Simple Network Management Protocol - PowerPoint PPT Presentation

1 / 64

About This Presentation

Title:

Simple Network Management Protocol

Description:

Command generators, which monitor and manipulate. management data, ... portable. allows distributed management access. lightweight protocol. Review Questions ... – PowerPoint PPT presentation

Number of Views:49

Avg rating:3.0/5.0

Slides: 65

Provided by: cengiz9

Learn more at: https://www.cse.unt.edu

Category:

more less

Transcript and Presenter's Notes

Title: Simple Network Management Protocol

1
Simple Network Management Protocol

By - Suparna
Sri

2
Agenda

Introduction
Network Level Architecture
Operation of Protocol
Applications of Protocol
Event flows
Message Formats
Extensions, Performance Security Issue
Conclusion
References

3
Introduction

SNMP is an application layer protocol that
facilitates the exchange of management
information between network devices.
It is used for collecting information from, and
configuring, network devices, such as servers,
printers, hubs, switches, and routers on an
Internet Protocol (IP) network.
SNMP enables network administrators to manage
network performance, find and solve network
problems, and plan for network growth.

4
Basic Components of SNMP

NMS (Network Management Station)
Managed Devices
Agents
MIB (Management Information Base)

NMS executes applications that monitor and
control managed devices.
It executes applications that monitor and control
managed devices. One or more NMSs must exist on
any managed network.
NMS is a general purpose computer running special
software

Managed Device is a network node that contains an
SNMP agent and that resides on a managed
network.
Managed devices collect and store management
information and make this information available
to NMSs using SNMP.
Managed devices, sometimes called network
elements, can be routers and access servers,
switches and bridges, hubs, computer hosts, or
printers.

Agents is a network-management software module
that resides in a managed device.
An agent has local knowledge of management
information and translates that information into
a form compatible with SNMP.

8
Network Level Architecture
9
MIB Structure

Every management station or an agent in an SNMP
architecture maintains a local database having
information related to the network management.
This virtual information store is called MIB-
objects database
An SNMP MIB contains definitions and information
about the properties of managed resources and the
services that the agents support. The manageable
features of resources, as defined in an SNMP MIB,
are called managed objects

10
Management Information Base
11
MIB object identifiers

Each object in the MIB has an object identifier
(OID)
Management station uses ODI to request the
object's value from the agent.
An OID is a sequence of integers that uniquely
identifies a managed object by defining a path to
that object through a tree-like structure called
the OID tree or registration tree.
When an SNMP agent needs to access a specific
managed object, it traverses the OID tree to find
the object.

12
SNMP ODI Hierarchy Format
13
Operation of Protocol

Read It is used by an NMS to monitor managed
devices. The NMS examines different variables
that are maintained by managed devices.
Write It is used by an NMS to control managed
devices. The NMS changes the values of variables
stored within managed devices.
Trap The trap command is used by managed devices
to asynchronously report events to the NMS. When
certain types of events occur, a managed device
sends a trap to the NMS.

14
Operation of the Protocol

Get
Get next
Get-bulk
Set
Set response
Trap
Notification
Inform
Report

15
get and getnext Operation

The get request is initiated by the NMS, which
sends the request to the agent. The agent
receives the request and processes it to best of
its ability.
The get command is useful for retrieving a single
MIB object at a time.
The get-next operation lets you issue a sequence
of commands to retrieve a group of values from a
MIB

16
get Operation
17
get bulk operation

SNMPv2 defined the get-bulk operation which
allows a management application to retrieve a
large section of a table at once.
The standard get operation can attempt to
retrieve more than one MIB object at once, but
message sizes are limited by the agent's
capabilities. If the agent can't return all the
requested responses, it returns an error message
with no data.
Get bulk command consists of two fields
non-repeaters and max repetitions and these
fields are set when issuing a get-bulk command
non-repeaters and max-repetitions.
Non-repeaters tells the get-bulk command that
the first N objects can be retrieved with a
simple get-next operation. Max-repetitions tells
the get-bulk command to attempt up to M get-next
operations to retrieve the remaining objects

18
get bulk Operation
19
set Operation

The set command is used to change the value of a
managed object or to create a new row in a table.
Objects that are defined in the MIB as read-write
or write-only can be altered or created using
this command. It is possible for an NMS to set
more than one object at a time.

20
trap Operation

Trap A trap is a way for an agent to tell the
NMS that something bad has happened.
The trap originates from the agent and is sent to
the trap destination, as configured within the
agent itself. The trap destination is typically
the IP address of the NMS.

21
Scenarios when trap occurs

A network interface on the device (where the
agent is running) has gone down.
A network interface on the device (where the
agent is running) has come back up.
An incoming call to a modem rack was unable to
establish a connection to a modem.
The fan on a switch or router has failed.

22
Generic types of trap

Coldstart(0) Indicates that the agent has
rebooted. All management variables will be reset
specifically, Counters and Gauges will be reset
to zero (0). It can also be used to determine
when new hardware is added to the network.
Warmstart(1)Indicates that the agent has
reinitialized itself. None of the management
variables will be reset.
Linkdown(2) Sent when an interface on a device
goes down. The first variable binding identifies
which interface went down.
Linkup(3) Sent when an interface on a device
comes back up.

23
Generic types of trap

authenticationFailure(4)Indicates that someone
has tried to query your agent with an incorrect
community string useful in determining if
someone is trying to gain unauthorized access to
one of your devices.
egpNeighborloss(5) Indicates that an Exterior
Gateway Protocol (EGP) neighbor has gone down.
Enterprisespecific(6) Indicates that the trap is
enterprise-specific which are used by SNMP to
define their own traps under the
private-enterprise branch of the SMI object tree.

24
Other SNMP operations

SNMP notification As the PDUs of snmpv1,v2 and
v3,notification-type is used as a means of
notification for this.
SNMP inform inform mechanism provides
communication between manager-manager
SNMP report Allows the SNMP engines to
communicate with each other mainly to report the
problems with processing SNMP messages

25
Message Sent Between an SNMP Manager and its
Managed Devices
26
Event Flow of SNMP protocol

Represents Interactions and timing of the SNMP
protocol between the SNMP manager and the SNMP
agent.
Traps are unsolicited messages sent from the
agent to the manager.
There are four functions of SNMP
get request, trap, get next and set
request.

27
Event Flow of
SNMP operations
28
Network Management System
29
SNMPv3 Applications

Five types of application which can be
associated with an SNMP engine are described in
RFC 2273. These applications are
- Command generators, which monitor
and manipulate
management data,
- Command responders, which provide
access to
management data,
- Notification originators, which
initiate asynchronous
messages,
- Notification receivers, which
process asynchronous
messages, and
- Proxy forwarders, which forward
messages between
entities.

30
Flow diagram of Command Generator and Command
Responder
31
PRIMITIVES BETWEEN MODULES
32
sendPdu
33
prepareOutgoingMessage
34
generateRequestMsg
35
send / receive
36
prepareDataElements
37
processIncomingMsg
38
processPd
39
isAccessAllowed
40
returnResponsePdu
41
prepareResponseMessage
42
generateResponseMsg
43
send / receive
44
prepareDataElements
45
processIncomingMsg
46
processResponsePdu
47
Five areas of network management

Performance management to quantify, measure,
report, analyze and control the performance of
network components.
Fault management to detect, log, notify users
of, and (to the extent possible) automatically
fix network problems to keep the network running
effectively.
Configuration management to monitor network and
system configuration information so that the
effects on network operation of various versions
of hardware and software elements can be tracked
and managed.
Accounting management to measure network
utilization parameters so that individual or
group uses on the network can be regulated
appropriately.
Security management to control access to
network resources according to local guidelines
so that the network cannot be sabotaged and
sensitive information cannot be accessed by those
without appropriate authorization.

48
SNMP Message Format
SNMP uses two well-known ports to operate

UDP/TCP Port 161 SNMP Request/Response
Messages
UDP/TCP Port 162 - SNMP Trap Messages

Ethernet Frame
IP Packet
SNMP Message
UDP Datagram
CRC
SNMPv3 defines a security capability to be used
in conjunction with SNMPv1 (runs over UDP) or
SNMPv2 (also runs over TCP)
49
SNMP General Message Format
50
SNMP V1 General Message Format

General Message Format
51
SNMP v1 PDU Format
PDU Format
52

SNMP V1 Trap- PDU Format
Trap-PDU Format
53
SNMP v2 Message Format
The SNMPv2 GetBulk PDU
SNMPv2 Get, GetNext, Inform, Response, Set, and
Trap PDUs Contain the Same Fields
54
SNMP v3 General Message Format

55
SNMP v3 General Message Format
56
Security services

Data Integrity is provision of the property that
data or data sequences has not been altered or
destroyed in an unauthorized manner.
Data Origin Authentication is the provision of
the property that the claimed identity of the
user on whose behalf received data was originated
is corroborated.
Data Confidentiality is the provision of the
property that information is not made available
or disclosed to unauthorized individuals,
entities, entities, or processes.
Message timeliness and limited replay protection
is the provision of the property that a message
whose generation time is outside of a specified
time window is not accepted.

57
Performance and Security Issues

Modification of Information
The modification threat is the danger that
some unauthorized entity may alter in-transit
SNMP messages generated on behalf of an
authorized principal in such a way as to effect
unauthorized management operations, including
falsifying the value of an object.
Masquerade
The masquerade threat is the danger that
management operations not authorized for some
user may be attempted by assuming the identity of
another user that has the appropriate
authorizations.
Disclosure
The disclosure threat is the danger of
eavesdropping on the exchanges between managed
agents and a management station. Protecting
against this threat may be required as a matter
of local policy.
Message Stream Modification
The SNMP protocol is typically based upon a
connection-less transport service which may
operate over any sub-network service. The
re-ordering, delay or replay of messages can and
does occur through the natural operation of many
such sub-network services.
The message stream modification threat is the
danger that messages may altered, in order to
effect unauthorized management operations.

58
Extensions (SNMPv2 protocol)

Two new protocol operations have been added in
SNMPv2. Get-bulk-request supports efficient
transfer of large amount of MIB data, and
Inform-request enables a manager to inform
another manager of significant events.
The main problems of the SNMPv1 are the
authentication of the message source, protecting
these message from disclosure and placing access
controls on MIB database. Those problems are
solved in SNPM v2 by changing the format of SNMP
PDUs.
In SNMPv1, traps had a different format than all
of the other PDUs. SNMPv2 simplify traps by
giving them the same format as the get and set
PDUs.
In SNMPv1, if too much data are asked in an
ordinary get-request you receive a message "too
big" error message without data. In SNMPv2
Get-bulk-request allows you to retrieve a lot
of information and will receive as much data as
it is possible in your response message.
In SNMPv2, if a multiple requested value, in a
get-request, one is not valid or does not exist,
there will be answers for the other request that
have been well dealt. Whereas for SNMPv1, no
response at all was given, only the error
message.
SNMPv2 security framework deals with the problem
of the authentication of the message sender, its
contents and the eavesdropper problems. It also
supports the use of authentication protocol to
identify the sources reliability and to prevent
message modification. It also supports the use
of encryption to keep messages privacy. SNMPv1
dont have all these security features.

59
SNMP Security

Security in SNMP versions
SNMPv1 uses plain text community strings for
authentication as plain text without encryption
SNMPv2 was supposed to fix security problems, but
effort de-railed.
SNMPv3 has numerous security features
Ensure that a packet has not been tampered with
(integrity),
Ensures that a message is from a valid source
(authentication)
Ensures that a message cannot be read by
unauthorized (privacy).
SNMP has three security levels for
Monitoring ( no authentication / no privacy)
Authentication with matching a user name
Control (authentication / no privacy)
Authentication with MD5 or SHA message digests.
Downloading secrets (authentication / privacy)
Authentication with MD5 or SHA message digests,
and encryption with DES encryption.