Abstract

Network management is done by Network Managers who estimate the network capacity, account the
specific usage and provide security to clients. Timely the network grew from small segments to large
and complicated so, managers were provided with Simple Network Management Protocol (SNMP),
Management Information Base (MIBs) and Network Management System (NMS) and later RMON
was provided to monitor the network remotely by the help of probes which stored the network status
and traffics. Below I have discussed about SNMP and its versions, MIBs for an Ethernet Switch
interface is proved and have told how MIB objects are used to support the five core tasks of the
Network management. At last I have taken an example of medium sized enterprise network of a
company and have showed the network design for that company and conclude with critically
analysing the features, my views for that design and controversy for the design implementation. [Ref
1]

1. Introduction

In early days Network Management meant of only connecting PC’s, workstations and servers to LAN
using Network Interface Cards, installing and maintaining computers by configuring the Operating
systems. As the network grew it was divided to different segments and were connected through new
devices called Router, switches etc. To connect remote places Wide Area Network interfaces was
required to install and configure software. This is the management that takes place during initial
stages, later estimating the network capacity, accounting the specific usage and providing security. As
network became large and complicated, workload of the managers grew huge, so to exchange the
management information between the network devices and help network administrators to maintain
the network performance easily, find and solve network problems and to plan for network growth
there is specific protocol needed; all these functions can be done using SNMP (Simple Network
Management Protocol). It is used in the application layer of the TCP/IP model. Below I have
explained the SNMP and its functions and different versions like version1, version2, version3 and its
advantages on different versions. MIB for Ethernet interface is discussed with relating to 5 core tasks
of network management. A NMS for organization is designed and is discussed in detail. [Ref1] [Ref2]
2. Simple Network Management Protocol (SNMP)

SNMP
SNMP

Figure1: SNMP Managed network [Ref 2]

Managed Devices are the all physical devices that are connected to network.
Agent collects, manages and stores the network information in the devices.
NMS monitors and controls network elements. [Ref 2] [Ref 3]

Management Information Base (MIB): It is collection of information that is organized

hierarchically like an unnamed root, single data items become the nodes of the tree. It is accessed by
the SNMP protocol by Object Identifiers. It is detailed discussed in the third section.

Structure of Management Information (SMI): It tells that every managed object should have
syntax, name and encoding. Syntax is nothing but objects data type, name is the object ID, encoding
describes how the managed information is formatted as series of objects for transmission in the
network

2.1 SNMPv1 versus SNMPv2

Application Data type of SNMP has counter which has 32bit in SNMPv1 and 64bit in SNMPv2, it
was increased in SNMPv2 because the throughput of 100mb has become commonly over the network.

SNMPv1 Commands:
Get-Request (0) requests value or set of values from Agent MIB. Get-Response (2) it sends requested
value to NMS.Get-Next-Request (1): It allows the access of next object instance or list of objects in
the MIB tree.
Set: It allows NMS to set values to Object instance it is done by using Set-Request (3) command.
Trap (4): it is message from agent to NMS about an event occurred that needs network manager, it is
given by alarms. Unique numbers in parenthesis is the code for PDU.

Figure 2: PDU format of trap command. [Ref 2]

SNMPv2 commands:
All the commands present in the SNMPv1 are present in SNMPv2 and SNMP has an extra command
in it, that’s Get-Bulk-Request which is used get large amount of related information without repeated
operations of GetNextRequest. It has a inform command which is used to send the trap messages to
another. [Ref 2] improved error handling error index and status are supplied with many different
meaningful values, which makes manager to understand when trap occurs and exceptions are
introduced.
SNMPv1 Packet
Figure 3: SNMPv1 message format. [Ref 3]
SNMPv1 and SNMPv2 message consists of three fields which describe Version gives the SNMP
version being used if ‘0’ then SNMPv1, community string is for authentication like a password which
is not encrypted so no security, it is used between the NMSs environment. Protocol data unit consists
of the different fields as in blow box of figure2 PDU differs in both protocols.
SNMPv1 has different PDU format , PDU type field specifies the type transmitted, Request ID gives
requests and responses different NMSs. Error Status is the field which specifies whether message is
received correctly or not to NMS, integers like ‘0’ for no Error, ‘1’- too big, ‘2’- noSuch Name, ‘3’-
bad Value, ‘4’ – read Only, ‘5’ – genErr. Error Index gives the variable value that caused the error.
Variable bindings has 2 fields id and value, id gives the path of object identifier defined in SMI.
Value field contains value of variables like integer, octet.

Figure 4: SNMPv2 PDU format for GetBulkRequest [Ref 3]

SNMPv2 PDU format differs from SNMPv1 in only two fields that Error status is replaced by non-
repeaters (specifies the number of identical values to retrieved) and Error index by max-repetitions
(number of values to be accessed) It is done only in GetBulkRequest all other commands follow
SNMPv1 packet format.
Context: this field was added to SNMPv2 format as it was used to access many specified objects at a
time. In SNMPv1 it was done by overloading the community string.
SNMPv2 was introduced by manager to manager communication to implement distributed
management.
Security: In SNMPv1 there is no security as only community string in packet was used for security.
In SNMPv2 used primary security protocols one for authentication and one for privacy. SNMPv2
security was party principal, it was not appeal by the SNMPv2 working group as implementation was
difficult and many changes had to bring in MIBs, and NMSs.
SMI of the SNMPv2 also had two new branches security and SNMPv2. SNMPv2 underwent many
extensions and different versions like SNMPv2c, SNMPv2u and SNMPv2* whish didn’t contain
parties principle. SNMPv2u and SNMPv2* introduced User-Based Security Model which is now used
in SNMPv3.

2.2 SNMPv3
As SNMP evolved over the different versions and a new architecture was released that would support
any versions of SNMP other security systems and access control systems. Framework is a SNMP
entity that contains SNMP Engine and Applications, SNMP engine sends and receives messages and
dispatches PDU to applications. Security and Access control subsystems are included in it.
Applications contain different entities as shown in the figure below; each entity has a specified role
for it like accepting and sending request, traps, and to forward traps to different destinations.

SNMP Entity
SNMP Engine
Message Security Access
Dispatcher Processing Subsystem Control
System System

Applications
Command generator Notification Receiver Proxy Forwarder

Command Notification Originator Other

Responder

Figure 5: SNMPv3 framework architecture [Ref1]

SNMPv3 differ in message format as below, names of the fields describe the values it stores.

msg version msg id msgmaxsize Msg flags securitymodel Security Engine ID Context PDU
parameters name
meters
Auth Eng Auth eng Auth eng User name Authenticati Privacy
ID boots time on parameters
Parameters
Figure 6: SNMPv3 message format [Ref 1]

Security
SNMPv3 uses User-based Security model (USM) and Access control model. USM uses
authentication pass phrase and privacy pass phrase. It is implemented by configuring five tables’
vacmContextTable, vacmSecurityToGroupTable, vacmAccessTable, vacmViewTreeFamilyTable,
usmUserTable. [Ref1]

Still now the features and differences of SNMP and its versions were discussed. Now let’s see what
are its advantages and disadvantages.
Advantages:
1. It supports integrated network management in heterogeneous environments.
2. It has a wide array of management features.
3. Security is provided highly in SNMPv3.
4. SNMPv1 can transport upon UDP and SNMPv2 can transport upon UDP, CLNS, DDP, and
IPX. So it specifies that it can support wide range of transport protocols.
5. Many versions were released but all were interoperable to each other so easily the different
versions can be installed.
6. SNMPv2c provides better security by USM and is implemented in some networks.
7. SNMPv3 framework is done to communicate with all type of versions and all types messages
can be accessed easily.
8. SNMPv3 protocol is a standard and powerful protocol which can implement any NMS.

Disadvantages:
1. SNMPv1 and SNMPv2 don’t have proper security.
2. SNMPv1 supports only UDP transport, so difficult to use in diverse networks.
3. SNMPv2 had party or manager to manager principle which was not able prove itself to SNMP
working people, so it became a failure.
4. Many versions like SNMPv2c, SNMPv2u and SNMPv2* without party principle were
released but only certain features of it were good but didn’t get recognised.
5. As though SNMPv3 is released with all perfect and standard features, is has become difficult
to get implemented as, companies are waiting each other manufacturers to implement it.

3. MIB for Ethernet Interface.

I have considered an Ethernet switch as the network device that is installed in the network and will
discuss specifically about managed objects of the Ethernet Interface and will tell about its usefulness
in Fault, Configuration, Performance and Accounting tasks of the Network Management. [Ref5]
MIB objects that I am going to discuss are useful to all Ethernet Interfaces still 10 Gigabit/ S (Gb/s).
Managed objects of MIB are accessed via SNMP protocol, objects here discussed are according to the
Structure of Management Information version 2 (SMIv2). At present Ethernet medias are recognized
by the ethernetCsmacd(6) of the IfType object MIB interface. All objects here discussed are taking
into consideration of this type. Below I include a phrase as ‘five core management tasks’ they are
Fault tolerance, Configuration, accounting, performance and Security management. [Ref5]

ifIndex is used to locate the particular interface in number of interfaces, the value recognised by
dot3StatsIndex is interface value. It allows as checking status of the particular interface, so useful in
fault tolerance, we can start and stop particular interface so useful in configuration management,
useful to accounting and performance checking of particular interface. [Ref5] [Ref7]

ifDescr gives the description of the interface, like manufacturer, version of the hardware/software, so
allows us to check the details so useful for fault tolerance, and we can configure network device
according to the details helps in Configuration. Allows us to check details so can charged according to
it so helps in Accounting. [Ref5] [Ref6]
ifType This allows us to check the type of interface, here the type should be every time
ethernetCsmacd(6). So Fault tolerance can be looked after as we know the type of interface,
configuration management according to the type can be done. [Ref5] [Ref6]

ifMtu gives the maximum size of the packet in octets that can be sent through the interface, here it is
standard 1500 octets, but larger can be sent. It is useful in fault tolerance to know the max size that
can be sent and in performance management to know throughput by size and accounting to check the
size sent.

ifSpeed reflects the speed of the interface used, it is from 1 to 1000 Mb/s, so useful in performance
and accounting by checking the maximum throughput and seeing how much speed they are allocated
with.

ifPhysAddress it gives the MAC address of the interface system, so useful to locate the address to
perform any all five core management tasks.

ifAdminStatus it can be in 3 states up, down, testing(not required here), it is there to control the
passing of packets through network by admin, as useful in fault tolerance and security management as
it can start or stop passing packets to unknown address or intruder.

ifOperStatus it has up(1),down(2),testing(3),unknown(4),dormant(5), notPresent(6),lowerLayerDown(7) states

where dormant and testing is not required. So it is related to ifAdminStatus useful in fault tolerance
and security management as it can start or stop passing packets to unknown address or intruder.
Performance can be looked after from these states. [Ref7] [Ref6]

ifLastChange It allows accessing the sysUpTime when the time the system entered the system
entered the operational state. As time ticks of the system operational so useful in fault tolerance,
Accounting can done by knowing the up time of the system, security management can be done as
value will zero if it has entered operational state before reintiallization of the network. [Ref8]

ifInOctets ( Gives number of octets received on the MAC frames in this interface), ifOutOctets(shows
number of all octets transmitted on interface) so useful in fault tolerance as , we know the data
received or transmitted on MAC frames so throughput can calculated so useful for performance and
fault tolerance. [Ref6]

ifInUcastPkts, ifInMulticastPkts and ifInBroadcastPkts count only the number of inbound packets
passed to a higher layer, and ifOutMulticastPkts, ifOutBroadcastPkts, and ifOutUcastPkts gives only
number of packets transmitted that was requested by Higher level protocols with multicast, broadcast
address in sub layer. Values change in this objects then NMS will be reinitialized. It supports fault
tolerance by transmitting packets to specified address and performance by reinitialization of NMS.
Security by sending packets specified address. Accounting as number of packets sent is known.
[Ref7] [Ref8]

ifInDiscards(selected inbound packets are discarded for buffer space), ifInErrors(inbound packets
with errors are not sent to higher level), ifInUnknownProtos(if packets received on interface is
unknown it is discarded), ifOutDiscards(selected outbound packets are discarded for buffer
space),ifOutErrors (outbound packets with errors will not be transmitted) all five discard packets for
different useful purpose it gives fault tolerance, Security as errors, unknown packets are discarded.
Performance is done by discarding packets for buffer space and reinitialization of NMS for counter
change. [Ref5] [Ref6]

ifName it gives textual name of the interface, like ‘console’, ‘lan0’, useful all five core tasks as the
name is required in all tasks to recognise the destination.

ifHighSpeed its gives the current speed of the interface in millions of bits per second, if the speed is
more than 1000 Mb/s, it will show the value. As useful in fault tolerance as by checking the line speed
we can provide proper facility required, performance and accounting as we know the throughput.

ifHCInOctets, ifHCOutOctets it is 64-bit versions of counters is for Ethernets with operating speed of
20 Mb/s. Gives High speed inbound and outbound packets transferred so useful in fault tolerance as
all configuration for high speed transfer can done. Performance and Accounting can be done as we
know number of packets transmitted.

ifHCInUcastPkts, ifHCInMulticastPkts, ifHCInBroadcastPkt, ifHCOutUcastPkts

ifHCOutMulticastPkts, ifHCOutBroadcastPkts it is 64-bit version of packet counters. Used for
Ethernet interfaces with 640Mb/s. It helps in all five core tasks as discussed above in normal speed
objects.

ifLinkUpDownTrapEnable allows as checking whether link is up or down, as useful in fault tolerance

as link can be made down when threats occur, and performance as to check how much time link was
up and down. configuration as we can configure default up. Security as we can make link down if
unknown user is attempting to connect.
ifRcvAddressAddress, ifRcvAddressStatus, ifRcvAddressType all gives multicast, broadcast and
unicast address and its status and type so useful in fault tolerance as we know address specifies
specific destination without error, configuration according to the required configuration is done using
address and security can be managed by knowing the destination address to transfer packets, by
knowing status performance can be calculated.

4. NMS for Medium Sized Organization Enterprise.

It is a network diagram of the Business Administration organization which has financial, Management
and Marketing departments. All devices are connected through LAN; it has 3 subnets with 3ethernet
switches connected each with 20 workstations, printer, and server and RMON probe. It has
100BASET Ethernet connectivity. All these switches contains SNMP agent, these switches are
connected to the router through 1000BaseT Ethernet and NMS is connected to router and accounting
server. As it’s a business organization it doesn’t use lot complicated applications but uses soft wares
like Tally for accounting, internet of 50Mb/s and other devices so bandwidth capacity is 100 Mb/s and
1000Mb/s as Teleconferencing can happen.[Ref 1]
In this network throughput allowed in subnets is 100Mb/s and Percentage utilization calculated from
the history and simulations is 40Mb/s and maximum times at year ends it is 60Mb/s so performance
in task is supported and Thresholds notifications are set such that if reached it will notify to manager.
Fault management is detecting faults and correcting it on the network without knowing to user, cable
tester can be installed to check the connectivity and can be obtained from black box and alarms are
configured at critical thresholds. . [Ref 1]
NMS is provided with DHCP protocol to configure network devices and network.
Security is provided highly as business transactions occur here. Network intrusion detectors are
installed, firewalls are installed, and authentication, encryption policies are provided. Here SNMPv3
is used for security. . [Ref 1]
Accounting server is separate as it is billed for the internet as used and so, usage can be gathered from
probes and using accounting tools in accounting server bill can produced.
Network management interface used here is EnterPol, I am using this as it is a SNMPv3 enabled
NMS. Here SNMPv3 is used as there is a requirement of high security in network. SNMPv3 is used to
communicate NMS with RMON probe in all five core tasks, in performance for simulations, SNMPv3
pools are used to check the connection, it receives alarms and sends to NMS. In configuration it is
used for determining and storing configuration. [Ref 1]
I have configured network in centralised manner as it’s a medium size network and only 60 systems
totally and less number of devices should be maintained and mainly to cost effective for organization.
Here RMON probes collects all network information and stores it through remote monitoring protocol
and SNMPv3 is used to communicate with NMS to RMON and all core tasks are organised.
Now the controversy is as I have implemented centralised the network for being cost effective, it has
the rare chance of losing the connectivity with one subnet, then its difficult. [Ref 1]
5. Conclusion
The paper discusses about 3 important matters that are SNMP and its versions, MIB for Ethernet
interface, and NMS for medium sized network. SNMP is a standard protocol used for NMS and other
purposes and as many devices are which already using version one, two should try to install version 3
according to their use in network as version threes architecture, commands security is excellent and it
is useful for the managers to manage and to provide reliability to network. MIB for Ethernet interface
is being getting upgraded day by day many RFC’s are being are released and it’s useful for the
manager to check the managed object value and manage the network according to it. The NMS
designed for organization is perfect for present and future enhancement leaving if the connectivity
doesn’t get lost between subnet and NMS, SNMP and RMON helps in transferring messages and
capturing messages required for Network Management.

6. References

[1.] J. Richard Burke (2004) “Network Management Concepts and practice: A Hands-on Approach”.
ISBN 0-13-032950-9.

[2] “Internetworking Technologies Handbook”. 1-58705-001-3. Chapter 56. Handbook from Cisco,
website accessed on 20th October 2006, Available at
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/snmp.pdf.

[3] “Simple Network Management Protocol”, Copyright 1996 © Cisco Systems Inc. website accessed on 20th
October 2006, Available at http://www.cisco.com/warp/public/535/3.html.
[4] J.Flick, J.Johnson,” Definitions of Managed Objects for the Ethernet-like Interface Types” , RFC2665,
August 1999.

[5] J.Flick,” Definitions of Managed Objects for the Ethernet-like Interface Types” , RFC3635, September
2003.

[6] J.Flick, J.Johnson,” Definitions of Managed Objects for the Ethernet-like Interface Types” , RFC2358,
June 1998.

[7] F. Kastenholz,” Definitions of Managed Objects for the Ethernet-like Interface Types” , RFC1650,
June 1994.

[8] F. Kastenholz, K. McCloghrie,” The Interfaces Group MIB” RFC2863, June2000.

[9] SmatDraw version 4 (2007) tool used to draw network diagrams.