Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
SNMP Management Information Prof. Choong Seon HONG Kyung Hee University 1 Basic Concepts of SNMP RFC 1157 General purpose operations supported by SNMP get : retrieving the value of objects at the agent set : setting the value of objects at the agent trap : notifying the management station of significant events Control about the use of MIB Authentication service : the managed station may wish to limit access to the MIB to authorized managed stations Access policy : Managed station may wish to give different access privileges to management stations SNMP access mode : {READ_ONLY, READ-WRITE} Proxy service :A managed station may act as a proxy to other managed stations. Involving implementing the authentication service and access policy service as a proxy to other managed stations Kyung Hee University 2 Instance Identification Object instance is identified by columnar object and row in the table Two techniques for identifying a specific object instance serial-access technique based on a lexicographic ordering of objects in the MIB (in section 7.2) random access technique See Fig. 5.7 Three instances of tcpConnState have same object identifier : 1.3.6.1.2.1.6.13.1.1 the value of INDEX objects of a table are used to distinguish one row from another combination of the object identifier for a columnar object and one set of values of the INDEX objects : specifying a particular scalar object in a particular row of the table Kyung Hee University 3 Instance Identification (2) Convention used in SNMP : concatenating the scalar object identifier with the values of the INDEX objects A simple example, Object ID of ifType : 1.3.6.1.2.1.2.2.1.3 (see Fig. 5.1, 6.2) Accordingly, instance ID for the ifType corresponding to the row containing a value of ifIndex of 2 : 1.3.6.1.2.1.2.2.1.3.2 More complicated example consider tcpConnTable having 4 INDEX objects(See Fig. 5.6, Fig. 6.10) instance IDs for all of the columnar objects from Fig. 5.7 (see Table 7.2) See page 168 Kyung Hee University 4 Instance Identification (3) Kyung Hee University 5 Instance Identification (3) Conceptual Table and Row Objects no instance ID for table and row objects for example, tcpConnTable and tcpConnEntry are not leaf objects not accessible by SNMP ACCESS characteristic : “not accessible” Scalar Objects Instance ID of nontabular scalar object : Object ID + 0 example, see Table 7.4 Kyung Hee University 6 Lexicographical Ordering Object ID : exhibiting a lexicographical ordering generated by traversing the tree of object ID in the MIB See Appendix 7A extending to object instance ID (sequence of integers) For example, ipRouteTable ( See Figure 7.2 and Table 7.5) Kyung Hee University 7 Lexicographical Ordering Kyung Hee University 8 Lexicographical Ordering Kyung Hee University 9 Protocol Specification Protocol Data Unit Version Community SNMP PDU (a) SNMP message PDU type Request-id 0 0 Variablebindings (b) GetRequest PDU, GetNextRequest PDU, and SetRequest PDU PDU type Request-id Error status Error index Agent addr Generictrap Specifictrap Time stamp name2 value2 --- namen Variablebindings (c) Get Response PDU PDU type enterprise Variablebindings (d) Trap PDU name1 value 1 valuen (e) variablebindings Generic trap : - A warmStart trap signifies that the sending protocol entity is reinitializing itself such that neither the agent configuration nor the protocol entity implementation is altered. - A coldStart trap signifies that the sending protocol entity is reinitializing itself such that the agent's configuration or the protocol entity implementation may be altered Kyung Hee University 10 Action of SNMP Entity upon Reception of an SNMP Message 1) basic syntax check of message 2) verifying version number 3) passing user name, PDU portion of message, and the source and destination transport address to authentication service (a) if authentication fails, generating trap (b) if authentication succeeds, authentication service returns a PDU 4) protocol entity does basic syntax check of PDU Kyung Hee University 11 Variable Bindings Grouping a number of operations of the same type (get, set, trap) into single message Getting the values of all the scalar objects in a particular group at a particular agent Kyung Hee University 12 GetRequest PDU Issued by SNMP entity Including following fields in the PDU: PDU type : GetRequest PDU request-id : for correlating incoming response variablebindings : lists of object instances automic operation if not match to object ID : noSuchName as error-status Receipt of SNMP PDUs ( see Fig7.6) Kyung Hee University 13 GetRequest PDU SNMP PDU Sequences Kyung Hee University 14 GetNextRequest PDU Returning the value of object instance that is next in lexicographical order. Automic operation but, more flexible than GetRequest Allowing a network management station to discover the structure of a MIB view dynamically providing an efficient mechanism for searching a table whose entries are unknown Retrieving a Simple Object Value (see sec. 7.2.3.1) GetRequest (udpInDatagrams.0, udpNoPorts.0, udpInErrors.0, udpOutDatagrams.0) GetNextRequest (udpInDataGrams, udpNoPorts, udpInErrors, udpOutDatagrams) Kyung Hee University 15 GetNextRequest PDU (2) Retrieving Unknown Objects GetNextRequest (udpInDatagrams.2) --> GetResponse (udpNoPorts.0 = value) GetNextRequest (udp) ---> GetNextRequest(udpInDataGrams.0 = value) to probe a MIB view and discover its structure Accessing Table Values See page 184 Kyung Hee University 16 SetRequest PDU Used to write an object value rather than read one Automic operation badValue for type, length, or actual value of the supplied value Updating a Table SetRequest (ipRouteMetric1.9.1.2.3 = 9) --> GetResponse (ipRouteMetric1.9.1.2.3 = 9) Supporting a new row (see Page 186) something depends on policy and implementation matter for the agent Row Deletion SetRequest (ipRouteType.7.3.5.3 = invalid) --> GetResponse (ipRouteDest.7.3.5.3 = invalid) : having the effect eliminating the row See Table 7.8 Kyung Hee University 17 SetRequest PDU (2) Performing an Action an agent could include a proprietary object reBoot with an initial vaule; if a management station sets the object’s value to 1, the agent system reboots and resets the object vale to 0 Kyung Hee University 18 Trap PDU PDU type : Trap PDU Enterprise : identifying the network management subsystem agent-addr generic-trap : having 7 values specific-trap time-stamp variablebindings Not soliciting a response from the other side Kyung Hee University 19 Transport-Level Support Connetionless Transport Service Using the User Datagram Protocol (UDP) Using connectionless transport support service (CLTS) of OSI architecture UDP details UDP over IP UDP header : – source and destination port fields – enabling application-level protocols such as SNMP to address each other – optional checksum for UDP header and user data CLTS details Transport protocol data unit including source and destination transport service access points (TSAPs) Optional checksum TSAP address : network-layer address + TSAP ID Kyung Hee University 20 Transport-Level Support (2) Loss of PDU UDP and CLTS are not reliable Guaranteeing delivery application that is using SNMP – setting time-out of GetResponse – repeating the request one or more times Connection-Oriented Transport Service SNMP intended for use over a connectionless transport service Key reason : for robustness RFC 1283 : prescribing conventions for the use of SNMP over the ISO connection-oriented transport service (COTS) At first, setting-up a transport connection to the agent, then sending request Kyung Hee University 21 SNMP Group Snmp group as part of MIB-II including information relevant to the implementation and operation of SNMP (see Figure and Table 7.9) all of the objects except object, snmpEnableAuthenTraps : Read-only counters Kyung Hee University 22 List of features for network management station Extended MIB support network management station that can load MIB definitions for extended MIBs defined for agent products from other vendors Intuitive interface easy and powerful user interface separate window for each part of the network capable of displaying topological and geographic maps of the network capable to show the status of the devices Automatic discovery At the installing time, able to discover agents to build maps and configure icons Programmable events allowing for user to define the actions for occurrence of the events ex) changing states of icons, e-mail messages to manager, setting off beeper Kyung Hee University 23 List of features for network management station (2) Advanced network control performing some predefined functions under certain conditions ex) automatic shut-off for a bad or suspect hub or isolating an overactive network segment so that the whole network does not suffer Object-oriented management MIB and SMI specifications referring to “objects” , but SNMP not using object-oriented technology Object-oriented system that can support SNMP Custom iconsd not just simple rectangular and circle to describe network topology , but descriptive icons creating custom icons Kyung Hee University 24