SNMP

Simple
Simple Network
Network
Management
Management Protocol
Protocol

By : Amin Komeili
[email protected]
m
Contents
 1- SNMP & Network Management History & RFCs
 2- What is Network Management?
 3- What is SNMP?
 4- Advantages of using SNMP
 5-Ports and protocol (L4)
 6- Structure of Management Packet
 7- Structure of Management Information (SMI)
 8-Management Information Base (MIB)
 9- Simple Network Management Protocol (SNMP)
 10-Snmp Versions
 11- SNMPv1 & SNMPv2 Message Format
 12-SNMP Traps
 13- SNMPv3 Security Models & Levels
 14- SNMPv3 Message Format
 15- SNMP Disadvantage
SNMP
SNMP&&Network
NetworkManagement
Management History
History
1
 1983 - TCP/IP replaces ARPANET at U.S. Dept. of Defense, effective birth of Internet
 First model for net management - HEMS - High-Level Entity Management System (RFCs
1021,1022,1024,1076)
 1987 - ISO OSI proposes CMIP - Common Management Information Protocol, and CMOT
(CMIP over TCP) for the actual network management protocol for use on the internet
 Nov. 1987 - SGMP - Simple Gateway Monitoring protocol (RFC 1028)
 1989 - Marshall T. Rose heads up SNMP working group to create a common network
management framework to be used by both SGMP and CMOT to allow for transition to
CMOT
 Aug. 1989 - “” defined (RFCs 1065, 1066, 1067) Internet-standard Network
Management Framework
 Apr. 1989 - SNMP promoted to recommended status as the de facto TCP/IP network
management framework (RFC 1098)
 June 1989 - IAB committee decides to let SNMP and CMOT develop separately
 May 1990 - IAB promotes SNMP to a standard protocol with a recommended status
(RFC 1157)
 Mar. 1991 - format of MIB2 and traps defined (RFCs 1212, 1215)
 TCP/IP MIB definition revised to create SNMPv1 (RFC 1213)
SNMP RFC’s 2
RFC Description Published Current Status
1065 SMIv1 Aug-88 Obsoleted by 1155
1066 SNMPv1 MIB Aug-88 Obsoleted by 1156
1067 SNMPv1 Aug-88 Obsoleted by 1098
1098 SNMPv1 Apr-89 Obsoleted by 1157
1155 SMIv1 May-90 Standard
1156 SNMPv1 MIB May-90 Historic
1157 SNMPv1 May-90 Standard
1158 SNMPv1 MIB-II May-90 Obsoleted by 1213
1212 SNMPv1 MIB definitions Mar-91 Standard
1213 SNMPv1 MIB-II Mar-91 Standard
1215 SNMPv1 traps Mar-91 Informational
1351 Secure SNMP administrative model Jul-92 Proposed Standard
1352 Secure SNMP managed objects Jul-92 Proposed Standard
1353 Secure SNMP security protocols Jul-92 Proposed Standard
1441 Introduction to SNMPv2 Apr-93 Proposed Standard
1442 SMIv2 Apr-93 Obsoleted by 1902
1443 Textual conventions for SNMPv2 Apr-93 Obsoleted by 1903
1444 Conformance statements for SNMPv2 Apr-93 Obsoleted by 1904
1445 SNMPv2 administrative model Apr-93 Historic
1446 SNMPv2 security protocols Apr-93 Historic
1447 SNMPv2 party MIB Apr-93 Historic
1448 SNMPv2 protocol operations Apr-93 Obsoleted by 1905
1449 SNMPv2 transport mapping Apr-93 Obsoleted by 1906
1450 SNMPv2 MIB Apr-93 Obsoleted by 1907
1451 Manger-to-manger MIB Apr-93 Historic
1452 Coexistence of SNMPv1 and SNMPv2 Apr-93 Obsoleted by 1908
1901 Community-Based SNMPv2 Jan-96 Experimental
1902 SMIv2 Jan-96 Draft Standard
1903 Textual conventions for SNMPv2 Jan-96 Draft Standard
1904 Conformance statements for SNMPv2 Jan-96 Draft Standard
1905 Protocol operations for SNMPv2 Jan-96 Draft Standard
1906 Transport mapping for SNMPv2 Jan-96 Draft Standard
1907 SNMPv2 MIB Jan-96 Draft Standard
1908 Coexistence of SNMPv1 and SNMPv2 Jan-96 Draft Standard
1909 Administrative infrastructure for SNMPv2 Feb-96 Experimental
1910 User-based security for SNMPv2 Feb-96 Experimental
What
What is is Network
Network
3
Management?
Management?
Network management is the process of controlling a
complex data network to maximize its efficiency
and productivity
The overall goal of network management is to help with the
complexity of a data network and to ensure that data
can go across it with maximum efficiency and
transparency to the users
• Configuration
Basic tasks that fall under this category are:
Management
Configuration Management
•• Keeping
Keeping track
track of
of device
device settings
settings and
and how
how they
they function
function (-
(- inventory,
inventory,
configuration,
configuration, ..)
..)
• Fault Management
•• Dealing
Dealing with
with problems
problems and
and emergencies
emergencies in
in the
the network
network (router
(router stops
stops
routing,
routing, server
server loses
loses power,
power, etc.)
etc.)
• Performance Management

•• How
How smoothly
smoothly is
is the
the network
network running?
running?
•• Can
Can itit handle
handle the
the workload
workload itit currently
currently has?
has?
•• ## of
of packets
packets dropped,
dropped, timeouts,
timeouts, … …
What
What is
is SNMP?
SNMP? 4

 SNMP is a layer 7 protocol that allows for remote

and local management of items on the network
including servers, workstations, routers, switches
and other managed devices.
 Comprised of Agents and NMS and Managed Devices

• Agent - process running on each managed node collecting

information about the device it is running on.
• Network Management system (NMS) - process
running on a management workstation that requests information
about devices on the network.
• Managed Devices - A managed device is a network node
that implements an SNMP interface that allows unidirectional (read-
only) or bidirectional (read and write) access to node-specific
information
SNMP Operational Model
5
 Advantages of using SNMP 6

Standardized protocol: SNMP is the standard network management

protocol for TCP/IP networks and IPX and Appletalk

Universal acceptance: All major vendors support SNMP. All SNMP-

managed devices use the same type of management interface to
support a common set of network management information.

Portability: SNMP is independent of operating system and

programming language. The functional design of SNMP is also portable
and it defines a core set of operations that must function identically in
all devices that support SNMP.

Extendibility: SNMP is a core set of operations that remain the same

on all managed devices. SNMP has the capability of supporting any
type of information on any type of device that may be part of any type
of network devices.
Ports
Ports &
& Protocol
Protocol 7

• SNMP uses User Datagram Protocol (UDP) as the

transport mechanism for SNMP messages

Ethernet
Frame IP CRC
Packet
UDP
SNMP Message
Datagram

• Like FTP, SNMP uses two well-known ports to

operate:
• UDP Port 161 - SNMP Messages
• UDP Port 162 - SNMP Trap Messages
 Companion of network
management
8

To do management tasks, SNMP uses two

components: Structure of Management
Information (SMI) and Management Information
Base (MIB). In other words, management on the
Internet is done through the cooperation of three
protocols: SNMP, SMI, and MIB, as shown in
Figure
Comparing computer programming and 9
network management
Structure of Management Information 10
(SMI)
The SMI, is a component for network management. Performs the
functions such as
- To name objects.
- To define the type of data that can be stored in an object.
- To show how to encode data for transmission over the
network.
SMI is guideline for SNMP, it emphasizes three attributes to
handle an object: name, data type and encoding method
Structure of
SMI
Name: 11
 Define a Names and specific Object Identifier (OID):
 Global identifier for a particular object type.
 An OID consists of a sequence of integers, which specify the
position of the object in the global object identifier tree.

root
0 1 2
ccitt iso joint-iso-ccitt
3
reg 1 member 2 org 1.3.6.1.2.1
authority body 6
dod
1.3.6.1.2.1.2 1
internet 1.3.6.1.4.1
1
directory mgmt 2 4
private
1 1
MIB II enterprises

system interface at IP ICMP TCP UDP EGP Trans. SNMP

1 2 3 4 5 6 7 8 9 10 13
 Structure of SMI 12

Name:
• The SMI, requires that each managed object (such as a
router, a variable in a router, a value) have a unique name.
• To name objects globally, SMI uses an “Object Identifier”,
which is a hierarchical identifier based on tree structure.
• Tree structure starts with an unnamed root, each object can
be defined by using a sequence of integers separated by
dots (used by SNMP).
• Tree structure can also define an object by using a
sequence of textual names separated by dots (used by
people).
- for example:
iso.org.dod.internet.mgmt.mib = 1.3.6.1.2.1
The objects that are used in SNMP are located under mib
object, so their identifiers always starts with 1.3.6.1.2.1
Structure of the SMI Object Name
Hierarchy 13
o Within iso(1), the ISO has created a subtree for use by other
organizations, called org(3).
ccitt(0): For ITU (formerly the CCITT) standards

o joint-iso-ccitt(2): For joint standards

Following the iso(1) node, we see the following at the next several levels:

o Within org(3), there is a subtree for the United States Department of

Defense, which as you may recall was the originator of the Internet:
dod(6).

Within dod(6), there is a subtree called internet(1).

Everything we work with in SNMP is under this one very specific subtree:
1.3.6.1, which if we used the text labels would be “iso.org.dod.internet”.
Within this part of the name space, there are six subtrees below:

o directory(1): Reserved for future use by ISO.

Structure of the SMI Object Name 14
Hierarchy
o mgmt(2): The primary subtree where MIB objects are
located. This is “1.3.6.1.2”. It contains a subtree called
mib(1), which is 1.3.6.1.2.1. When MIB-II was created, a
subtree called mib-2(1) was created using the same
number, 1.3.6.1.2.1.

experimental(3): Contains objects used for standards

under development. This is “1.3.6.1.3”.

o private(4): Used for objects defined by private companies.

This node, 1.3.6.1.4, has a subtree called enterprise(1),
which is 1.3.6.1.4.1.

security(5): Reserved for security use.

o snmpV2(6): Defines objects used specifically for SNMP

version 2.
Structure of SMI 15

Type of data:
• The second attribute of an object is the type of data stored
in it.
• To define the data type, SMI uses fundamental Abstract
Syntax Notation 1 (ASN.1) definitions and adds some new
definitions i.e. SMI is both a subset and superset of ASN.1.
• It has 2 categories of data types: simple and structured.
Structure of SMI 16
Type of data:
• Simple data type: the first five are from ASN.1; next
seven are defined by SMI.
Type Size Description
INTEGER 4 bytes An integer with a value between -231 and 231-1

Integer32 4 bytes Same as INTEGER

Unsigned32 4 bytes Unsigned with value between 0 and 232-1
OCTECT STRING Variable Byte string up to 65,535 bytes long
OBJECT Variable An Object Identifier
IDENTIFIER
IPAddress 4 bytes An IP Address made of 4 integers
Counter32 4 bytes An Integer whose value can be incremented from 0 to 2 32; when
it reaches its maximum value, it wraps back to 0
Counter64 8 bytes 64-bit counter
Gauge32 4 bytes Same as Counter32, but when it reaches its maximum value, it
does not wrap; it remains there until it is reset.
TimeTicks 4 bytes A counting value that records time in 1/100 second
Structure of SMI 17
Type of data:
• Structured data type: SMI defines two structured data types-
Sequence and Sequence of.
• Sequence: it is a combination of simple data types, not
necessarily same type. It is like the concept of struct in C.
• Sequence of: it is a combination of simple data types all of
same type. It is like the concept of array in C.
Structure of 18
SMI
Data Encoding Method:
Following table shows the data types and their tags in binary and
Hexadecimal numbers.
Data Type Format Number Tag Tag
(Binary) (Hex)
INTEGER 0 00010 00000010 02
OCTECT STRING 0 00100 00000100 04
OBJECT IDENTIFIER 0 00110 00000110 06
NULL 0 00101 00000101 05
Sequence, Sequence 1 10000 00110000 30
of
IPAddress 0 00000 01000000 40
Counter 0 00001 01000001 41
Gauge 0 00010 01000010 42
TimeTicks 0 00011 01000011 43
Comparing computer programming and 19
network management
MIB (Management Information 20
Base)
MIB : is a second component used in network management.
Each agent has its own MIB, which is a collection of all objects that
the manager can manage.
The objects in MIB are categorized under different groups: system,
interface, address translation, ip, icmp, tcp, udp, egp, and etc
These groups are under MIB object in the object identifier tree. Each
group has defined variables and/ or tables.
MIB (Management Information 21
Base)is a brief description of some of the objects.
Following
sys: system object defines general information about the node (system)
such as name, location, and lifetime.
if: interface object defines information about all the interfaces of the node
including interface no. physical address.
at: address translation object defines information about the ARP table.
ip: this object defines information related to IP (routing table, IP address).
icmp: this object defines information about the ICMP (no. of packets sent
and received and total errors created).
tcp: this object defines information about the TCP (connection table, time-
out value, no. of ports and no. of packets sent and received ).
udp: this object defines information about the UDP ( no. of ports and no. of
packets sent and received ).
Snmp: this object defines information about SNMP (itself).
EGP: Contains information about the implementation and operation of EGP
at the managed system.
MIB (Management Information
22
Base)
Accessing MIB variables:
Simple variables: to access the simple variables, we use the id of
the group followed by the id of the variable. Following figure shows
how to access each variable.

For example: we use the group udp, then

variables under udp group can be accessed
as follows.
udpInDatagrams 1.3.6.1.2.1.7.1
udpNoPorts 1.3.6.1.2.1.7.2
udpInErrors 1.3.6.1.2.1.7.3
MIB (Management Information 23
Base)
MIB (Management Information 24
Base)
 MIB (Management Information
25
Base)
Get “System Group” of MIB II
Use get_request or get_next_request
sysDescr .1.3.6.1.2.1.1.1.0
sysTemperature .1.3.6.1.2.1.1.2.0
sysUptime .1.3.6.1.2.1.1.3.0
sysContact .1.3.6.1.2.1.1.4.0
sysName .1.3.6.1.2.1.1.5.0
sysSupply .1.3.6.1.2.1.1.6.0

Information about objects:

1-MIB2 RFC 1213
2-MIB File
OID View 26

http://www.oidview.com/mibs
MIB (Management Information Base) Private 27
MIB (Management Information Base) Private
28
 29
Private MIB Registration
 Companies can register their private MIB extensions in the
global MIB tree by contacting the Internet Assigned Numbers
Authority (IANA).

http://www.iana.org/
 Currently assigned enterprise subtrees

ftp://ftp.isi.edu/in-notes/iana/assignments/enterprise-numbers

31
Comparing computer programming and 30
network management
 31

SNMP
SNMP Versions
Versions
• SNMPv1 is the recommended standard
• SNMPv2 has become split into:

• SNMPv2u - SNMPv2 with security

• SNMPv2* - SNMPv2 security and additional features
• SNMPv2c - SNMPv2 without security
• SNMPv3 Secure Version with Authentication and Hashing Algorithm
SNMP (Simple Network Management Protocol)
SNMP uses both SMI and MIB in Internet network management. It is an 32
application program that allows
1- A manager to retrieve the value of an object defined in an agent.
2- A manager to store a value in an object defined in an agent.
3- An agent to send an alarm message about an abnormal situation (such as
it’s rebooting) to the manager.
SNMP (Simple Network Management Protocol)
33
SNMP (Simple Network Management Protocol)
34
Message type Function
GetRequest
Mgr-to-agent: “get me data”
GetNextRequest
(instance,next in list, block)
GetBulkRequest
InformRequest Mgr-to-Mgr: here’s MIB value
Report

SetRequest Mgr-to-agent: set MIB value

GetResponse Agent-to-mgr: value, response to

Request

Trap Agent-to-mgr: inform manager

of exceptional event
(typically a notification of something unexpected,
like an error)
 SNMP: Codes for SNMP
Messages 35
Types of Errors Status:

Status Name Meaning

0 noError No error
1 tooBig Response too big to fit in one
message
2 noSuchName Variables does not exist
3 badValue The value to be stored is invalid
4 readOnly The value can not be modified
5 genErr Other errors
36
 Traps
Traps
• Traps are unrequested event reports that are sent to a management system by an
37
SNMP agent process
• When a trappable event occurs, a trap message is generated by the agent and is
sent to a trap destination (a specific, configured network address)
• Many events can be configured to signal a trap, like a network cable fault, failing
NIC or Hard Drive, a “General Protection Fault”, or a power supply failure
• Traps can also be throttled -- You can limit the number of traps sent per second
from the agent
• Each Service has its own traps that you should enable for receiving them on NMS
 SNMP Security models & 38
Levels
SNMPv3 has added two new features to the previous version:
security and remote administration. SNMPv3 allows a manager to
choose one or more levels of security when accessing an agent.
Different aspects of security can be configured by the manager to
allow message authentication, confidentiality, and integrity.
SNMPv3 also allows remote configuration of security aspects without
requiring the administrator to actually be at the place where the device
is located.
 39
SNMPv3 Message Format

msgVersion msgGlobalData msgSecurityParms msgData

Security
Model
msgID msgMaxSize msgFlags msgSecurityModel
Specific

Message type and security services, present legal values are:

A unique number
'100'b - a noAuthNoPriv request
'000'b - a noAuthNoPriv response or unacknowledged notification to identify each
'101'b - an authNoPriv request security model
'001'b - an authNoPriv response or unacknowledged notification
'111'b - an authPriv request
'011'b - an authPriv response or unacknowledged notification
SNMPv3 Message Format 40

NoAuthNoPriv

AuthPriv
 SNMP
Disadvantages 41
• One such problem is the inefficiency of SNMP for
retrieving bulk MIB data.
- SNMP shows poor performance when retrieving
several thousands of MIB variables in a single logical
transaction.
Reasons:
– CPU overhead
– Bandwidth inefficiency due to OID naming
overhead
– High latency caused by a large number of
request/response interactions.

• Packet Sniffing on SNMPv1 and SNMPv2

Than
k
YOU