2. Overview
SNMP (Simple Network Management Protocol) -
It is an Internet-standard protocol for managing devices (routers,
switches, printers, workstations, servers etc.) on IP network. The
standard was defined by IETF RFC 1157 in May of 1990.
It can be used to monitor the health of your routers, servers, and
other pieces of network hardware, but you can also use it to
control your network devices and even send pages or take other
automatic action if problems arise.
SNMP is an application layer protocol which uses User Datagram
Protocol (UDP) for transport layer and Internet Protocol (IP) in the
network layer of the TCP/IP protocol suite. SNMP requests are
transmitted as UDP datagrams over a connectionless transmission
interface between SNMP Manager and Agent (Residing in the
device to be monitored). Communication is preformed via UDP on
ports 161 and 162.
2
3. Key Components
Managed Object (MO) – A resource that is supervised and
controlled by the SNMP manager (e.g. switch, workstation etc.). MO
can represent one or more resources or relationship between
resources. MO has certain properties called attributes.
Attribute – It describes the characteristics, current state and
condition of the operation on the MO. An Attribute value is
associated with each Attribute. For example a switch may have an
attribute called status and value “operational”.
Management Information Base (MIB) – It is a database containing
information about elements to be managed In the MIB. Each
resource is represented as an MO. Each MO is identified using a
unique Object Identifier (OID). It Provides a map between numeric
OIDs and a textual human readable form.
Structured Management Information (SMI) - It defines the
framework within which an MIB can be defined and constructed. It
defines the data types that can be used and how MOs can be
represented and named in the MIB. It is defined in RFC 1155.
3
4. Key Components
Abstract Syntax Notation one(ASN.1) - SMI specifies use of ASN.1
to describe MIB variables. It is a notation (representation) that
describes an abstract syntax for data types such as integers,
counters etc. It has a set of simple data types and structure types
that are used to define MIB structure.
Basic Encoding Rule (BER) - It describes the actual representation
of data. It provides a set of rules to develop bit level data for
communication. The rule require that each type need to be
converted to a data element.
Data Element – It consist of three components – Type , Length
and value (TLV). Type indicates whether the data element is a
OBJECT IDENTIFIER or a Sequence etc. Length indicates length of
content in octets. Value indicates the actual information of data
element. It can be of variable length.
V
T L T L V T L V
4
5. Key Components
SNMP Agent –
Network device runs a SNMP agent as a daemon process which answers
requests from the Manager. It makes the Object (MO) visible to
Manager. It performs action on the Object requested by a Manager. It
also notifies any change in the state of Object to Manager.
SNMP Manager –
It manages the system. It controls the MO by sending action request to
agent. It can only deal with the MOs that the agent allows it to see.
Several managers may share the same agent. Several managers may
control the same MO.
Working principle -
Network device runs an SNMP agent as a daemon process which
answers requests from the network. The agent populates the MIB which
provides a large number of Object Identifiers and makes them available.
An SNMP manager (client) can then query the agent’s OIDs for specific
information.
5
6. Key Components
SNMP Community –
SNMP agent establishes a community with a set of managers
based on the authentication and access privileges required for
them to access the MIB or a subset of the MIB. Agent can define
different communities based on the access privileges required for
a set of managers. Each community is given a name. When agent
receives a request from a Manager, it verifies the “community
name” in the request message for authentication and provides
limited access to MIB based on access policy.
Traps –
It enables an agent to send asynchronous messages to the
managers. It is used to inform the managers of some significant
event (e.g. link-down, cold-start ).
6
7. Example of SMI
structure
Below is a part of the Structure of Management Information of
System Object Group in ASN.1. It declares “system” as a MIB
Object.
RFC1214-MIB DEFINITIONS :: = BEGIN
IMPORTS
TimeTicks, IpAddress, Counter
FROM RFC1151-SMI;
OBJECT-TYPE
FROM RFC-1212;
system OBJECT INDENTIFIER :: = { mib-2 1}
sysUpTime OBJECT-TYPE TimeTicks (.001a):
SYNTAX TimeTicks Time since last
ACCESS read-only
STATUS mandatory
:: = { system 3}
.
.
END
7
8. Defining a Table
Defining a two dimensional table in ASN.1 –
Define tcpConntable as a table containing TCPConnEntry as row.
Each instance of TcpConnEntry will be considered as a row.
tcpConntable OBJECT-TYPE
SYNTAX Sequence of TcpConnEntry
ACCESS not-accessible
STATUS mandatory
Description
“A table containing TCP connection specific information”
:: = { tcp 13}
8
9. Defining a Table
Define columns (TcpConnEntry ) and Index -
tcpConnEntry OBJECT-TYPE
SYNTAX TcpConnEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
“Information about a particular current TCP connection”
INDEX { tcpConnState,
tcpConnLocalAddress,
tcpConnLocalPort,
tcpConnremAddress,
tcpConnLocalPort
}
:: = { tcpConnTable 1}
9
11. Defining a Table
Define column entry -
tcpConnLocalAddress OBJECT-TYPE
SYNTAX IpAddress
ACCESS read-only
STATUS mandatory
DESCRIPTION
“The local IP address of this TCP connection”
:: = { tcpConnEntry 2 }
tcpConnLocalPort OBJECT-TYPE
SYNTAX INTEGER {0 …65535}
ACCESS read-only
STATUS mandatory
DESCRIPTION
“The Local port number for this TCP connection”
:: = { tcpConnEntry 3 }
11
12. Defining a Table
Define column entry -
tcpConnRemoteAddress OBJECT-TYPE
SYNTAX IpAddress
ACCESS read-only
STATUS mandatory
DESCRIPTION
“The Remote IP address of this TCP connection”
:: = { tcpConnEntry 4 }
tcpConnRemotePort OBJECT-TYPE
SYNTAX INTEGER {0 …65535}
ACCESS read-only
STATUS mandatory
DESCRIPTION
“The Remote port number for this TCP connection”
:: = { tcpConnEntry 5 }
12
13. Defining a Table
Define column entry -
tcpConnRemoteAddress OBJECT-TYPE
SYNTAX IpAddress
ACCESS read-only
STATUS mandatory
DESCRIPTION
“The Remote IP address of this TCP connection”
:: = { tcpConnEntry 4 }
tcpConnRemotePort OBJECT-TYPE
SYNTAX INTEGER {0 …65535}
ACCESS read-only
STATUS mandatory
DESCRIPTION
“The Remote port number for this TCP connection”
:: = { tcpConnEntry 5 }
13
14. Defining a Table
The tcpConnTable table with column entries will be as below.
OID is mentioned for each column.
tcpConnState
1.3.6.1.2.1.6.
13.1.1
tcpConnLocal
IpAddress
1.3.6.1.2.1.6.
13.1.2
tcpConnLocal
Port
1.3.6.1.2.1.6.
13.1.3
tcpConnRemote
IpAddress
1.3.6.1.2.1.6.
13.1.4
tcpCnnEntry oid for rows = 1.3.6.1.2.1.6.13 .1
tcpConnRemo
tePort
1.3.6.1.2.1.6.
13.1.5
5 10.0.0.56 12 9.3.5.13 15
4 0.0.0.0 98 0 0
7 10.0.0.56 14 102.34.56.8 84
14
15. Defining a TRAP
Traps - It is an asynchronous message sent by
agent to Manager. It sends the trap to desired
managers based on the Trap configuration file
entry.
tcpConnRemoteAddress TRAP-TYPE
ENTERPRISE frame-relay
VARIABLES (frCircuitIndex, frCircuitInDlci, frCircuitState)
DESCRIPTION
“Trap for frCircuitState state change notification”
:: = 1
15
16. MIB Tree
It is a MIB tree which displays the various groups and
their associated OID.
ROOT
ITU-T(0) ISO(1) Joint-ISO-ITU-T(2)
STND(0)
REG-AUTH(1)
MEM(2)
CC ( iISO3166)
IE-ORG(3)
ICD (ISO 6523)
DOD(6)
Internet(1)
Mgmt(2)
Mib-2(1)
Interfaces(2)
Interfaces is uniquely identified as 1.3.6.1.2.1.2
16
17. SNMP Packet Data Unit
Information is exchanged between a agent and a manager in the form of a
SNMP message. Each message includes SNMP version number, community
name and SNMP PDU.
version community SNMP PDU
(SNMP message format)
SNMP PDU can be one of the following types of PDUs as below.
PDU type request-id error–status error-index Variable-bindings
PDU
type
Enter
prise
Agent-addr
Generic
-trap
Specific
-trap
Time-
Stamp
Variable-bindings
(PDU)
variable-bindings
PDU type request-id 0 0 name1 value1 … nameN valueN
(Request PDU)
(Response PDU)
(Trap PDU)
17
18. Transmission of SNMP
Messages
Variable Binding –
All SNMP operation involve access to an Object instance .SNMP allows
grouping a number of same type of operations (get , set) in to a single
message. To implement this all SNMP PDUs include a variable binding
field. The field consist of a sequence of reference to object instance and
corresponding value of the object. The variable binding part is ignored
where PDU is concerned only with name of the object instance.
SNMP performs following actions to transmit any of the PDUs to
another SNMP entity.
• PDU is constructed using ASN.1 structures defined in RFC 1157.
• This PDU is then passed to Protocol Entity to construct a SNMP
message consisting of version, community name and the PDU.
• The new ASN.1 Object is encoded using BER and passed to transport
service.
18
19. Receipt of SNMP Messages
SNMP performs following actions after receiving any SNMP message
from another SNMP entity.
• It does a basic syntax check and discards the message if check
fails
• It verifies version number and discards the message if version
mismatch
• If authentication fails then Protocol Entity generates a TRAP and
discards the message.
• If authentication succeeds , a PDU in the form of an ASN.1 object
that confirms to RFC 1157 is returned
• Protocol entity does basic syntax check and discards the PDU if
fails
• Using community name, appropriate access policy, PDU is
processed.
19
21. MIB-2 mib groups
Part of the MIB-2 groups are shown below.
system(1)
sysDescr(1)
sysObjectid(2)
sysUpTime(3)
sysContact(4)
sysName(5)
sysLocation(6)
sysServices(7)
Interface(2)
ifNumber(1)
IfTable(2)
ifEntry(1)
ifIndex(1)
ifDescre(2)
ip(4)
ipForwarding(1)
ipDefaultTTL(2)
ipInreceives(3)
ipAddrTable(20)
ifOperStatus(8)
ifSpecific(22)
ipAddrEntry(1)
ipAdpEntAddr(1)
ipAdEntifindex(2)
ipAdEntNetMask(3)
ipAdEntBcastAddr4)
ipAdEnReasmMaxSize(5)
(MIB-2 System Group) (MIB-2 Interface Group) (MIB-2 IP Group)
22. Accessing Object Values
Retrieving a simple object value -
To access “Sysdescr” value from “MIB 2 system group”
snmpGet option Hostname community 1.3.6.1.2.1.1.1.0
Response possible - 1.3.6.1.2.1.1.1.0 , value = <Name of SNMP agent>
Retrieving a number of simple object value -
To access multiple simple objects “sysDescr”, “sysObjectid”, “sysName”, and
“sysLocation” values from MIB-2 system group
snmpGet option Hostname community 1.3.6.1.2.1.1.1.0, 1.3.6.1.2.1.1.2.0,
1.3.6.1.2.1.1.6.0, 1.3.6.1.2.1.1.7.0
Response possible - 1.3.6.1.2.1.1.1.0 , value = <Name of SNMP agent>
1.3.6.1.2.1.1.2.0, value = 10
1.3.6.1.2.1.1.6.0, value = Drone
1.3.6.1.2.1.1.7.0, value = Bangalore
22
23. Accessing Object Values
To access multiple simple objects udpIndatagrams, udpNoPorts,
udpInError, updOutDatagrams values from MIB-2 UDP group
snmpGetNext option Hostname –c community 1.3.6.1.2.1.7.1.0,
1.3.6.1.2.1.7.2.0, 1.3.6.1.2.1.7.3.0, 1.3.6.1.2.1.7.4.0
Agent will return values in lexicographic order–
1.3.6.1.2.1.7.1.0, value = 90
1.3.6.1.2.1.7.2.0, value = 1
1.3.6.1.2.1.7.3.0, value = 2
1.3.6.1.2.1.7.4.0, value = 120
If udpNoPorts is not supported then agent will retun the value of
next OID in lexicographic order i.e. udpInError and finally
udpOutputdatagrams.
23
24. Accessing Table Values
Accessing Table values –
If contents and no. of rows are not known , then snmpGetNext can be
invoked with column names. Agent will respond with values of first row.
• Retrieve a value using table index -
Use an index into the table to select the field which uniquely
indentifies the row. To get netmask in the ipAddrtable (MIB-2 IP
group) for a router whose ipaddress is 100.90.22.7
snmpGet hostname -c public 1.3.6.2.1.4.20.1 3 100.90.22.7
• Retrieve a value using GetNext
Get operational status on interface 1 (Interface group)
snmpGetNext hostname -c public 1.3.6.1.2.1.2.2.1.8.1
Response - 1.3.6.1.2.1.2.2.1.8.2, value = 1
24
25. Object and Table Modification
Modify Object value
Set sysName for a router in MIB-2 system group
SNMPset hostname –c community 1.3.6.1.2.1.1.5.0
value=“CiscoRouter1”
Possible response - 1.3.6.1.2.1.1.5.0 , value = “CiscoRouter1”
Update table value
To update ipRouteMetric1 in ipAddrTable (MIB-2 ip group) for a
router with ip address 100.90.22.7
SNMPset hostname –c community 1.3.6.2.1.4.21.1 3 value = 5
100.90.22.7
25
26. Object and Table Modification
Add a new row
In the SNMPset command, assign index a new value and assign
all columnar objects with desired value. When agent finds an
index value that is not available in the Table, then based on the
policy configured, it may create a new row or reject the request
with an error “noSuchName”
Delete a row
To delete ipRouteMetric1 in ipAddrTable (MIB-2 ip group) for a
router with ip address 100.90.22.7
SNMPset hostname –c community 1.3.6.2.1.4.21.1 3 value = invalid
100.90.22.7
Based on the implementation agent will either the delete the row
from MIB ro mark it as deleted.
26
27. SNMP V2 Commands
SNMPwalk –
It traverses the MIB tree based on a starting OID. By default with no
OID, it returns the MIB-II OIDs.
Walk on mgmt.mib-2.system group tree
SNMPwalk switch2 1.3.6.1.2.1.1
Possible response -
system.sysObjectID.0: OBJECT IDENTIFIER: iso.org.dod. internet. private.
enterprises.cisco.
system.sysUpTime.0 : Timeticks: (168113316) 19 days, 10:58:53.16
system.sysContact.0 : DISPLAY STRING- (ascii): J.C.M. Pager 555-1212
system.sysName.0 : DISPLAY STRING- (ascii): witch2.com
system.sysLocation.0 : DISPLAY STRING- (ascii): Bangalore
system.sysServices.0 : INTEGER: 6
27
28. SNMP V2 Commands
SNMPbulk –
It retrieves a chunk of information in one operation, as opposed to
a single get or sequence of get-next operations.
Get all info on ifInOctets and ifOutOctets in MIB-2 Interface group
nonrepeaters and max-repetitions are set with the 0 and 3.
SNMPbulkget -v2c -B 0 3 dec.com public ifInOctets ifOutOctets
Possible Response -
interfaces.ifTable.ifEntry.ifInOctets.1 = 70840
interfaces.ifTable.ifEntry.ifOutOctets.1 = 70840
interfaces.ifTable.ifEntry.ifInOctets.2 = 143548020
interfaces.ifTable.ifEntry.ifOutOctets.2 = 111725152
interfaces.ifTable.ifEntry.ifInOctets.3 = 0
interfaces.ifTable.ifEntry.ifOutOctets.3 = 0
28
29. SNMPV2 Enhancements
• New data types Introduced – Unsigned32 and Counter64
• New Error messages introduced –
– noSuchObject or noSuchInstance
– endOfMibView
• Set is done in two phases
– Validation of each variable, incase of failure operation aborted.
• Enhancement on Trap
– Each trap is assigned an OID.
– New macro NOTIFICATION-TYPE
– Timestamp and trap identifier is moved to variable list
• New commands – snmpwalk and snmpbulk
• Communication between managers using inform-request
29
30. SNMPV3 Enhancements
It consist of two layers – Application and SNMP Engine.
SNMP Engine –
• Dispatcher – Accepts PDU to be sent, supports multiple versions
• Message Processing Subsystem - send messages and extract data
from received messages
• Security Subsystem – provides authenticity and privacy
• Access Control Subsystem – provides authorization service
Application –
Command Generator – initiates Get and SET PDUs
Command Responder – generate Responses
Notification Receiver/Originator – generate responses to inform PDU
Proxy Forwarder – Forwards SNMP messages
30
31. SNMPV3 Enhancements
It consist of two layers – Application and SNMP Engine.
SNMP Engine –
• Dispatcher – Accepts PDU to be sent, supports multiple versions
• Message Processing Subsystem - send messages and extract data
from received messages
• Security Subsystem – provides authenticity and privacy
• Access Control Subsystem – provides authorization service
Application –
Command Generator – initiates Get and SET PDUs
Command Responder – generate Responses
Notification Receiver/Originator – generate responses to inform PDU
Proxy Forwarder – Forwards SNMP messages
31
32. SNMPV3 Enhancements
SNMP V3 MIBs –
• Management target MIB
• Notification MIB
• Proxy MIB
Security –
• User based security
• View based access control
32
33. Limitations of SNMP
• SNMP may not be suitable for management of truly large network
because of the performance limitations of polling.
• SNMP is not well suited for retrieving large volumes of data such as
an entire routing table.
• SNMP traps are unacknowledged. Agent can not be sure of critical
messages being delivered to Manager.
• Basic SNMP is better suited for monitoring than for control.
• SNMP MIB model is limited and does not support applications that
make sophisticated management queries based on object value or
types.
33
34. 34
Send your queries to me -
a_s_sinha@yahoo.com