Contents

1. NMS Overview 2. SMI or How a MIB is written 3. MIB II 4. SNMP Operations: Get, GetNext, Set.. 5. SNMPv3

Version 1.0

1

Overview of Network Management Systems

Version 1.0

2

NMS - Overview

• Communication Networks Vary in Nature, Complexity and Size • In addition, each Equipment vendor brings in his own proprietary implementations • Effective Network Management thus is a critical component for Network operators and Service Providers to run their business • Service providers face a huge challenge in managing the Network and ensuring the availability of Services

Version 1.0

3

0 4 .NMS .Overview  IETF is standards body for IP networks which use SNMP  Standardization for Telecom Network is driven by ITU which uses TMN  Network Management Proxies are for converging different Network Management Standardizations Version 1.

NMS . Agent provides communication with the manager and executes the instructions received.0 5 .Overview Manager Agent Model Manager: The entity that does the communicating with the agent management functions by Agent: The entity that represents part of the network being managed. Preferred Architecture : Hierarchical Manager Agent Model Version 1.

Workbook 1 Version 1.0 6 .

    Look at the pictures in the previous slide. Arrange in a Network Management heirarchy. Which of them will have agents and which can have managers? Group these devices into categories..Workbook 1 . You can have as many copies of each device as you like. Version 1.0 7 .

0 8 .Network Management Style POLLING • • • • Request and get information Overall picture available Non Real time information Higher Bandwidth need Real time information Exceptions reported Interrupt driven process Lower Bandwidth TRAPS • • • • Preferred Solution : Trap directed Polling. Version 1.

0 9 .Workbook 2 Version 1.

Workbook 2  Look at the diagram in the previous slide  What parameters will you poll and what traps and alarms will you capture Version 1.0 10 .

0 11 .NMS – Functional Overview Network Management consists of:  Fault Management  Configuration Management  Accounting Management  Performance Management  Security Management Version 1.

Fault Management Fault Management :  Alarm Handling  Trouble Detection  Trouble Correction  Test and Acceptance  Network Recovery Version 1.0 12 .

0 13 . etc.Alarms Alarms should contain the following information: 1. Status of alarm (e. facilities. etc. Severity code 4.) Version 1. element management system. cleared. Date and time alarm condition occurred 5. Performance Monitoring.) 2. defined alarm code) 3. acknowledged. active.. Trouble explanation (e.g. Originating resource (network element..g. Duration of alarm condition 6.

Configuration Management Configuration Management :  System Boot Up Function  Network Provisioning  Auto Discovery  Backup and Restore  Database Handling Version 1.0 14 .

0 15 .Accounting Management Accounting Management consists of: Track Service Usage Bill For Usage Version 1.

Performance Management Performance Management entails: Data Collection Report Generation Data Analysis Version 1.0 16 .

Security Management Security Management involves: Control Device Access Enable Device functions Access Logs Authentication Authorization Encryption Version 1.0 17 .

Supports Large Data Handling v3: Enhanced Security and Access Control TL 1 .SIMPLE NETWORK MANAGEMENT PROTOCOL v1: First Version v2: Enhanced.Some Network Management Protocols SNMP .0 18 .TRANSACTION LANGUAGE 1 CMIP .COMMON MANAGEMENT INFORMATION PROTOCOL TMN SPECIFIED Version 1.

ATM. Broadband. Frame Relay OSS Interfaces Network Call Control Billing Modules Version 1. Transmission Nodes. Access nodes. Switches.0 19 .Functional View of NMS Business Mgmt Layer Service Mgmt Layer Network Mgmt Layer Element Mgmt Layer Adaptation Layer External Interfaces PBX.

0 20 .Overview In a nutshell. Network Management is: o o The monitoring of Managed Resources The controlling of Managed Resources Version 1.NMS .

..NMS . May be a logical entity • session • connection • software • .. Version 1..0 21 .Overview What is a Managed Resource ? – – – A component in your network May be a physical device • workstation • network element • circuit pack • .

0 22 .Introduction to SMI Version 1.

Introduction To SNMP  SNMP stands for Simple Network Management Protocol  Makes use of UDP/IP protocol stack for communication  SNMP models each device for the purpose of managing it Version 1.0 23 .

Set.  Specifies the Get. GetNext.0 24 .SNMP Components SNMP Protocol  Defines format of messages exchanged by management systems and agents. and Trap operations Structure of Management Information(SMI)  Rules specifying format used to define objects managed on network that SNMP protocol accesses  Uses Abstract Syntax Notation One (ASN.1) Management Information Base(MIB)  Collection of information organized hierarchically Version 1.

1 Macros) Version 1.0 25 .SNMP – Object Modelling  In order to manage a network it is essential to “Model” the network  One way (the best way) to model the network is by making use of Object oriented methodology  SNMP also defines objects (Not really objects but attributes by making use of ASN.

SNMP & MIB  In order to define objects in uniform and consistent fashion.SMI. a framework is defined  The framework is referred to as SMI (Structure of Management Information)      SMIv1 is defined by IETF (RFC 1155) SNMPv1 in RFC1157 MIB-II is defined in RFC 1213 SNMPv2c RFCs defined in RFC 1902-1908 SNMPv3 RFCs defined in RFC 3411-3418 Version 1.0 26 .

0 27 .SNMP – SMI  Managed objects (network components) are accessed through virtual information store called “Management Information Base” (MIB)  Each object type has name.1 data type  The encoding of the object is done by any of the standard encoding techniques – BER (Basic Encoding Rule) Version 1.1 type)  The syntax of the object defines abstract data structure Represented as an ASN. syntax and encoding  The name of the object is represented by OBJECT IDENTIFIER (ASN.

iso (1) internet OBJECT IDENTIFIER ::= {iso org(3) dod(6) 1} directory OBJECT IDENTIFIER ::= {internet 1} mgmt OBJECT IDENTIFIER ::= {internet 2} experimental OBJECT IDENTIFIER ::= {internet 3} Version 1.SNMP – Object Naming   The Object Identifier is a sequence of numbers that traverse a Tree structure Typically a “label” (textual name) is associated with the number Example: ccitt (0).0 28 .

0 snmpDomains (1) snmpProxys (2) snmpModules (3) 29 .ISO OID Tree root ccitt (0) iso (1) joint-iso-ccitt (2) stnd (0) reg-auth (1) mb (2) org (3) dod (6) internet (1) directory (1) mngt (2) mgmt experimental (3) private (4) enterprises (1) security (5) snmpV2 (6) mib-2 (1) Version 1.

Workbook 3: MIB tree Version 1.0 30 .

Workbook 3 . Load RFC1213 MIB.    Open the AdventNet MIB Browser as shown in the previous slide.. What do you observe? Version 1.0 31 . Examine from the root of the ISO OID MIB Tree.

1 data types are: 1. INTEGER 2. OCTET STRING 3. NULL Version 1.0 32 . OBJECT IDENTIFIER 4.Primitive ASN.1 Data Types The 4 in built or primitive ASN.

SMIv1 . Version 1.0 33 .1 type TimeTicks – Integer each unit representing 1/100th of sec. SMIv1 defines application wide data types like: • • • • • • Network Address – A choice type to choose from family of addresses IP Address – Octet String of length 4 Counter – A non-negative integer that increases to a Max. value and resets to zero Gauge – Integer value. but latches at Max (Min) value.Object Types  Apart from the ASN. Opaque – A container type (OCTET STRING) for any ASN. that increase or decrease.1 data types.

NULL object example is …… OPAQUE object example is …… Time Ticks Object is found in …..0 34 . Version 1..Quick Quiz         IP Address type object will be found in…… Counter type object will be found in …. Gauge type object example is ……. Table type object example is …… OCTET STRING example is …….

0 .SMIv1 and SMIv2 Data Types SM Iv1 S IMP LE T YP E S: INT E GE R O CT ET ST R IN G O BJE CT ID EN T IF IE R A P PLICA T IO N-W ID E T Y P ES : G auge C ounter T im eTicks IpA ddress O paque N etw orkAddress - SM Iv2 IN TE GE R OC TE T S T RING OB JEC T IDE NT IFIER Integer32 Unsigned32 Gauge32 Counter32 Counter64 TimeT icks IpA ddress Opaque BIT S 35 P S EU D O T Y PE S : Version 1.

OBJECT-TYPE Definition OBJECT-TYPE: INTEGER OCTET STRING OBJECT IDENTIFIER BITS IpAddress Integer32 Counter32 Counter64 Gauge32 TimeTicks Opaque New Type read-only read-write read-create accessible-for-notify not-accessible current deprecated obsolete "" 36 SYNTAX MAX-ACCESS STATUS DESCRIPTION Version 1.0 .

0 37 .OBJECT-TYPE Scalar Definition Example Definition of address address SYNTAX MAX-ACCESS STATUS DESCRIPTION ::= {NEW-MIB 1} OBJECT-TYPE IpAddress read-write current "The Internet address of this system" Version 1.

Version 1.Workbook 4  Examine the RFC 1213 MIB file and locate an OBJECT –TYPE definition for a scalar  Locate OBJECT IDENTIFIER definitions and look at the definitions.0 38 .

0 39 .Definition of Non Leaf Objects info OBJECT IDENTIFIER ::= {NEW-MIB 2} ALTERNATIVE CONSTRUCT: OBJECT IDENTITY EXAMPLE: info STATUS DESCRIPTION OBJECT-IDENTITY current "The node under which future scalar objects should be registered " ::= {NEW-MIB 2} Version 1.

Definition of a MIB NEW-MIB DEFINITIONS ::= BEGIN import statement(s) module identity definition definition of all node and leaf objects definition of implementation requirements END Version 1.0 40 .

MODULE IDENTITY Example
newMibModule MODULE-IDENTITY LAST-UPDATED "200104041200Z" ORGANIZATION "UT-TMG" CONTACT-INFO " University of Twente The Netherlands Email: simpleweb@simpleweb.org " DESCRIPTION "Experimental MIB for demo purposes" ::= { enterprises ut(785) 7 }

Version 1.0

41

Imports Statement Example
IMPORTS MODULE-IDENTITY, TimeTicks, enterprises FROM SNMPv2-SMI; OBJECT-TYPE,

Version 1.0

42

An Example MIB
WIN-MIB DEFINITIONS ::= BEGIN IMPORTS RowStatus, DisplayString FROM SNMPv2-TC OBJECT-TYPE, MODULE-IDENTITY, enterprises, Integer32 FROM SNMPv2-SMI; winSystem MODULE-IDENTITY LAST-UPDATED "200210110900Z" ORGANIZATION "jay Inc." CONTACT-INFO "jay Inc. Web site: www.wipro.com Email: jaya.venu@wipro.com" DESCRIPTION "The MIB module for managing winsys Info" ::= { enterprises jay(5000) 10 }

Version 1.0

43

MIB example(contd) mySysObjects OBJECT IDENTIFIER ::= { winSystem 1 } mySystemName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "System name" ::= { mySysObjects 1 } mySystemDir OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "System directory" ::= { mySysObjects 2 } END Version 1.0 44 .

Workbook 5  Locate a MIB file with a MIB MODULE definitions with IMPORTS and MODULE-IDENTITY.  Can you follow how the module is organized?  What do you think is the advantage of this approach? Version 1.0 45 .

IpAddress Version 1.  OCTET STRING.MAX). IndexSyntax ::= CHOICE { number string object ipAddress } INTEGER (0. one for simple index and many for composite index. OBJECT IDENTIFIER.0 46 .IndexPart in Object Definition  The INDEX can be a comma separated list of Object Identifiers..

SNMP – MIB Example Scalar udpInDatagrams OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION “The total number of UDP datagrams delivered to UDP users “ ::= {udp 1} Version 1.0 47 .

SNMP – MIB Example Table Definition tcpConnTable OBJECT-TYPE SYNTAX SEQUENCE OF TcpConnEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION “A table containing TCP connection specific information” ::= {tcp 13} tcpConnEntry SYNTAX MAX-ACCESS STATUS DESCRIPTION INDEX OBJECT-TYPE TcpConnEntry not-accessible current “Information about particular tcp connection” {tcpConnLocaladdress.0 48 . tcpConnRemotePort } ::= {tcpConnTable 1} Version 1. tcpConnRemoteaddress. tcpConnLocalPort.

0 49 ..MIB Example Table Definition TcpConnEntry ::= SEQUENCE { tcpConnState INTEGER.65535). tcpConnLocalAddress IpAddress.. tcpConnRemPort INTEGER (0. tcpConnLocalPort INTEGER (0. tcpConnRemAddress IpAddress.65535) } Version 1.

Workbook 6  Look at the Table Definition of any table object in RFC 1213 MIB like ipRouteTable  What are the various components of a table definition? Version 1.0 50 .

tcpConnRemoteAddress.0 51 . tcpConnRemotePort } { udpLocalAddress. the following INDEX clauses are used Objects ifEntry ipRouteEntry tcpConnEntry INDEX { ifIndex } { ipRouteDest } { tcpConnLocalAddress. udpLocalPort } udpEntry Version 1. tcpConnLocalPort.Examples of Indexes in MIB-II  In MIB-II.

 Use a MODULE-IDENTITY definition for your MIB including scalars and table objects.0 52 .  Write your scalars and tables for describing your organization and products. Version 1.  Load your MIB and debug all errors until success……….Workbook 7: Writing a MIB  Pick your problem for MIB generation  Link in your own organization subtree in the MIB tree under enterprises.

0 53 .MIB II Version 1.

SNMP – Some Object Groups System Group – provides general information about the managed system SYSTEM sysDescr sysObjectId sysUpTime sysContact sysName sysLocation Version 1.0 54 .

SNMP – Interface Object Groups Interface Group :- Interfaces contains information about the physical interfaces of the entity. including configuration and statistics of events occurring on the interface ifNumber ifTable ifIndex ifDescr ifType ifSpeed ifMtu Version 1.0 55 .

egp snmp Includes information about The host/gateway operating system Individual network interfaces Internet protocol software Internet control message protocol Transport and routing Snmp related objects Version 1.0 56 . udp.Management Information Base MIB is a standard that specifies the data items that a host or gateway must keep and the operations allowed on each MIB category system interfaces ip icmp tcp.

0 57 .MIB-II Interfaces Group Version 1.

0 58 .MIB-II IP Group Version 1.

MIB-II TCP Group Version 1.0 59 .

0 60 .SNMP Operations Version 1.

SNMP – Communication Model Host A Host B SNMP MANAGER UDP / IP SNMP AGENT UDP / IP Data Link Data Link Physical Physical Version 1.0 61 .

SNMP – Protocol  The network devices are managed by the management station – Devices run “agent” software and management station run “manager” software The Manager learns about the network device through the agent Hence. both the agent and manager need to share the same “Information model” to work together Agent interact with the Device (back end) to retrieve values    Version 1.0 62 .

it retrieves the instance from the agent The manager and the agent use simple interaction: Manager sends a request message when it wants to retrieve objects and agent replies Agent on its own reports any trouble it notices on the device or TRAPS to the manager Version 1.SNMP – Protocol     The management station and the network device use “SLEEK” UDP protocol to send and receive messages Management station will not instantiate the MIB.0 63 .

0 64 .How SNMPv1 Messages Function Version 1.

serves retrieving/modifying data  SNMP PDU specifies operation as password for Version 1.0 65 .SNMP Message Format ------------------------------------------------------| version | community | SNMP PDU | ------------------------------------------------------ version .specifies the SNMP version number  community is OCTET STRING.

the index indicates object which caused the error Version 1. the manager needs to specify object name  The agent responds to GET request by sending to the manager GETRESPONSE message with: A list of requested objects (names) with their values – known as var binding list  In case of error.0 66 .SNMP – Protocol Interaction Get Operation  The Manager sends GET Request to retrieve objects from the agent. In order to get the objects.

SNMP – Protocol Interaction Get Operation  In order to retrieve scalar objects from the agent. the object name is suffixed with the index value  If the agent doesn’t find the object with the name supplied by the manager it returns noSuchObject . manager has to send object name suffixed with value ZERO: eg: sysUpTime.0 67 . Version 1.0  In order to retrieve values from a table. or noSuchInstance if no instance of object found in the value field of the variable for SNMPv2.

GET Management Station PDU Type Req id 0 0 Variable Bindings (names) Device Agent Process PDU Type Req id 0 0 Name Variable 1 1 MIB Management process … Name n Variable n Response .No Error PDU Format GetRequest/Response PDU Type Version 1.0 Request id Error Status ErrorIndex Variable Bindings 68 .Protocol Operation .

Protocol Operation – GET (toobig error) Management Station PDU Type Req id 0 0 Variable Bindings (names) Device Agent Process PDU Type Req id MIB Management Process toobig 0 NULL Response – Error too big.message size Exceeds max size PDU Format GetRequest/Response PDU Type Version 1.0 Request id Error Status Error Index Variable Bindings 69 .

Protocol Operation – GET (generror error) Management Station PDU Type Req id 0 0 Variable Bindings (names) PDU Type Req id Device generror Index Of problem object MIB Management Process Agent Process Variable Bindings (names) Response – Error generror.processing of Variable name fails PDU Format GetRequest/Response PDU Type Request id Error Status Error Index Variable Bindings Version 1.0 70 .

 Max.0 71 .  Min Size :484 bytes. size 1500 bytes for Ethernet Networks Version 1.Error Status for SNMPv1  Values for error status are:  noError (0) request was successfully processed  tooBig (1) Agent could not fit results of request into single SNMP message.

Most common source is reading objects that do not exist.Error Status  noSuchName(2) Object specified which agent did not know based on specified community.  readOnly (4) defined in v1 to indicate that a set operation tried to modify a variable that according to community profile cannot be written into.0 72 . In reality this isnt used as if you try to set a read-only object noSuchName error status is returned  genErr (5) any other error Version 1.  badValue(3) a set value tried to modify an object with invalid or inconsistent value.

SNMPv2 to SNMPv1 Error Mapping SNMPv2 Error Status  noError  tooBig  noSuchName  badValue  readOnly  genErr  wrongValue  wrongEncoding  wrongType  wrongLength  Inconsistent Value  noAccess  notWritable  noCreation SNMPv1 Error Status noError tooBig noSuchName badValue readOnly genErr badValue badValue badValue badValue badValue noSuchName noSuchName noSuchName Version 1.0 73 .

 For SNMP GETBULK requests we can get back endOfMibView Version 1.  For SNMP SET requests we cannot get back any exceptions.SNMPv2 Exceptions  For SNMP GET requests we can get back noSuchObject and noSuchInstance Exception  For SNMP GETNEXT requests we can get back endOfMibView.0 74 .

1 SEQUENCE OF type.SNMP – Protocol Interaction SNMP Table      The SNMP table is represented as ASN. the object name is suffixed with the index value The agent need to create the rows in the table either during start up or when the manager sends a SET request to the agent Version 1. Each column in the table entry is identified by the object identifier Each row is identified by the index value In order to retrieve values from a table.0 75 . Each table has an Entry which is SEQUENCE Type.

without having to know the index value  Version 1.SNMP – Protocol Interaction Get Next Operation  Get Next operation is similar to Get Request. Get Next operation retrieves the . However.next lexicographically ordered object Get Next operation allows the manager to search through the table.0 76 .

0 77 .Get Request  Consider following MIB table a subset of ifTable Instance 1 2 3 4 5 6 ifIndex 1 2 3 4 5 6 ifDescr ethernet ethernet serial ppp ethernet ethernet ifType 6 6 22 23 6 6 Version 1.

4 23 GetRequest can query scalars & objects from diff.1.1 1 ifDescr.Get Request Illustration If a mangement station issues a: GetRequest(sysUpTime.0 78 .4) The agent will respond typically with: sysUptime.0.0 287231 ifIndex. ifIndex. rows Version 1.2.2 ethernet ifTypes.ifDescr. ifType.

Get Next Request  Consider this table: ifIndex ifInOctets ifInUcastPkts ifInNUcastPkts 1 200123 560 912 2 4587213 8876 1780 3 755943 8761 1020 4 8837722 110211 4390 5 398765321 301392159 3259 6 983141 65211 3251 Version 1.0 79 .

ifInNUcastPkts)  Response will be: ifInOctets. The response will also have the index of the first row instance. ifInUcastPkts.1 200123 ifInUcastPkts.e 1 in example Version 1. i.0 80 .GetNextRequest Illustration  Issue a GetNextRequest(ifInOctets.1 912  GetNestRequest automatically returns the queried columns of the first row.1 560 ifInNUcastPkts.

1. ifInNUcastPkts.0 81 .2 8876 ifInNUcastPkts. ifInUcastPkts.2 1780 Version 1.1) using index of first row.GetNextRequest Illustration  Issue a GetNextRequest(ifInOctets.  Response will be fields of next row: ifInOctets.2 4587213 ifInUcastPkts.1.

Protocol Operation – Getbulk Management Station PDU Type Req id Nonrepeaters Maxrepetitions Variable Bindings Device Agent Process PDU Type Req id Nonrepeaters MIB Maxrepetitions Variable Bindings Management Process PDU Format for getbulk PDU Type Version 1.0 Request nonmaxid repeaters repetitions Variable Bindings 82 .

0 83 .GetBulkRequest Version 1.

0 84 . manager need to specify both the object name and the value  Agent responds to the SET request with same PDU as GET-RESPONSE PDU Version 1. In order to set object values.SNMP – Protocol Interaction SET Operation  Manager sends Set Request to set value of objects.

0 Request id Error Status Error Index Variable Bindings 85 .SET PDU Type Management Station Req 0 0 Name Variable … Name Variable n id 1 1 n Management Process Device Agent Process MIB Name Variable n n PDU Type Req 0 id 0 Name Variable 1 1 •If no Validation error •Phase-2 : •If no updation error •The values are … set PDU Format SetRequest/Response PDU Type Version 1.Protocol Operation .

Protocol Operation – Trapv2 Management Station PDU type Req Id Device 00 Variable Bind List MIB Management process Agent Process •Trap PDU GeneratedUnusual Event occurrence PDU Format for Trap PDU Type Version 1.0 Request id Error Status Error Index Variable Bindings 86 .

GetNext or Set .Trap PDU  Format for SNMPv2 Trap PDU ----------------------------------------------------------| 0xA7 | reqid | 0 | 0 | variable bindings | ----------------------------------------------------------PDU format identical to Get.0 87 .  First variable provides agent’s value of sysUpTime when Trap generated.0 which identifies what type of trap it is Version 1.Info about trap embedded in variable bindings.  Next variable is snmpTrapOID.

” ::= { snmpTraps 3} Version 1. ifAdminStatus . linkDown NOTIFICATION-TYPE OBJECTS { ifIndex.NOTIFICATION-TYPE  SNMPv2 Traps are defined by this macro. ifOperStatus} STATUS current DESCRIPTION “A linkdown trap ….0 88 .

SNMPv1 Trap PDU  Trap message is sent by agent to manager at UDP port 162 whereas GetRequest and GetResponse goes to UDP port 161. | ts | var bind | ------------------------------------------------------------------ Version 1.  Format of SNMPv1 Trap PDU: -----------------------------------------------------------------| 0xA4 | ent.0 89 . | spec. | addr | gen.

Generic Traps  Six Generic Traps are defined:  coldStart (0)  warmStart (1)  linkDown(2)  linkUp (3)  authenticationFailure(4)  egpNeighbourLoss(5) Version 1.0 90 .

Version 1. This can also be sent from one manager to another.  InformsRequest PDU is: ----------------------------------------------------------| 0xA6 | reqid | 0 | 0 | variable bindings | ----------------------------------------------------------• • Type Value of 0xA6 indicates it is an Informs message.Informs  Informs are like SNMPv2 Traps but they are acknowledged.0 91 .

snmpbulkget for accessing MIB objects both scalars and table objects. snmpgetnext.  Capture in Ethereal the exchange between manager and agent and note the port number used by manager and agent and also the various filelds in the SNMP message.Workbook 8  Explore the AdventNet Manager and access the agent on Linux machine and see how the manager and agent interact.0 92 . Version 1.  Use snmptrap to generate traps which can be seen on AdventNet Trap Viewer.  Use snmpget.

SNMP Message BER Encoding Example Version 1.0 93 .

Version 1.0 94 ..SNMP Message BER Encoding Example.

Version 1.0 95 .Workbook 9  Make an SNMP request to the agent from your manager and trace byte wise the SNMP request and response in Ethereal.

Introduction to SNMP v3

Version 1.0

96

SNMPv3 Architecture

Version 1.0

97

SNMP Entity, Applications and Engine
SNMP Entity

SNMP Applications

SNMP Engine Implements functions to provide services to applications

Version 1.0

98

0 99 .SNMPv3 Agent Architecture Version 1.

Accepts outgoing PDU’s.0 100 .Functions of SNMP Engine 1. Does the following • • • Authentication Decryption Extraction of PDU’s from messages Version 1. Accepts incoming PDU’s. Does the following • • • Encryption Insert authentication code Encapsulation of PDU’s in messages 2.

SNMP v3 Message Structure msgVersion msgID msgMaxSize msgFlags msgSecurityModel msgSecurityParameters contextEngineID contextName PDU Version 1. priv.auth 1.0 snmpv3 Used by message processing subsystem reportable.2.3 Used by security and access control 101 .

Functions of Access Control Subsystem 1. works on PDUs Version 1. Operates on SNMP PDU’s. So far the only defined model is View Based Access Control Model. Authorization services to control access to MIBs for reading and setting of managed objects. 2.0 102 . Security Subsystem: privacy and authentication. works on SNMP messages Access Control: authorized access.

SNMPv3 Access Control Version 1.0 103 .

0 104 .A MIB View Version 1.

notify) Version 1.0 105 .VACM OID security name vacmSecurityToGroupTable groupName MIB View security model vacmAccessTable vacmViewTree FamilyTable security level context name mess type(read.write .

SNMP v3 Message Structure Version 1.0 106 .

USM Message Structure Version 1.0 107 .

msgPrivacyParameters: initial value of DES CBC algoritham Version 1.USM Message Parameters 1.0 108 . 5. Response or Report and of the destination for a Get. Set. msgUserName: user on whose behalf message is exchanged. GetBulk.msgAuthoritativeEngineID: snmpEngineID of the source for a Trap. 4. msgAuthoritativeEngineTime: snmpEngineTime represents number of seconds since SNMP Engine last incremented the snmpEngineBoots object. Informs 2. msgAuthenticationParameters: HMAC message code 6. msgAuthoritativeEngineBoots: snmpEngineBoots value which represents the number of times SNMP engine has reinitialized itself since its initial configuration 3. GetNext.

In these cases. This is referred to as noauth/nopriv.Authentication There are three goals in authentication: (1) to verify that the user is really who he says he is (2) to verify the user's message was not changed during transport (3) to verify that the message is not being replayed (copy the message and play it over again in the future). Authentication is optional in SNMPv3. There may be situations where the users are trusted and/or the data is not sensitive.0 109 . Version 1. the organization may not want to incur the overhead of using authentication.

The computed message digest is inserted in the message. The algorithm used HMAC (MD5 or SHA )is determined by the authentication protocol specified for the user. The authentication flag is turned on in the msgFlags. 3. 2. The entire packet is created.Authentication Sending an authenticated SNMPv3 packet: 1. 4. The packet is sent. and the msgAuthenticationParameters is zeroed out. A message digest is computed of the packet using the secret authentication key for the user specified in msgUserName.0 110 . Version 1.

Version 1. When privacy is invoked between a principal and a remote engine. all traffic between them is encrypted using the Data Encryption Standard (DES).0 111 . Manager entity and agent entity must share a secret key.Privacy with DES The SNMPv3 USM privacy facility enables managers and agents to encrypt messages to prevent eavesdropping by third parties. The cipher-block-chaining (CBC) mode of DES is used by USM.

Implement View Based Access Control on the v3 Agent in your system and test it out. Version 1.0 112 .Workbook 10 Observe the demo for configuring an SNMPv3 Agent.

0 113 .SNMP – V1 and V2 Comparison SNMP V1    The Trap PDU independently was defined  SNMP V2 Trap PDU redefined to be same as that of GetRequest Get Bulk operation was defined Inform Request PDU was defined for an acknowledged trap & to exchange info between mgmt stations The operation Get Bulk was never defined Inform Request was not defined   Version 1.

Sign up to vote on this title
UsefulNot useful