Ch. 31 Q and A IS 333 Spring 2016 Victor Norman

advertisement
Ch. 31 Q and A
IS 333
Spring 2016
Victor Norman
SNMP, MIBs, and ASN.1
• SNMP defines the protocol used to send requests
and get responses.
• MIBs are like database schema, defined for
common stuff on machines: interfaces, IP
statistics, routing tables, ARP tables; and for
device-specific values and tables.
• ASN.1 is how the values and table entries are
defined and encoded in requests and responses.
– It is a very nasty encoding – bit oriented in some
places.
SNMP, MIBs, and ASN.1 (cont)
“SNMP defines the format of packets (or
protocol) used to get and set MIB variables on
an agent. The packets are formatted using
ASN.1 encoding.”
Variables are identified with a quadruple:
(object-id, type, len, value)
ASN.1
Q: How does ASN.1 work?
A: ASN.1 is an encoding standard. It defines how
you encode data for different types: how to send an
integer, a string, a bit string, an object-id, a real
number, a null, etc. It also tries to minimize the
space it takes to encode things. As a result, it is
barf-making. A truly evil thing. (As a result, when
you build the SNMP data part, you build it
backwards in memory, and then reverse-copy it into
the packet memory to be sent.)
SNMP: what layer?
Q: What layer does SNMP live at?
A: Layer 5. It is carried over UDP typically, ports
161 and 162.
Q: Will SNMP work with IPv6?
A: Yes, no problems.
Controlling devices
Q: How is SNMP used to control a device exactly? It
uses the fetch and store paradigm and it talks about
resetting a counter, but what about other
operations?
A: Most of the time SNMP is used for monitoring –
getting the status of devices (routers, switches,
network file servers, etc.). When stuff is
configured, SNMP sets are done to write the correct
values to the MIBs on the devices. E.g., you could
change the default route on all routers with a set of
SNMP set requests. Or clear all ARP caches.
Element Management
Q: Are element management systems still used
today? They seem really time-consuming.
A: They are very much used today. When we
configured the Cisco Catalyst router in lab, we
were doing element management. Everything
we did could have been done via SNMP and/or a
GUI tool provided by Cisco or a third party.
Why Element Management?
Q: If element management is so labor intensive
and prone to errors, then why is it done? What
is a better way?
A: It is labor intensive if you have 10s or 100s of
devices in your network. A better way to go is to
have a tool in which you can select your devices
and an operation to do on them all, and click a
button.
Managers, agents, etc.
• A manager is a client, of one or more agents.
– Application that gets/sets data on the agents.
– sends SNMP queries.
• An agent runs on a managed device
– router, switch, NAT, etc.
– responds to SNMP queries.
• Summary: manager = client, agent = server.
How are ‘set’s handled?
Q: Does the system constantly check to see if a
value is set (e.g., to set a value to cause the
system to reboot)?
A: No. SNMP is typically implemented as a
separate layer that makes function calls into the
system to perform operations: get or set values.
Just like the CLI does.
Traps/Notifications
• SNMP agents can be configured to send
updates to managers when some event
happens.
– Link goes down/up.
– Link use gets near to capacity.
– User logs in to system.
– Service starts up or goes down
– etc.
FCAPS
Q: In the working world how is the responsibility
of the FCAPS shared? Is one person's job or does
this depend on the size of the organization?
A: AFAIK, the jobs are distributed. A team in the
NOC (Network operations center) handles errors
(“faults”). Another team is responsible for
provisioning/configuration – because they are
dealing with customer requests, etc. Accounting
and billing are a totally different department.
Root-cause Analysis
• Figuring what what is really wrong in a network
when you get various reports.
• SNMP agents can be configured to generate
“traps” – sent to the manager when something
goes wrong.
– link goes down, utilization hits 60%, etc.
• Usually when something goes wrong, you’ll get
multiple traps, which can be automatically
analyzed to determine the root cause.
– power failure, mis-configuration, ethernet cut, etc.
Network Management Tools
Q: Are many of the networking management
tools (in 31.5) automatic or do they have to be
actively used?
A: A lot of these tasks can be automated.
Configuration is not often automated (AFAIK).
Neither is planning. Discovery is automated,
with help.
Old Slides
Why ASN.1?
Q: Why exactly does SNMP use ASN.1 encoding?
A: Because it is general and was there… Or
because some group was feeling nasty and
decided that misery loves company… Or maybe
it was an April Fool’s joke that “went viral”…
How/where are values stored?
Q: In the fetch-store paradigms used for SNMP,
how and where are the values stored in a
device?
A: They are stored somewhere on the device in
memory – in the device drivers or OS
somewhere. We stored our data in the OS and
then queries to values retrieved them out of the
OS, and formatted them to be returned.
MIB discovery
Q: How can you discover all of the valid fields in
the MIB for a given device?
A: 1. You read the MIB – or use a management
app that has them built in.
2. You use the app to “walk” the MIB tree on the
device, using repeated get-next requests. This is
how you discover all the interfaces on a
machine, e.g., or if the machine will report its
ARP table.
SNMP Traps
• SNMP also has something called “Traps” or
“Alerts”
• A machine for network management
configures managed devices to send errors to
it when they happen. The net mgmt
application displays/summarizes them so that
a network manager can see when something
really bad happens. The manager then has to
find the root cause.
Download