Simple Network Management Protocol Week 6 MIB data is input in encoded form. Information is then compiled into the central MIB in the NCS. Manageable Devices Router Bridge Network Router Control Station Proxies Many devices to be managed do not support appropriate protocols (UDP and IP). Devices that were not intended to operate in a TCP/IP environment (eg bridges and modems) or for which full management support is not preferable (PCs, workstations, etc) may use a proxy. A proxy may function for one or many of these devices. Proxy Agent Management Station Mapping function Manager process Agent process SNMP SNMP UDP UDP IP IP Network Interface Network Interface Proxied Device Mgt Process Protocol architecture used by proxied device Network Interface Protocol architecture used by proxied device Network Interface SNMP - Simple Network Management Protocol How do NCSs receive or send management information? Messages are sent using SNMP Protocol Data Units (PDUs) Version Community SNMP PDU SNMP MESSAGE PDU Type request-id GetRequest PDU, GetNextRequest PDU, SetRequest PDU 0 0 variablebindings PDU Type request-id errorstatus error- variablebindings index GetResponse PDU PDU enterprise agent- generic- specific- time- variableType addr trap trap stamp bindings Trap PDU Name1 value1 ……. namen variablebindings valuen Operations performed on objects: Get, Set and Trap. Note that it is not possible to request operations to be performed, just to request a change to the state of a value associated with an object. Manager Agent Manager Agent GetRequest PDU GetNextRequest PDU GetResponse PDU GetResponse PDU Get values SetRequest PDU Get next values Trap PDU GetResponse PDU Set values Send trap 12 SNMP Message Transmission PDU is constructed using ASN.1 PDU may be passed to an authentication service Message is then constructed ASN.1 object encoded and passed to transport service SNMP Message Reception Message syntax is checked and is discarded if unable to parse Message version number is checked and discarded if there is a mismatch SNMP Message Reception Authentication is attempted: – If authentication fails, trap is issued – If authentication succeeds, PDU is then examined PDU syntax is checked and discarded if fails to parse SNMP operation is performed Variable Bindings For multiple-object requests and responses, all values for the scalar objects in a particular group from a particular agent may be transferred in the one PDU GetRequest PDU Control station may generate Type = GetRequest request-id = unique identifier for each outstanding request (correlate requests, ignore duplicates) variablebindings = list of object instances for which values are requested GetRequest PDU Request to read value(s) from objects within the managed device. GetNextRequest PDU Type = GetNextRequest request-id = unique identifier for each outstanding request (correlate requests, ignore duplicates) variablebindings = list of object instances for which next the value in order are requested GetNextRequest PDU Permits the requesting of a series of values in order. May allow the request of values for unknown objects SetRequest PDU Type = SetRequest request-id = unique identifier for each outstanding request (correlate requests, ignore duplicates) variablebindings = list of object instances for which next the value in order are requested SetRequest PDU Request to write value(s) to objects in a managed device. Trap PDU Agent notification of a significant event. PDU Type = Trap PDU enterprise = management subsystem that generated the trap agent-addr = IP address of the object generating the trap generic-trap = type of trap specific-trap = nature of the trap Trap PDU time-stamp = time between last init of device and the generation of the trap variablebindings = additional info relating to the trap No response is expected to this message. PDU Loss Since all sets and gets have a response returned, if this does not return within a given time period it can be assumed that the response was lost. Repeat messages may be sent until management station gives up (agent is down or unreachable). PDU Loss Trap message loss will not be detected. Thus traps should be used for early warning of a significant event, not as the only indication of an event of significance. SNMP GetRequest for data item sysDescr Selection of a Management Station Features: Extended MIB support Intuitive Interface Automatic Discovery Programmable Events Advanced Network Control OO Management Custom Icons Polling To obtain information from manageable devices, an NCS must perform GetRequest and GetNextRequest operations. The management station polls the devices for the requested information. The NCS must regularly poll devices to obtain an up-to-date view of the network conditions (congestion, device failure, etc). Polling The load on the management station may be significant if the number of polled devices is large. Also, the network load due to polling traffic may be excessive. The balance between loading and upto-date information is not easy to compute. Trap directed Polling may limit traffic SNMPv2 In SNMPv1 community variable being sent in set messages means that systems could be attacked at any opportunity. New data structures where added. SNMPv3 Authentication Timeliness Privacy Discovery (from other SNMP engines) Key Management WINSNMP Microsoft and associated partners have developed support for SNMP in Windows Operating Systems via an engine designed to support SNMP protocols. Many developers have provided 16 and 32-bit WINSNMP.DLL support. Programming for SNMP management can be in any language that supports calls to the DLL via libraries or via function calls. Examples Ref: Optivity SNMP Debugging for Dummies, Bay Networks So let’s put the information absorbed so far into an example. If you were to write the complete path to the mgmt node, you would write it as: iso(1) org(3) dod(6) internet(1) mgmt(2) which is equivalent to the numerical OID string of: .1.3.6.1.2 Examples These 5 groups are mandatory for any SNMP manageable object: system(1) interfaces(2) at(3) ip(4) icmp(5) A MIB-II compliant SNMP agent may support more groups than these five, but it is expected to support at least these five groups. Examples Let’s call the combination of agent and object an “entity” for simplicity’s sake. Here are some (but not all) of the objects in this group: sysDescr(1) A description of the entity in somewhat “human” terms. This description may contain some very good information. Then again, it may not. sysObjectID(2) - A complete OID string defined by the vendor who created the entity. This object is used extensively by Optivity (and other SNMP applications) to quickly identify what kind of SNMP agent the application is talking to. sysUpTime(3) - Hey! This is the MIB object of our example. Go back and read the DESCRIPTION to see what this object does. sysContact(4) - This object could possibly contain the name of the person locally responsible for the entity. Many times, this field will be blank. It may be blank because no one remembered to set a value for it. It might be blank because no one really wants to take responsibility for the entity. The other objects in this group may be blank as well, since they represent things like the Name and Location of the entity. Examples The complete path to the sysUpTime(3) object is: iso(1) org(3) dod(6) internet(1) mgmt(2) mib(1) system(1) sysUpTime(3) or .1.3.6.1.2.1.1.3 Examples .1.3.6.1.2.1.1 which is equivalent to iso(1) org(3) dod(6) internet(1) mgmt(2) mib(1) system(1) when queried, it would return the value for sysDescr, sysObjectID, sysUpTime, sysContact, and all the other objects within the system(1) node. Example Each MIB object also has what is called an instance. Imagine a router - a device with multiple network interfaces. There exists a MIB object that contains information about the type of interface(s) used by an entity (where in this case, the entity is a router). This MIB object is: iso(1) org(3) dod(6) internet(1) mgmt(2) mib(1) interfaces(2) ifTable(2) ifEntry(1) ifType(3) So in our example, we have four instances: ifType.1, ifType.2, ifType.3, and ifType.4. Common Problems Ref: Optivity SNMP Debugging for Dummies, Bay Networks The agent is not responding to any network requests at all, or the network that the agent is on is not reachable. You can quickly check this by attempting to ping the device in question. The request sent used an SNMP Community string to which the agent was not authorized to respond. Common Problems Beware of ping - uses a different transport to SNMP TCP traffic may be getting through whilst UPD based is getting dropped - traffic congestion Use MIB browser (if SNMP traffic is ok) - Sun package is under Solstice Suite of Management Utilities, or snmpwalk Common Problems Network Management System (NMS) reporting incorrect network utilisation – Debug. The first basic step is to determine if the agent itself is the source of this misinformation. Once this has been established, the issue becomes much more defined and easier to debug. Common Problems How to find in which MIB a particular MIB object resides. Once you have the name of the MIB object (which you figured out by referencing snpx.nnn), all you have to do is use the grep command. $ cd /mibs/mibs/s5000 $ grep s5AgInfoCurDfltGwAddr *.mib Common Problems You can also use this method to look for a MIB object that you think might exist. For example, someone asks you if there is a MIB object for the Next Active Upstream Neighbor (NAUN) during a beacon condition on a Token Ring network made up of System 5000 hubs (5510 NMMs). So, the first step would probably be to grep for “Beacon” within the System 5000 mibs. $ cd /mibs/mibs/s5000 Scanning through this output, you should notice the line: s5tok121.mib: s5TrRingInfoBeaconNaun MacAddress, This tells us that the s5tok121.mib file contains a reference to something called an “s5TrRingInfoBeaconNaun”. This sounds like a pretty close match.