Simple Network Management Protocol

Simple Network Management Protocol (SNMP) is used as the transport protocol for network
management. Network management consists of network management stations communicating with
network elements such as hosts, routers, servers, or printers. The agent is the software on the network
element (host, router, printer) that runs the network management software. Therefore when the word
agent is used it is referring to the network element. The agent will store information in a management
information base (MIB). Management software will poll the various network devices and get the
information stored in them. RFC 1155, 1157, and 1213 define SNMP with RFC 1157 defining the
protocol itself. The manager uses UDP port 61 to send requests to the agent and the agent uses UDP port
62 to send replies or messages to the manager. The manager can ask for data from the agent or set
variable values in the agent. Agents can reply and report events.
There are three supporting pieces to TCP/IP network management:
1. Management Information BASE (MIB) specifies variables the network elements maintain.
2. A set of common structures and a way to reference the variables in the database.
3. The protocol used to communicate between the manager and the network element agent which is
SNMP.
SNMP collects information two ways:
1. The devices on the network are polled by management stations.
2. Devices send alerts to SNMP management stations. The public community may be added to the
alert list so all management stations will receive the alert.
SNMP must be installed on the devices to do this. SNMP terms:
l Baseline - A report outlining the state of the network.
l Trap - An alert that is sent to a management station by agents.
l Agent - A program at devices that can be set to watch for some event and send a trap message to a
management station if the event occurs.
The network manager can set the threshold of the monitored event that will trigger the sending of the trap
message. SNMP enables counters for monitoring the performance of the network used in conjunction
with Performance Monitor.
SNMP Communities
An SNMP community is the group that devices and management stations running SNMP belong to. It
Simple Network Management Protocol
helps define where information is sent. The community name is used to identify the group. A SNMP
device or agent may belong to more than one SNMP community. It will not respond to requests from
management stations that do not belong to one of its communities. SNMP default communities are:
l Write = private
l Read = public
SNMP Security
SNMP should be protected from the internet with a firewall. Beyond the SNMP community structure,
there is one trap that adds some security to SNMP.
l Send Authentication Trap - When a device receives an authentication that fails, a trap is sent to a
management station.
Other configuration parameters that affect security are:
l Accepted Community Names - Only requests from computers in the list of community names will
be accepted.
l Accept SNMP Packets from Any Host - This is checked by default. Setting specific hosts will
increase security.
l Only Accept SNMP Packets from These Hosts - Only requests from hosts on the list of IP
addresses are accepted. Use IP, or IPX address or host name to identify the host.
SNMP Message Types
There are five types of messages exchanged in SNMP. They are referred to by Protocol Data Unit (PDU)
type.
PDU Type Name Description
0 get-request Get one or more variables .(manager to element)
1 get-next-request
Get next variable after one or more specified variables. (manager to
element)
2 set-request Set one or more variables. (manager to element)
3 get-response Return value of one or More variables. (element to manager)
4 trap Notify manager of an event. (element to manager)
The SNMP message with PDU type 0-3 consists of:
Simple Network Management Protocol
1. Version of SNMP
2. Community - A clear text password character string
3. PDU type
4. Request ID - Used to associate the request with the response. For PDU 0-2, it is set by the
manager.
5. error status - An integer sent by the agent to identify an error condition
Error Name Description
0 no error OK
1 too big Reply does not fit into one message
2 no such name The variable specified does not exist
3 bad value Invalid value specified in a set request.
4 read only The variable to be changed is read only.
5 general error General error
6. error index - Specifies which variable was in error when an error occurred. It is an integer offset.
7. name - The name of the variable (being set or read).
8. value - The value of the variable (being set or read)
9. any other names and values to get/set
The SNMP message with PDU type 4 (trap) consists of:
1. PDU type
2. Enterprise - The agents OBJECT IDENTIFIER or system objects ID. Falls under a node in the
MIB tree.
3. agent addr - The IP address of the agent.
4. Trap type - Identifies the type of event being reported.
Trap Type Name Description
0 cold start Agent is booting
1 warm start Agent is rebooting
2 link down An interface has gone down
3 link up An interface has come up
4 authentification failure An invalid community (password) was received in a message.
5 egp neighbor loss An EGP peer has gone down.
6 enterprise specific Look in the enterprise code for information on the trap
5. Specific code - Must be 0.
6. Time stamp - The time in 1/100ths of seconds since the agent initialized.
7. name
8. Value
9. Any other names and values
Types of data used:
l INTEGER - Some have minimum and maximum values.
l OCTET STRING - The number of bytes in the string is before the string.
l DISPLAY STRING - Each byte must be an ASCII value
l OBJECT IDENTIFIER - Specifies a data type allocated by an organization with responsibility for
a group of identifiers. A sequence of integers separated by decimals which follow a tree structure.
l NULL - Used as the value of all variables in a get request.
l IpAddress - A 4 byte long OCTET STRING. One byte for each byte of the IP address.
l PhysAddress - A 6 byte octet string specifying an ethernet or hardware address.
l Counter - A 32 bit unsigned integer
l GaugeAn unsigned 32 bit integer with a value that can increase or decrease but wont fall below a
minimum or exceed a maximum.
l TimeTicks - Time counter. Counts in 1/100 of seconds.
l SEQUENCE - Similar to a programming structure with entries of type IPAddress called
udpLocalAddress and type INTEGER called udpLocalPort.
l SEQUENCE OF - An array with elements with one type.
The MIB data structure RFC 1213
In the above list the data type "OBJECT IDENTIFIER" is listed as a part of the management information
database. These object identifiers are referenced very similar to a DNS tree with a directory at the top
called root. Each node in the tree is given a text name and is also referenced numerically similar to IP
addresses. There are multiple levels in the tree with the bottom level being variables, and the next one up
is called group. The packets sent in SNMP use numeric identifiers rather than text. All identifiers begin
with iso(1).org(3).dod(6).internet(1).mgmt(2).mib(1). Numerically, that is 1.3.6.1.2.1. In text it is
"iso.org.dod.internet.mgmt.mib". Under mib are the following groups. The information in these groups is
not complete and you should refer to the RFC for full information.
1. system
1. sysDesc (DisplayString) - Description of entity
2. sysObjectID (ObjectID) - Vendors ID in the subtree (1.3.6.1.4.1.
3. sysUPTime (Timer) - Time the system has been up
4. sysContact (DisplayString) - Name of contact person
5. sysName (DisplayString) - Domain name of the element such as
mymachine.mycompany.com
6. sysLocation (DisplayString) - Physical location of the element.
7. sysServices 0x1-physical, 0x02-datalink, 0x04-internet, 0x08 end to end, 0x40-application.
If the bit is set the service is provided
2. interfaces
1. ifNumber (INTEGER) - Number of network interfaces
2. ifTable (table)

1. ifIndex
2. ifDescr - Description of interface
3. ifType - 6=ethernet, 7=802.3 ethernet, 9=802.5 token ring, 23 = PPP, 28=SLIP
4. ifMtu
5. ifSpeed - Bits/second
6. ifPhysAddress
7. ifAdminStatus - Desired state of interface 1=up, 2=down, 3=testing
8. ifOperStatus - Current state of interface 1=up, 2=down, 3=testing
9. ifLastchange
10. ifInOctets - Total bytes received
11. ifInUcastPkts
12. ifInNUcastPkts
13. ifInDiscards
14. ifInErrors
15. ifInUnknownProtos
16. ifOutOctets
17. ifOutUcastPkts
18. ifOutNUcastPkts
19. ifOutDiscards
20. ifOutErrors
21. ifOutQLen
22. ifSpecific
3. at - Address translation group
1. atIfIndex (INTEGER) - Interface number
2. atPhysAddress (PhyAddress)
3. atNetAddress (NetworkAddress) - IP address
4. ip
1. ipForwarding
2. ipDefaultTTL (INTEGER)
3. ipInReceives (counter)
4. ipInHdrErrors (counter)
5. ipInAddrErrors (counter)
6. ipForwDatagrams (counter)
7. ipInUnknownProtos (counter)
8. ipInDiscards (counter)
9. ipInDelivers (counter)
10. ipOutRequests (counter)
11. ipOutDiscards (counter)
12. ipOutNoRoutes (INTEGER)
13. ipReasmTimeout (counter)
14. ipReasmReqds (counter) - Number of IP fragments received that need to be reassembled.
15. ipReasmOKs (counter)
16. ipReasmFails (counter)
Simple Network Management Protocol
17. ipFragOKs (counter)
18. ipFragFails (counter)
19. ipFragCreates (counter)
20. ipRoutingDiscards (counter)
21. ipAddrTable (table)
1. ipAddrEntry (index)
1. ipAdEntAddr
2. ipAdEntIfIndex
3. ipAdEntNetMask
4. ipAdEntBcastAddr
5. ipAdEntReasmMaxSize
5. icmp
6. tcp
7. udp
1. udpInDatagrams (counter) - UDP datagrams delivered to user processes.
2. udpNoPorts (counter) - UDP datagrams which were not received at the port since there
was no application to receive it.
3. udpInErrors (counter) - Number of UDP datagrams not delivered for reasons other than no
applications available to receive them.
4. udpOutDatagrams (counter) - Number of UDP datagrams sent.
5. udpTable (table)
1. udpEntry - Specifies the table entry number
1. udpLocalAddress
2. udpLocalPort
The ordering of data in the MIB is numeric. When the getnext function is used it gets the next data based
on the numeric ordering.

No comments:

Post a Comment