Table of Contents
Overview of Basic SNMP Building Blocks
The Simple Network Management Protocol (SNMP) is an application-layer protocol that facilitates the exchange of management information between a network management system (NMS), agents, and managed devices. SNMP uses the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite.
There are three versions of SNMP:
- SNMP Version 1 (SNMPv1)—The initial implementation of the SNMP protocol, which is described in RFC 1157 (http://www.ietf.org/rfc/rfc1157).
- SNMP Version 2 (SNMPv2)—An improved version of SNMPv1 that includes additional protocol operations. For the SNMPv2 Structure of Management Information (SMI), see RFC 1902 (http://www.ietf.org/rfc/rfc1902).
- SNMP Version 3 (SNMPv3)—SNMPv3 has yet to be standardized.
The case study in this guide describes how to create a dial NMS environment. To successfully manage the environment, you must be familiar with the SNMP feature set. The following NMS applications use SNMP to help manage the network devices in the case study:
- UCD-SNMP
- Multi-Router Traffic Grapher (MRTG)
- HP OpenView (HPOV)
- Cisco Works 2000 Resource Manager Essentials (CW2000 RME)
An SNMP-managed network consists of three key components: managed devices, agents, and network management systems (NMS).
- Managed devices
- Contain an SNMP agent and reside on a managed network.
- Collect and store management information and make it available to NMS by using SNMP.
- Include routers, access servers, switches, bridges, hubs, hosts, or printers.
- Agent—A network-management software module, such as the Cisco IOS software, that resides in a managed device. An agent has local knowledge of management information and makes that information available by using SNMP.
- Network Management Systems (NMS)—Run applications that monitor and control managed devices. NMS provide resources required for network management. In the case study, the NMS applications are:
- UCD-SNMP
- MRTG
- HPOV
- CW2000 RME
Figure 1 illustrates the relationship between the managed devices, the agent, and the NMS.
Figure 1: An SNMP
-Managed Network
There are three basic SNMP message types:
- Get—NMS-initiated requests used by an NMS to monitor managed devices. The NMS examines different variables that are maintained by managed devices.
- Set—NMS-initiated commands used by an NMS to control managed devices. The NMS changes the values of variables stored within managed devices.
- Trap—Agent-initiated messages sent from a managed device, which reports events to the NMS.
- The Cisco IOS generates SNMP traps for many distinct network conditions. Through SNMP traps, the Network Operations Center (NOC) is notified of network events, such as:
- Link up/down changes
- Configuration changes
- Temperature thresholds
- CPU overloads
Figure 2: SNMP Event Interactions
Between the NMS and the Agent
A Management Information Base (MIB):
- Presents a collection of information that is organized hierarchically.
- Is accessed by using a network-management protocol, such as SNMP.
- References managed objects and object identifiers.
Managed object—A characteristic of a managed device. Managed objects reference one or more object instances (variables). Two types of managed objects exist:
- Scalar objects—Define a single object instance.
- Tabular objects—Define multiple-related object instances that are grouped together in MIB tables.
Object identifier (or object ID)—Identifies a managed object in the MIB hierarchy. The MIB hierarchy is depicted as a tree with a nameless root. The levels of the tree are assigned by different organizations and vendors.
Figure 3: The MIB Tree and It
s Various Hierarchies
As shown in Figure 3, top-level MIB object IDs belong to different standards organizations while low-level object IDs are allocated by associated organizations. Vendors define private branches that include managed objects for products. Non standard MIBs are typically in the experimental branch.
A managed object has these unique identities:
- The object name—For example, iso.identified-organization.dod.internet.private.enterprise.cisco. temporary variables.AppleTalk.atInput
- or
- The equivalent object descriptor—For example, 1.3.6.1.4.1.9.3.3.1.
SNMP must account for and adjust to incompatibilities between managed devices. Different computers use different data-representation techniques, which can compromise the ability of SNMP to exchange information between managed devices.
SNMPv1 is the initial implementation of the SNMP protocol and is described in RFC 1157 (http://www.ietf.org/rfc/rfc1157).
SNMPv1:
- Functions within the specifications of the Structure of Management Information (SMI).
- Operates over protocols such as User Datagram Protocol (UDP), Internet Protocol (IP), OSI Connectionless Network Service (CLNS), AppleTalk Datagram-Delivery Protocol (DDP), and Novell Internet Packet Exchange (IPX).
- Is the de facto network-management protocol in the Internet community.
The SMI defines the rules for describing management information by using Abstract Syntax Notation One (ASN.1). The SNMPv1 SMI is defined in RFC 1155 (http://www.ietf.org/rfc/rfc1155). The SMI makes three specifications:
- ASN.1 data types
- SMI-specific data types
- SNMP MIB tables
The SNMPv1 SMI specifies that all managed objects must have a subset of associated ASN.1 data types. Three ASN.1 data types are required:
- Name—Serves as the object identifier (object ID).
- Syntax—Defines the data type of the object (for example, integer or string). The SMI uses a subset of the ASN.1 syntax definitions.
- Encoding—Describes how information associated with a managed object is formatted as a series of data items for transmission over the network.
The SNMPv1 SMI specifies the use of many SMI-specific data types, which are divided into two categories:
- Simple data types—Including these three types:
- Integers—A signed integer in the range of -2,147,483,648 to 2,147,483,647.
- Octet strings—Ordered sequences of zero to 65,535 octets.
- Object IDs— Come from the set of all object identifiers allocated according to the rules specified in ASN.1.
- Application-wide data types—Including these seven types:
- Network addresses—Represent addresses from a protocol family. SNMPv1 supports only 32-bit IP addresses.
- Counters—Nonnegative integers that increase until they reach a maximum value; then, the integers return to zero. In SNMPv1, a 32-bit counter size is specified.
- Gauges—Nonnegative integers that can increase or decrease but retain the maximum value reached.
- Time ticks—A hundredth of a second since some event.
- Opaques—An arbitrary encoding that is used to pass arbitrary information strings that do not conform to the strict data typing used by the SMI.
- Integers—Signed integer-valued information. This data type redefines the integer data type, which has arbitrary precision in ASN.1 but bounded precision in the SMI.
- Unsigned integers—Unsigned integer-valued information that is useful when values are always nonnegative. This data type redefines the integer data type, which has arbitrary precision in ASN.1 but bounded precision in the SMI.
The SNMPv1 SMI defines structured tables that are used to group the instances of a tabular object (an object that contains multiple variables). Tables contain zero or more rows that are indexed to allow SNMP to retrieve or alter an entire row with a single Get, GetNext, or Set command.
SNMP is a simple request-response protocol. The NMS issues a request, and managed devices return responses. This behavior is implemented by using one of four protocol operations:
- Get—Used by the NMS to retrieve the value of one or more object instances from an agent. If the agent responding to the Get operation cannot provide values for all the object instances in a list, the agent does not provide any values.
- GetNext—Used by the NMS to retrieve the value of the next object instance in a table or list within an agent.
- Set—Used by the NMS to set the values of object instances within an agent.
- Trap—Used by agents to asynchronously inform the NMS of a significant event.
SNMPv2 is an improved version of SNMPv1. Originally, SNMPv2 was published as a set of proposed Internet standards in 1993; currently, it is a Draft Standard. As with SNMPv1, SNMPv2 functions within the specifications of the SMI. SNMPv2 offers many improvements to SNMPv1, including additional protocol operations.
The SMI defines the rules for describing management information by using ASN.1.
RFC 1902 (http://www.ietf.org/rfc/rfc1902) describes the SNMPv2 SMI and enhances the SNMPv1 SMI-specific data types by including:
- Bit strings—Comprise zero or more named bits that specify a value.
- Network addresses—Represent an address from a protocol family. SNMPv1 supports 32-bit IP addresses, but SNMPv2 can support other types of addresses too.
- Counters—Non-negative integers that increase until they reach a maximum value; then, the integers return to zero. In SNMPv1, a 32-bit counter size is specified. In SNMPv2, 32-bit and 64-bit counters are defined.
The SNMPv2 SMI specifies information modules, which include a group of related definitions. Three types of SMI information modules exist:
- MIB modules—Contain definitions of interrelated managed objects.
- Compliance statements—Provide a systematic way to describe a group of managed objects that must conform to a standard.
- Capability statements—Used to indicate the precise level of support that an agent claims with respect to a MIB group. An NMS can adjust its behavior towards agents according to the capability statements associated with each agent.
The Get, GetNext, and Set operations used in SNMPv1 are exactly the same as those used in SNMPv2. SNMPv2, however, adds and enhances protocol operations. The SNMPv2 trap operation, for example, serves the same function as the one used in SNMPv1. However, a different message format is used.
SNMPv2 also defines two new protocol operations:
- GetBulk—Used by the NMS to efficiently retrieve large blocks of data, such as multiple rows in a table. GetBulk fills a response message with as much of the requested data as fits.
- Inform—Allows one NMS to send trap information to another NMS and receive a response. If the agent responding to GetBulk operations cannot provide values for all the variables in a list, the agent provides partial results.
SNMP is a distributed-management protocol. A system can operate exclusively as an NMS or an agent, or a system can perform the functions of both.
When a system operates as both an NMS and an agent, another NMS can require the system to:
- Query managed devices and provide a summary of the information learned.
- Report locally stored management information.
SNMP lacks authentication capabilities, which results in a variety of security threats:
- Masquerading—An unauthorized entity attempting to perform management operations by assuming the identity of an authorized management entity.
- Modification of information—An unauthorized entity attempting to alter a message generated by an authorized entity, so the message results in unauthorized accounting management or configuration management operations.
- Message sequence and timing modifications—Occurs when an unauthorized entity reorders, delays, or copies and later replays a message generated by an authorized entity.
- Disclosure—Results when an unauthorized entity extracts values stored in managed objects. The entity can also learn of notifiable events by monitoring exchanges between managers and agents.
 |
Note Because SNMP does not implement authentication, many vendors do not implement Set operations, which reduce SNMP to a monitoring facility. |
Posted: Fri Sep 29 08:30:29 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.
