Network Management System - Module 2
Network Management System - Module 2
System
Module 2
Presented by Manju Devaraj
Agenda
SNMP Operation
SNMP v3
1. SNMP Operation
Objectives
At the end of this session, you would be able to:
Host B
SNMP MANAGER
SNMP AGENT
UDP / IP
UDP / IP
Data Link
Data Link
Physical
Physical
SNMP Protocol
The network devices are managed by the management station
Devices run agent software and management station run
manager software
The Manager learns about the network device through the
agent
Hence, both the agent and manager need to share the same
Information model to work together
Agent interact with the Device (back end) to retrieve values
ClientClient
8
Server
2012 WIPRO LTD | WWW.WIPRO.COM
10
11
Management Station
PDU
Type
Req 0
id
Device
Variable
Bindings (names)
Management process
Agent Process
PDU
Type
Req 0
id
0 Name Variable
1
1
MIB
Name
n
Variable
n
Response - No Error
12
Request
id
Variable Bindings
Management Station
PDU
Type
Req
id
Device
Variable
Bindings (names)
Management
Process
Agent Process
PDU
Type
Req
id
toobig
MIB
NULL
Response Error
too big- message size
Exceeds max size
PDU Format GetRequest/ Response
PDU
Type
13
Request
id
Error
Status
Error
Index
Variable
Bindings
Management Station
PDU
Type
Req
id
Device
Variable
Bindings (names)
PDU
Type
Management Process
Req
id
generror
MIB
Index
Of problem
object
Agent Process
Response Error
generror- processing of
Variable name fails
PDU Format GetRequest/ Response
PDU Type
14
Request id
Error Status
Error Index
Variable Bindings
15
Error Status
noSuchName(2) Object specified which agent did not know
based on specified community. Most common source is
reading objects that do not exist.
badValue(3) a set value tried to modify an object with invalid
or inconsistent value.
readOnly (4) defined in v1 to indicate that a set operation tried
to modify a variable that according to community profile
cannot be written into. In reality this isnt used as if you try to
set a read-only object noSuchName error status is returned
genErr (5) any other error
16
SNMPv2 Exceptions
For SNMP GET requests we can get back noSuchObject and
noSuchInstance Exception
For SNMP GETNEXT requests we can get back
endOfMibView.
For SNMP SET requests we cannot get back any exceptions.
For SNMP GETBULK requests we can get back
endOfMibView
18
19
20
Get Request
Consider following MIB table a subset of ifTable
Instance
1
2
3
4
5
6
21
ifIndex
1
2
3
4
5
6
ifDescr
ethernet
ethernet
serial
ppp
ethernet
ethernet
ifType
6
6
22
23
6
6
22
23
GetNextRequest Illustration
Issue a GetNextRequest(ifInOctets, ifInUcastPkts,
ifInNUcastPkts)
24
25
Management Station
PDU
Type
Req
id
Nonrepeaters
Maxrepetitions
Device
Variable
Bindings
Agent Process
PDU
Type
Management Process
Req
id
Nonrepeaters
26
Request
nonmaxid
repeaters repetitions
Variable
Bindings
MIB
Maxrepetitions
Variable
Bindings
GetBulkRequest
27
28
PDU
Type
Management Station
Req 0 0 Name Variable Name Variable
n
id
1
1
n
Device
Agent Process
PDU
Type
Management Process
Req 0
id
0 Name Variable
1
1
29
Request
id
Name Variable
n
n
If no Validation error
Phase-2 :
If no updation error
The values are set
PDU
Type
MIB
Error
Status
Error
Index
Variable
Bindings
Device
Management Station
PDU type
Req Id
00
VariableMIB
Bind List
Management process
Agent Process
30
Request
id
Error
Status
Error
Index
Variable
Bindings
Trap PDU
Format for SNMPv2 Trap PDU
----------------------------------------------------------| 0xA7 | reqid | 0 | 0 | variable bindings |
----------------------------------------------------------PDU format identical to Get, GetNext or Set .Info about trap embedded
in variable bindings.
31
NOTIFICATION-TYPE
SNMPv2 Traps are defined by this macro.
linkDown NOTIFICATION-TYPE
OBJECTS { ifIndex, ifAdminStatus ,
ifOperStatus}
STATUS current
DESCRIPTION
A linkdown trap .
::= { snmpTraps 3}
32
33
Generic Traps
Six Generic Traps are defined:
coldStart (0)
warmStart (1)
linkDown(2)
linkUp (3)
authenticationFailure(4)
egpNeighbourLoss(5)
34
Informs
Informs are like SNMPv2 Traps but they are acknowledged.
InformsRequest PDU is:
----------------------------------------------------------| 0xA6 | reqid | 0 | 0 | variable bindings |
----------------------------------------------------------
35
36
37
Workbook 8
Explore the AdventNet Manager and access the agent on Linux
machine and see how the manager and agent interact.
Capture in Ethereal the exchange between manager and agent and
note the port number used by manager and agent and also the
various filelds in the SNMP message.
Use snmpget, snmpgetnext, snmpbulkget for
accessing MIB objects both scalars and table objects.
Use snmptrap to generate traps which can be seen on
AdventNet Trap Viewer.
38
Workbook 9
Make an SNMP request to the agent from your manager and
trace byte wise the SNMP request and response in Ethereal.
39
Summary
In this session we discussed:
40
2. SNMP v3
41
Objectives
At the end of this session, you would be able to:
42
SNMPv3 Architecture
43
SNMP Entity
SNMP Applications
SNMP Engine
Implements functions to provide
services to applications
44
45
Encryption
46
Authentication
Decryption
msgVersion
msgID
msgMaxSize
msgFlags
reportable,
priv,auth
msgSecurityModel
1,2,3
msgSecurityParameters
contextEngineID
contextName
PDU
47
Used by message
processing subsystem
48
49
A MIB View
50
VACM
OID
security
name vacmSecurityToGroupTablegroupNam
e
vacmViewTree
FamilyTable
MIB
View
vacmAccessTable
security model
security level
context name
mess type(read,write ,
notify)
51
52
53
54
Authentication
There are three goals in authentication:
(1) to verify that the user is really who he says he is
(2) to verify the user's message was not changed during
transport
(3) to verify that the message is not being replayed (copy the
message and play it over again in the future).
Authentication is optional in SNMPv3. There may be situations
where the users are trusted and/or the data is not sensitive. In
these cases, the organization may not want to incur the
overhead of using authentication.
This is referred to as noauth/nopriv.
55
Authentication (Contd.).
Sending an authenticated SNMPv3 packet:
1. The entire packet is created. The authentication flag is turned
56
57
MAX-ACCESS in SMIv2
MAX-ACCESS clause: can be
a) not accessible
b) accessible for notify
c) read only
d) read-write
e) read-create
58
Status in SMIv2
Status : either
a) Current
b) Obsolete
c) Deprecated
59
SNMP V2 Enhancements
In SNMP v2, SMI (Structure of Management Information) has
10 datatypes, whereas SNMP v1 has got only 8 datatypes
except Unsigned32 and Counter64
SNMP v2 has got categories of conceptual tables that prohibit
as well as allow row creation and deletion by manager
(depending upon the requirements). But no such conceptual
categories are found in SNMP v1. (RowStatus column in v2)
60
Textual conventions
TEXTUAL CONVENTIONS
TO REFINE SEMANTICS OF EXISTING TYPES
EXAMPLE:
RunState ::= TEXTUAL CONVENTION
STATUS current
DESCRIPTION "..."
SYNTAX INTEGER{
running(1)
runable(2)
waiting(3)
exiting(4)}
61
62
PhysAddress
MacAddress
TruthValue
AutonomousType
InstancePointer
VariablePointer
RowPointer
RowStatus
TimeStamp
TimeInterval
DateAndTime
StorageType
TDomain
TAddress
TO:
VIA:
130.89.16.4
130.89.17.6
130.89.18.2
130.89.18.7
63
STATUS:
130.89.1.1 ACTIVE
130.89.1.1 NOT READY
130.89.1.4 ACTIVE
130.89.1.4 ACTIVE
64
MODULE ...
MANDATORY-GROUPS ...
GROUP ...
OBJECT ...
MODULE n
::= { ... }
65
OBJECT-GROUP Construct
TO DEFINE A SET OF RELATED OBJECT TYPES
EXAMPLE:
newMibScalarGroup OBJECT-GROUP
OBJECTS { address, name, uptime }
STATUS current
DESCRIPTION "The collection of
scalar objects."
::= { demoGroups 1 }
66
OBJECT-GROUP Definition
-- units of conformance
snmpEngineGroup OBJECT-GROUP
OBJECTS {
snmpEngineID,
snmpEngineBoots,
snmpEngineTime,
snmpEngineMaxMessageSize
}
STATUS
current
DESCRIPTION "A collection of objects for identifying and
determining the configuration and current
timeliness
values of an SNMP engine. "
::= { snmpFrameworkMIBGroups 1 }
68
SNMP V2
69
Workbook 10
Observe the demo for configuring an SNMPv3 Agent.
Implement View Based Access Control on the v3 Agent in
your system and test it out.
70
Summary
In this session we discussed:
71
References
1. Forouzan, Behrouz A. Data Communication and Networking. Ed 4.
New Delhi: Tata Mcgraw Hill, 2006.
2. Zeltseman, Dave. Practical guide to SNMP v3 and Network
Management. New Delhi: Pearson Publication, 2008.
3. Interworking Labs (2012). Implementing Secure Network
Management. Retrieved on May 2, 2012, from,
http://www.iwl.com/white-papers/implementing-secure-networkmanagement.html?Itemid
72
Thank You
73