You are on page 1of 24

What is SNMP?

SNMP (Simple Network Management


Protocol) is a widely available protocol that
facilitates monitoring of networked devices
from a central location.
SNMP Architecture

3 major elements:
Managers - responsible for communicating with network
devices that implement SNMP Agents
Agents - reside in devices such as workstations,
switches, routers, and provide information to Managers.
MIBs (Management Information Base) - describe data
objects to be managed by an Agent within a device.
MIBs are actually just text files, and values of MIB data
objects are the topic of conversation between Managers
and Agents
Object Identifiers (OIDs)

Each MIB object definition has a unique


OID, which is a dotted list of integers. e.g. ]
for data object "hrDiskStorageCapacity" the
OID is ".1.3.6.1.2.1.25.3.6.1.4".
When Managers and Agents communicate
they refer to MIB data objects using OIDs.
An OID sent with a corresponding value
{OID,Value} is referred to as a "binding".
Manager & Agent Communications...

Managers can be viewed as Clients and


Agents as Servers. The operations between
Managers and Agents are quite simple:
get commands are sent by a Manager to an
Agent to request data valuesdefined by a
MIB
The agent will send a response with the
requested values.
...Manager & Agent Communications

Closely related requests are getnext and getbulk.


A Manager can also send set commands to an
Agent. If the MIB defines a data object as read-
write, then the Agent will accept the data value
sent with the set command and process it (store it
or execute appropriate actions).
Agents will send unsolicited traps (alarms) to
Managers to alert them to important events.
Typical Uses

Monitoring device performance


Detecting device faults (or recovery from
faults)
Collecting long term performance data
(trend reports)
Remote device configuration
Remote device control
SNMP Standards and Versions

SNMP Standards are described in RFC


documents published by the IETF. Standards
Topics can generally be categorized into:
Messaging Protocols between Managers
and Agents (which encompasses security
issues)
MIB Syntax Standards
"Standard MIB" Definitions
Messaging Protocols – v1

SNMPv1 was the first protocol introduced, and is still


widely used. It implements get, getnext, getresponse,
and trap operations.
Security for SNMPv1 is based on a "community string"
that is sent with each message, and functions as a
password. If the Manager includes the correct
password in a request to an Agent, the agent will send
a response. The community string is sent in the clear
(not encrypted) and thus the security it provides is
quite weak.
Messaging Protocols - v2c

SNMPv2c introduced the ability to transmit SMIv2


MIB-objects of type "Counter64".
Provides for expanded messaging operations:
getbulk, inform, report, and a new v2trap operation
(same functionality as the SNMPv1 trap).
Enhanced agent error responses added
SNMPv2c uses the same community string
security as SNMPv1.
Messaging Protocols - v3

Security enhancements include:


User Authentication -- verification of the identity of
the SNMP Entity (Manager or Agent) sending the
message. Authentication is based on definitions of
users, and on shared secret keys used to produce
a message hashed authentication code sent with
each message.
Encryption -- the message payload can be
optionally encrypted based on a second shared
key.
Messaging Protocols - v3

Security enhancements include:


VACM (View Access Control Model) -- Agents can
be configured to control who can access which MIB
objects under agent management. For example,
user “bert” can access critical read-write control
data, while user “ernie” can access only read-only
data.
Message Timeless Checks ensure that messages
are not delayed or replayed.
MIB Syntax Standards

MIBs are written in either of two syntax


standards:
SMIv1 is the earliest version, and was
introduced along with SNMPv1. SMIv1 MIBs
are very functional and quite common.
Data objects defined by SMIv1 MIBs can be
transmitted between Managers and Agents
using any of the 3 messaging protocols
(SNMPv1, SNMPv2c, SNMPv3).
MIB Syntax Standards

SMIv2 was introduced along with


SNMPv2c. Major enhancements include:
Introduction of new data base types, including
the "Counter64".
Although derived data types could be defined
using SMIv1, SMIv2 formalizes this syntax, and
also defines some "Standard Textual
Conventions" such as "Display String".
MIB Syntax Standards

Improvements that enhance the documentation of MIB


files and objects, such as:
Module Identity Statement
Conformance Statements
Improved NOTIFICATION-TYPE syntax replaces
TRAP-TYPE syntax
MIB Syntax Standards

An SMIv2 MIB can usually be translated into an SMIv1 MIB.


The primary exceptions are:
A Counter64 object has no SMIv1 counterpart,
An improperly coded NOTIFICATION-TYPE object
cannot be translated to an SMIv1 TRAP-TYPE object
with the same OID.
Data defined by SMIv2 MIB Objects can be transmitted
between Managers and Agents by any of the 3 messaging
protocols. The only exception to this is that Counter64 data
cannot be transported in SNMPv1 messages.
"Standard MIB" Definitions...

Depending on the origin (author) of a MIB,


we can categorize MIBs into either:
Standard MIBs are authored by persons
associated with the IETF. For example, a
Standard Printer MIB exists, and printer
manufacturers commonly implement Agent
support for this MIB (in addition to their own
Enterprise MIBs).
..."Standard MIB" Definitions

Enterprise MIBs are authored by non-


standards-committee organizations (e.g.,
Cisco, HP, Juniper). All such organizations
must apply for a unique "Enterprise ID"
issued by IANA (Internet Assigned Number
Authority). Enterprise MIB objects are then
organized under these unique assigned
OIDs.
Strengths

Widespread popularity
Many standard MIBs available
Agents have low impact on monitored
system resources
Well suited to monitoring
Many products available
Weaknesses...

Not as comprehensive as some other


protocols
Not bandwidth efficient
Complicated message encoding rules
Security has been on on-going concern.
SNMPv3 was developed in response to this
issue.
...Weaknesses

UDP protocol creates issues regarding


verification of operations:
Trap-Send verification (did it really reach the
Manager?)
Verification (success) of any “set” operation
to an Agent.
However, well designed MIBs and Manager
logic can overcome these problems
Acknowledgements

http://www.eogogics.com/talkgogics/tutorials/SNMP/
Books

Understanding SNMP MIBs by David Perkins &


Evan McGinnis. Prentice Hall, 1997
SNMP, SNMPv2, SNMPv3, and RMON 1 and 2 by
William Stallings. Addison-Wesley, 1996
Essential SNMP by Mauro & Schmidt. O’Reilly,
2005
A Practical Guide to SNMPv3 and Network
Management by David Zeltserman. Prentice-Hall
PTR, 1999
Websites

http://en.wikipedia.org/wiki/Simple_Network_M
anagement_Protocol Good overview of
SNMP.
http://www.simpleweb.org/tutorials Some good
tutorials.
http://www.snmplink.org Lots of good
information that is kept current. Includes
tutorial information, references, and tools.
Websites

http://www.cisco.com/univercd/cc/td/doc/product/webs
http://www.ietf.org Internet Engineering Task
Force is the repository of all SNMP standards
http://www.iana.org Internet Assigned
Numbers Authority is responsible for
the registration of enterprise OIDs