Title: Simple Network Management Protocol
1Simple Network Management Protocol
2Agenda
- Introduction
- Network Level Architecture
- Operation of Protocol
- Applications of Protocol
- Event flows
- Message Formats
- Extensions, Performance Security Issue
- Conclusion
- References
3Introduction
- SNMP is an application layer protocol that
facilitates the exchange of management
information between network devices. - It is used for collecting information from, and
configuring, network devices, such as servers,
printers, hubs, switches, and routers on an
Internet Protocol (IP) network. - SNMP enables network administrators to manage
network performance, find and solve network
problems, and plan for network growth.
4Basic Components of SNMP
- NMS (Network Management Station)
- Managed Devices
- Agents
- MIB (Management Information Base)
5- NMS executes applications that monitor and
control managed devices. - It executes applications that monitor and control
managed devices. One or more NMSs must exist on
any managed network. - NMS is a general purpose computer running special
software
6- Managed Device is a network node that contains an
- SNMP agent and that resides on a managed
network. - Managed devices collect and store management
information and make this information available
to NMSs using SNMP. - Managed devices, sometimes called network
elements, can be routers and access servers,
switches and bridges, hubs, computer hosts, or
printers.
7- Agents is a network-management software module
that resides in a managed device. - An agent has local knowledge of management
information and translates that information into
a form compatible with SNMP.
8Network Level Architecture
9MIB Structure
- Every management station or an agent in an SNMP
architecture maintains a local database having
information related to the network management. - This virtual information store is called MIB-
objects database - An SNMP MIB contains definitions and information
about the properties of managed resources and the
services that the agents support. The manageable
features of resources, as defined in an SNMP MIB,
are called managed objects
10Management Information Base
11MIB object identifiers
- Each object in the MIB has an object identifier
(OID) - Management station uses ODI to request the
object's value from the agent. - An OID is a sequence of integers that uniquely
identifies a managed object by defining a path to
that object through a tree-like structure called
the OID tree or registration tree. - When an SNMP agent needs to access a specific
managed object, it traverses the OID tree to find
the object.
12SNMP ODI Hierarchy Format
13Operation of Protocol
- Read It is used by an NMS to monitor managed
devices. The NMS examines different variables
that are maintained by managed devices. - Write It is used by an NMS to control managed
devices. The NMS changes the values of variables
stored within managed devices. - Trap The trap command is used by managed devices
to asynchronously report events to the NMS. When
certain types of events occur, a managed device
sends a trap to the NMS.
14Operation of the Protocol
- Get
- Get next
- Get-bulk
- Set
- Set response
- Trap
- Notification
- Inform
- Report
15get and getnext Operation
- The get request is initiated by the NMS, which
sends the request to the agent. The agent
receives the request and processes it to best of
its ability. - The get command is useful for retrieving a single
MIB object at a time. - The get-next operation lets you issue a sequence
of commands to retrieve a group of values from a
MIB
16get Operation
17get bulk operation
- SNMPv2 defined the get-bulk operation which
allows a management application to retrieve a
large section of a table at once. - The standard get operation can attempt to
retrieve more than one MIB object at once, but
message sizes are limited by the agent's
capabilities. If the agent can't return all the
requested responses, it returns an error message
with no data. - Get bulk command consists of two fields
non-repeaters and max repetitions and these
fields are set when issuing a get-bulk command
non-repeaters and max-repetitions. - Non-repeaters tells the get-bulk command that
the first N objects can be retrieved with a
simple get-next operation. Max-repetitions tells
the get-bulk command to attempt up to M get-next
operations to retrieve the remaining objects
18get bulk Operation
19set Operation
- The set command is used to change the value of a
managed object or to create a new row in a table.
Objects that are defined in the MIB as read-write
or write-only can be altered or created using
this command. It is possible for an NMS to set
more than one object at a time.
20trap Operation
- Trap A trap is a way for an agent to tell the
NMS that something bad has happened. - The trap originates from the agent and is sent to
the trap destination, as configured within the
agent itself. The trap destination is typically
the IP address of the NMS.
21Scenarios when trap occurs
- A network interface on the device (where the
agent is running) has gone down. - A network interface on the device (where the
agent is running) has come back up. - An incoming call to a modem rack was unable to
establish a connection to a modem. - The fan on a switch or router has failed.
22Generic types of trap
- Coldstart(0) Indicates that the agent has
rebooted. All management variables will be reset
specifically, Counters and Gauges will be reset
to zero (0). It can also be used to determine
when new hardware is added to the network. - Warmstart(1)Indicates that the agent has
reinitialized itself. None of the management
variables will be reset. - Linkdown(2) Sent when an interface on a device
goes down. The first variable binding identifies
which interface went down. - Linkup(3) Sent when an interface on a device
comes back up.
23Generic types of trap
- authenticationFailure(4)Indicates that someone
has tried to query your agent with an incorrect
community string useful in determining if
someone is trying to gain unauthorized access to
one of your devices. - egpNeighborloss(5) Indicates that an Exterior
Gateway Protocol (EGP) neighbor has gone down. - Enterprisespecific(6) Indicates that the trap is
enterprise-specific which are used by SNMP to
define their own traps under the
private-enterprise branch of the SMI object tree.
24Other SNMP operations
- SNMP notification As the PDUs of snmpv1,v2 and
v3,notification-type is used as a means of
notification for this. - SNMP inform inform mechanism provides
communication between manager-manager - SNMP report Allows the SNMP engines to
communicate with each other mainly to report the
problems with processing SNMP messages
25Message Sent Between an SNMP Manager and its
Managed Devices
26Event Flow of SNMP protocol
- Represents Interactions and timing of the SNMP
protocol between the SNMP manager and the SNMP
agent. - Traps are unsolicited messages sent from the
agent to the manager. - There are four functions of SNMP
- get request, trap, get next and set
request.
27 Event Flow of
SNMP operations
28Network Management System
29SNMPv3 Applications
-
-
- Five types of application which can be
associated with an SNMP engine are described in
RFC 2273. These applications are - - Command generators, which monitor
and manipulate - management data,
- - Command responders, which provide
access to
- management data,
- - Notification originators, which
initiate asynchronous - messages,
- - Notification receivers, which
process asynchronous - messages, and
- - Proxy forwarders, which forward
messages between - entities.
-
30Flow diagram of Command Generator and Command
Responder
31PRIMITIVES BETWEEN MODULES
32sendPdu
33prepareOutgoingMessage
34generateRequestMsg
35send / receive
36prepareDataElements
37processIncomingMsg
38processPd
39isAccessAllowed
40returnResponsePdu
41prepareResponseMessage
42generateResponseMsg
43send / receive
44prepareDataElements
45processIncomingMsg
46processResponsePdu
47Five areas of network management
- Performance management to quantify, measure,
report, analyze and control the performance of
network components. - Fault management to detect, log, notify users
of, and (to the extent possible) automatically
fix network problems to keep the network running
effectively. - Configuration management to monitor network and
system configuration information so that the
effects on network operation of various versions
of hardware and software elements can be tracked
and managed. - Accounting management to measure network
utilization parameters so that individual or
group uses on the network can be regulated
appropriately. - Security management to control access to
network resources according to local guidelines
so that the network cannot be sabotaged and
sensitive information cannot be accessed by those
without appropriate authorization.
48SNMP Message Format
SNMP uses two well-known ports to operate
- UDP/TCP Port 161 SNMP Request/Response
Messages - UDP/TCP Port 162 - SNMP Trap Messages
Ethernet Frame
IP Packet
SNMP Message
UDP Datagram
CRC
SNMPv3 defines a security capability to be used
in conjunction with SNMPv1 (runs over UDP) or
SNMPv2 (also runs over TCP)
49SNMP General Message Format
50SNMP V1 General Message Format
General Message Format
51SNMP v1 PDU Format
PDU Format
52SNMP V1 Trap- PDU Format
Trap-PDU Format
53SNMP v2 Message Format
The SNMPv2 GetBulk PDU
SNMPv2 Get, GetNext, Inform, Response, Set, and
Trap PDUs Contain the Same Fields
54SNMP v3 General Message Format
55SNMP v3 General Message Format
56Security services
- Data Integrity is provision of the property that
data or data sequences has not been altered or
destroyed in an unauthorized manner. - Data Origin Authentication is the provision of
the property that the claimed identity of the
user on whose behalf received data was originated
is corroborated. - Data Confidentiality is the provision of the
property that information is not made available
or disclosed to unauthorized individuals,
entities, entities, or processes. - Message timeliness and limited replay protection
is the provision of the property that a message
whose generation time is outside of a specified
time window is not accepted.
57Performance and Security Issues
- Modification of Information
- The modification threat is the danger that
some unauthorized entity may alter in-transit
SNMP messages generated on behalf of an
authorized principal in such a way as to effect
unauthorized management operations, including
falsifying the value of an object. - Masquerade
- The masquerade threat is the danger that
management operations not authorized for some
user may be attempted by assuming the identity of
another user that has the appropriate
authorizations. - Disclosure
- The disclosure threat is the danger of
eavesdropping on the exchanges between managed
agents and a management station. Protecting
against this threat may be required as a matter
of local policy. - Message Stream Modification
- The SNMP protocol is typically based upon a
connection-less transport service which may
operate over any sub-network service. The
re-ordering, delay or replay of messages can and
does occur through the natural operation of many
such sub-network services. - The message stream modification threat is the
danger that messages may altered, in order to
effect unauthorized management operations.
58Extensions (SNMPv2 protocol)
- Two new protocol operations have been added in
SNMPv2. Get-bulk-request supports efficient
transfer of large amount of MIB data, and
Inform-request enables a manager to inform
another manager of significant events. - The main problems of the SNMPv1 are the
authentication of the message source, protecting
these message from disclosure and placing access
controls on MIB database. Those problems are
solved in SNPM v2 by changing the format of SNMP
PDUs. - In SNMPv1, traps had a different format than all
of the other PDUs. SNMPv2 simplify traps by
giving them the same format as the get and set
PDUs. - In SNMPv1, if too much data are asked in an
ordinary get-request you receive a message "too
big" error message without data. In SNMPv2
Get-bulk-request allows you to retrieve a lot
of information and will receive as much data as
it is possible in your response message. - In SNMPv2, if a multiple requested value, in a
get-request, one is not valid or does not exist,
there will be answers for the other request that
have been well dealt. Whereas for SNMPv1, no
response at all was given, only the error
message. - SNMPv2 security framework deals with the problem
of the authentication of the message sender, its
contents and the eavesdropper problems. It also
supports the use of authentication protocol to
identify the sources reliability and to prevent
message modification. It also supports the use
of encryption to keep messages privacy. SNMPv1
dont have all these security features. -
59SNMP Security
- Security in SNMP versions
- SNMPv1 uses plain text community strings for
authentication as plain text without encryption - SNMPv2 was supposed to fix security problems, but
effort de-railed. - SNMPv3 has numerous security features
- Ensure that a packet has not been tampered with
(integrity), - Ensures that a message is from a valid source
(authentication) - Ensures that a message cannot be read by
unauthorized (privacy). - SNMP has three security levels for
- Monitoring ( no authentication / no privacy)
Authentication with matching a user name - Control (authentication / no privacy)
Authentication with MD5 or SHA message digests. - Downloading secrets (authentication / privacy)
Authentication with MD5 or SHA message digests,
and encryption with DES encryption.
60 SNMP GUI OpenView Severity Levels
- Severity
Color - -----------------------------------------
-------------------------- - Unknown
Blue - Normal
Green - Warning
Cyan - Minor
Yellow - Major
Orange - Critical
Red
61Conclusions
- Standardized
- universally supported
- extendible
- portable
- allows distributed management access
- lightweight protocol
62Review Questions
- 1. What are the components in network management
architecture and define them? - slide 5-7
- 2. What are MIBs, and how are they accessed?
- slide 9
- 3. What are the types of messages between SNMP
manager and agent? - slide 25
63References
- http//www.faqs.org/rfcs/
- http//www.ietf.org/rfcs/
- http//www.icg.isy.liu.se/courses/tsin02-ici/slide
s/11_Snmp-v3.pdf - http//www.dpstele.com/layers/l2/snmp_l2_tut_part1
.html - http//www.cisco.com/warp/public/535/3.html
64THANK YOU