Anda di halaman 1dari 9

SNMP Tutorial

---------------=
Since its creation in 1988 as a short-term solution to manage elements in the growing
Internet and other attached networks, SNMP has achieved widespread acceptance. SNMP
was derived rom its predecessor S!MP "Simple !atewa# Management Protocol$ and was
intended to %e replaced %# a solution %ased on the &MIS'&MIP "&ommon Management
Inormation Service'Protocol$ architecture. (his long-term solution, however, never received
the widespread acceptance o SNMP.
SNMP is %ased on the manager'agent model consisting o an SNMP manager, an SNMP
agent, a data%ase o management inormation, managed SNMP devices and the network
protocol. (he SNMP manager provides the interace %etween the human network manager
and the management s#stem. (he SNMP agent provides the interace %etween the
manager and the ph#sical device"s$ %eing managed "see the illustration a%ove$.
(he SNMP manager and agent use an SNMP Management Inormation )ase "MI)$ and a
relativel# small set o commands to e*change inormation. (he SNMP MIB is organi+ed in a
tree structure with individual varia%les, such as point status or description, %eing
represented as leaves on the %ranches. , long numeric tag or o%-ect identiier ".I/$ is used
to distinguish each varia%le uni0uel# in the MI) and in SNMP messages.
SNMP uses ive %asic messages "!1(, !1(-N12(, !1(-31SP.NS1, S1(, and (3,P$ to
communicate %etween the SNMP manager and the SNMP agent. (he !1( and !1(-N12(
messages allow the manager to re0uest inormation or a speciic varia%le.
(he agent, upon receiving a !1( or !1(-N12( message, will issue a !1(-31SP.NS1
message to the SNMP manager with either the inormation re0uested or an error
indication as to wh# the re0uest cannot %e processed. , S1( message allows the SNMP
manager to re0uest a change %e made to the value o a speciic varia%le in the case o an
alarm remote that will operate a rela#. (he SNMP agent will then respond with a !1(-
31SP.NS1 message indicating the change has %een made or an error indication as to wh#
the change cannot %e made. (he SNMP (3,P message allows the agent to spontaneousl#
inorm the SNMP manager o an 4important4 event.
,s #ou can see, most o the messages "!1(, !1(-N12(, and S1($ are onl# issued %# the
SNMP manager. )ecause the (3,P message is the onl# message capa%le o %eing initiated
%# an SNMP agent, it is the message used %# /PS 3emote (elemetr# 5nits "3(5s$ to report
alarms. (his notiies the SNMP manager as soon as an alarm condition occurs, instead o
waiting or the SNMP manager to ask.
SNMP is %ased on the manager'agent model o a
network management architecture.
(he small num%er o commands used is onl# one o the reasons SNMP is 4simple.4 (he other
simpli#ing actor is the SNMP protocol6s reliance on an unsupervised or connectionless
communication link. (his simplicit# has led directl# to the widespread use o SNMP,
speciicall# in the Internet Network Management 7ramework. 8ithin this ramework, it is
considered 4ro%ust4 %ecause o the independence o the SNMP managers rom the agents,
e.g. i an SNMP agent ails, the SNMP manager will continue to unction, or vice versa. (he
unsupervised communication link does however create some interesting issues or network
alarm monitoring we will discuss more thoroughl# in a later issue o our SNMP tutorial.
1ach SNMP element manages speciic o%-ects with each o%-ect having speciic
characteristics. 1ach o%-ect ' characteristic has a uni0ue o%-ect identiier ".I/$ consisting o
num%ers separated %# decimal points "i.e., 1.9.:.1.;.1.<:8<.1$. (hese o%-ect identiiers
naturall# orm a tree as shown %elow. (he MI) associates each .I/ with a reada%le la%el
"i.e., dps3(5,State$ and various other parameters related to the o%-ect. (he MI) then
serves as a data dictionar# or code %ook that is used to assem%le and interpret SNMP
messages.
(he %ranch o the MI) o%-ect identiier tree.
8hen an SNMP manager wants to know the value o an o%-ect ' characteristic, such as the
state o an alarm point, the s#stem name, or the element uptime, it will assem%le a !1(
packet that includes the .I/ or each o%-ect ' characteristic o interest. (he element
receives the re0uest and looks up each .I/ in its code %ook "MIB$. I the .I/ is ound "the
o%-ect is managed %# the element$, a response packet is assem%led and sent with the
current value o the o%-ect ' characteristic included. I the .I/ is not ound, a special error
response is sent that identiies the unmanaged o%-ect.
8hen an element sends a (3,P packet, it can include .I/ and value inormation "%indings$
to clari# the event. /PS remote units send a comprehensive set o %indings with each (3,P
to maintain traditional telemetr# event visi%ilit#. 8ell-designed SNMP managers can use the
%indings to correlate and manage the events. SNMP managers will also generall# displa#
the reada%le la%els to acilitate user understanding and decision-making.
SNMP Tutorial Part 3: Understanding Packet Types and Structure
Show Me Products That Do This ...
Part 1 = Part < = Part 3 = Part ; = Part >
,ll > parts or eas# printing
(his article in our series on the Simple Network Management Protocol "SNMP$ e*amines the
communication %etween managers and agents. )asic serial telemetr# protocols, like ().S,
are %#te oriented with a single %#te e*changed to communicate. 1*panded serial telemetr#
protocols, like (,)S, are packet oriented with packets o %#tes e*changed to communicate.
(he packets contain header, data and checksum %#tes. SNMP is also packet oriented with
the ollowing SNMP v1 packets "Protocol /ata 5nits or P/5s$ used to communicate?
1.!et
<.!etNe*t
9.Set
;.(rap
(he manager sends a !et or !etNe*t to read a varia%le or varia%les and the agent6s
response contains the re0uested inormation i managed. (he manager sends a Set to
change a varia%le or varia%les and the agent6s response conirms the change i allowed. (he
agent sends a (rap when a speciic event occurs.
SNMP Products:
9<-Point SNMP
3(5
8-port P/5
"Power Strip$
w'SNMP IP camera
w'SNMP
SNMP-over-
7i%er
3(5
SNMP-over-(1
3(5
(he image %elow shows the packet ormats. 1ach varia%le %inding contains an identiier, a
t#pe and a value "i a Set or response$. (he agent checks each identiier against its MIB to
determine whether the o%-ect is managed and changea%le "i processing a Set$. (he
manager uses its MI) to displa# the reada%le name o the varia%le and sometimes interpret
its value.
SNMP Packet 7ormats
SNMP Tutorial Part 4: Layered Communication
Show Me Products That Do This ...
Part 1 = Part < = Part 9 = Part 4 = Part >
,ll > parts or eas# printing
In this ourth article in our series, we continue to e*amine the Simple Network Management
Protocol "SNMP$ ocusing speciicall# on the la#ered communication model used to
e*change inormation. .ur last article ocused on the structure o SNMP messages, however
an SNMP message is not sent %# itsel. It is wrapped in the 5ser /atagram Protocol "5/P$,
which in turn is wrapped in the Internet Protocol "IP$. (hese are commonl# reerred to as
la#ers and are %ased on a our-la#er model developed %# the /epartment o /eense "#ou
ma# recall the /o/ origins o the Internet$.
SNMP resides in what is called the ,pplication la#er, 5/P resides in the (ransport la#er and
IP resides in the Internet la#er "somewhat o%vious$. (he ourth la#er is the Network
Understanding this
layered model makes it
easier to troubleshoot
communication
problems. When there
is a problem, you can
simply trace it down...
Interace la#er where the assem%led packet is actuall# interaced to some kind o transport
media "i.e., twisted pair copper, 3!>8 co-a*ial or i%er$.
8hile this multi-la#er model ma# seem a %it conusing, it eectivel# isolates the tasks o
communication and ultimatel# assists in designing and implementing a network.
Traversing the Layers
(o illustrate the unction o this la#ered model, let6s look at a single SNMP !1( re0uest
rom the agent6s perspective. (he SNMP manager wants to know what the ,gent6s S#stem
Name is and prepares a !1( message or the appropriate .I/. It then passes the message
to the 5/P la#er. (he 5/P la#er adds a data %lock that identiies the manager port to which
the response packet should %e sent and the port on which it e*pects the SNMP agent to %e
listening or messages. (he packet thus ormed is then passed to the IP la#er. @ere a data
%lock containing the IP and Media ,ccess addresses o the manager and the agent is added
%eore the entire assem%led packet gets passed to the Network Interace la#er. (he
Network Interace la#er veriies media access and availa%ilit# and places the packet on the
media or transport.
SNMP Products:
9<-Point SNMP
3(5
8-port P/5
"Power Strip$
w'SNMP IP camera
w'SNMP
SNMP-over-
7i%er
3(5
SNMP-over-(1
3(5
,ter working its wa# across %ridges and through routers "the modern e0uivalent o over the
rivers and through the woods$ %ased on the IP inormation, the packet inall# arrives at the
agent. @ere it passes through the same our la#ers in e*actl# the opposite order as it did at
the manager. 7irst, it is pulled o the media %# the Network Interace la#er. ,ter
conirming that the packet is intact and valid, the Network Interace la#er simpl# passes it
to the IP la#er. (he IP la#er veriies the Media ,ccess and IP address and passes it on to the
5/P la#er where the target port is checked or connected applications. I an application is
listening at the target port, the packet is passed to the ,pplication la#er. I the listening
application is the SNMP agent, the !1( re0uest is processed as we have discussed in
previous articles. (he agent response then ollows the identical path in reverse to reach the
manager.
,n SNMP message passes through the protocol la#ers at %oth the manager and the agent.
1ach la#er addresses a speciic communication task.
n id !or Trou"leshooting
5nderstanding this la#ered model makes it easier to trou%leshoot communication pro%lems.
8hen there is a pro%lem, #ou can simpl# trace it down, out one end, into, and up the other.
A,N'8,N link and activit# status indicators provide some visi%ilit# to the Network Interace
la#er. I&MP echo re0uests and responses "Pings$ provide some inormation regarding the
proper unctioning o the IP la#er. SNMP processing indicators can %e used to veri# the
passage o the packet through the 5/P la#er and the unctioning o the ,pplication la#er.
1ach step can %e veriied independentl# until all steps are working correctl# or end-to-end
communication.
SNMP Tutorial Part #: Common Mistakes Made $hen %ntegrating
SNMP and Non&SNMP Systems ''' and (o) *ou Can void Them
Show Me Products That Do This ...
Part 1 = Part < = Part 9 = Part ; = Part
,ll > parts or eas# printing
SNMP is a standard protocol that has wide acceptance in the industr# and is le*i%le enough
to descri%e almost an#thing. )ecause o these advantages, man# network managers have
come to %elieve that SNMP should %e used or all network monitoring applications.
SNMP certainl# has its place in an eective telecom network management solution, %ut this
doesn6t mean that an# o-the-shel SNMP manager can provide ade0uate visi%ilit# and
control o #our network.
(he t#pical o-the-shel SNMP manager is not designed or displa#ing and processing
telemetr# data or eective network monitoring, especiall# or the kind o real-world
monitoring tasks network managers most need perormed. (hese capa%ilities can %e added
to an SNMP manager, %ut it usuall# re0uires su%stantial custom sotware development.
SNMP Products:
9<-Point SNMP
3(5
8-port P/5
"Power Strip$
w'SNMP IP camera
w'SNMP
SNMP-over-
7i%er
3(5
SNMP-over-(1
3(5
+e!ore you "uy''' make sure you avoid these , common mistakes
3el#ing on o-the-shel SNMP s#stems or mission-critical telemetr# is a ma-or mistake. I
#ou6re switching rom traditional telemetr# or integrating non-SNMP monitoring with an
SNMP-%ased s#stem, an o-the-shel SNMP manager will not provide the detailed alarm
data #ou e*pect. )eore #ou commit to an SNMP monitoring solution, #ou need to make
sure it supports essential network alarm monitoring unctions.
(here are seven common mistakes network managers t#picall# make when integrating
SNMP and non-SNMP monitoring. Bour SNMP implementation will %e successull# onl# i #ou
can avoid them.
1.Selecting a s!stem that doesn"t #ro$ide com#lete% #recise alarm
descri#tions
, %asic SNMP manager doesn6t record the location, time, severit#, or a precise
description o alarm events. (o adapt an o-the-shel SNMP manager to monitor
these actors, #ou must create and maintain a master alarm list representing all the
monitored points in #our network - and then also create and maintain a data%ase
associating all the traps that ma# %e sent to the SNMP manager with the alarms
on that list.
<.Settling &or a s!stem that can"t identi&! cleared alarms
1ven more data%ase work is re0uired to identi# whether a trap corresponds to an
alarm condition or a clear condition. &reating this addition to the trap association
data%ase oten re0uires anal#+ing multiple varia%le %indings within the trap packet.
9.Not maintaining a histor! o& standing alarms
3el#ing solel# on a %asic SNMP manager or network alarm monitoring can
potentiall# result in completel# losing visi%ilit# o threats to #our network. , %asic
SNMP manager doesn6t maintain a list o standing alarms. Instead, the t#pical
SNMP manager maintains an event log o newl# reported traps and a histor# log o
acknowledged traps. ,s soon as a trap is acknowledged, it is considered cleared.
Imagine what might happen to #our network i a s#stem operator acknowledges an
alarm, and then, or whatever reason, ails to correct the alarm condition. 8ho
would know the alarm is still standingC
;.Not identi&!ing s!stem o#erators
)asic SNMP managers do not record the identit# o the s#stem operator who
acknowledges an alarm. In the e*ample o the negligent s#stem operator, it would
%e impossi%le to determine who had made the mistake or to assign responsi%ilit#
or the resulting pro%lems.
>.Trusting a s!stem that"s insecure &or multi#le users
.ut o the %o*, the t#pical SNMP manager is not designed or multi-user securit#.
,ll traps are posted to one alarm listD all users ma# view all alarms, and all users
ma# acknowledge all alarms.
:.Broadcasting all alarms to all s!stem users
)asic SNMP managers have no %uilt-in unctions or organi+ing alarms %# logical
categor#, posting the same alarm to multiple logical categories, or sorting which
alarms the user wants to see. I Eones is in charge o all e0uipment or the 8estern
region, and Smith is in charge o power plants, %oth need to know a%out a
generator ailure in (ucson, %ut neither one needs to know a%out all the alarms in
the network. ,nd i one manager corrects the alarm condition and acknowledges
the alarm, the other manager needs to know it was acknowledged and %# whom.
5nortunatel#, standard SNMP managers will not support these unctions.
F.'llowing !oursel& to (e (om(arded (! nuisance alarms
No SNMP manager supports the advanced eatures necessar# or %est 0ualit#
telemetr# monitoring, such as notiications escalation, legac! protocol mediation,
nuisance alarm silencing, automatic control rela# operation, and automatic
notiications %# pager and e-mail.
-e.uirements !or /0tensive Customi1ation -educe the dvantages o! an 2pen
Standard
It is true that man#, %ut not all, o these unctions can %e added to standard SNMP
managers, %ut implementing network alarm monitoring in a %asic SNMP manager
usuall# involves a su%stantial amount o custom sotware module development. 1ven when
pre-%uilt sotware modules are availa%le, the# usuall# re0uire custom tweaking to perorm
e*actl# as #ou want them to.
(he need or e*tensive customi+ation eliminates the advantage o using a simple open
standard, and it is diicult to -usti# signiicant development costs ater purchasing an
alread# e*pensive SNMP manager. 8h# take the time, trou%le, and e*pense to recreate
capa%ilities that are alread# present in a high-0ualit#, SNMP-capa%le network alarm
management s#stemC
The -ight -ole !or *our SNMP manager
3el#ing on an SNMP manager or critical network monitoring -ust doesn6t take into account
the tons o legac# and non-SNMP e0uipment that is unctioning perectl# ine out in
networks all over the world. (he role o an SNMP manager is %est used or inventor#ing
network devices and drilling down into e0uipment details after #our network monitoring
s#stem notiies #ou o a pro%lem.
SNMP can %e an eective tool, %ut it6s onl# one item in #our network alarm monitoring
toolkit, and it can %e used more eectivel# when it is part o a total network monitoring
solution.
The T3Mon Net)ork larm Monitoring Solution
I #ou are looking to avoid these F mistakes, then the ('Mon network alarm monitoring
s#stem is or #ou. It is speciicall# designed to avoid them. Network managers who rel# on
T)Mon or their network alarm monitoring, notiication, and control comment, "Looking
at one map and knowing it represents every piece of equipment you're monitoring in the
field that's pretty good peace of mind."