Embed Size (px)
Citation preview
Network management can be characterized based on the functions it carries out:
Configuration Management: inventory, configuration, provisioning
Fault Management: reactive and proactive network fault management
Performance Management: number of packets dropped, timeouts, collisions, CRC errors
Security Management: SNMP doesn’t provide much here
Accounting Management: cost management and chargeback assessment
Asset Management: statistics of equipment, facility, and administration personnel
Planning Management: analysis of trends to help justify a network upgrade or bandwidth increase
Network management
SNMP is a UDP-based network protocol. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention. SNMP is a component of the Internet Protocol Suite as defined by the Internet Engineering Task Force (IETF). It consists of a set of standards for network management, including an application layer protocol, a database schema, and a set of data objects.
In typical SNMP use, one or more administrative computers have the task of monitoring or managing a group of hosts or devices on a computer network.
Each managed system (also called Slave) executes, at all times, a software component called an agent which reports information via SNMP to the managing systems (also called Masters).
Simple Network Management Protocol (SNMP)
The Simple Network Management Protocol (SNMP) is an application layer protocol that facilitates the exchange of management information between network devices. It is part of the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite. SNMP enables network administrators to manage network performance, find and solve network problems, and plan for network growth.
Simple Network Management Protocol (SNMP)
Currently, there are three versions of SNMP defined: SNMP v1, SNMP v2 and SNMP v3. Both versions 1 and 2 have a number of features in common, but SNMPv2 offers enhancements, such as additional protocol operations. SNMP version 3 (SNMPv3) adds security and remote configuration capabilities to the previous versions.
• Standardized
• Universally supported
• Extendible
• Portable
• Allows distributed management access
• Lightweight protocol
Advantages of using SNMP
An SNMP-managed network consists of three key components: managed devices, agents, and network-management systems (NMSs).
A managed device is a network node that contains an SNMP agent and that resides on a managed network. Managed devices collect and store management information and make this information available to NMSs using SNMP. Managed devices, sometimes called network elements, can be routers and access servers, switches and bridges, hubs, computer hosts, or printers.
An agent is a network-management software module that resides in a managed device. An agent has local knowledge of management information and translates that information into a form compatible with SNMP.
An NMS executes applications that monitor and control managed devices. NMSs provide the bulk of the processing and memory resources required for network management. One or more NMSs must exist on any managed network.
SNMP Basic Components
SNMP Basic Components
•UDP Port 161 - SNMP Messages
•UDP Port 162 - SNMP Trap Messages
Ethernet Frame IP
PacketUDP
Datagram
SNMP Message CRC
•SNMP uses User Datagram Protocol (UDP) as the transport mechanism for SNMP messages
Ports & UDP
Managed devices are monitored and controlled using four basic SNMP commands: read, write, trap, and traversal operations.
The read command is used by an NMS to monitor managed devices. The NMS examines different variables that are maintained by managed devices.
The write command is used by an NMS to control managed devices. The NMS changes the values of variables stored within managed devices.
The trap command is used by managed devices to asynchronously report events to the NMS. When certain types of events occur, a managed device sends a trap to the NMS.
Traversal operations are used by the NMS to determine which variables a managed device supports and to sequentially gather information in variable tables, such as a routing table.
SNMP Basic Commands
• SNMP is a “client pull” model
• SNMP is a “server push” model
The management system (client) “pulls” data from the agent (server).
The agent (server) “pushes” out a trap message to a (client) management system
Client Pull & Server Push
•Get
•GetNext
•Set
•Trap
Retrieves the value of a MIB variable stored on the agent machine
(integer, string, or address of another MIB variable)
Retrieves the next value of the next lexical MIB variable
Changes the value of a MIB variable
An unsolicited notification sent by an agent to a management application (typically a notification of something unexpected, like an error)
Four Basic Operations
Items in an SNMP Network are called nodes. There are different types of nodes.
•Managed nodes
•Management nodes
•Nodes that are not manageable by SNMP
Typically runs an agent process that services requests from a management node
Typically a workstation running some network management & monitoring software
A node may not support SNMP, but may be manageable by SNMP through a proxy agent running on another machine
Nodes
Community names are used to define where an SNMP message is destined for.They mirror the same concept as a Windows NT or Unix domain.Set up your agents to belong to certain communities.Set up your management applications to monitor and receive traps from certain community names.
Community Names
To do so we create a community string. Think of a community string as a password for certain types of access to the device.
Router(config)# snmp-server community MyCommunity972 RW
Router(config)# snmp-server host 192.168.1.23 version 2c MyCommunity972Router(config)# snmp-server enable traps snmp linkdown linkup coldstart warmstart
To configure the router or switch to send an SNMP trap to host 192.168.1.23 (the NMS) with our community string so we know it’s authentic.
• Traps are unrequested event reports that are sent to a management system by an SNMP agent process
• When a trappable event occurs, a trap message is generated by the agent and is sent to a trap destination (a specific, configured network address)
•Many events can be configured to signal a trap, like a network cable fault, failing NIC or Hard Drive, a “General Protection Fault”, or a power supply failure
•Traps can also be throttled -- You can limit the number of traps sent per second from the agent
•Traps have a priority associated with them -- Critical, Major, Minor, Warning, Marginal, Informational, Normal, Unknown
Traps
•Traps are received by a management application.
•Management applications can handle the trap in a few ways:•Poll the agent that sent the trap for more information about the event, and the status of the rest of the machine.
•Log the reception of the trap.
•Completely ignore the trap.
•Management applications can be set up to send off an e-mail, call a voice mail and leave a message, or send an alpha-numeric page to the network administrator’s pager that says:
Your PDC just Blue-Screened at 03:46AM. Have a nice day. :)
Trap Receivers
SNMP & The OSI Model
Languages of SNMP
•Structure of Management Information (SMI)
•Abstract Syntax Notation One (ASN.1)
•Basic Encoding Rules (BER)
specifies the format used for defining managed objects that are accessed via the SNMP protocol
used to define the format of SNMP messages and managed objects (MIB modules) using an unambiguous data description format
used to encode the SNMP messages into a format suitable for transmission across a network
Abstract Syntax Notation One
ASN.1 is nothing more than a language definition. It is similar to C/C++ and other programming languages.
Syntax examples:-- two dashes is a comment -- The C equivalent is written in the comment
MostSevereAlarm ::= INTEGER -- typedef MostSevereAlarm int;
circuitAlarms MostSevereAlarm ::= 3 -- MostSevereAlarm circuitAlarms = 3;
MostSevereAlarm ::= INTEGER (1..5) -- specify a valid range
ErrorCounts ::= SEQUENCE {
circuitID OCTET STRING,
erroredSeconds INTEGER,
unavailableSeconds INTEGER
} -- data structures are defined using the SEQUENCE keyword
ASN.1
Basic Encoding Rules
The relationship between ASN.1 and BER parallels that of source code and machine code.
CCITT X.209 specifies the Basic Encoding Rules
All SNMP messages are converted / serialized from ASN.1 notation into smaller, binary data (BER)
BER
The Three Parts of SNMP
•Rules specifying the format used to define objects managed on the network that the SNMP protocol accesses
•A map of the hierarchical order of all managed objects and how they are accessed
•Defines format of messages exchanged by management systems and agents.•Specifies the Get, GetNext, Set, and Trap operations
SNMP network management is based on three parts:
•SNMP Protocol
•Structure of Management Information (SMI)
•Management Information Base (MIB)
A Management Information Base (MIB) is a collection of information that is organized hierarchically. MIBs are accessed using a network-management protocol such as SNMP. They are comprised of managed objects and are identified by object identifiers.
A managed object (sometimes called a MIB object, an object, or a MIB) is one of any number of specific characteristics of a managed device. Managed objects are comprised of one or more object instances, which are essentially variables.
Two types of managed objects exist: scalar and tabular. Scalar objects define a single object instance. Tabular objects define multiple related object instances that are grouped in MIB tables.
An example of a managed object is atInput, which is a scalar object that contains a single object instance, the integer value that indicates the total number of input AppleTalk packets on a router interface.
Management Information Base (MIB)
An object identifier (or object ID) uniquely identifies a managed object in the MIB hierarchy. The MIB hierarchy can be depicted as a tree with a nameless root, the levels of which are assigned by different organizations.
The top-level MIB object IDs belong to different standards organizations, while lower-level object IDs are allocated by associated organizations. Vendors can define private branches that include managed objects for their own products. MIBs that have not been standardized typically are positioned in the experimental branch.
The managed object atInput can be uniquely identified either by the object name—iso.identified- organization.dod.internet.private.enterprise.cisco.temporary variables.AppleTalk.atInput—or by the equivalent object descriptor, 1.3.6.1.4.1.9.3.3.1.
Object Identifier (OID)
1.
atinput OID
3. 6. 1. 4. 1. 9. 3. 3. 1
Commercial SNMP ApplicationsHere are some of the various SNMP Management products available today:
•http://www.hp.com/go/openview/ HP OpenView
•http://www.tivoli.com/ IBM NetView
•http://www.novell.com/products/managewise/ Novell ManageWise
•http://www.sun.com/solstice/ Sun MicroSystems Solstice
•http://www.microsoft.com/smsmgmt/ Microsoft SMS Server
•http://www.compaq.com/products/servers/management/ Compaq Insight Manger
•http://www.redpt.com/ SnmpQL - ODBC Compliant
•http://www.empiretech.com/ Empire Technologies
•ftp://ftp.cinco.com/users/cinco/demo/ Cinco Networks NetXray
•http://www.netinst.com/html/snmp.html SNMP Collector (Win9X/NT)
•http://www.netinst.com/html/Observer.html Observer
•http://www.gordian.com/products_technologies/snmp.html Gordian’s SNMP Agent
•http://www.castlerock.com/ Castle Rock Computing
•http://www.adventnet.com/ Advent Network Management
•http://www.smplsft.com/ SimpleAgent, SimpleTester
RFC Description Published Current Status1065 SMIv1 Aug-88 Obsoleted by 11551066 SNMPv1 MIB Aug-88 Obsoleted by 11561067 SNMPv1 Aug-88 Obsoleted by 10981098 SNMPv1 Apr-89 Obsoleted by 11571155 SMIv1 May-90 Standard1156 SNMPv1 MIB May-90 Historic1157 SNMPv1 May-90 Standard1158 SNMPv1 MIB-II May-90 Obsoleted by 12131212 SNMPv1 MIB definitions Mar-91 Standard1213 SNMPv1 MIB-II Mar-91 Standard1215 SNMPv1 traps Mar-91 Informational1351 Secure SNMP administrative model Jul-92 Proposed Standard1352 Secure SNMP managed objects Jul-92 Proposed Standard1353 Secure SNMP security protocols Jul-92 Proposed Standard1441 Introduction to SNMPv2 Apr-93 Proposed Standard1442 SMIv2 Apr-93 Obsoleted by 19021443 Textual conventions for SNMPv2 Apr-93 Obsoleted by 19031444 Conformance statements for SNMPv2 Apr-93 Obsoleted by 19041445 SNMPv2 administrative model Apr-93 Historic1446 SNMPv2 security protocols Apr-93 Historic1447 SNMPv2 party MIB Apr-93 Historic1448 SNMPv2 protocol operations Apr-93 Obsoleted by 19051449 SNMPv2 transport mapping Apr-93 Obsoleted by 19061450 SNMPv2 MIB Apr-93 Obsoleted by 19071451 Manger-to-manger MIB Apr-93 Historic1452 Coexistence of SNMPv1 and SNMPv2 Apr-93 Obsoleted by 19081901 Community-Based SNMPv2 Jan-96 Experimental1902 SMIv2 Jan-96 Draft Standard1903 Textual conventions for SNMPv2 Jan-96 Draft Standard1904 Conformance statements for SNMPv2 Jan-96 Draft Standard1905 Protocol operations for SNMPv2 Jan-96 Draft Standard1906 Transport mapping for SNMPv2 Jan-96 Draft Standard1907 SNMPv2 MIB Jan-96 Draft Standard1908 Coexistence of SNMPv1 and SNMPv2 Jan-96 Draft Standard1909 Administrative infrastructure for SNMPv2 Feb-96 Experimental1910 User-based security for SNMPv2 Feb-96 Experimental
SNMPRFC’s
Thank you
