CSEE W4140 Networking Laboratory Lecture 11: SNMP Jong Yul Kim 04.19.2010.
-
date post
20-Dec-2015 -
Category
Documents
-
view
214 -
download
0
Transcript of CSEE W4140 Networking Laboratory Lecture 11: SNMP Jong Yul Kim 04.19.2010.
CSEE W4140Networking Laboratory
Lecture 11: SNMP
Jong Yul Kim04.19.2010
Annoucements Schedule change
April 26: Semester review + extra
May 3: Trip to Computer Center During regular class time on Monday. Not your regular campus tour: it’s a great
opportunity to learn! HW: write one (or more) question(s) to ask a
campus network administrator and email it to me by May 2.
Week of May 10: Final Exam Date and place: TBD
Network management Network operators need tools to monitor and manage
networks remotely. True even if the network is relatively small.
Examples: How many IP fragments did this router create? How long has the server been running? Which host is about to shutdown?
Types of management Performance Fault
Network management architecture
Components of the network management architecture Managing entity is the central management station within the network:
“the administrator’s console”
Managed device is the machine we’re interested in monitoring / controlling
Managed objects are pieces of hardware and software within the managed device, e.g. network interface card and the TCP stack, and the set of configurations for hardware and software
Management Information Base (MIB) is the information of interest related to managed objects, e.g. routing table
Network management agent is a program that runs on the managed device which communicates with the managing entity.
Network management protocol is the protocol used between the agent and the managing entity
Four parts of SNMP
1. Network management objects Management Information Base (MIB) This is the value that we’re interested in
monitoring or controlling. A MIB module is a collection of related MIBs.
2. Data definition language Structure of Management Information (SMI) This defines the format of MIBs such as data
type and object model.
Four parts of SNMP
3. Protocol Simple Network Management Protocol (SNMP) This is the protocol used between the managing
entity and the agent.
4. Security and administration capabilities
MIB and SMI are independent of the protocol. The protocol is independent of MIB and SMI.
SMI SMI is used to define the syntax and
semantics of management objects.
It defines basic data types and higher level constructs, such as OBJECT-TYPE and MODULE-TYPE.
SMI is a subset of ASN.1 (Abstract Syntax Notation 1), which adopts a {machine,OS,language}-independent method for describing data and rules for transmitting that data
SMI basic data types
SMI OBJECT-TYPE
ipForwDatagrams OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS current DESCRIPTION "The number of input datagrams for which this entity was not their final IP destination, as a result of which an attempt was made to find a route to forward them to that final destination. In entities which do not act as IP Gateways, this counter will include only those packets which were Source-Routed via this entity, and the Source- Route option processing was successful." ::= { ip 6 }
MIB moduleObject Identifier (OID)
Organization of managed objects Organized in a tree-like
hierarchy
Each node is named with an OID.
OIDs reflect the structure of the hierarchy.
The OID 1.3.6.1.2.1 (iso.org.dod.internet.mgmt.mib-2) is at the top of the hierarchy for all managed objects of the MIB-II.
Manufacturers of networking equipment can add product specific objects to the hierarchy.
iso(1)
org (3)
dod (6)
internet (1)
mib-2 (1)
system (1) at (3) icmp (5) udp (7) snmp (11)
ipForwDatagrams (6)
directory (1) mgmt (2) experimental (3) private (4)
interface (2) ip (4) tcp (6) egp (8) transmission (10)
. root
MIBs A MIB specifies the managed objects, which have
OIDs.
The OID is specified in a MIB file.
In Linux, MIB files are in the directory /usr/share/snmp/mibs Multiple MIB files MIB-II (defined in RFC 1213) defines the managed
objects of TCP/IP networks
When an SNMP manager requests an object, it sends the OID to the SNMP agent.
UDP Example
SNMP Protocol SNMP manager and an SNMP agent
communicate using the SNMP protocol Generally: Manager sends queries and agent
responds Exception: Traps are initiated by agent.
get-request
get-next-request
set-request
trap
Port 161
Port 161
Port 161
Port 162
SNMP agent
SNMP manager
get-response
get-response
get-response
Notice UDP port 161
SNMP message types
Traps Traps are messages that are asynchronously sent by
an agent to a manager
Traps are triggered by an event
Defined traps include: linkDown: Even that an interface went down coldStart - unexpected restart (i.e., system crash) warmStart - soft reboot linkUp - the opposite of linkDown (SNMP) AuthenticationFailure
SNMP Versions Three versions are in use today:
SNMPv1 (1990) SNMPv2c (1996)
Adds “GetBulk” function and some new types Adds RMON (remote monitoring) capability
SNMPv3 (2002) SNMPv3 started from SNMPv1 (and not SNMPv2c) Addresses security
All versions are still used today Many SNMP agents and managers support
all three versions of the protocol.
Format of SNMP Packets
SNMPv1 Get/Set messages:Version Community SNMP PDU
PDU Type Request ID
Error Status
Object 1, Value 1
Object 2, Value 2
Error Index
...
Cleartext string that is used as a password
PDU type, e.g.:32: SNMPv1 Get 64: SNMPv2 Get
Unique ID to match requests with replies
Sequence of name-value pairs
SNMP Security SNMPv1 uses plain text community strings for
authentication as plain text without encryption
SNMPv2 was supposed to fix security problems, but effort derailed (The “c” in SNMPv2c stands for “community”).
SNMPv3 has numerous security features: Ensure that a packet has not been tampered with
(integrity), Ensures that a message is from a valid source
(authentication) Ensures that a message cannot be read by unauthorized
(privacy).
SNMP Security Security model of SNMPv3 has two
components:1.Instead of granting access rights to a community,
SNMPv3 grants access to users. 2. Access can be restricted to sections of the MIB
(Version-based Access Control Module (VACM). Access rights can be limited by specifying a range of valid IP addresses for a
user or community, or by specifying the part of the MIB tree that
can be accessed.
Security levels in SNMPv2SNMP has three security levels: noAuthNoPriv: Authentication with matching a user
name. authNoPriv: Authentication with MD5 or SHA message
digests. authPriv: Authentication with MD5 or SHA message
digests, and encryption with DES encryption
Compare this to SNMPv1 and SNMPv2c: SNMPv1, SNMPv2: Authentication with matching a
community string.
Main Points of Lab 9
SNMP MIBs SNMP requests and responses Security Traps
Note: You need to download files from web and bring it to the labhttp://www.comm.utoronto.ca/~jorg/teaching/itlab/links/conf/lab9/snmpd.conf
Homework
No prelabs due this Friday.
Homework: email question for tour.
Lab report 9 due next week before lab times.