Yi-Neng Lin
Background Architectural framework MIB SMI SNMP, SNMPv2, SNMPv3 Open source: NET-SNMP
Background
Remote control without attaching to managed entities of all physical networks Exchange management information between network devices Small tools: ping, traceroute, netstate..etc (base on ICMP) Short history
Architectural Framework
Management station Agent Managed device Managed object (specified in MIB) Management protocols
master agent
MIB
MIB
MIB
SMUX or AgentX
A group of objects that describe an SNMP manageable entity Hierarchical object groups MIB-II (RFC 1213)
MIB-II
iso (1)
.
org (3)
. .
internet (1)
. mgmt (2)
dod. (6)
private (4)
experimental (3)
directory (1)
mib-II (1)
snmp (11)
icmp (5)
ip (4) at (3)
interface (2)
system (1)
Places restrictions on the types of the objects allowed in the MIB Exchange of information between application components in different systems
10
atIfIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS deprecated DESCRIPTION ::= { atEntry 1 }
atPhysAddress OBJECT-TYPE SYNTAX PhysAddress ACCESS read-write STATUS deprecated DESCRIPTION " ::= { atEntry 2 }
atNetAddress OBJECT-TYPE SYNTAX NetworkAddress ACCESS read-write STATUS deprecated DESCRIPTION " ::= { atEntry 3 }
11
Descriptions
Retrieve the value of a leaf object Set (update) a leaf object with a value Response for GetRequest (value) or SetRequest (ACK) Issued by agent to notify the management station of some significant event asynchronously
12
dispatcher
security subsystem
Application(s) command generator command responder notification receiver notification originator proxy forwarder other
13
SNMPv2
SNMPv3
14
Net-SNMP
J. Won-Ki Hong Dept. of Computer Science and Engineering POSTECH Tel: 054-279-2244 Email: jwkhong@postech.ac.kr
15
Contents
Net-SNMP Package
History of Net-SNMP
Applications of Net-SNMP Trap Daemon
16
Net-SNMP is a suite of applications used to implement SNMPv1, SNMPv2c and SNMPv3 using both IPv4 and IPv6 and includes Command-line applications to:
retrieve information from an SNMP-capable device, either using single requests (snmpget, snmpgetnext), or multiple requests (snmpwalk, snmptable, snmpdelta). manipulate configuration information on an SNMP-capable device (snmpset). retrieve a fixed collection of information from an SNMP-capable device (snmpdf, snmpnetstat, snmpstatus). convert between numerical and textual forms of MIB OIDs, and display MIB content and structure (snmptranslate).
17
A graphical MIB browser (tkmib), using Tk/perl. A daemon application for receiving SNMP notifications (snmptrapd). An extensible agent for responding to SNMP queries for management information (snmpd). A library for developing new SNMP applications, with both C and perl APIs.
18
History of Net-SNMP
Originally based on the Carnegie Mellon University implementation (1992) University of California at Davis SNMP extends CMU-SNMP, calls UCD-SNMP (1995) UCD-SNMP moves to Net-SNMP in April, 2002 (Web sites also moves from www.ucdsnmp.net to www.net-snmp.net) Now, Net-SNMP 5.7 released More detailed history can be found at
http://www.net-snmp.org/about/history.html
19
Applications (1)
Common Options
SNMP application that uses the SNMP GET request to query for information on a network entity e.g., snmpget -c public localhost system.sysDescr.0 Result) system.sysDescr.0 = Linux enterflex2.postech.ac.kr
20
Applications (2)
SNMP application that uses the SNMP SET request to set information on a network entity Type: i (INTEGER), u (UNSIGNED), s (STRING) e.g., snmpset -c private -v 1 localhost system.sysContact.0 s mjchoi@postech.ac.kr
SNMP application that uses SNMP GETNEXT requests to query a network entity Retrieves lots of data, a part of MIB tree (subtree) at once e.g., snmpwalk -c public localhost system Result) system.sysDescr.0 =
system.sysObjectID.0 = system.sysUpTime.0 =
21
Applications (3)
SNMP application that retrieves several important statistics from a network entity. The IP address of the entity. sysDescr.0 / sysUpTime.0 / e.g., snmpstatus -c public -v 1 localhost Result) [127.0.0.1] [Linux enterflex2 .postech . ac .kr 2.4.7-10 #1 Thu Sep 6 17 :27:27 EDT 2001 i386 ] Application that translates SNMP object identifier values from their symbolic (textual) forms into their numerical forms e.g., snmptranslate system.sysUpTime.0 Result) .1.3.6.1.2.1.1.3.0
22
Applications (4)
snmptrap [COMMON OPTIONS] [-Ci] enterprise-oid agent generic-trap specific-trap uptime [OID TYPE VALUE]
SNMP application that uses the SNMP TRAP operation to send information to a network manager
Definition)
TRAP-TEST-MIB DEFINITIONS ::= BEGIN IMPORTS ucdExperimental FROM UCD-SNMP-MIB; demotraps OBJECT IDENTIFIER ::= { ucdExperimental 990 } demo-trap TRAP-TYPE STATUS current ENTERPRISE demotraps VARIABLES { sysLocation } DESCRIPTION "This is just a demo" ::= 17 END
e.g., snmptrap v 1 -c public host TRAP-TEST-MIB::demotraps localhost 6 17 '' SNMPv2MIB::sysLocation.0 s "Just here"
23
Applications (5)
snmpgetnext: retrieving unknown indexed data. snmpbulkwalk: uses SNMP GETBULK requests to query a network entity snmptable: displaying table. snmpnetstat: symbolically displays the values of various network-related information retrieved from a remote system using the SNMP protocol
24
Trap Daemon
SNMP application that receives and logs SNMP TRAP the default is to listen on UDP port 162 snmptrapd is displayed as follows Result) 1999-11-12 23:26:07 localhost [127.0.0.1] TRAP-TEST-MIB::demotraps: Enterprise Specific Trap (demo-trap) Uptime: 1 day, 5:34:06 SNMPv2MIB::sysLocation.0 = "Just here"
25
M A N A G E R
Message Generator
Message Parser
Response/ Trap
Request 26
27
4.
Download net-snmp-5.7.1.tar.gz Decompress the file in your home directory command: gtar xvfz net-snmp-5.7.1.tar.gz Compile default SNMP agent
28
cd net-snmp-5.7.1 cd perl perl Makefile.PL -NET-SNMP-CONFIG=sh ../netsnmp-config -NET-SNMP-IN-SOURCE=true make make test make install
29
Compile the private MIB file using mib2c cd net-snmp-5.7.1 cd local mkdir cluster copy the private mib in the current directory ~mjchoi/cluster.my ./cluster.my export MIBS=ALL MIBS=./cluster.my mib2c -c mib2c.scalar.conf generalInfo mib2c -c mib2c.scalar.conf currentStatus mib2c -c mib2c.array-user.conf loadBalancer mv generalInfo.* cluster mv currentStatus.* cluster mv loadBalancer.* cluster cp r cluster ../agent/mibgroup/.
ex) cp
30
clusterName_oid[] = { 1, 3, 6, 1, 3, 1, 1, 1, 0 };
(2) Module initialization: initialization before they can start providing the necessary information
31
(4) Non-table-based modules: the request handling routine is to retrieve any necessary scalar data
e.g., switch (reqinfo->mode) { case MODE_GET: snmp_set_var_typed_value(requests->requestvb, ASN_OCTET_STR, (u_char *) clusterName, var_len); break; }
32
e.g., int serviceTable_handler(netsnmp_mib_handler *handler, netsnmp_handler_registration *reginfo, netsnmp_agent_request_info *reqinfo, netsnmp_request_info *requests) { switch (reqinfo->mode) { case MODE_GET: switch (table_info->colnum) { case COLUMN_SRINDEX: snmp_set_var_typed_value(var, ASN_INTEGER, ); break; } } }
33
e.g., switch (reqinfo->mode) { case MODE_SET_ACTION: // XXX: perform the value change here if ( /* XXX: error? */ ) { netsnmp_set_request_error(reqinfo, requests, error_msg.); } break; case MODE_SET_COMMIT: // XXX: delete temporary storage if ( /* XXX: error? */ ) { netsnmp_set_request_error(reqinfo, requests, SNMP_ERR_COMMITFAILED); } break; }
35
./configure --with-mib-modules=cluster/generalInfo, cluster/currentStatus, cluster/loadBalancer cd agent make ./snmpd c config_file (ex) ./snmpd c /etc/snmp/snmpd.conf
snmpd [OPTIONS] [LISTENING ADDRESSES] SNMP agent which binds to a port and awaits requests from SNMP management software. collects the requested information and/or performs the requested operations and returns the information to the sender. By default, snmpd listens for SNMP requests on UDP port 161.
36
Modify snmpd.conf for SNMP community # First, map the community name # sec.name source community com2sec clusterUser default postech # Second, map the security name into a group name: # groupName securityModel securityName group clusterGroup v1 clusterUser # Third, create a view for us to let the group have rights to: # name incl/excl subtree mask(optional) view mibview included .iso.org.dod.internet # Finally, grant the group read-only access to the systemview view. # group context sec.model sec.level prefix read write notif access clusterGroup "" any noauth exact mibview mibview none
37
38