED?

• APRIL 1993
• Standard Proposed w/ 4 Editors
• Security Based on PARTIES
• 1st prototypes appeared shortly thereafter
• JUNE 1995
• PROPOSED STANDARD REJECTED BY TWO OF THE ORIGINAL
  EDITORS!
• AUGUST 1995
• Agreement that Party-based Model is too complex
• NEW PROPOSALS
• SNMPv2C COMMUNITY BASED
• SNMPv2U USER BASED
• ...
• 1997
• SNMPv3 Working Group Formed
• With ALL NEW Editors

26
SNMP v3

• The SNMPv3 Management Framework, addresses the
  significant deficiencies of v2.
• addressing the missing links
• security
• administration
• in the process made invaluable contributions to
  the state-of-the-art of management

27
SNMPv3 ARCHITECTURE
SNMP ENTITY
SNMP APPLICATIONS
PROXY FORWARDER
NOTIFICATION RECEIVER
OTHER
COMMAND
NOTIFICATION ORIGINATOR
COMMAND RESPONDER
OTHER
GENERATOR
SNMP Manager
SNMP Agent
SNMP ENGINE
MESSAGE PROCESSING
SECURITY
ACCESS CONTROL
DISPATCHER
SUBSYSTEM
SUBSYSTEM
SUBSYSTEM
28
SNMPv3 ARCHITECTURE MANAGER
29
USM SECURITY THREATS
30
Questions?