Using SNMP to Manage Complex Networks

5/20/2018 Using SNMP to Manage Complex Networks

1/171

1

Using SNMP to Manage Complex Networks

SkillSoft Press 2003

This book has a detailed model of SNMP and covers all the details that a systemadministrator needs to establish, maintain, monitor, and troubleshoot networks

using SNMP.

Table of Contents

Introduction

Copyright

Chapter 1 - Introducing SNMP

Chapter 2 - SNMP Concepts

Chapter 3 - How to Work with SNMP

Chapter 4 - SNMP Implementation in Complex Networks

Chapter 5 - SNMP Agents

Chapter 6 - SNMP Security

Chapter 7 - Managing and Monitoring NetworksAccessed today

Index

List of Figures

List of Tables

List of Listings


2/171

2

Introduction

About the Book

This book provides information to the system administrator regarding the basic

concepts of SNMP and information that would help a system administrator tomanage complex networks. This book serves as hands on guide for configuring,managing, and troubleshooting networks with SNMP. In today's time SNMP isthe most widely accepted protocol for network management. The variousfeatures of SNMP that help ease network management and monitoring makes itthe most commonly used network protocol. Networks are becoming more andmore complex by the day. A need for an easy and dependable source formaintaining such networks has become the utmost requirement.

This book has a detailed model of SNMP and covers all the details that a systemadministrator needs to establish, maintain, monitor, and troubleshoot networks

using SNMP.

This book covers the concepts and implementation of SNMP in complexnetworks. This book starts with an introduction of SNMP and goes on to discussthe concepts and working of SNMP. In addition, it also covers the implementationand details of Agents and traps related to the working of SNMP.

The book is targeted for system administrators who need to manage complexnetworks. Prior knowledge of networking concepts is necessary.


3/171

3

About the Author

Angshuman Chakraborti is an MCSD (Microsoft Certified Solution Developer)and MCSE (Microsoft Certified Systems Engineer). He is also a CNA (CertifiedNovell Administrator). He has been working with NIIT for the past 4 years and 6

months. He started working with NIIT as an instructor conducting trainings onvarious technologies for career aspirants as well as corporate clients. Thetechnologies he taught included C, C++, VC++, VB, UNIX, Linux, Windows NT,Windows 2000, and TCP/IP among others. Later he moved on to create trainingmaterials for various US based clients and also write books on varioustechnologies for different US based publishers in the roles of a Subject MatterExpert and a Team Leader. In this field he has worked on technologies includingA+, Network+, NetWare6, VPN, CCNA, Linux, Mac OS, JavaScript, and HTMLamong others. He has also been involved in pre-sales activities, creatingproposals for various clients. He has also written a whitepaper on Securitytechnologies.


4/171

4

Credits

I would like to thank Wasiq Robbani, Yesh Singhal, Ashok Appu, and RachnaChaudhary for their timely help.


5/171

5

Copyright

Using SNMP to Manage Complex Networks

Copyright 2002 by SkillSoft Corporation

All rights reserved. No part of this work may be reproduced or transmitted in anyform or by any means, electronic or mechanical, including photocopying,recording, or by any information storage or retrieval system, without the priorwritten permission of SkillSoft.

Trademarked names may appear in this publication. Rather than use atrademark symbol with every occurrence of a trademarked name, we use thenames only in an editorial fashion and to the benefit of the trademark owner, withno intention of infringement of the trademark.Published by SkillSoft Corporation

20 Industrial Park DriveNashua, NH 03062(603) 324-3000

[email protected]

The information in this book is distributed on an "as is" basis, without warranty.Although every precaution has been taken in the preparation of this work, neitherthe author nor SkillSoft shall have any liability to any person or entity with respectto any loss or damage caused or alleged to be caused directly or indirectly by theinformation contained in this work.


6/171

6

Chapter 1: Introducing SNMP

Today, the networking environment can be the highest priority for manycomputer-based organizations. Increases in the size of these organizations andtheir functions drive complex network development. Managing these networks is

also becoming more cumbersome and difficult for System Administrators tohandle. Various network solutions, common standards, and protocols weredeveloped to meet these complex demands. The Internet Engineering TaskForce (IETF) is a regulatory authority that is responsible for designing,recognizing, and implementing these standards and protocols across allplatforms and organizations. Using protocols and standards enables you toefficiently monitor and manage those network components that are based onsimilar processes. Managing a particular type of network resource enables you toidentify those areas where more attention is required. To resolve networkcomplexity and reduce the number of Network Administrator tasks, theseprotocols set standards, and define processes to handle and troubleshoot

various resources.

Each protocol addresses a specific function or task. Network protocols arecategorized based on their functions. The major network protocol classificationsare: Address: Determines the network addressing schemes and defines the

process used to address and name network components. Routing: Enables communication between or within a network. Application: Defines a network application and sets the standards and

requirements needed to efficiently execute applications on the network.These are the most widely used protocols and are also used for management

purposes. Management: Defines the network management activities used

exclusively for management purposes. They are responsible for managing allthe devices on the network.

SNMP: An Overview

Simple Network Management Protocol (SNMP) is a management protocol that iswidely used for monitoring and managing modern networks.

Internet growth and other attached networks create the need for a simple andeasy-to-manage network. It is the highest priority for most System and Network

Administrators. SNMP is a protocol that is the standard for network management.Todays networking world is not single-platform based. Networks are comprisedof a variety of hardware and software components. Vendors that are used invarious types of networks develop them. The networking environment isheterogeneous.


7/171

7

SNMP was developed in 1988 and was intended to be a solution for theexchange of management information by computers between heterogeneousnetworks. SNMP provides you with the power to effortlessly: Manage network performance Locate and resolve network problems

Support the growing number of user and network needsSNMP implementation requires minimum configuration, making it a simpleprotocol. Vendors can easily build SNMP agents into their products to addnetwork management functions, which have led to the widespread SNMPimplementation in heterogeneous networks. SNMP separates the managementarchitecture from the hardware devices. This structure reduces the overhead ofnetwork management.

SNMP is a simple, yet powerful protocol that can manage and solve problemsassociated with heterogeneous networks. In the simple SNMP design, themanaging system performs most of the processing capacity and data storage,

rather than the managed system. SNMP is a set of protocols that can easilymanage complex Transmission Control Protocol/Internet Protocol (TCP/IP) andInternet Packet Exchange (IPX) based networks.

SNMP is an application-layered protocol that functions at the Open SystemInterconnect (OSI) model application layer. Figure 1-1illustrates the OSI modelwith SNMP at the application layer:

Figure 1-1: OSI Model with SNMP

Today, SNMP is widely used to manage diverse commercial networks and thosein universities and research organizations. SNMP is based on the client

(manager)/server (agent) model of network management architecture. Itmanages network hosts, such as workstations or server computers, routers,bridges, and hubs from a centrally located computer that is configured with theSNMP protocol, and running the network management software.

The manager and agent use a Management Information Base (MIB) and a smallset of commands to exchange information. An MIB is a collection of managed


8/171

8

object property definitions within a device. An MIB is organized in a treestructure.

SNMP is part of a larger architecture, called the Internet Network ManagementFramework (NMF), which is defined in the Request for Comments (RFCs)Internet documents. SNMP is based on a connectionless protocol that minimizesnetwork traffic. Devices do not have to establish a connection before theyexchange messages in this environment.

SNMP is a network management protocol that is used in TCP/IP and IPXnetworks to exchange management information between network devices. TheSNMP model contains two primary components, the manager and the agent. Youcan use the manager or the network management station to perform networkmanagement functions. The manager is used to send and update requests. Theagent is the device that responds to these requests.

In addition to the manager and the agent, SNMP also contains Management

Information Bases (MIBs), Protocol Data Units (PDUs), managed objects, andthe network protocol, as shown in

Figure 1-2:

Figure 1-2: Manager-Agent Model of SNMP

The SNMP Protocol

The SNMP protocol or the network protocol, which is based on themanager/agent model, is simple because of the minimal amount of software thatthe agent requires. The majority of the processing is assigned to themanagement system rather than the managed system. The agents do not carry

out the management responsibilities. The agent is only responsible for notifyingthe management system of network events.

When the SNMP protocol was developed, the major concern was to keep theprotocol as simple as possible. The User Datagram Protocol (UDP) matched therequirement for this transport protocol.


9/171

9

The basic SNMP requirement was to manage Internet nodes and the TCP/IPInternet protocol suite at the time SNMP was developed. The SNMPDevelopment Team had to choose between TCP and UDP for SNMPdevelopment because IP is the protocol that supports many commercialnetworks. Although both were transport protocols, TCP was the more complex of

the two, and was known for its high consumption of resources, therefore, TCPwas not preferred for developing SNMP.

UDP is a simple protocol that is easy to build and to manage. Various vendorshave developed versions of IP and UDP, which are simple to use and consumeless network resources. UDP was the perfect choice for SNMP developmentbecause it is suitable for supporting the small set of response/request messages.The management system or the manager sends Get, GetNext, and Setmessages to retrieve single or multiple object variables. The agent sends theResponse message to respond to these requests. In addition, the agent iscapable of sending Trap messages, which are notifications of events on thenetwork. These messages are also known as protocol operations, which supportcommunication between the manager and the agent.

The agents are assigned communities that the manager uses to easily accessthem. The communities define the access level for the manager. The agents areconfigured according to one or more communities enabling them to assign theaccess level. The communities have a community name, which is an OctetStringof 0 to 255 octets in length.

SNMP uses UDP port numbers. UDP uses specific port numbers for specificdevices on the network. UDP is unidirectional and was best suited to meet theSNMP requirements. Port numbers identify the service on the destination

machine that receives the message. The source and destination are in the IPheader.

The SNMP protocol is popular because it: Is the best tool for monitoring and managing the network and the devices

on the network. Provides a cost-effective solution for network management. Supports network management from a remote location. Makes the architecture independent of the hosts and devices, which gives

SNMP an advantage over the other protocols. Supports the use of simple management functions that help the Network

and System Administrator to develop network management tools. Inspects and manages the MIB variables.


10/171

10

The History of SNMP

During the late 1980s, organizations and communities concentrated more ondistributed computing and sharing network resources. Despite significantadvantages of sharing network resources, other problems arose. Managing these

networks and environments became more difficult for System Administrators.These difficulties multiplied as networks grew and, as a result, network trafficalso grew. In addition, in heterogeneous environments, the component deviceswere developed by a variety of vendors. To meet these needs, the use ofCommon Management Information Protocol (CMIP), which adhered to OSI,became more prevalent. The subsequent issue that arose was interoperabilitywith TCP/IP, which led to the development and use of Common ManagementOver TCP/IP (CMOT). The Internet Engineering Task Force (IETF) furtherdeveloped CMOT to meet other requirements. This extended development led tothe creation of the Simple Gateway Monitoring Protocol (SGMP), which laid thefoundation for SNMP development.

SGMP formed the basis for the development of SNMP. SGMP was developed in1987 and provided a general-purpose network management tool that couldmonitor gateways.

Similar to TCP/IP, SNMP is an Internet protocol that IETF developed in 1988.SNMP was originally created to: Provide a small-time solution for Internet management. Meet the need for an administration tool for TCP/IP networks.

Today, SNMP is a standard that is widely accepted all over the world, due to itssimplearchitecture.

SNMPv1

When SNMP was first developed, SNMPv1 functioned within the Structure ofManagement Information (SMI) specifications. SMI defines the rules fordescribing management information by using Abstract Syntax Notation One(ASN.1).

SNMPv1 operates over protocols such as: User Datagram Protocol (UDP) Internet Protocol (IP)

OSI Connectionless Network Service (CLNS) AppleTalk Datagram-Delivery Protocol (DDP) Novell IPX

The SNMPv1 has the following four protocol operations: The Get operation: Collects data from the SNMP agent. This operation

allows the manager to retrieve an object instance from the agent. An objector a managed object may be hardware, configuration parameters, or


11/171

11

performance statistics that directly relate to the operation of the device that isin use. These objects are arranged in an MIB. SNMP allows managers andagents to communicate in order to access these objects. For example, if yourequire information about the modems that are currently active on thenetwork, you might use a Get operation. You can send a Get request to the

agent on the network, which gathers information about the network modems.Once the agent receives this Get request, it processes it and gathers therelevant information about the active modems on the network. The agentthen sends the relevant information to the manager. You can use a simpleGet request to gather information about the active printers in the network.The manager can gather many types of information about the network usingsimple Get operation.

The Get-Next operation: Retrieves the next MIB instance value in a tableor agent list. The Get-Next operation gathers a series of information. Anexample would be the performance statistics of the part of the network that isunder a particular agent. This request requires that the information is sent

over a time interval and in a specific timeframe and, as a result, you can senda series of Get-Next requests. The Set operation: Modifies the attribute of one or more MIB instances.

For example, if you wanted to update the network printer settings by addingseveral more users to that printer. You would send a Set request to changethe printer settings to accommodate adding the users.

The Trap operation: Used by the agent to report an event to the managedsystem. For example, a device on the network was restarted for a technicalreason. The manager needs to know about this event. The agent sends aTrap message to inform the manager that a device on the network hasrestarted. This information tells the manager which network device is

temporarily unavailable.The SNMPv1 protocol operations are shown in Figure 1-3:

Figure 1-3: SNMPv1 Protocol Operations

An SNMPv1 message contains two parts:


12/171

12

A version and a community name. The version specifies the version ofSNMP and the community name specifies the agents that the communityincludes.

An SNMP Protocol Data Unit (PDU) that specifies the operation to beperformed and the object instances that the operation includes.

The SNMPv1 distinguishes between application entities and protocol entities.SNMPv1 provides an authentication service by supporting authenticationschemes. Although SNMPv1 uses multiple authentication schemes, it can defineonly a marginal authentication scheme based on community strings.

The SNMPv1 protocol does not address many security-related issues. It isexposed to several security threats. The major limitation of SNMPv1 is that themessage exchange between the agent and the manager is password-protected.These passwords are stored in the MIB and an unauthorized user could easilyhack the system and retrieve them. This would result in an unauthorized usergaining access to various messages, or impersonating the manager and

changing the device settings. Another limitation of SNMPv1 is that it supportsonly 32-bit IP addresses.

SNMPv2

To overcome the limitations of SNMPv1, IETF developed SNMPv2 in 1992.SNMPv2 had numerous advantages compared to SNMPv1. SNMPv2 overcamethe shortfalls of SNMPv1. While SNMPv1 supports only 32-bit IP addresses,SNMPv2 supports 64-bit addresses. The additions and enhancements ofSNMPv2 SMI were in context to the data types, such as the addition of BitStrings, Network Addresses, and Counters.

SNMPv1 had specifications for only 32-bit counters. SNMPv2 has 32-bit and 64-bit counters. The SNMPv2 SMI also specifies information modules, which specifya group of related definitions.

The three types of SMI information modules are: MIB Compliance Statements Capability Statements

SNMPv2 is incompatible with SNMPv1 in two key areas:

Message formats Protocol operations

SNMPv2 messages use different header and Protocol Data Unit (PDU) formatsthan SNMPv1 messages. SNMPv2 contains the four protocol operations inSNMPv1 and one additional protocol operation, GetBulk, as shown in Figure 1-4:


13/171

13

Figure 1-4: SNMPv2 Protocol Operations

The GetBulk operation is an enhanced version of the Get operation and canretrieve a number of messages at once. Use of the GetBulk operation eliminatesrepeated GetNext operations. In the previous example for the Get-Nextoperation, using a single GetBulk request, instead of a series of Get-Nextrequests, can produce the same results. This method diminishes network traffic

and use of resources on the manager and agent sides.

The SNMPv2 Trap operation serves the same function as in SNMPv1, but uses adifferent message format and is designed to replace the SNMPv1 Trap.

The differences of SNMPv1 and SNMPv2 are mentioned in the Table 1-1:

Table 1-1: Differences Between SNMPv1 and SNMPv2

SNMPv1 SNMPv2

Supports only 32-bit IP addresses,

Network Addresses, and Counters.

Supports other types of addresses,

Network Addresses, and Counters.

Contains specifications for only 32-bitcounters.

Contains 32-bit and 64-bit counters.

Contains four protocol operations. Contains five protocol operations.

It is less secure. It is more secure.

SNMPv2 primarily addresses security and authentication-related issues.

SNMPv2 addresses various security threats, such as: Modification of Information: When unauthorized access is gained to

messages that are exchanged between authorized users. This access couldallow modifying, misdirecting, or even terminating these messages.

Masquerade: When an unauthorized user impersonates an authorizeduser and gains access with rights to send, receive, and modify messages.

Message Stream Modification: Since SNMPv2 is a connectionlessprotocol that operates over other subnetwork services, cases of message


14/171

14

reordering, delaying, or replaying of messages occurs during itsinteroperation with these subnetwork services. Message stream modificationis a threat where messages can be maliciously reordered, delayed, orreplayed, resulting in unauthorized management operations.

Disclosure: When an unauthorized entry gains access to messages that

are exchanged between agents and network management stations. Thisentry can lead to disclosure of important or secret information. Denial of Service: When someone tampers with the server or services

authorized users are denied access to resources. Traffic Analysis: When unauthorized users gain access to the network,

analyze the traffic, and attempt to increase the traffic that overwhelms thenetwork, which then comes to a standstill.

SNMPv2 was designed to address: Identification and authenticity of the message: SNMPv2 provides an

improved solution for checking the identification of messages that areexchanged. In addition, it offers better security by validating the authenticityof the information source.

Integrity of the message: SNMPv2 verifies the integrity of exchangedmessages. Message integrity means that the original messages are receivedin the same format. They are not altered and contain no missing information.

Replay protection and timeliness of exchanged messages: SNMPv2checks for message replication, and the correct and timely delivery of themessages from the source to the destination. It also determines that twocopies of the same message are not delivered.

Confidentiality of the messages: SNMPv2 maintains messageconfidentiality by using encryption. The information cannot be disclosed tounauthorized users.

Remote configuration and administration capabilities: SNMPv2 canmonitor networks from a remote location by using the manager/agent model.

Authorization and access control: SNMPv2 provides enhanced securitythrough authorization and access controls.

The major advantages of SNMPv2 over SNMPv1 are listed below: SNMPv2 uses a 64-bit counter expanded data type, SNMPv1 supported

only a 32-bit counter. SNMPv2 provides improved efficiency and performance. This was made

possible by introducing an extra protocol operation GetBulk. SNMPv2 made the authentication service more efficient by using the

confirmation of event notification. SNMPv2 contains a better structure for enhanced error and exception

handling. SNMPv2 contains a scope for improved sets, particularly in creating and

deleting rows. SNMPv2 also accomplished the use of a fine tuned data definition

language.


15/171

15

SNMPv3

After SNMPv2 became a proposed standard in 1993, research groups continueddeveloping prototypes. SNMPv2 gradually became more complicated thananticipated. The question arose whether SNMPv2 should be a Draft Standard.

Intense discussion ensued about the administrative model that describes how toadminister the data that was needed for SNMPv2 security. Differences in opiniondelayed a common consensus.

Two different approaches emerged, USEC and v2*, but neither had sufficientsupport to could declare it as a standard. IETF removed almost all the security-related features from SNMPv2. This simplified version of SNMPv2 became thefinal standard. To answer the question of how to meet security needs, IETFproposed merging the two approaches in the release of SNMPv3, formerlyknown as Next Generation. In 1997, SNMPv3 was finally accepted.

SNMPv3 contains SNMPv2 in addition to security and administration functions.SNMPv3 includes the new security rules that allow it to secure more Internet-attached networks without the threat of damage from the outside. SNMPv3includes additional message types that provide improved interaction between themanager and the agent.

SNMPv3 was not really invented but derived from its predecessor, SNMPv2.

The security features of SNMPv3 include: Authentication and privacy: Contains better authentication schemes to

avoid unauthorized access. Authorization and access control: Contains all SNMPv2 authorization

schemes. SNMPv3 also provides a better authorization and enhancedaccess control.

The administrative features of SNMPv3 include: Naming of entities. Usernames and key management. Notification of destinations. Proxy relationships. Remotely configurable via SNMP operations.


16/171

16

An Introduct ion to Management Information Base (MIB)

MIB is a logical database that SNMP uses for storing network managementinformation. MIB defines a set of variables that the server uses. Originally namedMIB1, MIB was developed to manage TCP/IP network communications over the

Internet. MIB is a set of managed objects that holds management information.MIB managed objects have an object identifier that serves as the name of theobject. The two types of managed objects in a MIB are: Scalar objects that define an instance of a singe object. Tabular objects that define multiple related objects are grouped in MIB

tables.

The two basic forms of MIB are: Standard MIBs (MIB I and MIB II) Proprietary MIBs

Standard MIBs contain global information about the networks propriety. MIBsthat were developed by device manufacturers define MIB items according to thedevice requirements.

The Signif icance of SNMP in Networks

As mentioned earlier in the chapter, the major advantage of SNMP over otherprotocols lies in the simple design that makes it easy to implement in large andcomplex networks. One of the reasons for the simplicity of SNMP is the use of asmall number of commands. The other reason is the unsupervised or

connectionless communication link. The independence of managers from agentsmakes SNMP a robust protocol. Failure of one protocol does not affect the otherfunctions.

SNMP flexibility makes it a preferred choice for management purposes. Thesimple yet powerful features of SNMP can handle any problem on even the mostcomplex heterogeneous networks. The separation of the SNMP managementarchitecture from its hardware architecture, and the support of numerousmanagers and equipment manufacturers make SNMP the base of multivendorsupport.

SNMP is used in networks because it: Supports remote monitoring (RMON and RMON2). Enables you to monitor

and manage the network from a remote location by using message exchangebetween agents and managers.

Makes remote device configuration simple. Provides the network performance-monitoring feature for managing

network resources. Helps to detect network faults. Provides the host management benefits.


17/171

17

Uses a small number of commands and a connectionless communicationlink.

Manages every system that is linked to the Internet. Offers low implementation costs. Increases the network management capabilities by defining managed

objects. Offers fault-tolerance. Continues working if the network fails.

Remote Monitor ing

Remote Monitoring (RMON) is an SNMP MIB that you can use to managenetworks remotely. It is an extension of the SNMP MIB. In 1992, IETF declared ita standard. A wide range of vendors and network device manufacturers supportRMON. It enables you to monitor and manage entire subnet works rather thanindividual devices on the subnetworks, and perform network traffic analysis.RMON can initiate alarms and event notifications regarding changes in network

behavior. You can take steps to avoid breaches in network security becauseRMON can detect and report potential problems before they occur.

The data collection process and data accuracy reporting runs efficiently becauseRMON uses automated processes. RMON uses standalone network monitoringdevices, called monitors, or probes. A network has several monitors or probesthat can manage the network. Each network segment has one monitoring device.

RMON was originally developed to manage multiple LANs and WANs, andremote networks from a central location. The original version of RMON wasdesigned to manage Ethernet and Token Rings.

Configure Remote Devices

The SNMP network architecture contains a manager and agents that are locatedremotely. The messages that managers and agents exchange must not bedelayed, replicated, or accessed by unauthorized entities. To meet theserequirements, proper configuration of these devices is important. Agents that arelocated remotely must send accurate information about their configuration, andthe configuration details of the other network devices. The manager must beupdated with the latest network information. Hosts, agents, and other networkdevices must be properly configured to support message exchange. SNMP,which is based on UDP, offers a user-friendly way to configure remote devices.This feature helps you to manage and monitor the network remotely in anefficient manner.

Monitoring Network Performance

SNMP is the best solution for monitoring network performance, which is why it isso widely used in the networking world. SNMP enables you to track the networktraffic efficiently. Since SNMP supports high processing speed and network


18/171

18

throughput, it is best suited for remote monitoring. SNMP allows the collection ofinformation about the success of data transmissions and message exchanges.SNMP is an efficient tool that System and Network Administrators can use tomonitor network performance and diagnose errors.

Detecting Network Faults

SNMP supports various features that can detect network faults. SNMP agentsand managers facilitate the gathering of network information. You can configurefeatures, such as trigger alarms on network devices to send alert messageswhen certain events occur. When a trigger alarm occurs, an agent forwards amessage to inform the manager that a critical event has occurred on the network.Examples of such alarms include unexpected device shutdown, a link failure onthe network, and unauthorized access.

Host Management

Host management is the one of the most important tasks in networkmanagement. A network cannot risk keeping a host down or unavailable for along time. Proper network recovery and backup procedures must allow the use ofhosts and proper network functioning. SNMP allows you to manage hostsremotely. Since SNMP uses the message exchange between manager andagents, any unexpected or abnormal event that may occur on any network hostis directly communicated to the manager. The manager then takes appropriateaction to address the problem. SNMP is a useful and dependable tool for hostmanagement.


19/171

19

Chapter 2: SNMP Concepts

The Simple Network Management Protocol (SNMP) Network ManagementSystem (NMS) is based on the Internet-Standard Management Framework. TheSNMP NMS contains managed devices or network elements, agents, managed

objects, Management Information Bases (MIBs), an Abstract Syntax NotationOne (ASN.1), a Structure of Management Information (SMI), NetworkManagement Stations (NMSs), Parties, and Management Protocol.

The characteristic feature of SNMP is the client/server relationship. The client,also known as the manager, makes one or more connections to the server, alsoknown as an agent. An agent may execute on a remote network device. It servesas the information channel to the manager that provides status information aboutthe agent and the network. SNMP supports the message exchange between themanager and the agent, which is also known as a request/response protocol.These messages contain a specific format. They contain message headers and

Protocol Data Units (PDUs).In addition to managers and agents, SNMP contains a MIB, which is theManagement Information Base. This database is controlled by the agent andcontains a set of values or parameters that a manager can query. SNMP alsocontains an SMI, which defines the rules for describing management information.

Message Formats

The communication between a manager and agents is possible using messages,which serve specific purposes.

An SNMP message contains two parts: Message Header: Contains a version number and a community name.

The version number is specified to ensure that all network elements usesoftware with the same SNMP version number. The community name definesthe scope for a set of managers or Network Management Stations (NMSs).Managers within a community exist within the same administrative domain.The community name also provides a simple form of authentication becausedevices without a proper community name are excluded from SNMPoperations. SNMPv1 and SNMPv2 have a similar message header format butthe version number entries and community names are different.

SNMP PDU: Specifies the protocol operation to be performed and the

involved object instances. A manager can send a GetRequest,GetNextRequest, or a SetRequest message to request information from anagent, who responds to the request by generating a GetResponse message.The agent also generates trap messages to alert the manager of theoccurrence of events, such as errors and network failures. The trapmessages use the trap PDUs.


20/171

20

Figure 2-1shows the SNMP message header format:

Figure 2-1: The SNMP Message Header Format

These SNMP messages are encoded into PDUs to be exchanged betweendevices. SNMP PDUs can be classified into those supported by SNMPv1,SNMPv2, and those supported by Trap PDUs:

SNMPv1 PDU: The SNMPv1 PDU for the Get, GetNext, Response, andSet PDUs are the PDU type, the Request ID, the Error status, the Errorindex, and the Variable bindings. The fields of the SNMPv1 PDUs arevariable. The SNMPv1 PDUs for the Get, GetNext, Response, and Set PDUfields are shown in Figure 2-2:

Figure 2-2: SNMPv1 Get, GetNext, Response, and Set PDUs


21/171

21

SNMPv2 PDU: SNMPv2 PDUs for the Get, GetNext, Response, and SetPDUs, are the same as in SNMPv1, as shown in Figure 2-2. SNMPv2 alsocontains the GetBulk PDU. The other SNMPv1 fields and the SNMPv2 PDUfields are the same. The GetBulk PDU for the SNMPv2 is shown in Figure 2-3:

Figure 2-3: The SNMPv2 GetBulk PDU

Trap PDU: Trap PDU contains the Enterprise, Agent Address, GenericTrap type, Specific trap code, Time stamp, and Variable bindings fields, asshown in Figure 2-4:

Figure 2-4: The Trap PDU


22/171

22

The Internet-Standard Management Framework

The Internet Standard Management Framework enables you to manage andmonitor device data and update the configuration and status information on thenetwork. The Internet Standard Management Framework components are:

Managed nodes: Enable remote access and are also known as SNMPagents. Manager: Carries out management applications. Management protocol: Exchanges SNMP messages between the

manager and the agents. Management information base: The SNMP MIB.

These components are the same for all current SNMP versions. The Internet-Standard Management Framework architecture is built around the protocol, butother architectural entities are equally important.

The Internet-Standard Management Framework architecture contains: A data definition language. The Management Information Base (MIB). The protocol definition. The guidelines for security and network administration.

The Network Management System

The SNMP Network Management System (NMS) is based on the InternetNetwork Management Architecture. The simplicity of SNMP has made it anintegral part of the Internet network management architecture. All three SNMP

versions have the same basic structure and components. A shift occurred fromSNMP to OSI protocol-based management with the evolution of the variousversions of SNMP.

The following sections in this chapter discuss the SNMP Network ManagementSystem components: Managed Devices or Agents Agents Managed Objects Management Information Bases (MIBs) Abstract Syntax Notation One (ASN.1)

Structure of Management Information (SMI) Network Management Stations Parties Management Protocols


23/171

23

Managed Devices

Managed devices, also known as network elements, are the hardware devicesthat comprise the network. The most commonly used hardware devices are clientand server computers, databases, routers, bridges, gateways, hubs, and

centrally located computers that run the network management software.

Agents

The managed devices require software modules and applications for theirmanagement. These software modules and applications, called SNMP agents,are used to gather and store management information. Agents do not initiatemessages, they only respond to them. Trap messages are the only exception.Agents without being queried originate them.

A typical SNMP agent:

Implements the SNMP protocol. Stores and manages data that the MIB specifies. Signals asynchronously events to the manager. Serves as a proxy for non-SNMP-managed nodes or those that cannot

support an independently run agent.

Some software modules or applications can serve as an agent and a manager.They can send information to other managers in addition to managinginformation that is received from other agents.

Agents depend on MIBs for information about the network, network devices, andtheir components.

Agents are part of the SNMP community, which is a collection of hosts that aregrouped together for administrative purposes. These communities ensurenetwork security because only management systems and agents within the samecommunity can communicate with one another. This standard preventsunauthorized network access.

Managed Objects

Managed objects measure and monitor IP, TCP, and UDP activities. They alsomanage IP routes, TCP connections, interfaces, and a general system

description. Managed objects can be hardware devices, configurationparameters, or performance statistics. The SNMP manager and agentcommunicate and interact with each other to access these managed objects,which form the MIB.

Managed object are different from variables. The two types of managed objectsare: Scalar: Defines single object instances.


24/171

24

Tabular: Defines multiple related objects, which are grouped in MIB tables.

The Management Information Base (MIB)

A MIB is a collection of definitions or information that defines the managed object

properties. This information is the center of simple network management. Theadministrator must be thoroughly familiar with the MIB to master SNMP.

Another important component of the SNMP architecture in addition to themanager and the agent is the managed object. The manager is used by NetworkAdministrators to manage devices, such as routers, bridges, and servers. Theyalso use the manager to perform various network management functions, suchas handling and troubleshooting the various types of devices. These includerouters, bridges, and network servers. These devices are also called agents,which are managed objects or devices. Managed objects are arranged in thevirtual information database, which is the MIB.

The Abstract Syntax Notation One (ASN.1)

ASN.1 is a language that CCITT (now ITU-T) developed. The InternationalOrganization for Standardization (ISO) uses ASN.1 to describe the SNMPdatatypes. ASN.1 defines the primitive datatypes, constructors, macros, andBasic Encoding Rules (BERs). ASN.1 is a datatype definition language that youcan use to create data structures. It defines the packets that the protocolexchanges and the objects that are to be managed.

The ASN.1 datatype definition is:

DatatypeName : : = Def i ni t i on

Each word in the datatype name should be capitalized.

The Primitive Datatypes

The datatypes and descriptions used in SNMPv1 are listed in Table 2-1:

Table 2-1: SNMPv1 Datatypes and Descriptions

PrimitiveDatatypes

Description

INTEGER A whole number that denotes the number of interfaces on asystem.

OCTET STRING A string of octets that represents hexadecimal data, which is thephysical address of an interface.

OBJECTIDENTIFIER

A string of numbers that is derived for a naming tree and thatidentifies an object.


25/171

25

Table 2-1: SNMPv1 Datatypes and Descriptions

PrimitiveDatatypes

Description

NULL An empty placeholder.

ENUMERATED A limited set of integers with an assigned meaning.

BOOLEAN An integer with values TRUE (1) or FALSE (2).

There are several additional primitive datatypes that are also specific to SNMP: Counter Gauge TimeTicks IpAddress NetworkAddress

The datatypes used in SNMPv2 are listed in Table 2-2:

Table 2-2: SNMPv2 Datatypes

Datatypes Description

BIT STRING Holds enumerated lists of flags

Integer32 Identical to INTEGER, range is -2 31 to 2 31-1

Counter32 Identical to COUNTER, range is 0 to 2 32 -1

Gauge32 Identical to GAUGE, range is 0 to 2 32-1

NsapAddress Used for OSI addresses

Counter64 Range is 0 to 2 64

Uinteger32 Unsigned integer, range is 0 to 2 32-1

Constructors

Constructors support the definition of complex structures from primitivedatatypes. SNMP uses two constructors, which are listed in Table 2-3:

Table 2-3: SNMP Constructors

Constructor Description

SEQUENCE An ordered list of datatypes.

SEQUENCE OF An ordered list of the same datatype.


26/171

26

Macros

ASN.1 supports using macros, which provide complete information about theobjects in the MIB. The macros provide the name of the object that includes theOBJECT IDENTIFIER and the text label, the datatype of the object, the range of

values, operations that you can perform on the object, and descriptiveinformation about the object.

The syntax of a typical macro is:

OBJ ECT TYPE

SYNTAX DATATYPE ( r ange of t he dat at ype)

ACCESS access t ype

STATUS keywor d

DESCRI PTI ON " Any descr i pt i on i n t he f or m ofcomment s"

: : = { OBJ ECT I DENTI FI ER }

Basic Encoded Rules (BER)

BER is a set of rules that compiles an ASN.1 program and converts it to themachine language format. In a BER, each field has an introducer, whichindicates the datatype of the contents and its length.

The syntax for encoding a value is:

[ i dent i f i er ] [ l engt h ( of t he cont ent s) ] [ cont ent s]

where, an identifier declares the datatype of the contents that could be a primitiveor a complex datatype.

A BER identifier is a number that provides information about the datatype.

A BER identifier provides three types of information: The datatype classes (coded on the highest-order 2 bits): The datatype

classes are:

o Universal (00): Includes all primitive datatypes and basicconstructors.

o Application (01): Available within a specific application, such asTCP management.

o Context-specific (10): A default class, which is contained in a largerdatatype.

o Private (11): Private organizations use this class to defineproprietary datatypes.


27/171

27

The datatype length (coded on the third highest-order bit): The datatypelength is Primitive(0) or Constructed(1).

The remainder of the identifier (last bits): A numeric tag that is associatedwith a datatype. The tags range from 0 to 30 and represent the last 5 octetbits for the larger tags, the last 5 bits are set to 11111, and another octet is

used to encode the tag.

Structure of Management Information (SMI)

The SMI defines the rules for describing management information. You useASN.1 to define the SMI.

A MIB is organized in a hierarchical or a tree structure that is similar to file diskdirectory. MIBs are comprised of managed objects that reside in a virtual orlogical database. These objects must be logically accessible and modifiable.Logical accessibility means retrieving and modifying data where a manager and

an agent pattern is used. Managed MIB objects are provided with a name, syntaxand encoding for the purpose of accessibility

The name, also called an OBJECT IDENTIFIER, identifies the managed object oruniquely defines the managed object. An OBJECT IDENTIFIER acts as thename of the managed object, which holds information about networkmanagement.

The syntax of the object is the datatype provided to that object, which may be inthe form of an integer or a combination of letters. Object encoding defines howthe objects are managed sequentially in the database and used by differentmachines.

Network Management Stations (NMSs)

A Network Management System (NMS) is comprised of agents, the NetworkManagement Stations (NMSs), and the management protocol. The (NMSs)execute management applications to monitor and manage network elements,such as routers, hosts, and servers that are managed by their managementinformation. This management information is a collection of managed objects,which is part of the MIB.

Parties

Parties are logical SNMPv2 entities that can initiate and receive SNMPv2messages. These messages are exchanged between two parties. An SNMPv2entity can have multiple parties, which use different authentication and privacyprotocols. The concept of parties is specific to and was developed with SNMPv2.

An SNMPv2 party contains: A unique party identity.


28/171

28

A logical network location. An authentication protocol. A privacy protocol.

The Management Protocol

The SNMP management protocol relays management information from theSNMP agent to the NMSs and vice-versa. The SNMP protocol is a packet-oriented protocol and uses packets to transfer messages and information. It is asimple and easy-to-use application, which uses Get and Set message types toexchange information between agents and NMSs. These messages have aspecific format and use a set of operations, called the Protocol Data Units (PDU).

In addition to being easy to use, the SNMP protocol has a strong authenticationand authorization mechanism that provides enhanced security. The SNMPprotocol implements the UDP and the IP protocols.

The SNMP MIB

You access MIBs by using a network-management protocol, such as SNMP.Managers and agents use the MIB to exchange information. The information maybe stored on a device as a combination of switches, settings, and hardwarecounters in addition to in memory variables in tables or files. This storageversatility is the reason why you can also call MIB a logical database that SNMPuses for storing network management information. MIB acts as a data dictionaryor codebook.

The manager is usually implemented as a network management station. Themanager also implements the SNMP protocol because the function of the agentis to store and retrieve data from the MIB. The agent also implements the SNMPprotocol. The agent can asynchronously signal an event to a manager. An agentcan be a proxy for any manageable network code, which can be non-SNMP. Amanagement information network is the backbone of any network managementsystem. MIB is a valuable asset to SNMP.

A MIB is organized in a hierarchical or a tree structure and it corresponds to thedisk and directory file structure of DOS or most of the operating systems.

MIBs have two major components, the manager and the managed object ordevice. The manager and the managed object exchange information between amanager and agents. The managed object resides in the virtual or logicaldatabase.

A problem arises regarding how to hold the information that pertains to managedobjects in the MIB. The storing, retrieving, and modifying of information can be an


29/171

29

obstacle. You use certain solutions to manage the information about themanaged objects. You can follow the steps to solve the problems of managinginformation:

1. Name the managed object, which is known as the OBJECT IDENTIFIER(OID).

2. Declare and define the data types of the managed objects because theyhold information about them.3. Provide managed object encoding that orders the managed object

information in a certain sequence, which helps to retrieve it. The structureof the information is also designed hierarchically. The SMI is explained inmore detail later in the chapter.

Management Information Base (MIB) Variables

MIB has two versions, MIB-I and MIB-II. Both of these versions use variables forinformation management. The MIB variables that are used in SNMP are simple

elements. These variables hold the names of the object instances that arecreated. MIB variables are independent quantities, integers, OBJECTIDENTIFIERS, and object strings. You must know what information to keep. Theinformation must be selected and stored allowing for useful additions andextensions. MIB variables are logically organized into tables.

The SNMP community method is: Define useful parameters into groups. Use subject matter experts to define variables. Properly define fields and tables needed for removing instance

parameters and adding new ones.

Provide support for extensions that may be vendor-specific.MIB variables are defined by using the ASN.1 datatype definition language.

OBJECT IDENTIFIER

A MIB contains a list of identifiers that acts as the name of the object. Theseidentifiers are a series of integers that uniquely identify managed objects. Thetwo types of OBJECT IDENTFIERS are represented in numerical andalphabetical form.

In both cases, the names are long and difficult to remember. Unique identification

of the managed object is the concern of the Network Administrator.

Objects are leaf nodes of the global tree, they are assigned a label that iscomprised of an integer and a text description. The text of the node identifies thestring type and has a corresponding numeric form.

For example, 1.3.6.1.4.1.351.120.1.1.1.3 denotes the data element, calledManagerRowStatus.


30/171

30

The first four numbers of the OBJECT IDENTIFIER are always 1.3.6.1, where: 1: International Standards Organization (ISO) 3: Organizations recognized by ISO 6: Department of Defense (DoD) 1: Internet community

Each object in the MIB has a specific format, which defines the datatype of theobject, its form, or how it is represented. In addition, the format defines thenumber of values that it can contain, which is also the range of the data type. Forthis specific format, ASN.1 is used. ASN defines an individual object and also theentire MIB tree structure. You define ASN1 specifications by using modules,which are the building blocks of ASN1. Modules are the definitions of the MIBobject for a particular area of technology. Another smaller unit is the group, whichis a collection of objects. A product vendor can implement these groups.

Modules have the basic form:

DEFI NI TI ONS : : =BEGI N

EXPORTS

I MPORTS

Assi gnment Li st

End

The module reference is the name of the module and precedes the OBJECTIDENTIFIER, which is optional, to identify the module. Next is the EXPORTconstruct, which indicates which definitions in the module that the other module

should import. The IMPORT construct indicates which data types and valuedefinitions from other modules to import into the current module. There areseveral types of assignment lists, such as type assignments, value assignments,and macro definitions. Type assignments and value assignments arerepresented as:

: : =

Objects have two different types of data types that define them, which are: Universal: Data types that are integers: octet string, null, OBJECT

IDENTIFIER, and sequence. Application: Data types that are: network address, IP address, counter

gauge, time ticks, and opaque.

There are two basic forms of a MIB, which are: Standard MIB: Contain global information about the network, such as the

system name, location, IP packets in, IP packets out and so on. There twoversions of standard MIB are MIB-I and MIB-II.

Proprietary MIB: Developed by equipment manufactures to define itemsaccording to the device needs, which are unique to that equipment.


31/171

31

SNMP identifies an instance of an object by a unique name, which is the variablename. It is commonly known as the OBJECT IDENTIFIER. This OBJECTIDENTIFIER is x.y. A non-aggregate object defined in the MIB is represented byx, and y is the OBJECT IDENTIFIER.

The type-specific naming of object instances for the basic classes of object typesare listed below: i f Tabl e Obj ect Type Names: There is a subnet Interface in the

ifTable Object Type Names that identifies the subnet interface by the value s.This value is the OBJECT IDENTIFIER value of i, which has the ifIndexobject type instance value associated with s. An n.s OBJECT IDENTIFIEnames a t instance of i, where s is the name of the subnet interface, irepresents information, t represents the object type that the defined name ofn, has an ifEntry prefix. For example, ifType.1 identifies a variable ifTypeinstance associated with the interface 1.

at Tabl e Obj ect Type Names: The atTable Object Type Names

contains an AT-cached network address. The name for any x AT-cachednetwork address is a 1.a.b.c.d OBJECT IDENTIFIER. This identifier is theatNetAddress object type value associated with x. The s w OBJECTIDENTIFIER value is the name of an address translation equivalence, whichis, e. The instance value of the atIndex object type associated with e is s, andw is the name of the AT-cached network address associated with e. For eacht object type, the defined name n has an atEntry prefix, an i instance of t isnamed by an n y OBJECT IDENTIFIER. The name of the address translationequivalence where i represents information is y. For example,atPhysAddress.3.1.89.1.1.42 represents the physical address of an entry inthe address translation table associated with an IP address, 89.1.1.42 and an

interface of 3. i pAddr Tabl e Obj ect Type Names: The ipAddrTable Object TypeNames contains an IP-addressable network element. For any IP-addressablenetwork element of x, its name is the a.b.c.d OBJECT IDENTIFIER. Theinstance value of the ipAdEntAddr object type associated with x is a.b.c.d.For an object type, t, where the defined name, n, has an ipAddrEntry prefix,an i instance of t is named by an n.y OBJECT IDENTIFIER. In this instance, yis the name of the IP-addressable network element where i representsinformation. For example, ipAdEntNetMask.89.1.1.42 identifies this instancewith an entry network mask in the IP interface table that is associated with anIP address of 89.1.1.42.

i pRout i ngTabl e Obj ect Type Names: The ipRoutingTable ObjectType Names contains an IP route. For any IP route ofx, its name is thea.b.c.d OBJECT IDENTIFIER. In this instance, a.b.c.d is the instance value ofthe ipRouteDest object type associated with x. For an object type of t, wherethe defined name of n has an ipRoutingEntry prefix an i instance of t isnamed by an n y OBJECT IDENTIFIER. The name of the IP route where irepresents information is y. For example, ipRouteNextHop.89.1.1.42


32/171

32

identifies the instance with the next entry hop in the IP routing tableassociated with the destination of 89.1.1.42.

t cpConnTabl e Obj ect Type Names: The tcpConnTable Object TypeNames contains a TCP connection. For any TCP connection of x, its name isthe a.b.c.d.e.f.g.h.i.j OBJECT DENTIFIER. The instance value of the

tcpConnLocalAddress object type associated with x is a.b.c.d. The instancevalue of the cpConnRemoteAddress object type associated with x is f.g.h.i.The instance value of the tcpConnLocalPort object type associated with x ise, and j is the instance value of the tcpConnRemotePort object typeassociated with x. For each object typet, for which the defined name, n, has aprefix of tcpConnEntry, an instance, i, of t is named by an OBJECTIDENTIFIER of the form n.y. The name of the TCP connection where irepresents information is y. For example,tcpConnState.89.1.1.42.21.10.0.0.51.2059 will identify the instance to findthe state of a TCP connection between the local address of 89.1.1.42 on TCPport 21 and the remote address of 10.0.0.51 on TCP port 2059.

egpNei ghTabl e Obj ect Type Names: The egpNeighTable ObjectType Names contains an EGP neighbor. For any EGP neighbor, x, its nameis the OBJECT IDENTIFIER of the form a.b.c.d, where a.b.c.d is the value ofthe instance of the egpNeighAddr object type associated with x. For eachobject type, t, for which the defined name, n, has a prefix of egpNeighEntry,an instance, i, of t is named by an OBJECT IDENTIFIER of the form n.y.Here y is the name of the EGP neighbor for which i represents information.For example, egpNeighState.89.1.1.42 will identify the instance to find theneighbor state for the IP address of 89.1.1.42.

MIB-I

MIB-I is the initial version of the MIB. It was originally developed to meet theTCP/IP communication management needs on the Internet. MIB-I concentratedon information specific to TCP/IP.

This first version of MIB included some global information, such as: A description of the system. The networking interfaces, such as system Ethernet adapters and serial

ports. The IP addresses of each network interface. The number of incoming and outgoing datagrams.

Table of information about active TCP connections.When MIB-I was designed, it was intended to be kept as simple as possible. Thebasic features that helped to meet these requirements are: MIB-I supported only a small number of basic objects. Although there was

a scope of adding objects as per the requirement. The required objects were to meet either fault or configuration

management. MIB-I excluded those objects that were derived from other objects.


33/171

33

There was a limit for the total number of objects. MIB-I supported the growth in its hierarchical tree by supporting vendor

specific variables.

MIB2

The second version of MIB is MIB2. MIB2 contains all the information containedin MIB-I in addition to the variables relating to SNMP. MIB2 contains severalvariables that were missing in MIB-I.

The MIB2 hierarchical tree has an unlimited potential for growth. Major MIB2treeexpansion can update a new version. New variables replace older ones, whichare then depreciated. The basic MIB2 tree contains eleven groups. One of theseis the CMOT, which is no longer used because the project was abandoned. Theother ten groups are the: MIB2 system Group

Interfaces Group Address Translation Group Internet Protocol Group Internet Control Message Protocol Group Transmission Control Protocol Group User Datagram Protocol Group Exterior Gateway Protocol Group SNMP Group Transmission Group

The MIB2 System Group (1.3.6.1.2.1.1)

The MIB2 System Group is one of the basic groups present in every device. Itcontains the description of the system, the name of the contact person, whichmay be the System or Network Administrator, and the administrative systemname. The most important variable of this group is the sysObjectID, which is theOBJECT IDENTIFIER assigned to each device by its vendor. This group alsocontains the sysUpTime variable, which measures the time elapsed from themoment the system was started. It measures the time in hundredths of a second.

The Interfaces Group (1.3.6.1.2.1.2)

The Interfaces Group contains a table with an entry for each system interface.

Each interface has a MIB Group under the 1.3.6.1.2.1.10 transmission node andincludes more specific information than the Interfaces Group.

This group deals with features, such as the operational status of an interface or acount for the number of received octets. These features are common acrosstechnologies. The Interfaces Group has the ifNumber variable, which denotes thetotal number of network interfaces.


34/171

34

The Interface group has the variables that contain information about: The type of technology for an interface. An estimation of the current bandwidth. The state of the interface. Information and statistics of the incoming and outgoing traffic.

Error counters and faults. An OBJECT IDENTIFIER that defines extra variables for a type of

interface.

The Address Translation Group (1.3.6.1.2.1.3)

The Address Translation Group was initially defined in MIB-I.

The Address Translation Group contains the Address Translation Table, whichcontains the network layer address. These network layer addresses havecorresponding physical addresses. This table manages the traffic and routes it tothe next system that is in the current best path. It list the address, which maps to

the system address that is the next hop in the transmission process, althoughsome interfaces do not use these Address Translation Tables.

The Address Translation Table has the Physical address of the directlyconnected systems. The Physical address is denoted by the variableatPhysAddress. The Address Translation Table also contains the Networkaddress, which is used to transmit the traffic. The Network address is denoted bythe variable atNetAddress.

The entries in the Address Translation Table can be entered manually, or foundautomatically by using a protocol, for example, the Address Resolution Protocol

(ARP). In MIB2, the Address Translation Tables were included as in MIB-I, butwere deprecated for backward compatibility. MIB2 is based on the method ofplacing separate Address Translation Table within the MIB for each differentNetwork Layer protocol.

The Internet Protocol Group (1.3.6.1.2.1.4)

The Internet Protocol Group or the IP group contains individual configuration andstatistics variables. In addition, it contains the IP address, the IP Routing, and theipNetToMedia tables.

The devices and routers operating with the IP protocol require information about

the configuration variables, the statistics about the incoming and outgoing traffic,the IP addresses, and the system address that will be the next in thetransmission channel.

The IP group contains variables that track the incoming and outgoing IP traffic. Inaddition, the incoming and outgoing datagrams are tracked. There may be caseswhere these datagrams need to be de-fragmented. Figure 2.5 shows the IPtraffic flow and datagrams.


35/171

35

The IP Address Table

The IP Address table contains a list of the IP addresses of all the systems on thenetwork. The IP address is configured directly to the device, and as a result, thecontents of this table has read-only attributes. There could be a possibility where

the number of IP addresses is larger than the actual number of interface on thenetwork. This is because an interface can have several IP address assigned to it.

The IP Routing Table

The IP Routing Table provides the IP protocol with the necessary information toroute datagrams from one point to another. The source of information for the IPRouting table could be either the manually configured entries, the Internal ControlMessage Protocol (ICMP) redirect messages, or the neighboring routers. Figure2-5shows the flow of the IP traffic and the datagrams:

Figure 2-5: The Flow of the IP Traffic and Datagrams

Another table, the ipForwardTable is often used instead of the IP Routing table.This is because the ipForwardTable is indexed by the destination, the protocolused, the forwarding policy followed, and next destination in the message route.These help the ipForwardTable to make use of advanced protocols such asOSPF (Open Shortest Path First).

The ipNetToMedia Table

The ipNetToMedia Table is an improvement over the Address Translation Table. It has replacedthe Address Translation table by mapping IP addresses to technology-specific addresses. TheipNetToMedia Table contains the ipNeToMediaType variable, which detects the entry type. The

entry type could be either manually entered or located dynamically using a protocol, for example,ARP.

The Internet Control Message Protocol (1.3.6.1.2.1.5)

The Internet Control Message Protocol Group or the ICMP contains a list ofvariables that symbolize the statistical traffic counts. In addition, this group alsocontains a configuration parameter. ICMP uses the Internet Control Message


36/171

36

Protocol, which is an important part of IP. ICMP messages are sent back to thesource in the event that datagrams are not delivered. There are several usefulICMP services on a network, such as the echo function. It helps to detectwhether a particular system is active on the network by using the ping command,which helps to verify connectivity.

Since the ICMP Group contains a list of variables that symbolize counters, theyare incremented up to a specific point. The differences in the interval valueprovide crucial information. High interval counts indicate routing or congestionproblems at a node. ICMP provides instant messages to detect these problems.The most important counters in the group are those that represent the SourceQuenches, Time-to-Live Expired, and Destination Unreachable ones. The twomost important variables used by ICMP are the icmpInMsgs and theicmpOutMsgs variables.

The icmpInMsgs Variable

The icmpInMsgs variable counts the total number of incoming messages.Several messages may not reach the intended destination during thetransmission process because of a network problem, an incorrect check sum, ortype fields in the message. In addition, ICMP handles those messages that maybe split into other message types during the transmission process.

The icmpOutMsgs Variable

The icmpOutMsgs variable counts the total number of outgoing messages. TheicmpOutMsgs variable counts the messages that are generated by the ICMPprocedure. ICMP excludes those messages that were discarded before a send

was attempted, which may have been caused by a shortage in memory.The ICMP data flow diagram is shown in Figure 2-6:

Figure 2-6: The ICMP Dataflow Diagram

The Transmission Control Protocol Group (1.3.6.1.2.1.6)

The Transmission Control Protocol (TCP) Group contains the TCP Connectiontable that lists the TCP connection activity. In addition, this group containsindividual configuration and connection statistic variables.


37/171

37

The traffic incoming and outgoing segments, which are denoted by tcpInSegsand tcpOutSegs, provide the host network status. For example, if there is a largenumber of retransmissions, it can be interpreted that there is a fault on thenetwork.

Figure 2-7shows the flow of segments:

Figure 2-7: The Segment Flows

The TCP Connection Table

The TCP Connection Table contains information about the TCP connectionspresent on the network. The variables in this table provide information about theconnections state and the IP address. This table provides most of the informationthat is required to receive the available connections on the network. This tablealso provides the information about the port numbers.

The TCP Configuration Variables

The TCP group has four TCP configuration variables. These variables giveinformation about the total number of TCP connections that the system cansupport. These variables use an algorithm to determine the timeout value usedfor retransmission and unacknowledged octets. These variables also provide theminimum and maximum values permitted by a TCP implementation for theretransmission timeout, which is measured in milliseconds.

The TCP Connect ion Statistics Variables

The TCP connection statistics variables are basically two variables, thetcpActiveOpens and the tcpPassiveOpens. The tcpActiveOpens variable count

the outgoing connection requests.The outgoing connection is used to request a connection-oriented service, suchas Telnet terminal access or ftp for file transfer purposes. The tcpPassiveOpensvariable counts the incoming requests. Remote users who need to access andlog in to local computers, perform file transfers, check mail, or receive networkstatus information make these requests. These requests reach the server thatreceives and processes them.


38/171

38

The User Datagram Protocol Group (1.3.6.1.2.1.7)

The User Datagram Protocol (UDP) Group contains a table called the UDPListener Table. This group also contains the UDP traffic statistics variables. Thegroup contains the udpInErrors and udpOutErrors variables that count the

number of datagrams received and sent, as shown in Figure 2-8:

Figure 2-8: The UDP Datagram Flows

The UDP Listener Table

The UDP Listener Table has a list of the UDP services that are active on thenetwork and are available for client interaction. This table contains the UDPlistener information, which is the IP address and UDP port number that is beingused by local applications. They are called listeners that wait for UDP datagrams.

The UDP Traffic Statistics Variables

The UDP traffic statistics variables count the incoming and outgoing UDPdatagrams. The UDP traffic statistics variables also keep count of the number ofUDP datagrams that were received but had no application at the destination port.

The Exterior Gateway Protocol Group (1.3.6.1.2.1.8)

The Exterior Gateway Protocol (EGP) group contains variables that keep track ofthe EGP traffic. The EGP group contains the EGP Neighbor table(egpNeighTable) and the EGP Autonomous System (egpAs) variable.

The EGP Neighbor Table (egpNeighTable)

The EGP Neighbor Table contains IP address information about the systemsaround a particular system or in its neighborhood. In addition, it contains theAutonomous System Number (ASN) and maintains a count of the incoming andoutgoing EGP messages. The EGP table also contains a control variable andother variables such as timers.


39/171

39

The EGP Autonomous System Variable (egpAs)

The EGP Autonomous System (egpAs) variable contains the AutonomousSystem number for the EGP router. Each EGP message that is transmitted bythe router has the senders ASN included in the message header.

The Transmiss ion Group (1.3.6.1.2.10)

The Transmission Group has additional MIBs, each containing groups withdifferent transmission technologies. The Transmission Group is not a group but anode in the MIB2 tree.

The SNMP Group (1.3.6.1.2.1.11)

The SNMP Group contains variables that are used for counting and recording allthe incoming and outgoing SNMP traffic. This group also counts the messagetypes, such as get, set and trap.

SNMP SMI

You need to know how the data is represented in the context of SNMP tounderstand what kind of information a device can provide. The representation ofthis data is the structure of the management information.

The SMI has been divided into three parts. They are: Module definitions: Describe information modules. Information module

semantics are conveyed by the ASN.1 MODULE-IDENTITY macro. Object definitions: Describe managed objects. Managed object semantics

are conveyed by the ASN.1 OBJECT-TYPE macro. Notification definitions: Describe unsolicited management information

transmissions. The semantics of a notification is conveyed by theNOTIFICATION-TYPE macro of ASN.1.

SMI datatypes are divided into three categories: Simple types: Includes four primitive ASN.1 types: Integers, Octet Strings,

Object Ids, and Bit Stings. Application-wide data types: Defined by SMI and described in Table 2-4:

Table 2-4: SMI Datatypes and Descriptions


Networkaddresses

Represents a particular protocol address.

Counters Non-negative integers that are incremented by a unit to a particularvalue when it is reset to zero. An example of a Counter is the number ofbytes received on an interface.


40/171

40

Table 2-4: SMI Datatypes and Descriptions


Gauges Non-negative integers that can increase or decrease, but terminate at a

maximum value. An example is the length of an output packet queue.Time ticks The measure of event time that is measured in hundredths of a second,

for example, the time since an interface entered its current state.

Opaque Represents arbitrary encoding. Passes arbitrary information strings thatdo not conform to SMI specifications.

Integer Represents signed, integer-valued information. Integer in ASN.1 is asimple data type that has bounded precision in the SMI.

Unsignedinteger

Represents unsigned integer-valued information. It is useful for non-negative values.

Simply constructed types: Includes the row and table ASN.1 types that

define multiple objects in tables and lists. Rows reference the rows in a tablewhere each element is either a simple datatype or an application-wide type.Tables reference a table with zero or more rows where each row has thesame number of columns.

SMI has two versions: The structure of management information version 1(SMI v1): Defines how

managed objects are named and specifies their associated datatypes. The structure of management information version 2(SMI v2): Provides

SNMPv2 enhancements.

An example of a MIB file is shown in the following Listing 2-1:Listing 2-1: A MIB File

RFC1213- MI B DEFI NI TI ONS : : = BEGI N

I MPORTS

mgmt , NetworkAddr ess, I pAddress, Count er , Gauge,

Ti meTi cks

FROM RFC1155- SMI

OBJ ECT- TYPE

FROM RFC 1212;mi b- 2 OBJ ECT I DENTI FI ER : : = { mgmt 1 }

- - gr oups i n MI B- I I

syst em OBJ ECT I DENTI FI ER : : = { mi b- 2 1 }

i nt er f aces OBJ ECT I DENTI FI ER : : = { mi b- 2 2 }

at OBJ ECT I DENTI FI ER : : = { mi b- 2 3 }


41/171

41

i p OBJ ECT I DENTI FI ER : : = { mi b- 2 4 }

i cmp OBJ ECT I DENTI FI ER : : = { mi b- 2 5 }

t cp OBJ ECT I DENTI FI ER : : = { mi b- 2 6 }

udp OBJ ECT I DENTI FI ER : : = { mi b- 2 7 }

egp OBJ ECT I DENTI FI ER : : = { mi b- 2 8 }t r ansmi ss i on OBJ ECT I DENTI FI ER : : = { mi b- 2 10 }

snmp OBJ ECT I DENTI FI ER : : = { mi b- 2 11 }

The Interfaces table contains information on the entity interface. Each interface isattached to a subnetwork. The Listing 2-2below shows the Interfaces table:Listing 2-2: The Interfaces Table

i f Tabl e OBJ ECT- TYPESYNTAX SEQUENCE OF I f Ent r y

ACCESS not - accessi bl e

STATUS mandat or y

DESCRI PTI ON

"A l i st of i nt er f ace ent r i es. "

: : = { i nt er f aces 2 }

i f Ent r y OBJ ECT- TYPE

SYNTAX I f Ent r yACCESS not - accessi bl e

STATUS mandat or y

DESCRI PTI ON

"An i nt er f ace ent r y cont ai ni ng obj ect s at t hesubnet wor k

l ayer and bel ow f or a par t i cul ar i nt er f ace. "

I NDEX { i f I ndex }

: : = { i f Tabl e 1 }

I f Ent r y : : =SEQUENCE {

i f I ndex

I NTEGER,

i f Descr

Di spl aySt r i ng,


42/171

42

i f Type

I NTEGER,

i f Mt u

I NTEGER,

i f SpeedGauge,

i f PhysAddr ess

PhysAddr ess,

i f Admi nSt at us

I NTEGER,

i f Oper St at us

I NTEGER,

i f Last ChangeTi meTi cks ,

i f I nOct et s

Count er ,

i f I nUcast Pkt s

Count er ,

i f I nNUcast Pkt s

Count er ,

i f I nDi scar ds

Count er ,

i f I nEr r or s

Count er ,

i f I nUnknownProtos

Count er ,

i f Out Oct et s

Count er ,

i f Out Ucast Pkts

Count er ,

i f Out NUcast Pkt s

Count er ,

i f Out Di scar ds

Count er ,

i f Out Er r or s


43/171

43

Count er ,

i f Out QLen

Gauge,

i f Speci f i c

OBJ ECT I DENTI FI ER}

i f I ndex OBJ ECT- TYPE

SYNTAX I NTEGER

ACCESS r ead- onl y

STATUS mandat or y

DESCRI PTI ON

"A uni que val ue f or each i nt er f ace. ": : = { i f Ent r y 1 }

i f Descr OBJ ECT- TYPE

SYNTAX Di spl aySt r i ng ( SI ZE ( 0. . 255) )

ACCESS r ead- onl y

STATUS mandat or y

DESCRI PTI ON

"A t ext ual st r i ng cont ai ni ng i nf or mat i on about t he

i nt er f ace. Thi s st r i ng shoul d i ncl ude t he name of

t he manuf act ur er , t he pr oduct name, and t hever si on

of t he har dwar e i nt er f ace. "

: : = { i f Ent r y 2 }

END

MIB files begin with the definition of the MIB name. It has the RFC number thatdefines the MIB version. The next section is the IMPORTS section, also referredas the linkage section, which imports the datatypes and OBJECT IDENTFIERS.In the above code listing, the mgmt, NetworkAddress, IpAddress, Counter,Gauge, and TimeTicks RFC1155 items are imported. In addition, the IMPORTSsection imports the OBJECT-TYPE from RFC1212. Every group of items in theIMPORTS section has a FROM clause that mentions the source from which theobjects must be imported.


44/171

44

Next, the OBJECT IDENTIFIER is defined, which has the "mgmt 1" value. The"mgmt 1" sets the top level of the MIBII subtree.

After this, the actual object definition follows. Every object definition has a fixedformat as mentioned below:

OBJ ECT- TYPESYNTAX

ACCESS

STATUS

DESCRI PTI ON

"Descr i pt i on of t he managed obj ect . "

: : = { }

The first managed object defined is the ifTable that represents a table of networkinterfaces on a managed device.

Under the ifTable, the entry for SYNTAX is "SEQUENCE of IfEntry". Thissignifies that the ifTable contains the columns defined in IfEntry.

Next, the object ACCESS value is defined, which in this case is not-accessible.The STATUS entry value, mandatory, signifies that an agent must implement thisobject in order to comply with the MIB-II specification. The keywordDESCRIPTION is used to give a description of the object.

The ifEntry section is used to define a particular row in ifTable. The syntax for theifEntry section is similar to the ifTable, but has the INDEX clause, which a uniquekey for defining a single row in a table.

Each object in the IfEntry sequence has its own object definition.

The next section is the SEQUENCE definition. It has the name of the sequence,IfEntry, which is of mixed-case. IfEntry is used to specify the entries of the rowsin the table. A sequence is a list of columnar objects and their SMI datatypes,which defines a conceptual table. This table is made up of a number of rows,which are managed by an agent. The addition of rows can be possible by usingthe Set operation.

The ifIndex section has an ifIndex object, which is a read-only object. The indexfor the ifEntry is defined in the ifIndex section.

The final section is the ifDescr section, which is a textual description of theinterface represented by a particular row in the ifTable.

At the end is the END clause that is used for ending the MIB file.


45/171

45

SMIv1

As stated earlier the definitions of managed objects have three attributes. They

are name, type or the syntax, and encoding: Name: The name also called as the OBJECT IDENTIFIER uniquely

defines a managed object. They are either in numerical or in alphabeticalform, which are lengthy and inconvenient to use. An example would be thatan OBJECT IDENTFIER can be named in a numerical format, such as1.3.6.1.2.1.2 and in alphabetical order, such as iso(1), org(3), dod(6), and soon. SNMP applications help navigate through the namespace, as shown inFigure 2-9:

Figure 2-9: Top Levels of the Hierarchical Tree

Type: A subset of ASNv1 is used for defining a managed object datatype.Abstract Syntax Notation 1 is how data is represented and transmittedbetween managers and agent within the context of SNMP. One of the majorflexibilities of ASN1 is that it is platform independent.

Encoding: A single instance of managed object is encoded into a string ofoctets using basic encoding rules (BER). These rules define how the objectsare encoded and decoded enabling them to be transported via atransportation medium, such as the Ethernet.

The OBJECT IDENTIFIERS (OIDs) are represented in two basic forms,

numeric, and alphabetical form. Object IDs are made up of a series ofintegers based on the nodes on the tree, such as the structure of the MIB andare separated by dots(.). Each integer or the numeric OID represents thenode of the tree. Although the alphabetical form is much easier to understandthan the numerical form but then each integer represents some combinationof alphabets. So either the integer or the number themselves that representthe object ID or the combination of alphabets can be used.


46/171

46

The topmost level of the tree or the node, which is at the top of the tree, is calledthe root-node. Any of the nodes, which further contain sub-nodes, is called asubtree and that particular node is called the parent node whereas nodes withoutchildren are called a leaf node.

SMIv2

The SMIv2 is the updated data definition language of SNMP. It defines the basicdata types, the object model, and the rules for writing and altering MIB modules.SMIv2 adds the snmpv2 branch at the Internet node, as a result extending theSMI object tree. The snmpv2 object of the snmpv2 branch has the OBJECTIDENTIFIER as 1.3.6.1.6.3.1.1. This has been shown in the Figure 2-10:

Figure 2-10: The SMIv2 Tree

The new datatypes of SMIv2 have been described below in the Table 2-5:


47/171

47

Table 2-5: SMIv2 New Datatypes

Datatype Description

Integer32 It is the same as integer in SMIv1.

Counter32 It is the same as counter in SMIv1.

Gauge32 It is the same as gauge in SMIv1.

Unsigned32 It represents decimal values in the range of 0 to 232 - 1 inclusive.

Counter64 It is similar to the Counter32 datatype, but the maximum value is18,446,744,073,709,551,615. It is ideal for situations where a Counter32datatype may wrap back to 0 in a short amount of time.

BITS It is an enumeration of non-negative named bits.


48/171

48

Chapter 3: How to Work with SNMP

You can use SNMP to meet various network requirements, such as monitoringand managing the network. You must be familiar with the various operations thatare possible in order to understand SNMP. These operations handle manager-

agent communication. Packet Data Units (PDUs) create these communicationmessages. You must also thoroughly understand the SNMP protocols. They arebased on the layered model, which helps with communication andtroubleshooting operations.

SNMP Operations: Protocol Data Units

SNMP is based on the manager/agent model. In this model, a manager interactswith agents and vice-versa. SNMP supports this communication by using theSNMP protocol. The communication occurs via messages, which retrieve objectvariables and assigns values to them. A manager sends various messages to

read a variable or gather information from agents. In addition, a manager cansend messages that can change the variables on the agent side. The agent mustthen send a confirmation message. Agents also send messages that inform themanager of any critical event or problem in the network.

An SNMP message contains a version identifier, an SNMP community name,and a PDU. Listing 3-1shows the format of an SNMP message:

Listing 3-1: Format of an SNMP Message

SNMP DEFI NI TI ONS : : = BEGI N

I MPORTS

Obj ectName, Obj ectSynt ax, NetworkAddr ess, I pAddress, Ti meTi cks

FROM x- SMI ;

- - message

Message : : =

SEQUENCE {

ver si on

I NTEGER {

ver si on- 1( 0)

}

communi t y - - communi t y name

OCTET STRI NG,

dat a

ANY

}


49/171

49

- - PDUs

PDUs : : =

CHOI CE {

get - r equest

Get Request - PDU,

get - next- r equest

Get NextRequest - PDU,

get - r esponse

Get Response- PDU,

set - r equest

Set Request - PDU,

t r ap

Tr ap- PDU

}

- - t he i ndi vi dual PDUs and

- - data t ypes t o be def i ned here

END

The above listing shows the SNMP Message Format.

SNMP supports four different types of commands for communication between amanager and an agent. The commands are: Read: Monitors managed devices, also known as agents. A managerreads these devices by reading the variables that the devices maintain. Write: Controls managed devices. A manager uses the write command

Using SNMP to Manage Complex Networks

Documents

Transcript of Using SNMP to Manage Complex Networks