chapter 4 snmpv1: organization and information models
TRANSCRIPT
Chapter 4SNMPv1: Organization and Information Models
Internet SNMP Management
• Internet Engineering Task Force (IETF)• 1990 SNMPv1• 1995 SNMPv2• 1998 SNMPv3
• Internet documents:• Request for Comments (RFC)• IETF STD Internet Standard• FYI For your information
http://www.ietf.org/
http://www.ietf.org/rfc.htmlhttp://www.ietf.org/rfc/rfcNNNN.txt
SNMP MIBRFC 3418
SNMP MIBRFC 3418
SMIv2RFC 2578
SMIv2Conventions
RFC 2579
SMIv2Conformances
RFC 2580
SNMP MIBRFC 3418
SNMPv2Protocol Ops
RFC 3416
`
SNMP Model• Organization Model
• Relationship between network element, agent, and manager
• Hierarchical architecture• Information Model
• Uses ASN.1 syntax• SMI (Structure of Management Information• MIB (Management Information Base)
• Communication Model• Transfer syntax• SNMP over TCP/IP• Communication services addressed by messages• Security framework community-based model
Two-Tier Organization Model
Three-Tier Organization Model: RMON
ManagedObjects
SNMPManager
RMONProbe
• RMON Remote Monitoring• RMON I• RMON II
Three-Tier Organization Model: Proxy
Non-SNMPManagedObjects
SNMP Manager
ProxyServer
SNMPManagedObjects
SNMP System Architecture
Network
網路介面
SNMP
UDP
IP
網路介面
SNMP
UDP
IP
網路介面
SNMP
UDP
IP
Manager Agent Agent
. . .
ManagementStation Host Router
Network Elements (NEs)
Network Management
Protocol
SNMP
SNMP Services
Four Services Get, Set, GetNext, Trap
Five SNMP Messages GetRequest, SetRequest, GetNextRequest,
GetResponse, Trap
Manager Agent(s)
Get, Set, GetNext Request
Get Response
Trap
SNMP Services
Get Request
Get ResponseManager Agent
GetNext Request
Get ResponseManager Agent
Set Request
Get ResponseManager Agent
Trap RequestManager Agent
GetGet
GetNextGetNext
SetSet
TrapTrap
GetGet
GetNextGetNext
SetSet
TrapTrap
SNMP Services (cont.)
Get Request: Retrieve the values of objects in the MIB of an agent.
Get-Next Request: Retrieve the values of the next objects in the MIB of
an agent. Set Request:
Update the values of objects in the MIB of an agent. Trap Request
Report extraordinary events to the manager.
4.7 Information Model
• Structure of Management Information (SMI) (RFC 1155, RFC 1212)
• Managed Object• Scalar• Aggregate or tabular object
• Management Information Base (RFC 1213)
Managed Object
Object Type Object Instance
Managed Object: Multiple Instances
Object Type Object Instance
Object Name• Object is uniquely defined by
• DESCRIPTOR• OBJECT IDENTIFIER
Internet Subnodes
directory OBJECT IDENTIFIER ::= {internet 1}
mgmt OBJECT IDENTIFIER ::= {internet 2}
experimental OBJECT IDENTIFIER ::= {internet 3}
private OBJECT IDENTIFIER ::= {internet 4}
root
ccitt iso joint-iso-ccitt
directory
0 1 2
std regauthority
memberbody
org0
1 2 3
dod
internet
6
1
12 3 4
mgmt experimental private
MIB II
system1
interface2
at3
IP4
ICMP5
TCP6
UDP7
EGP8
Trans.10
SNMP11
1 1enterprises
1.3.6.1.2.1.2 1.3.6.1.4.1
1.3.6.1.2.1
MIB II
interface
enterprises
Private MIB Example
Enterprise Number
http://www.iana.org/assignments/enterprise-numbers
http://www.iana.org/
SNMP ASN.1 Data Type
Primitive Data Types
Structure Data Type Comments Primitive types INTEGER Subtype INTEGER (n1..nN)
Special case: Enumerated INTEGER type
OCTET STRING 8-bit bytes binary and textual data Subtypes can be specified by either range or fixed
OBJECT IDENTIFIER Object position in MIB NULL Placeholder
• subtype:
• INTEGER (0..255)
• OCTET STRING (SIZE 0..255)
• OCTET STRING (SIZE 8)
Enumerated
• Special case of INTEGER data type
Defined or Application Data Type
Constructor or Structured Data Type:SEQUENCE List Marker
SEQUENCE { <type1>, <type2>,…, <typeN> }
IpAddrEntry ::= SEQUENCE {
ipAdEntAddr IpAddress,ipAdEntIfIndex INTEGER,ipAdEntNetMask IpAddress,ipAdEntBcastAddr INTEGER,ipAdEntReasmMaxSize INTEGER
(0..65535)}
Constructor or Structured Data Type:SEQUENCE OFSEQUENCE OF <entry>
where <entry> is a list constructor ipAddrTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpAddrEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"The table of addressing information relevant to
this entity's IP addresses."
::= { ip 20 }
Example: IP Address Table
• Each row (table entry) is a sequence: IpAddrEntry.
• The ipAddrTable table is a sequence of rows (entries), i.e. a sequence of ipAddrEntry.
Encoding
• Basic Encoding Rules (BER)- Type, Length, and Value (TLV)
Type Length Value
Class(7-8th bits)
P/C(6th bit)
Tag Number(1-5th bits)
SNMP Data Types and Tags
Type Tag
OBJECT IDENTIFIER UNIVERSAL 6SEQUENCE UNIVERSAL 16IpAddress APPLICATION 0Counter APPLICATION 1Gauge APPLICATION 2TimeTicks APPLICATION 3Opaque APPLICATION 4
4.7.3 Managed Object: Structure
OBJECT:sysDescr: { system 1 }
Syntax: OCTET STRING Definition: "A textual description of the entity. This value should include the full name and version identification of the system's hardware type, software operating-system, and networking software. It is mandatory that this only contain printable ASCII characters." Access: read-only Status: mandatory
Figure 4.17 Specifications for System Description
SMIv1, SMIv2 SMIv1:
SMI (RFC 1155) Concise MIB (RFC 1212) Trap-Type (RFC 1215)
SMIv2: SMIv2 (RFC 2578) Textual Conventions (RFC 2579) Conformance Statements (RFC 2580)
OBJECT-TYPE MACRO ::= BEGINOBJECT-TYPE MACRO ::= BEGIN
TYPE NOTATION ::=TYPE NOTATION ::= "SYNTAX" type (TYPE "SYNTAX" type (TYPE ObjectSyntaxObjectSyntax))
"ACCESS" Access"ACCESS" Access
"STATUS" Status"STATUS" Status
VALUE NOTATION ::= value (VALUE VALUE NOTATION ::= value (VALUE ObjectNameObjectName))
Access ::= "read-only" | "read-write" | "write-only Access ::= "read-only" | "read-write" | "write-only | "not-accessible"| "not-accessible"
Status ::= "mandatory" | "optional" | "obsolete"Status ::= "mandatory" | "optional" | "obsolete"
ENDEND
Object-Type Macro (RFC 1155)
OBJECT-TYPE MACRO (RFC1212)OBJECT-TYPE MACRO ::=BEGIN TYPE NOTATION ::=
"SYNTAX" type(ObjectSyntax) "ACCESS" Access "STATUS" Status
DescrPartReferPartIndexPartDefValPart
VALUE NOTATION ::= value (VALUE ObjectName)
ObjectName ::= OBJECT IDENTIFIER
OBJECT-TYPE Example
sysLocation OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..255))
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The physical location of this node (e.g.,
`telephone closet, 3rd floor')."
::= { system 6 }
DisplayString ::= OCTET STRING (SIZE (0..255))
Go to Next Example
"SYNTAX" type(ObjectSyntax)ObjectSyntax ::=
CHOICE {simple SimpleSyntax,application-wide ApplicationSyntax
}
SimpleSyntax ::=CHOICE {
number INTEGER,string OCTET STRING,object OBJECT IDENTIFIER,empty NULL
}
ApplicationSyntax ::= CHOICE {
address NetworkAddress,counter Counter,gauge Gauge,ticks TimeTicks,
arbitrary Opaque}
Back to OBJECT TYPE
ApplicationSyntaxNetworkAddress ::=
CHOICE {internet IpAddress
} IpAddress ::=
[APPLICATION 0] IMPLICIT OCTET STRING (SIZE (4))Counter ::=
[APPLICATION 1] IMPLICIT INTEGER (0..4294967295)Gauge ::=
[APPLICATION 2] IMPLICIT INTEGER (0..4294967295)TimeTicks ::=
[APPLICATION 3] IMPLICIT INTEGER (0..4294967295) Opaque ::=
[APPLICATION 4] IMPLICIT OCTET STRING
0 .. 232-1
Back to OBJECT TYPE
"ACCESS" Access "STATUS" Status
Access ::= "read-only"| "read-write"| "write-only"| "not-accessible
Status ::= "mandatory"| "optional"| "obsolete"| "deprecated"
Back to OBJECT TYPE
DescrPartDescrPart ::=
"DESCRIPTION" value (description DisplayString)
| empty
ReferPart ::="REFERENCE" value (reference DisplayString)
| empty
ReferPart
Back to OBJECT TYPE
DefValPart
ifNumber OBJECT-TYPESYNTAX INTEGERACCESS read-onlySTATUS mandatoryDEFVAL 1DESCRIPTION
"The number of network interfaces (regardless of
their current state) present on this system.“::= { interfaces 1 }
DefValPart ::="DEFVAL" "{" value (defvalue
ObjectSyntax) "}" | empty
Example:
Back to OBJECT TYPE
IndexPart
IndexTypes ::=IndexType | IndexTypes "," IndexType
IndexType ::=value (indexobject
ObjectName)| type (indextype)
IndexSyntax ::=CHOICE {
number INTEGER (0..MAX), string OCTET STRING, object OBJECT IDENTIFIER, address NetworkAddress, ipAddress IpAddress }
IndexPart ::= "INDEX" "{" IndexTypes "}"
Back to OBJECT TYPE
instance-identifier (INDEX) integer-valued
3 3 string-valued, fixed-length strings
‘004096563c2e’H 0.64.150.86.60.46 string-valued, variable-length strings
“IIS Admin” 9.73.73.83.32.65.100.109.105.110
object identifier-valued 1.3.6.1.2 5.1.3.6.1.2
NetworkAddress-valued 163.22.20.16 1.163.22.20.16
IpAddress-valued 163.22.20.16 163.22.20.16
Index - variable-length stringsvSvcTable OBJECT-TYPE
SYNTAX SEQUENCE OF SvSvcEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A list of service entries describing network services installed on this server.“::= { server 3 }
svSvcEntry OBJECT-TYPE SYNTAX SvSvcEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "The names of the network services installed on this server." INDEX { svSvcName }::= { svSvcTable 1 }
Back to OBJECT TYPE
OBJECT-TYPE Example
dot1dBasePortEntry OBJECT-TYPESYNTAX Dot1dBasePortEntryACCESS not-accessible STATUS mandatory DESCRIPTION
"A list of information for each port of the bridge."
REFERENCE"IEEE 802.1D-1990: Section 6.4.2, 6.6.1"
INDEX { dot1dBasePort }::= { dot1dBasePortTable 1 }
Aggregate Object
• A group of objects
• Also called tabular objectstabular objects
• Can be represented by a table with
• Columns of objects
• Rows of instances
Table of Objects
List of Objects
Objects
Aggregate M.O. Macro: Table Object
ipAddrTable OBJECT-TYPE SYNTAX SEQUENCE OF IpAddrEntry ACCESS not-accessible
STATUS mandatoryDESCRIPTION
"The table of addressing information
relevant to this entity's IP addresses."::= {ip 20}
Aggregate M.O. Macro: Entry Object
ipAddrEntry OBJECT-TYPESYNTAX IpAddrEntryACCESS not-accessibleSTATUS mandatoryDESCRIPTION
"The addressing information for one of this entity's IP addresses."
INDEX { ipAdEntAddr }::= { ipAddrTable 1 }
ipAddrEntry: OBJECT-TYPEIpaddrEntry: SYNTAX
Aggregate M.O. Macro: Entry Object
IpAddrEntry ::= SEQUENCE { ipAdEntAddr IpAddress, ipAdEntIfIndex INTEGER, ipAdEntNetMask IpAddress, ipAdEntBcastAddr INTEGER, ipAdEntReasmMaxSize INTEGER (0..65535) }
Aggregate M.O. Macro: Columnar Objects
ipAdEntAddr OBJECT-TYPE SYNTAX IpAddress
ACCESS read-onlySTATUS mandatoryDESCRIPTION
"The IP address to which this entry's
addressing information pertains.”::= { ipAddrEntry 1 }
Tabular Representation of Aggregate Object
Tabular Representation of Aggregate Object
Multiple Instances of Aggregate Managed Object
ipAddrTable {1.3.6.1.2.1.4.20}ipAddrEntry (1)
ipAdEntAddr (1)ipAdEntIfIndex (2)ipAdEntNetMask (3)ipAdEntBcastAddr (4)ipAdEntReasmMaxSize (5)
Columnar object ID of ipAdEntBcastAddr is (1.3.6.1.2.1.4.20.1.4):
iso org dod internet mgmt mib ip ipAddrTable ipAddrEntry ipAdEntBcastAddr 1 3 6 1 2 1 4 20 1 4
Figure 4.23(a) Columnar objects under ipAddrEntry
Example
Identification of Managed Objects Use Object Identifier (OID) OID = Object Type OID . Instance
Identifier Object Type OID:
Each Object type has a unique OID Instance Identifier:
Identify instances of object type E.g .mib-2.interface.ifTable.ifEntry.ifDescr.2
Two Kinds of Managed Objects
Type-Specific Objects: sysDescr OBJECT-TYPE
SYNTAX DisplayString (SIZE(0..255))
::= {system 1}
OID: mib-2.system.1.0 Columnar Objects
OID: mib-2.interface.ifTable.ifEntry.ifDescr.2mib-2.interface.ifTable.ifEntry.ifDescr.6 mib-2.interface.ifTable.ifEntry.ifType.2mib-2.interface.ifTable.ifEntry.ifType.6
Columnar Objects
ifTable OBJECT-TYPE SYNTAX SEQUENCE OF IfEntry … ::= { interface 2 }
IfEntry ::= SEQUENCE { ifIndex INTEGER, ifDescr DisplayString, ifType INTEGER, …}
ifEntry OBJECT-TYPE SYNTAX IfEntry … INDEX {ifIndex } ::= { ifTable 1}
ifDescr OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) ACCESS read-only STATUS madatory...::= {ifEntry 2}
Columnar Objects
ifIndex ifDescr ifType . . .
1 le0 6 . . .
6 llc0 1 . . .
7 lo0 24 . . .
9 le1 6 . . .
.ifTable.ifEntry.1 (1.3.6.1.2.1.2.2.1.1) .ifTable.ifEntry.2 (1.3.6.1.2.1.2.2.1.2)
.ifTable.ifEntry.3 (1.3.6.1.2.1.2.2.1.3)
1.3.6.1.2.1.2.2.1.3.71.3.6.1.2.1.2.2.1.2.6
Index in MIB II ifEntry {ifIndex} atEntry {atNetIfIndex, atNetAddress} ipAddrEntry {ipAdEntAddr } ipRouteEntry {ipRouteDest} ipNetToMediaEntry {ipNetToMediaIfIndex,
ipNetToMediaNetAddress} tcpConnEntry
{tcpConnLocalAddress, tcpConnLocalPort, tcpConnRemoteAddress, tcpConnRemotePort}
udpEntry {udpLocalAddress, udpLocalPort}
egpNeighEntry {egpNeighAddr}
Index Example
To get the state of the TCP connection:10.10.13.137: 3125 ===> 61.30.91.235: 80
Use snmp_get_req. to get the “tcpConnState” of the tcpConnTable in MIB II.
tcpConnState ==> 1.3.6.1.2.1.6.13.1.1
1.3.6.1.2.1.6.13.1.1.10.10.13.137.3125.61.30.91.235.80
tcpConnTable
4.7.4 MIB-II
• MIB-II (RFC 1213) is superset of MIB-I
• Objects that are related grouped into object groups
• MIB module comprises module name, imports from other modules, and definitions of current module
• RFC 1213 defines eleven groups
MIB II (RFC 1213) System Group
Provide general information about the managed system. Interfaces Group
Contains generic information about the physical interfaces. Address-Translation Group
Contains information about the mapping between network addresses and physical addresses for each physical interface.
IP Group Contains information about the implementation and
operation of IP at the managed system. ICMP Group
Contains information about the implementation and operation of ICMP at the managed system.
MIB-II (cont.) TCP Group
Contains information about the implementation and operation of TCP at the managed system.
UDP Group Contains information about the implementation and
operation of UDP at the managed system. EGP Group
Contains information about the implementation and operation of EGP at the managed system.
CMOT Group Placeholder for OSI (CMIP Over TCP/IP)
Transmission Group Provides details about the underlying transmission
media for each interface. SNMP Group
Provides the statistics of SNMP operations at the managed system.
System Group
System Group
sysServices OBJECT-TYPE SYNTAX INTEGER (0..127) ACCESS read-only STATUS mandatory DESCRIPTION "A value which indicates the set of services that this entity primarily offers. The value is a sum. This sum initially takes the value zero, Then, for each layer, L, in the range 1 through 7, that this node performs transactions for, 2 raised to (L - 1) is added to the sum. For example, a node which performs primarily routing functions would have a value of 4 (2^(3-1)). In contrast, a node which is a host offering application services would have a value of 72 (2^(4-1) + 2^(7-1)). Note that in the context of the Internet suite of protocols, values should be calculated accordingly: layer functionality 1 physical (e.g., repeaters) 2 datalink/subnetwork (e.g., bridges) 3 internet (e.g., IP gateways) 4 end-to-end (e.g., IP hosts) 7 applications (e.g., mail relays) For systems including OSI protocols, layers 5 and 6 may also be counted." ::= { system 7 }
72= 8 + 64
01000100
System Information
Interfaces GroupInterfaces Group
iFEntry
ifEntry OBJECT-TYPE SYNTAX IfEntry ACCESS not-accessible STATUS mandatory DESCRIPTION
"An interface entry containing objects at the subnetwork layer and below for a particular interface."
INDEX {ifIndex}
::= {ifTable 1}
ifType
http://www.iana.org/assignments/smi-numbers
ifType OBJECT-TYPE SYNTAX INTEGER { other(1), -- none of the following regular1822(2), hdh1822(3), ddn-x25(4), rfc877-x25(5), ethernet-csmacd(6), iso88023-csmacd(7), iso88024-tokenBus(8), iso88025-tokenRing(9), iso88026-man(10), starLan(11), proteon-10Mbit(12), proteon-80Mbit(13), hyperchannel(14), fddi(15), lapb(16), sdlc(17), ds1(18), -- T-1 e1(19), -- european equiv. of T-1 basicISDN(20), primaryISDN(21), -- proprietary serial propPointToPointSerial(22), ppp(23),
……….
ifAdminStatus OBJECT-TYPE SYNTAX INTEGER { up(1), -- ready to pass packets down(2), testing(3) -- in some test mode } ACCESS read-write STATUS mandatory DESCRIPTION "The desired state of the interface. The testing(3) state indicates that no operational packets can be passed." ::= { ifEntry 7 }
ifOperStatus OBJECT-TYPE SYNTAX INTEGER { up(1), -- ready to pass packets down(2), testing(3) -- in some test mode } ACCESS read-only STATUS mandatory DESCRIPTION "The current operational state of the interface. The testing(3) state indicates that no operational packets can be passed." ::= { ifEntry 8 }
ifTable
ifTable (cont.)
IP GroupIP Group
IP Group
• ipForwarding: • forwarding(1)• not-forwarding(2)
• IP Address Table contains table of IP addresses• IP Route Table contains an entry for each route• IP Network-to-Media Table is address translation
table mapping IP addresses to physical addresses
IP Address Table
ipAddrTable
IP Routing Table
IP Routing TableEntity OID Description (brief)
ipRouteTable ip 21 IP routing tableipRouteEntry ipRouteTable 1 Route to a particular destinationipRouteDest ipRouteEntry 1 Destination IP address of this routeipRouteIfIndex ipRouteEntry 2 Index of interface, same as ifIndexipRouteMetric1 ipRouteEntry 3 Primary routing metric for this routeipRouteMetric2 ipRouteEntry 4 An alternative routing metric for this routeipRouteMetric3 ipRouteEntry 5 An alternative routing metric for this routeipRouteMetric4 ipRouteEntry 6 An alternative routing metric for this routeipRouteNextHop ipRouteEntry 7 IP address of the next hopipRouteType ipRouteEntry 8 Type of routeipRouteProto ipRouteEntry 9 Routing mechanism by which this route was
learnedipRouteAge ipRouteEntry 10 Number of seconds since routing was last updatedipRouteMask ipRouteEntry 11 Mask to be logically ANDed with the destination
address before comparing with the ipRouteDestfield
ipRouteMetric5 ipRouteEntry 12 An alternative metric for this routeipRouteInfo ipRouteEntry 13 Reference to MIB definition specific to the routing
protocol
ipRouteTable Example
other(1), invalid(2), direct(3), indirect(4)
other(1), local(2), netmgmt(3),icmp(4), egp(5),ggp(6),hello(7),rip(8),is-is(9),s-is(10),ciscoIgrp(11),bbnSpfIgp(12),ospf(13),bgp(14)
Sec.
IP Address Translation Table
IP Address Translation Table
Entity OID Description (brief)ipNetToMediaTable ip 22 Table mapping IP addresses to
physical addressesipNetToMediaEntry IpNetToMediaTable 1 IP address to physical address
for the particular interfaceipNetToMediaIfIndex IpNetToMediaEntry 1 Interfaces on which this entry's
equivalence is effective; sameas ifIndex
ipNetToMediaPhysAddress IpNetToMediaEntry 2 Media dependent physicaladdress
ipNetToMediaNetAddress IpNetToMediaEntry 3 IP addressipNetToMediaType IpNetToMediaEntry 4 Type of mapping
IPNetToMediaTable
= ARP Table
other(1),invalid(2)invalid(2), dynamic(3),static(4)
read-write
ICMP Group
ICMP
• Objects associated with ping• icmpOutEchos
- # ICMP echo messages sent• icmpInEchoReps
- # ICMP echo reply messages received
• Objects associated with traceroute/tracert• icmpInTimeExcs
• # ICMP time exceeded messages received
TCP Group
TCP Connection Table
TCP Connection Table
Entity OID Description (brief)
tcpConnTable tcp 13 TCO connection tabletcpconnEntry TcpConnTable 1 Information about a particular TCP
connectiontcpConnState TcpConnEntry 1 State of the TCP connectiontcpConnLocalAddressTcpConnEntry 2 Local IP addresstcpConnLocalPort TcpConnEntry 3 Local port numbertcpConnRemAddress TcpConnEntry 4 Remote IP addresstcpConnRemPort TcpConnEntry 5 Remote port number
tcpConnState OBJECT-TYPE SYNTAX INTEGER { closed(1), listen(2), synSent(3), synReceived(4), established(5), finWait1(6), finWait2(7), closeWait(8), lastAck(9), closing(10), timeWait(11), deleteTCB(12)deleteTCB(12) } ACCESS read-write STATUS mandatory …::= { tcpConnEntry 1 }
TCP Connection StateTCP Connection State
tcpConnTable
UDP Group
UDP Group
Entity OID Description (brief)udpInDatagrams udp 1 Total number of datagrams delivered to the
usersudpNoPorts udp 2 Total number of received datagrams for
which there is no applicationudpInErrors udp 3 Number of received datagrams with errorsudpOutDatagrams udp 4 Total number of datagrams sentudpTable udp 5 UDP Listener tableudpEntry udpTable 1 Information about a particular connection or
UDP listenerudpLocalAddress udpEntry 1 Local IP addressudpLocalPort udpEntry 2 Local UDP port
udpTable
