Download SNMPv1 Message

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
Document related concepts

Wake-on-LAN wikipedia , lookup

IEEE 1355 wikipedia , lookup

Deep packet inspection wikipedia , lookup

CAN bus wikipedia , lookup

Internet protocol suite wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Distributed firewall wikipedia , lookup

Computer network wikipedia , lookup

List of wireless community networks by region wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Airborne Networking wikipedia , lookup

Network tap wikipedia , lookup

SIP extensions for the IP Multimedia Subsystem wikipedia , lookup

UniPro protocol stack wikipedia , lookup

Real-Time Messaging Protocol wikipedia , lookup

Routing in delay-tolerant networking wikipedia , lookup

Transcript 
Simple Network
Management Protocol (SNMP)
Jeramie Reese
December 7, 2004
1
Table of Contents
SNMP Architecture ................................................................................. 3
SNMP Management Information Base (MIB) ..................................... 3
SNMP Agents ........................................................................................... 5
SNMP Network Management Station ................................................... 6
SNMPv1 .................................................................................................... 7
Primitive Data Types ..............................................................................................7
SNMPv1 Message .................................................................................... 8
Message Header ......................................................................................................8
Contents of SNMPv1 Message Header ..................................................................8
Contents of SNMPv1 Protocol Data Unit (PDU) ...................................................8
SNMPv1 Trap Protocol Data Unit (PDU) ............................................ 9
Message Header ......................................................................................................9
Contents of SNMPv1 Trap Message Header .........................................................9
Contents of SNMPv1 Trap Protocol Data Unit (PDU) ..........................................9
SNMPv1 Security Concerns ................................................................... 9
SNMPv2 .................................................................................................. 10
SNMPv2 Get Bulk Message.................................................................. 11
Message Header ....................................................................................................11
Contents of SNMPv2 Get Bulk Message .............................................................11
Contents of SNMPv2 Get Bulk Protocol Data Unit (PDU) .................................11
SNMP Layered Communication .......................................................... 11
Network Management System Initiates a GET Request5.....................................12
Agent Receives a GET Message5 .........................................................................12
Bibliography........................................................................................... 13
2
SNMP Architecture
In its most abstract sense, SNMP can be broken down into two components: Network
Management Stations (NMS) and Network Managed Devices (NMD). The relationship between
to two is usually a one-to-many, meaning that generally one NMS is associated to several
NMDs.
Figure1: SNMP Architecture: An SNMP message passes through the protocol layers at both the manager and agent.
Each layer does a specific communication task.4
Network Management Stations are responsible for the monitoring and control of all configured
Network Managed Devices. The interaction between these two entities is what SNMP was
designed for, since “[S]NMP is predicated on the notion that you have a management station that
polls an SNMP agent running on a remote device for information.”1
SNMP Management Information Base (MIB)
The Management Information Base (MIB) file can be thought of as the most basic element in
SNMP communication. The MIB file contains all the managed objects that a Network
3
Management System is able to query. Some MIB files can be storing hundreds of objects, so
storage efficiency was a key concern for the developers of SNMP. The storage design resembles
any typical layered file storage systems. Each level (or folder) has a name and number
associated with it. Staring with the most abstract attributes of the object we searching for, we
will begin to descend down the tree structure. The MIB “logically organizes management
information in a hierarchical tree-like structure.”1 “The top-level MIB object Ids belong to
different standards organizations, while the lower-level object Ids are allocated by associated
organizations.”2 For instance, level five in the diagram below (under internet(1) ), there are
several options to choose from. If your managed object has something to do with system
security, then you would choose the security (5) branch.
Figure2: “The MIB Tree Illustrates the Various Hierarchies Assigned by Different Organizations” 2
4
The NMS can monitor and control the objects that are in the lower levels, or leaf nodes, of the
MIB tree structure. The idea behind this structure is to logically group similar objects. These
objects can tell a NMS a variety of things, such as its hostname, the amount of time the system
has been up for, how many users are currently logged into it, etc. It is important to understand
the MIB tree structure of a particular device, because you need to be able to ask for a specific
value. There’s two ways to refer to a particular object that we wish to query. Referring to figure
above, we could ask for the “atLocal” object by saying to we want iso.identifiedorganization.dod.internet.private.enterprise.cisco.temporaty variables.Apple Talk.atLocal, or we
could use the much shorter format that is known as the Object Identifier (OID). The OID for the
“atLocal” variable would be 1.3.6.1.4.1.9.3.3.2. Ask you can see, having both formats has its
advantages. Although the OID is much shorter, it would be very difficult to know what object
we were retrieving without any type of text involved. If we only had text identifiers to go off of,
then queries would be very long to write, and prone to error because of mistyping.
SNMP Agents
Each managed device, or network device, that we intend to monitor using the Network
Management System (NMS), needs to be running a management application called an SNMP
Agent. The purpose of the agent is to collect incoming messages and respond accordingly. All
valid requests will be answered by accessing its database, otherwise known as the Management
Information Base (MIB). Generally, the bulk of the agents work will be to respond to requests
for the NMS, but that’s not its only job. The NMS can also change certain values, given the
proper object permission, in the MIB file. Another fairly important feature of an agent is that it
can notify the NMS when a particular event has occurred, or if a certain threshold has been
5
exceeded. An example of this would be that the interval temperature of a server has risen above
a certain level, indicating the possibly a fan has malfunctioned on the system. In the case, the
agent would notify the NMS about this so the problem can be remedied. When an agent sends a
message to the NMS it is called a Trap.
SNMP Network Management Station
A Network Management Station (NMS) is where a network administrator would run the
Network Management Application (NMA). A NMA is usually a Graphical User Interface (GUI)
based application that allows the network administrator to see a visual representation of his/her
network. Depending on the number of managed devices, the NMA may be very resource
intensive on the system. This is mostly due to the fact that the NMA is constantly polling the
managed network devices we know the current state of each. On top of this, the NMS also has to
react to incoming messages, or traps, that are being received from the agents on the managed
devices. The NMS is able to retrieve information from agents running on managed devices by
sending out GET requests. “The manager send a Get or a GetNext to read a variable or variables
and the agent’s response contains the requested information if managed. The manager sends a
Set to change a variables or variables and the agent’s response confirms the change if allowed.”5
As you recall from the previous section on agents, the NMS can also receive traps from agents.
“The managed agent sends an event notification, called a trap to the management system to
identify the occurrence of condition such as threshold that exceeds a predetermined value.”3
Based on configuration, a received trap may mean that the NMS has a predefined reaction in
certain circumstances. Examples of reactions that a NMS can take based on a trap may be the
send a shutdown signal to the device, call a pager number to notify the systems administrator
6
about the situation, or to just merely log the event. Not all traps are send because of failure, but
it’s generally a good idea not to bog down your NMS with a bunch of informational trap being
send by your managed devices.
SNMPv1
The simplicity of the general message format for SNMPv1 had a lot to do with its initial appeal.
It is essentially composed of two parts: a simple header and an encapsulated Protocol Data Unit
(PDU). The fields used to construct our message will belong to one of the supported categories;
simple data types and application-wide data types.2
Primitive Data Types
Description
INTEGER
A whole number that denotes the number of interfaces on a
system.
OCTET STRING
A string of octets that represents hexadecimal data, which is the
physical address of an interface.
OBJECT IDENTIFIER
A string of numbers that is derived for a naming tree and that
identifies an object.
NULL
An empty placeholder.
ENUMERATED
A limited set of integers with an assigned meaning.
BOOLEAN
An integer with values TRUE (1) or FALSE (2).
Figure 3: Primitive Data Types for SNMPv1.7
The header contains an Integer entry that indicates the version of SNMP. Deviating slightly
from the simple format, SNMPv1 is indicated by a 0 in this field, and not a 1. The other field in
the header the Community String. The Community String was how SNMPv1 initially addressed
issues of security. A Community name can be thought of as a password to an SNMP agent.9
The encapsulated PDU makes up the other portion of the SNMPv1 message. The PDU
”specifies the operation to be performed and the object instances that the operation includes.”7
7
SNMPv1 Message
The SNMPv1 message consists of a Message Header and a Protocol Data Unit (PDU). Each
field in the message is described in more detail in Figure 5.
Message Header
Version
Number
Community
Name
Protocol Data Unit
PDU Type
Request ID
Error
Status
Error Index
(Variable Bindings)
Figure4: SNMPv1 Message
The chart below details all the fields in the SNMPv1 message. The SNMPv1 Message contains
the following fields:
Contents of SNMPv1 Message Header
Version Number:
Community Name:
Indicates the version of SNMP.
A weak form of user authentication that uses the community name
as a sort of “password” for determining access to agents.
Contents of SNMPv1 Protocol Data Unit (PDU)
PDU Type:
Specifies the type of PDU being transmitted (i.e. 0: Get Request,
1: GetNext Request, 2: Get Response, 3: Set Request, 4: Trap.)
Request ID:
Associates SNMP requests with responses.
Error Status:
Indicated one of a number of errors and error types. Only the
response operation sets this field. Other operations set this field
to zero.
Error Index:
Associates an error with a particular object instance. Only the
response operation sets this field. Other operations set this field
to zero.
Variable Bindings:
Serves as the data field of the SNMPv1 PDU. Each variable
binding associates a particular object instance with its current
value (with the exception of Get and GetNext requests, for which
the value is ignored).
Figure 5: SNMPv1 Message Fields
8
SNMPv1 Trap Protocol Data Unit (PDU)
Message Header
Version
Number
Community
Name
Protocol Data Unit
PDU
Type
Enterprise
Agent
Addr.
Generic
Type
Type
Specific
Trap
Type
Time
Stamp
(Variable Bindings)
Figure 6: SNMPv1 Trap Message
Contents of SNMPv1 Trap Message Header
Indicates the version of SNMP.
Version Number:
A weak form of user authentication that uses the community name
as a sort of “password” for determining access to agents.
Contents of SNMPv1 Trap Protocol Data Unit (PDU)
Community Name:
PDU Type:
Specifies the type of PDU being transmitted (i.e. 0: Get Request,
1: GetNext Request, 2: Get Response, 3: Set Request, 4: Trap.)
Enterprise:
Identifies the management enterprise under whose registration
authority the trap was defined.
Agent Address:
Provides the address of the managed object generating the trap.
Generic Trap Type:
Indicates one of a number of generic type types (i.e. 0: coldStart,
1: warmStart, 2: linkDown, 3: linkup, 4: authenticationFailure, 5:
egpNeighborLoss, 6: enterpriseSpecific).
Specific Trap Code:
Indicated one of a number of specific trap codes.
Time Stamp:
Provides the amount of time that has elapsed between the last
network re-initialization and generation of the trap.
Variable Bindings:
The data field of the SNMPv1 Trap PDU. Each variable binding
associates a particular object instance with its current value.
Figure 7: SNMPv1 Trap Message Fields
SNMPv1 Security Concerns
SNMPv1 has been a huge success every since “its creation in 1988 as a short-term solution to
manage elements in the growing Internet and other attached networks.”5 One of the largest flaws
of version one is the security mechanism that was implemented. SNMPv1 uses a very loose
form of user authentication known as a community name. A community name can be thought of
as a sort of password for an agent running on a network managed device. “As easily as plaintext
9
password can be sniffed from telnet, rlogin, ftp and the like, we can sniff them from SNMP
packets.”9 There has been some discussion that this major security vulnerability was knowingly
delivered to keep the SNMP solution simple. A simple solution would allow “vendors to easily
add network management functions to their existing products.”3 It’s also worth noting that
SNMPv1 was initially intended to be a short-term solution for network management. Had the
developers known the impact that SNMP would have for network administration then possibly
more emphasis would have been put on security.
SNMPv2
As SNMPv1 was winning over network administrators, SNMPv2 was already in the works with
one of its top concerns being to address the security flaws of version one. Enhancing SNMPv1
proved to be very difficult. Over five versions of SNMPv2 were released, none of which
appropriately addressed the issue of security. As a side note, “[i]n the late 1990s, SNMP version
3 was created to resolve the problems that occurred with the many different variations of
SNMPv2.“6 “In 1995, the standardization process for SNMP-2 broke down with competing
approaches to a secure SNMP solution. One aspect of the problem was the fact that a secure
SNMP-2 standard could not interoperate with the original SNMP because the original is
irretrievably insure.”8
Although SNMPv2 didn’t quite deliver the secure solution that was being requested, it did make
a lot of improvements on SNMPv1. For instance, SNMPv2 defined two new protocol
operations: GetBulk and Inform. GetBulk allow a NMS to retrieve large blocks of information,
instead of a single object as a time. The GetBulk operation will retrieve partial results if all the
requested information isn’t available. The Inform operation allows the NMS to forward a trap to
10
another NMS. SNMPv2 also improved upon common data types in SNMPv1, including bit
strings, network addresses, and counters. For this reason, “SNMPv2 is incompatible with
SNMPv1 in two key areas: message formats and protocol operations.”2
SNMPv2 Get Bulk Message
Message
Header
Version
Number
Community
Name
Protocol Data Unit
PDU Type
Request ID
Non
Repeaters
(Max Repetitions + Variable
Bindings)
Figure 8: SNMPv2 GetBulk Message
Contents of SNMPv2 Get Bulk Message
Version Number:
Indicates the version of SNMP.
Community Name:
A weak form of user authentication that uses the community name
as a sort of “password” for determining access to agents.
Contents of SNMPv2 Get Bulk Protocol Data Unit (PDU)
PDU Type:
Identifies the PDU as a GetBulk Operation.
Request ID:
Associates SNMP requests with responses.
Non repeaters:
Specifies the number of object instances in the variable binding
field that should retrieved no more than once from the beginning
of the request.
Max repetitions:
Defines the maximum number of times that other variables beyond
those specified by the Non-repeaters field should be retrieved.
Variable Bindings:
The data field of the SNMPv2 Trap PDU. Each variable binding
associates a particular object instance with its current value.
Figure 9: SNMPv2 GetBulk Message
SNMP Layered Communication
The table below details the transmission of a GET message by a Network Management System.
Each network layer adds specific components to the GET message to make sure that our agent
successfully receives the message. The second part of the table describes how the agent reacts
11
when a GET message is received. As you can see, the SNMP truly is simple. Only a few
protocol operations are supported, so most SNMP messages follow the format listed below.
Network Management System Initiates a GET Request5
Network Layer
Function performed
Application
Network Management System wants to know the system up time
for a particular agent. It prepares a GET message.
UDP
Receives the GET message from the application layer, and adds on
the port number of the manager (i.e. where the response message
should be sent) and port number that the agent should be listening
on.
IP
Receives the message from the UDP layer and adds on the IP
address and the Media Access (MAC) addresses of the manager
and agent.
Network Interface
Receives the message from the IP layer and verifies the media
access and availability. It then sends the message out for transport.
Agent Receives a GET Message5
Network Layer
Function performed
Network Interface
Receives a message and checks its validity (intact and valid).
IP
Receives message from the Network Interface and verifies the
MAC address and the IP address.
UDP
Receives the message from the IP layer and check for applications
listening to the specified port.
Application
Receives the GET request from the UDP layer and retrieves the
requested value. It then prepares a GetResponse message to send
back to the Network Management System.
Figure 10: Traveling SNMP message
12
Bibliography
1. Blank-Edelman, N. David. Perl for System Administration. Cambridege: O’Reilly, 2000.
2. Cisco Systems, Inc., “Simple Network Management Protocol”, 20 February 2002,
<http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/snmp.htm#xtocid1> (22
November 2004).
3. Cohen, Yoram, “SNMP - Simple Network Management Protocol”, 01 April 1995, <
http://www2.rad.com/networks/1995/snmp/snmp.htm> (22 November 2004).
4. DenHartog, Marshall, “SNMP Tutorial: The Fast Track Introduction to SNMP Alarm
Monitoring”. DPS Telecom. 27 September 2004.
5. DPS Telecom, “SNMP Tutorial Series: 5 Quick Steps to Understanding SNMP and its
Role in Network Alarm Monitoring”, 13 February 2003,
<http://www.dpstele.com/layers/l2/snmp_tutorials.html> (22 November 2004).
6. Kozierok, Charles M., “The TCP/IP Guide”, 20 June 2004, <
http://www.tcpipguide.com/free/t_SNMPVersion1SNMPv1MessageFormat.htm> (22
November 2004).
7. SkillSoft Press, “Using SNMP to Manage Complex Networks”, 03 May 2002,
<http://www.books24x7.com/book/id_4502/toc.asp> (22 November 2004).
8. Steinke, Steve, “Simple Network Management Protocol - SNMP: The most widely
adopted standard provides a way for devices and consoles to communicate”, 01 February
1997, <http://www.networkmagazine.com/article/NMG20000724S0050> (22 November
2004).
9. Window Security, “Network Management Protocol Insecurity: SNMPv1”, 16 October
2002, <
http://www.secinf.net/misc/Network_Management_Protocol_Insecurity_SNMPv1_.html
> (22 November 2004).
13
Related documents
BDC5eChapter19
BDC5eChapter19
Week 12
Week 12
Chapter 36 Network Management & SNMP
Chapter 36 Network Management & SNMP
Simple Network Management Protocol(SNMP) is simply define as
Simple Network Management Protocol(SNMP) is simply define as
Chapter 8
Chapter 8
Network Management
Network Management
A Brief Introduction to Internet Network Management and SNMP
A Brief Introduction to Internet Network Management and SNMP
- Mitra.ac.in
- Mitra.ac.in
SNMP Data Types
SNMP Data Types
Simple Network Management Protocol(SNMP)
Simple Network Management Protocol(SNMP)
SNMPv3 Fundamentals
SNMPv3 Fundamentals
SNMP Message Protocol
SNMP Message Protocol
A Preview of Use of the Simple Network Management Protocol in
A Preview of Use of the Simple Network Management Protocol in
Implementing SNMP in Process Control
Implementing SNMP in Process Control