SNMP

Simple Network Management Protocol

What is Network Management?

❚ Configuration Management
❙ Keeping track of device settings and how they function

❚ Fault Management
❙ Dealing with problems & emergencies in the network

❚ Performance Management
❙ How smoothly is the network running?
❙ Can it handle the workload it currently has?

❚ Security Management
❙ Unwanted access restriction & encryption

❚ Accounting Management
❙ Cost management and chargeback assessment

02/18/09 2
The Three Parts of SNMP
❚ Structure of Management Information (SMI)
❙ Rules specifying the format used to define objects managed
on the network that the SNMP protocol accesses

❚ Management Information Base (MIB)

❙ A map of the hierarchical order of all managed objects and
how they are accessed

❚ SNMP Protocol
❙ Defines format of messages exchanged by management
systems and agents.
❙ Specifies the Get, GetNext, Set, and Trap operations

02/18/09 3
Languages of SNMP
❚ Abstract Syntax Notation One (ASN.1)
❙ Used to define the format of SNMP messages
and managed objects (MIB modules) using an
unambiguous data description format

❚ Basic Encoding Rules (BER)

❙ Used to encode the SNMP messages into a
format suitable for transmission across a
network

02/18/09 4
SMI v1 & v2

❚ SMI v1 is obsolete now. Defined in RFC 1155, 1212 & 1215

❚ SMI v2 is in current use. Defined in RFC 2576, 2578, 2579 & 2580

❚ Defines standard way to describe all MIB Objects

❚ Defines different types of MIB Objects, like integers, strings, and more
complex data types

❚ Provides hierarchical structure for naming MIB objects, with a unique name
for each object

❚ Provides the information associated with each MIB module

02/18/09 5
MIB Attributes wrt SMI v2
❚ Object Name: Unique name to identify the objects

❚ Object Syntax: Defines the data type of information that the object
contains
❙ Regular or Base Data Types, e.g. Integers or strings
❙ Tabular Data Types having a collection of multiple data elements

❚ Object Maximum Access: Defines the ways that an SNMP application

will normally use the object

❚ Object Status: Indicates the prevalence of the object definition

❙ Current/Mandatory
❙ Obsolete
❙ Deprecated

❚ Object Definition: A textual description of the object

02/18/09 6
SNMP Data Types

02/18/09 7
SMIv2 Access Values

Max-Access-Value Description
read-create
Object can be read, written or created

read-write Object can be read or written

read-only Object can only be read

accessible-for- Object can be used only using SNMP notification
notify (traps)

not-accessible Used for special purposes

02/18/09 8
SMIv2 Object Definition Example

sysLocation OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..255))
MAX-ACCESS read-write
STATUS current
DESCRIPTION "The physical location of this node (e.g., 'telephone closet,
3rd floor'). If the location is unknown, the value is the zero-length string."
::= { system 6 }

02/18/09 9
MIB as Database

02/18/09 10
SNMP MIB Hierarchy

02/18/09 11
RFC 1213 or MIB 2 (Part)
sysDescr OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..255))
ACCESS read-only
STATUS mandatory
DESCRIPTION "A textual description of the entity. This value should include the full name and version
identification of the system's hardware type, software operating-system, and networking software.
It is mandatory that this only contain printable ASCII characters."
::= { system 1 }

sysObjectID OBJECT-TYPE
SYNTAX OBJECT IDENTIFIER
ACCESS read-only
STATUS mandatory
DESCRIPTION "The vendor's authoritative identification of the network management subsystem
contained in the entity. This value is allocated within the SMI enterprises subtree (1.3.6.1.4.1) and
provides an easy and unambiguous means for determining `what kind of box' is being managed.
For example, if vendor `Flintstones, Inc.' was assigned the subtree 1.3.6.1.4.1.4242, it could assign
the identifier 1.3.6.1.4.1.4242.1.1 to its `Fred Router'." ::= { system 2 }

sysUpTime OBJECT-TYPE
SYNTAX TimeTicks
ACCESS read-only
STATUS mandatory
DESCRIPTION "The time (in hundredths of a second) since the network management portion of the
system was last re-initialized." ::= { system 3 }

02/18/09 12
MIB vs OID

Object Name Object Identifier Object Type

mib-2 1.3.6.1.2.1 OBJECT IDENTIFIER
system 1.3.6.1.2.1.1 OBJECT IDENTIFIER
sysDescr 1.3.6.1.2.1.1.1 OBJECT-TYPE
sysObjectID 1.3.6.1.2.1.1.2 OBJECT-TYPE
sysUpTime 1.3.6.1.2.1.1.3 OBJECT-TYPE
sysContact 1.3.6.1.2.1.1.4 OBJECT-TYPE
sysName 1.3.6.1.2.1.1.5 OBJECT-TYPE
sysLocation 1.3.6.1.2.1.1.6 OBJECT-TYPE
sysServices 1.3.6.1.2.1.1.7 OBJECT-TYPE

02/18/09 13
What is SNMP?
❚ SNMP is a protocol that facilitates for remote and
local management of items on the network
including servers, workstations, routers, switches
and other managed devices.
❚ Comprised of Agents and Managers

❙ Agent - process running on each managed node collecting

information about the device it is running on.

❙ Manager - process running on a management workstation that

requests information about devices on the network.

02/18/09 14
SNMP Manager-Agent
SNMP Management System SNMP Managed System

Managed
Resources

Management SNMP Managed

Application Application Objects
Manages

Respons
Respons

Objects
Get

Get
Event

Event
Nex

Nex
Get

Get
Get
Set

Set

e
Get
t

t
e

SNMP Manager SNMP Agent

SNMP
Message
s
UDP UDP

IP IP

Link Link

Communication Network
02/18/09 15
 Nodes

❚ Management nodes
❙ Typically a workstation running some network management & monitoring software

❚ Managed nodes
❙ Typically runs an agent process that services requests from a management node

❚ Indirectly managed nodes

❙ A node may not support SNMP, but may be manageable by SNMP through a proxy
agent running on another machine

02/18/09 16
Managed Objects & MIB

02/18/09 17
SNMP’s Client-Server Architecture

❚ SNMP is a “client pull” model

❙ The management system (client) “pulls” data from the agent (server)

❚ SNMP is a “server push” model

❙ The agent (server) “pushes” out a trap message to a (client) management system

02/18/09 18
 What are Traps?

❚ Unrequested events sent to a management system by an SNMP agent

process

❚ Many events can be configured to signal a trap, like card failures,

interface failures, temperature alarms, no disk space, Loss of Signal etc

❚ Traps have a priority associated with them -- Critical, Major, Minor,

Warning, Informational, Normal, Unknown

❚ Traps can provide the date, time and event message associated with
the events

02/18/09 19
SNMP Versions
❚ SNMPv1
❙ Community based (Read/Write)
❙ Read Operations: Get & Get Next Operators
❙ Write Operations: Set Operators

❚ SNMPv2c
❙ Community Based (Read/Write)
❙ Improved efficiency & Performance: Get Bulk Operator
❙ Richer error handling: Errors & Exceptions
❙ Confirmed event notifications: Inform Operator

❚ SNMPv3
❙ Access restriction based on Users & Views (USM & VACM)
❙ Access restriction using MD5 (Message Digest Algorithm) &
SHA (Secure hash Algorithm)
02/18/09 ❙ Higher Security by utilizing DES (Data Encryption Standard ) 20
SNMPv3 User Security Model
(USM)

❚ Designed to secure against:

❙ Modification of information

❙ Masquerade

❙ Message stream modification

❙ Disclosure

02/18/09 21
SNMP v3 USM Configuration

❚ User based access

❚ Each user can have its unique password

02/18/09 22
SNMP v3 USM Levels
❚ noAuthnoPriv - No security applied

❚ authNoPriv - Message is authenticated but no

security

❚ authPriv - Message is authenticated and

encrypted for security

02/18/09 23
SNMPv3 View-Based Access
Control Model (VACM)

❚ VACM has two characteristics:

❙ Determines whether access to a managed object
should be allowed

❙ Makes use of a MIB (VACM MIB) that:

❘ Defines the access control policy for this agent
❘ Makes it possible for remote configuration to be
used

❚ “Context Name” & “Context ID” are utilized

here
02/18/09 24
SNMP Security Aspects

02/18/09 25
SNMP Basic Operations

02/18/09 26
SNMP v1 Message Format

02/18/09 27
SNMP v1 PDU Format

02/18/09 28
SNMP v1 Trap-PDU Format

(=4)

02/18/09 29
SNMP v2c Message Format

02/18/09 30
SNMPv2c/v3 PDU Format

02/18/09 31
SNMP v3 Message Format

02/18/09 32
Ports & UDP

• SNMP uses User Datagram Protocol (UDP) as the

transport mechanism for SNMP messages

Ethernet
Frame IP CRC
Packet
UDP
SNMP Message
Datagram

• Like FTP, SNMP uses two well-known ports to

operate:
•UDP Port 161 - SNMP Messages
•UDP Port 162 - SNMP Trap Messages

02/18/09 33
SNMP Evolution

SNMPv1 SNMPv2c
SNMPv3
Plaintext Community Strings Yes Yes No

Encrypted Traffic No No Yes

Backwards Compatibility - Yes Yes
Susceptible to brute-force attacks Yes Yes No
Susceptible to sniffing of session keys Yes Yes No
Susceptible to buffer-overflow attacks Yes Yes No
Susceptible to injection attacks Yes Yes No

Susceptible to replay attacks Yes Yes No

Default/known passwords Yes Yes No
Detection of malformed packets No Yes Yes

02/18/09 34
SNMP Implementation for
Router & Switches
SNMP can help determining:
❚ Device faults through Traps and Polls
❚ Device Interface Errors, like;
❙ Interface Collision
❙ Interface I/O Errors
❙ Interface CRC Errors, etc
❚ Device Performance Status notifications, like;
❙ CPU Utilization,
❙ Memory Utilization,
❙ Hard Disk Usage etc
❚ Traffic Inflow/Outflow Statistics
❙ Interface I/O Packets/sec
❙ Interface I/O Discards

02/18/09 35
SNMP Implementation for
Router & Switches
❚ Device Configuration, like;
❙ Installation of new Software
❙ Tracking changes in control configuration
❙ Change Management, etc

❚ IP Routing Management & Configuration

❚ Backup & Restore of Device Configuration

❚ Up grades of Device IOS software

❚ Accounting Management, like;

❙ Mapping network resources to their users
❙ Mapping the network resources usage by the users

❚ Inventory Control
❙ Hardware
❘ Components
❘ Identity
❘ Location
❙ Software
❘ Version
02/18/09 36
SNMP Implementation in
Routers & Switches

❚ Enable SNMP

❚ Configure read & write community (v1/v2c) or user (v3)

❚ Configure SNMP traps

❚ Define SNMP server host IP Address

02/18/09 37
 Thank You !!!

02/18/09 38