SNMP Communication and Functional Models - PowerPoint PPT Presentation

Loading...

PPT – SNMP Communication and Functional Models PowerPoint presentation | free to download - id: 121a32-NGIwN



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

SNMP Communication and Functional Models

Description:

SNMP Communication and Functional Models – PowerPoint PPT presentation

Number of Views:887
Avg rating:3.0/5.0
Slides: 44
Provided by: beh95
Learn more at: http://ce.sharif.edu
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: SNMP Communication and Functional Models


1
SNMP Communication and Functional Models
In the Name of the Most High
by Behzad Akbari Fall 2008
2
Overview
  • We have covered the organization and
    information models of SNMPv1.
  • Here we will address the SNMPv1 communication
    and functional models
  • SNMPv1 does not formally define a functional
    model
  • What was the functional model?
  • Deals with the user oriented requirements
    (configuration, fault, performance, security, and
    accounting)
  • The functions are actually built in the
    community based access policy of the SNMP
    administrative model

3
SNMP Architecture
SNMP Manager
SNMP Agent
SNMP Manager Application
SNMP Agent Application
Get-Request
GetNext-Request
Set-Request
Get-Response
Trap
Get-Request
GetNext-Request
Set-Request
Get-Response
Trap
SNMP
SNMP
UDP
UDP
IP
IP
Data link
Data link
4
SNMP Messages
  • Get-Request
  • Get-Next-Request
  • Set-Request
  • Get-Response
  • Trap
  • Generic trap
  • Specific trap

5
SNMP Trap Messages
  • Generic trap
  • coldStart
  • warmStart
  • linkDown
  • linkUp
  • authenticationfailure
  • egpNeighborLoss
  • enterpriseSpecific
  • Specific trap
  • for special measurements such as statistics
  • Time stamp Time since last initialization

6
Administrative Model
  • Based on community profile and policy
  • SNMP Entities
  • SNMP application entities - Reside in
    management stations and network elements
    - Manager and agent
  • SNMP protocol entities - Communication
    processes (PDU handlers) - Peer processes that
    support application entities

7
SNMP Community
  • Security in SNMPv1 is community-based
  • Authentication scheme in manager and agent
  • Community Pairing of two application entities
  • Community name String of octets
  • Two applications in the same community
    communicate with each other
  • Application could have multiple community names
  • Communication is not secured in SNMPv1 - no
    encryption

8
SNMP Community
  • Community
  • Relationship between an Agent and Managers.
  • Community Name
  • Used to validate the SNMP messages.
  • SNMP Password.
  • Default Get community name public.
  • Authentication Failure
  • Agent sends Authentication Failure Trap to
    Manager.

9
SNMP Community
10
Community Profile
  • MIB view
  • An agent is programmed to view only a subset
    of managed objects of a network element
  • Access mode
  • Each community name is assigned an access
    mode read-only and read-write
  • Community profile MIB view access mode
  • Operations on an object determined by community
    profile and the access mode of the object
  • Total of four access privileges
  • Some objects, such as table and table entry are
    non-accessible

11
Community Profile
community
12
Access Policy
  • Administration model is SNMP access policy
  • SNMP community paired with SNMP community
    profile is SNMP access policy

13
Access Policy
14
Generalized Administration Model
15
Proxy Access Policy
16
Protocol Entities
17
Default UDP Ports for SNMP
Management Station
Network Elements (NEs)
Manager
Agent
SNMP
SNMP
UDP
UDP
IP
IP
Data link
Data link
18
Protocol Entities
  • Protocol entities support application entities
  • Communication between remote peer processes
  • Message consists of
  • Version identifier
  • Community name
  • Protocol Data Unit
  • Message encapsulated and transmitted

19
SNMP Message
  • SNMP Message
  • Version Identifier
  • Community Name
  • Protocol Data Unit
  • The length of SNMP messages should not exceed
    484 octets.

Message SEQUENCE version INTEGER
version-1(0), community OCTET STRING, data
ANY
Version
SNMP PDU
Community
20
SNMP PDUs
21
SNMP PDU
  • PDU SEQUENCE
  • request-id INTEGER,
  • error-status INTEGER
  • noError(0),
  • tooBig(1),
  • noSuchName(2),
  • badValue(3),
  • readOnly(4),
  • genErr(5),
  • error-index INTEGER,
  • variable-bindings
  • SEQUENCE OF
  • name ObjectName,
  • value ObjectSyntax

Five SNMP PDUs
0 PDU 1 PDU 2 PDU 3 PDU 4 Trap-PDU
GetRquest GetNextRequest GetResponse
SetRequest Trap
PDU Protocol Data Unit
22
SNMP PDU (cont.)
GetRequest, GetNextRequest, SetRequest
PDU type
request-id
0
0
variable-bindings
GetResponse
PDU type
request-id
variable-bindings
error-status
error-index
variable-bindings
. . .
name
value
23
(No Transcript)
24
Trap-PDU
Trap-PDU 4 IMPLICIT SEQUENCE
enterprise OBJECT IDENTIFIER, agent-addr
NetworkAddress, generic-trap INTEGER
coldStart(0),
warmStart(1),
linkDown(2), linkUp(3),
authenticationFailure(4),
egpNeighborLoss(5),
enterpriseSpecific(6), spec
ific-trap INTEGER, time-stamp TimeTicks, vari
able-bindings VarBindList
Enterprise Type of Object generating
trap. Agent Address Address of object
generating trap. Generic Trap Generic trap
type. Specific Trap Enterprise specific
trap. Time Stamp Time elapsed between the last
initialization of the network entity and the
generation of the trap. Variable
Bindings Interesting information
PDU type
enterprise
agent-addr
generic-trap
variable-bindings
specific-trap
time-stamp
25
Trap Type
26
Generic Trap Example
  • Enterprise .1.3.6.1.4.1.311.1.1.3.1.1
  • Agent-Address 10.10.13.137
  • Generic-Trap 4
  • Specific-Trap 0
  • Timestamp 29756264
  • VarBinds 0

27
Enterprise-Specific Traps
  • Traps defined by enterprises
  • Identification of Enterprise-Specific Traps
  • Enterprise ? Enterprise OID
  • Generic-Trap ? 6
  • Specific-Trap ? an Integer

28
Enterprise Trap Example
  • Enterprise .1.3.6.1.4.1.522
  • Agent-Address 10.10.13.24
  • Generic-Trap 6
  • Specific-Trap 4
  • Timestamp 143739963
  • VariableBindings (4)
  • .1.3.6.1.4.1.522.3.14.23.1.2.11687128 021825
  • .1.3.6.1.4.1.522.3.14.23.1.3.11687128 14
  • .1.3.6.1.4.1.522.3.14.23.1.4.11687128
  • (Info) Station 00092d142581 Associated
  • .1.3.6.1.4.1.522.3.14.23.1.5.11687128
    AssociationOK

29
Agent
Manager
30
Get-Next Request
A B T E 1.1 1.2 2.1 2.2 3.1 3.2 Z
31
Get-Next Request
MIB Tree
In SNMP, Only leaf objects have values.

4
5
6
Non-Leaf Object
1
2
3
Leaf Object
32
(No Transcript)
33
(No Transcript)
34
Get-Next Requests with Indices
35
SNMP Get-Request Example
  • gtgtsnmpget -d 10.144.18.118 .1.3.6.1.2.1.1.1.0
  • Transmitted 41 bytes to camry (10.144.18.118)
    port 161
  • Initial Timeout 0.80 seconds
  • 0 30 27 02 01 00 04 06 70 75 62 6c 69 63
    a0 1a 02 0'.....public...
  • 16 02 18 bc 02 01 00 02 01 00 30 0e 30 0c
    06 08 2b .........0.0...
  • 32 06 01 02 01 01 01 00 05 00 -- -- -- --
    -- -- -- ................
  • 0 SNMP MESSAGE (0x30) 39 bytes
  • 2 INTEGER VERSION (0x2) 1 bytes 0
    (SNMPv1)
  • 5 OCTET-STR COMMUNITY (0x4) 6 bytes
    "public"
  • 13 GET-REQUEST-PDU (0xa0) 26 bytes
  • 15 INTEGER REQUEST-ID (0x2) 2 bytes
    6332
  • 19 INTEGER ERROR-STATUS (0x2) 1 bytes
    noError(0)
  • 22 INTEGER ERROR-INDEX (0x2) 1 bytes
    0
  • 25 SEQUENCE VARBIND-LIST (0x30) 14
    bytes
  • 27 SEQUENCE VARBIND (0x30) 12 bytes
  • 29 OBJ-ID (0x6) 8 bytes
    .1.3.6.1.2.1.1.1.0
  • 39 NULL (0x5) 0 bytes

36
SNMP Get-Response Example
  • Received 69 bytes from 10.144.18.118 port 161
  • 0 30 43 02 01 00 04 06 70 75 62 6c 69 63
    a2 36 02 0C.....public.6.
  • 16 02 18 bc 02 01 00 02 01 00 30 2a 30 28
    06 08 2b .........00(..
  • 32 06 01 02 01 01 01 00 04 1c 53 75 6e 20
    53 4e 4d .........Sun SNM
  • 48 50 20 41 67 65 6e 74 2c 20 53 55 4e 57
    2c 55 6c P Agent, SUNW,Ul
  • 64 74 72 61 2d 31 -- -- -- -- -- -- -- --
    -- -- -- tra-1...........
  • 0 SNMP MESSAGE (0x30) 67 bytes
  • 2 INTEGER VERSION (0x2) 1 bytes 0
    (SNMPv1)
  • 5 OCTET-STR COMMUNITY (0x4) 6 bytes
    "public"
  • 13 RESPONSE-PDU (0xa2) 54 bytes
  • 15 INTEGER REQUEST-ID (0x2) 2 bytes
    6332
  • 19 INTEGER ERROR-STATUS (0x2) 1 bytes
    noError(0)
  • 22 INTEGER ERROR-INDEX (0x2) 1 bytes
    0
  • 25 SEQUENCE VARBIND-LIST (0x30) 42
    bytes
  • 27 SEQUENCE VARBIND (0x30) 40 bytes
  • 29 OBJ-ID (0x6) 8 bytes
    .1.3.6.1.2.1.1.1.0
  • 39 OCTET-STR (0x4) 28 bytes "Sun
    SNMP Agent, SUNW,Ultra-1"
  • system.sysDescr.0 DISPLAY STRING- (ascii) Sun
    SNMP Agent, SUNW,Ultra-1

37
SNMP-Walk - Use of SNMP Get-Next Request
  • snmpwalk 10.144.18.118 .1.3.6.1.2.1.1
  • system.sysDescr.0 DISPLAY STRING- (ascii) Sun
    SNMP Agent, SUNW,Ultra-1
  • system.sysObjectID.0 OBJECT IDENTIFIER
    .iso.org.dod.internet.private.enterprises.42.2.1.1
  • system.sysUpTime.0 Timeticks (198219958) 22
    days, 223639.58
  • system.sysContact.0 DISPLAY STRING- (ascii)
    lino_at_ms.chttl.com.tw
  • system.sysName.0 DISPLAY STRING- (ascii)
    camry
  • system.sysLocation.0 DISPLAY STRING- (ascii)
    Information Technology Laboratory 3F
  • system.sysServices.0 INTEGER 72 (01001000)B

38
SNMP Trap Example
  • Transmitted 64 bytes to 10.144.18.100 port 162
  • 0 30 3e 02 01 00 04 06 70 75 62 6c 69 63
    a4 31 06 0gt.....public.1.
  • 16 09 2b 06 01 04 01 84 64 01 01 40 04 0a
    90 12 74 ......d.._at_....t
  • 32 02 01 06 02 03 01 86 9f 43 01 00 30 13
    30 11 06 ........C..0.0..
  • 48 04 2b 06 01 01 04 09 54 72 61 70 20 74
    65 73 74 ......Trap test
  • 0 SNMP MESSAGE (0x30) 62 bytes
  • 2 INTEGER VERSION (0x2) 1 bytes 0
    (SNMPv1)
  • 5 OCTET-STR COMMUNITY (0x4) 6 bytes
    "public"
  • 13 V1-TRAP-PDU (0xa4) 49 bytes
  • 15 OBJ-ID ENTERPRISE (0x6) 9 bytes
    .1.3.6.1.4.1.612.1.1
  • 26 IPADDRESS AGENT-ADDR (0x40) 4
    bytes 10.144.18.116
  • 32 INTEGER GENERIC-TRAP (0x2) 1 bytes
    6
  • 35 INTEGER SPECIFIC-TRAP (0x2) 3 bytes
    99999
  • 40 TIMETICKS TIME-STAMP (0x43) 1
    bytes 0 (0x0)
  • 43 SEQUENCE VARBIND-LIST (0x30) 19
    bytes
  • 45 SEQUENCE VARBIND (0x30) 17
    bytes
  • 47 OBJ-ID (0x6) 4 bytes
    .1.3.6.1.1
  • 53 OCTET-STR (0x4) 9 bytes "Trap
    test"

39
Get System Information
  • Get System Group of MIB II
  • Use get_request or get_next_request
  • sysDescr .1.3.6.1.2.1.1.1.0
  • sysObjectID .1.3.6.1.2.1.1.2.0
  • sysUptime .1.3.6.1.2.1.1.3.0
  • sysContact .1.3.6.1.2.1.1.4.0
  • sysName .1.3.6.1.2.1.1.5.0
  • sysLocation .1.3.6.1.2.1.1.6.0

40
Get Interface Information
  • Get Interface Group of MIB II
  • Repeatedly Use get_next_request
  • Note We dont know the ifIndex values in
    ifTable.
  • First get the next object of .ifTable.ifEntry.0
  • Then repeatedly get_next
  • Until the whole subtree is visited.

41
Traffic Monitoring
  • Get ifInOctets and ifOutOctets of MIB II
    Interface Group
  • t1 C1 t2 C2

(C2 - C1 ) ? 8
? 100
Utilization ()
(t2 - t1) ? Bandwidth
42
Internet Traffic of Sharif University
43
SNMP MIB Group
Page 223224
About PowerShow.com