Chapter 3 Basic Foundations: Standards, Models, and Language Outline 1. 2. 3. 4. 5. 6. 7. 8. NM Standards Organization Model Information Model Communication Model Functional Model ASN.1 BER Encoding Macro Introduction • Standards • Standards organizations • Protocol standards of transport layers • Protocol standards of management (application) layer • Management Models • Language 1. NM Standards Table 3.1 Network Management Standards Standard OSI / CMIP Salient Points International standard (ISO / OSI) Management of data communications network - LAN and WAN Deals with all 7 layers Most complete Object oriented Well structured and layered Consumes large resource in implementation SNMP / Internet Industry standard (IETF) Originally intended for management of Internet components, currently adopted for WAN and telecommunication systems Easy to implement Most widely implemented TMN International standard (ITU-T) Industry standard (IETF) SNMP / Internet Originally intended for management of Internet components, currently adopted for WAN and telecommunication systems NM Standards (cont.) Easy to implement Most widely implemented TMN International standard (ITU-T) Management of telecommunications network Based on OSI network management framework Addresses both network and administrative aspects of management IEEE IEEE standards adopted internationally Addresses LAN and MAN management Adopts OSI standards significantly Deals with first two layers of OSI RM Web-based Management Web-Based Enterprise Management (WBEM) Java Management Application Program Interface (JMAPI) OSI Architecture and Model Network Mangement Organization Model Information Model Communication Model Figure 3.1 OSl Network Management Model Functional Model OSI NM • Organization Model • Network management components • Functions of components • Relationships • Information Model Structure of management information (SMI) • Syntax and semantics • Management information base (MIB) • Organization of management information • Object-oriented • OSI NM • Communication Model • Transfer syntax with bi-directional messages • Transfer structure (PDU) • Functional Model • Application functions • Configure components (CM) • Monitor components (FM) • Measure performance (PM) • Secure information (SM) • Usage accounting (AM) SNMP Architecture and Model • Organization Model • Same as OSI model • Information Model • Same as OSI, but scalar • Communication Model • Messages less complex than OSI and unidirectional • Transfer structure (PDU) • Functional Model • Application functions • Operations • Administration • Security TMN Architecture • Addresses management of telecommunication networks • Based on OSI model • Superstructure on OSI network • Addresses network, service, and business management TMN & Telecommunication network 2. Organization Model Describes the components of network management and their relationships. NM Components Manager Agent Managed Objects NM Components • Manager • Sends requests to agents • Monitors alarms • Houses applications • Provides user interface • Agent • Gathers information from objects • Configures parameters of objects • Responds to managers’ requests • Generates alarms and sends them to mangers • Managed object • Network element that is managed • Houses management agent • All objects are not managed / manageable Two-Tier NM Organization Model MDB Manager Managed objects Unmanaged objects MDB Management Database Agent process Figure 3.2 Two-Tier Network Mangement Organization Model Three-Tier Model MDB Manager MDB Agent / Manager Managed objects MDB Management Database Agent process Figure 3.3 Three-Tier Network Mangement Organiza NM Organization Model with MoM Peer NMSs Agent NMS Manager NMS Manager NMS Agent NMS RoleRole of Management Process Figure Dual 3.5 Dual of Management Process 3. Information Model Structure and Storage of Management Information SMI (Structure of Management Information) Defines the syntax and semantics of management information. MIB (Management Information Base) Conceptual storage of management information SMI (Structure of Management Information) • SMI defines for a managed object • Syntax • Semantics • plus additional information such as status • Example sysDescr: { system 1 } Syntax: OCTET STRING Definition: "A textual description of the entity. " Access: read-only Status: mandatory Management Information Base (MIB) • Information base contains information about objects • Organized by grouping of related objects • Defines relationship between objects • It is NOT a physical database. It is a virtual database that is compiled into management module. • Agent MIB vs. Manager MIB MIB View MIB View: An Analogy • • • • A County library system has many branches Each branch has a set of books The books in each branch is a different set The information base of the county has the view (catalog) of all books • The information base of each branch has the catalog of books that belong to that branch. That is, each branch has its view (catalog) of the information base • Let us apply this to MIB view MIB View and Object Access • A managed object has many attributes - its information base • There are several operations that can be performed on the objects • A user (manager) can view and perform only certain operations on the object by invoking the management agent • The view of the object attributes that the agent perceives is the MIB view • The operation that a user can perform is the MIB access MDB vs. MIB MDB MDB Manager Management Data Base physical database MIB Management Information Base virtual database Managed objects MIB Managed Objects (MOs) in MIB • Managed objects can be • Network elements (hardware, system) • hubs, bridges, routers, transmission facilities • Software (non-physical) • programs, algorithms • Administrative information • contact person, name of group of objects (IP group) Management Information Tree (MIT) MOs are uniquely defined by a tree structure specified by OSI model. Root Level 1 Level 2 Level 3 Figure 3.7 Generic Representation of Management Information Tree OSI Management Information Tree •Designation: • iso 1 • org 1.3 • dod 1.3.6 • internet 1.3.6.1 itu 0 iso 1 org 3 dod 6 internet 1 iso-itu 2 Three Trees in Network Management Inheritance Tree Containment Tree NE / Switch / Ethernet Switch NE / Module / Interface / Physical Address Registration Tree iso / org / dod / internet / management Object Type and Instance • Each object type has a unique identification (Object Identifier, OID) and name (Descriptor). • Object Type • Name • Syntax • Definition • Status • Access • sysName Octet String “The name of a system” Mandatory Read-Only Object Instance • Each object type has one or more instances. Managed Object: Internet Perspective Access: Access privilege Object Type: Object ID and Descriptor circle Status: Implementaion requirements Syntax : model of object Defintion: Semantics textual description Figure 3.9(a) Internet Perspective Managed Object: Internet Perspective object ID and descriptor syntax access status definition unique ID (OID) and name for the object used to model the object access privilege to a managed object implementation requirements textual description of the semantics of object type References: RFC 1155, RFC 1212 Managed Object: OSI Perspective Object Class: Circular object Behaviour Object Class: Elliptical object Notifications : Notify changes in attribute values Operations: Push Attributes : circle, dimension Attributes: ellipse, dimension Managed Object: OSI Perspective object class attributes operations behavior notifications managed object attributes visible at its boundary operations which may be applied to it behavior exhibited by it in response to operation notifications emitted by the object Managed information communication architecture. Source: IEEE Communications Magazine • May 1993 Source: IEEE Communications Magazine • May 1993 Packet Counter Example Characteristics Example Object type PktCounter Syntax Counter Access Read-only Status Mandatory Description Counts number of packets Figure 3.10(a) Internet Perspective Characteristics Example Object class Packet Counter Attributes Single-valued Operations get, set Behavior Retrieves or resets values Notifications Generates notifications on new value Figure 3.10 (b) OSI Perspective Internet vs. OSI Managed Object • Scalar object (Internet) vs. Object-oriented (OSI) • Operations, behavior, and notification in OSI are part of communication model in Internet: get/set and response/alarm • Internet syntax is absorbed as part of OSI attributes • Internet access is part of OSI security model • Internet status is part of OSI conformance application • OSI permits creation and deletion of objects; Internet does not: Enhancement in SNMPv2 4. Communication Model Operations / Requests Manager Applications Responses Agent Notifications / Traps Network Elements / Managed Objects Figure 3.11 Management Message Communication Model OSI: Operations Internet: Request/Response OSI: Notifications Internet: Traps/Notifications Transfer Protocols Manager Applications Operations / Requests / Responses Traps / Notifications Agent Applications Manager Communication Module SNMP (Internet) CMIP (OSI) Agent Communication Module Transport Layers UDP / IP (Internet) OSI Lower Layer Profiles (OSI) Transport Layers c-l vs. c-o/c-l Physical Medium Figure 3.12 Management Communication Transfer Protocols 5. Functional Model OSI Functional Model Configuration Management Fault Management Performance Management Security Management Accounting Management 6. Abstract Syntax Notation One: - ASN.1 • ASN.1 is more than a syntax; it’s a language • Addresses both syntax and semantics • Two type of syntax • Abstract syntax: set of rules that specify data type and structure for information storage • Transfer syntax: set of rules for communicating information between systems • Makes application layer protocols independent of lower layer protocols • Can generate machine-readable code: Basic Encoding Rules (BER) is used in management modules http://www.strongsec.com/zhw/KSy_ASN1.pdf Abstract Syntax & Transfer Syntax Backus-Nauer Form (BNF) Definition: (Production) <name> ::= <definition> Rules: <digit> ::= 0|1|2|3|4|5|6|7|8|9 <number> ::= <digit> | <digit><number> <op> ::= +|-|x|/ <SAE> ::= <number>|<SAE>|<SAE><op><SAE> Example: • 9 is primitive 9 • 19 is construct of 1 and 9 • 619 is construct of 6 and 19 Data Type and Value • Assignments • <BooleanType> ::= BOOLEAN • <BooleanValue> ::= TRUE | FALSE • Primitive ASN.1 data types in SNMPv1 • • • • INTEGER OCTET STRING OBJECT IDENTIFIER NULL • All in Capital letters keywords Type and Value Assignments Subtype Syntax: <subtype name> ::= <type> ( <constraint> ) Examples: Counter ::= INTEGER ( 0..4294967295 ) IpAddress ::= OCTET STRING ( SIZE(4) ) Spring ::= Months ( march | april | may ) Summer ::= Months ( june | july | august ) SmallPrime ::= INTEGER ( 2 | 3 | 5 | 7 | 11 ) ExportKey ::= BIT STRING ( SIZE(40) ) ASN.1 Data Types Basic Types BOOLEAN, INTEGER, BIT STRING, OCTET STRING, NULL, OBJECT IDENTIFIER, REAL, ENUMERATED, NumericString, PrintableString, IA5String, UTCTime, GeneralizedTime, CharacterString Constructed Types CHOICE SEQUENCE, SEQUENCE OF SET, SET OF Example Married ::= BOOLEAN Age ::= INTEGER Picture ::= BIT STRING Form ::= SEQUENCE { name PrintableString, age Age, married Married, marriage-certificate Picture } Example Payment-method ::= CHOICE { check Check-number, credit-card SEQUENCE { number Card-number, expiry-date Date } } Data Type: Example 1 PersonnelRecord ::= SET { Name, title GraphicString, division CHOICE { marketing [0] SEQUENCE {Sector, Country}, research [1] CHOICE {product-based [0] NULL, basic [1] NULL}, production [2] SEQUENCE {Product-line, Country } } } Tag Data Type: Example 2 Trade-message ::= SEQUENCE { invoice-no INTEGER, name GraphicString, details SEQUENCE OF SEQUENCE { part-no INTEGER, quantity INTEGER }, charge REAL, authenticator Security-Type } Enumerated Integer IpRouteType ::= INTEGER { other(1), invalid(2), direct(3), indirect(4) } Object Name itu 0 internet OBJECT IDENTIFIER ::= { iso(1) org(3) dod(6) internet(1) } private OBJECT IDENTIFIER ::= { internet 4 } The object identifier (OID) of internet is 1.3.6.1 The object identifier (OID) of private is 1.3.6.1.4 iso 1 org 3 dod 6 internet 1 private 4 enterprise 1 IBM 2 iso-itu 2 ASN.1 Module • ASN.1 module is a group of assignments person-name { first middle last } Person-Name ::= "John", "I", "Smith" • person-name module name • Person-name module Module <module name> DEFINITIONS ::= BEGIN <name> ::= <definition> <name> ::= <definition> … <name> ::= <definition> END ASN.1 Keyword Examples CHOICE SEQUENCE SEQUENCE OF SET SET OF INTEGER NULL OCTET STRING List of alternatives Ordered list maker Ordered array of repetitive data Unordered list maker Unordered list of repetitive data Any negative or non-negative number A placeholder String of octets (8-bit bytes) OBJECT IDENTIFIER A sequence of non-negative numbers to uniquely identify an object ASN.1 Symbols Symbol Meaning ::= Defined as | or, alternative, options of a list - Signed number -- Following the symbol are comments {} Start and end of a list [] Start and end of a tag () Start and end of subtype .. Range ASN.1 Data Type Conventions Data Types Convention Example Object name Initial lowercase letter Application data type Module Initial uppercase letter sysDescr, etherStatsPkts Counter, IpAddress Initial uppercase letter PersonnelRecord Macro, MIB module All uppercase letters RMON-MIB Keywords All uppercase letters INTEGER, BEGIN Data Type: Structure & Tag Data Type Tag • Structure defines how data type is built • Tag uniquely identifies the data type Structure Number Simple Structured Tagged Other Universal Class Application Figure 3.15 ASN.1 Data Type Structure and Tag Contextspecific Private Structure • Simple PageNumber ::= INTEGER ChapterNumber ::= INTEGER • Structured / Construct BookPageNumber ::= SEQUENCE {ChapterNumber, Separator, PageNumber} • Tagged • Derived from another type; given a new ID • In Fig. 3-14, INTEGER is either universal or application specific • Other • CHOICE, ANY Structured Type SEQUENCE SEQUENCE OF Ordered array of repetitive data SET Ordered list maker Unordered list maker SET OF Unordered list of repetitive data Tag • Tag uniquely identifies a data type • Comprises class and tag number • Class: • Universal - always true • Application - only in the application used • Context-specific - specific context in application • Private - used extensively by commercial vendors Tag Examples BOOLEAN INTEGER PageNumber product-based Universal 1 Universal 2 [APPLICATION 3] Context-specific under research [0] Counter ::= [APPLICATION 1] INTEGER (0..4294967295) Informal description of personnel record Name: John P Smith Title: Director Employee Number 51 Date of Hire: 17 September 1971 Name of Spouse; Mary T Smith Number of Children 2 Child Information Name Ralph T Smith Date of Birth 11 November 1957 Child Information Name Susan B Jones Date of Birth 17 July 1959 ASN.1 description of the record structure PersonnelRecord ::= [APPLICATION 0] IMPLICIT SET { Name, title [0] VisibleString, number EmployeeNumber, dateOfHire [1] Date, nameOfSpouse [2] Name, children [3] IMPLICIT SEQUENCE OF ChildInformation DEFAULT { } } ChildInformation ::= SET { Name, dateOfBirth [0] Date } Name ::= [APPLICATION 1] IMPLICIT SEQUENCE { givenName VisibleString, initial VisibleString, familyName VisibleString } EmployeeNumber ::= [APPLICATION 2] IMPLICIT INTEGER Date ::= [APPLICATION 3] IMPLICIT VisibleString -- YYYYMMDD ASN.1 description of a record value { {givenName “John”, initial “T”, familyName “Smith”}, title “Director” number “51” dateOfHire “19710917” nameOfSpouse {givenName “Mary”, initial “T”, familyName “Smith”}, children { { {givenName “Ralph”, initial “T”, familyName “Smith”}, dateOfBirth “19571111” }, { {givenName “Susan”, initial “B”, familyName “Jones”} dateOfBirth “19590717” } } } 7. BER Encoding BER (Basic Encoding Rule) TLV Encoding Structure Type Class (7-8th bits) Length P/C (6th bit) P/C: Primitive/Construct 0/1 T: Tag Value Tag Number (1-5th bits) Class Universal Application Context-specific Private 8th bit 0 0 1 1 7th bit 0 1 0 1 TLV INTEGER Primitive: T L V SEQUENCE Construct: T L T L V T V L V Universal Class Tag Binary 00 0 00010 00 0 00100 00 0 00101 00 0 00110 00 1 10000 Hex 02 04 05 06 30 Tag Universal Universal Universal Universal Universal Tag Name 2 4 5 6 16 INTEGER OCTET STRING NULL OBJECT IDENTIFIER SEQUENCE / SEQUENCE OF Page 127 Tag numbers 31 1000 0000 30 0A 1A 04 4A 61 6E 65 51 02 00 80 Example: SNMP Message Tag Message ::= SEQUENCE { version INTEGER { version-1(0) }, community OCTET STRING, data ANY } 30 02 04 Example: SNMP Message Type 30: SEQUENCE Length 82 01 c0: 448 octets 82: 10000010 Type 30: SEQUENCE Length 32: 50 octets 8. Macros <macroname> MACRO ::= BEGIN TYPE NOTATION ::= <syntaxOfNewType> VALUE NOTATION ::= <syntaxOfNewValue> <auxiliaryAssignments> END Macro Example OBJECT-TYPE MACRO ::= BEGIN TYPE NOTATION ::= "SYNTAX" type (TYPE ObjectSyntax) “ACCESS" Access "STATUS" Status VALUE NOTATION ::= value (VALUE ObjectName) Access ::= "read-only" | "read-write“ | "write-only | "not-accessible" Status ::= "mandatory” | "optional“ END | "obsolete" Object-Type Example sysName OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) ACCESS read-write STATUS mandatory ::= { system 5 } Marco Example 2 CAR MACRO::= BEGIN TYPE NOTATION ::= Brand Engine CarType Year VALUE NOTATION ::= value (VALUE OBJECT IDENTIFIER) Brand ::= “BRAND” value (PrintableString) Engine ::= “CC” Ccs Ccs ::= Cc | Ccs”,” Cc Cc ::= value (INTEGER (600..5000)) CarType ::= “STYLE” CType CType ::= “Sedan” | “Liftback” | “SUV” | “Other” Year ::= “YEAR” value (INTEGER) END Camry CAR BRAND Toyota CC 2000, 2400, 3000 STYLE Sedan YEAR 2006 ::= {toyota 3}