snmp management: organization and information model by behzad akbari fall 2008 in the name of the...
TRANSCRIPT
SNMP Management:Organization and Information
Model
by
Behzad Akbari
Fall 2008
In the Name of the Most High
Overview SNMP is the most widely used network management protocol When we say SNMP management, we are really referring to Internet management.
(SNMP itself is a com protocol). SNMP management model:
Organization Model Relationship between network element, agent, and manager Hierarchical architecture
Information Model Uses ASN.1 syntax SMI (Structure of Management Information MIB ( Management Information Base)
Communication Model Transfer syntax SNMP over TCP/IP Communication services addressed by messages Security framework community-based model
Managed LAN
NMS on subnet 192.168.252.1
manages the router and the hubs
on subnet 172.16.46.1 across the
backbone network
Figure 4.1 A Managed LAN Network
Managed Hubs: System Information Information obtained querying the hubs Data truly reflects what is stored in the hub
Title: System Information: 172.16.46.2Name or IP Address: 172.16.46.2System Name:System Description: 3Com LinkBuilder FMS, SW version:3.02System Contact:System Location:System Object ID: .iso.org.dod.internet.private.enterprises.43.1.8.5System Up Time: (2475380437) 286 days, 12:03:24.37
Title: System Information: 172.16.46.3Name or IP Address: 172.16.46.3System Name:System Description: 3Com LinkBuilder FMS, SW version:3.12System Contact:System Location:System Object ID: .iso.org.dod.internet.private.enterprises.43.1.8.5System Up Time: (3146735182) 364 days, 12:55:51.82
Managed Router: System InformationTitle: System Information: router1.gatech.eduName or IP Address: 172.16.252.1System Name: router1.gatech.eduSystem Description: Cisco Internetwork Operating System Software
: IOS (tm) 7000 Software (C7000-JS-M), Version: 11.2(6),RELEASE SOFTWARE (ge1): Copyright (c) 1986-1997 by Cisco Systems, Inc.: Compiled Tue 06-May-97 19:11 by kuong
System Contact:System Location:System Object ID:iso.org.dod.internet.private.enterprises.cisco.ciscoProducts.cisco 7000System Up Time: (315131795) 36 days, 11:21:57.95
Managed Hub: Port Addresses Information acquired by the NMS on hub interfaces Index refers to the interface on the hub Link address is the MAC address The second row data is a serial link
Managed Router: Port Addresses
Information acquired by NMS on the router interfaces Index refers to the interface on the router LEC is the LAN emulation card Ethernet 2/0 interface refers to the interface card 2 and port 0 in
that card
Internet Management History
1970s: Advanced Research Project Agency Network (ARPANET) comes up with Internet control Message Protocol
(ICMP) Internet Engineering Task Force (IETF)
1990 SNMPv1 1995 SNMPv2 1998 SNMPv3
Internet documents: Request for Comments (RFC) IETF STD Internet Standard FYI For your information
SNMP Related RFCs
Figure 4.4 SNMP Document Evolution
SNMP Organization Model
System Overview
Physical Medium
Figure 4.9 SNMP Network Management Architecture
SNMP System Architecture
Network
DL
SNMP
UDP
IP
SNMP
UDP
IP
SNMP
UDP
IP
Manager Agent Agent
. . .
ManagementStation Host Router
Network Elements (NEs)
Network Management
Protocol
SNMP DL DL
SNMP Services
Four Services Get, Set, GetNext, Trap
Five SNMP Messages GetRequest, SetRequest, GetNextRequest, GetResponse,
Trap
Manager Agent(s)
Get, Set, GetNext Request
Get Response
Trap
SNMP Services
Get Request
Get ResponseManager Agent
GetNext Request
Get ResponseManager Agent
Set Request
Get ResponseManager Agent
Trap RequestManager Agent
GetGet
GetNextGetNext
SetSet
TrapTrap
GetGet
GetNextGetNext
SetSet
TrapTrap
SNMP Services (cont.)
Get Request: Retrieve the values of objects in the MIB of an agent.
Get-Next Request: Retrieve the values of the next objects in the MIB of an agent.
Set Request: Update the values of objects in the MIB of an agent.
Trap Request Report extraordinary events to the manager.
Information Model
• Structure of Management Information (SMI) (RFC 1155, RFC 1212)
• Managed Object• Scalar• Aggregate or tabular object
• Management Information Base (RFC 1213)
Managed Object
Object Type Object Instance
Managed Object: Multiple Instances
Object Type Object Instance
Object Name• Object is uniquely defined by
• DESCRIPTOR• OBJECT IDENTIFIER
Internet Subnodes
directory OBJECT IDENTIFIER ::= {internet 1}
mgmt OBJECT IDENTIFIER ::= {internet 2}
experimental OBJECT IDENTIFIER ::= {internet 3}
private OBJECT IDENTIFIER ::= {internet 4}
root
ccitt iso joint-iso-ccitt
directory
0 1 2
std regauthority
memberbody
org0
1 2 3
dod
internet
6
1
12 3 4
mgmt experimental private
MIB II
system1
interface2
at3
IP4
ICMP5
TCP6
UDP7
EGP8
Trans.10
SNMP11
1 1enterprises
1.3.6.1.2.1.2 1.3.6.1.4.1
1.3.6.1.2.1
MIB II
interface
enterprises
Private MIB Example
Enterprise Number
http://www.isi.edu/in-notes/iana/assignments/enterprise-numbers
http://www.iana.org/
SNMP ASN.1 Data Type
Primitive Data Types
Structure Data Type Comments Primitive types INTEGER Subtype INTEGER (n1..nN)
Special case: Enumerated INTEGER type
OCTET STRING 8-bit bytes binary and textual data Subtypes can be specified by either range or fixed
OBJECT IDENTIFIER Object position in MIB NULL Placeholder
• subtype:
• INTEGER (0..255)
• OCTET STRING (SIZE 0..255)
• OCTET STRING (SIZE 8)
Enumerated
• Special case of INTEGER data type
Defined or Application Data Type
Constructor or Structured Data Type:SEQUENCE List Marker
SEQUENCE { <type1>, <type2>,…, <typeN> }
IpAddrEntry ::= SEQUENCE {
ipAdEntAddr IpAddress,ipAdEntIfIndex INTEGER,ipAdEntNetMask IpAddress,ipAdEntBcastAddr INTEGER,ipAdEntReasmMaxSize INTEGER
(0..65535)}
Constructor or Structured Data Type:SEQUENCE OFSEQUENCE OF <entry>
where <entry> is a list constructor ipAddrTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpAddrEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"The table of addressing information relevant to
this entity's IP addresses."
::= { ip 20 }
Example: IP Address Table
• Each row (table entry) is a sequence: IpAddrEntry.
• The ipAddrTable table is a sequence of rows (entries), i.e. a sequence of ipAddrEntry.
Encoding
• Basic Encoding Rules (BER)- Type, Length, and Value (TLV)
Type Length Value
Class(7-8th bits)
P/C(6th bit)
Tag Number(1-5th bits)
SNMP Data Types and Tags
Type Tag
OBJECT IDENTIFIER UNIVERSAL 6SEQUENCE UNIVERSAL 16IpAddress APPLICATION 0Counter APPLICATION 1Gauge APPLICATION 2TimeTicks APPLICATION 3Opaque APPLICATION 4
Managed Object: Structure
OBJECT:sysDescr: { system 1 }
Syntax: OCTET STRING Definition: "A textual description of the entity. This value should include the full name and version identification of the system's hardware type, software operating-system, and networking software. It is mandatory that this only contain printable ASCII characters." Access: read-only Status: mandatory
Figure 4.17 Specifications for System Description
SMIv1, SMIv2 SMIv1:
SMI (RFC 1155) Concise MIB (RFC 1212) Trap-Type (RFC 1215)
SMIv2: SMIv2 (RFC 2578) Textual Conventions (RFC 2579) Conformance Statements (RFC 2580)
OBJECT-TYPE MACRO ::= BEGINOBJECT-TYPE MACRO ::= BEGIN
TYPE NOTATION ::=TYPE NOTATION ::= "SYNTAX" type (TYPE "SYNTAX" type (TYPE ObjectSyntaxObjectSyntax))
““ACCESS" AccessACCESS" Access
"STATUS" Status"STATUS" Status
VALUE NOTATION ::= value (VALUE VALUE NOTATION ::= value (VALUE ObjectNameObjectName))
Access ::= "read-only" | "read-write“ | "write-only Access ::= "read-only" | "read-write“ | "write-only | "not-accessible"| "not-accessible"
Status ::= "mandatory” | "optional“ | "obsolete"Status ::= "mandatory” | "optional“ | "obsolete"
ENDEND
Object-Type Macro (RFC 1155)
OBJECT-TYPE MACRO (RFC1212)OBJECT-TYPE MACRO ::=BEGIN TYPE NOTATION ::=
"SYNTAX" type(ObjectSyntax) "ACCESS" Access "STATUS" Status
DescrPartReferPartIndexPartDefValPart
VALUE NOTATION ::= value (VALUE ObjectName)
ObjectName ::= OBJECT IDENTIFIER
OBJECT-TYPE Example
sysLocation OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..255))
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The physical location of this node (e.g.,
`telephone closet, 3rd floor')."
::= { system 6 }
DisplayString ::= OCTET STRING (SIZE (0..255))
"SYNTAX" type(ObjectSyntax)ObjectSyntax ::=
CHOICE {simple SimpleSyntax,application-wide ApplicationSyntax
}
SimpleSyntax ::=CHOICE {
number INTEGER,string OCTET STRING,object OBJECT IDENTIFIER,empty NULL
}
ApplicationSyntax ::= CHOICE {
address NetworkAddress,counter Counter,gauge Gauge,ticks TimeTicks,
arbitrary Opaque}
ApplicationSyntaxNetworkAddress ::=
CHOICE {internet IpAddress
} IpAddress ::=
[APPLICATION 0] IMPLICIT OCTET STRING (SIZE (4))Counter ::=
[APPLICATION 1] IMPLICIT INTEGER (0..4294967295)Gauge ::=
[APPLICATION 2] IMPLICIT INTEGER (0..4294967295)TimeTicks ::=
[APPLICATION 3] IMPLICIT INTEGER (0..4294967295) Opaque ::=
[APPLICATION 4] IMPLICIT OCTET STRING
0 .. 232-1
Back to OBJECT TYPE
"ACCESS" Access "STATUS" Status
Access ::= "read-only"| "read-write"| "write-only"| "not-accessible
Status ::= "mandatory"| "optional"| "obsolete"| "deprecated"
Back to OBJECT TYPE
DescrPartDescrPart ::=
"DESCRIPTION" value (description DisplayString)| empty
ReferPart ::="REFERENCE" value (reference DisplayString)
| empty
ReferPart
Back to OBJECT TYPE
DefValPart
ifNumber OBJECT-TYPESYNTAX INTEGERACCESS read-onlySTATUS mandatoryDEFVAL 1DESCRIPTION
"The number of network interfaces (regardless of
their current state) present on this system.“::= { interfaces 1 }
DefValPart ::="DEFVAL" "{" value (defvalue
ObjectSyntax) "}" | empty
Example:
Back to OBJECT TYPE
IndexPart
IndexTypes ::=IndexType | IndexTypes "," IndexType
IndexType ::=value (indexobject
ObjectName)| type (indextype)
IndexSyntax ::=CHOICE {
number INTEGER (0..MAX), string OCTET STRING, object OBJECT IDENTIFIER, address NetworkAddress, ipAddress IpAddress }
IndexPart ::= "INDEX" "{" IndexTypes "}"
instance-identifier (INDEX) integer-valued
3 3 string-valued, fixed-length strings
‘004096563c2e’H 0.64.150.86.60.46 string-valued, variable-length strings
“IIS Admin” 9.73.73.83.32.65.100.109.105.110 object identifier-valued
1.3.6.1.2 5.1.3.6.1.2 NetworkAddress-valued
163.22.20.16 1.163.22.20.16 IpAddress-valued
163.22.20.16 163.22.20.16
Index - variable-length stringsvSvcTable OBJECT-TYPE
SYNTAX SEQUENCE OF SvSvcEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A list of service entries describing network services installed on this server.“::= { server 3 }
svSvcEntry OBJECT-TYPE SYNTAX SvSvcEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "The names of the network services installed on this server." INDEX { svSvcName }::= { svSvcTable 1 }
Back to OBJECT TYPE
OBJECT-TYPE Example
dot1dBasePortEntry OBJECT-TYPESYNTAX Dot1dBasePortEntryACCESS not-accessible STATUS mandatory DESCRIPTION
"A list of information for each port of the bridge."
REFERENCE"IEEE 802.1D-1990: Section 6.4.2, 6.6.1"
INDEX { dot1dBasePort }::= { dot1dBasePortTable 1 }
Aggregate Object
• A group of objects
• Also called tabular objectstabular objects
• Can be represented by a table with
• Columns of objects
• Rows of instances
Table of Objects
List of Objects
Objects
Aggregate M.O. Macro: Table Object
ipAddrTable OBJECT-TYPE SYNTAX SEQUENCE OF IpAddrEntry ACCESS not-accessible
STATUS mandatoryDESCRIPTION
"The table of addressing information
relevant to this entity's IP addresses."::= {ip 20}
Aggregate M.O. Macro: Entry Object
ipAddrEntry OBJECT-TYPESYNTAX IpAddrEntryACCESS not-accessibleSTATUS mandatoryDESCRIPTION
"The addressing information for one of this entity's IP addresses."
INDEX { ipAdEntAddr }::= { ipAddrTable 1 }
ipAddrEntry: OBJECT-TYPEIpaddrEntry: SYNTAX
Aggregate M.O. Macro: Entry Object
IpAddrEntry ::= SEQUENCE { ipAdEntAddr IpAddress, ipAdEntIfIndex INTEGER, ipAdEntNetMask IpAddress, ipAdEntBcastAddr INTEGER, ipAdEntReasmMaxSize INTEGER (0..65535) }
Aggregate M.O. Macro: Columnar Objects
ipAdEntAddr OBJECT-TYPE SYNTAX IpAddress
ACCESS read-onlySTATUS mandatoryDESCRIPTION
"The IP address to which this entry's
addressing information pertains.”::= { ipAddrEntry 1 }
Tabular Representation of Aggregate Object
Tabular Representation of Aggregate Object
Multiple Instances of Aggregate Managed Object
ipAddrTable {1.3.6.1.2.1.4.20}ipAddrEntry (1)
ipAdEntAddr (1)ipAdEntIfIndex (2)ipAdEntNetMask (3)ipAdEntBcastAddr (4)ipAdEntReasmMaxSize (5)
Columnar object ID of ipAdEntBcastAddr is (1.3.6.1.2.1.4.20.1.4):
iso org dod internet mgmt mib ip ipAddrTable ipAddrEntry ipAdEntBcastAddr 1 3 6 1 2 1 4 20 1 4
Figure 4.23(a) Columnar objects under ipAddrEntry
Example
Identification of Managed Objects Use Object Identifier (OID)
OID = Object Type OID . Instance Identifier Object Type OID:
Each Object type has a unique OID
Instance Identifier: Identify instances of object type
E.g .mib-2.interface.ifTable.ifEntry.ifDescr.2
Two Kinds of Managed Objects
Type-Specific Objects: sysDescr OBJECT-TYPE
SYNTAX DisplayString (SIZE(0..255))
::= {system 1}
OID: mib-2.system.1.0 Columnar Objects
OID: mib-2.interface.ifTable.ifEntry.ifDescr.2mib-2.interface.ifTable.ifEntry.ifDescr.6 mib-2.interface.ifTable.ifEntry.ifType.2mib-2.interface.ifTable.ifEntry.ifType.6
Columnar Objects
ifTable OBJECT-TYPE SYNTAX SEQUENCE OF IfEntry … ::= { interface 2 }
IfEntry ::= SEQUENCE { ifIndex INTEGER, ifDescr DisplayString, ifType INTEGER, …}
ifEntry OBJECT-TYPE SYNTAX IfEntry … INDEX {ifIndex } ::= { ifTable 1}
ifDescr OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) ACCESS read-only STATUS madatory...::= {ifEntry 2}
Columnar Objects
ifIndex ifDescr ifType . . .
1 le0 6 . . .
6 llc0 1 . . .
7 lo0 24 . . .
9 le1 6 . . .
.ifTable.ifEntry.1 (1.3.6.1.2.1.2.2.1.1) .ifTable.ifEntry.2 (1.3.6.1.2.1.2.2.1.2)
.ifTable.ifEntry.3 (1.3.6.1.2.1.2.2.1.3)
1.3.6.1.2.1.2.2.1.3.71.3.6.1.2.1.2.2.1.2.6
Index in MIB II ifEntry {ifIndex} atEntry {atNetIfIndex, atNetAddress} ipAddrEntry {ipAdEntAddr } ipRouteEntry {ipRouteDest} ipNetToMediaEntry {ipNetToMediaIfIndex,
ipNetToMediaNetAddress} tcpConnEntry
{tcpConnLocalAddress, tcpConnLocalPort, tcpConnRemoteAddress, tcpConnRemotePort}
udpEntry {udpLocalAddress, udpLocalPort} egpNeighEntry {egpNeighAddr}
Index Example
To get the state of the TCP connection:10.10.13.137: 3125 ===> 61.30.91.235: 80
Use snmp_get_req. to get the “tcpConnState” of the tcpConnTable in MIB II.
tcpConnState ==> 1.3.6.1.2.1.6.13.1.1
1.3.6.1.2.1.6.13.1.1.10.10.13.137.3125.61.30.91.235.80
tcpConnTable