Presentation is loading. Please wait.

Presentation is loading. Please wait.

Management Architecture and Standards II IACT 418 IACT 918 Corporate Network Planning Gene Awyzio Spring 2001.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Management Architecture and Standards II IACT 418 IACT 918 Corporate Network Planning Gene Awyzio Spring 2001."— Presentation transcript:

1 Management Architecture and Standards II IACT 418 IACT 918 Corporate Network Planning Gene Awyzio Spring 2001

2 SNMP - the Management Protocol Used for TCP/IP SNMP includes the following key capabilities: Get Set Trap The standards do not specify The number of management stations The ratio of management stations to agents

3 SNMP - the Management Protocol Used for TCP/IP In general, it is prudent to have at least two systems capable of performing the management station functions As SNMP is simple it can handle many agents SNMP is designed to be an application-level protocol that is part of the TCP/IP protocol suite which operates over the user datagram protocol (UDP)

4 SNMP - the Management Protocol Used for TCP/IP

5

6 From a management station, three types of SNMP messages are issued on behalf of a management application: GetRequest GetNextRequest SetRequest

7 SNMP - the Management Protocol Used for TCP/IP The first two are two variations of the get function All three messages are acknowledged by the agent in the form of a GetResponse message, which is passed up to the management application

8 SNMP - the Management Protocol Used for TCP/IP An agent may issue a trap message in response to an event that affects the MIB and the underlying managed resources - this is received by the manager SNMP relies on UDP, which is connectionless so SNMP is itself connectionless ie each exchange is a separate transaction between a management station and an agent

9 Trap - Directed Polling Preferred strategy is: A management station can poll all of the agents it knows for some key information Once the baseline is established, the management station refrains from polling Each agent is responsible for notifying the management station of any unusual event

10 Trap - Directed Polling These events are communicated in SNMP messages known as traps Once a management station is alerted to an exception condition, it chooses to take the appropriate action

11 Trap - Directed Polling Trap-directed polling can result in substantial savings of Network capacity Agent processing time Reduces unnecessary polling of agents by managers thus reducing management induced network traffic

12 Limitations of SNMP SNMP may not be suitable for the management of very large networks Each agent needs to be polled and generates trap traffic SNMP is not suited to retrieving large volumes of data such as a entire routing table SNMP traps are unacknowledged meaning the agent generating the trap does not know if the manager received it

13 Limitations of SNMP Basic SNMP standard only provides trivial authentication SNMP does not directly support imperative commands with parameters, conditions, status and results

14 Limitations of SNMP SNMP MIB model is limited not supporting sophisticated management queries based on object values or types SNMP does not support manager to manager communications ie no mechanism for one manager to find out about another network managers, managed network elements

15 SNMPv2 :1991/1992 Networks grow larger and larger SNMPv1 became more and more inadequate OSI implementations and standardization were still not ready Network managers recognised this, so the call went out for an extension to SNMP in the mean time till OSI’s CMIP became available

16 SNMPv2 :1991/1992 One major flaw SNMPv1 did not have any security facilities For this reason SNMPv1 network human managers often disabled the ‘set’ PDU crippling the network management facility

17 Adding Security To address this problem a set of RFC’s called ‘secure SNMP’ was issued as proposed in July 1992 secure SNMP did not address other deficiencies related to performance and functionality of SNMPv1 SMP was also issued in July 1992 as a set of 8 documents, they were not RFC’s They constituted a private proposal to the internet community to upgrade SNMPv1

18 SMP The proposed extensions defined in SMP fell into three categories Scope Size, speed, and efficiency Security and privacy

19 SMP and Secure SNMP The ‘Internet community’ came to the consensus that there should be a second generation SNMP that would include both security and functional enhancements enable users and vendors to make a smooth transition from SNMPv1 to what becomes known as SNMPv2

20 Adding Security Two working groups were formed: one for security aspects one for all other aspects such as protocol and management information Work began in October 1992 to be completed March 1993, but was completed by end of 1992

21 Adding Security The work of the two groups was combined and published as proposed internet standards in March 1993 SNMPv2 was revised in 1996 by an IETF task Force New RFC’s contained no security! The rest of the standard experienced minor changes

22 Community The standard SNMPv2 makes use of the SNMPv1 message wrapper, with its use of the community concept This “administrative framework” for SNMPv2 is termed “community based snmpv2” or SNMPv2c

23 Community In SNMPv1 an SNMP community is a relationship between A SNMP agent A set of SNMP managers That defines authentication, access control, and proxy characteristics

24 Community In SNMPv1 Communities are defined locally within the agent  Each community is given a unique (within the agent) community name The management station must keep track of and store all the community names of each of its managed agents  The management stations within the community are provided with and must use this community name in all set and get operations with this agent There is no reason why the same name may not be used by different agents - as the agent uses this name locally

25 Community The SNMPv2 message is wrapped with a PDU in a SNMPv1 format including a version number A community name

26 What Happened to the Security? Little enthusiasm among vendors and users for the way in which security was specified in the 1993 documents When the work began on the 1996 documents, it was hoped that some minor tune-ups to the security portion would suffice As the effort was nearing completion it was shown that the security portion of snmpv2 was fatally flawed!

27 What Happened to the Security? To make a long story short, there was an extension of the deadline for completing the new snmpv2 documents to allow time for a new consensus to develop on a new security specification Deadlock occurred No consensus reached Time ran out Then the plug was pulled on the process and the new snmpv2 was issued without security enhancements

28 What Happened to the Security? This decision had the advantage of solidifying the specification of the many functional enhancements found in snmpv2, but leads onto the need for another version of SNMP (version 3)

29 Standards RFCTitle 1901 Introduction to community-based SNMPv2 1902 Structure of management information for SNMPv2 1903 Textual conventions for SNMPv2 1904 Conformance statements for SNMPv2 1905 Protocol operations for SNMPv2 1906 Transport mappings for SNMPv2 1907 Management information base for SNMPv2 1908 Coexistence between version 1 and version 2 of the internet-standard network management framework

30 SNMPv2 Enhancements An overall change implemented in SNMPv2 is that it can support either a highly centralized network management strategy or a distributed one For distributed some systems can operate as both a manager and a agent

31 SNMPv2 Enhancements For a system acting in dual modes of agent and manager it: accepts commands from a superior management system it can also issue trap messages to the superior manager

32 SNMPv2 Enhancements The key enhancements to SNMP that are provided in SNMPv2 fall into the following categories: Structure of management information (SMI) Manager-to-manager capability Protocol operations

33 SNMPv2 Protocol operations enhancements (over SNMPv1) The most noticeable change in protocol operations is the inclusion of two new PDUs: GetBulkRequest PDU : enables the manager to retrieve large blocks of data efficiently --- it is well suited to retrieving multiple rows in a table eg routing table. InformRequest PDU : enables one manager to send trap type of information to another manager.

34 SNMPv1 and SNMPv2 coexistence SNMPv2 was designed to co-exist with SNMPv1 This involved two areas of the standards: management information protocol operations Two approaches are described in the standard:  use of proxy agents  use of bilingual managers

35 For the proxy agent:

36 The main point here is that GetBulkRequest is converted to a GetNextRequest with only the first “row” of the table or variables being accessible (but the device is SNMPv1 enabled so its expecting that this is the norm)

37 For the bilingual manager:

38 This setup requires the manager to be able to handle both protocols and manager SNMPv1 and SNMPv2 agents While SNMPv2 provided enhancements in functionality, especially in the manager to manager functions, the lack of security still inhibits the secure use of SNMP on managed networks.

Download ppt "Management Architecture and Standards II IACT 418 IACT 918 Corporate Network Planning Gene Awyzio Spring 2001."

Similar presentations

Chapter 19: Network Management Business Data Communications, 5e.

Chapter 19: Network Management Business Data Communications, 5e.
CIS 203 17 : Network Management. Introduction Network, associated resources and distributed applications indispensable Complex systems —More things can.

CIS : Network Management. Introduction Network, associated resources and distributed applications indispensable Complex systems —More things can.
CCNA – Network Fundamentals

CCNA – Network Fundamentals
Chapter 19: Network Management Business Data Communications, 4e.

Chapter 19: Network Management Business Data Communications, 4e.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 24 Network Management: SNMP.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 24 Network Management: SNMP.
Dr Alejandra Flores-Mosri Network Monitoring Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Explain.

Dr Alejandra Flores-Mosri Network Monitoring Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Explain.
1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.

1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.
TCP/IP Protocol Suite 1 Chapter 21 Upon completion you will be able to: Network Management: SNMP Understand the SNMP manager and the SNMP agent Understand.

TCP/IP Protocol Suite 1 Chapter 21 Upon completion you will be able to: Network Management: SNMP Understand the SNMP manager and the SNMP agent Understand.
CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.

CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.
Pertemuan 10 Perbedaan antar versi SNMP

Pertemuan 10 Perbedaan antar versi SNMP
NS-H0503-02/11041 SNMP. NS-H0503-02/11042 Outline Basic Concepts of SNMP SNMPv1 Community Facility SNMPv3 Recommended Reading and WEB Sites.

NS-H /11041 SNMP. NS-H /11042 Outline Basic Concepts of SNMP SNMPv1 Community Facility SNMPv3 Recommended Reading and WEB Sites.
1 SNMP Simple Network Management Protocol. 2 SNMP Overview Define mechanism for remote management of network devices (routers, bridges, etc.) Fundamental.

1 SNMP Simple Network Management Protocol. 2 SNMP Overview Define mechanism for remote management of network devices (routers, bridges, etc.) Fundamental.
1 Pertemuan 26 Manajemen Jaringan dan Network Security Matakuliah: H0174/Jaringan Komputer Tahun: 2006 Versi: 1/0.

1 Pertemuan 26 Manajemen Jaringan dan Network Security Matakuliah: H0174/Jaringan Komputer Tahun: 2006 Versi: 1/0.
1 System support & Management Protocols Lesson 13 NETS2150/2850 School of Information Technologies.

1 System support & Management Protocols Lesson 13 NETS2150/2850 School of Information Technologies.
Dr Alejandra Flores-Mosri Network Monitoring Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Explain.

Dr Alejandra Flores-Mosri Network Monitoring Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Explain.
COMP4690, by Dr Xiaowen Chu, HKBU

COMP4690, by Dr Xiaowen Chu, HKBU
1 Network Management and SNMP  What is Network Management?  ISO Network Management Model (FCAPS)  Network Management Architecture  SNMPv1 and SNMPv2.

1 Network Management and SNMP  What is Network Management?  ISO Network Management Model (FCAPS)  Network Management Architecture  SNMPv1 and SNMPv2.
SNMP & MIME Rizwan Rehman, CCS, DU. Basic tasks that fall under this category are: What is Network Management? Fault Management Dealing with problems.

SNMP & MIME Rizwan Rehman, CCS, DU. Basic tasks that fall under this category are: What is Network Management? Fault Management Dealing with problems.
SNMP Simple Network Management Protocol

SNMP Simple Network Management Protocol
Chapter 6 Overview Simple Network Management Protocol

Chapter 6 Overview Simple Network Management Protocol

Similar presentations

Ads by Google