1 / 42

Chapter 5 SNMPv1: Communication and Functional Models

Chapter 5 SNMPv1: Communication and Functional Models. Network Management. Organization Model (ch. 4) 2 tier 3 tier Information Model (ch. 4) SMI MIB Communication Model (ch. 5) Functional Model (ch. 5). SNMP V1.

keely-graham
Télécharger la présentation

Chapter 5 SNMPv1: Communication and Functional Models

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 5 SNMPv1: Communication and Functional Models TNM Chapter 5

  2. Network Management • Organization Model (ch. 4) • 2 tier • 3 tier • Information Model (ch. 4) • SMI • MIB • Communication Model (ch. 5) • Functional Model (ch. 5) TNM Chapter 5

  3. SNMP V1 • Structure and Identification of Management Information for TCP/IP-based Internets, which describes how managed objects contained in the MIB are defined in RFC 1155 • Management Information Base for Network Management of TCP/IP- based Internets, which describes the managed objects contained in the MIB are defined in RFC 1156 • The Simple Network Management Protocol, which defines the protocol used to manage these objects, is defined in RFC 1157 TNM Chapter 5

  4. SNMPv1 References • STD 15, RFC 1157: which defines the Simple Network Management Protocol (SNMPv1), the protocol used for network access to managed objects. • STD 16, RFC 1155: Defines the Structure of Management Information (SMIv1), the mechanisms used for describing and naming objects for the purpose of management. • STD 16, RFC 1212: Defines a more concise description mechanism, which is wholly consistent with the SMIv1. - RFC 1215: Defines a convention for defining Traps for use with the SMIv1. • SMI v1: This term generally refers to the information presented in RFC 1155, RFC 1212, and RFC 1215. TNM Chapter 5

  5. SNMPV1 Summary • Information Model • MIB (Virtual storage) and different MIB groups • Structure of management information • Organizational Model • Communication Model TNM Chapter 5

  6. SNMP Architecture • Truly simple network management protocol • Five messages, three from manager and two from agent TNM Chapter 5

  7. Messages between SNMP manager and Agent Get Request SNMP Manager SNMP Agent GET NEXT MO SET GET Response TRAP Each MO has its own MIB compiled into it. The Agent responsible for it will have MIB corresponding to that object compiled into it. SNMP manager will have MIB compilation. TNM Chapter 5

  8. SNMP Messages • Get-Request • Get-Next-Request • Set-Request • Get-Response • Trap • Generic trap • Specific trap • Time stamp TNM Chapter 5

  9. SNMP Messages (Cont’d) • Generic trap • coldStart • warmStart • linkDown • linkUp • authenticationfailure • egpNeighborLoss • enterpriseSpecific • Specific trap • for special measurements such as statistics • Time stamp: Time since last initialization TNM Chapter 5

  10. Administrative Model • Based on community profile and policy • SNMP Entities: • SNMP application entities • Reside in management stations and network elements - Manager and agent • SNMP protocol entities - Communication processes (PDU handlers) - Peer processes that support application entities TNM Chapter 5

  11. SNMP Community: Authentication Multiple managers communicate with SNMP agent Simplest Authentication is the common Community name at the manager and agent. Community name type is octet string Authentication is a set of filters at Agent and Manager, which just checks for the common Community string TNM Chapter 5

  12. SNMP Community (Cont’d) • Many SNMP Managers Communicating with one Agent • One Manager communicating with multiple Agents • So there can be many to one, one to many or many to many relationships between managers and agents. TNM Chapter 5

  13. SNMP Community • Security in SNMPv1 is community-based • Authentication scheme in manager and agent • Community: • A pairing of an SNMP agent with some arbitrary set of SNMP application entities is called an SNMP community • Each SNMP community name is denoted by String of octets • Two applications in the same community communicate with each other • Application could have multiple community names • Communication is not secured in SNMPv1 - no encryption TNM Chapter 5

  14. snmp-server community CISCO RO • snmp-server community IBM RW • snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart • snmp-server enable traps isdn call-information • snmp-server enable traps isdn layer2 • snmp-server enable traps isdn chan-not-avail • snmp-server enable traps hsrp • snmp-server enable traps config • snmp-server enable traps entity • snmp-server enable traps envmon • snmp-server enable traps ds0-busyout • snmp-server enable traps ds1-loopback • snmp-server enable traps bgp • snmp-server enable traps ipmulticast • snmp-server enable traps msdp • snmp-server enable traps rsvp • snmp-server enable traps frame-relay • snmp-server enable traps rtr • snmp-server enable traps syslog • snmp-server host 10.10.10.1 CISCO TNM Chapter 5

  15. Community Profile SNMP authorization is based on the Managed Object MIB specification. Each Managed Object is specified by five elements. One of them is ACCESS. Agent has a MIB view of Objects 2,3 and 4. Pairing of SNMP access mode with SNMP MIB view is called Community Profile TNM Chapter 5

  16. Admin Model: MIB view • An agent may be programmed to view only a subset of managed objects of a network element • Access mode • Each community name is assigned an access mode:: read-only , read-write , write-only, or not accessible • Community profile: MIB view + access mode • A pairing of a SNMP access mode with a SNMP MIB view is called an SNMP community profile • Operations on an object determined by community profile and the access mode of the object • As an example if a variable is defined in the MIB with "Access:" of "read-write" or "write-only" and the access mode of the given profile is READ-WRITE, that variable is available as an operand for the get, set, and trap operations • A pairing of a SNMP community with a SNMP community profile is called a SNMP access policy • Total of four access privileges (Read only(interface statistics), write only (sysDescr), read and write(sysContact), not accessible(table)) TNM Chapter 5 Reference: RFC 1157

  17. Administration Model: SNMP access Policy • Administration model is SNMP access policy • SNMP community paired with SNMP community profile is SNMP access policy TNM Chapter 5

  18. Access Policy • Manager manages Community 1 and 2 network components via Agents 1 and 2 • Agent 1 has only view of Community Profile 1, e.g. Cisco components • Agent 2 has only view of Community Profile 2, e.g. 3Com components • Manager has total view of both Cisco and 3Com components TNM Chapter 5 5-8

  19. manager Community Agent1 Agent2 Cisco Componenets Juniper Componenets Comm profile 2 Comm profile 1 Example : Access Policy Agent1 has community profile only for Cisco components Agent 2 has community profile of Juniper components However Manager has views of both Cisco and Juniper TNM Chapter 5

  20. Generalized Administration Model • Manager 1 manages community 1, manager 2 community 2,and manager 3 (MoM) both communities 1 and 2 TNM Chapter 5

  21. Proxy Access Policy Proxy server • Proxy agent enables non-SNMP community elements to be managed by an SNMP manager. • An SNMP MIB is created to handle the non-SNMP objects TNM Chapter 5

  22. Proxy Agent SNMP Agent Proxy agent/server Application Monitor Non-SNMP Non-SNMP Objects To convert non-SNMP objects and data to SNMP compatible objects and data TNM Chapter 5

  23. Protocol Entities TNM Chapter 5

  24. Protocol entities (Cont’d) • Protocol entities support application entities • Communication among protocol entities is accomplished by the exchange of messages, each of which is entirely and independently represented within a single UDP datagram using the basic encoding rules of ASN.1 • Communication between remote peer processes • Message consists of • Version identifier • Community name • Protocol Data Unit: one of the 5 types • Message encapsulated and transmitted TNM Chapter 5

  25. Get and Set PDU • VarBindList: multiple instances of VarBind pairs • VarBind is pairing of a variable and its value An SNMP protocol entity is received on port 161, except trap which is received on port 162 TNM Chapter 5

  26. Get and Set PDU (Cont’d) • VarBindList: multiple instances of VarBind pairs PDU Types: enumerated INTEGER TNM Chapter 5

  27. Get and Set PDU(cont’d) • VarBindList: multiple instances of VarBind pairs Request ID: Since UDP is connection less, Request ID is used to identify the message TNM Chapter 5

  28. Get and Set PDU(cont’d) Error in Response Error Index: No. of VarBind that the first error occurred TNM Chapter 5

  29. Trap PDU TNM Chapter 5

  30. Trap PDU (cont’d) • Enterprise and agent address pertain to the system generating the trap • Seven generic traps specified by enumerated INTEGER • Specific trap is a trap not covered by enterprise specific trap • time stamp indicates elapsed time since last re- initialization TNM Chapter 5

  31. SNMP Operations: Get Request/Response TNM Chapter 5

  32. Agent GetRequest (sysDescr.0) Manager Process GetResponse (sysDescr .0= "SunOS" ) Process GetNextRequest (sysDescr.0) GetResponse ( sysObjectID.0=enterprises.11.2.3.10.1.2 ) GetNextRequest (sysObjectID.0) GetResponse (sysUpTime.0=2247349530) GetNextRequest (sysUpTime.0) GetResponse (sysContact.0=" ") GetRequest (sysName.0) GetResponse (sysName.0="noc1 ") GetRequest (sysLocation.0) GetResponse (sysLocation.0=" ") GetRequest (sysServices.0) GetResponse (sysServices.0=72) Figure 5.10 Get-Request/Get next Operation for System Group SNMP Operations: Getnext Note; that in all these exmaples, the objects are scalar objects TNM Chapter 5

  33. Why use Get next? • The object ID of the next object does not have to be known. • In case of aggregate object the number of rows in the table may be dynamic (as an example some interfaces might have been added or deleted). Hence we always do not know the number of rows in the table. Get next overcomes this problem. • Get next request may be used to build the MIB tree. Called MIB walk. Used by MIB browser in an NMS implementations TNM Chapter 5

  34. MIB for Get-Next-Request for an aggregate object A,B and Z are scalar objects. Table T is an aggregate object. With an entry, each entry having three columnar objects, and 2 rows. TNM Chapter 5

  35. A GetRequest ( A ) Manager Agent GetResponse ( A ) Process Process B GetRequest ( B ) GetResponse ( B ) GetRequest (T.E.1.1 ) T GetResponse ( T.E.1.1 ) GeRequest (T.E.1.2 ) GetResponse ( T.E.1.2 ) E GetRequest (T.E.2.1 ) GetResponse ( T.E.2.1 ) GettRequest (T.E.2.2 ) GetResponse ( T.E.2.2 ) T.E.1.1 T.E.2.1 T.E.3.1 GetRequest (T.E.3.1 ) GetResponse ( T.E.3.1 ) T.E.1.2 T.E.2.2 T.E.3.2 GetRequest (T.E.3.2 ) GetResponse ( T.E.3.2 ) GetNextRequest (T.E.3.2 ) Z GetResponse ( Z ) GetNextRequest ( Z ) GetResponse ( noSuchName ) Figure 5.13 Get-Request Operation for MIB in Figure 5.12 Get-Request Operation TNM Chapter 5

  36. Lexicographic Order: For determing what is next in getNext For an aggregate object the manager and agent should have a common understanding of what is next TNM Chapter 5

  37. Lexicographic Order • Procedure for ordering: • Start with leftmost digit as first position • Before increasing the order in the first position, select the lowest digit in the second position • Continue the process till the lowest digit in the last position is captured • Increase the order in the last position until all the digits in the last position are captured • Move back to the last but one position and repeat the process • Continue advancing to the first position until all the numbers are ordered • Tree structure for the above process TNM Chapter 5

  38. MIB Lexicographic Order A 3.1 B 3.2 T Z E 1.1 1.2 2.1 2.2 TNM Chapter 5

  39. A More Complex MIB Example TNM Chapter 5

  40. Get-Next-Request Operation TNM Chapter 5

  41. Get-Next-Request Operation TNM Chapter 5

  42. SNMP MIB group Most of the MIB objects were not used and hence deprecated in SNMPv2 TNM Chapter 5

More Related