Chapter 5 SNMPv1: Communication and Functional Models.

Chapter 5SNMPv1:Communication and Functional Models

SNMP Architecture

Network

網路介面

SNMP

UDP

IP

SNMP Manager SNMP Agent

SNMP ManagerSNMP ManagerApplicationApplication

Get-

Request

Get-

Request

GetN

ext-

Request

GetN

ext-

Request

Set-

Request

Set-

Request

Get-

Resp

onse

Get-

Resp

onse

Tra

pTra

p

網路介面

SNMP

UDP

IP

SNMP AgentSNMP AgentApplicationApplication

Get-

Request

Get-

Request

GetN

ext-

Request

GetN

ext-

Request

Set-

Request

Set-

Request

Get-

Resp

onse

Get-

Resp

onse

Tra

pTra

p

SNMP Messages

• Get-Request• Get-Next-Request• Set-Request• Get-Response• Trap

• Generic trap• Specific trap

Administrative Model

• Based on community profile and policy• SNMP Entities:

• SNMP application entities - Reside in management stations and network elements - Manager and agent

• SNMP protocol entities - Communication processes (PDU handlers) - Peer processes that support application entities

SNMP Community• Security in SNMPv1 is community-based• Authentication scheme in manager and agent • Community: Pairing of two application entities• Community name: String of octets• Two applications in the same community

communicate with each other• Application could have multiple community

names• Communication is not secured in SNMPv1 - no

encryption

SNMP Community Community

Relationship between an Agent and Managers.

Community Name Used to validate the SNMP messages. SNMP PasswordPassword. Default ‘Get’ community name: “public”.

Authentication Failure Agent sends “Authentication Failure

Trap” to Manager.

SNMP Community

Community Profile

• MIB view• An agent is programmed to view only a subset

of managed objects of a network element• Access mode

• Each community name is assigned an access mode:: read-only and read-write

• Community profile = MIB view + access modeCommunity profile = MIB view + access mode• Operations on an object determined by community

profile and the access mode of the object• Total of four access privileges• Some objects, such as table and table entry are

non-accessible

Community Profile

Access Policy

• Administration model is SNMP access policy

• SNMP community paired with SNMP community profile is SNMP access policy

Access Policy

Community

Community Profile 1

Community Profile 2 Agent 2

Agent 1

Manager

GeneralizedGeneralizedAdministrationAdministrationModelModel

GeneralizedGeneralizedAdministrationAdministrationModelModel

Proxy Access Policy

Protocol Entities

Default UDP Ports for SNMP

網路介面

SNMP

UDP

IP

Manager

ManagementStation

Network Elements (NEs)

網路介面

SNMP

UDP

IP

Agent

162 Any 161 Any

Protocol Entities

•Protocol entities support application entities

• Communication between remote peer processes

• Message consists of

• Version identifier

• Community name

• Protocol Data Unit

• Message encapsulated and transmitted

SNMP Message

SNMP Message Version Identifier Community Name Protocol Data Unit

The length of SNMP messages should not exceed 484 octets.

Message ::= SEQUENCE {

version INTEGER {version-1(0)},community OCTET STRING,data ANY

}

Version Community SNMP PDU

SNMP PDUs

SNMP PDU

PDU ::= SEQUENCE {request-id INTEGER,error-status INTEGER {

noError(0),tooBig(1),noSuchName(2),badValue(3),readOnly(4)genErr(5)},

error-index INTEGER,variable-bindings

SEQUENCE OF {name

ObjectName,value

ObjectSyntax}

}

GetRquest :GetNextRequest :

GetResponse :SetRequest :

Trap :

[0] PDU[1] PDU[2] PDU[3] PDU[4] Trap-PDU

Five SNMP PDUs:

PDU: Protocol Data Unit

SNMP PDU (cont.)

PDU type request-id 0 0 variable-bindings

GetRequest, GetNextRequest, SetRequest

PDU type request-id error-status error-index variable-bindings

GetResponse

variable-bindings

name value name value name value. . .

Trap-PDUTrap-PDU ::= [4]

IMPLICIT SEQUENCE {enterprise OBJECT IDENTIFIER,agent-addr NetworkAddress,

generic-trap INTEGER { coldStart(0), warmStart(1), linkDown(2), linkUp(3), authenticationFailure(4), egpNeighborLoss(5), enterpriseSpecific(6)},

specific-trap INTEGER,time-stamp TimeTicks,variable-bindings VarBindList

}

EnterpriseEnterprise: Type of Object generating trap.

Agent AddressAgent Address:Address of object generating trap.

Generic TrapGeneric Trap:Generic trap type.

Specific TrapSpecific Trap:Enterprise specific trap.

Time StampTime Stamp:Time elapsed between the last initialization of the network entity andthe generation of the trap.

Variable BindingsVariable Bindings“Interesting” information

PDU type enterprise agent-addr generic-trap variable-bindingsspecific-traptime-stamp

Trap Type

Enterprise-Specific Traps

Traps defined by enterprises Identification of Enterprise-Specific

Traps Enterprise Enterprise OID Generic-Trap 6 Specific-Trap an Integer

Manag

Manag

erer A

gen

tA

gen

t

Get-Next Request

ABTE

1.11.22.12.23.13.2Z

Lexicographic Order

Get-Next Request

:Non-Leaf Object

:Leaf Object1 2 3

4 5 6

MIB Tree :In SNMP, In SNMP, Only leaf objects have Only leaf objects have values.values.

＊

Get-Next Requests with Indices

SNMP Get-Request Example

>>>>snmpgetsnmpget -d 10.144.18.118 .1.3.6.1.2.1.1.1.0-d 10.144.18.118 .1.3.6.1.2.1.1.1.0Transmitted 41 bytes to camry (10.144.18.118) port 161:Transmitted 41 bytes to camry (10.144.18.118) port 161:Initial Timeout: 0.80 secondsInitial Timeout: 0.80 seconds 0: 30 0: 30 2727 02 01 02 01 0000 04 06 04 06 70 75 62 6c 69 6370 75 62 6c 69 63 a0 a0 1a1a 02 0'.....public... 02 0'.....public... 16: 02 16: 02 18 bc18 bc 02 01 02 01 0000 02 01 02 01 0000 30 0e 30 0c 06 08 30 0e 30 0c 06 08 2b2b .........0.0...+ .........0.0...+ 32: 32: 06 01 02 01 01 01 0006 01 02 01 01 01 00 05 00 -- -- -- -- -- -- -- ................ 05 00 -- -- -- -- -- -- -- ................ 0: SNMP MESSAGE (0x30): 0: SNMP MESSAGE (0x30): 3939 bytes bytes 2: INTEGER VERSION (0x2) 1 bytes: 2: INTEGER VERSION (0x2) 1 bytes: 00 (SNMPv1) (SNMPv1) 5: OCTET-STR COMMUNITY (0x4) 6 bytes: "5: OCTET-STR COMMUNITY (0x4) 6 bytes: "publicpublic"" 13: GET-REQUEST-PDU (0xa0): 13: GET-REQUEST-PDU (0xa0): 2626 bytes bytes 15: 15: INTEGER REQUEST-ID (0x2) 2 bytes: INTEGER REQUEST-ID (0x2) 2 bytes: 63326332 19: 19: INTEGER ERROR-STATUS (0x2) 1 bytes: INTEGER ERROR-STATUS (0x2) 1 bytes: noError(0)noError(0) 22: 22: INTEGER ERROR-INDEX (0x2) 1 bytes: INTEGER ERROR-INDEX (0x2) 1 bytes: 00 25: 25: SEQUENCE VARBIND-LIST (0x30): 14 bytesSEQUENCE VARBIND-LIST (0x30): 14 bytes 27: 27: SEQUENCE VARBIND (0x30): 12 bytesSEQUENCE VARBIND (0x30): 12 bytes 29: 29: OBJ-ID (0x6) 8 bytes: OBJ-ID (0x6) 8 bytes: .1.3.6.1.2.1.1.1.0.1.3.6.1.2.1.1.1.0 39: 39: NULL (0x5) 0 bytesNULL (0x5) 0 bytes

SNMP Get-Response Example

Received 69 bytes from 10.144.18.118 port 161:Received 69 bytes from 10.144.18.118 port 161: 0: 30 0: 30 4343 02 01 02 01 0000 04 06 04 06 70 75 62 6c 69 6370 75 62 6c 69 63 a2 36 02 0C.....public.6. a2 36 02 0C.....public.6. 16: 02 16: 02 18 bc18 bc 02 01 02 01 0000 02 01 02 01 0000 30 2a 30 28 06 08 30 2a 30 28 06 08 2b2b .........0*0(..+ .........0*0(..+ 32: 32: 06 01 02 01 01 01 0006 01 02 01 01 01 00 04 1c 04 1c 53 75 6e 20 53 4e 4d53 75 6e 20 53 4e 4d .........Sun SNM .........Sun SNM 48: 48: 50 20 41 67 65 6e 74 2c 20 53 55 4e 57 2c 55 6c50 20 41 67 65 6e 74 2c 20 53 55 4e 57 2c 55 6c P Agent, SUNW,Ul P Agent, SUNW,Ul 64: 64: 74 72 61 2d 3174 72 61 2d 31 -- -- -- -- -- -- -- -- -- -- -- tra-1........... -- -- -- -- -- -- -- -- -- -- -- tra-1........... 0: SNMP MESSAGE (0x30): 0: SNMP MESSAGE (0x30): 6767 bytes bytes 2: INTEGER VERSION (0x2) 1 bytes: 2: INTEGER VERSION (0x2) 1 bytes: 00 (SNMPv1) (SNMPv1) 5: OCTET-STR COMMUNITY (0x4) 6 bytes: "5: OCTET-STR COMMUNITY (0x4) 6 bytes: "publicpublic"" 13: RESPONSE-PDU (0xa2): 54 bytes13: RESPONSE-PDU (0xa2): 54 bytes 15: 15: INTEGER REQUEST-ID (0x2) 2 bytes: INTEGER REQUEST-ID (0x2) 2 bytes: 63326332 19: 19: INTEGER ERROR-STATUS (0x2) 1 bytes: INTEGER ERROR-STATUS (0x2) 1 bytes: noError(0)noError(0) 22: 22: INTEGER ERROR-INDEX (0x2) 1 bytes: INTEGER ERROR-INDEX (0x2) 1 bytes: 00 25: 25: SEQUENCE VARBIND-LIST (0x30): 42 bytesSEQUENCE VARBIND-LIST (0x30): 42 bytes 27: 27: SEQUENCE VARBIND (0x30): 40 bytesSEQUENCE VARBIND (0x30): 40 bytes 29: 29: OBJ-ID (0x6) 8 bytes: OBJ-ID (0x6) 8 bytes: .1.3.6.1.2.1.1.1.0.1.3.6.1.2.1.1.1.0 39: 39: OCTET-STR (0x4) 28 bytes: "OCTET-STR (0x4) 28 bytes: "Sun SNMP Agent, SUNW,Ultra-1Sun SNMP Agent, SUNW,Ultra-1""system.sysDescr.0 : DISPLAY STRING- (ascii): Sun SNMP Agent, SUNW,Ultra-1system.sysDescr.0 : DISPLAY STRING- (ascii): Sun SNMP Agent, SUNW,Ultra-1

SNMP-Walk- Use of SNMP Get-Next Request

snmpwalk 10.144.18.118 .1.3.6.1.2.1.1snmpwalk 10.144.18.118 .1.3.6.1.2.1.1system.sysDescr.0system.sysDescr.0 : DISPLAY STRING- (ascii): : DISPLAY STRING- (ascii): Sun SNMP Agent, Sun SNMP Agent,

SUNW,Ultra-1SUNW,Ultra-1

system.sysObjectID.0system.sysObjectID.0 : OBJECT : OBJECT IDENTIFIER: IDENTIFIER: .iso.org.dod.internet.private.enterprises.42.2.1.1.iso.org.dod.internet.private.enterprises.42.2.1.1

system.sysUpTime.0system.sysUpTime.0 : Timeticks: (198219958) : Timeticks: (198219958) 22 days, 22:36:39.5822 days, 22:36:39.58

system.sysContact.0system.sysContact.0 : DISPLAY STRING- (ascii): : DISPLAY STRING- (ascii): [email protected]@ms.chttl.com.tw

system.sysName.0system.sysName.0 : DISPLAY STRING- (ascii): : DISPLAY STRING- (ascii): camrycamry

system.sysLocation.0system.sysLocation.0 : DISPLAY STRING- (ascii): : DISPLAY STRING- (ascii): Information Information Technology Laboratory 3FTechnology Laboratory 3F

system.sysServices.0system.sysServices.0 : INTEGER: : INTEGER: 72 72 (01001000)B(01001000)B

SNMP Trap Example

Transmitted 64 bytes to 10.144.18.100 port 162:Transmitted 64 bytes to 10.144.18.100 port 162: 0: 30 3e 02 01 00 04 06 70 75 62 6c 69 63 a4 31 06 0: 30 3e 02 01 00 04 06 70 75 62 6c 69 63 a4 31 06

0>.....public.1.0>.....public.1. 16: 09 2b 06 01 04 01 84 64 01 01 40 04 0a 90 12 74 .16: 09 2b 06 01 04 01 84 64 01 01 40 04 0a 90 12 74 .

[email protected][email protected] 32: 02 01 06 02 03 01 86 9f 43 01 00 30 13 30 11 06 ........C..0.0..32: 02 01 06 02 03 01 86 9f 43 01 00 30 13 30 11 06 ........C..0.0.. 48: 04 2b 06 01 01 04 09 54 72 61 70 20 74 65 73 74 .+.....Trap 48: 04 2b 06 01 01 04 09 54 72 61 70 20 74 65 73 74 .+.....Trap

testtest 0: SNMP MESSAGE (0x30): 62 bytes0: SNMP MESSAGE (0x30): 62 bytes 2: INTEGER VERSION (0x2) 1 bytes: 2: INTEGER VERSION (0x2) 1 bytes: 00 (SNMPv1) (SNMPv1) 5: OCTET-STR COMMUNITY (0x4) 6 bytes: "5: OCTET-STR COMMUNITY (0x4) 6 bytes: "publicpublic"" 13: V1-TRAP-PDU (0xa4): 49 bytes13: V1-TRAP-PDU (0xa4): 49 bytes 15: 15: OBJ-ID ENTERPRISE (0x6) 9 bytes: OBJ-ID ENTERPRISE (0x6) 9 bytes: .1.3.6.1.4.1.612.1.1.1.3.6.1.4.1.612.1.1 26: 26: IPADDRESS AGENT-ADDR (0x40) 4 bytes: IPADDRESS AGENT-ADDR (0x40) 4 bytes: 10.144.18.11610.144.18.116 32: 32: INTEGER GENERIC-TRAP (0x2) 1 bytes:INTEGER GENERIC-TRAP (0x2) 1 bytes: 6 6 35: 35: INTEGER SPECIFIC-TRAP (0x2) 3 bytes: INTEGER SPECIFIC-TRAP (0x2) 3 bytes: 9999999999 40: 40: TIMETICKS TIME-STAMP (0x43) 1 bytes: TIMETICKS TIME-STAMP (0x43) 1 bytes: 00 (0x0) (0x0) 43: 43: SEQUENCE VARBIND-LIST (0x30): 19 bytesSEQUENCE VARBIND-LIST (0x30): 19 bytes 45: 45: SEQUENCE VARBIND (0x30): 17 bytesSEQUENCE VARBIND (0x30): 17 bytes 47: 47: OBJ-ID (0x6) 4 bytes: OBJ-ID (0x6) 4 bytes: .1.3.6.1.1.1.3.6.1.1 53: 53: OCTET-STR (0x4) 9 bytes: "OCTET-STR (0x4) 9 bytes: "Trap testTrap test""

Get System Information

Get “System Group” of MIB II Use get_request or get_next_request

sysDescr .1.3.6.1.2.1.1.1.0sysObjectID .1.3.6.1.2.1.1.2.0sysUptime .1.3.6.1.2.1.1.3.0sysContact .1.3.6.1.2.1.1.4.0sysName .1.3.6.1.2.1.1.5.0sysLocation .1.3.6.1.2.1.1.6.0

Get Interface Information

Get “Interface Group” of MIB II Repeatedly Use “get_next_request” Note: We don’t know the ifIndex

values in ifTable. First get the next object

of .ifTable.ifEntry.0 Then repeatedly “get_next” Until the whole subtree is visited.

Traffic Monitoring

Get “ifInOctets” and “ifOutOctets” of MIB II Interface Group

t1: C1 t2: C2

(C2 - C1 ) 8

(t2 - t1) Bandwidth 100%Utilization (%) =