Contents

1. NMS Overview 2. SMI or How a MIB is written 3. MIB II 4. SNMP Operations: Get, GetNext, Set.. 5. SNMPv3

Version 1.0

1

Overview of Network Management Systems

Version 1.0

2

NMS - Overview

• Communication Networks Vary in Nature, Complexity and Size • In addition, each Equipment vendor brings in his own proprietary implementations • Effective Network Management thus is a critical component for Network operators and Service Providers to run their business • Service providers face a huge challenge in managing the Network and ensuring the availability of Services

Version 1.0

3

NMS .Overview  IETF is standards body for IP networks which use SNMP  Standardization for Telecom Network is driven by ITU which uses TMN  Network Management Proxies are for converging different Network Management Standardizations Version 1.0 4 .

0 5 .NMS . Agent provides communication with the manager and executes the instructions received. Preferred Architecture : Hierarchical Manager Agent Model Version 1.Overview Manager Agent Model Manager: The entity that does the communicating with the agent management functions by Agent: The entity that represents part of the network being managed.

0 6 .Workbook 1 Version 1.

    Look at the pictures in the previous slide.. You can have as many copies of each device as you like. Arrange in a Network Management heirarchy.Workbook 1 . Which of them will have agents and which can have managers? Group these devices into categories.0 7 . Version 1.

Version 1.Network Management Style POLLING • • • • Request and get information Overall picture available Non Real time information Higher Bandwidth need Real time information Exceptions reported Interrupt driven process Lower Bandwidth TRAPS • • • • Preferred Solution : Trap directed Polling.0 8 .

0 9 .Workbook 2 Version 1.

0 10 .Workbook 2  Look at the diagram in the previous slide  What parameters will you poll and what traps and alarms will you capture Version 1.

NMS – Functional Overview Network Management consists of:  Fault Management  Configuration Management  Accounting Management  Performance Management  Security Management Version 1.0 11 .

Fault Management Fault Management :  Alarm Handling  Trouble Detection  Trouble Correction  Test and Acceptance  Network Recovery Version 1.0 12 .

. active. Date and time alarm condition occurred 5. Duration of alarm condition 6.. Severity code 4. Trouble explanation (e. Performance Monitoring.) Version 1.0 13 . acknowledged. etc.g.Alarms Alarms should contain the following information: 1. Originating resource (network element. element management system. defined alarm code) 3. cleared.g. etc. Status of alarm (e.) 2. facilities.

Configuration Management Configuration Management :  System Boot Up Function  Network Provisioning  Auto Discovery  Backup and Restore  Database Handling Version 1.0 14 .

0 15 .Accounting Management Accounting Management consists of: Track Service Usage Bill For Usage Version 1.

0 16 .Performance Management Performance Management entails: Data Collection Report Generation Data Analysis Version 1.

Security Management Security Management involves: Control Device Access Enable Device functions Access Logs Authentication Authorization Encryption Version 1.0 17 .

TRANSACTION LANGUAGE 1 CMIP .Some Network Management Protocols SNMP .0 18 .COMMON MANAGEMENT INFORMATION PROTOCOL TMN SPECIFIED Version 1. Supports Large Data Handling v3: Enhanced Security and Access Control TL 1 .SIMPLE NETWORK MANAGEMENT PROTOCOL v1: First Version v2: Enhanced.

0 19 . Switches. Access nodes. ATM.Functional View of NMS Business Mgmt Layer Service Mgmt Layer Network Mgmt Layer Element Mgmt Layer Adaptation Layer External Interfaces PBX. Transmission Nodes. Frame Relay OSS Interfaces Network Call Control Billing Modules Version 1. Broadband.

Overview In a nutshell.0 20 . Network Management is: o o The monitoring of Managed Resources The controlling of Managed Resources Version 1.NMS .

NMS ...Overview What is a Managed Resource ? – – – A component in your network May be a physical device • workstation • network element • circuit pack • . Version 1.. May be a logical entity • session • connection • software • .0 21 ..

Introduction to SMI Version 1.0 22 .

Introduction To SNMP  SNMP stands for Simple Network Management Protocol  Makes use of UDP/IP protocol stack for communication  SNMP models each device for the purpose of managing it Version 1.0 23 .

0 24 .SNMP Components SNMP Protocol  Defines format of messages exchanged by management systems and agents.1) Management Information Base(MIB)  Collection of information organized hierarchically Version 1.  Specifies the Get. and Trap operations Structure of Management Information(SMI)  Rules specifying format used to define objects managed on network that SNMP protocol accesses  Uses Abstract Syntax Notation One (ASN. GetNext. Set.

SNMP – Object Modelling  In order to manage a network it is essential to “Model” the network  One way (the best way) to model the network is by making use of Object oriented methodology  SNMP also defines objects (Not really objects but attributes by making use of ASN.0 25 .1 Macros) Version 1.

a framework is defined  The framework is referred to as SMI (Structure of Management Information)      SMIv1 is defined by IETF (RFC 1155) SNMPv1 in RFC1157 MIB-II is defined in RFC 1213 SNMPv2c RFCs defined in RFC 1902-1908 SNMPv3 RFCs defined in RFC 3411-3418 Version 1.0 26 .SMI. SNMP & MIB  In order to define objects in uniform and consistent fashion.

1 type)  The syntax of the object defines abstract data structure Represented as an ASN.SNMP – SMI  Managed objects (network components) are accessed through virtual information store called “Management Information Base” (MIB)  Each object type has name.1 data type  The encoding of the object is done by any of the standard encoding techniques – BER (Basic Encoding Rule) Version 1. syntax and encoding  The name of the object is represented by OBJECT IDENTIFIER (ASN.0 27 .

iso (1) internet OBJECT IDENTIFIER ::= {iso org(3) dod(6) 1} directory OBJECT IDENTIFIER ::= {internet 1} mgmt OBJECT IDENTIFIER ::= {internet 2} experimental OBJECT IDENTIFIER ::= {internet 3} Version 1.0 28 .SNMP – Object Naming   The Object Identifier is a sequence of numbers that traverse a Tree structure Typically a “label” (textual name) is associated with the number Example: ccitt (0).

ISO OID Tree root ccitt (0) iso (1) joint-iso-ccitt (2) stnd (0) reg-auth (1) mb (2) org (3) dod (6) internet (1) directory (1) mngt (2) mgmt experimental (3) private (4) enterprises (1) security (5) snmpV2 (6) mib-2 (1) Version 1.0 snmpDomains (1) snmpProxys (2) snmpModules (3) 29 .

Workbook 3: MIB tree Version 1.0 30 .

What do you observe? Version 1.0 31 .. Examine from the root of the ISO OID MIB Tree. Load RFC1213 MIB.    Open the AdventNet MIB Browser as shown in the previous slide.Workbook 3 .

OCTET STRING 3. INTEGER 2. NULL Version 1.1 Data Types The 4 in built or primitive ASN.0 32 .Primitive ASN.1 data types are: 1. OBJECT IDENTIFIER 4.

SMIv1 . but latches at Max (Min) value. Version 1.0 33 . Opaque – A container type (OCTET STRING) for any ASN. SMIv1 defines application wide data types like: • • • • • • Network Address – A choice type to choose from family of addresses IP Address – Octet String of length 4 Counter – A non-negative integer that increases to a Max.1 data types.1 type TimeTicks – Integer each unit representing 1/100th of sec. value and resets to zero Gauge – Integer value.Object Types  Apart from the ASN. that increase or decrease.

NULL object example is …… OPAQUE object example is …… Time Ticks Object is found in ….. Table type object example is …… OCTET STRING example is ……. Gauge type object example is …….0 34 . Version 1.Quick Quiz         IP Address type object will be found in…… Counter type object will be found in …..

SMIv1 and SMIv2 Data Types SM Iv1 S IMP LE T YP E S: INT E GE R O CT ET ST R IN G O BJE CT ID EN T IF IE R A P PLICA T IO N-W ID E T Y P ES : G auge C ounter T im eTicks IpA ddress O paque N etw orkAddress - SM Iv2 IN TE GE R OC TE T S T RING OB JEC T IDE NT IFIER Integer32 Unsigned32 Gauge32 Counter32 Counter64 TimeT icks IpA ddress Opaque BIT S 35 P S EU D O T Y PE S : Version 1.0 .

OBJECT-TYPE Definition OBJECT-TYPE: INTEGER OCTET STRING OBJECT IDENTIFIER BITS IpAddress Integer32 Counter32 Counter64 Gauge32 TimeTicks Opaque New Type read-only read-write read-create accessible-for-notify not-accessible current deprecated obsolete "" 36 SYNTAX MAX-ACCESS STATUS DESCRIPTION Version 1.0 .

OBJECT-TYPE Scalar Definition Example Definition of address address SYNTAX MAX-ACCESS STATUS DESCRIPTION ::= {NEW-MIB 1} OBJECT-TYPE IpAddress read-write current "The Internet address of this system" Version 1.0 37 .

Version 1.0 38 .Workbook 4  Examine the RFC 1213 MIB file and locate an OBJECT –TYPE definition for a scalar  Locate OBJECT IDENTIFIER definitions and look at the definitions.

0 39 .Definition of Non Leaf Objects info OBJECT IDENTIFIER ::= {NEW-MIB 2} ALTERNATIVE CONSTRUCT: OBJECT IDENTITY EXAMPLE: info STATUS DESCRIPTION OBJECT-IDENTITY current "The node under which future scalar objects should be registered " ::= {NEW-MIB 2} Version 1.

0 40 .Definition of a MIB NEW-MIB DEFINITIONS ::= BEGIN import statement(s) module identity definition definition of all node and leaf objects definition of implementation requirements END Version 1.

MODULE IDENTITY Example
newMibModule MODULE-IDENTITY LAST-UPDATED "200104041200Z" ORGANIZATION "UT-TMG" CONTACT-INFO " University of Twente The Netherlands Email: simpleweb@simpleweb.org " DESCRIPTION "Experimental MIB for demo purposes" ::= { enterprises ut(785) 7 }

Version 1.0

41

Imports Statement Example
IMPORTS MODULE-IDENTITY, TimeTicks, enterprises FROM SNMPv2-SMI; OBJECT-TYPE,

Version 1.0

42

An Example MIB
WIN-MIB DEFINITIONS ::= BEGIN IMPORTS RowStatus, DisplayString FROM SNMPv2-TC OBJECT-TYPE, MODULE-IDENTITY, enterprises, Integer32 FROM SNMPv2-SMI; winSystem MODULE-IDENTITY LAST-UPDATED "200210110900Z" ORGANIZATION "jay Inc." CONTACT-INFO "jay Inc. Web site: www.wipro.com Email: jaya.venu@wipro.com" DESCRIPTION "The MIB module for managing winsys Info" ::= { enterprises jay(5000) 10 }

Version 1.0

43

MIB example(contd) mySysObjects OBJECT IDENTIFIER ::= { winSystem 1 } mySystemName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "System name" ::= { mySysObjects 1 } mySystemDir OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "System directory" ::= { mySysObjects 2 } END Version 1.0 44 .

Workbook 5  Locate a MIB file with a MIB MODULE definitions with IMPORTS and MODULE-IDENTITY.0 45 .  Can you follow how the module is organized?  What do you think is the advantage of this approach? Version 1.

IndexSyntax ::= CHOICE { number string object ipAddress } INTEGER (0. IpAddress Version 1.MAX). OBJECT IDENTIFIER.0 46 . one for simple index and many for composite index..  OCTET STRING.IndexPart in Object Definition  The INDEX can be a comma separated list of Object Identifiers.

0 47 .SNMP – MIB Example Scalar udpInDatagrams OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION “The total number of UDP datagrams delivered to UDP users “ ::= {udp 1} Version 1.

tcpConnRemotePort } ::= {tcpConnTable 1} Version 1. tcpConnRemoteaddress.0 48 .SNMP – MIB Example Table Definition tcpConnTable OBJECT-TYPE SYNTAX SEQUENCE OF TcpConnEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION “A table containing TCP connection specific information” ::= {tcp 13} tcpConnEntry SYNTAX MAX-ACCESS STATUS DESCRIPTION INDEX OBJECT-TYPE TcpConnEntry not-accessible current “Information about particular tcp connection” {tcpConnLocaladdress. tcpConnLocalPort.

65535) } Version 1. tcpConnRemAddress IpAddress.. tcpConnLocalPort INTEGER (0.65535).0 49 . tcpConnLocalAddress IpAddress.MIB Example Table Definition TcpConnEntry ::= SEQUENCE { tcpConnState INTEGER. tcpConnRemPort INTEGER (0..

0 50 .Workbook 6  Look at the Table Definition of any table object in RFC 1213 MIB like ipRouteTable  What are the various components of a table definition? Version 1.

udpLocalPort } udpEntry Version 1.Examples of Indexes in MIB-II  In MIB-II. tcpConnRemotePort } { udpLocalAddress. tcpConnLocalPort. the following INDEX clauses are used Objects ifEntry ipRouteEntry tcpConnEntry INDEX { ifIndex } { ipRouteDest } { tcpConnLocalAddress. tcpConnRemoteAddress.0 51 .

0 52 .  Use a MODULE-IDENTITY definition for your MIB including scalars and table objects. Version 1.Workbook 7: Writing a MIB  Pick your problem for MIB generation  Link in your own organization subtree in the MIB tree under enterprises.  Write your scalars and tables for describing your organization and products.  Load your MIB and debug all errors until success……….

0 53 .MIB II Version 1.

0 54 .SNMP – Some Object Groups System Group – provides general information about the managed system SYSTEM sysDescr sysObjectId sysUpTime sysContact sysName sysLocation Version 1.

SNMP – Interface Object Groups Interface Group :- Interfaces contains information about the physical interfaces of the entity. including configuration and statistics of events occurring on the interface ifNumber ifTable ifIndex ifDescr ifType ifSpeed ifMtu Version 1.0 55 .

0 56 . udp. egp snmp Includes information about The host/gateway operating system Individual network interfaces Internet protocol software Internet control message protocol Transport and routing Snmp related objects Version 1.Management Information Base MIB is a standard that specifies the data items that a host or gateway must keep and the operations allowed on each MIB category system interfaces ip icmp tcp.

0 57 .MIB-II Interfaces Group Version 1.

MIB-II IP Group Version 1.0 58 .

0 59 .MIB-II TCP Group Version 1.

0 60 .SNMP Operations Version 1.

SNMP – Communication Model Host A Host B SNMP MANAGER UDP / IP SNMP AGENT UDP / IP Data Link Data Link Physical Physical Version 1.0 61 .

both the agent and manager need to share the same “Information model” to work together Agent interact with the Device (back end) to retrieve values    Version 1.SNMP – Protocol  The network devices are managed by the management station – Devices run “agent” software and management station run “manager” software The Manager learns about the network device through the agent Hence.0 62 .

SNMP – Protocol     The management station and the network device use “SLEEK” UDP protocol to send and receive messages Management station will not instantiate the MIB.0 63 . it retrieves the instance from the agent The manager and the agent use simple interaction: Manager sends a request message when it wants to retrieve objects and agent replies Agent on its own reports any trouble it notices on the device or TRAPS to the manager Version 1.

0 64 .How SNMPv1 Messages Function Version 1.

0 65 . serves retrieving/modifying data  SNMP PDU specifies operation as password for Version 1.SNMP Message Format ------------------------------------------------------| version | community | SNMP PDU | ------------------------------------------------------ version .specifies the SNMP version number  community is OCTET STRING.

the manager needs to specify object name  The agent responds to GET request by sending to the manager GETRESPONSE message with: A list of requested objects (names) with their values – known as var binding list  In case of error. the index indicates object which caused the error Version 1. In order to get the objects.SNMP – Protocol Interaction Get Operation  The Manager sends GET Request to retrieve objects from the agent.0 66 .

Version 1.0  In order to retrieve values from a table. or noSuchInstance if no instance of object found in the value field of the variable for SNMPv2.SNMP – Protocol Interaction Get Operation  In order to retrieve scalar objects from the agent. manager has to send object name suffixed with value ZERO: eg: sysUpTime. the object name is suffixed with the index value  If the agent doesn’t find the object with the name supplied by the manager it returns noSuchObject .0 67 .

GET Management Station PDU Type Req id 0 0 Variable Bindings (names) Device Agent Process PDU Type Req id 0 0 Name Variable 1 1 MIB Management process … Name n Variable n Response .0 Request id Error Status ErrorIndex Variable Bindings 68 .Protocol Operation .No Error PDU Format GetRequest/Response PDU Type Version 1.

Protocol Operation – GET (toobig error) Management Station PDU Type Req id 0 0 Variable Bindings (names) Device Agent Process PDU Type Req id MIB Management Process toobig 0 NULL Response – Error too big.message size Exceeds max size PDU Format GetRequest/Response PDU Type Version 1.0 Request id Error Status Error Index Variable Bindings 69 .

0 70 .Protocol Operation – GET (generror error) Management Station PDU Type Req id 0 0 Variable Bindings (names) PDU Type Req id Device generror Index Of problem object MIB Management Process Agent Process Variable Bindings (names) Response – Error generror.processing of Variable name fails PDU Format GetRequest/Response PDU Type Request id Error Status Error Index Variable Bindings Version 1.

0 71 .  Min Size :484 bytes.Error Status for SNMPv1  Values for error status are:  noError (0) request was successfully processed  tooBig (1) Agent could not fit results of request into single SNMP message.  Max. size 1500 bytes for Ethernet Networks Version 1.

Most common source is reading objects that do not exist.  readOnly (4) defined in v1 to indicate that a set operation tried to modify a variable that according to community profile cannot be written into.Error Status  noSuchName(2) Object specified which agent did not know based on specified community. In reality this isnt used as if you try to set a read-only object noSuchName error status is returned  genErr (5) any other error Version 1.0 72 .  badValue(3) a set value tried to modify an object with invalid or inconsistent value.

0 73 .SNMPv2 to SNMPv1 Error Mapping SNMPv2 Error Status  noError  tooBig  noSuchName  badValue  readOnly  genErr  wrongValue  wrongEncoding  wrongType  wrongLength  Inconsistent Value  noAccess  notWritable  noCreation SNMPv1 Error Status noError tooBig noSuchName badValue readOnly genErr badValue badValue badValue badValue badValue noSuchName noSuchName noSuchName Version 1.

0 74 .  For SNMP GETBULK requests we can get back endOfMibView Version 1.SNMPv2 Exceptions  For SNMP GET requests we can get back noSuchObject and noSuchInstance Exception  For SNMP GETNEXT requests we can get back endOfMibView.  For SNMP SET requests we cannot get back any exceptions.

SNMP – Protocol Interaction SNMP Table      The SNMP table is represented as ASN. Each table has an Entry which is SEQUENCE Type.1 SEQUENCE OF type. the object name is suffixed with the index value The agent need to create the rows in the table either during start up or when the manager sends a SET request to the agent Version 1. Each column in the table entry is identified by the object identifier Each row is identified by the index value In order to retrieve values from a table.0 75 .

next lexicographically ordered object Get Next operation allows the manager to search through the table. without having to know the index value  Version 1.0 76 .SNMP – Protocol Interaction Get Next Operation  Get Next operation is similar to Get Request. However. Get Next operation retrieves the .

Get Request  Consider following MIB table a subset of ifTable Instance 1 2 3 4 5 6 ifIndex 1 2 3 4 5 6 ifDescr ethernet ethernet serial ppp ethernet ethernet ifType 6 6 22 23 6 6 Version 1.0 77 .

4) The agent will respond typically with: sysUptime.0 287231 ifIndex.1 1 ifDescr.4 23 GetRequest can query scalars & objects from diff.ifDescr.2.0.2 ethernet ifTypes.0 78 .Get Request Illustration If a mangement station issues a: GetRequest(sysUpTime. ifIndex.1. rows Version 1. ifType.

Get Next Request  Consider this table: ifIndex ifInOctets ifInUcastPkts ifInNUcastPkts 1 200123 560 912 2 4587213 8876 1780 3 755943 8761 1020 4 8837722 110211 4390 5 398765321 301392159 3259 6 983141 65211 3251 Version 1.0 79 .

0 80 .1 560 ifInNUcastPkts.1 200123 ifInUcastPkts. ifInUcastPkts.1 912  GetNestRequest automatically returns the queried columns of the first row. ifInNUcastPkts)  Response will be: ifInOctets.e 1 in example Version 1.GetNextRequest Illustration  Issue a GetNextRequest(ifInOctets. i. The response will also have the index of the first row instance.

0 81 . ifInUcastPkts.1.1) using index of first row.2 4587213 ifInUcastPkts.1. ifInNUcastPkts.  Response will be fields of next row: ifInOctets.2 8876 ifInNUcastPkts.2 1780 Version 1.GetNextRequest Illustration  Issue a GetNextRequest(ifInOctets.

Protocol Operation – Getbulk Management Station PDU Type Req id Nonrepeaters Maxrepetitions Variable Bindings Device Agent Process PDU Type Req id Nonrepeaters MIB Maxrepetitions Variable Bindings Management Process PDU Format for getbulk PDU Type Version 1.0 Request nonmaxid repeaters repetitions Variable Bindings 82 .

0 83 .GetBulkRequest Version 1.

SNMP – Protocol Interaction SET Operation  Manager sends Set Request to set value of objects.0 84 . manager need to specify both the object name and the value  Agent responds to the SET request with same PDU as GET-RESPONSE PDU Version 1. In order to set object values.

0 Request id Error Status Error Index Variable Bindings 85 .Protocol Operation .SET PDU Type Management Station Req 0 0 Name Variable … Name Variable n id 1 1 n Management Process Device Agent Process MIB Name Variable n n PDU Type Req 0 id 0 Name Variable 1 1 •If no Validation error •Phase-2 : •If no updation error •The values are … set PDU Format SetRequest/Response PDU Type Version 1.

Protocol Operation – Trapv2 Management Station PDU type Req Id Device 00 Variable Bind List MIB Management process Agent Process •Trap PDU GeneratedUnusual Event occurrence PDU Format for Trap PDU Type Version 1.0 Request id Error Status Error Index Variable Bindings 86 .

GetNext or Set .  First variable provides agent’s value of sysUpTime when Trap generated.  Next variable is snmpTrapOID.0 which identifies what type of trap it is Version 1.0 87 .Info about trap embedded in variable bindings.Trap PDU  Format for SNMPv2 Trap PDU ----------------------------------------------------------| 0xA7 | reqid | 0 | 0 | variable bindings | ----------------------------------------------------------PDU format identical to Get.

ifOperStatus} STATUS current DESCRIPTION “A linkdown trap …. ifAdminStatus .” ::= { snmpTraps 3} Version 1.NOTIFICATION-TYPE  SNMPv2 Traps are defined by this macro.0 88 . linkDown NOTIFICATION-TYPE OBJECTS { ifIndex.

 Format of SNMPv1 Trap PDU: -----------------------------------------------------------------| 0xA4 | ent. | ts | var bind | ------------------------------------------------------------------ Version 1.SNMPv1 Trap PDU  Trap message is sent by agent to manager at UDP port 162 whereas GetRequest and GetResponse goes to UDP port 161.0 89 . | spec. | addr | gen.

Generic Traps  Six Generic Traps are defined:  coldStart (0)  warmStart (1)  linkDown(2)  linkUp (3)  authenticationFailure(4)  egpNeighbourLoss(5) Version 1.0 90 .

0 91 .Informs  Informs are like SNMPv2 Traps but they are acknowledged. Version 1.  InformsRequest PDU is: ----------------------------------------------------------| 0xA6 | reqid | 0 | 0 | variable bindings | ----------------------------------------------------------• • Type Value of 0xA6 indicates it is an Informs message. This can also be sent from one manager to another.

 Use snmpget.  Use snmptrap to generate traps which can be seen on AdventNet Trap Viewer. snmpbulkget for accessing MIB objects both scalars and table objects. snmpgetnext.Workbook 8  Explore the AdventNet Manager and access the agent on Linux machine and see how the manager and agent interact.  Capture in Ethereal the exchange between manager and agent and note the port number used by manager and agent and also the various filelds in the SNMP message.0 92 . Version 1.

0 93 .SNMP Message BER Encoding Example Version 1.

0 94 .. Version 1.SNMP Message BER Encoding Example.

Workbook 9  Make an SNMP request to the agent from your manager and trace byte wise the SNMP request and response in Ethereal. Version 1.0 95 .

Introduction to SNMP v3

Version 1.0

96

SNMPv3 Architecture

Version 1.0

97

SNMP Entity, Applications and Engine
SNMP Entity

SNMP Applications

SNMP Engine Implements functions to provide services to applications

Version 1.0

98

SNMPv3 Agent Architecture Version 1.0 99 .

Does the following • • • Authentication Decryption Extraction of PDU’s from messages Version 1. Accepts outgoing PDU’s. Accepts incoming PDU’s. Does the following • • • Encryption Insert authentication code Encapsulation of PDU’s in messages 2.0 100 .Functions of SNMP Engine 1.

priv.SNMP v3 Message Structure msgVersion msgID msgMaxSize msgFlags msgSecurityModel msgSecurityParameters contextEngineID contextName PDU Version 1.auth 1.2.3 Used by security and access control 101 .0 snmpv3 Used by message processing subsystem reportable.

works on SNMP messages Access Control: authorized access. works on PDUs Version 1. Security Subsystem: privacy and authentication. Authorization services to control access to MIBs for reading and setting of managed objects. So far the only defined model is View Based Access Control Model.Functions of Access Control Subsystem 1. Operates on SNMP PDU’s.0 102 . 2.

SNMPv3 Access Control Version 1.0 103 .

A MIB View Version 1.0 104 .

VACM OID security name vacmSecurityToGroupTable groupName MIB View security model vacmAccessTable vacmViewTree FamilyTable security level context name mess type(read. notify) Version 1.0 105 .write .

SNMP v3 Message Structure Version 1.0 106 .

0 107 .USM Message Structure Version 1.

Response or Report and of the destination for a Get. GetNext. GetBulk.msgAuthoritativeEngineID: snmpEngineID of the source for a Trap. msgAuthoritativeEngineTime: snmpEngineTime represents number of seconds since SNMP Engine last incremented the snmpEngineBoots object. msgPrivacyParameters: initial value of DES CBC algoritham Version 1.0 108 . Informs 2. 5. msgAuthenticationParameters: HMAC message code 6. msgUserName: user on whose behalf message is exchanged. Set. msgAuthoritativeEngineBoots: snmpEngineBoots value which represents the number of times SNMP engine has reinitialized itself since its initial configuration 3. 4.USM Message Parameters 1.

the organization may not want to incur the overhead of using authentication. There may be situations where the users are trusted and/or the data is not sensitive. Authentication is optional in SNMPv3.0 109 . In these cases.Authentication There are three goals in authentication: (1) to verify that the user is really who he says he is (2) to verify the user's message was not changed during transport (3) to verify that the message is not being replayed (copy the message and play it over again in the future). Version 1. This is referred to as noauth/nopriv.

A message digest is computed of the packet using the secret authentication key for the user specified in msgUserName. 3. The packet is sent. The entire packet is created. The authentication flag is turned on in the msgFlags.0 110 .Authentication Sending an authenticated SNMPv3 packet: 1. 4. 2. The computed message digest is inserted in the message. Version 1. and the msgAuthenticationParameters is zeroed out. The algorithm used HMAC (MD5 or SHA )is determined by the authentication protocol specified for the user.

When privacy is invoked between a principal and a remote engine.Privacy with DES The SNMPv3 USM privacy facility enables managers and agents to encrypt messages to prevent eavesdropping by third parties. all traffic between them is encrypted using the Data Encryption Standard (DES). The cipher-block-chaining (CBC) mode of DES is used by USM. Version 1. Manager entity and agent entity must share a secret key.0 111 .

0 112 . Implement View Based Access Control on the v3 Agent in your system and test it out.Workbook 10 Observe the demo for configuring an SNMPv3 Agent. Version 1.

SNMP – V1 and V2 Comparison SNMP V1    The Trap PDU independently was defined  SNMP V2 Trap PDU redefined to be same as that of GetRequest Get Bulk operation was defined Inform Request PDU was defined for an acknowledged trap & to exchange info between mgmt stations The operation Get Bulk was never defined Inform Request was not defined   Version 1.0 113 .

Sign up to vote on this title
UsefulNot useful