Simple Network Management Protocol

o TCP/IP Network Management

o The TCP/IP protocol family has a number of
embedded control mechanisms such as van
Jacobson's slow start algorithm, but lacks a
monitoring and control mechanisms
o A number of solutions based on the Internet
Control Message Protocol (ICMP) such as the
Packet Internet Groper (PING) were
developed in the 70s to troubleshoot the
Internet

Simple Network Management Protocol

o The exponential growth of the internet in
late 80's lead to the need for a new solution
o Approaches to Network Management
• High-level Entity Management System (HEMS),
generalized from Host Monitoring Protocol
(HMP)
• Simple Network Management Protocol (SNMP),
an enhanced version of the Simple Gateway
Monitoring Protocol (SGMP)
• CMIP over TCP/IP (CMOT), an attempt to
integrate ISO standard protocols, standards and
databases

Simple Network Management Protocol

o SNMP is specified by three related

standards
• Structure and Identification of Management
Information (SMI)
─ Describes how the managed objects are defined
(specification language)
• Management Information Base (MIB-II)
─ Describes the standard managed objects contained
• Simple Network Management Protocol (SNMP)
─ Defines the protocol used to manage these objects

1
 Architecture

Management Station Management Agent

Manager Agent
Commands

MIB Responses
MIB

Network Management Protocol

Management Information Base

Protocol Architecture
o SNMP is designed as an application level
process
o SNMP operates over UDP and IP
o In addition to the protocol machines, each
agent process also interprets messages and
controls the agent's MIB
o Key capabilities
• Get: enables a management station to retrieve the
value of objects at the agent
• Set: enable the management station to set values of
objects at the agent
• Trap: enables an agent to notify the management
station of significant events

Protocol Architecture

Manager Process Agent Process

GetNextRequest

GetNextRequest
GetResponse

GetResponse
GetRequest

GetRequest

SetRequest
SetRequest

Central MIB
Agent MIB
Trap
Trap

SNMP SNMP
Network
UDP UDP

IP IP

Network dependent Network dependent

protocols protocols

2
 SNMP Concepts

o Trap directed polling

• It is not practical for a single manager to
continuously poll all agents for all readable data
• At initialization and at infrequent intervals, the
management station polls the agent
• The agent is then responsible for notifying the
manager of any unusual events such as link
failure, reboot, etc.
• Upon notification, the manager may poll for
other data from the agents and its neighbors

SNMP Concepts
o Remote debugging
• As SNMP is designed primarily as a monitoring tool,
there are no action primitives in SNMP other than the
ability to set some managed object values
• To allow other actions to be implemented without
impacting the protocol, SNMP uses the remote
debugging paradigm
• The manager polls the agent for status information
• The manager sets the values for some variables
• The agent checks the values against its internal tables
to see if specific actions are needed, if so perform the
actions
• This allows the agent to independently implement new
action primitives without affecting the protocol

SNMP Concepts
o Proxies
• SNMP management requires that both UDP and IP layer
services be available at every managed device
• For some devices such as bridges and PCs, that do not
implement TCP/IP, it increases the complexity to
implement TCP/IP just for management
• A proxy allows a particular agent to represent other
devices that do not implement SNMP for various reasons
• The communication between the proxy and the
non-SNMP device is based on the architecture of that
device
• In effect the proxy acts as a mid-level manager

3
 SNMP Management Information Base
o There are two objectives that must be met
by a MIB
o The object or objects used to represent a
resource must be the same at every node
e.g. The number of network interfaces
must be counted the same way
o A common scheme for representation must
be used to support interoperability
This is supported by defining a structure
of management information (SMI)

Structure of Management Information

o SMI encourages simplicity and
extensibility within the MIB
o The MIB is only allowed to store simple
data type: scalars, and two-dimensional
arrays of scalars
o SMI provides techniques for:
• Defining the structure of a particular MIB
• Defining individual objects including syntax and
value for each object
• Encoding object values
• SMI makes use of the OSI presentation layer
standard ASN.1

MIB Structure

o Each object in a MIB is uniquely identified

by an object identifier
iso(1)
internet(1) directory(1)

org(3)
mib-2(1)
mgmt(2)
ccitt (itu)(2)
U.S. DoD(6)

experimental(3)

joint-iso-ccitt(3) enterprises(1)

private(4)

4
 MIB Structure

o The management subtree contains all MIBs

that have been approved (standardized)
o Additional MIBs can be defined
o The MIB-2 subtree can be expanded
o An experimental MIB be constructed
o Private extensions can be added in the
private subtree. All vendor specific MIBs
are under the private.enterprises subtree

Object Syntax and Encoding

o The objects and the structure of the MIB

are defined using a restricted subset of
the elements and features of ASN.1
o The objects defined in ASN.1 are encoded
using the Basic Encoding Rules (BER)
associated with ASN.1
o Other encoding mechanisms for ASN.1
exist but are not used in SNMP

SNMP Protocol
o Protocol as a query language
o Primitives
• GET/GET RESPONSE:retrieve data directly
• GET NEXT/GET RESPONSE:retrieve rows from a table
• SET/GET RESPONSE:exchange data
• TRAP:event notification
o Frame carry data using variable bindings
o Community String provides minimal protection

5
 SNMP Protocol

o Basic PDU structure

version community PDU type

request-id error-status error-index Get, Set,

Response

variable bindings

version community PDU type

enterprise agent-addr generic-trap Trap

specific-trap time-stamp

variable bindings

SNMP Security and Communities

o A SNMP manager has a one-to-many
relationship between itself and a set of
managed agents
o SNMP network management also has one-
to-many relationship between a managed
station and a set of managers
• Each managed station controls its own MIB and
must be able to control use of that MIB by a
number of management stations
• A SNMP community is relationship between an
agent and a set of manager(s)

Authentication Service
o An authentication service is concerned with
assuring the recipient that the message is
from the source from which it claims to be.
o A message is considered to be authentic if the
sender includes the community name in the
message
• Since community names are defined at the agent,
the same name may be used by different agents.
• Same names to do not indicate similarity between
defined communities
A management station must keep track of the
community name or names associated with each of
the agents that it wishes to access

6
 Access Policy
o By use of more than one community, the agent
can provide different categories of MIB access
to different management stations
• MIB view: a subset of objects in the MIB. Different
MIB views may be defined for each community. The
set of objects in a view need not belong to a single
subtree
• Access mode: an element of set {READ-ONLY,
READ-WRITE}. An access mode is defined for each
community
• Within the access mode of each community, the
ACCESS clause of each object is ANDed with the
community's mode to control the actual access

Proxy Service

o The community concept is also useful in

supporting proxy service.
o For each device that the proxy system
represents, it maintains an access policy
(community)
o The agent knows which MIB objects can be
used to manage which proxied device and
their access mode

Get Request PDU

o Sending entity include the following fields:

• PDU type: get-request
• request-id: uniquely identifies each outstanding
request from a manager to an agent
variable-bindings: list of object instances whose
values are requested

Get-Request (sysDescr.0, sysUpTime.0,

ifAdminstatus.2)

7
 Get Response PDU

o Get response is an atomic action (all or

nothing)
o Errors:
• No Such Name
• Too Big
• General Error

GetResponse (sysDescr.0 = "Ethernet Bridge",

sysUpTime.0 = 297450132, ifAdminstatus.2 =
"up" )

Get Next Request PDU

o Sending entity include the following fields:
o PDU type: get-request
o request-id: uniquely identifies each
outstanding request from a manager to an
agent
o variable-bindings: list of object instances
whose followers' (in lexicographic order)
values are requested
GetNextRequest ( sysUpTime.0)
GetResponse (sysContact = "John Doe x5684")

Get Next Request PDU

o Allows retrieval of the next instance in

lexicographic order
o Allows discovery of the accessible MIB
structure
• Allows efficient table searches

ipRouteDest ipRouteMetric RoutNextHop

9.1.2.3 2 99.0.0.3
10.0.0.51 5 89.1.1.42
10.0.0.99 5 89.1.1.42

8
 Set Request PDU

o Sending entity include the following fields:

• PDU type: get-request
• request-id: uniquely identifies each outstanding
request from a manager to an agent
• variable-bindings: list of object instances and
their values are to be set
• Issues:
─ No guidance in setting table entries
─ Inconsistencies in deleting entries
─ Proprietary objects can be used to invoke actions

Trap PDU

o Issued by an agent with the following

fields
• enterprise: value taken from the sysObjectID
• agent-addr: IP address of generating agent
• generic-trap: one of the pre-defined traps
• specific-trap: a code indicating the specific
nature of the trap
• time-stamp: time since the last reinitialization
to the generation of the trap
• variable-bindings: implementation specific

Trap Types

o Seven generic trap types have been defined

• coldStart(0): the sending agent is reinitializing
itself such that the configuration or the protocol
entity implementation has changed
• warmStart(1): the sending agent is reinitializing
itself such that neither configuration nor protocol
implementation has changed. Typically a routine
restart
• linkDown(2): one of the communication links at the
agent is down. The first variable binding is the
name and the value of the ifIndex of the
referenced interface

9
 Trap Types
• linkUp(3): one of the communication links at the
agent has come up. The first variable binding is the
name and the value of the ifIndex of the
referenced interface
• authenticationFailure(4): a protocol message was
received that failed authentication
• egpNeighborLoss(5): The EGP neighbor for whom
the sending entity is a peer is down and the peer
relationship no longer exists
• enterprise-specific(6): The sending agent
recognizes a enterprise specific event has occurred.
The specific-trap field indicates the type of trap

Polling Frequency
o While the preferred method of
management is trap-directed polling, there
are very few traps defined
o So the agents need to be polled with some
frequency by the manager
o Number of agents N < T/ ∆
o Where T = desired polling interval, ∆ =
average time to process a single poll

MIB-II
o Defined in RFC 1213
• Choice of objects was based on a number of
criteria
• Objects must be essential for either fault or
configuration management
• Weak control objects in the absence of
security mechanisms
• Avoidance of redundant information
• Exclusion of implementation specific objects
• If an object in a group is implemented, the
complete group must be implemented

10
 MIB-II

mgmt(2) mib-2(1) system(1)

interfaces(2)

Address translation (deprecated)

ip(4)

icmp(5)

tcp(6)

udp(7)

egp(8)

oim(9)

transmission(10)

snmp(11)

mib-2.system

o Provides general information about the

managed system.
• Description, ObjectID, UpTime, Contact, Name,
Location, Services
o Services object has a value that is
interpreted as 7 bit code
• each bit of the code corresponds to a level in
TCP/IP or OSI architecture
• Physical=1, DLC=2, IP=3, Host=4, Application=7
Systems group

11
 Example

o The value is expressed as

o sysServices = Σ 2 L-1
o L is a subset of S, and S = set of layers which
services are provided
o A IP host offering application services would
have a binary value of 1001000 and a decimal
value of 72 (2 (4-1) + 2(7-1))

mib-2.interfaces

o Contains generic information about the

physical interfaces of the entity
• configuration information
• statistics
─ IfNumber - Number of interfaces
─ IfTable - A row for each interface
─ IfIndex - index of the table
─ In addition there are objects which provide
information about
– Status of each interface, Speed, Administrative
Status, Operational Status, Packets In, Packets
Out, Errors etc.
mib-2.interfaces

12
 Diversion yet again favourite SMI!!!

Defining Tables

o Tables are defined using a combination of

the SEQUENCE OF and SEQUENCE types
o Only two-dimensional tables are allowed
o The SEQUENCE OF type specifies one or
more elements of the same type (rows)
o The SEQUENCE type specifies a fixed
number of scalar elements (columns in each
row)

Defining Tables E.g. tcpConnTable

tcpConnTable SYNTAX SEQUENCE OF tcpConnEntry

tcpConnEntry SYNTAX TcpConnEntry INDEX

{tcpConnLocalAddress,tcpConnLocalPort,
tcpConnRemAddress, tcpConnRemPort}
TcpConnEntry SEQUENCE{tcpConnState INTEGER,
tcpConnLocalAddress IpAddress,
tcpConnLocalPort INTEGER(0..65535),
tcpConnRemAddress IpAddress,
tcpConnRemPort INTEGER(0..65535)}

13
 Defining Tables E.g. tcpConnTable

Out of 22only five items are used

ISO org dod int mgm m-2 tcp tcpConT

1 3 6 1 2 1 6 13

1.3.6.1.2.1.6.13.1.1
1.3.6.1.2.1.6.13.1.2
1.3.6.1.2.1.6.13.1.3
1.3.6.1.2.1.6.13.1.4
1.3.6.1.2.1.6.13.1.5

Accessing An Object

o To access an object, one must access an

instance of the object
o For objects that appear in table (columnar
objects) the object identifier is not
enough to identify the instance. There is
one instance for every row in the table
SNMP defines two methods of identifying
a columnar object instance
• Random access method
• Serial access method

Random Access

o The value of the INDEX objects in the

table are used to distinguish one row from
another
o The concatenation of the scalar object
identifier along with the values of the
index objects (in the order listed) is used
in SNMP to identify a particular scalar
object in a particular row

14
 Random Access

o e.g. interface table

ifIndex = 3
o To access the ifMtu of the third interface
1.3.6.1.2.1.2.2.1.4 <--- ifMtu
1.3.6.1.2.1.2.2.1.4.3 <-----ifMtu in the row where
ifIndex = 3

Random Access

e.g. tcpConnTable
o In the tcpConnTable there are five
columnar objects, of which four are also
index objects
o To identify an instance in the table
1.3.6.1.2.1.6.13.1.y.(tcpConnLocalAddress).(tcpConn
LocalPort).
(tcpConnRemAddress).(tcpConnRemPort)

Ambiguous Row References

o The definition of the INDEX clause states

that the purpose of the clause is to list
objects whose "object values will
unambiguously distinguish a conceptual row"
(RFC1212)
o When applied to older MIBs (e.g. MIB-I)
unambiguous references are not always
possible (e.g. ipRouteTable)

15
 Accessing A Scalar Object

o Scalar objects do not face the same kinds

of instance identification problems as
columnar objects
o To maintain consistency with columnar
objects and to distinguish between an
object identifier and an object instance, an
instance is identified by the object
identifier concatenated with a 0
systemDescr
1.3.6.1.2.1.1.0

Lexicographic Ordering

o Lexicographic ordering is the sequence in

which a set of ordered, non-negative,
integer sequences is ordered
o All leaf objects in SNMP are in
lexicographic order
o Only leaf objects are accessible in SNMP

Yet another convention - Case Diagrams

16
 Case Diagram for interfaces group

Address Translation

o Contains a single table

• Each row corresponds to one of the physical
interfaces
• The row provides a mapping from a network
address to a physical address

Address Translation Group

17
 mib-2.ip

o Contains information relevent to the

implementation and operation of IP at a node
• Configuration of the IP parameters; Packet counts;
Errors
o Three tables
• ipAddrTable - Address table: monitors interface
configuration
• ipRouteTable - Route table: monitor and control
routing tables
• ipNetToMediaTable - NetToMedia: hardware
interface to IP address translation

ipAddrTable

o Contains information relevant to the IP

address assigned to this entity
o Each address is uniquely assigned to a
physical interface
o Other information
• netmask ipAdEntNetMask
• broadcast address ipAdEntBcastAddr

ipRouteTable

o Contains information used for Internet

routing
o General in nature and can be extracted
from a number of protoco specific routing
tables
o Entry for each known route
• local interafce for the next hop
• method by which the route was determined

18
 ipNetToMediaTable

o An address translation table that provides

a correspondence between physical and IP
o Same as the address translation group

Case for ip group

mib-2.icmp

o Contains information relevant to the

implementation and operation of ICMP at a
node
o Conists soley of counters
• Packet counts
• Errors

19
 mib-2.tcp

o Contains information relevant to the

implementation and operation of TCP at a
node
• Configuration parameters
• Session open
• Errors
• Table
• Connection table with local and remote
addresses

mib-2.udp

o Contains information relevant to the

implementation and operation of UDP at a
node
• Packet counters
• Errors
• Table
• Local UDP services available

Transmission

o Designed to contain transmission specific

objects
o A number of objects currently exist in the
experimental group and are being refined
before being moved into this group

20