SNMP

SNMP
((Simple
Simple Network
Network Management Protocol))
Management Protocol
based
based
Network
Network Management
Management
 Network Management: What is it?
• Network management includes
– deployment,integration and coordination of the
hardware, software, and human elements
– to monitor, test, poll, configure, analyze,
evaluate and control the network and element
resources
– to meet the real-time, operational performance,
and Quality of service requirements at a
reasonable cost.
 Network Management: Why is it needed?
• Lowers costs by eliminating the need for
many administrators at multiple locations
performing the same function
• Makes network administration and
monitoring easier and more convenient
• Coherent presentation of data
 Functional
FunctionalAreas
Areasof
of Network
NetworkManagement
Management
(According
(Accordingto
toOSI
OSI Network
NetworkManagement
Management Model)
Model)

Performance Management – how smoothly is the network running

Fault Management - reactive and proactive network fault management
(deals with problems and emergencies in the network)

Configuration Management – keeping track of device settings and how

they function

Accounting Management - cost management and charge back

assessment
Security Management - SNMP (Version 1 and 2) doesn’t provide much
here
N/w Management arch.
 Network Management Architectures

1) Management Entity job is to provide access to

management data, controls, and behaviors:
1. Regular polling or sampling of management
data
– the management entity requests updates from
managed devices to reflect recent status of the
network being managed.
2. When alerts are received, appropriate
responses must be generated
Network Management Architectures (contd.)
2) Managed Device

• At each managed device, a special piece of

software(process) called a management agent
responds to polls for collected data,

• The management agent itself has custody of a

management database (MDB) of information that
it collects and maintains over time
Network Management Architectures (contd.)
3) N/w Management Protocol

• The protocol runs between managing entity and the

managed device.

• Allows the managing entity to query the status of the

managed devices .

• Agents can use the network management protocol to

inform the managing entity of exceptional events.
 SNMP
SNMP &
& The
The OSI
OSI Model
Model
7 Application Layer Management and Agent APIs
SNMP
6 Presentation Layer ASN.1 and BER
5 Session Layer RPC and NetBIOS
4 Transport Layer TCP and UDP
3 Network Layer IP and IPX
2 Data Link Layer Ethernet, Token Ring, FDDI
1 Physical Layer
 Versions
Versions
•Two major versions SNMPv1, SNMPv2
•SNMPv1 is the recommended standard
•SNMPv2 has become split into:
•SNMPv2u - SNMPv2 with user-based security
•SNMPv2* - SNMPv2 with user-based security and additional features
•SNMPv2c - SNMPv2 without security
•SNMPv3 - Future
 Client
Client Pull
Pull &
& Server
Server Push
Push
• SNMP is a “client pull” model
The management system (client) “pulls” data from
the agent (server).

• SNMP is a “server push” model

The agent (server) “pushes” out a trap message to a
(client) management system
 The
The Internet-
Internet- Standard
Standard Management
Management
Framework
Framework
• SNMP is a tool (protocol) that allows for remote
and local management of items on the network
including servers, workstations, routers, switches
and other managed devices.
• Comprised of agents and managers

•Agent - process running on each managed node collecting

information about the device it is running on.

•Manager - process running on a management workstation that

requests information about devices on the network.
 The
The Internet-
Internet- Standard
Standard Management
Management
Framework
Framework (contd.)
(contd.)
SNMP network management consists of four parts:
•Management Information Base (MIB)
•A map of the hierarchical order of all managed objects and
how they are accessed

•Structure of Management Information (SMI)

•Rules specifying the format used to define objects managed
on the network that the SNMP protocol accesses

•SNMP Protocol
•Defines format of messages exchanged by management
systems and agents.
•Specifies the Get, GetNext, Set, and Trap operations

•Security and administration capabilities

•The addition of these capabilities represents the major
enhancement in SNMPv3 over SNMPv2
Registered Tree
 MIB-2
MIB-II Standard Internet MIB
• Definition follows structure given in SMI
• MIB-II (RFC 1213) is current standard
definition of the virtual file store for SNMP
manageable objects
• Has 10 basic groups
– system
– interfaces
– at
– ip
– icmp
– tcp
– udp
– egp
– transmission
– snmp
• If agent implements any group then is has to
implement all of the managed objects within
that group
 Ports
Ports &
& UDP
UDP
•SNMP uses User Datagram Protocol (UDP) as the
transport mechanism for SNMP messages

Ethernet
Frame IP CRC
Packet
UDP
SNMP Message
Datagram

•Like FTP, SNMP uses two well-known ports to operate:

•UDP Port 161 - SNMP Messages

•UDP Port 162 - SNMP Trap Messages
 Four
Four Basic
Basic Operations
Operations
•Get
Retrieves the value of a MIB variable stored on the agent machine
(integer, string, or address of another MIB variable)

•GetNext
Retrieves the next value of the next lexical MIB variable

•Set
Changes the value of a MIB variable

•Trap
An unsolicited notification sent by an agent to a management
application (typically a notification of something unexpected, like an error)
 Basic operations contd..
get_request
get_response port 161

get_next_request
get_response port 161

Manager set_request Agent

get_response port 161

trap
port 162 port 161
 Traps
Traps
•Traps are unrequested event reports that are sent to a
management system by an SNMP agent process
•When a trappable event occurs, a trap message is generated
by the agent and is sent to a trap destination (a specific,
configured network address)
•Many events can be configured to signal a trap, like a
network cable fault, failing NIC or Hard Drive, a “General
Protection Fault”, or a power supply failure
•Traps can also be throttled -- You can limit the number of
traps sent per second from the agent
•Traps have a priority associated with them -- Critical, Major,
Minor, Warning, Marginal, Informational, Normal, Unknown
 Trap
Trap Receivers
Receivers
•Management applications can handle the trap in a few ways:

•Poll the agent that sent the trap for more information about the event, and
the status of the rest of the machine.
•Log the reception of the trap.
•Completely ignore the trap.
 Languages
Languages of
of SNMP
SNMP
•Structure of Management Information (SMI)
specifies the format used for defining managed objects that are
accessed via the SNMP protocol

•Abstract Syntax Notation One (ASN.1)

used to define the format of SNMP messages and managed
objects (MIB modules) using an unambiguous data description
format

•Basic Encoding Rules (BER)

used to encode the SNMP messages into a format suitable for
transmission across a network
 SNMP MESSAGE ENCODING
MANAGER ABSTRACT SYNTAX AGENT MIB

BER BER
TRANSFER SYNTAX
UDP UDP

IP IP

LINK LINK

• THE DESCRIPTION OF MIBS AND MESSAGE FORMATS IS

BASED ON THE ASN.1 SYNTAX
• THE MAPPING FROM AN ABSTRACT SYNTAX UPON A
TRANSFER SYNTAX IS DEFINED BY THE BASIC ENCODING
RULES (BER)
Basic
Basic Message
Message Format
Format

Message Length
Message Version Message Preamble
Community String

PDU Header

SNMP Protocol
Data Unit
PDU Body
variable
VARIABLEbindings:
BINDINGS

NAME 1 VALUE 1 NAME 2 VALUE 2 ••• ••• NAME n VALUE n

SNMP
SNMPPDU:
PDU

* REQUEST ERROR ERROR

PDU TYPE ID STATUS INDEX VARIABLE BINDINGS

SNMP
SNMPmessage:
MESSAGE

VERSION COMMUNITY SNMP PDU

 SNMP
SNMP Agents
Agents
Two basic designs of agents
•Extendible Agents
•Open, modular design allows for adaptations to new
management data and operational requirements

•Monolithic Agents
•not extendible
•optimized for specific hardware platform and OS
 Community
Community Names
Names
• A community string is a password that allows access to a network device.
It defines what "community of people" can access the SNMP information
that is on the device.
• Community names are used to define where an SNMP message is
destined for.
• Set up your agents to belong to certain communities.
• Set up your management applications to monitor and receive traps from
certain community names.
• There are actually three community strings for SNMP-speaking devices:
• The SNMP Read-only community string
• The SNMP Read-Write community string
• The SNMP Trap community string
 PROXY MANAGEMENT
MANAGER PROXY AGENT

• A NODE MAY NOT SUPPORT SNMP, BUT MAY BE MANAGEABLE BY SNMP

THROUGH A PROXY AGENT RUNNING ON ANOTHER MACHINE

• NOWADAYS THE TERM DENOTES A DEVICE THAT FORWARDS SNMP MESSAGES,

BUT DOESN’T LOOK AT THE INDIVIDUAL OBJECTS
 SNMP Consoles,
Tools, Utilities, and Key Files
• There are many of these available, the lion’s share
of the market belongs to three products:
– HP Open View’s Network Node Manager
(NNM)
– IBM’s Tivoli Net View
– Computer Associates’ Unicenter TNG
• There are also many smaller utilities that are
helpful when supporting a management system
(Novell ManageWise, Sun MicroSystems Solstice, Microsoft SMS Server, Compaq Insight
Manger, SnmpQL - ODBC Compliant,Empire Technologies,CincoNetworks NetXray,SNMP
Collector Win9X/NT,Observer)
 Advantages
Advantages of
of using
using SNMP
SNMP
• Standardized
• universally supported
• extendible
• portable
• allows distributed management access
• lightweight protocol