2 AGENDA Introduction. SNMP Managed Network Technology. SNMP Basic Commands.SNMP Management Information Base (MIB).SNMP VERSION 1 (SNMPv1).SNMPv1 Message Formats.SNMP VERSION 2 (SNMPv2).SNMPv2 Proxy Agents.SNMP Security.Conclusion.
3 INTRODUCTION Defined in RFC 1157. UDP port 161/162 Application layer protocol that is designed to exchange the network management information between network devices.Helps system administrators to monitor network attached devices, solve network problems and plan for future growth on network.3 versions: SNMPv1, SNMPv2, SNMPv3(Standardization Pending).Consists of standards for network management, including Application layer protocol, a database schema and a set of data objects.Uses managed systems that exposes management data in the form of variables.Managing application can also query these variables.
5 SNMP MANAGED NETWORK TECHNOLOGY Consists of 3 key components Network Management System (NMS), Agents, Managed Devices.Managed Devices: A node in a network that contains SNMP agent. Stores and collects management information and provide it to NMS. Also called as network elements. Can be router, switch, server.Agents: Agent is software module. It resides in managed device. Contains knowledge about management information. Translates that knowledge into SNMP compatible format. Consists of Master agents and Sub agents.NMS: Contains applications that monitors and controls managed devices. Provides memory and processing resources required for managing network. Their can be more than 1 NMS in the managed network.
6 SNMP BASIC COMMANDSFour basic commands: read, write, trap, traversal operations.Read: Shows variables that are maintained by managed devices on NMS. (GET, GET-NEXT)Write: Controls managed devices. Used by NMS to modify the values of variables stored in managed devices. (SET)Trap: Executed by managed devices to asynchronously report any event to NMS. (TRAP)Traversal Operation: Used by NMS. Collects information about variable tables such as routing tables.
7 SNMP Management Information Base (MIB) MIB Tree with hierarchy assigned by different organizationReference:
8 SNMP Management Information Base (MIB) MIB: Hierarchically organizes information. Accessed using SNMP protocol. Consists of managed objects. Identified by object identifiers.Managed Objects: Also called as MIB object. One of the characteristics of managed device. Comprised of one or more object instances. One of the variable. Consists of 2 managed objects scalar and tabular. Scalar object defines the instance of single object. Tabular objects defines the instances of multiple related objects.Object Identifier (Object ID): Provides unique identification of managed object in MIB hierarchy.MIB hierarchy has a tree with nameless root. Levels are assigned by different organizations.The managed object at the input can either be identified by object name or by equivalent object descriptor.
9 SNMP VERSION 1 Operates over UDP, IP, CLNS, DDP and IPX. Widely used in industry.SMNPv1 and Structure of Management Information (SMI): Defines rules describing managements information using ASN.1. Consists of 3 specific data type : a) ASN.1 data typesb) SMI-specific data typesc) SNMP MIB tables.ASN.1 data types: Consists of name, syntax and encoding. Name used as Object Id. Syntax defines data types of object. SMI uses subset of ASN.1 syntax definations. Encoding describes how the information associated with managed object is formatted as series of data items.SMI-specific data types: Consists of 2 data types: Simple Data Types, Application-wide Data Types.Simple Data Types: Signed integer ranging from . Sequences from 0 to 65,535 octets.Application-wide Data Types: Consists of network addresses, counters, gauges, time ticks, opaques, integers and unsigned integers.SNMP MIB Tables: Defines highly structured tables that are groups instances of tabular objects. SNMP can retrieve or alter entire row in the table.Protocol Operation: NMS issues a request and managed devices return responses. Get operation is issued by NMS to retrieve the value of one or more object instances. GetNext retrieves the value of next object instance. Set is used to modify the value of object instance.
10 SNMPv1 Get, GetNext, Response and Set PDU’s contains same fields SNMPv1 MESSAGE FORMATSConsists of Message header and PDU.Message Header: Contains 2 fields Version Number and Community Name.Version Number: Specifies SNMP version.Community Name: Provides access environment for group of NMS. NMS in the community are said to be in the same administrative domain.PDU: Contains specific command and the operand that are involved in the transactions. PDU fields are variable in length.SNMPv1 Get, GetNext, Response and Set PDU’s contains same fieldsReference: ttp://
11 SNMPv1 MESSAGE FORMATSPDU Types: Specifies the type of PDU transmitted.Request ID: Associates SNMP request and responses.Error Status: Indicates number of errors and error types. Set by response operation.Error Index: Associates error with a particular object instances. Set by response operation.Variable Bindings: Acts as a data field for SNMPv2 PDU. Associates object instance with its current value.
12 SNMPv1 MESSAGE FORMATS TRAP PDU FORMAT Reference:
13 SNMPv1 MESSAGE FORMATS TRAP PDU FORMAT Enterprise: Identifies the type of object generating trap.Agent Address: Provides the address of managed object generating trap.Generic Trap Types: Indicates one of a number of generic trap types.Specific trap codes: Indicates one of number of specific trap codes.Time Stamp: Provides a amount of time that has elapsed between the last network reinitialization and generation of the trap.Variable Bindings: Acts as a data field in SNMPv2PDU. Each variable binding associates a particular object instance with its current value.
14 SNMP VESION 2 Evolution of version 1. Provides additional protocol operation over SNMPv1.SNMPv2 and Structure Management information: Bit strings are defined only in SNMPv2 and comprise of zero or more named bits that specify a value. Supports all types of address as compared to SMNPv1 which offers support only for 32-bit IP address.SNMPv2 supports 32 bit and 64 bit counters as well.SMI Information Modules: Specifies a group of related definitions. 3 types SMI information modules like MIB modules, compliance statements and capability statements. MIB modules contains definitions of interrelated managed objects. Compliance statements provide a systematic way to describe a group of managed objects that must be implemented for conformance to a standard. Capability statements are used to indicate the precise level of support that an agent claims with respect to a MIB group.
15 SNMP VESION 2SNMPv2 protocol Operation: SNMPv2 offers 2 new protocol operations like GetBulk and Inform. Also includes protocol operations of SNMPv1.Inform : Allows one NMS to send the TRAP to other NMS.GetBulk PDU Format: Efficiently retrieves large blocks of data such as multiple rows in the table. GetBulk PDU format shown below.Reference:
16 SNMP VESION 2 GetBulk Format PDU Type: identifies PDU as a GetBulk operation.Request ID: Associates SNMP requests and responses.Non repeaters: Specifies the number of object instances in the variable bindings. Used when some instances are scalar objects.Max repetitions: maximum number of times that other variables beyond those specified by the Non repeaters field should be retrieved.Variable Bindings: Acts as a data field in SNMPv2PDUEach variable binding associates a particular object instance with its current value
17 SNMPv2 PROXY AGENTSSNMPv2 can act as a proxy agent for SNMPv1 managed devices.SNMPv2 issues commands that are intended for an SNMPv1 agent.NMS then sends messages to the SNMPv2 proxy agents.Proxy agent then forwards Get, GetNext, and Set messages to the SNMPv1 agent unchanged.Proxy agent converts the GetBulk messages to the GetNext messages and then forward it to SNMPv1 agent.Proxy agent maps SNMPv1 trap messages to the SNMPv2 trap messages.
18 SNMP SECURITYLacks authentication. Vulnerable to the variety of security threats.Vulnerable to masquerading, modification of information, time modifications, message sequencing and disclosures.Message sequence and timing modifications occurs when an entity who is unauthorized reorders, delays, or copies and later replays a message generated by an authorized entity.As SNMP does not implement any authentication Set operations are not implemented by many vendors.
19 CONCLUSIONSNMP is an attractive solution for network management because it is a standard protocol and ubiquitous.Its simple and well known.Firewalls can be easily configured to pass the SNMP traffic through it.It goes on UDP so it has lightweight network resource consumption.