You are on page 1of 83

The Simple

Network
Management
Protocol

- SNMP - 1
Topics
Topics

▼ Brief history of SNMP.

▼ What does SNMP define ?

▼ Examine SNMP concepts / terminology.

▼ Examine the protocol messages.

2
SNMP
SNMP History
History

▼ Initially defined in 1988 in RFC 1067.
▼ Was intended as a short term solution until OSI Network
Management Framework could be used.
▼ In August of 1989, it was discovered that SNMP and OSI NMF
were too different to be compatible so SNMP became the
defacto standard.
▼ In 1993 the definition of SNMPv2 was started mainly to deal
with security issues. This version was not widely accepted
since the involved parties could not agree on certain issues.
▼ Currently work is being done to define the next version,
SNMP v3.

3
What
What is
is defined
defined by
by SNMP
SNMP ??

▼ The entities that participate in management operations.
▼ The type of messages that are exchanged and the structure
of those messages. (SNMP Protocol).
▼ The type of information that is managed. (MIB).
▼ How the managed information is described. (SMI - ASN.1).
▼ How the messages and the information they contain are
encoded. (SMI - BER).

4
SNMP
SNMP concepts
concepts // terminology
terminology

Network Management Station (NMS) Network Element

Application software

SNMP messages
MIB
SNMP Manager SNMP Agent

▼ SNMP Manager
▼ SNMP Agent

5
SNMP
SNMP concepts
concepts // terminology
terminology

SNMP Manager SNMP Agent

Application Application
Entity Entity

Authentication Authentication
Service Service

Protocol Protocol
Entity Entity

▼ Application entity
▼ Protocol entity
▼ Authentication service
6
SNMP
SNMP concepts
concepts // terminology
terminology

SNMP SNMP
Agent Non-SNMP
SNMP
other
managed
Manager Device device
Manager

▼ Proxy Agent

7
SNMP
SNMP concepts
concepts // terminology
terminology

Manager #1 Manager #2 Manager #3

Managed Managed Managed Managed
device device device device

▼ SNMP community
▼ Community name
8
SNMP
SNMP concepts
concepts // terminology
terminology

Manager #1 Manager #2 Manager #3

Community 1 Community 2
“public” Managed
device “secret”

▼ SNMP community
▼ Community name
9
Agent
Agent // Manager
Manager interactions
interactions

give me the value of attribute x numberOfPorts
errors
upTime
numConnections
here is the value of attribute x ...

Manager Agent

10
Agent
Agent // Manager
Manager interactions
interactions

change the value of attribute x to abc numberOfPorts
errors
upTime
numConnections
here is the updated value of attribute x ...

Manager Agent

11
Agent
Agent // Manager
Manager interactions
interactions

give me the value of attribute x numberOfPorts
errors
upTime
numConnections
something has happened here ...

Manager Agent

12
SNMP
SNMP concepts
concepts // terminology
terminology

root
(1)

documents SW releases customers personnel
(1) (2) (3) (4)
... ...

TRS DS PB Engineering Sales Support
(1) (2) (3) (1) (2) (3)

3EC12345 3EC24678 ...
(1) (2) (3) Systems Software Hardware 13
SNMP
SNMP concepts
concepts // terminology
terminology

▼ MIB
CCITT(0) ISO(1) Joint ISO/CCITT (2)
ORG(3) ▼ MIB View
DOD(6) ▼ Object Identifier
Internet(1)

Private(4) MGMT(2) Directory(1)
...
MIB(1)
Enterprises(1)

Alcatel (?) System(1) Interfaces(2) ... udp(7) ...

udpInDatagrams(1) udpNoPorts(2) udpInErrors(3) . . .
... ... ...
14
SNMP
SNMP concepts
concepts // terminology
terminology

Access mode MIB View Community name

READ_ONLY public

READ_WRITE secret

▼ Access mode
▼ Community profile
▼ Access policy
15
MIB
MIB Objects
Objects

CCITT(0) ISO(1) Joint ISO/CCITT (2)
ORG(3)

DOD(6)
Internet(1)

Private(4) MGMT(2) Directory(1)
...
MIB(1)
Enterprises(1)

Alcatel (?) System(1) Interfaces(2) ... udp(7) ...

udpInDatagrams(1) udpNoPorts(2) udpInErrors(3) . . .
... ... ...
16
MIB
MIB Objects
Objects

mib (1) 1.3.6.1.2.1

system interfaces at ip icmp tcp udp egp
(1) (2) (3) (4) (5) (6) (7) (8)

tcpRtoAlgorithm tcpRtoMin tcpRtoMax tcpMaxConn tcpActiveOpens … … tcpConnTable tcpInErrors tcpOutRsts
(1) (2) (3) (4) (5) …… (13) (14) (15)

tcpConnEntry
(1)

tcpConnState tcpConnLocalAddress tcpConnLocalPort tcpConnRemAddress tcpConnRemPort 17
(1) (2) (3) (4) (5)
MIB
MIB Objects
Objects

▼ Entries in the MIB correspond to Object Types that have an Object identifier.
▼ Only leaf entries in the MIB can be identified in order to access the objects value (instance).
▼ The instance of an object is identified by appending a suffix to the object identifier.
▼ For objects that do not belong to a table, the suffix is 0.

The object tcpRtoAlgorithm has an Object Identifier = 1.3.6.1.2.1.6.1

The instance of tcpRtoAlgorithm is identified using 1.3.6.1.2.1.6.1.0

1.3.6.1.2.1.6 (tcp)

tcpRtoAlgorithm tcpRtoMin tcpRtoMax tcpMaxConn tcpActiveOpens … … tcpConnTable tcpInErrors tcpOutRsts
(1) (2) (3) (4) (5) …… (13) (14) (15)

tcpConnEntry
(1)

tcpConnState tcpConnLocalAddress tcpConnLocalPort tcpConnRemAddress tcpConnRemPort 18
(1) (2) (3) (4) (5)
MIB
MIB Objects
Objects

▼ If the object belongs to a table, the rule for forming the suffix is defined by the author of the table.
▼ The suffix is formed by selecting column values that can uniquely identify a table row.

tcpConnTable index = <tcpConnLocalAddress>.<tcpConnLocalPort>.<tcpConnRemAddress>.<tcpConnRemPort>

tcpConnState of first row: 1.3.6.1.2.1.6.13.1.1.138.203.10.11.1025 .203.411.1.2.2010

tcpConnRemAddress of second row: 1.3.6.1.2.1.6.13.1.4 .138.203.10.11.766 .134.200.6.24.55

1.3.6.1.2.1.6

tcpRtoAlgorithm tcpRtoMin tcpRtoMax tcpMaxConn tcpActiveOpens … … tcpConnTable tcpInErrors tcpOutRsts
(1) (2) (3) (4) (5) …… (13) (14) (15)

tcpConnEntry
(1)
1 138.203.10.11 1025 203.411.1.2 2010
8 138.203.10.11 766 134.200.6.24 55
tcpConnState tcpConnLocalAddress tcpConnLocalPort tcpConnRemAddress tcpConnRemPort 19
(1) (2) (3) (4) (5)
MIB
MIB Objects
Objects

▼ Q1: What if no columns can uniquely define a row ?
▼ Q2: How can you read a table since you need to know its contents in order to access it ?
▼ Q3: How can a manager add a row to a table since rows are accessed by column values ?
▼ Q4: How can a manager delete a row in a table ?

1.3.6.1.2.1.6

tcpRtoAlgorithm tcpRtoMin tcpRtoMax tcpMaxConn tcpActiveOpens … … tcpConnTable tcpInErrors tcpOutRsts
(1) (2) (3) (4) (5) …… (13) (14) (15)

tcpConnEntry
(1)

tcpConnState tcpConnLocalAddress tcpConnLocalPort tcpConnRemAddress tcpConnRemPort 20
(1) (2) (3) (4) (5)
Recap:
Recap:

▼ Entities: Managers and Agents public private
▼ Protocol entity
Manager Manager
▼ application entity
▼ authentication service

▼ SNMP Communities
▼ Access policies
▼ MIB
▼ Organization
Agent
▼ Identifying MIB objects

MIB

public READ_ONLY
private READ_WRITE
21
The
The protocol:
protocol: SNMP
SNMP

▼ Four types of operations are defined in SNMP:
▼ get, which is used to retrieve management information
▼ get-next, which is used to retrieve information and traverse the MIB
▼ set, which is used to modify management information
▼ trap, which is used to report events

▼ SNMP is an asynchronous request/response protocol
▼ It is based on an unreliable transport service (UDP)
▼ SNMP is trap-directed, polling-based.

22
SNMP
SNMP Messages
Messages

get, get-next and set requests Trap

SNMP Manager network SNMP Agent
SNMP Manager network SNMP Agent

trap
get-request
or
set-request
or Process the
get-next Process the message
message

get-response get-request

LLY
NA Process the
T IO message
OP
get-response

23
SNMP
SNMP Messages
Messages

SNMP Message format for get, get-next, set and get-response messages
SNMP Message

SNMP PDU

Version Community PDU
type
Request Error
ID Status
Error
index
Object
name
Object Object
value name
Object
value
... Object
name
Object
value

Variable
bindings
Version: Which version of SNMP, 0 = version 1
Community: the community name
PDU type: the type of request. 0=GetRequest, 1=GetNextRequest, 2=GetResponse, 3=SetRequest
Request ID: an id for this message, manager sets it, the agent just returns it.
Error status: Manager sends 0, agent reports any errors in this field in the GetResponse PDU.
Error index: the variable to which the error corresponds.
Variable bindings: the list of object instances and their corresponding values, for which this request applies. There is
no limit on the number of objects in the variable bindings part, except to say that an SNMP protocol entity need not
accept messages larger than 484 octets.
24
SNMP
SNMP Messages
Messages

SNMP Message format for trap PDU
SNMP Message

Trap PDU

Version Community PDU enterprise agent
type
generic specific time
address trap trap stamp
Object
name
Object
value
... Object
name
Object
value

Variable
bindings
Version: Which version of SNMP, 0 = version 1
Community: the community name
PDU type: the type of request. 4=TrapPDU
Agent address: the address of the SNMP agent generating the trap
Generic trap: trap code. 0=coldStart, 1=warmStart, 2=linkDown, 3=linkUp, …, 6=enterprise specific (see next field)
Specific trap: if generic-trap=6, the code in this field indicates some proprietary trap.
Timestamp : the value of sysUpTime when the event occurred
Variable bindings: an optional list of variables with some interesting information.

25
SNMP
SNMP Messages
Messages

System 1.3.6.1.2.1.1

sysDescr sysObjectID sysUpTime sysContact sysName sysLocation sysServices
(1) (2) (3) (4) (5) (6) (7)

GetRequest sent by manager GetResponse sent by agent
0 -------------version------------- 0
“public” -----------community----------- “public”
0 ------------PDU type------------ 2
125 ------------request id----------- 125
0 ----------error status----------- 0
0 -----------error index----------- 0
1 3 6 1 2 1 1 3 0------------object name------------1 3 6 1 2 1 1 3 0
0 ------------object value------------- 432345
1 3 6 1 2 1 1 4 0 ------------object name-----------1 3 6 1 2 1 1 4 0
““ ------------object value-----------“support@access“

26
SNMP
SNMP Messages
Messages

System 1.3.6.1.2.1.1

sysDescr sysObjectID sysUpTime sysContact sysName sysLocation sysServices
(1) (2) (3) (4) (5) (6) (7)

SetRequest sent by manager GetResponse sent by agent
0 -------------version------------- 0
“public” -----------community----------- “public”
3 ------------PDU type------------ 2
125 ------------request id----------- 125
0 ----------error status----------- 4 (readOnly)
0 -----------error index----------- 1
1 3 6 1 2 1 1 3 0------------object name------------1 3 6 1 2 1 1 3 0
1000 ------------object value------------- 1000
1 3 6 1 2 1 1 4 0 ------------object name-----------1 3 6 1 2 1 1 4 0
“helpdesk“ ------------object value----------- “helpdesk“

Set operations are atomic, i.e if one of the parameters cannot be set for whatever reason,
then none of the parameters are set. 27
SNMP
SNMP Messages
Messages

System 1.3.6.1.2.1.1

sysDescr sysObjectID sysUpTime sysContact sysName sysLocation sysServices
(1) (2) (3) (4) (5) (6) (7)

SetRequest sent by manager GetResponse sent by agent
0 -------------version------------- 0
“secret” -----------community----------- “secret”
3 ------------PDU type------------ 2
126 ------------request id----------- 126
0 ----------error status----------- 0
0 -----------error index----------- 0
1 3 6 1 2 1 1 4 0------------object name------------1 3 6 1 2 1 1 4 0
“support” ------------object value------------- “support”
1 3 6 1 2 1 1 6 0 ------------object name-----------1 3 6 1 2 1 1 6 0
“A0 Edegem“ ------------object value----------- “A0 Edegem“

If a set operation is successful, the managed device behaves as if all parameters in the
set request were updated simultaneously. 28
MIB
MIB Objects
Objects revisited
revisited

1.3.6.1.2.1.6.13.1.1.138.203.10.11.1025.203.411.1.2.201
0
1.3.6.1.2.1.6.13.1.2.138.203.10.11.1025.203.411.1.2.201
0
1.3.6.1.2.1.6.13.1.3.138.203.10.11.1025.203.411.1.2.201
0
1.3.6.1.2.1.6.13.1.4.138.203.10.11.1025.203.411.1.2.201
0
1.3.6.1.2.1.6.13.1.5.138.203.10.11.1025.203.411.1.2.201
0
1.3.6.1.2.1.6
1.3.6.1.2.1.6.13.1.1.138.203.10.11.766.134.200.6.24.55
1.3.6.1.2.1.6.13.1.2.138.203.10.11.766.134.200.6.24.55
1.3.6.1.2.1.6.13.1.3.138.203.10.11.766.134.200.6.24.55
tcpRtoAlgorithm tcpRtoMin tcpRtoMax tcpMaxConn tcpActiveOpens … … tcpConnTable tcpInErrors tcpOutRsts
1.3.6.1.2.1.6.13.1.4.138.203.10.11.766.134.200.6.24.55
(1) (2) (3) (4) (5) …… (13) (14) (15)
1.3.6.1.2.1.6.13.1.5.138.203.10.11.766.134.200.6.24.55

tcpConnEntry
(1)
1 138.203.10.11 1025 203.411.1.2 2010
8 138.203.10.11 766 134.200.6.24 55
tcpConnState tcpConnLocalAddress tcpConnLocalPort tcpConnRemAddress tcpConnRemPort 29
(1) (2) (3) (4) (5)
MIB
MIB Objects
Objects revisited
revisited

1.3.6.1.2.1.6.13.1.1.138.203.10.11.1025.203.411.1.2.201 1.3.6.1.2.1.6.13.1.1.138.203.10.11.766.134.200.6.24.55
0 1.3.6.1.2.1.6.13.1.1.138.203.10.11.1025.203.411.1.2.201
1.3.6.1.2.1.6.13.1.2.138.203.10.11.1025.203.411.1.2.201 0
0
1.3.6.1.2.1.6.13.1.3.138.203.10.11.1025.203.411.1.2.201 1.3.6.1.2.1.6.13.1.2.138.203.10.11.766.134.200.6.24.55
0 1.3.6.1.2.1.6.13.1.2.138.203.10.11.1025.203.411.1.2.201
1.3.6.1.2.1.6.13.1.4.138.203.10.11.1025.203.411.1.2.201 0
0
1.3.6.1.2.1.6.13.1.5.138.203.10.11.1025.203.411.1.2.201 1.3.6.1.2.1.6.13.1.3.138.203.10.11.766.134.200.6.24.55
0 1.3.6.1.2.1.6.13.1.3.138.203.10.11.1025.203.411.1.2.201
0
1.3.6.1.2.1.6.13.1.1.138.203.10.11.766.134.200.6.24.55
1.3.6.1.2.1.6.13.1.2.138.203.10.11.766.134.200.6.24.55 1.3.6.1.2.1.6.13.1.4.138.203.10.11.766.134.200.6.24.55
1.3.6.1.2.1.6.13.1.3.138.203.10.11.766.134.200.6.24.55 1.3.6.1.2.1.6.13.1.4.138.203.10.11.1025.203.411.1.2.201
1.3.6.1.2.1.6.13.1.4.138.203.10.11.766.134.200.6.24.55 0
1.3.6.1.2.1.6.13.1.5.138.203.10.11.766.134.200.6.24.55
1.3.6.1.2.1.6.13.1.5.138.203.10.11.766.134.200.6.24.55.
1.3.6.1.2.1.6.13.1.5.138.203.10.11.1025.203.411.1.2.201
0
1 138.203.10.11 1025 203.411.1.2 2010
8 138.203.10.11 766 134.200.6.24 55
30
MIB
MIB objects
objects &
& GetNext
GetNext

▼ The identifiers of object instances in the MIB have an inherent lexicographic
ordering.
▼ With the GetNext request, you can take advantage of this ordering by asking
the agent to return to you the value of an object instance, whose object
identifier immediately follows the one contained in the request.
▼ GetNext semantics: give me the value AND object identifier of the object
instance in the MIB, whose object identifier immediately follows this one:
a.b.c.d…
▼ The object identifier supplied in the GetNext request does not necessarily
have to be that of an object instance. In fact it does not need to be a valid
object identifier at all.

31
GetNext
GetNext request
request

System 1.3.6.1.2.1.1

sysDescr sysObjectID sysUpTime sysContact sysName sysLocation sysServices
(1) (2) (3) (4) (5) (6) (7)

GetNextRequest sent by manager GetResponse sent by agent
0 -------------version------------- 0
“secret” -----------community----------- “secret”
1 ------------PDU type------------ 2
126 ------------request id----------- 126
0 ----------error status----------- 0
0 -----------error index----------- 0
1 3 6 1 2 1 1 ------------object name------------1 3 6 1 2 1 1 1 0
NULL ------------object value-------------
“MSAN FR3 SNMP”

32
Using
Using GetNext
GetNext to
to traverse
traverse aa table
table

▼ What are the facts that the SNMP manager knows:
▼ 1. All entries in the tcpConnTable have the prefix 1.3.6.1.2.1.6.13
▼ 2. The next MIB object after the table has the prefix 1.3.6.1.2.1.6.14
▼ 3. The tcpConnTable has 5 columns.

GetNext(1.3.6.1.2.1.6.13)
GetResponse(1.3.6.1.2.1.6.13.1.1.138.203.10.11.766.134.200.6.24.55 = 8)

8
1.3.6.1.2.1.6

tcpRtoAlgorithm tcpRtoMin tcpRtoMax tcpMaxConn tcpActiveOpens … … tcpConnTable tcpInErrors tcpOutRsts
(1) (2) (3) (4) (5) …… (13) (14) (15)

tcpConnEntry
(1)
1 138.203.10.11 1025 203.411.1.2 2010
8 138.203.10.11 766 134.200.6.24 55
tcpConnState tcpConnLocalAddress tcpConnLocalPort tcpConnRemAddress tcpConnRemPort 33
(1) (2) (3) (4) (5)
Using
Using GetNext
GetNext to
to traverse
traverse aa table
table

▼ What are the facts that the SNMP manager knows:
▼ 1. All entries in the tcpConnTable have the prefix 1.3.6.1.2.1.6.13
▼ 2. The next MIB object after the table has the prefix 1.3.6.1.2.1.6.14
▼ 3. The tcpConnTable has 5 columns.

1.3.6.1.2.1.6.13.1.1.138.203.10.11.766.134.200.6.24.55

8
1.3.6.1.2.1.6

tcpRtoAlgorithm tcpRtoMin tcpRtoMax tcpMaxConn tcpActiveOpens … … tcpConnTable tcpInErrors tcpOutRsts
(1) (2) (3) (4) (5) …… (13) (14) (15)

tcpConnEntry
(1)
1 138.203.10.11 1025 203.411.1.2 2010
8 138.203.10.11 766 134.200.6.24 55
tcpConnState tcpConnLocalAddress tcpConnLocalPort tcpConnRemAddress tcpConnRemPort 34
(1) (2) (3) (4) (5)
Using
Using GetNext
GetNext to
to traverse
traverse aa table
table

▼ What are the facts that the SNMP manager knows:
▼ 1. All entries in the tcpConnTable have the prefix 1.3.6.1.2.1.6.13
▼ 2. The next MIB object after the table has the prefix 1.3.6.1.2.1.6.14
▼ 3. The tcpConnTable has 5 columns.

GetNext(1.3.6.1.2.1.6.13.1.1.138.203.10.11.766.134.200.6.24.55)
GetResponse(1.3.6.1.2.1.6.13.1.1.138.203.10.11.1025.203.411.1.2.2010 = 1)

8
1.3.6.1.2.1.6 1

tcpRtoAlgorithm tcpRtoMin tcpRtoMax tcpMaxConn tcpActiveOpens … … tcpConnTable tcpInErrors tcpOutRsts
(1) (2) (3) (4) (5) …… (13) (14) (15)

tcpConnEntry
(1)
1 138.203.10.11 1025 203.411.1.2 2010
8 138.203.10.11 766 134.200.6.24 55
tcpConnState tcpConnLocalAddress tcpConnLocalPort tcpConnRemAddress tcpConnRemPort 35
(1) (2) (3) (4) (5)
Using
Using GetNext
GetNext to
to traverse
traverse aa table
table

▼ What are the facts that the SNMP manager knows:
▼ 1. All entries in the tcpConnTable have the prefix 1.3.6.1.2.1.6.13
▼ 2. The next MIB object after the table has the prefix 1.3.6.1.2.1.6.14
▼ 3. The tcpConnTable has 5 columns.

1.3.6.1.2.1.6.13.1.1.138.203.10.11.1025.203.411.1.2.2010

8
1.3.6.1.2.1.6 1

tcpRtoAlgorithm tcpRtoMin tcpRtoMax tcpMaxConn tcpActiveOpens … … tcpConnTable tcpInErrors tcpOutRsts
(1) (2) (3) (4) (5) …… (13) (14) (15)

tcpConnEntry
(1)
1 138.203.10.11 1025 203.411.1.2 2010
8 138.203.10.11 766 134.200.6.24 55
tcpConnState tcpConnLocalAddress tcpConnLocalPort tcpConnRemAddress tcpConnRemPort 36
(1) (2) (3) (4) (5)
Using
Using GetNext
GetNext to
to traverse
traverse aa table
table

▼ What are the facts that the SNMP manager knows:
▼ 1. All entries in the tcpConnTable have the prefix 1.3.6.1.2.1.6.13
▼ 2. The next MIB object after the table has the prefix 1.3.6.1.2.1.6.14
▼ 3. The tcpConnTable has 5 columns.

GetNext(1.3.6.1.2.1.6.13.1.1.138.203.10.11.1025.203.411.1.2.2010)
GetResponse(1.3.6.1.2.1.6.13.1.2.138.203.10.11.766.134.200.6.24.55 = 138.203.10.11)

8 138.203.10.11
1.3.6.1.2.1.6 1

tcpRtoAlgorithm tcpRtoMin tcpRtoMax tcpMaxConn tcpActiveOpens … … tcpConnTable tcpInErrors tcpOutRsts
(1) (2) (3) (4) (5) …… (13) (14) (15)

tcpConnEntry
(1)
1 138.203.10.11 1025 203.411.1.2 2010
8 138.203.10.11 766 134.200.6.24 55
tcpConnState tcpConnLocalAddress tcpConnLocalPort tcpConnRemAddress tcpConnRemPort 37
(1) (2) (3) (4) (5)
Using
Using GetNext
GetNext to
to traverse
traverse aa table
table

▼ What are the facts that the SNMP manager knows:
▼ 1. All entries in the tcpConnTable have the prefix 1.3.6.1.2.1.6.13
▼ 2. The next MIB object after the table has the prefix 1.3.6.1.2.1.6.14
▼ 3. The tcpConnTable has 5 columns.

1.3.6.1.2.1.6.13.1.2.138.203.10.11.766.134.200.6.24.55

8 138.203.10.11
1.3.6.1.2.1.6 1

tcpRtoAlgorithm tcpRtoMin tcpRtoMax tcpMaxConn tcpActiveOpens … … tcpConnTable tcpInErrors tcpOutRsts
(1) (2) (3) (4) (5) …… (13) (14) (15)

tcpConnEntry
(1)
1 138.203.10.11 1025 203.411.1.2 2010
8 138.203.10.11 766 134.200.6.24 55
tcpConnState tcpConnLocalAddress tcpConnLocalPort tcpConnRemAddress tcpConnRemPort 38
(1) (2) (3) (4) (5)
Using
Using GetNext
GetNext to
to traverse
traverse aa table
table

▼ What are the facts that the SNMP manager knows:
▼ 1. All entries in the tcpConnTable have the prefix 1.3.6.1.2.1.6.13
▼ 2. The next MIB object after the table has the prefix 1.3.6.1.2.1.6.14
▼ 3. The tcpConnTable has 5 columns.

GetNext(1.3.6.1.2.1.6.13.1.2.138.203.10.11.766.134.200.6.24.55)
GetResponse(1.3.6.1.2.1.6.13.1.2.138.203.10.11.1025.203.411.1.2.2010 = 138.203.10.11)

8 138.203.10.11
1.3.6.1.2.1.6 1 138.203.10.11

tcpRtoAlgorithm tcpRtoMin tcpRtoMax tcpMaxConn tcpActiveOpens … … tcpConnTable tcpInErrors tcpOutRsts
(1) (2) (3) (4) (5) …… (13) (14) (15)

tcpConnEntry
(1)
1 138.203.10.11 1025 203.411.1.2 2010
8 138.203.10.11 766 134.200.6.24 55
tcpConnState tcpConnLocalAddress tcpConnLocalPort tcpConnRemAddress tcpConnRemPort 39
(1) (2) (3) (4) (5)
Using
Using GetNext
GetNext to
to traverse
traverse aa table
table

▼ What are the facts that the SNMP manager knows:
▼ 1. All entries in the tcpConnTable have the prefix 1.3.6.1.2.1.6.13
▼ 2. The next MIB object after the table has the prefix 1.3.6.1.2.1.6.14
▼ 3. The tcpConnTable has 5 columns.

1.3.6.1.2.1.6.13.1.2.138.203.10.11.1025.203.411.1.2.2010

8 138.203.10.11
1.3.6.1.2.1.6 1 138.203.10.11

tcpRtoAlgorithm tcpRtoMin tcpRtoMax tcpMaxConn tcpActiveOpens … … tcpConnTable tcpInErrors tcpOutRsts
(1) (2) (3) (4) (5) …… (13) (14) (15)

tcpConnEntry
(1)
1 138.203.10.11 1025 203.411.1.2 2010
8 138.203.10.11 766 134.200.6.24 55
tcpConnState tcpConnLocalAddress tcpConnLocalPort tcpConnRemAddress tcpConnRemPort 40
(1) (2) (3) (4) (5)
Using
Using GetNext
GetNext to
to traverse
traverse aa table
table

▼ What are the facts that the SNMP manager knows:
▼ 1. All entries in the tcpConnTable have the prefix 1.3.6.1.2.1.6.13
▼ 2. The next MIB object after the table has the prefix 1.3.6.1.2.1.6.14
▼ 3. The tcpConnTable has 5 columns.

GetNext(1.3.6.1.2.1.6.13.1.2.138.203.10.11.1025.203.411.1.2.2010)
GetResponse(1.3.6.1.2.1.6.13.1.3.138.203.10.11.766.134.200.6.24.55 = 766)

8 138.203.10.11 766
1.3.6.1.2.1.6 1 138.203.10.11

tcpRtoAlgorithm tcpRtoMin tcpRtoMax tcpMaxConn tcpActiveOpens … … tcpConnTable tcpInErrors tcpOutRsts
(1) (2) (3) (4) (5) …… (13) (14) (15)

tcpConnEntry
(1)
1 138.203.10.11 1025 203.411.1.2 2010
8 138.203.10.11 766 134.200.6.24 55
tcpConnState tcpConnLocalAddress tcpConnLocalPort tcpConnRemAddress tcpConnRemPort 41
(1) (2) (3) (4) (5)
Using
Using GetNext
GetNext to
to traverse
traverse aa table
table

▼ What are the facts that the SNMP manager knows:
▼ 1. All entries in the tcpConnTable have the prefix 1.3.6.1.2.1.6.13
▼ 2. The next MIB object after the table has the prefix 1.3.6.1.2.1.6.14
▼ 3. The tcpConnTable has 5 columns.

1.3.6.1.2.1.6.13.1.3.138.203.10.11.766.134.200.6.24.55

8 138.203.10.11 766
1.3.6.1.2.1.6 1 138.203.10.11

tcpRtoAlgorithm tcpRtoMin tcpRtoMax tcpMaxConn tcpActiveOpens … … tcpConnTable tcpInErrors tcpOutRsts
(1) (2) (3) (4) (5) …… (13) (14) (15)

tcpConnEntry
(1)
1 138.203.10.11 1025 203.411.1.2 2010
8 138.203.10.11 766 134.200.6.24 55
tcpConnState tcpConnLocalAddress tcpConnLocalPort tcpConnRemAddress tcpConnRemPort 42
(1) (2) (3) (4) (5)
Using
Using GetNext
GetNext to
to traverse
traverse aa table
table

▼ What are the facts that the SNMP manager knows:
▼ 1. All entries in the tcpConnTable have the prefix 1.3.6.1.2.1.6.13
▼ 2. The next MIB object after the table has the prefix 1.3.6.1.2.1.6.14
▼ 3. The tcpConnTable has 5 columns.

GetNext(1.3.6.1.2.1.6.13.1.3.138.203.10.11.766.134.200.6.24.55)
GetResponse(1.3.6.1.2.1.6.13.1.3.138.203.10.11.1025.203.411.1.2.2010 = 1025)

8 138.203.10.11 766
1.3.6.1.2.1.6 1 138.203.10.11 1025

tcpRtoAlgorithm tcpRtoMin tcpRtoMax tcpMaxConn tcpActiveOpens … … tcpConnTable tcpInErrors tcpOutRsts
(1) (2) (3) (4) (5) …… (13) (14) (15)

tcpConnEntry
(1)
1 138.203.10.11 1025 203.411.1.2 2010
8 138.203.10.11 766 134.200.6.24 55
tcpConnState tcpConnLocalAddress tcpConnLocalPort tcpConnRemAddress tcpConnRemPort 43
(1) (2) (3) (4) (5)
Using
Using GetNext
GetNext to
to traverse
traverse aa table
table

▼ What are the facts that the SNMP manager knows:
▼ 1. All entries in the tcpConnTable have the prefix 1.3.6.1.2.1.6.13
▼ 2. The next MIB object after the table has the prefix 1.3.6.1.2.1.6.14
▼ 3. The tcpConnTable has 5 columns.

1.3.6.1.2.1.6.13.1.3.138.203.10.11.1025.203.411.1.2.2010

8 138.203.10.11 766
1.3.6.1.2.1.6 1 138.203.10.11 1025

tcpRtoAlgorithm tcpRtoMin tcpRtoMax tcpMaxConn tcpActiveOpens … … tcpConnTable tcpInErrors tcpOutRsts
(1) (2) (3) (4) (5) …… (13) (14) (15)

tcpConnEntry
(1)
1 138.203.10.11 1025 203.411.1.2 2010
8 138.203.10.11 766 134.200.6.24 55
tcpConnState tcpConnLocalAddress tcpConnLocalPort tcpConnRemAddress tcpConnRemPort 44
(1) (2) (3) (4) (5)
Using
Using GetNext
GetNext to
to traverse
traverse aa table
table

▼ What are the facts that the SNMP manager knows:
▼ 1. All entries in the tcpConnTable have the prefix 1.3.6.1.2.1.6.13
▼ 2. The next MIB object after the table has the prefix 1.3.6.1.2.1.6.14
▼ 3. The tcpConnTable has 5 columns.

GetNext(1.3.6.1.2.1.6.13.1.3.138.203.10.11.1025.203.411.1.2.2010)
GetResponse(1.3.6.1.2.1.6.13.1.4.138.203.10.11.766.134.200.6.24.55 = 134.200.6.24)

8 138.203.10.11 766 134.200.6.24
1.3.6.1.2.1.6 1 138.203.10.11 1025

tcpRtoAlgorithm tcpRtoMin tcpRtoMax tcpMaxConn tcpActiveOpens … … tcpConnTable tcpInErrors tcpOutRsts
(1) (2) (3) (4) (5) …… (13) (14) (15)

tcpConnEntry
(1)
1 138.203.10.11 1025 203.411.1.2 2010
8 138.203.10.11 766 134.200.6.24 55
tcpConnState tcpConnLocalAddress tcpConnLocalPort tcpConnRemAddress tcpConnRemPort 45
(1) (2) (3) (4) (5)
Using
Using GetNext
GetNext to
to traverse
traverse aa table
table

▼ What are the facts that the SNMP manager knows:
▼ 1. All entries in the tcpConnTable have the prefix 1.3.6.1.2.1.6.13
▼ 2. The next MIB object after the table has the prefix 1.3.6.1.2.1.6.14
▼ 3. The tcpConnTable has 5 columns.

1.3.6.1.2.1.6.13.1.4.138.203.10.11.766.134.200.6.24.55

8 138.203.10.11 766 134.200.6.24
1.3.6.1.2.1.6 1 138.203.10.11 1025

tcpRtoAlgorithm tcpRtoMin tcpRtoMax tcpMaxConn tcpActiveOpens … … tcpConnTable tcpInErrors tcpOutRsts
(1) (2) (3) (4) (5) …… (13) (14) (15)

tcpConnEntry
(1)
1 138.203.10.11 1025 203.411.1.2 2010
8 138.203.10.11 766 134.200.6.24 55
tcpConnState tcpConnLocalAddress tcpConnLocalPort tcpConnRemAddress tcpConnRemPort 46
(1) (2) (3) (4) (5)
Using
Using GetNext
GetNext to
to traverse
traverse aa table
table

▼ What are the facts that the SNMP manager knows:
▼ 1. All entries in the tcpConnTable have the prefix 1.3.6.1.2.1.6.13
▼ 2. The next MIB object after the table has the prefix 1.3.6.1.2.1.6.14
▼ 3. The tcpConnTable has 5 columns.

GetNext(1.3.6.1.2.1.6.13.1.4.138.203.10.11.766.134.200.6.24.55)
GetResponse(1.3.6.1.2.1.6.13.1.4.138.203.10.11.1025.203.411.1.2.2010 = 203.411.1.2)

8 138.203.10.11 766 134.200.6.24
1.3.6.1.2.1.6 1 138.203.10.11 1025 203.411.1.2

tcpRtoAlgorithm tcpRtoMin tcpRtoMax tcpMaxConn tcpActiveOpens … … tcpConnTable tcpInErrors tcpOutRsts
(1) (2) (3) (4) (5) …… (13) (14) (15)

tcpConnEntry
(1)
1 138.203.10.11 1025 203.411.1.2 2010
8 138.203.10.11 766 134.200.6.24 55
tcpConnState tcpConnLocalAddress tcpConnLocalPort tcpConnRemAddress tcpConnRemPort 47
(1) (2) (3) (4) (5)
Using
Using GetNext
GetNext to
to traverse
traverse aa table
table

▼ What are the facts that the SNMP manager knows:
▼ 1. All entries in the tcpConnTable have the prefix 1.3.6.1.2.1.6.13
▼ 2. The next MIB object after the table has the prefix 1.3.6.1.2.1.6.14
▼ 3. The tcpConnTable has 5 columns.

1.3.6.1.2.1.6.13.1.4.138.203.10.11.1025.203.411.1.2.2010

8 138.203.10.11 766 134.200.6.24
1.3.6.1.2.1.6 1 138.203.10.11 1025 203.411.1.2

tcpRtoAlgorithm tcpRtoMin tcpRtoMax tcpMaxConn tcpActiveOpens … … tcpConnTable tcpInErrors tcpOutRsts
(1) (2) (3) (4) (5) …… (13) (14) (15)

tcpConnEntry
(1)
1 138.203.10.11 1025 203.411.1.2 2010
8 138.203.10.11 766 134.200.6.24 55
tcpConnState tcpConnLocalAddress tcpConnLocalPort tcpConnRemAddress tcpConnRemPort 48
(1) (2) (3) (4) (5)
Using
Using GetNext
GetNext to
to traverse
traverse aa table
table

▼ What are the facts that the SNMP manager knows:
▼ 1. All entries in the tcpConnTable have the prefix 1.3.6.1.2.1.6.13
▼ 2. The next MIB object after the table has the prefix 1.3.6.1.2.1.6.14
▼ 3. The tcpConnTable has 5 columns.

GetNext(1.3.6.1.2.1.6.13.1.4.138.203.10.11.1025.203.411.1.2.2010)
GetResponse(1.3.6.1.2.1.6.13.1.5.138.203.10.11.766.134.200.6.24.55 = 55)

8 138.203.10.11 766 134.200.6.24 55
1.3.6.1.2.1.6 1 138.203.10.11 1025 203.411.1.2

tcpRtoAlgorithm tcpRtoMin tcpRtoMax tcpMaxConn tcpActiveOpens … … tcpConnTable tcpInErrors tcpOutRsts
(1) (2) (3) (4) (5) …… (13) (14) (15)

tcpConnEntry
(1)
1 138.203.10.11 1025 203.411.1.2 2010
8 138.203.10.11 766 134.200.6.24 55
tcpConnState tcpConnLocalAddress tcpConnLocalPort tcpConnRemAddress tcpConnRemPort 49
(1) (2) (3) (4) (5)
Using
Using GetNext
GetNext to
to traverse
traverse aa table
table

▼ What are the facts that the SNMP manager knows:
▼ 1. All entries in the tcpConnTable have the prefix 1.3.6.1.2.1.6.13
▼ 2. The next MIB object after the table has the prefix 1.3.6.1.2.1.6.14
▼ 3. The tcpConnTable has 5 columns.

1.3.6.1.2.1.6.13.1.5.138.203.10.11.766.134.200.6.24.55

8 138.203.10.11 766 134.200.6.24 55
1.3.6.1.2.1.6 1 138.203.10.11 1025 203.411.1.2

tcpRtoAlgorithm tcpRtoMin tcpRtoMax tcpMaxConn tcpActiveOpens … … tcpConnTable tcpInErrors tcpOutRsts
(1) (2) (3) (4) (5) …… (13) (14) (15)

tcpConnEntry
(1)
1 138.203.10.11 1025 203.411.1.2 2010
8 138.203.10.11 766 134.200.6.24 55
tcpConnState tcpConnLocalAddress tcpConnLocalPort tcpConnRemAddress tcpConnRemPort 50
(1) (2) (3) (4) (5)
Using
Using GetNext
GetNext to
to traverse
traverse aa table
table

▼ What are the facts that the SNMP manager knows:
▼ 1. All entries in the tcpConnTable have the prefix 1.3.6.1.2.1.6.13
▼ 2. The next MIB object after the table has the prefix 1.3.6.1.2.1.6.14
▼ 3. The tcpConnTable has 5 columns.

GetNext(1.3.6.1.2.1.6.13.1.5.138.203.10.11.766.134.200.6.24.55)
GetResponse(1.3.6.1.2.1.6.13.1.5.138.203.10.11.1025.203.411.1.2.2010 = 2010)

8 138.203.10.11 766 134.200.6.24 55
1.3.6.1.2.1.6 1 138.203.10.11 1025 203.411.1.2 2010

tcpRtoAlgorithm tcpRtoMin tcpRtoMax tcpMaxConn tcpActiveOpens … … tcpConnTable tcpInErrors tcpOutRsts
(1) (2) (3) (4) (5) …… (13) (14) (15)

tcpConnEntry
(1)
1 138.203.10.11 1025 203.411.1.2 2010
8 138.203.10.11 766 134.200.6.24 55
tcpConnState tcpConnLocalAddress tcpConnLocalPort tcpConnRemAddress tcpConnRemPort 51
(1) (2) (3) (4) (5)
Using
Using GetNext
GetNext to
to traverse
traverse aa table
table

▼ What are the facts that the SNMP manager knows:
▼ 1. All entries in the tcpConnTable have the prefix 1.3.6.1.2.1.6.13
▼ 2. The next MIB object after the table has the prefix 1.3.6.1.2.1.6.14
▼ 3. The tcpConnTable has 5 columns.

1.3.6.1.2.1.6.13.1.5.138.203.10.11.1025.203.411.1.2.2010

8 138.203.10.11 766 134.200.6.24 55
1.3.6.1.2.1.6 1 138.203.10.11 1025 203.411.1.2 2010

tcpRtoAlgorithm tcpRtoMin tcpRtoMax tcpMaxConn tcpActiveOpens … … tcpConnTable tcpInErrors tcpOutRsts
(1) (2) (3) (4) (5) …… (13) (14) (15)

tcpConnEntry
(1)
1 138.203.10.11 1025 203.411.1.2 2010
8 138.203.10.11 766 134.200.6.24 55
tcpConnState tcpConnLocalAddress tcpConnLocalPort tcpConnRemAddress tcpConnRemPort 52
(1) (2) (3) (4) (5)
Using
Using GetNext
GetNext to
to traverse
traverse aa table
table

▼ What are the facts that the SNMP manager knows:
▼ 1. All entries in the tcpConnTable have the prefix 1.3.6.1.2.1.6.13
▼ 2. The next MIB object after the table has the prefix 1.3.6.1.2.1.6.14
▼ 3. The tcpConnTable has 5 columns.

GetNext(1.3.6.1.2.1.6.13.1.5.138.203.10.11.1025.203.411.1.2.2010)
GetResponse(1.3.6.1.2.1.6.14.0 = 2786)

We are no longer in the table 8 138.203.10.11 766 134.200.6.24 55
1.3.6.1.2.1.6 1 138.203.10.11 1025 203.411.1.2 2010

tcpRtoAlgorithm tcpRtoMin tcpRtoMax tcpMaxConn tcpActiveOpens … … tcpConnTable tcpInErrors tcpOutRsts
(1) (2) (3) (4) (5) …… (13) (14) (15)

tcpConnEntry
(1)
1 138.203.10.11 1025 203.411.1.2 2010
8 138.203.10.11 766 134.200.6.24 55
tcpConnState tcpConnLocalAddress tcpConnLocalPort tcpConnRemAddress tcpConnRemPort 53
(1) (2) (3) (4) (5)
Using
Using GetNext
GetNext to
to traverse
traverse aa table
table

▼ What are the facts that the SNMP manager knows:
▼ 1. All entries in the tcpConnTable have the prefix 1.3.6.1.2.1.6.13
▼ 2. The next MIB object after the table has the prefix 1.3.6.1.2.1.6.14
▼ 3. The tcpConnTable has 5 columns.

GetNext( GetResponse(
1.3.6.1.2.1.6.13.1.1 1.3.6.1.2.1.6.13.1.1.138.203.10.11.766.134.200.6.24.55 =8
1.3.6.1.2.1.6.13.1.2 1.3.6.1.2.1.6.13.1.2.138.203.10.11.766.134.200.6.24.55 = 138.203.10.11
1.3.6.1.2.1.6.13.1.3 1.3.6.1.2.1.6.13.1.3.138.203.10.11.766.134.200.6.24.55 = 766
1.3.6.1.2.1.6.13.1.4 1.3.6.1.2.1.6.13.1.4.138.203.10.11.766.134.200.6.24.55 = 134.200.6.4
1.3.6.1.2.1.6.13.1.5) 1.3.6.1.2.1.6.13.1.5.138.203.10.11.766.134.200.6.24.55 = 55)

tcpRtoAlgorithm tcpRtoMin tcpRtoMax tcpMaxConn tcpActiveOpens … … tcpConnTable tcpInErrors tcpOutRsts
(1) (2) (3) (4) (5) …… (13) (14) (15)

tcpConnEntry
(1)
1 138.203.10.11 1025 203.411.1.2 2010
8 138.203.10.11 766 134.200.6.24 55
tcpConnState tcpConnLocalAddress tcpConnLocalPort tcpConnRemAddress tcpConnRemPort 54
(1) (2) (3) (4) (5)
More
More on
on tables
tables

Adding rows to tables:
To add a row to a table, you must provide all the data for the complete row in a single set request.
For example, to add the row: 1 138.203.1.2 100 204.100.1.1 200
to the tcpConnTable of the previous example, the following set request would need to be sent:

0
“public”
3
125
0
0
1.3.6.1.2.1.6.13.1.1.138.203.1.2.100.204.100.1.1.200
1
1.3.6.1.2.1.6.13.1.2.138.203.1.2.100.204.100.1.1.200
138.203.1.2
1.3.6.1.2.1.6.13.1.3.138.203.1.2.100.204.100.1.1.200 Note: this is just an example. This request
100 would actually fail with status readOnly because
1.3.6.1.2.1.6.13.1.4.138.203.1.2.100.204.100.1.1.200 the tcpConnTable is indeed read-only: entries can
204.100.1.1 only be added by the protocol stack.
1.3.6.1.2.1.6.13.1.5.138.203.1.2.100.204.100.1.1.200
200 55
More
More on
on tables
tables

Deleting rows in tables:
Deleting a table row is done in a single set operation. A row is deleted by setting one of the elements
in the row to invalid. Which element this is and the value that is interpreted as invalid, is described
by the author of the table. In case no such description is provided (e.g. tcpConnTable), row deletion
is not possible.

An example is the ipRoutingTable:

ipRouteDest IpAddress,
Rows in this table are deleted by setting the ipRouteType
ipRouteIfIndex INTEGER, of the row to be deleted to invalid (2).
ipRouteMetric1 INTEGER,
ipRouteMetric2 INTEGER,
ipRouteMetric3 INTEGER,
ipRouteMetric4 INTEGER,
ipRouteNextHop IpAddress,
ipRouteType INTEGER,
ipRouteProto INTEGER,
ipRouteAge INTEGER,
ipRouteMask IpAddress
56
A
A word
word on
on authentication
authentication

Access mode MIB View Community name
READ_ONLY public

READ_WRITE secret

Access policy

SNMP Message

Version Community PDU
type
Request Error
ID Status
Error
index
Object
name
Object Object
value name
Object
value
... Object
name
Object
value

When a manager sends a request to an SNMP agent it includes the community name in the SNMP message.
The agent verifies that the specified community has sufficient access to complete the request based on the
access policy.

Community names are simple printable strings, that is why it is called trivial authentication. 57
Recap:
Recap:

▼ SNMP Protocol messages:
▼ Get request
▼ GetNext request
▼ SetRequest
▼ GetResponse
▼ Trap
▼ Structure of SNMP messages

▼ Lexicographic ordering of MIB data
▼ Using GetNext to traverse a table
▼ Adding table rows
▼ Deleting table rows
▼ Authentication

58
Defining
Defining aa MIB
MIB (SMI)
(SMI)

▼ RFC 1155 defines the rules that are used to describe a MIB, and to encode
the information exchanged between manager and agent. This is known
as the Structure of Management Information (SMI).
▼ A MIB is described using ASN.1 - a language used to define data and data
structures without regard to machine oriented structures and restrictions.
▼ The SMI also describes the format of the messages that are exchanged
between SNMP manager and agent. This is also done using ASN.1.
▼ The SMI also defines how these messages are encoded for transmission
over a network. These rules are called the Basic Encoding Rules (BER).

59
ASN.1
ASN.1

▼ ASN.1 has a rich syntax that provides many features for the description /
definition of complex data structures. There are three basic blocks which
are used in ASN.1:
▼ Types, which are used to define new data structures

▼ Values, which are used to define instances of a type, and

▼ Macros, which are used to augment the grammar of ASN.1

▼ SNMP places restrictions on the features of ASN.1 that can be used, in
order to preserve the protocols simplicity.

60
ASN.1
ASN.1 in
in SNMP
SNMP

▼ The subset of ASN.1 that can be used for SNMP as described in the SMI:
▼ Simple types (also called non-aggregate types)
▼ INTEGER integer with no value limitation

▼ OCTET STRING a series of octets (value 0..255)

▼ OBJECT IDENTIFIER a series of non-negative integers

▼ NULL used as a place holder

▼ Tagged types
▼ Can be used to create a new type based on an existing type

▼ Can be used to impose restrictions on the value range of a type

▼ Constructed types
▼ SEQUENCE used to define structures (table rows)

▼ SEQUENCE OF used to define an array of structures (a table)

▼ Macros

61
ASN.1
ASN.1 tags
tags

▼ Each ASN.1 type has associated with it an integer value (called a tag), eg:
▼ BOOLEAN tag = 1
▼ INTEGER tag = 2
▼ BIT STRING tag = 3
▼ etc

▼ The tags associated with these types are split into 4 categories:
▼ universal tags, which are assigned to the well defined types (INTEGER, OCTET
STRING, etc)
▼ application-wide tags, which are defined in the scope of specific applications of
ASN.1 (eg. ASN.1 types defined in SNMP)
▼ context-specific tags, which are used to provide distinguishing information in
constructor types, and
▼ private-use tags, which are agreed upon between consenting parties

62
ASN.1
ASN.1 examples
examples

▼ Simple Type example:

Status ::=
INTEGER { up(1), down(2), testing(3) }

DisplayString ::=
OCTET STRING

▼ Value example:

serverBusStatus Status ::= up -- or 1

companyName DisplayString ::= “Alcatel”

63
ASN.1
ASN.1 SNMP
SNMP tagged
tagged types
types

▼ Tagged types: the following application-wide tagged types are defined in SNMP:

▼ NetworkAddress, a CHOICE depending on the protocol. Currently only Internet protocol network
addresses are supported.

▼ IpAddress, an OCTET STRING of length 4.

▼ Counter, a non-negative integer which wraps to 0 after 2^32-1

▼ Gauge, a non-negative integer which may increase or decrease, but latches if it takes the value 2^32-1

▼ TimeTicks, a non-negative integer describing hundredths of a second since some reference (eg. 100ths
of a second since reset)
▼ Opaque, a series of ASN.1 encoded octets, wrapped in an OCTET STRING (not really used)

64
ASN.1
ASN.1 SNMP
SNMP tagged
tagged types
types

▼ Tagged types example:

IpAddress ::= -- in network order
[APPLICATION 0]
IMPLICIT OCTET STRING ( SIZE(4) )

-- Gauge: the value of a gauge can increase or decrease but its value will be latched
-- if it reaches the value 2^32-1
Gauge ::=
[APPLICATION 2]
IMPLICIT INTEGER (0..4294967295)

65
ASN.1
ASN.1 Macros
Macros

▼ Macros: are used to define new syntax rules in ASN.1. The following macro defines
how a MIB object (OBJECT-TYPE) is described in ASN.1:

OBJECT-TYPE MACRO ::=
BEGIN
TYPE NOTATION ::= “SYNTAX” type (Type ObjectSyntax)
“ACCESS” Access
“STATUS” Status
VALUE NOTATION ::= value (VALUE ObjectName)
Access ::= “read-only” | “read-write” | “write-only” | “not-accessible”
Status ::= “mandatory” | “optional” | “obsolete”
END

Using the OBJECT-TYPE macro, a MIB object definition would look like this:
tcpRtoMin OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
::= { 1 3 6 1 2 1 6 2 }

66
ASN.1
ASN.1 constructed
constructed types
types

▼ Constructed types: are used to define table rows and tables:
tcpConnTable OBJECT-TYPE
SYNTAX SEQUENCE OF TcpConnEntry
ACCESS read-only
STATUS mandatory
::= { tcp 13 }

tcpConnEntry OBJECT-TYPE
SYNTAX TcpConnEntry
ACCESS read-only
STATUS mandatory
::= { tcpConnTable 1 }

TcpConnEntry ::=
SEQUENCE {
tcpConnState INTEGER,
tcpConnLocalAddress IpAddress,
tcpConnLocalPort INTEGER (0..65535)
tcpConnRemAddress IpAddress,
tcpConnRemPort INTEGER (0..65535)
}

67
Message
Message encoding
encoding BER
BER

▼ The Basic Encoding Rules (BER) describe how an SNMP message is
encoded for transmission over the network.
▼ BER is a recursive algorithm that can produce a compact byte
representation of ASN.1 data.
▼ It is rather complex but has been around for a long time = FREEWARE !

68
Basic
Basic Encoding
Encoding Rules
Rules

SNMP Message

Version Community PDU
type
Request Error
ID Status
Error
index
Object
name
Object Object
value name
Object
value
... Object
name
Object
value

▼ ASN.1 objects are encoded in three fields:

tag length value

▼ tag describes the type of ASN.1 object that is being encoded
▼ length describes how many octets contain the object value
▼ value is a number of bytes that contain the value of the ASN.1 object

69
Basic
Basic Encoding
Encoding Rules
Rules -- Tag
Tag field
field

▼ Encoding of the tag field: Class bit8 bit7
Universal 0 0 (INTEGER, OCTET STRING, …)
Application-wide 0 1 (Gauge, Counter, …)
Context-specific 1 0
class f tag value Private 1 1
Bit 8 7 6 5 4 3 2 1 f (bit 6)
0 Simple types (INTEGER, OCTET STRING, …)
1 Constructor types (SEQUENCE, SEQUENCE OF)
value
Bit 8 7 6 5 4 3 2 1 if value < 31 then bit5 to bit1 contain the value
if value >= 31 then bit5 to bit1 are all 1 and value is encoded
0 0 0 0 0 0 1 0 INTEGER
in the octets that follow.

0 0 1 1 0 0 0 0 SEQUENCE

1 1 0 1 1 1 1 1 1 0 1 1 0 0 1 0 1 0 1 1 1 0 1 0 0 1 1 1 0 1 1 1

70
0110010 0111010 1110111 = 826743
Basic
Basic Encoding
Encoding Rules
Rules -- Length
Length field
field

▼ Encoding of the length field:

t length bits t (bit 8)
0 if length < 128, length bits then contain the length
Bit 8 7 6 5 4 3 2 1 1 if length > 128, length bits then contain the number of
octets that follow, representing the length.

Up to 126*8 = 1008 bits can be used to represent a length

Bit 8 7 6 5 4 3 2 1

0 0 1 1 0 0 1 0 length = 50

1 0 0 0 0 0 1 0 0 0 1 1 0 0 1 0 1 0 1 1 0 0 1 0

2 bytes of length value 00110010 10110010 = 12978

71
Basic
Basic Encoding
Encoding Rules
Rules -- Value
Value field
field

Encoding of the value field:

▼ The rules describing the encoding of the value field of an ASN.1 type depend on the type of the data being encoded.

▼ INTEGER values are encoded using the two’s-complement representation.

▼ OCTET STRING simply contains the octet values one after the other

▼ OBJECT IDENTIFIER: if you have an object identifier X.Y.a.b.c.d…, the value field is encoded as a series of INTEGER’s in the following order:
[40*X+Y] [a] [b] [c] [d] …

eg. 1.2.3.4 is encoded as [42] [3] [4], or, in hex: 2A 03 04

72
Basic
Basic Encoding
Encoding Rules
Rules examples
examples

Version Community PDU
type
Request Error
ID Status
Error
index
Object
name
Object Object
value name
Object
value
... Object
name
Object
value

Suppose we want to encode the following MIB variables during the construction of a GetResponse PDU:

sysUpTime : 1.3.6.1.2.1.1.3.0 value = 432345 (TimeTicks)
sysContact : 1.3.6.1.2.1.1.4.0 value = “support@access”

sysUpTime:
object name encoded in BER: 06 08 2B 06 01 02 01 01 03 00

object value = 432345 = 1101001100011011001 = 0011010 0110001 1011001 =
10011010 10110001 01011001 = 9A B1 55
object value encoded in BER: 43 03 9A B1 55
sysContact:
object name encoded in BER: 06 08 2B 06 01 02 01 01 04 00
object value encoded in BER: 04 0E 73 75 70 70 6F 72 74 40 61 63 63 65 73 73

73
ASN.1
ASN.1 Definition
Definition of
of SNMP
SNMP messages
messages

Message ::=
SEQUENCE { PDU ::=
version INTEGER {version-1(0)}, SEQUENCE {
community OCTET STRING, request-id INTEGER,
data ANY -- PDU’s go here error-status INTEGER {
}
noError(0),
PDUs ::= tooBig(1),
CHOICE { noSuchName(2),
get-request GetRequest-PDU, badValue(3),
get-next-request GetNextRequest-PDU, readOnly(4),
get-response GetResponse-PDU, genErr(5)
set-request SetRequest-PDU,
trap Trap-PDU
}
} error-index INTEGER,
variable-bindings VarBindList
GetRequest-PDU ::= }
[0] --context-specific tag
IMPLICIT PDU VarBind ::=
GetNextRequest-PDU ::=
[1] --context-specific tag
SEQUENCE {
IMPLICIT PDU name ObjectName,
GetResponse-PDU ::= value ObjectSyntax
[2] --context-specific tag }
IMPLICIT PDU
SetRequest-PDU ::= VarBindList ::=
[3] --context-specific tag 74
IMPLICIT PDU
SEQUENCE OF
VarBind
Encoding
Encoding an
an SNMP
SNMP Message
Message

30 ?? SEQUENCE
02 01 00 version
04 06 70 75 62 6C 69 63 (‘public’) community
A2 ?? PDU
02 01 7D request id
02 01 00 error status
02 01 00 error index
30 ?? SEQUENCE OF
30 ?? SEQUENCE
0
06 09 43 06 01 02 01 01 03 00 ObjectName
“public” 43 03 9A B1 55 ObjectValue
2
30 ?? SEQUENCE
125
0 06 09 43 06 01 02 01 01 04 00 ObjectName
0 04 0E 73 75 70 70 6F 72 74 40 61 63 63 65 73 73 ObjectValue
136121130
432345
136121140
75
“support@access“
Encoding
Encoding an
an SNMP
SNMP message
message

30 ?? SEQUENCE
02 01 00 version
04 06 70 75 62 6C 69 63 (‘public’) community
A2 ?? PDU
02 01 7D request id
02 01 00 error status
02 01 00 error index
30 ?? SEQUENCE OF
30 ?? SEQUENCE
0
06 09 43 06 01 02 01 01 03 00 ObjectName
“public” 43 03 9A B1 55 ObjectValue
2
30 1A SEQUENCE
125
0 06 09 43 06 01 02 01 01 04 00 ObjectName
0 04 0E 73 75 70 70 6F 72 74 40 61 63 63 65 73 73 ObjectValue
136121130
432345
136121140
76
“support@access“
Encoding
Encoding an
an SNMP
SNMP message
message

30 ?? SEQUENCE
02 01 00 version
04 06 70 75 62 6C 69 63 (‘public’) community
A2 ?? PDU
02 01 7D request id
02 01 00 error status
02 01 00 error index
30 ?? SEQUENCE OF
30 0F SEQUENCE
0
06 09 43 06 01 02 01 01 03 00 ObjectName
“public” 43 03 9A B1 55 ObjectValue
2
30 1A SEQUENCE
125
0 06 09 43 06 01 02 01 01 04 00 ObjectName
0 04 0E 73 75 70 70 6F 72 74 40 61 63 63 65 73 73 ObjectValue
136121130
432345
136121140
77
“support@access“
Encoding
Encoding an
an SNMP
SNMP message
message

30 ?? SEQUENCE
02 01 00 version
04 06 70 75 62 6C 69 63 (‘public’) community
A2 ?? PDU
02 01 7D request id
02 01 00 error status
02 01 00 error index
30 2D SEQUENCE OF
30 0F SEQUENCE
0
06 09 43 06 01 02 01 01 03 00 ObjectName
“public” 43 03 9A B1 55 ObjectValue
2
30 1A SEQUENCE
125
0 06 09 43 06 01 02 01 01 04 00 ObjectName
0 04 0E 73 75 70 70 6F 72 74 40 61 63 63 65 73 73 ObjectValue
136121130
432345
136121140
78
“support@access“
Encoding
Encoding an
an SNMP
SNMP message
message

30 ?? SEQUENCE
02 01 00 version
04 06 70 75 62 6C 69 63 (‘public’) community
A2 38 PDU
02 01 7D request id
02 01 00 error status
02 01 00 error index
30 2D SEQUENCE OF
30 0F SEQUENCE
0
06 09 43 06 01 02 01 01 03 00 ObjectName
“public” 43 03 9A B1 55 ObjectValue
2
30 1A SEQUENCE
125
0 06 09 43 06 01 02 01 01 04 00 ObjectName
0 04 0E 73 75 70 70 6F 72 74 40 61 63 63 65 73 73 ObjectValue
136121130
432345
136121140
79
“support@access“
Encoding
Encoding an
an SNMP
SNMP message
message

30 45 SEQUENCE
02 01 00 version
04 06 70 75 62 6C 69 63 (‘public’) community
A2 38 PDU
02 01 7D request id
02 01 00 error status
02 01 00 error index
30 2D SEQUENCE OF
30 0F SEQUENCE
0
06 09 43 06 01 02 01 01 03 00 ObjectName
“public” 43 03 9A B1 55 ObjectValue
2
30 1A SEQUENCE
125
0 06 09 43 06 01 02 01 01 04 00 ObjectName
0 04 0E 73 75 70 70 6F 72 74 40 61 63 63 65 73 73 ObjectValue
136121130
432345
136121140
80
“support@access“
SNMP:
SNMP: Elements
Elements of
of procedure
procedure

▼ How an SNMP agent processes a request:
▼ A packet is received containing an SNMP message from a manager.

▼ Parse the packet applying BER to extract the message version and
community parameters. If the parsing fails, the packet is discarded and no
further action is taken.
▼ Verify the version number in the message. If there is a mismatch discard the
message and take no further action.
▼ Pass the community name and the packets source and destination address to
the authentication service. If authentication fails, (possibly) generate a TRAP,
and take no further action.
▼ Parse the PDU portion of the message to extract the parameters. If the parsing
fails, discard the message and take no further action.
▼ Process the request taking into account the access permissions specified by
the community name and access policy.
▼ Build the response message and send it to the manager. 81
BER
BER Tag
Tag values
values used
used in
in SNMP
SNMP

Type Tag in HEX

INTEGER 02
OCTET STRING 04
NULL 05
OBJECT IDENTIFIER 06
SEQUENCE 30
SEQUENCE OF 30

IpAddress 40
Counter 41
Gauge 42
TimeTicks 43
Opaque 44

GetRequest-PDU A0
GetNextRequest-PDU A1
GetResponse-PDU A2
SetRequest-PDU A3
Trap-PDU A4 82
References
References

[1] The Simple Book, Author: Marshal T. Rose, Prentice Hall 1991
Alcatel document number: 17220

[2] RFC 1212: Concise MIB Definitions

[3] RFC 1155: Structure and Identification of Management Information for TCP/IP based internets.

[4] RFC 1157: A Simple Network Management Protocol (SNMP)

[5] TCP/IP Illustrated, Volume 1, W. Richard Stevens, Addison Wesley 1994, Chapter 25

83