Download Advanced Network Protocols

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
Document related concepts

Mobile security wikipedia , lookup

Deep packet inspection wikipedia , lookup

Distributed firewall wikipedia , lookup

Secure multi-party computation wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript 
Advanced Network Protocols
CSCI 5132
Chapter 30
Simple Network Management Protocol
By
Chetan Singh
Haaris Sheikh
Lakshmi Menon
Kavita Sarma
Level of Management Protocols
Wide area networks include management protocols as part
Of their link level protocols.
Control packets are used by the receiver to respond to
commends from the manager to handle packet switch
misbehaving.
The switch can resume normal operation once the problem
is fixed.
TCP/IP does not have a single link level protocol as the
internet consists of multiple physical networks
interconnected by IP routers.
Level of Management Protocols
(Cont..)
The differences between internet management are:
- A single manager can control heterogeneous devices.
- The controlled entities may not share common link level
protocol.
- The manager controls a set of machines that may lie in
different physical networks.
The internet management protocol used with TCP/IP
operates above the transport level i.e the application level.
Level of Management Protocols
(Cont..)
Advantages
of using the internet management software in the
application layer:
- One set of protocols can be used for all networks.
- One set of protocols can be used for all managed
devices.
- Routers can be managed without direct attachment to
every physical network or router.
Disadvantages:
- Routers con not be contacted if either the operating
system, IP software or transport software fail.
Architectural Model
Client software runs on the manager’s machine.
The management agent(server program) is run on each
participating router or host.
A manager tells a client about the agent it wants to
communicate with.
The client sends commands or queries to the agent.
The management software uses an authentication mechanism
to ensure that only authorized managers can access or control
a particular device.
Protocol Framework
TCP/IP management protocols divide the management
problem into two parts specifying separate standards for
each part.
The first part specifies hoe the client communicates with the
agent.
The second part specifies which data item a managed device
must keep.
Simple Network Management Protocol (SNMP) is the TCP/IP
standard for network management.
Standard For Managed Information
A device being managed must keep control and status
information that the manager can access.
SNMP allows a manager to access the statistics but does not
specify which data can be accessed.
Management Information Base (MIB) is a standard that
specifies what data items a managed device must keep and
the operations allowed on each.
MIB divides management information into many categories
and the choice of categories are important because
identifiers used to specify items include a code for the
category.
Examples of MIB Variables
Separate RFC’s exist that specify MIB variables associated
with different devices.
Also many vendors have specified MIB variables for their
products.
Refer to Figure 30.3. for a small list of MIB variables.
MIB variables present only a logical definition of each data
item.
The internal data structures a router uses may differ from the
MIB definition.
THE STRUCTURE OF MANAGEMENT
INFORMATION (SMI)
• SMI is a set of rules used to define and identify
MIB variables.
• It places restrictions on types of variables allowed in
MIB.
• Specifies rules for naming variables.
• Creates rules for defining variable types.
THE STRUCTURE OF MANAGEMENT
INFORMATION (SMI)
• Example:
– SMI standard includes definitions of terms like:
– IPAddress as a 4-octet string,
– Counter, an integer in the range of 0 to 223-1.
– Also specifies that these are the terms used to
define MIB variables.
• The rules in SMI, most importantly, describe how
MIB refers to tables of values (e.g., IP routing
table).
FORMAL DEFINITIONS USING ASN.1
• The TCP/IP network mangement protocols use a
formal notation called Abstract Syntax Notation
(ASN.1) to define names and types for variables in
the management information base. The precise
notation makes the form and contents of variables
unambiguous.
• Precision is important when implementations
include hetrogeneous computers that do not all use
the same representations for data items.
FORMAL DEFINITIONS USING ASN.1
• Example:
– A protocol using ASN.1 must state exact form
and range of numeric values instead of simply
specifying that a variable contains an integer
value.
• ASN.1 also simplifies the implementation of
network management and guarantees
interoperability.
STRUCTURE AND REPRESENTATION
OF MIB OBJECT NAMES
• Names for MIB variables are taken from the object
identifier namespace administered by ISO & ITU.
• Object Identifier provides a namespace in which all
possible objects can be designated. The namespace
includes variables used in network management and
names for arbitrary objects.
• Object Identifier namespace is absolute(global) and
hierarchical (Fig 30.4).
STRUCTURE AND REPRESENTATION
OF MIB OBJECT NAMES
• The name of an object in the hierarchy is a
sequence of numeric labels, separated with
periods to identify an individual component,
on the nodes along a path from the node to
the object.
• Example:
– The name 1.3.6.1.2 denotes the node mgmt (Fig
30.4).
STRUCTURE AND REPRESENTATION
OF MIB OBJECT NAMES
• MIB groups variables into categories.
• The categories are the subtrees of the MIB node of
the object identifier namespace (Fig 30.5).
• Examples:
– Refer to Fig 30.5.
• MIB standards do not dictate the implementation,
instead provides a uniform and virtual interface to
access data.
Simple Network Management Protocol
• Network management protocols specify
communication between the network management
client and a network management server program
that executes at the host or the router
• The protocol needs to be flexible and compatible to
changes.
• Does not define a large set of commands.
• Uses the fetch and store paradigm
SNMP contd
• Taking a conceptual view of SNMP it contains only
2 commands
• Example if you want to reboot:
Declare a data item that gives the time until the next
reboot and allows the manager to assign a value to
the item like 0
Advantages
• Stability
Definitions remain fixed even if new items are
added.
•
Simplicity
Saves the complexity of having special cases for
each command
•
Flexibility
Accommodates arbitrary commands in an elegant
frame work
SNMP hidden facts!
• Looking at the managers point of view SNMP
•
•
•
•
•
remains hidden
SNMP software comes with a GUI interface that
displays diagrams of network connectivity and uses
the point and click interaction technique
figure 30.6 in the book shows the fetch and store
commands
Get request – fetch
Set request – store
Response – provides a reply.
SNMP operations
• atomic
If the SNMP message specifies operations on
multiple variables the server either performs all
operations on all of them or on none of them
• trap
Allows managers to program servers to send
information when an event occurs.
Searching table using names
• ASN.1 does not provide mechanisms for declaring
arrays or indexing.
• In order to iterate through the table the client can
use the get-next-request operation which does the
iteration
An Example
• An example search:
The client is not aware of the IP addresses that are
currently
The client uses the prefix in order to
get-next –request
iso.org.dod.internet.mgmt.mib.ip.ipAddrEntry.ipAdEntNetMask
The server then returns the network mask field of
the first entry in ipAddrTable .
SNMP Message Format
• SNMP messages do not have fixed fields
• They use standard ASN.1 encoding which is
not in human readable form
• It consists of a descriptive name followed by
the declaration of the item’s type.
msgVersion INTEGER(0..2147483647)
a non negative number < = 2147483647
SNMP Message formats
• Integer
identifies the protocol version
• Header data
ref figure 30.8 page 567
• Security parameters
• Data Area
this is divided into PDU –Protocol data units
PDU consists of a request and a response from the client and
the agent respectively.This also offers a choice of plain text or
encrypted text
Notes:technically called discriminated union
SNMP Message contd….
• SNMPv3 distinguishes between an application that
uses the service SNMP supplies and an engine that
is the underlying software
• The encrypted text PDU begins with a identifier for
the engine along with the engine ID.
• data ANY implies that the context field has the
exact details of the data.
SNMP Definitions -ERRORS
• Error-status and Error-index
these are single octet integers which contain
the value zero in a request.
• If an error occurs the values in the response
identify the cause
• The last parameter VarBindList is a sequence
of pairs of object name and value.
Example Encode SNMP
Message
• Encoded form of ASN.1 uses variable length
fields to represent items.
• Each field begins with a header that specifies
the type of object and its length in bytes.
• The msg starts with a code for SEQUENCE
which has a length of 103 octets.
• 1st item = 1 octet integer = protocol version.
• Successive fields indicate msg ID and the
maximum message size the sender can accept
in a reply.
• Security information follows the msg header.
• GetRequest-PDU occupies the tail of the
message.
• ScopedPDU specifies a context in which to
interpret the remainder of the message.
• Octet A0 specifies the operation as a getRequest.(Since high order bit is turned on the
interpretation is context specific).
• The length octet specifies the request is 26 octets
long.
• The request ID is 2 octets.
• Each of the error-status and error-index are 1 octet.
• Finally, the sequence pairs contains one binding. A
binding is a single object identifier bound to a null
value.
• The identifier is encoded. The first two numeric
labels are combined into a single octet.
New Features In SNMPv3
• The primary changes are in the areas of
security and administration.
• First, SNMPv3 is designed to have both
general and flexible security policies.
– SNMPv3 includes facilities for several aspects of
security, and allows each to be configured
independently.
• Second, the system is designed to make
administration of security easy.
– V3 allows remote configuration, meaning that an
authorized manager can change the configuration
of security items listed above without being
physically present at the device.
Summary
• Network Management Protocols allow a manager to
monitor and control routers and hosts.
• A network management client program executing
on the manager’s workstation contacts one or more
servers, called agents, running on the devices to be
controlled.
• As an internet consists of heterogeneous machines
and networks, TCP/IP management software
executes as application programs and uses internet
transport protocols for communication.
Summary Contd.
• SNMP , the standard TCP/IP network management
protocol defines a low-level management protocol
that performs two conceptual operations:
– Fetch a value from a variable or store a value into
a variable.
• SNMP defines the format of messages that travel
between a manager’s computer and a managed
entity.
Summary Contd.
• A set of companion standards to SNMP define the
set of variables that a managed entity maintains.
• The set of variables comprise a Management
Information Base(MIB) variables described using
ASN.1, a formal language that provides a concise
encoded form , also human readable notation for
names and objects.
• ASN.1 uses a hierarchical namespace to guarantee
that all MIB names are globally unique while still
allowing subgroups to assign parts of the
namespace.
Any Questions?
Related documents
Chapter 36 Network Management & SNMP
Chapter 36 Network Management & SNMP
- Mitra.ac.in
- Mitra.ac.in
A Transactional Approach to Configuring Telecommunications
A Transactional Approach to Configuring Telecommunications
Network Management
Network Management
A Brief Introduction to Internet Network Management and SNMP
A Brief Introduction to Internet Network Management and SNMP
Network Management - Brock Computer Science
Network Management - Brock Computer Science
Lab 2 Simple Network Management Protocol What you will learn in
Lab 2 Simple Network Management Protocol What you will learn in
Ch_27 - UCF EECS
Ch_27 - UCF EECS
SNMP Message Protocol
SNMP Message Protocol
Network Management - Computer Networks
Network Management - Computer Networks
Network Data Monitoring and Analysis
Network Data Monitoring and Analysis
Fundamentals of Network Management.ppt
Fundamentals of Network Management.ppt