Post on 13-Jan-2016
Lec9: SNMPv2
1
Based on Behzad Akbari Fall 2011 Network Management lectures
Overview
SNMPv1 was developed as a temporary solution to an adoption of OSI.
SNMPv2, released in 1996, was basically major revisions added to SNMP.
2
Major Changes
Bulk data transfer Request and receive bulk data using the get-bulk message
Manager-to-manager message Enhances interoperability and allows for managing large
distributed networks Enhancements to SMI: SMIv2
Module definitions: MODULE-IDENTITY macro Object definitions: OBJECT-TYPE macro (same as before) Trap definitions: NOTIFICATION-TYPE macro
Textual conventions: define new data types Conformance statements
Help customers compare features of various products Keeps vendors open to their product’s compatibility with SNMP
3
Major Changes
Row creation and deletion in table A table can also be expanded by augmenting another table
MIB enhancements Two new subgroups: security and snmpV2
Transport mappings UDP remains the preferred transport protocol; however, other
protocols can also be used with SNMPv2 Security features, originally to be in SNMPv2 moved to SNMPv3
SNMPv2 is community-based administrative framework
4
SNMPv2
mgmt(2)
directory(1)
experimental(3)
private(4)
Internet{1 3 6 1}
security(5)
snmpv2(6)
SNMPv2 Internet Group
SNMPv2 System Architecture
5
SNMP ManagerApplication
resp
on
se
ge
t-b
ulk
-re
qu
est
ge
t-n
ext
-re
qu
est
set-
req
ues
t
snm
pV
2-tr
ap
SNMP Manager
SNMP
UDP
IP
DLC
PHY
Physical Medium
SNMP PDU
ge
t-re
qu
est
info
rm-r
eq
ue
st
SNMP AgentApplication
resp
on
se
ge
t-b
ulk
-re
qu
est
ge
t-n
ext
-re
qu
est
set-
req
ues
t
snm
pV
2-tr
ap
SNMP Agent
SNMP
UDP
IP
DLC
PHY
ge
t-re
qu
est
SNMP ManagerApplication
resp
on
se
ge
t-b
ulk
-re
qu
est
ge
t-n
ext
-re
qu
est
set-
req
ues
t
snm
pV
2-tr
ap
SNMP Manager
SNMP
UDP
IP
DLC
PHY
ge
t-re
qu
est
info
rm-r
eq
ue
st
SNMP PDU
ApplicationPDU
Physical Medium
ApplicationPDU
Additional Messages
inform-requestmanager-to-manager messageThe receiving manager responds with a
response messageEnhances interoperability
get-bulk-request transfer of large data, e.g. retrieval of table
data SNMPv2-trap
Similar to trap messages in SNMPv16
isiMIBModule MODULE-IDENTITY LAST-UPDATED "9802101100Z" ORGANIZATION "InfoTech Services Inc." CONTACT-INFO "John P Smith Tele: 770-111-1111 Fax: 770-111-2222 email: smithj@domainname.net" DESCRIPTION " Version 1.1 of the InfoTech Services MIB module" Revision "9709021500Z" DESCRIPTION "Revision 1.0 on September 2, 1997 was a draft version" :: {enterprises.isi 1}
Example of MODULE-IDENTITY Macro
SMIv2- Modules Definitions
Defines and describe semantics of an information module (info. related to network management) MODULE-IDENTITY macro defines the module definitions
7
MODULE-IDENTITY MACRO ::= BEGIN TYPE NOTATION ::= "LAST-UPDATED" value (Update UTCTime) "ORGANIZATION" Text "CONTACT-INFO" Text "DESCRIPTION" Text RevisionPart VALUE NOTATION ::= value (VALUE OBJECT IDENTIFIER) RevisionPart ::= Revisions | empty Revisions ::= Revision | Revisions Revision Revision ::= "REVISION" value (UTCTime) "DESCRIPTION" Text -- uses the NVT ASCII character set Text ::= """" string """" END
MODULE-IDENTITY Macro
SMIv2- Object Definitions
OBJECT IDENTIFIER, OBJECT-IDENTITY, OBJECT-TYPE
OBJECT IDENTIFIER defines the administrative identification of a node in the MIB
OBJECT-IDENTITY macro (defines info. about OID) assigns an object identifier to a class of managed objects in the MIB (e.g., defining a class of routers!)
OBJECT-TYPE macro defines the type of a managed object (e.g., a specific router type)• Focuses on the details of implementation
NOTE:• OBJECT-IDENTITY is high level description• OBJECT-TYPE details description needed for implementation
8
OBJECT-TYPE
9
OBJECT-TYPE MACRO ::=BEGIN
TYPE NOTATION ::="SYNTAX" SyntaxUnitsPart"MAX-ACCESS" Access"STATUS" Status"DESCRIPTION" TextReferPartIndexPartDefValPart
VALUE NOTATION ::=value(VALUE ObjectName)
"MAX-ACCESS" Access
10
Access ::="not-accessible"| "accessible-for-notify"| "read-only"| "read-write"| "read-create"
ordered from least to greatest: "not-accessible": indicates an assistant object "accessible-for-notify": accessible only via a notification "read-only": read only "read-write": read and write, but create does not. "read-create": read, write and create
"STATUS" Status
11
Status ::= "current" | "deprecated"
| "obsolete"
“current”: the definition is current and valid.“deprecated”:indicates an ignored definition, it allows
new/continued implementation.“obsolete”: the definition is ignored and should not be
implemented.
ReferPart
12
ReferPart ::="REFERENCE" Text| empty
ipForwardTable OBJECT-TYPE SYNTAX SEQUENCE OF IpForwardEntry MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "This entity's IP Routing table." REFERENCE "RFC 1213 Section 6.6, The IP Group“::= { ipForward 2 }
Object Definitions, example
13
isiRouter OBJECT-IDENTITY STATUS current DESCRIPTION "An 8-slot IP router in the IP router family." REFERENCE "ISI Memorandum No. ISI-R123 dated January. 20, 1997" ::= {private.enterprises.isi 2}
Example of OBJECT-IDENTITY Macro
routerIsi123 OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "An 8-slot IP router that can
switch up to 100 million packets per second."
::= {isiRouter 1}
Example of OBJECT-IDENTITY Macro
isiRouter OBJECT-IDENTIFIER ::= {private.entreprises.isi 2}
NOTE: A specific instance of routerIsi123 could be identified by its IP address 10.1.2.3
Table Definition
Static Tableso Tables completely controlled by the agent. o Access is read-only, and read-writeo These are useful when the number of rows corresponds to a fixed
attribute (e.g., # physical interfaces) Dynamic Table
o Allows row creation/deletion by a managero Access includes read-only, read-write, and read-createo A table can be initialized with no rows and expanded as needed
SNMPv2: Augmentation of a table (dependent table) o Adds additional columns to an existing table (base table)o Number of rows is not affectedo INDEX of the second table is the same as the first tableo One-to-one relation between rows of two tables
14
Augmentation of Tables
15
T1.E1.C1.1
table1(T1)
table1Entry(E1)
T1.E1.C2.1 T1.E1.C3.1
T1.E1.C1.2 T1.E1.C2.2 T1.E1.C3.2
T1.E1.C1.3 T1.E1.C2.3 T1.E1.C3.3
T1.E1.C1.4 T1.E1.C2.4 T.E1.C3.4
table 2(T2)
table2Entry(E2)
T2.E2.C4.1 T2.E2.C5.1
T2.E2.C4.2 T2.E2.C5.2
T2.E2.C4.3 T2.E2.C5.3
T2.E2.C4.4 T2.E2.C5.4
Index: First columnar object in Table 1
Conceptual rows: 1. T1.E1.C1.1 2. T1.E1.C1.2 3. T1.E1.C1.3 4. T1.E1.C1.4
Table 1 Table 2Base table Augmented table
ExampleColumnar object:T2.E2.C4Index: T1.E1.C1.2Value: T2.E2.C4.2
Augmentation of Tables
16
Example: a vendor can easily specify vendor-specific objects as extensions to standard MIB table. It should be easier for applications to access these objects than if they were defined as new, separate table
table1 OBJECT-TYPE SYNTAX SEQUENCE OF table1Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION “Table 1 under T” ::= {table 1} table1Entry OBJECT-TYPE SYNTAX Table1Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION “An entry (conceptual row) in Table 1” INDEX {T1.E1.C1} ::= {table1 1}
table2 OBJECT-TYPE SYNTAX SEQUENCE OF table2Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION “Table 2 under T” ::= {table 2} table2Entry OBJECT-TYPE SYNTAX Table2Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION “An entry (conceptual row) in Table 2” AUGMENTS {table1Entry} ::= {table2 1}
--Conceptual row extension
A clause used to increase the number of columns in a table w/out rewriting the table definition
The resulting table is therefore treated the same way as if it was defined in a single table definition
Row Creation
17
A new feature in SMIv2 2 methods
Create a row and make it active (or available) Create a row and make it available at a later time definition of the status of a row
RowStatus Textual Convention
State Enumer-ation
Description
active 1 Row exists and is operational notInService 2 Operation on the row is suspended notReady 3 Row does not have all the columnar objects
needed createAndGo 4 This is a one-step process of creation of a
row; create row+make row active createAndWait 5 Row is under creation and should not be
authorized into service destroy 6 Same as Invalid in EntryStatus. Row should
be deleted Used by manager for
row creation/deletion
Used by agent to send responses to a manager
Row Creation
18
Row to be created/deleted
entry1
status.1
table1
index.1 data.1
status.2
status.3
index.2
index.3
data.2
data.3
Create and Go
19
Manager initiates a SetRequest-PDU to create a new row status = 4, i.e., create and go
Agent interacts with the management entity and successfully create an instance; subsequently a response is transmitted to the manager status = 1, indicates that the row is active
SetRequest (status.3 = 4,index.3 = 3,data.3 = DefData )
Response (status.3 = 1,index.3 = 3,data.3 = DefData )
ManagerProcess
AgentProcess
ManagedEntity
Create Instance
Instance Created
Create and Wait
20
ManagerProcess
AgentProcess
SetRequest (status.3 = 5,index.3 = 3 ) Create and wait, no default
data specifiedResponse (status.3 = 3,index.3 = 3 )
Agent responds with “notReady”(no default value)
GetRequest (data.3 )
Get the data for the row
Response (data.3 = noSuchInstance)Data value is missing
SetRequest (data.3 = DefData ) Value of data is sent
Response (status.3 = 2data.3 = DefData )
Agent responds with notInServcie
SetRequest (status.3 = 1 ) Manager requests to activate
the rowResponse (status.3 = 1 )Row activated
Row Deletion
21
SetRequest (status.3 = 6 )
Response (status.3 = 6 )
ManagerProcess
AgentProcess
ManagedEntity
Delete Instance
Instance Deleted
SNMPv2 Protocol
22
Overall, 8 messages with almost common message format to improve the efficiency and performance Significant improvement is that trap message has the same format
SNMPv2 PDU
PDUType
RequestID ErrorStatus
ErrorIndex
VarBind 1
nameVarBind 1
value...
VarBind n
nameVarBind n
value
Indicate the type of PDU(e.g., Request-PDU, etc)
Indicate the status of the error(e.g., noError, tooBig, etc.)
identifies the first variable binding in the variable-binding list that caused the error
NOTE: • SNMPv1 operations (e.g., GET-REQUEST) are atomic:
• either all values are returned or none! • In SNMPv2: a binding list (with corresponding values) is prepared
even if one variable cannot be returned an (error-status), (error-index) are returned in this case.
23
SNMPv2 ProtocolValues for Types of PDU and Error-status Fields
in SNMPv2 PDU
Field Type Value PDU 0 Get-Request-PDU 1 GetNextRequest-PDU 2 Response-PDU 3 Set-Request- PDU 4 obsolete 5 GetBulkRequest-- PDU 6 InformRequest- PDU 7 SNMPv2 - Trap- PDU Error Status 0 noError 1 tooBig 2 noSuchName 3 badValue 4 readOnly 5 genErr 6 noAccess 7 wrongType 8 wrongLength 9 wrongEncoding 10 wrongValue 11 noCreation 12 inconsistentValue 13 resourceUnavailable 14 commitFailed 15 undoFailed 16 authorizationError 17 notWritable 18 inconsistentName
Error index is set to “0” if there is no error; otherwise, it identifies the first variable binding in the variable binding list that caused the error
SNMPv2 Protocol
24
GetBulkRequest enables the retrieval of data in bulk Uses the same selection principle as GetNexRequest (i.e., next object instance) Retrieval of multiple rows of data from table (constrained by the max. message size)
Error status field replaced by Non-repeaters Non-repeaters indicates the number of non repetitive (scalar) field values
requested Error index field replaced by Max repetitions
Max repetitions determine the maximum number of table rows requested to be returned in the response message NOTE 1: value depends on the size of the SNMP message and buffer size in implementation NOTE 2: no one to one relationship between the VarBindList of request and response
messages
SNMPv2 GetBulkRequest PDU
PDUType
RequestID Non-Repeaters
MaxRepetitions
VarBind 1
nameVarBind 1
value...
VarBind n
nameVarBind n
value
GetBulkRequest-PDU Operation
25
T ZA B
1.1
E
1.2
1.3
1.4
2.1
2.2
2.3
2.4
3.1
3.2
3.3
3.4
T.E.1.1 T.E.2.1 T.E.3.1
T.E.1.2 T.E.2.2 T.E.3.2
E
T
Z
A
B
T.E.1.3 T.E.2.3 T.E.3.3
T.E.1.4 T.E.2.4 T.E.3.4
GetBulkRequest-PDU Operation
26
GetRequest ( A,B )
GetNextRequest (T.E.1,T.E.2,T.E.3)
GetResponse (T.E.1.1,T.E.2.1,T.E.3.1)
GetNextRequest (T.E.1.1,T.E.2.1,T.E.3.1)
GetResponse (T.E.1.2,T.E.2.2,T.E.3.2)
GetResponse (T.E.1.3,T.E.2.3,T.E.3.3)
GetNextRequest (T.E.1.3,T.E.2.3,T.E.3.3)
GetResponse (T.E.1.4,T.E.2.4,T.E.3.4)
GetResponse (T.E.2.1,T.E.3.1,Z)
Manager
Process
Agent
ProcessGetResponse (A,B)
GetNextRequest (T.E.1.4,T.E.2.4,T.E.3.4)
GetNextRequest (T.E.1.2,T.E.2.2,T.E.3.2)
GetBulkRequest-PDU Operation
27
T.E.1.1 T.E.2.1 T.E.3.1
T.E.1.2 T.E.2.2 T.E.3.2
E
T
Z
A
B
T.E.1.3 T.E.2.3 T.E.3.3
T.E.1.4 T.E.2.4 T.E.3.4
GetBulkRequest ( 2,3,A,B,T.E.1, T.E.2, T.E.3 )
Response ( A, B,T.E.1.1, T.E.2.1, T.E.3.1T.E.1.2, T.E.2.2, T.E.3.2
T.E.1.3, T.E.2.3, T.E.3.3 )
GetBulkRequest ( 0,3,T.E.1.3, T.E.2.3, T.E.3.3 )
Response ( T.E.1.4, T.E.2.4, T.E.3.4, Z , " endOfMibView")
ManagerProcess
AgentProcess
2 non repetitive objects (A, B)
3 repetitive instances Of the columnar objectT.E.1, T.E.2, T.E.3
3 more rows
Z is next in the lexicographic order
SNMPv2- Decentralized management
28
MIBSNMPv2agent
MIBSNMPv2agent
MIBSNMPv2agent
MIB
SNMPv2Manager/agent
MIB
SNMPv2Manager/agent
MIB
Management Applications
SNMPv2 manager
Management server
Element manager
Agent
SNMPv2 Configuration
29
Compatibility with SNMPv1
SNMPv2 MIB is not backward compatible with SNMPv1 Compatibility with SNMPv1 2 evolution paths:
o Bilingual Managero Proxy Server
Bilingual Manager expensive in resource and operation
SNMPv1Agents
Bilingual Manager
SNMPv1Interpreter
SNMPv2Interpreter
AgentProfile
SNMPv2Agents
SNMP Bilingual Manager
Both interpreters are required!
SNMP Proxy Server
30
SNMPv1Agents
SNMPv2 Manager
ProxyServer
SNMPv2Agents
Pass-Through
Pass-Through
SNMPv2 Manager SNMPv1 Agent
GetNextRequest
GetRequest
Pass-ThroughSetRequest
Set: 1. non-repeaters = 0 2. max-repetitions = 0
GetBulkRequest
Pass-ThroughException: For 'tooBig' error, contents of variable-bindings
field removed .Response
Prepend VarBind: 1. sysUpTime.0 2. snmpTrapOID.0
SNMPv2-Trap
GetRequest
GetResponse
GetNextRequest
SetRequest
GetNextRequest
Trap
SNMP v2-v1 Proxy Server
SNMP v2-v1 Proxy Server
31
SNMPv2 MIB
mgmt(2
directory(1)
experimental(3)
private(4)
Internet{1 3 6 1}
security(5)
snmpv2(6)
snmpdomains(1)
snmpProxys(2)
snmpModules(3)
Figure 6.31 SNMPv2 Internet Group
snmpMIB(1)
mib-2(1)
system(1)
snmp(11)
snmpMIBConformance(2)
snmpMIBObjects(1)