BAI513 - PROTOCOLS SNMP BAIST – Network Management
Dec 29, 2015
Objectives
Understand the basic principles and practices involved in managing modern networks
Explain the role that the Simple Network Management Protocol can plan on an IP-based network
Understand the basic structure and function SNMP management data, including Management Information Bases, Abstract Syntax Notation, and related SNMP management objects
Explain the function of the standard remote monitoring SNMP Management Information Base known as RMON
Understanding Network Management Practices and Principles
The tasks involved in managing a network depend on the ability to collect data about a network and detect network-related occurrences, usually called events
This means being able to monitor and control all of the devices that go into a modern network, from hubs and routers, to server, switches, and gateways of various kinds
To some extent, network management is a term that’s open to multiple interpretations
Network Management Architectures End stations are usually known as managed devices,
and may be any kind of system—a desktop computer, server, router, hub, switch, PBX, or some other kind of equipment involved in networking—where management-related software is installed and running
At each managed device, a special piece of software called a management agent responds to polls for collected data, where the management agent itself
has custody of a management database (MDB) of information that it collects and maintains over time
Network Management Architectures
On the data collection end, two kinds of activities occur within a management utility or facility, called a management entity, whose job is to provide access to management data, controls, and behaviors:1. When alerts are received, appropriate
responses must be generated 2. Regular polling or sampling of management
data occurs, whereby the management entity requests updates from managed devices to reflect recent data intervals related to traffic characterization and error and utilization levels, and reports on application- or service-specific activity
Network Management Architectures
Management entities usually function within the context of a network management system (NMS), in which agents and entities use specific network management protocols to communicate and exchange data
Management proxies at a lower level in the hierarchy communicate with higher-level management entities to deliver status and event information
Understanding SNMP SNMP is a request/ response-based protocol
used to transport management messages between an SNMP agent (the client process) and an SNMP manager (the server process)
There are several versions of SNMP currently defined:
– SNMP version 1 (SNMPv1)
– SNMP version 2 (SNMPv2)
– SNMP version 3 (SNMPv3)
Understanding SNMP SNMPv1 consists of the following basic
elements:
– Management Information Base (MIB) objects
– SNMP agents
– SNMP managers
– SNMP messages
Management Information Base (MIB) Objects
A Management Information Base (MIB) is a database of manageable objects for a device
The following lists some of the MIBs implemented on SNMP-managed networks:
– MIB-2 (RFC 1213)
– ATM MIB (RFC 2515)
– Printer MIB (RFC 1759)
– IPv6 MIB (RFC 2465)
MIB Objects
Within any given MIB, a formal specification, known as the Structure of Management Information (SMI), defines the format for all objects maintained in that MIB
In fact, SMI defines object formats in any MIB using a particular form of notation called Abstract Syntax Notation One (ASN.1)
ASN.1 is a language used to describe a type of object and the object identifier (OID)
MIB Objects In SNMP, the object identifier is used to
reference a single MIB object The object identifier is a sequence of non-
negative integers that traverses an object tree
The tree starts with the root The “branches” of the object tree are
referred to as subordinates In SNMP, objects are identified by writing
the path used to get to a specific device identifier on an object tree
Using Object Identifiers
The network management object identifiers are under the iso(1), org(3), dod(6), internet(1), or 1.3.5.1 branch of the name space
Using Object Identifiers
Currently, MIB-2 is the popular general MIB supported by most SNMP-managed devices
In some instances, vendors may implement a private MIB that focuses specifically on a particular product’s manageable elements
SNMP Agents
SNMP agent software is placed on devices that can be managed by SNMP managers
The agent software contains the MIB for the device being managed
SNMP agents answer to the SNMP manager’s queries for information about the objects in the agent’s MIB
SNMP Managers
SNMP managers query SNMP agents
for the information maintained about
MIB objects
SNMP managers also set thresholds
on the SNMP agents
SNMP Messages
SNMP managers and agents communicate over UDP with a specific set of commands
These commands are as follows:
– GET-REQUEST
– GET-RESPONSE
– GET-NEXT
– SET
– TRAP
SNMP Messages Both SNMPv1 & SNMPv2 messages
consist of a header and PDU
Both SNMPv1 & SNMPv2 message headers consist of 2 fields– Version Number– Community Name
GET Commands (GET-REQUEST/GET-RESPONSE)
The GET-REQUEST command is used to read a single entry within a MIB
The SNMP manager transmits the GET-REQUEST command and indicates the MIB entry of interest using its ASN.1 representation
The GET-RESPONSE command is sent in reply
GET-NEXT
When an SNMP manager wants to
read a series of entries in a MIB table,
it uses the GET-NEXT command
The MIB objects desired follow the
GET-NEXT command
SET
The SET command is used to set
thresholds on SNMP agents
These thresholds can be referred to
generically as event thresholds, not
alarm thresholds, because they
signify only that an event occurred
TRAP TRAP
messages are unique among SNMP commands
These messages are sent unsolicited by the SNMP agent to the SNMP manager when an event setting is exceeded
SNMP Security SNMP requests include a community name,
which is a type of password
There are three basic community names:– Read-Only (or Monitor) community name
– Read/Write (or Control) community name
– Alert (or Trap) community name
Each community name typically has a different word associated with it
In SNMPv1 and SNMPv2, these community names cross the network in plain text, making them even more insecure
Remote Monitoring (RMON) The RMON MIB is used to monitor and
administer remote segments of a distributed network
A distributed environment is usually fairly large with many devices to manage
Distributed networks usually evolve over time and become heterogeneous environments (contain dissimilar equipment running different versions of software)
Remote Monitoring (RMON) In a distributed environment, you generally
do not have personnel at each facility, who can assist in managing and troubleshooting, so you must find a cost-effective solution
RMON places agents, called network probes, at various locations on the distributed network
Probes are standalone devices that contain a NIC, a processor, memory, and software
Remote Monitoring (RMON)
The probes are attached to the network like any other physical device
The first version of RMON, as outlined in RFC 1757, was Ethernet-based
Its OID is (1.3.5.1.2.1.16) and it has nine distinct groups of objects
The implementation of any or all of these groups is not mandatory
Remote Monitoring (RMON)
The following lists some of the commonly used groups:– Ethernet statistics– History control– Alarm– Host– HostTopN– Matrix– Filter– Packet capture– Event
Summary Understand the basic principles and practices
involved in managing modern networks Explain the role that the Simple Network
Management Protocol can plan on an IP-based network
Understand the basic structure and function SNMP management data, including Management Information Bases, Abstract Syntax Notation, and related SNMP management objects
Explain the function of the standard remote monitoring SNMP Management Information Base known as RMON