Tuesday, May 22, 2007

Simple Network Management Protocol (SNMP)

The simple network management protocol (SNMP) forms part of the internet protocol suite as defined by the Internet Engineering Task Force (IETF). SNMP is used by network management systems to monitor network-attached devices for conditions that warrant administrative attention. It consists of a set of standards for network management, including an Application Layer protocol, a database schema, and a set of data objects.

SNMP exposes management data in the form of variables on the managed systems, which describe the system configuration. These variables can then be queried (and sometimes set) by managing applications.

Overview and Basic Concepts

In typical SNMP usage, there are generally a number of systems to be managed, and one or more systems managing them. A software component called an agent (see below) runs on each managed system and reports information via SNMP to the managing systems.

Essentially, SNMP agents expose management data on the managed systems as variables (such as "free memory", "system name", "number of running processes", "default route"). The managing system can retrieve the information through the GET, GETNEXT and GETBULKTRAP or INFORMSET protocol operation to actively manage a system. Configuration and control operations are used only when changes are needed to the network infrastructure and the monitoring operations are frequently performed on a regular basis. protocol operations or the agent will send data without being asked using protocol operations. Management systems can also send configuration updates or controlling requests through the

The variables accessible via SNMP are organized in hierarchies. These hierarchies, and other metadata, are described by Management Information Bases (MIBs).

Management Information Base (MIBs)

The SNMP's extensible design is achieved with management information bases (MIBs), which specify the management data of a device subsystem, using a hierarchical namespace containing object identifiers, implemented via ASN.1. The MIB hierarchy can be depicted as a tree with a nameless root, the levels of which are assigned by different organizations. The top-level MIB object IDs belong to different standards organizations, while lower-level object IDs are allocated by associated organizations. This model permits management across all layers of the OSI reference model, extending into applications such as databases, email, and the Java EE reference model, as MIBs can be defined for all such area-specific information and operations.

A MIB is a collection of information that is organized hierarchically. MIBs are accessed using a network-management protocol such as SNMP. They comprise managed objects and are identified by object identifiers.

A managed object (sometimes called a MIB object, an object, or a MIB) is one of any number of specific characteristics of a managed device. Managed objects comprise one or more object instances, which are essentially variables.

Two types of managed objects exist:

  1. Scalar objects define a single object instance.
  2. Tabular objects define multiple related object instances that are grouped in MIB tables.

An example of a managed object is atInput, which is a scalar object that contains a single object instance, the integer value that indicates the total number of input AppleTalk packets on a router interface.

An object identifier (or object ID or OID) uniquely identifies a managed object in the MIB hierarchy.


Abstract Syntax Notation One (ASN.1)

In telecommunications and computer networking, Abstract Syntax Notation One (ASN.1) is a standard and flexible notation that describes data structures for representing, encoding, transmitting, and decoding data. It provides a set of formal rules for describing the structure of objects that are independent of machine-specific encoding techniques and is a precise, formal notation that removes ambiguities.

ASN.1 is a joint ISO and ITU-T standard, originally defined in 1984 as part of CCITT X.409:1984. ASN.1 moved to its own standard, X.208, in 1988 due to wide applicability. The substantially revised 1995 version is covered by the X.680 series.

An adapted subset of ASN.1, Structure of Management Information (SMI), is specified in SNMP to define sets of related MIB objects; these sets are termed MIB modules.


SNMP Basic Components

An SNMP-managed network consists of three key components:

  1. Managed devices
  2. Agents
  3. Network-management systems (NMSs)

A managed device is a network node that contains an SNMP agent and that resides on a managed network. Managed devices collect and store management information and make this information available to NMSs using SNMP. Managed devices, sometimes called network elements, can be routers and access servers, switches and bridges, hubs, computer hosts, or printers.

An agent is a network-management software module that resides in a managed device. An agent has local knowledge of management information and translates that information into a form compatible with SNMP.

An NMS executes applications that monitor and control managed devices. NMSs provide the bulk of the processing and memory resources required for network management. One or more NMSs must exist on any managed network.

Architecture

The SNMP framework consists of master agents, subagents and management stations.

Master Agent

A master agent is a piece of software running on an SNMP-capable network component, for example a router that responds to SNMP requests from the management station. Thus it acts as a server in client-server architecture terminology or as a daemon in operating systemsubagents to provide information about the management of specific functionality. terminology. A master agent relies on

Master agents can also be referred to as managed objects.

Subagent

A subagent is a piece of software running on an SNMP-capable network component that implements the information and management functionality defined by a specific MIB of a specific subsystem.: for example the ethernet link layer. Some capabilities of the subagent are:

  • Gathering information from managed objects
  • Configuring parameters of the managed objects
  • Responding to managers' requests
  • Generating alarms or traps

Management Station

The manager or management station is the final component in the SNMP architecture. It functions as the equivalent of a client in the client-server architecture. It issues requests for management operations on behalf of an administrator or application and receives traps from agents as well.

The SNMP protocol

SNMPv1 and ASN.1 Data Types

The SNMPv1 SMI specifies that all managed objects have a certain subset of Abstract Syntax Notation One (ASN.1) data types associated with them. Three ASN.1 data types are required:

  1. The name serves as the object identifier (object ID).
  2. The syntax defines the data type of the object (for example, integer or string). The SMI uses a subset of the ASN.1 syntax definitions.
  3. The encoding data describes how information associated with a managed object is formatted as a series of data items for transmission over the network.

SNMPv1 and SMI-Specific Data Types

The SNMPv1 SMI specifies the use of a number of SMI-specific data types, which are divided into two categories:

  1. Simple data types
  2. Application-wide data types.

Three simple data types are defined in the SNMPv1 SMI, all of which are unique values:

  1. The integer data type is a signed integer in the range of -2,147,483,648 to 2,147,483,647.
  2. Octet strings are ordered sequences of 0 to 65,535 octets.
  3. Object IDs come from the set of all object identifiers allocated according to the rules specified in ASN.1.

Seven application-wide data types exist in the SNMPv1 SMI: network addresses, counters, gauges, time ticks, opaques, integers, and unsigned integers.

  1. Network addresses represent an address from a particular protocol family. SNMPv1 supports only 32-bit IP addresses.
  2. Counters are non-negative integers that increase until they reach a maximum value and then return to zero. In SNMPv1, a 32-bit counter size is specified.
  3. Gauges are non-negative integers that can increase or decrease but that retain the maximum (minimum) value reached, if it exceeds (or fall below) the maximum (or minimum) value, as specified in RFC 2578.
  4. A time tick represents a hundredth of a second since some event.
  5. An opaque represents an arbitrary encoding that is used to pass arbitrary information strings that do not conform to the strict data typing used by the SMI.
  6. An integer represents signed integer-valued information. This data type redefines the integer data type, which has arbitrary precision in ASN.1 but bounded precision in the SMI.
  7. An unsigned integer represents unsigned integer-valued information and is useful when values are always non-negative. This data type redefines the integer data type, which has arbitrary precision in ASN.1 but bounded precision in the SMI.

SNMPv1 MIB Tables

The SNMPv1 SMI defines highly structured tables that are used to group the instances of a tabular object (that is, an object that contains multiple variables). Tables are composed of zero or more rows, which are indexed in a way that allows SNMP to retrieve or alter an entire row with a single Get, GetNext, or Set command.

SNMPv2 and Structure of Management Information

The SNMPv2 SMI is described in RFC 2578. It makes certain additions and enhancements to the SNMPv1 SMI-specific data types, such as including bit strings, network addresses, and counters. Bit strings are defined only in SNMPv2 and comprise zero or more named bits that specify a value. Network addresses represent an address from a particular protocol family. SNMPv1 supports only 32-bit IP addresses, but SNMPv2 can support other types of addresses as well. Counters are non-negative integers that increase until they reach a maximum value and then return to zero. In SNMPv1, a 32-bit counter size is specified. In SNMPv2, 32-bit and 64-bit counters are defined.

The SNMP protocol operates at the application layer (layer 7) of the OSI model. It specifies (in version 1) five core protocol data units (PDUs):

  1. GET REQUEST - used to retrieve a piece of management information.
  2. GETNEXT REQUEST - used iteratively to retrieve sequences of management information.
  3. GET RESPONSE - used by the agent to respond with data to get and set requests from the manager.
  4. SET REQUEST - used to initialise and make a change to a value of the network element.
  5. TRAP - used to report an alert or other asynchronous event about a managed subsystem. In SNMPv1, asynchronous event reports are called traps while they are called notifications in later versions of SNMP. In SMIv1 MIB modules, traps are defined using the TRAP-TYPE macro; in SMIv2 MIB modules, traps are defined using the NOTIFICATION-TYPE macro.

Other PDUs were added in later versions, including:

  1. GETBULK REQUEST - a faster iterator used to retrieve sequences of management information.
  2. INFORM - an acknowledged trap.

Typically, SNMP uses UDP ports 161 for the agent and 162 for the manager. The Manager may send Requests from any available ports (source port) to port 161 in the agent (destination port). The agent response will be given back to the source port. The Manager will receive traps on port 162. The agent may generate traps from any available port.

Many distributions change this, however, and this is not necessarily always true.

SNMPv2 SMI Information Modules

The SNMPv2 SMI also specifies information modules, which specify a group of related definitions. Three types of SMI information modules exist: MIB modules, compliance statements, and capability statements.

  • MIB modules contain definitions of interrelated managed objects.
  • Compliance statements provide a systematic way to describe a group of managed objects that must be implemented for conformance to a standard.
  • Capability statements are used to indicate the precise level of support that an agent claims with respect to a MIB group. An NMS can adjust its behavior toward agents according to the capabilities statements associated with each agent.

SNMPv3

Simple Network Management Protocol version 3 is defined by RFC 3411RFC 3418Simple Network Management Protocol version 3 primarily added security and remote configuration enhancements to SNMP. SNMPv3 is the current standard version of SNMP as of 2004. The IETF considers earlier versions as "Obsolete" or "Historical". In December 1997 the "Simple Times" newsletter published several articles written by the SNMPv3 RFC editors explaining some of the ideas behind version 3 specifications. (also known as 'STD0062').

SNMPv3 provides important security features:

  • Message integrity to ensure that a packet has not been tampered with in transit.
  • Authentication to verify that the message is from a valid source.
  • Encryption of packets to prevent snooping by an unauthorized source.

No comments: