Ch. 31 Q and A IS 333 Spring 2016 Victor Norman SNMP, MIBs, and ASN.1 • SNMP defines the protocol used to send requests and get responses. • MIBs are like database schema, defined for common stuff on machines: interfaces, IP statistics, routing tables, ARP tables; and for device-specific values and tables. • ASN.1 is how the values and table entries are defined and encoded in requests and responses. – It is a very nasty encoding – bit oriented in some places. SNMP, MIBs, and ASN.1 (cont) “SNMP defines the format of packets (or protocol) used to get and set MIB variables on an agent. The packets are formatted using ASN.1 encoding.” Variables are identified with a quadruple: (object-id, type, len, value) ASN.1 Q: How does ASN.1 work? A: ASN.1 is an encoding standard. It defines how you encode data for different types: how to send an integer, a string, a bit string, an object-id, a real number, a null, etc. It also tries to minimize the space it takes to encode things. As a result, it is barf-making. A truly evil thing. (As a result, when you build the SNMP data part, you build it backwards in memory, and then reverse-copy it into the packet memory to be sent.) SNMP: what layer? Q: What layer does SNMP live at? A: Layer 5. It is carried over UDP typically, ports 161 and 162. Q: Will SNMP work with IPv6? A: Yes, no problems. Controlling devices Q: How is SNMP used to control a device exactly? It uses the fetch and store paradigm and it talks about resetting a counter, but what about other operations? A: Most of the time SNMP is used for monitoring – getting the status of devices (routers, switches, network file servers, etc.). When stuff is configured, SNMP sets are done to write the correct values to the MIBs on the devices. E.g., you could change the default route on all routers with a set of SNMP set requests. Or clear all ARP caches. Element Management Q: Are element management systems still used today? They seem really time-consuming. A: They are very much used today. When we configured the Cisco Catalyst router in lab, we were doing element management. Everything we did could have been done via SNMP and/or a GUI tool provided by Cisco or a third party. Why Element Management? Q: If element management is so labor intensive and prone to errors, then why is it done? What is a better way? A: It is labor intensive if you have 10s or 100s of devices in your network. A better way to go is to have a tool in which you can select your devices and an operation to do on them all, and click a button. Managers, agents, etc. • A manager is a client, of one or more agents. – Application that gets/sets data on the agents. – sends SNMP queries. • An agent runs on a managed device – router, switch, NAT, etc. – responds to SNMP queries. • Summary: manager = client, agent = server. How are ‘set’s handled? Q: Does the system constantly check to see if a value is set (e.g., to set a value to cause the system to reboot)? A: No. SNMP is typically implemented as a separate layer that makes function calls into the system to perform operations: get or set values. Just like the CLI does. Traps/Notifications • SNMP agents can be configured to send updates to managers when some event happens. – Link goes down/up. – Link use gets near to capacity. – User logs in to system. – Service starts up or goes down – etc. FCAPS Q: In the working world how is the responsibility of the FCAPS shared? Is one person's job or does this depend on the size of the organization? A: AFAIK, the jobs are distributed. A team in the NOC (Network operations center) handles errors (“faults”). Another team is responsible for provisioning/configuration – because they are dealing with customer requests, etc. Accounting and billing are a totally different department. Root-cause Analysis • Figuring what what is really wrong in a network when you get various reports. • SNMP agents can be configured to generate “traps” – sent to the manager when something goes wrong. – link goes down, utilization hits 60%, etc. • Usually when something goes wrong, you’ll get multiple traps, which can be automatically analyzed to determine the root cause. – power failure, mis-configuration, ethernet cut, etc. Network Management Tools Q: Are many of the networking management tools (in 31.5) automatic or do they have to be actively used? A: A lot of these tasks can be automated. Configuration is not often automated (AFAIK). Neither is planning. Discovery is automated, with help. Old Slides Why ASN.1? Q: Why exactly does SNMP use ASN.1 encoding? A: Because it is general and was there… Or because some group was feeling nasty and decided that misery loves company… Or maybe it was an April Fool’s joke that “went viral”… How/where are values stored? Q: In the fetch-store paradigms used for SNMP, how and where are the values stored in a device? A: They are stored somewhere on the device in memory – in the device drivers or OS somewhere. We stored our data in the OS and then queries to values retrieved them out of the OS, and formatted them to be returned. MIB discovery Q: How can you discover all of the valid fields in the MIB for a given device? A: 1. You read the MIB – or use a management app that has them built in. 2. You use the app to “walk” the MIB tree on the device, using repeated get-next requests. This is how you discover all the interfaces on a machine, e.g., or if the machine will report its ARP table. SNMP Traps • SNMP also has something called “Traps” or “Alerts” • A machine for network management configures managed devices to send errors to it when they happen. The net mgmt application displays/summarizes them so that a network manager can see when something really bad happens. The manager then has to find the root cause.