1 / 42

Chapter 6 Overview

Chapter 6 Overview. Simple Network Management Protocol SNMPv1 SNMP packet format Structure of MIB tree MIB-2 objects SNMP commands SNMP security Network mgmt system functions. SNMP. Recall that SNMP is An application layer protocol

kirra
Télécharger la présentation

Chapter 6 Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 6 Overview • Simple Network Management Protocol • SNMPv1 • SNMP packet format • Structure of MIB tree • MIB-2 objects • SNMP commands • SNMP security • Network mgmt system functions Chapter 6  SNMP 1

  2. SNMP • Recall that SNMP is • An application layer protocol • Used to transfer info between mgmt station and mgmt agent • SNMP is part of network management • Like HTTP is part of Web browsing Chapter 6  SNMP 2

  3. Web Browsing • Web browsing requires • Web browser on your computer • HTTP • Web server(s) with data • Software on Web server • Communication architecture Chapter 6  SNMP 3

  4. Network Management • Network management requires • Management application, mgmt processes, management MIB • SNMP • Agent process, agent MIB • Communication architecture Chapter 6  SNMP 4

  5. Management Environment • Components of mgmt environment Chapter 6  SNMP 5

  6. Mgmt Application • This is the main part of NMS software • Application that requests and manages info from agents • Display results in a usable format • Graphs, pictures, etc. • May display data in the ISO mgmt categories Chapter 6  SNMP 6

  7. Mgmt Process • Mgmt processes support mgmt application • Application programs that do necessary functions • For example, process accesses MIB variable and passes it to SNMP Chapter 6  SNMP 7

  8. Mgmt Station SNMP • Processes packet to be sent to agent, and those received from agent • Note that SNMP packet contains • Version number • Community string • SNMP command • List of variables Chapter 6  SNMP 8

  9. Mgmt Agent SNMP • Like previous slide, but on agent • For received SNMP packet • Extract MIB variable • Pass MIB variable to agent process Chapter 6  SNMP 9

  10. Agent Process • Purpose is to get the requested data • Agent must locate the data in “virtual database” • Then prepare date for • Mgmt agent SNMP (previous slide) Chapter 6  SNMP 10

  11. Essential Mgmt Components • Essential mgmt components include… • MIB on Mgmt Station • Stores MIB variables • NMS application software • Display, analyze data • SNMP • Format used for request/reply messages • Agent process • Gathers data from virtual database Chapter 6  SNMP 11

  12. SNMPv1 Packet • SNMPv1 packet has the form • Version the version of SNMP • SNMPv1 is “0” in version field • Community name like a password • Agent can limit who can see what • Sent “in the clear”, so not very secure Chapter 6  SNMP 12

  13. SNMPv1 PDU • PDU for Get-Request, Get-Next-Request and Set-Request has fields: • Request ID like a sequence number • Error status error in Get-Response • Error index first variable in VarBindList that caused error Chapter 6  SNMP 13

  14. SNMPv1 PDU • Error status • 0 = noError • 1 = tooBig (PDU has too many bytes) • 2 = noSuchName (no object with requested name) • 3 = badValue (invalid no. for PDU type) • 4 = readOnly (incorrect implementation of SNMP) • 5 = genErr (any other error) Chapter 6  SNMP 14

  15. SNMPv1 PDU • VarBindList list of pairs of the form • Variable ID Object Identifier as defined in SMI specification • Variable value actual value, which could be integer, IP address, etc. Chapter 6  SNMP 15

  16. SNMP Commands • SNMP commands (numbered 0 thru 4) • Get-Request request value(s) from agent MIB • Get-Next-Request next MIB element (based on object identifier) in lexicographic order • Can use this to “walk” the MIB tree • Get-Response response from agent • Set-Request write a value in agent’s MIB • For example, the value might shut down device • Trap unsolicited msg from agent Chapter 6  SNMP 16

  17. SNMP Trap • Trap PDU is of the form • Enterprise  Object Identifier for device that created trap message • Agent address  IP address of device • Generic trap number 7 categories • Specific trap number  code number • Time stamp  time since device initialized • VarBindList  same as defined previously Chapter 6  SNMP 17

  18. SMI • Structure of Management Info • RFC 1155 • The data structure on the agent • Object Identifier mapped to value stored on subsystem • NIC is example of a subsystem • MAC address could be desired value Chapter 6  SNMP 18

  19. SMI • Each object has a name • Groups of related objects also defined • Each object has a type • For example, “integer” • Types can be • Simple  a single value • Constructed  multiple objects of simple type Chapter 6  SNMP 19

  20. SMI • SMI specification uses subset of Abstract Syntax Notation One (ASN.1) • Formal specification of MIB objects • ASN.1 used to specify • Name of object • Type of object • Read, read-write, or not accessible • Brief description of object • See Appendix B for info on ASN.1 Chapter 6  SNMP 20

  21. SMI Object Tree • 0 is the root • Example: Object ID of sysDescr(1) is 1.3.6.1.2.1.1.1 Chapter 6  SNMP 21

  22. SMI Object Tree • MIB objects identified as on previous slide • Tree can be arbitrarily deep • MIB-2 defined with 10 groups • System, interfaces, address translation, IP, ICMP, TCP, UDP, EGP, transmission, SNMP • Later added 13 more groups (extensions) • Group can contain many objects, and these objects can be “constructed” type Chapter 6  SNMP 22

  23. Proprietary MIBs and RMON • If not enough groups in MIB-2… • …can create a proprietary MIB • Proprietary MIBs are listed under enterprise • Enterprise is a sub-node of private (4) • RMON • Remote Monitoring Standard • An extension of MIB-2 • Deals with traffic on a network segment Chapter 6  SNMP 23

  24. SMI Tree • MIB-2 (1) • IP has 23 objects • ipRouteTable (21) • ipRouteEntry (1), consists of 13 column objects Chapter 6  SNMP 24

  25. ipRouteEntry • An instance of ipRouteEntry consists of all 13 columns in the table above • How to select column 7? • 1.3.6.1.2.1.4.21.1.7 • Note that the result is a column, not a value • How to specify row 3 of column 7? • ipRouteDest serves as Index Object • 1.3.6.1.2.1.4.21.1.7.10.3.4.5 Chapter 6  SNMP 25

  26. wsnmp • wsnmp is SNMP command line program • Suppose we want to get sysDescr • Why does “get sysDescr” fail? • Get-Request returns an instance (a value) • sysDescr is an object • Must include Index Object of 0 Chapter 6  SNMP 26

  27. wsnmp • Recall Get-Next-Request gets next object in MIB tree (in lexicographic order) • getnext sysDescr • sysDescr is at 1.3.6.1.2.1.1.1 in MIB tree • sysDescr.0, i.e., 1.3.6.1.2.1.1.1.0, is next location in MIB tree that contains a value • The value at sysDescr.0 is “Hardware: x86 … “ Chapter 6  SNMP 27

  28. wsnmp • Recall Get-Next-Request gets next object in MIB tree (in lexicographic order) • getnext sysDescr.0 • sysDescr.0 is at 1.3.6.1.2.1.1.1.0 in MIB tree • 1.3.6.1.2.1.1.2.0, sysObjectID.0, is next location with a value • Value of sysObjectID.0 is 1.3.6.1.4.1.311.1.1.3.1.3 Chapter 6  SNMP 28

  29. MIB-2 System Group • Note that “311” (on previous slide) stands for IBM Chapter 6  SNMP 29

  30. Get-Request vs Get-Next-Request • Spse you use Get-Request • If no value for requested object (or other error), NULL and error returned • As we saw with “get sysDescr” • Spse you use Get-Next-Request • If no value for specified object, you will still get next value in MIB tree • This is a good thing! Chapter 6  SNMP 30

  31. Get-Request vs Get-Next-Request • What is result of GetNextRequest(ipRouteEntry)? • Address of ipRouteEntry is 1.3.6.1.2.1.4.21.1 • Next value in MIB is at index 1.3.6.1.2.1.4.21.1.1.10.3.4.3 • Result: ipRouteDest.10.3.4.3 = 10.3.4.3 • What is GetNextRequest(ipRouteDest.10.3.4.5)? • ipRouteDest.10.3.4.5 is 1.3.6.1.2.1.4.21.1.1.10.3.4.5 • Next value in MIB tree is at 1.3.6.1.2.1.4.21.1.2.10.3.4.3 • Result: ipRouteifIndex.10.3.4.3 = 1 Chapter 6  SNMP 31

  32. Get-Request vs Get-Next-Request • What is GetNextRequest(ipRouteifIndex.10.3.4.3)? • ipRouteifIndex.10.3.4.3 is 1.3.6.1.2.1.4.21.1.2.10.3.4.3 • Next value in MIB tree is at 1.3.6.1.2.1.4.21.1.2.10.3.4.4 • Result: ipRouteifIndex.10.3.4.4 = 2 • What is result of GetNextRequest(ipRouteTable)? • Recall address of ipRouteTable is 1.3.6.1.2.1.4.21 • Next value in MIB is at index 1.3.6.1.2.1.4.21.1.1.10.3.4.3 • Result: ipRouteDest.10.3.4.3 = 10.3.4.3 Chapter 6  SNMP 32

  33. Get-Next-Request • Can use Get-Next-Request to access all values in a table • Even if we don’t know how many rows in table • Can access values in MIB tree from a given starting point on • Can “walk” the MIB tree in lexicographic order • A nice feature! Chapter 6  SNMP 33

  34. Set Command • Recall Set-Request used to remotely “set” (write) a value • For example, • SetRequest(sysContact = Frank) • Would change value of sysContact to “Frank” • Response to this would be Get-Response with sysContact = Frank Chapter 6  SNMP 34

  35. Security • We mentioned previously the SNMP method of authentication • A community name acts like a password • More than one mgmt station may have access • Authorization is also a concern • Assuming that you have access… • …then what are you allowed to do? Chapter 6  SNMP 35

  36. Security • SNMP security features • SNMP community profile • Access mode specifies type of access • MIB view specifies access or not Chapter 6  SNMP 36

  37. Security • SNMP security features • SNMP Access Policy • Combination of all of the above Chapter 6  SNMP 37

  38. Security • SNMP Access Mode  MIB Access • Mapping between these given below Chapter 6  SNMP 38

  39. Proxy • SNMP agent can act as a proxy • To collect mgmt values • Device might not support SNMP • Might be used to improve performance Chapter 6  SNMP 39

  40. Meterware NMS • MIB browser screen • Much easier than command line mode! Chapter 6  SNMP 40

  41. Meterware NMS • Meterware “decodes” the information and presents it in a readable form • Also presents hex view • See book for more pictures of Meterware output Chapter 6  SNMP 41

  42. Chapter 6 Summary • Components of mgmt environment • Format of SNMP messages • Get-Request • Get-Next-Request • Command line • Security (or lack thereof) • Meterware NMS Chapter 6  SNMP 42

More Related