Chapter 5

Chapter 5
SNMPv1:
Communication and Functional Models

Network Management: Principles and Practice 5-1

Mani Subramanian 2000
 Chapter 5

Communication Model

SNMP Architecture: management messages

Administrative Model: community-based

SNMP Protocol Specifications

SNMP MIB

Notes

Network Management: Principles and Practice 5-2

Mani Subramanian 2000
 Chapter 5

Three Goals of the Architecture

[RFC 1157]
The SNMP explicitly minimizes the number and
complexity of management functions realized by
the management agent itself. This goal is attractive
in at least four respects:
(1) Development cost for agent software is reduced.
(2) & (3) Degree of management function that is
remotely supported is increased, thereby:
- admitting fullest use of internet resources in the
management task.
- imposing the fewest possible restrictions on the
form and sophistication of management tools.
(4) Simplified sets of management functions are
easily understood and used by developers of
network management tools.
The functional paradigm for monitoring and control
must be sufficiently extensible to accommodate
additional, possibly unanticipated aspects of
network operation and management.
The architecture must be, as much as possible,
independent of the architecture and mechanisms of
particular hosts or particular gateways.

5-3
 Chapter 5

SNMP Architecture
SNMP Manager SNMP Agent

Manage- SNMP Manager SNMP Agent

ment Application Application
Data

Trap
Set-Request

Set-Request
Get-Request

Get-Request
GetNext-Request

GetNext-Request

Trap
Get-Response

Get-Response
SNMP SNMP

UDP UDP

IP IP

DLC DLC

PHY PHY

Physical Medium

Figure 4.9 SNMP Network Management Architecture

Notes
Truly simple network management protocol
Five messages, three from manager and two from agent

Network Management: Principles and Practice 5-4

Mani Subramanian 2000
 Chapter 5

Data Transfer
Only non-aggregate objects are
communicated using SNMP

Aggregate objects are communicated as

instances of objects.

This was enhanced in SNMPv2

ASN.1 and BER are used for data transfer

in SNMP

Notes

Network Management: Principles and Practice 5-5

Mani Subramanian 2000
 Chapter 5

SNMP Messages
Get-Request
Get-Next-Request
Set-Request
Get-Response
Trap
Generic trap
Specific trap
Time stamp

Notes
Generic trap
coldStart
warmStart
linkDown
linkUp
authenticationfailure
egpNeighborLoss
enterpriseSpecific
Specific trap
for special measurements such as statistics
Time stamp: Time since last initialization

Network Management: Principles and Practice 5-6

Mani Subramanian 2000
 Chapter 5

Administrative Model
Based on community profile and policy
SNMP Entities:
SNMP application entities
- Reside in management stations and network
elements
- Manager and agent
SNMP protocol entities
- Communication processes (PDU handlers)
- Peer processes that support application entities

Notes

Network Management: Principles and Practice 5-7

Mani Subramanian 2000
 Chapter 5

SNMP Community
SNMP Manager SNMP Manager SNMP Manager

Authentication Scheme Authentication Scheme Authentication Scheme

Authentic Messages

Authentication Scheme

SNMP Agent

Figure 5.1 SNMP Community

Notes
Security in SNMPv1 is community-based
Authentication scheme in manager and agent
Community: Pairing of two application entities
Multiple pairs can belong to the same community
Community name: String of octets
Two applications in the same community
communicate with each other
Application could have multiple community names
Communication is not secured in SNMPv1 - no
encryption

Network Management: Principles and Practice 5-8

Mani Subramanian 2000
 Chapter 5

Community Profile
SNMP Agent

READ- READ-
SNMP Access Mode
ONLY WRITE

not-accessible read-only write-only read-write MIB Access

Object 1 Object 2 Object 3 Object 4

SNMP MIB View

Figure 5.2 SNMP Community Profile

Notes
MIB view
An agent is programmed to view only a subset
of managed objects of a network element
Access mode
Each community name is assigned an access
mode: read-only and read-write
Community profile= MIB view + Access mode
Operations on an object determined by community
profile and the access mode of the object
Total of four access privileges for objects
Some objects, such as table and table entry are
non-accessible

Network Management: Principles and Practice 5-9

Mani Subramanian 2000
 Chapter 5

Administrative Model

Administrative model is SNMP access policy

SNMP community paired with SNMP

community profile is SNMP access policy

Notes
Parameters:
Community / communities
Agent / Agents
Manager / managers

Network Management: Principles and Practice 5-10

Mani Subramanian 2000
 Chapter 5

Administrative Model
Summary & Example
Access policy = Community + Community profile

Community profile = Access mode + MIB view

Example:
SNMP community is public
SNMP access mode is READ-ONLY
MIB view is the system MIB sub-tree
SNMP community profile = (system, READ-
ONLY)
SNMP access policy = (public, (system,
READ-ONLY))

The sysLocation MIB object has read-write access.

With this SNMP access policy, the manager can only

get information from the sysLocation object, and can
not set it.

Notes

5-11
 Chapter 5

Access Policy

Manager

Community

Community Profile 1
Agent 1
Community Profile 2 Agent 2

Notes
Manager manages Community 1 and 2 network
components via Agents 1 and 2
Agent 1 has only view of Community Profile 1,
e.g. Cisco components
Agent 2 has only view of Community Profile 2,
e.g. 3Com components
Manager has total view of both Cisco and 3Com
components

Network Management: Principles and Practice 5-12

Mani Subramanian 2000
 Chapter 5

Generalized Administration Model

Manager 1
(Community 1)

Community 1

Community Profile 1
Agent 1
Community Profile 2 Agent 2

Manager 3
(Community 1, Community 2)

Community 2

Community Profile 3
Agent 3
Community Profile 4 Agent 4

Manager 2
(Community 2)

Figure 5.3 SNMP Access Policy

Notes
Manager 1 manages community 1, manager 2
community 2, and manager 3 (MoM) both communities

1 and 2 Network Management: Principles and Practice 5-13

Mani Subramanian 2000
 Chapter 5

Proxy Access Policy

SNMP Manager
(Community 1)

SNMP
Proxy Agent
Agent

non-SNMP
SNMP Community
Community

Figure 5.4 SNMP Proxy Access Policy

Notes
Access policy can be extended to managing non-
SNMP community

Proxy agent enables non-SNMP community

elements to be managed by an SNMP manager.

Proxy agent monitors non-SNMP community, and

converts objects and data to SNMP compatible
objects.

An SNMP MIB is created to handle the non-SNMP

objects
Network Management: Principles and Practice 5-14
Mani Subramanian 2000
 Chapter 5

Protocol Entities
SNMP Data
PDU
Application Application
Version Community SNMP PDU
PDU Header
Transport UDP
Application PDU
PDU Header
Network IP
Transport PDU
PDU Header
Data Link DLC
Network PDU
PDU Header

Figure 5.5 Encapsulated SNMP Message

Notes
Protocol entities are peer processes, which implement SNMP
Protocol entities support application entities
Communication between remote peer processes
SNMP Message consists of
Version identifier
Community name
Protocol Data Unit
Message encapsulated and transmitted
In SNMPv1, it is mandatory to support all 5 PDUs
SNMP uses UDP port 161 for get & set, and UDP
port 162 for traps.

Network Management: Principles and Practice 5-15

Mani Subramanian 2000
 Chapter 5

Top-level SNMP Message

[RFC 1157]

Message ::=
SEQUENCE {
version -- version-1 for this RFC
INTEGER {
version-1(0)
},

community -- community name

OCTET STRING,

data -- e.g., PDUs if trivial

ANY -- authentication is being used
}

Notes

Network Management: Principles and Practice 5-16

Mani Subramanian 2000
 Chapter 5

Get and Set PDU

PDU Error Error VarBind 1 VarBind 1 VarBind n VarBind n
RequestID ..
Type Status Index name value name value

Figure 5.8 Get and Set Type PDUs

Notes
VarBindList: multiple instances of VarBind pairs

PDU Types: Application data types

GetRequest-PDU ::= [0] IMPLICIT PDU

GetNextRequest-PDU ::= [1] IMPLICIT PDU
GetResponse-PDU ::= [2] IMPLICIT PDU
SetRequest-PDU ::= [3] IMPLICIT PDU
Trap-PDU ::= [4] IMPLICIT SEQUENCE {}
PDU ::= SEQUENCE {
request-id INTEGER,
}

Network Management: Principles and Practice 5-17

Mani Subramanian 2000
 Chapter 5

Error in Response

Error Index: No. of VarBind where the first error

occurred

Notes

Network Management: Principles and Practice 5-18

Mani Subramanian 2000
 Chapter 5

Trap PDU
PDU Agent Generic Specific VarBind 1 VarBind 1 VarBind n VarBind n
Enterprise Timestamp ..
Type Address Trap Type Trap Type name value name value

Generic Trap Type Description (brief)

coldStart(0) Sending protocol entity is reinitializing itself;
agent's configuration or protocol entity
implementation may be altered
warmStart(1) Sending protocol entity is reinitializing itself;
agent configuration or protocol entity
implementation not altered
linkDown(2) Failure of one of the communication links
linkUp(3) One of the links has come up
authenticationFailure(4) Authentication failure
egpNeighborLoss(5) Loss of EGP neighbor
enterpriseSpecific(6) Enterprise-specific trap

Notes
Enterprise and agent address pertain to the system
generating the trap
Seven generic traps specified by enumerated
INTEGER
enterpriseSpecific(6) trap signifies that an enterprise-

specific event has occurred. The specific-trap field

identifies the particular trap which occurred
Timestamp indicates elapsed time since last re-
initialization

Network Management: Principles and Practice 5-19

Mani Subramanian 2000
 Chapter 5

SNMP Operations
- GetRequest -

Notes
Requires seven get-request messages.
Same information could be obtained in one
message with multiple varbinds.
Requires knowledge of all elements to be
requested by name or OID.

Network Management: Principles and Practice 5-20

Mani Subramanian 2000
 Chapter 5

MIB for Get-Next-Request

A B T Z

1.1 2.1 3.1

1.2 2.2 3.2

Figure 5.12 MIB for Operation Sequences in Figures 5.13 and 5.15

Notes
For aggregate objects, we need to know the number of
rows and columns if we use GetRequest messages to get
all the instances of a table Use of GetNextRequest

Network Management: Principles and Practice 5-21

Mani Subramanian 2000
 Chapter 5

Lexicographic Order
Numerical Order Lexicographic order
1 1
2 1118
3 115
9 126
15 15
22 2
34 22
115 250
126 2509
250 3
321 321
1118 34
2509 9

Notes
Procedure for ordering:
Start with leftmost digit as first position
Before increasing the order in the first position,
select the lowest digit in the second position
Continue the process till the lowest digit in
the last position is captured
Increase the order in the last position until all
the digits in the last position are captured
Move back to the last but one position and
repeat the process
Continue advancing to the first position until all
the numbers are ordered
Tree structure for the above process

Network Management: Principles and Practice 5-22

Mani Subramanian 2000
 Chapter 5

MIB Lexicographic Order

A B T Z

1.1 2.1 3.1

1.2 2.2 3.2

Notes
A 3.1
B 3.2
T Z
E
1.1
1.2
2.1
2.2

Network Management: Principles and Practice 5-23

Mani Subramanian 2000
 Chapter 5

A More Complex MIB Example

1 2 3 9

1 2 2 10 4 21

5 18 6 9

Figure 5.14 MIB Example for Lexicographic Ordering

Notes 1
1.1
1.1.5
1.1.18
1.2
1.2.6
2
2.2
2.10
2.10.9
3
3.4
3.21
9

Network Management: Principles and Practice 5-24

Mani Subramanian 2000
 Chapter 5

SNMP Operations
- GetNextRequest -

Notes

Network Management: Principles and Practice 5-25

Mani Subramanian 2000
 Chapter 5

Get-Next-Request Operation
A
GetRequest ( A )
Manager Agent
Process GetResponse ( A ) Process
GetNextRequest ( A ) B
GetResponse ( B )
GetNextRequest ( B )
GetResponse ( T.E.1.1 ) T
GetNextRequest (T.E.1.1 )
GetResponse ( T.E.1.2 )
GetNextRequest (T.E.1.2 ) E
GetResponse ( T.E.2.1 )
GetNextRequest (T.E.2.1 )
GetResponse ( T.E.2.2 ) T.E.1.1 T.E.2.1 T.E.3.1
GetNextRequest (T.E.2.2 )
GetResponse ( T.E.3.1 )
GetNextRequest (T.E.3.1 ) T.E.1.2 T.E.2.2 T.E.3.2
GetResponse ( T.E.3.2 )
GetNextRequest (T.E.3.2 )
GetResponse ( Z ) Z
GetNextRequest ( Z )
GetResponse ( noSuchName )

Figure 5.15 Get-Next-Request Operation for MIB in Figure 5.12

Notes
No need to know next OID
Table instances are retrieved without knowledge of
number of rows
Can be used to browse a MIB tree (e.g., MIB walk, MIB
browsers)

Network Management: Principles and Practice 5-26

Mani Subramanian 2000
 Chapter 5

Get-Next-Request Operation
Manager Agent
Process Process
GetNextRequest (sysUpTime,
atPhysAddress)

GetResponse( (sysUpTime.0 = "315131795"),

(atPhysAddress.13.172.16.46.1 = "0000000C3920AC"))

GetNextRequest (sysUpTime,
atPhysAddress.13.172.16.46.1) atIfIndex atPhysAddress atNetAddress
23 0000000C3920B4 192.168.3.1
13 0000000C3920AC 172.16.46.1
16 0000000C3920AF 172.16.49.1
GetResponse( (sysUpTime.0 = "315131800"),
(atPhysAddress.16.172.16.49.1 = "0000000C3920AF") )

GetNextRequest (sysUpTime,
atPhysAddress.16.172.16.49.1)

GetResponse( (sysUpTime.0 = "315131805"),

(atPhysAddress.23.192.168.3.1 = "0000000C3920B4") )

GetNextRequest (sysUpTime,
atPhysAddress.23.192.168.3.1)

GetResponse( (sysUpTime.0 = "315131810"),

(ipForwarding.0 = "1") )

Figure 5.16 GetNextRequest Example with Indices

Notes
Use of basic GetNextRequest 10 Request
messages.
Varbind could be expanded and more values
about the same row could be obtained in one
request 4 Request messages.
Network Management: Principles and Practice 5-27
Mani Subramanian 2000
 Chapter 5

Sniffer Data
14:03:36.788270 noc3.btc.gatech.edu.164 >
noc1.btc.gatech.edu.snmp:
Community = public
GetRequest(111)
Request ID = 4
system.sysDescr.0
system.sysObjectID.0
system.sysUpTime.0
system.sysContact.0
system.sysName.0
system.sysLocation.0
system.sysServices.0

Figure 5.17(a) Get-Request Message from Manager-to-Agent

14:03:36.798269 noc1.btc.gatech.edu.snmp >

noc3.btc.gatech.edu.164:
Community = public
GetResponse(196)
Request ID = 4
system.sysDescr.0 = "SunOS noc1 5.5.1 Generic_103640-08
sun4u"
system.sysObjectID.0 = E:hp.2.3.10.1.2
system.sysUpTime.0 = 247396453
system.sysContact.0 = "Brandon Rhodes"
system.sysName.0 = "noc1"
system.sysLocation.0 = "BTC NM Lab"
system.sysServices.0 = 72

Figure 5.17(b) Get-Response Message from Agent-to-

Manager (After)
Network Management: Principles and Practice 5-28
Mani Subramanian 2000
 Chapter 5

SNMP MIB

snmp
(mib-2 11)

snmpInPkts(1) snmpEnableAuthenTraps (30)

snmpOutPkts (2) snmpOutTraps (29)
snmpInBadVersions (3) snmpOutGetResponses (28)
snmpInCommunityNames (4) snmpOutSetRequests (27)
snmpInBadCommunityUses (5) snmpOutGetNexts (26)
snmpInASNParseErrors (6) snmpOutGetRequests (25)
-- not used (7) snmpOutGenErrs (24)
snmpInTooBigs (8) -- not used (23)
snmpInNoSuchNames (9) snmpOutBadValues (22)
snmpInBadValues (10) snmpOutNoSuchNames (21)
snmpInReadOnlys (11) snmpOutTooBigs (20)
snmpInGenErrs (12) snmpInTraps (19)
snmpInGetResponses
snmpInTotalReqVars (13)
(18)
snmpInTotalSetVars (14) snmpInSetRequests (17)
snmpInGetRequests (15) snmpInGetNexts (16)

Figure 5.21 SNMP Group

Note: Most of the MIB objects were not used and hence
deprecated in SNMPv2

Network Management: Principles and Practice 5-29

Mani Subramanian 2000
 Chapter 5

Functional Model
No formal specifications of functions in SNMPv1 management.
Application functions limited to network management and not
to services provided.
Configuration management:
Some configuration functions are addressed in SNMP
protocol entity specifications.
Example: Set configurable parameters (requires write
access)
Fault management:
Addressed by error counters built into agents.
Traps used to monitor network elements and interfaces
going up and down.
Performance management:
Performance counters.
SNMP manager does the performance analysis.
Security management:
Some security/privacy-related issues addressed in SNMP
protocol entity specifications.
Security functions partially addressed by community
specifications and authentication scheme.
Accounting management:
Not addressed by SNMP model

Network Management: Principles and Practice 5-30

Mani Subramanian 2000