Professional Documents
Culture Documents
Chapter 5
SNMPv1:
Communication and Functional Models
Communication Model
SNMP MIB
Notes
5-3
Chapter 5
SNMP Architecture
SNMP Manager SNMP Agent
Trap
Set-Request
Set-Request
Get-Request
Get-Request
GetNext-Request
GetNext-Request
Trap
Get-Response
Get-Response
SNMP SNMP
UDP UDP
IP IP
DLC DLC
PHY PHY
Physical Medium
Notes
Truly simple network management protocol
Five messages, three from manager and two from agent
Data Transfer
Only non-aggregate objects are
communicated using SNMP
Notes
SNMP Messages
Get-Request
Get-Next-Request
Set-Request
Get-Response
Trap
Generic trap
Specific trap
Time stamp
Notes
Generic trap
coldStart
warmStart
linkDown
linkUp
authenticationfailure
egpNeighborLoss
enterpriseSpecific
Specific trap
for special measurements such as statistics
Time stamp: Time since last initialization
Administrative Model
Based on community profile and policy
SNMP Entities:
SNMP application entities
- Reside in management stations and network
elements
- Manager and agent
SNMP protocol entities
- Communication processes (PDU handlers)
- Peer processes that support application entities
Notes
SNMP Community
SNMP Manager SNMP Manager SNMP Manager
Authentic Messages
Authentication Scheme
SNMP Agent
Notes
Security in SNMPv1 is community-based
Authentication scheme in manager and agent
Community: Pairing of two application entities
Multiple pairs can belong to the same community
Community name: String of octets
Two applications in the same community
communicate with each other
Application could have multiple community names
Communication is not secured in SNMPv1 - no
encryption
Community Profile
SNMP Agent
READ- READ-
SNMP Access Mode
ONLY WRITE
Notes
MIB view
An agent is programmed to view only a subset
of managed objects of a network element
Access mode
Each community name is assigned an access
mode: read-only and read-write
Community profile= MIB view + Access mode
Operations on an object determined by community
profile and the access mode of the object
Total of four access privileges for objects
Some objects, such as table and table entry are
non-accessible
Administrative Model
Notes
Parameters:
Community / communities
Agent / Agents
Manager / managers
Administrative Model
Summary & Example
Access policy = Community + Community profile
Example:
SNMP community is public
SNMP access mode is READ-ONLY
MIB view is the system MIB sub-tree
SNMP community profile = (system, READ-
ONLY)
SNMP access policy = (public, (system,
READ-ONLY))
Notes
5-11
Chapter 5
Access Policy
Manager
Community
Community Profile 1
Agent 1
Community Profile 2 Agent 2
Notes
Manager manages Community 1 and 2 network
components via Agents 1 and 2
Agent 1 has only view of Community Profile 1,
e.g. Cisco components
Agent 2 has only view of Community Profile 2,
e.g. 3Com components
Manager has total view of both Cisco and 3Com
components
Community 1
Community Profile 1
Agent 1
Community Profile 2 Agent 2
Manager 3
(Community 1, Community 2)
Community 2
Community Profile 3
Agent 3
Community Profile 4 Agent 4
Manager 2
(Community 2)
Notes
Manager 1 manages community 1, manager 2
community 2, and manager 3 (MoM) both communities
SNMP
Proxy Agent
Agent
non-SNMP
SNMP Community
Community
Notes
Access policy can be extended to managing non-
SNMP community
Protocol Entities
SNMP Data
PDU
Application Application
Version Community SNMP PDU
PDU Header
Transport UDP
Application PDU
PDU Header
Network IP
Transport PDU
PDU Header
Data Link DLC
Network PDU
PDU Header
Notes
Protocol entities are peer processes, which implement SNMP
Protocol entities support application entities
Communication between remote peer processes
SNMP Message consists of
Version identifier
Community name
Protocol Data Unit
Message encapsulated and transmitted
In SNMPv1, it is mandatory to support all 5 PDUs
SNMP uses UDP port 161 for get & set, and UDP
port 162 for traps.
Message ::=
SEQUENCE {
version -- version-1 for this RFC
INTEGER {
version-1(0)
},
Notes
Notes
VarBindList: multiple instances of VarBind pairs
Error in Response
Notes
Trap PDU
PDU Agent Generic Specific VarBind 1 VarBind 1 VarBind n VarBind n
Enterprise Timestamp ..
Type Address Trap Type Trap Type name value name value
Notes
Enterprise and agent address pertain to the system
generating the trap
Seven generic traps specified by enumerated
INTEGER
enterpriseSpecific(6) trap signifies that an enterprise-
SNMP Operations
- GetRequest -
Notes
Requires seven get-request messages.
Same information could be obtained in one
message with multiple varbinds.
Requires knowledge of all elements to be
requested by name or OID.
A B T Z
Figure 5.12 MIB for Operation Sequences in Figures 5.13 and 5.15
Notes
For aggregate objects, we need to know the number of
rows and columns if we use GetRequest messages to get
all the instances of a table Use of GetNextRequest
Lexicographic Order
Numerical Order Lexicographic order
1 1
2 1118
3 115
9 126
15 15
22 2
34 22
115 250
126 2509
250 3
321 321
1118 34
2509 9
Notes
Procedure for ordering:
Start with leftmost digit as first position
Before increasing the order in the first position,
select the lowest digit in the second position
Continue the process till the lowest digit in
the last position is captured
Increase the order in the last position until all
the digits in the last position are captured
Move back to the last but one position and
repeat the process
Continue advancing to the first position until all
the numbers are ordered
Tree structure for the above process
A B T Z
Notes
A 3.1
B 3.2
T Z
E
1.1
1.2
2.1
2.2
1 2 3 9
1 2 2 10 4 21
5 18 6 9
Notes 1
1.1
1.1.5
1.1.18
1.2
1.2.6
2
2.2
2.10
2.10.9
3
3.4
3.21
9
SNMP Operations
- GetNextRequest -
Notes
Get-Next-Request Operation
A
GetRequest ( A )
Manager Agent
Process GetResponse ( A ) Process
GetNextRequest ( A ) B
GetResponse ( B )
GetNextRequest ( B )
GetResponse ( T.E.1.1 ) T
GetNextRequest (T.E.1.1 )
GetResponse ( T.E.1.2 )
GetNextRequest (T.E.1.2 ) E
GetResponse ( T.E.2.1 )
GetNextRequest (T.E.2.1 )
GetResponse ( T.E.2.2 ) T.E.1.1 T.E.2.1 T.E.3.1
GetNextRequest (T.E.2.2 )
GetResponse ( T.E.3.1 )
GetNextRequest (T.E.3.1 ) T.E.1.2 T.E.2.2 T.E.3.2
GetResponse ( T.E.3.2 )
GetNextRequest (T.E.3.2 )
GetResponse ( Z ) Z
GetNextRequest ( Z )
GetResponse ( noSuchName )
Notes
No need to know next OID
Table instances are retrieved without knowledge of
number of rows
Can be used to browse a MIB tree (e.g., MIB walk, MIB
browsers)
Get-Next-Request Operation
Manager Agent
Process Process
GetNextRequest (sysUpTime,
atPhysAddress)
GetNextRequest (sysUpTime,
atPhysAddress.13.172.16.46.1) atIfIndex atPhysAddress atNetAddress
23 0000000C3920B4 192.168.3.1
13 0000000C3920AC 172.16.46.1
16 0000000C3920AF 172.16.49.1
GetResponse( (sysUpTime.0 = "315131800"),
(atPhysAddress.16.172.16.49.1 = "0000000C3920AF") )
GetNextRequest (sysUpTime,
atPhysAddress.16.172.16.49.1)
GetNextRequest (sysUpTime,
atPhysAddress.23.192.168.3.1)
Notes
Use of basic GetNextRequest 10 Request
messages.
Varbind could be expanded and more values
about the same row could be obtained in one
request 4 Request messages.
Network Management: Principles and Practice 5-27
Mani Subramanian 2000
Chapter 5
Sniffer Data
14:03:36.788270 noc3.btc.gatech.edu.164 >
noc1.btc.gatech.edu.snmp:
Community = public
GetRequest(111)
Request ID = 4
system.sysDescr.0
system.sysObjectID.0
system.sysUpTime.0
system.sysContact.0
system.sysName.0
system.sysLocation.0
system.sysServices.0
SNMP MIB
snmp
(mib-2 11)
Note: Most of the MIB objects were not used and hence
deprecated in SNMPv2
Functional Model
No formal specifications of functions in SNMPv1 management.
Application functions limited to network management and not
to services provided.
Configuration management:
Some configuration functions are addressed in SNMP
protocol entity specifications.
Example: Set configurable parameters (requires write
access)
Fault management:
Addressed by error counters built into agents.
Traps used to monitor network elements and interfaces
going up and down.
Performance management:
Performance counters.
SNMP manager does the performance analysis.
Security management:
Some security/privacy-related issues addressed in SNMP
protocol entity specifications.
Security functions partially addressed by community
specifications and authentication scheme.
Accounting management:
Not addressed by SNMP model