1 Simple Network Management Protocol Dr. Hari T.S. Narayanan
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Simple
Network Management Protocol
Dr. Hari T.S. Narayanan
1
Introduction Delivery Approach Understanding audience background Sharing Course Objective with audience Expectation: Participation and Presence Disclaimer about my notes! Pace and Content
Hari T S Narayanan
2
Exercise 0 Copy my shared EricssonNms folder to your desktop What is in this folder? Course Outline (CourseOutline.pdf) Course Material (twoDaysSnmp.pdf) EntryQuiz (EntryQuiz.xls) EvaluationQuiz (SnmpQuiz.xls) Exercise (Exercise.xls) Some Free tools1. Scotty (scotty300-snap20000813.zip) 2. Wireshark (wireshark-win32-1.4.3.exe) 3. HillSoft MIB Browser (MibBrF17.exe)
Hari T S Narayanan
3
Pre-Requisite A Good understanding of TCP/IP networking Windows OS, File System, Utilities (ipconfig, ping, arp, route, firewall,..)
Hari T S Narayanan
4
Entry and Evaluation Quiz An Entry Quiz (SNMPQuiz.xls) An Evaluation Quiz (EntryQuiz.xls)
Hari T S Narayanan
5
Contents Network Management Concepts Tools and Utilities required Introduction to SNMP MIB, SMI, SNMP Stack, and Message Format & Encoding
SNMPv1 Operations, MIB-2, Private MIB
SNMPv2c versus SNMPv1, Table Operations, Bulk Get
SNMPv3 SNMPv3 versus SNMPv2c
Detailed outline here (CourseOutline.pdf)
Hari T S Narayanan
6
Network Management Concepts Part 1
Hari T S Narayanan
7
What is Network Management System (NMS)? Network is created and used by connecting Networking Elements (Switches, Routers, Gateways, Proxy, Desktop, Laptop, PBX, Servers, ) NMS is a collection of applications that manage Networking Elements (NE) and network connectivity
Standard Terminologies Managed entity: A managed entity may be a system or an application. For example: printer, base station, Web server, directory Server, etc Managed resource: A specific component of a managed entity. For example: an I/O card of switch, number of threads used in a server application.Hari T S Narayanan8
Five Functional Areas of NMS NMS functions are classified into five different areas. These five areas are commonly referred to as FCAPS1. 2. 3. 4. 5. Fault management Configuration management Accounting management Performance management Security management.
Hari T S Narayanan
9
Management and Related Applications Telecom NMS (Network Management System) and BSS (Business Support System) are part of OSS (Operations Support System) NMS includes network facing applications Network monitor, Network Provisioning, BSS includes customer facing applications Order Processing, Billing and Invoicing, NMS is used in both Enterprise and CSP markets. Example: HP Open View, IBM Tivoli, Cisco CiscoWorks, EMS (Element Management System) is a management application developed to manage one type of NE. Example: Application developed to manage HPs Laser Printer, Ciscos Multi-layer Switch, etcHari T S Narayanan10
NMS versus EMS EMS is developed by equipment vendor EMS manages one type of networking element (NE)
EMS is tightly coupled to the NE for which it is developed NMS is developed by 3rd party software vendors NMS manages network and can manage all its NEs
NMS interacts with all NEs using standard protocol. EMS might support both standard and proprietary management interfaces
Hari T S Narayanan
11
NMS-NE Interface NMS-NE Interface is defined by 1. Messaging Protocol 2. Common Information Model or Data Model
Hari T S Narayanan
12
NMS-NE Interface - Messaging Protocol NMS uses a well defined (standard/non-standard) interface to communicate with NE for management
This interface, management interface, describes the message syntax & semantics used to exchange information Messages from management application to NE: Retrieve data from a NE. Update the data contained in a NE.
Messages from NE to management application: Indicate the occurrences of significant events to the manager application asynchronously. Example: A link going down, too many CRC errors.
Hari T S Narayanan
13
NMS-NE Interface - Information Model Management interface of NE presents a model of it to management application Management application operate on this model at the NE to achieve the desired effect (get, set, ) This model is referred to as Management Information Base (MIB) Example: SNMP Management Information Base (SNMP MIB).ManagementMIB 1
Interface
NE1MIB 2
NE2MIB 3
Management Application
NE3Hari T S Narayanan14
Management Information Base (MIB) MIB is an abstract, virtual representation of a networking element. In other words, a MIB models all the management characteristics of the element it represents by a set of related data structures. MIB instance that models a NE resides on the networking element Both management application and NE share a common MIB Definition Agent is a s/w server component of NE that serves MIB to manager applications Manager is a s/w client component that runs on some desktop and effect changes NE through its MIB instance.
Hari T S Narayanan
15
Two aspects of MIB MIB includes MIB definition
MIB instance
Similar to Database Schema Definition and Database.
Hari T S Narayanan
16
MIB Description & Representation MIB definition Language: Describes MIB objects and relationships between MIB objects. Declarative language. Derived from ASN.1 and extended for Networking Object types and objects are uniquely identified by their IDs. Example of MIB definition languages: GDMO, SMI
Typically, a MIB is represented by an Inverted Tree diagram for documentation.
Hari T S Narayanan
17
Agent, Manager, and MIB Agent is the custodian of NEs information model. Manager or management application sends and receives messages to Agent to accomplish management functions. Agent is responsible for effecting the changes to NE or retrieving the requested data from the guts of NE. Agent and Manager are implemented using client-server paradigm in SNMPNE1 Run Time CodeMIB 1
UIGet/set
Agent
MIB data Instrumentation Variable Driver Register
1PDU
2 3Mod n Mod 1 1 Mod 1 Mod
Manager Application
4
RTOSH/W Abstraction H/WHari T S Narayanan
Management Interface
18
Management Terminologies Event Alarm Log State Counter Gauge
Hari T S Narayanan
19
Management Terminologies Polling Notification Polling versus Notification Trap-directed polling Historical data Real time data Value Adding options
Hari T S Narayanan
20
Exercise 1 Managing NE with EMSManagement Console
Internet
DSL DSL Router USB/Ethernet/WirelessSOHO - Ethernet
Configuring the NE behavior Retrieving NE information Receiving Notifications Note: This is your homework!Hari T S Narayanan21
TMN Hierarchy - Logical Hierarchy With respect to one of the layers recommended by TMN With respect to Element Manager (EM) Layer Northbound Interface between EM and NM Southbound Interface between EM and Networking Element
Hari T S Narayanan
22
Standard Network Management Protocols Simple Network Management Protocol (SNMP) Common Management Information Protocol (CMIP) pronounced as see-mip. CMIP on TCP/IP (CMOT). Transaction Language 1(TL1) Distributed Management Task Force (DMTF) Web based management Standards XML, CORBA, HTTP are also used for management protocol. NETCONF
Hari T S Narayanan
23
Management Proxy & GatewayLegacy NE Legacy NEProprietary protocol
SNMP Proxy
SNMP
SNMP Manager
Proxy
Legacy NE Legacy NETL/1
Gateway
SNMP
SNMP Manager
GatewayHari T S Narayanan24
Necessary Tools & Utilities
Hari T S Narayanan
25
Exercise 2 - Tcl Scotty Installation Install Scotty1. Install Tcl
2. Then install Scotty
Scotty is a Tcl library Includes SNMP and a number of other useful libraries
Sanitize your installation as follows:1. Start Tcl Shell (Blue feather from Start Menu -> Tcl) 2. Enter package require Tnm
3. Enter namespace import Tnm::*4. Enter icmp echo Hari T S Narayanan26
Some relvevant files Well Known Ports: C:\windows\system32\drivers\etc\service Authoritative constants: Files at IANA Registry MIB files: C:\Program Files\scotty\lib\tnm3.0.0\mibs
Documentation: Tcl and Scotty documentations includedin your installation
Hari T S Narayanan
27
Exercise 3 - Installing Wireshark Install Wireshark Wireshark will also install WinpCap C library
Start Wireshark Wireshark Tutorial
28
Dr. Hari T.S. Narayanan
Exercise 4 - Sniffing Frames with Wireshark
29
Dr.
Hari T.S. Narayanan
Basic Encoding Rule (BER)
Hari T S Narayanan
30
Callback Function A function that is bound to an event. When the event occurs this function is invoked with appropriate arguments to process the event Some people refer to this as software interrupt
Graphical user interfaces use callback functionsprofoundly
Hari T S Narayanan
31
Application Programming Interface (API) API is a programming Interface as opposed to user interface API is in the form of function specification: return value, function name, and argument specification Each library is defined and accessed through it is API There can be more than one library implementing the same API User interface relies on stdout and stdin , on the other hand APIs (library functions) use function-arguments as input and function-return value as output Scripting language commands behave both as API and User Interface!
Hari T S Narayanan
32
Client-Server Characteristics Both client and server are processes These processes communicate using Internet Communication involves exchange of messages between client and server Each message is a binary sequence Client always initiates the messaging sequence Client program knows servers node address (provided by client program user) A server can handle multiple clients Server and client can run on the same host Servers use well known ports for easier identification33
Dr.
Hari T.S. Narayanan
Simple Network Management Protocol (SNMP)
Introduction and SNMPv1
Hari T S Narayanan
34
Simple Network Management Protocol (SNMP) SNMP is a collection of specifications used for network management. The SNMP protocol itself. Management Information Base (MIB) that models the managed networking element(s) using set of variables. An object identification scheme that is used to identify the variables in the MIB. A language (subset of ASN.1) that supports the definition of MIB, with a set of built-in data types (Structure of Management Information - SMI).
Three Versions of SNMP SNMPv1, SNMPv2c, and SNMPv3.Hari T S Narayanan35
SNMP Protocol Stack & Command-ResponseUser SNMP Management station Managed Resource MIB Management Application Application manages objects Get Next Get Resp Get Resp IP Link Layer Network or Internet SNMP Agent
Trap
Get
Set
SNMP SNMP Messages UDP IP Link Layer
The role of SNMP
Set
SNMP UDP
Trap36
Get
Hari T S Narayanan
Format of SNMP Messages
IP Header
UDP Header
SNMP PDU
version community
PDU Type
Request ID
Error Status
Error Index
name value name value
Common SNMP Header
Get/Set Header
Variables to Get/Set
Hari T S Narayanan
37
Message Format contd. Version PDU Type: 0 get, 1 get-next, 2 get-response, 3 setrequest, 4 trap. Community is a clear text password. Request Id is set by the manager and returned by the agent. Error Status is an integer returned by the agent specifying an error. Error Index is an integer offset specifying which variable was in error. The last two are set by the agent only. SNMP PDU is encoded using Basic Encoding Rule (BER).
Hari T S Narayanan
38
Exercise 4 Live Manager Each desktop in the classroom is configured to run SNMP agent. Check if your agent is running by Control PanelAdmin Tools Services SNMP Service If it is running, select the properties and walk through various tabs You will interact with your neighbors agent by using management commands Write down the following:
Your neighbors desktop IP address Agents (your neighbors) Security Password (Community)Hari T S Narayanan39
Exercise 4 Launch Tcl shell. Tcl commands are case sensitive. Type the following ( You need to do the following two commands every time you launch Tcl shell)
package require Tnm namespace import Tnm::* Create a management handle as follows:
snmp generator address -community The above command returns a handle (e.g. snmp0). Handle is simply a short cut Using handle send a request to your neighbors agent and check if you get a response
E.g. snmp0 get sysContact.0Hari T S Narayanan40
Exercise 4 Issue the command and capture the snmp command and response in Wireshark using view filter set to snmp Observe the following SNMP Stack Agents Well Known Port Message encoded with BER Check, how community coded? Check, how Error status coded? Check, how sysContact coded? Check, how sysContact value is coded in request? Check, how sysContact value is coded in response?
Hari T S Narayanan
41
SNMP Traps Traps are asynchronous notifications from networking elements to management stations They indicate occurrence of significant events These events may be critical (alarms) or non-critical (informational) Traps can be sent to multiple registered management hosts The word Notification replaced Trap in SNMP version 2 onwards
Hari T S Narayanan
42
SNMP Trap Message Format Version version number 1 (Example: SNMPv2c is 1). PDU Type: 4 trap. Enterprise value is taken from sysObjectID in the systems group. This identifies the NMS subsystem that generated the trap. Agent-addr is the IP address of the object generating the trap. Trap-type is one of the pre-defined trap types (0-6). Specific-trap identifies specific nature of the trap. Time-stamp is the time at which the trap is generated (sysUpTime value) Variable-binding includes additional information pertaining to the trap.Hari T S Narayanan43
SNMP Generic Trap
Hari T S Narayanan
44
Graphical Representation of SNMP MIB Private MIBs are registered with IANAiso(1) org(3)
http://www.iana.org/assignments/enterprise-numbers
dod(6)Internet(1)
directory (1) RFC 1213
mgmt (2) mib-2 (1)
experimental(3)
private(4) enterprises (1)
system (1) interfaces (2) sysDescr (1) sysObjectID (2)
cisco (9)
hp (11)
Private MIBs45 Hari T S Narayanan
Exercise 5 - SNMP MIB 2 (RFC 1213) MIB is an abstract representation of a networking element. It is graphically presented as an inverted tree.
Each leaf node in the tree represents a primitive data object and an intermediate node represents an aggregate data object. MIB tree includes both standard objects and proprietary objects.
Data objects, traps, and PDUs are described using Structured Management Information (SMI), a subset of ASN.1 syntax. In SNMP only leaf nodes contain objects that can be get and set. Intermediate nodes represent a collection (group, table, mib module, etc)
Hari T S Narayanan
46
Systems GroupSystems (1.3.6.1.2.1.1) sysDescr (1) sysObjectID (2) sysUpTime (3)
sysContact (4) sysName(5)sysLocation(6) sysService(7)
Hari T S Narayanan
47
Exercise 6 MIB Browser Tool
Hari T S Narayanan
48
Object Type IdentifierInternet(1.3.6.1)
directory ( 1)
mgmt (2) mib-2 (1)
experimental(3)
private(4) enterprises (1)
system (1) interfaces (2) sysDescr (1) sysObjectID (2)
ifTable (2) ifEntry (1)
cisco (9)
hp (11)
ifIndex (1) ifDescr (2)
Each object type is identified its position in the MIB Tree Example: sysDescr identifier is 1.3.6.1.2.1.1.1Hari T S Narayanan49
Scalar Object (instance) IdentifierInternet(1.3.6.1)
directory ( 1)
mgmt (2) mib-2 (1)
experimental(3)
private(4) enterprises (1)
system (1) interfaces (2) sysDescr (1) sysObjectID (2)
ifTable (2) ifEntry (1)
cisco (9)
hp (11)
ifIndex (1) ifDescr (2)
Each scalar object is identified its position in the MIB Tree suffixed with a 0 Example: An instance of sysDescr is identified as is 1.3.6.1.2.1.1.1.0Hari T S Narayanan50
Table Column Object (instance) IdentifierInternet(1.3.6.1)
directory ( 1)
mgmt (2) mib-2 (1)
experimental(3)
private(4) enterprises (1)
system (1) interfaces (2) sysDescr (1) sysObjectID (2)
ifTable (2) ifEntry (1)
cisco (9)
hp (11)
ifIndex (1) ifDescr (2)
Each table object is identified its position in the MIB Tree suffixed with its key value Example: An instance of ifDescr is identified as is 1.3.6.1.2.1.2.2.1.2.3Hari T S Narayanan51
Structure of Management Information (SMI) SNMP MIB is defined using SMI SMI is an extended subset of ANS.1 SMI Includes Set of primitive data types Object Definition Syntax Trap Definition Syntax Encoding object values.
Hari T S Narayanan
52
SMI Data TypesScalar data types: Integer OCTET STRING DisplayString OBJECT IDENTIFIER Universal Types NULL IpAddress PhysAddress Counter, Gauge, Timeticks (32 bits) Application Types Opaque SEQUENCE - Read Only Table definition
Hari T S Narayanan
53
Defining Scalar MIB ObjectssysContact OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) ACCESS read-write STATUS mandatory DESCRIPTION
"The textual identification of thecontact person for this managed node, together with information on how to contact this person." ::= { system 4 }
Hari T S Narayanan
54
Possible values for ACCESS and STATUSACCESS Not-accessible Read-only Read-write Read-create STATUS Deprecated Obsolete Current Mandatory
Netprowise
55
Defining Enterprise specific Traps (RFC 1215)myEnterprise OBJECT IDENTIFIER ::= { enterprises 9999 }
myLinkDown TRAP-TYPEENTERPRISE myEnterprise VARIABLES { ifIndex } DESCRIPTION "A myLinkDown trap signifies that the sending SNMP application entity recognizes a failure in one of the communications links represented
in the agent's configuration."::= 2 Hari T S Narayanan 56
Notification DefinitionrptrInfoHealth NOTIFICATION-TYPE OBJECTS { rptrInfoOperStatus } STATUS current DESCRIPTION In notification." ::= { snmpDot3RptrMgt 0 4 }
Hari T S Narayanan
57
Defining MIB Table Objects1. Define a structure, XEntry, using SEQUENCE. This structure models the sequence of column objects in the table 2. Define a Table Object as a child of appropriate node. This table object SYNTAX is SEQUENCE OF XEntry defined in step 1 3. Define a Row object, xEntry, as a child of Table Object (step 2). This row object SYNTAX is XEntry structure defined in step 1 4. If table requires key add it to Row object defined in step 3 using INDEX attribute 5. Review this using IfTable in RFC 1213Hari T S Narayanan 58
Some Useful SMI Terminologies Conformance SNMP Conformance Specifies acceptable lower-bounds (compliance) of implementation of a MIB, along with the actual level (capability) of implementation achieved Example: MANDATORY-GROUPS { SystemGroup, StatsGroup, }
Textual Convention Application defined data types Example:
OptMacAddr ::= TEXTUAL-CONVENTION
SYNTAX OCTET STRING (SIZE (0 | 6))Hari T S Narayanan59
Module and Import Use RFC 1213 for Examples
Hari T S Narayanan
60
Exercise Developing a MIB Simple Printer MIB Printer dimension is 15x8x10 inches There is a control to Turn the printer ON, OFF, SUSPEND, and CONTINUE from a manager There is a counter that indicates the number of papers available for printing at a given time There is a counter that indicates the toner level - scale of 1 to 10 (Toner full) The above two counters count down appropriately Printer uses chip set from Broadcom When the paper count is 50, an enterprise specific trap is sent to all registered managers When the toner count is 3, an enterprise specific trap is sent to all registered managers Printer MIB also maintains number of pages printed by each member of a group (typically a department) Manager cannot modify the content of the usage information, it is read only Printer name, location, etc are taken care off by MIB-2 system group This printer is from HP, sysObjectID points to the root of this printer MIB Printer comes in three different colors Black/Cream/GrayHari T S Narayanan61
SNMP Commands GetRequest GetRequest Response GetNextRequest SetRequest Traps.
Hari T S Narayanan
62
GetRequest Command SNMP Command Syntax Getrequest
Retrieves values for the objects specified in the varbind list. Objects are specified using object instance identifier. PDU is encoded using BER. Possible errors, noSuchName, tooBig, and genErr. Scotty SNMP Get Syntax:
Snmp0 get sysContct.0
Hari T S Narayanan
63
Reviewing SNMP PDUs
Hari T S Narayanan
64
GetResponse GetResponse is atomic (SNMPv1). Objects include object instance id followed by object value. Response PDU is coded using BER.
Hari T S Narayanan
65
Traversing a TreeStart 1 1 1 1.1 2 1.2 1 1.2.1 1 1 2.1.1 3 Root 2 2 1 2.1 End
22.1.1.1 2.1.1.2 2.1.1.3
Dr. Hari T.S. Narayanan
66
Lexicographic Ordering Examplesiso(1) org(3) dod(6) Internet(1)
1.3.6.1.2.1.1.1 < 1.3.6.1.2.1.1.2 1.3.6.1.2.1.1.1 < 1.3.6.1.4 1.3.6.1.2.1 < 1.3.6.1.2.1.1.2
directory (1)
mgmt (2) mib-2 (1)
experimental( 3)
private(4) enterprises (1)
system (1) interfaces (2) sysDescr (1) sysObjectID (2)
cisco (9)
hp (11)
Hari T S Narayanan
67
GetNext Command GetNext command is used to traverse the MIB Tree using depth first search. GetNext command is also used in retrieving Table objects. GetNext command, unlike the Get Request command can take Object Type Identifier in the request. GetNext command returns the object instance that appears lexicographically next to the specified object type or object instance in the MIB tree. GetNext returns endOfMibView when there is no object instance in the MIB tree next to the specified ID.
Hari T S Narayanan
68
GetNext Command Get command versus GetNext command
Retrieving unknown object value: getNext (sysUpTime.0)
Retrieving first row of a table getnext {udpLocalAddress.0, udpLocalPort.0}
Retrieving the second row of a table getnext {previous row object values}.
Hari T S Narayanan
69
Retrieving Table objects Column order
?
Hari T S Narayanan
70
Retrieving Table objects Row order Get ifNumber field value Getnext