CSEE W4140Networking Laboratory

Lecture 11: SNMP

Jong Yul Kim04.19.2010

Annoucements Schedule change

April 26: Semester review + extra

May 3: Trip to Computer Center During regular class time on Monday. Not your regular campus tour: it’s a great

opportunity to learn! HW: write one (or more) question(s) to ask a

campus network administrator and email it to me by May 2.

Week of May 10: Final Exam Date and place: TBD

Network management Network operators need tools to monitor and manage

networks remotely. True even if the network is relatively small.

Examples: How many IP fragments did this router create? How long has the server been running? Which host is about to shutdown?

Types of management Performance Fault

Network management architecture

Components of the network management architecture Managing entity is the central management station within the network:

“the administrator’s console”

Managed device is the machine we’re interested in monitoring / controlling

Managed objects are pieces of hardware and software within the managed device, e.g. network interface card and the TCP stack, and the set of configurations for hardware and software

Management Information Base (MIB) is the information of interest related to managed objects, e.g. routing table

Network management agent is a program that runs on the managed device which communicates with the managing entity.

Network management protocol is the protocol used between the agent and the managing entity

Four parts of SNMP

1. Network management objects Management Information Base (MIB) This is the value that we’re interested in

monitoring or controlling. A MIB module is a collection of related MIBs.

2. Data definition language Structure of Management Information (SMI) This defines the format of MIBs such as data

type and object model.

Four parts of SNMP

3. Protocol Simple Network Management Protocol (SNMP) This is the protocol used between the managing

entity and the agent.

4. Security and administration capabilities

MIB and SMI are independent of the protocol. The protocol is independent of MIB and SMI.

SMI SMI is used to define the syntax and

semantics of management objects.

It defines basic data types and higher level constructs, such as OBJECT-TYPE and MODULE-TYPE.

SMI is a subset of ASN.1 (Abstract Syntax Notation 1), which adopts a {machine,OS,language}-independent method for describing data and rules for transmitting that data

SMI basic data types

SMI OBJECT-TYPE

ipForwDatagrams OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS current DESCRIPTION "The number of input datagrams for which this entity was not their final IP destination, as a result of which an attempt was made to find a route to forward them to that final destination. In entities which do not act as IP Gateways, this counter will include only those packets which were Source-Routed via this entity, and the Source- Route option processing was successful." ::= { ip 6 }

MIB moduleObject Identifier (OID)

Organization of managed objects Organized in a tree-like

hierarchy

Each node is named with an OID.

OIDs reflect the structure of the hierarchy.

The OID 1.3.6.1.2.1 (iso.org.dod.internet.mgmt.mib-2) is at the top of the hierarchy for all managed objects of the MIB-II.

Manufacturers of networking equipment can add product specific objects to the hierarchy.

iso(1)

org (3)

dod (6)

internet (1)

mib-2 (1)

system (1) at (3) icmp (5) udp (7) snmp (11)

ipForwDatagrams (6)

directory (1) mgmt (2) experimental (3) private (4)

interface (2) ip (4) tcp (6) egp (8) transmission (10)

. root

MIBs A MIB specifies the managed objects, which have

OIDs.

The OID is specified in a MIB file.

In Linux, MIB files are in the directory /usr/share/snmp/mibs Multiple MIB files MIB-II (defined in RFC 1213) defines the managed

objects of TCP/IP networks

When an SNMP manager requests an object, it sends the OID to the SNMP agent.

UDP Example

SNMP Protocol SNMP manager and an SNMP agent

communicate using the SNMP protocol Generally: Manager sends queries and agent

responds Exception: Traps are initiated by agent.

get-request

get-next-request

set-request

trap

Port 161

Port 161

Port 161

Port 162

SNMP agent

SNMP manager

get-response

get-response

get-response

Notice UDP port 161

SNMP message types

Traps Traps are messages that are asynchronously sent by

an agent to a manager

Traps are triggered by an event

Defined traps include: linkDown: Even that an interface went down coldStart - unexpected restart (i.e., system crash) warmStart - soft reboot linkUp - the opposite of linkDown (SNMP) AuthenticationFailure

SNMP Versions Three versions are in use today:

SNMPv1 (1990) SNMPv2c (1996)

Adds “GetBulk” function and some new types Adds RMON (remote monitoring) capability

SNMPv3 (2002) SNMPv3 started from SNMPv1 (and not SNMPv2c) Addresses security

All versions are still used today Many SNMP agents and managers support

all three versions of the protocol.

Format of SNMP Packets

SNMPv1 Get/Set messages:Version Community SNMP PDU

PDU Type Request ID

Error Status

Object 1, Value 1

Object 2, Value 2

Error Index

...

Cleartext string that is used as a password

PDU type, e.g.:32: SNMPv1 Get 64: SNMPv2 Get

Unique ID to match requests with replies

Sequence of name-value pairs

SNMP Security SNMPv1 uses plain text community strings for

authentication as plain text without encryption

SNMPv2 was supposed to fix security problems, but effort derailed (The “c” in SNMPv2c stands for “community”).

SNMPv3 has numerous security features: Ensure that a packet has not been tampered with

(integrity), Ensures that a message is from a valid source

(authentication) Ensures that a message cannot be read by unauthorized

(privacy).

SNMP Security Security model of SNMPv3 has two

components:1.Instead of granting access rights to a community,

SNMPv3 grants access to users. 2. Access can be restricted to sections of the MIB

(Version-based Access Control Module (VACM). Access rights can be limited by specifying a range of valid IP addresses for a

user or community, or by specifying the part of the MIB tree that

can be accessed.

Security levels in SNMPv2SNMP has three security levels: noAuthNoPriv: Authentication with matching a user

name. authNoPriv: Authentication with MD5 or SHA message

digests. authPriv: Authentication with MD5 or SHA message

digests, and encryption with DES encryption

Compare this to SNMPv1 and SNMPv2c: SNMPv1, SNMPv2: Authentication with matching a

community string.

Main Points of Lab 9

SNMP MIBs SNMP requests and responses Security Traps

Note: You need to download files from web and bring it to the labhttp://www.comm.utoronto.ca/~jorg/teaching/itlab/links/conf/lab9/snmpd.conf

Homework

No prelabs due this Friday.

Homework: email question for tour.

Lab report 9 due next week before lab times.