SNMP Simple network management protocol

1
SNMPSimple network management protocol

• Group Techno
• Presented by
• Karthik Gottiparthy
• Gautami Parulkar
• Neeraj Sharma
• Jigar Patel
• Hariharan Venkataraman

2
Agenda

• Introduction
• Basic Concepts
• MIB
• RMON
• SNMPv3

3
SNMP

• SNMP is a tool (protocol) that allows for remote
  and local management of items on the network
  including servers, workstations, routers,
  switches and other managed devices.
• It operates over the UDP UDP Port
  161 - SNMP Message UDP Port 162 -
  SNMP Trap Messages

4
Basic Components

• The network management contains four key elements
• Management station(NMS)
• It is an interface by which the network
  manager may monitor and control the network
• Management Agent
• It responds to requests for information and
  actions from management station( hosts, bridges,
  routers and hubs)
• Management information base
• It functions as a collection of access points
  at the agent for the management station
• Network Management protocol(SNMP)
• The management station and agents are linked
  by this

5
(No Transcript)
6
SNMP Commands

• SNMP has 5 different functions referred to as
  Protocol Data Units (PDUs), which are
• GetRequest(Get) - Retrieves the value of a MIB
  variable stored on the agent machine(integer,
  string, or address of another MIB variable)
• GetNextRequest(GetNext) - Retrieves the next
  value in MIB table
• (continued till the end of the MIB table)
• GetResponse(Response) - Response from a SNMP
  agent to Get, GetNext and Set commands
• SetRequest(Set) - Changes the value of a MIB
  variable
• Trap
• - Asynchronous notification.
• -SNMP agents can be programmed to send a
  trap

7
(No Transcript)
8
SNMP communities

• An SNMP community is the group of agents and
  management stations using SNMP protocol.
• A community name is used to identify a group.
• It will not respond to requests from management
  stations that do not belong to one of its
  communities. SNMP default communities are
• Write private
• Read public

9
(No Transcript)
10
SNMP

• Management Information Base (MIB)
• Structure of Management Information.
• MIB Object Definition.

11
MIB(Management Information Base)

• Each resource to be managed is represented by an
  object.Collections of these objects is MIB.
• Each object is a data variable that represents
  one aspect of the managed agent.e.g. these
  aspects may be the TCP,IP,UDP connections done .
• MIB is a text file that describes the managed
  object using syntax of ASN.1(Abstract Syntax
  Notation).

12
STRUCTURE OF MANAGEMENT INFORMATION

• SMI generates a framework within which
• a MIB can be defined and constructed.
• SMI identifies the data types used in MIB and
  specifies how resources within the MIB can be
  represented and named.
• Defines individual object including the syntax
  and the value of the object.

13
STRUCTURE OF MANAGEMENT INFORMATION

• INTEGER
• OBJECT STRING
• OBJECT IDENTIFIER
• Gauge
• Counter
• Time Ticks
• IP Address
• Opaque
• Network Address

• Data Types
• 1.SIMPLE TYPES
• 2.APPLICATION-WIDE TYPES

14
MIB Structure

• Each Type of object is associated with an
  identifier called Object Identifier(OID).
• Identifier serves to name the object and also a
  value is associated with the type of the object.
• An OID is represented by a sequence of integers
  separated by decimal points.
• Set of defined objects has a Tree Structure.

15
MIB Object Group
iso(1)
org(3)
dod(6)
internet(1)
directory(1)
mgmt(2)
experimental(3)
private(4)
16
MIB Object Group Condt
system (1)
interface (2)
at (3)
ip (40)
mgmt (2)
mib-2(1)
icmp (50)
tcp (6)
udp (7)
egp (8)
transmission(10)
snmp(11)
17
Organization of Managed objects

• Example When a SNMP manager requests for the
  object, it will send first an OID to the SNMP
  agent requesting the information about the
  object.
• The OID 1.3.6.1.2.1.6.4
• iso.org.dod.internet.mgmt.mib-2.tcp.tcpMaxCon
  n
• 1 3 6 1 2 1
  6 4

18
Example of an Object Definition

• tcpMaxConn OBJECT-TYPE
• SYNTAX INTEGER
• ACCESS read-only
• STATUS mandatory
• DESCRIPTION
• The limit on the total number of TCP
• connections the entity
  can support.
• In entities where the maximum
  number of connection is dynamic, this object
  should contain the value 1.
• tcp 4

tcpRtoAlgorithm(1)
tcpRtoMin(2)
tcp(mib-2 6)
tcpRtoMax(3)
tcpMaxConn(4)
19
Object Definition

• Object-Type
• - String that describes the MIB object.
• SYNTAX
• - Defines what kind of info is stored in
  the MIB object.
• ACCESS
• -read-only,read-write,write-only,not
  accessible.
• STATUS
• -state of the object in regards the SNMP .
• i.e. mandatory,optional,obsolete,deprecated.
• DESCRIPTION
• - Reason why the MIB object exists.

20
SNMP-MIB Browser
21
SNMP MIB Browser (3)

• Navigation
• - MIB Tree
• System
• sysUpTime
• -Notice Lower LHS
• - Notice OID

22
SNMP MIB Browser (4)

• SNMP PDUs
• (1) Get
• - Select Go
• Get
• - RHS has values.
• - OID Value

23
SNMP MIB Browser (5)

• SNMP PDUs
• (2) GetNext
• -Selected OID is
• .1.3.6.1.2.1.1.5
• -Returned value
• (.1.3.6.1.2.1.1.6)
• or
• DSG, OReilly Institute,
• F.35

24
SNMP MIB Browser (6)

• SNMP
• (3) Get SubTree
• -Position of MIB
• .1.3.6.1.2.1.1
• (a.k.a. system)
• -RHS values
• Returns all values below system.

25
SNMP MIB Browser (7)

• SNMP
• (4) Walk
• -MIB Location
• .1.3.6.1.2.1
• (a.k.a. mib-2)
• - Returns ALL values under mib-2

26
SNMP MIB Browser (8)

• Tables
• - MIB Location
• .1.3.6.1.2.1.2.2
• (or interfaces)
• - Select ifTable,
• ? Go, then Table View.
• - Refresh/Poll

27
SNMP MIB Browser (9)

• SNMP
• - Graph
• Select a value from the RHS, say sysUpTime
• Highlight and select Go, then Graph.
• Interval 1s ? set.

28
RMON Remote Network Monitoring

• What is RMON?
• specification of MIB
• provides vital information
• It defines a set of functions to support remote
  monitoring
• Why RMON?
• problem with MIB II
• purely local
• How is RMON differs from MIB II?
• Whole network

29
RMON Components
30
RMON MIB Groups

• Statistics (1) Ethernet stats
• History (2) snapshots based on stats(1)
• Alarm (3) ability to set threshold, generate
  alarm on interesting event
• Host (4) per i/f host stats
• HostTopN (5) store/sort by top N hosts
• Matrix (6) X talks to Y
• Filter (7) filter pkts and capture/or cause
  event
• Capture (8) traditional pkt analyzer
• Event (9) table of events generated by probe
• TokenRing (10) maintains statistics and
  configuration information for token ring subnets

31
RMON version

• RMON v1
• Defines 10 MIB groups
• Physical and Data link (MAC layer) layers of the
  OSI model.
• RMON v2
• An extension of RMON 1
• RMON2 has an emphasis on IP traffic and
  application-level traffic.
• monitor packets on all network layers.

32
Central Management Console with RMON
A
Ethernet
Router
Router
Router
B
Local Management Console with RMON
Ethernet
Router
FDDI backbone
1
Router
PC with RMON probe
Router
Router with RMON probe
Token ring LAN
Ethernet
2
3
33
SNMP v1,v2

• SNMP is a simple request/response protocol. This
  behavior is implemented by using one of four
  protocol operations Get, GetNext, Set, and Trap.
• SNMPv1 operates over protocols such as User
  Datagram Protocol (UDP), Internet Protocol (IP),
  OSI Connectionless Network Service (CLNS),
  AppleTalk Datagram-Delivery Protocol (DDP), and
  Novell Internet Packet Exchange (IPX).
• SNMPv1 is widely used and is the de facto
  network-management protocol in the Internet
  community.
• SNMP version 2 (SNMPv2) is an evolution of the
  initial version
• Both versions contain lack of security.

34
SNMP v3

• The SNMPv3 architecture introduces the User-based
  Security Model (USM) for message security and the
  View-based Access Control Model (VACM) for access
  control.
• The architecture supports the concurrent use of
  different security, access control and message
  processing models.
• The security features
• Message integrity - Ensuring that a packet has
  not been tampered with in-transit.
• Authentication - Determining the message is from
  a valid source.
• Encryption - Scrambling the contents of a packet
  prevent it from being seen by an unauthorized
  source.

35
SNMP v3

• SNMPv3 also introduces the ability to dynamically
  configure the SNMP agent.
• This dynamic configuration support enables
  addition, deletion, and modification of
  configuration entries either locally or remotely.
• SNMP lacks any authentication capabilities, which
  results in vulnerability to a variety of security
  threats.
• It include masquerading occurrences, modification
  of information, message sequence and timing
  modifications, and disclosure.
• SNMPv3 Applications Command Generators
• Command Responders
• Notification Originators
• Notification Receivers
• Proxy Forwarders.

36
?