1
Architecture
Manager Agent
Commands
MIB Responses
MIB
Protocol Architecture
o SNMP is designed as an application level
process
o SNMP operates over UDP and IP
o In addition to the protocol machines, each
agent process also interprets messages and
controls the agent's MIB
o Key capabilities
• Get: enables a management station to retrieve the
value of objects at the agent
• Set: enable the management station to set values of
objects at the agent
• Trap: enables an agent to notify the management
station of significant events
Protocol Architecture
GetNextRequest
GetResponse
GetResponse
GetRequest
GetRequest
SetRequest
SetRequest
Central MIB
Agent MIB
Trap
Trap
SNMP SNMP
Network
UDP UDP
IP IP
2
SNMP Concepts
SNMP Concepts
o Remote debugging
• As SNMP is designed primarily as a monitoring tool,
there are no action primitives in SNMP other than the
ability to set some managed object values
• To allow other actions to be implemented without
impacting the protocol, SNMP uses the remote
debugging paradigm
• The manager polls the agent for status information
• The manager sets the values for some variables
• The agent checks the values against its internal tables
to see if specific actions are needed, if so perform the
actions
• This allows the agent to independently implement new
action primitives without affecting the protocol
SNMP Concepts
o Proxies
• SNMP management requires that both UDP and IP layer
services be available at every managed device
• For some devices such as bridges and PCs, that do not
implement TCP/IP, it increases the complexity to
implement TCP/IP just for management
• A proxy allows a particular agent to represent other
devices that do not implement SNMP for various reasons
• The communication between the proxy and the
non-SNMP device is based on the architecture of that
device
• In effect the proxy acts as a mid-level manager
3
SNMP Management Information Base
o There are two objectives that must be met
by a MIB
o The object or objects used to represent a
resource must be the same at every node
e.g. The number of network interfaces
must be counted the same way
o A common scheme for representation must
be used to support interoperability
This is supported by defining a structure
of management information (SMI)
MIB Structure
org(3)
mib-2(1)
mgmt(2)
ccitt (itu)(2)
U.S. DoD(6)
experimental(3)
joint-iso-ccitt(3) enterprises(1)
private(4)
4
MIB Structure
SNMP Protocol
o Protocol as a query language
o Primitives
• GET/GET RESPONSE:retrieve data directly
• GET NEXT/GET RESPONSE:retrieve rows from a table
• SET/GET RESPONSE:exchange data
• TRAP:event notification
o Frame carry data using variable bindings
o Community String provides minimal protection
5
SNMP Protocol
variable bindings
specific-trap time-stamp
variable bindings
Authentication Service
o An authentication service is concerned with
assuring the recipient that the message is
from the source from which it claims to be.
o A message is considered to be authentic if the
sender includes the community name in the
message
• Since community names are defined at the agent,
the same name may be used by different agents.
• Same names to do not indicate similarity between
defined communities
A management station must keep track of the
community name or names associated with each of
the agents that it wishes to access
6
Access Policy
o By use of more than one community, the agent
can provide different categories of MIB access
to different management stations
• MIB view: a subset of objects in the MIB. Different
MIB views may be defined for each community. The
set of objects in a view need not belong to a single
subtree
• Access mode: an element of set {READ-ONLY,
READ-WRITE}. An access mode is defined for each
community
• Within the access mode of each community, the
ACCESS clause of each object is ANDed with the
community's mode to control the actual access
Proxy Service
7
Get Response PDU
8
Set Request PDU
Trap PDU
Trap Types
9
Trap Types
• linkUp(3): one of the communication links at the
agent has come up. The first variable binding is the
name and the value of the ifIndex of the
referenced interface
• authenticationFailure(4): a protocol message was
received that failed authentication
• egpNeighborLoss(5): The EGP neighbor for whom
the sending entity is a peer is down and the peer
relationship no longer exists
• enterprise-specific(6): The sending agent
recognizes a enterprise specific event has occurred.
The specific-trap field indicates the type of trap
Polling Frequency
o While the preferred method of
management is trap-directed polling, there
are very few traps defined
o So the agents need to be polled with some
frequency by the manager
o Number of agents N < T/ ∆
o Where T = desired polling interval, ∆ =
average time to process a single poll
MIB-II
o Defined in RFC 1213
• Choice of objects was based on a number of
criteria
• Objects must be essential for either fault or
configuration management
• Weak control objects in the absence of
security mechanisms
• Avoidance of redundant information
• Exclusion of implementation specific objects
• If an object in a group is implemented, the
complete group must be implemented
10
MIB-II
interfaces(2)
ip(4)
icmp(5)
tcp(6)
udp(7)
egp(8)
oim(9)
transmission(10)
snmp(11)
mib-2.system
11
Example
mib-2.interfaces
12
Diversion yet again favourite SMI!!!
Defining Tables
13
Defining Tables E.g. tcpConnTable
1.3.6.1.2.1.6.13.1.1
1.3.6.1.2.1.6.13.1.2
1.3.6.1.2.1.6.13.1.3
1.3.6.1.2.1.6.13.1.4
1.3.6.1.2.1.6.13.1.5
Accessing An Object
Random Access
14
Random Access
Random Access
e.g. tcpConnTable
o In the tcpConnTable there are five
columnar objects, of which four are also
index objects
o To identify an instance in the table
1.3.6.1.2.1.6.13.1.y.(tcpConnLocalAddress).(tcpConn
LocalPort).
(tcpConnRemAddress).(tcpConnRemPort)
15
Accessing A Scalar Object
Lexicographic Ordering
16
Case Diagram for interfaces group
Address Translation
17
mib-2.ip
ipAddrTable
ipRouteTable
18
ipNetToMediaTable
mib-2.icmp
19
mib-2.tcp
mib-2.udp
Transmission
20