Académique Documents
Professionnel Documents
Culture Documents
Organization Model
MDB
Describes components of a
MIB
SNMP Manager
agent
agent
Managed Objects
Unmanaged Objects
A simplified hierarchical
(2-tier) setup
Organization Model
Multiple managers, 1 agent
An agent responds to
any management system
that communicates with
it using SNMP
An NMS provided by a
vendor is in a better
position to manage,
monitor and configure all
NEs coming from that
same vendor
MIB
SNMP Manager
SNMP Manager
Managed
agent
Object
Managed Objects
Organization Model
Manager receives pre-
processed data
RMON (Remote
Monitoring): acts as an
agent and a manager
MIB
SNMP Manager
SNMP Manager
Managed
agent
Object
Managed Objects
RMON Probe
Managers may have restricted
access to managed objects
3-tier architecture
Organization Model
Proxy server converts
MIB
SNMP Manager
Proxy Server
Managed
agent
Object
Non-SNMP
Managed Objects
Communication Model
MANAGER
M
SN
ing
l
l
Po
p
a
r
T
AGENTS
MIB
Communication Model
Communicate mgnt information between network
Operation: 5 messages
Communication Model
SNMP Manager
SNMP messages
SNMP agent
UDP
UDP
IP
IP
DLC
DLC
PHY
PHY
Network or
Internet
Physical Medium
Trap
Get-Response
SNMP Agent
Application
Set-Request
Application
Manages objects
Trap
Get-Response
Set-Request
GetNext-Request
Get-Request
SNMP Manager
Application
GetNext-Request
Management
Data
SNMP Agent
Get-Request
SNMP Manager
Structure of Management
Information
RFC 1155:
Structure of Management
Information
A common representation for data between both
manager and agent
Defines the syntax (using ASN.1) to describe
management information
Object
Object
Type
Name:
OBJECT
IDENTIFIER
Syntax:
ASN.1
Object
Instance
Encoding:
BER
NMS
192.168.252.110
Object
Type
172.17.252.1
Name:
OBJECT
IDENTIFIER
Router 2
Backbone Network
Syntax:
ASN.1
Object
Instance
Encoding:
BER
Hub 2
172.16.46.3
:
: 3Com LinkBuilder FMS, SW version:3.02
:
: .iso.org.dod.internet.private.enterprises.43.1.8.5
: (2475380437) 286 days, 12:03:24.37
Name:
OBJECT
IDENTIFIER
:
: 3Com LinkBuilder FMS, SW version:3.12
:
: .iso.org.dod.internet.private.enterprises.43.1.8.5
: (3146735182) 364 days,4:55:51.82
Object
Object
Type
Syntax:
ASN.1
Encoding:
BER
Object
Instance 3
Object
Instance 2
Object
Instance 1
SMI, Names
root
associated with an
identifier (OBJECT
IDENTIFIER)
ccitt(0)
iso(1)
joint-iso-ccitt(2)
org(3)
internet(1)
mgmt(2)
mib-2(1)
dod(6)
private(4)
experimental(3)
enterprise(1)
SMI, Names
Internet
{1 3 6 1}
directory
(1)
Reserved for
future use
mgmt
(2)
experimental
(3)
private
(4)
Used heavily by
commercial vendors
SMI, Names
Internet
{1 3 6 1}
directory
(1)
mgmt
(2)
experimental
(3)
mib-2
(1)
system (1)
interfaces (2)
at (3)
ip (4)
icmp (5)
snmp (11)
transmission (10)
cmot (9)
egp (8)
udp (7)
tcp (6)
private
(4)
SMI, Names
Internet
{1 3 6 1}
directory
(1)
mgmt
(2)
experimental
(3)
private
(4)
enterprises
(1)
cisco
(9)
hp
(11)
3Com
(43)
Cabletron
(52)
Number
Class
Simple
or
Primitive
Defined
or
Application
Constructor
or
Structured
Universal
Application
Contextspecific
Private
OCTET STRING
OBJECT IDENTIFIER
NULL
Subtype:
Comments
INTEGER (0..255)
OCTET STRING (SIZE 0..255)
OCTET STRING (SIZE 8)
error-status INTEGER {
noError(0)
tooBig(1)
genErr(5)
authorizationError(16)
}
Counter
231
Gauge
231
0 1 2
TimeTicks ::= [APPLICATION 3] IMPLICIT
INTEGER (0..4294967295)
0 10 20 [ms]
Opaque
in SNMP-based management
Used to build lists and tables
SEQUENCE {<type1>, <type2>,.., <typeN>}
1
2
3
4
5
6
Object
ipAdEntAddr
ipAdEntIfIndex
ipAdEntNetMask
ipAdEntBcastAddr
ipAdEntReasmMaxSize
ipAddrEntry
Managed objects
OBJECT IDENTIFIER
{ipAddrEntry 1}
{ipAddrEntry 2}
{ipAddrEntry 3}
{ipAddrEntry 4}
{ipAddrEntry 5}
{ipAddrTable 1}
ObjectSyntax
IpAddress
INTEGER
IpAddress
INTEGER
INTEGER
SEQUENCE
IpAddrEntry ::=
SEQUENCE {
ipAdEntAddr
IpAddress
ipAdEntIfIndex
INTEGER
ipAdEntNetMask
IpAddress
ipAdEntBcastAddr
INTEGER
ipAdEntReasmMaxSize
INTEGER (0..65535)
}
Managed Object IpAddrEntry as a list
Object Name
ipAddrTable
OBJECT IDENTIFIER
{ip 20}
Syntax
SEQUENCE OF
IpAddrEntry
SMI, Encoding
Basic Encoding Rules, BER
Data Types and Tags
Type
Tag
OBJECT IDENTIFIER
UNIVERSAL 6
SEQUENCE
UNIVERSAL 16
IpAddress
APPLICATION 0
Counter
APPLICATION 1
Gauge
TimeTicks
Opaque
APPLICATION 2
APPLICATION 3
APPLICATION 4
SMI, Encoding
enterprise OBJECT IDENTIFIER ::=
{iso(1) org(3) dod(6) internet(1) private(4) 1}
X
Y
Z = 40X + Y
43
0
06
05
2B
06
4
0
01
04
1
0
01
Managed Objects
system(1)
Managed Objects
system(1)
Access:
Status:
{ system 1 }
OCTET STRING
"A textual description of the entity. This value
should include the full name and version
identification of the system's hardware type,
software operating-system, and networking
software. It is mandatory that this only contain
printable ASCII characters."
read-only
mandatory
SMI Definitions
sysDescr OBJECT-TYPE
SYNTAX DisplayString (SIZE(0..255))
ACCESS read-only
STATUS mandatory
DESCRIPTION
A textual description of the entity. This
value should include the full name and version
identification of the systems hardware type,
software operating-system, and networking software.
It is mandatory that this only contain printable
ASCII characters.
::= { system 1 }
sysUpTime OBJECT-TYPE
SYNTAX TimeTicks
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The time (in hundredths of a second)
since the network management portion of
the system was last re-initialized."
::= { system 3 }
Aggregate Objects
A group of related objects (also called tabular objects)
Represented by a table with
o
o
Columns of objects
Rows of instances
IP address
Interface
Subnet mask (which subnet this address belongs to)
Broadcast address (value of l.s.b. in IP broadcast address)
Largest IP datagram that can be assembled
IpAddress,
INTEGER,
IpAddress,
INTEGER,
INTEGER (0..65535)}
INDEX {ipAdEntAddr}
::={ipAddrEntry 2}
.
.
.
.
Columnar Objects
Aggregate objects type contains one or more subtypes
logical objects
o
TABLE
T
ENTRY
E
objects 1 through 5
Multiple instances of E are represented
by multiple rows
Columnar Objects
T
Object ID
Not accessible
Row 3:
the third
instance of
the object
T.E
T.E.1.1
T.E.2.1
T.E.3.1
T.E.4.1
T.E.5.1
T.E.1.2
T.E.2.2
T.E.3.2
T.E.4.2
T.E.5.2
T.E.1.3
T.E.2.3
T.E.3.3
T.E.4.3
T.E.5.3
T.E.1.4
T.E.2.4
T.E.3.4
T.E.4.4
T.E.5.4
ipAdEntAddr
ipAdEntIfIndex
IpAdEntNetMask
IpAdEntBcastAddr
IpAdEntReasmMaxSize
123.45.2.1
255.255.255.0
12000
123.45.3.4
255.255.0.0
12000
165.8.9.25
255.255.255.0
10000
9.96.8.138
255.255.255.0
15000
4 instances of the
Columnar object
Index of table
Object instances of ipAddrTable (1.3.6.1.2.1.4.20)
ipAdEntAddr
ipAdEntIfIndex
IpAdEntNetMask
IpAdEntBcastAddr
IpAdEntReasmMaxSize
123.45.2.1
255.255.255.0
12000
123.45.3.4
255.255.0.0
12000
165.8.9.25
255.255.255.0
10000
9.96.8.138
255.255.255.0
15000
Node 1 under
ipAddrEntry
Columnar Object
Object ID for
ipAddrEntry
Row #
Object Identifier
ipAdEntAddr
1.3.6.1.2.1.4.20.1.1
{1.3.6.1.2.1.4.20.1.1.123.45.3.4}
ipAdEntIfIndex
1.3.6.1.2.1.4.20.1.2
{1.3.6.1.2.1.4.20.1.2.165.8.9.25}
ipAdEntBcastAddr
1.3.6.1.2.1.4.20.1.4
{1.3.6.1.2.1.4.20.1.4.123.45.2.1}
IpAdEntReasmMaxSize
1.3.6.1.2.1.4.20.1.5
{1.3.6.1.2.1.4.20.1.5.9.96.8.138}
Index of the
object instance
elements to be managed
For SNMP, the MIB is a structured database
(tree)
Each resource to be managed is represented by an
object
Each system (e.g., a router) maintains a MIB that
reflects the status of its managed resources
A NMS monitors/controls the resources by
reading/modifying the values of objects in the
MIB
MIB, RFC1213
Internet
{1 3 6 1}
Implementation can be
directory
(1)
mgmt
(2)
experimental
(3)
mib-2
(1)
system (1)
interfaces (2)
at (3)
ip (4)
icmp (5)
snmp (11)
transmission (10)
cmot (9)
egp (8)
udp (7)
tcp (6)
<module name>
<imports>
<definitions>
END
private
(4)
MIB, RFC1213
-- groups in MIB-II
system
interfaces
at
ip
icmp
tcp
udp
egp
cmot
snmp
.
.
addresses. For many types of media, this will .
.
be in a binary representation. For example,
END
an ethernet address would be represented as
a string of 6 octets.
DESCRIPTION
entity. ."
::= { system 1 }
system
(mib-2 1)
sysDescr (1)
sysObjectId
(2)
sysUpTime (3)
sysServices (7)
sysLocation (6)
sysName (5)
sysContact (4)
sysObjectID OBJECT-TYPE
sysUpTime OBJECT-TYPE
SYNTAX OBJECT IDENTIFIER
SYNTAX TimeTicks
ACCESS read-only
ACCESS read-only
STATUS mandatory
STATUS mandatory
DESCRIPTION "The vendor's
DESCRIPTION
authoritative identification of the network
"The time (in hundredths of
management subsystem contained in the
a
second)
since
the
network management
entity."
portion of the system was last
::= { system 2 }
reinitialized."
::= { system 3 }
Entity
sysDescr
sysObjectID
sysUpTime
sysContact
sysName
sysLocation
sysServices
OID
system 1
system 2
system 3
system 4
system 5
system 6
system 7
Description (brief)
Textual description
OBJECT IDENTIFIER of the entity
Time (in hundredths of a second since last reset)
Contact person for the node
Administrative name of the system
Physical location of the node
Value designating the layer services provided by the
entity
Programmed by vendor of
objects during
manufacturing time
interfaces in a network
component and the
managed objects
associated with each
interface
Implementation:
mandatory
ifNumber
(1)
ifTable
(2)
ifEntry
(1)
ifIndex (1)
ifDescr (2)
ifType (3)
ifMtu (4)
ifSpeed (5)
ifPhysAddress (6)
ifAdminstatus (7)
ifOperStatus (8)
ifLastChange (9)
ifInOctets (10)
ifInUcastPkts (11)
ifSpecific (22)
ifOutQLen (21)
ifOutErrors (20)
ifOutDiscards (19)
ifOutNUcastPkts (18)
ifOutUcastPkts (17)
ifOutOctets (16)
ifUnknownProtos (15)
ifInErrors (14)
ifInDiscards (13)
ifInNUcastPkts (12)
interfaces
(mib-2 2)
ifNumber OBJECT-TYPE
SYNTAX INTEGER
ifNumber
ifTable
ACCESS read-only
(1)
(2)
STATUS mandatory
DESCRIPTION "The number of network
interfaces (regardless of their current
ifEntry
(1)
state) present on this system."
::= { interfaces 1 }
ifEntry OBJECT-TYPE
SYNTAX IfEntry
ifTable OBJECT-TYPE
ACCESS not-accessible
SYNTAX SEQUENCE OF IfEntry
STATUS mandatory
ACCESS not-accessible
DESCRIPTION "An interface entry
STATUS mandatory
containing objects at the sub-network
layer and below for a particular
DESCRIPTION "A list of interface
interface."
entries. The number of entries is
given by the value of ifNumber."
INDEX
{ ifIndex }
::= { interfaces 2 }
::= { ifTable 1 }
Examples
1)-measuring the queue length
or the total number of octets
into/out of the system-
ifInUcastPkts/second,
ifOutUcastPkts/second
Counter data types, always
incrementing!
interfaces
(mib-2 2)
ifNumber
(1)
ifTable
(2)
ifEntry
(1)
ifIndex (1)
ifDescr (2)
ifType (3)
ifMtu (4)
ifSpeed (5)
ifPhysAddress (6)
ifAdminstatus (7)
ifOperStatus (8)
ifLastChange (9)
ifInOctets (10)
ifInUcastPkts (11)
ifSpecific (22)
ifOutQLen (21)
ifOutErrors (20)
ifOutDiscards (19)
ifOutNUcastPkts (18)
ifOutUcastPkts (17)
ifOutOctets (16)
ifUnknownProtos (15)
ifInErrors (14)
ifInDiscards (13)
ifInNUcastPkts (12)
MIB, IP Group
ip
(mib-2 4)
Contains information
relevant to the
implementation and
operation of IP at a node
ipForwarding (1)
ipRoutingDiscards (23)
ipDefaultTTL (2)
Routers periodically
ipNetToMediaTable (22)
ipInReceives (3)
ipRouteTable (21)
ipInHdrErrors (4)
ipAddrTable (20)
ipInAddrErrors (5)
ipFragCreates (19)
ipFragFails (18)
ipForwDatagrams (6)
ipInUnknownProtos (7)
ipFragOKs (17)
ipInDiscards (8)
ipReasmFails (16)
ipInDelivers (9)
ipOutRequests(10)
ipOutDiscards (11)
ipReasmOKs (15)
ipReasmReqds (14)
ipReasmTimeout (13)
ipOutNoRoutes (12)
MIB, IP Group
ip
(mib-2 4)
Gateway or router
TTL in IP header
Total # packets
received from interfaces
# of discarded datagrams
due to header errors
ipForwarding (1)
ipRoutingDiscards (23)
ipDefaultTTL (2)
ipNetToMediaTable (22)
ipInReceives (3)
ipRouteTable (21)
ipInHdrErrors (4)
ipAddrTable (20)
ipInAddrErrors (5)
ipFragCreates (19)
ipFragFails (18)
ipForwDatagrams (6)
ipInUnknownProtos (7)
ipFragOKs (17)
ipInDiscards (8)
ipReasmFails (16)
ipInDelivers (9)
ipOutRequests(10)
ipOutDiscards (11)
ipReasmOKs (15)
ipReasmReqds (14)
ipReasmTimeout (13)
ipOutNoRoutes (12)
MIB, IP Group
ipAddrTable
(ip 20)
ipAddrEntry
(ipAddrTable 1)
ipAdEntReasmMaxSize (5)
ipAdEntAddr (1)
ipAdEntIfIndex (2)
ipAdEntBcastAddr (4)
ipAdEntNetMask
(3)
Entity
ipAddrTable
ipAddrEntry
OID
ip 20
IpAddrTable 1
ipAdEntAddr
IpAddrEntry 1
ipAdEntIfIndex
IpAddrEntry 2
ipAdEntNetMask
IpAddrEntry 3
ipAdEntBcastAddr
ipAdEntReasmMaxSize
IpAddrEntry 4
IpAddrEntry 5
Description (brief)
Table of IP addresses
One of the entries in the IP address
table
The IP address to which this entry's
addressing information pertains
Index value of the entry, same as
ifIndex
Subnet mask for the IP address of
the entry
Broadcast address indicator bit
Largest IP datagram that can be
reassembled on this interface
MIB, IP Group
Contains information used for
Internet routing
ipRouteTable information is
useful for: configuration
monitoring, controlling the
routing process as well as fault
isolation
ipRouteTable
(ip 21)
ipRouteEntry
ipRouteTable (1)
ipRouteDest (1)
ipRouteInfo (13)
ipRouteMetric5
ipRouteIfIndex (2)
(12)
ipRouteMetric1 (3)
ipRouteMask 11)
ipRouteMetric2 (4)
ipRouteAge (10)
ipRouteMetric3 (5)
ipRouteProto (9)
ipRouteMetric4 (6)
ipRouteType (8)
ipRouteNextHop (7)
connection-oriented TCP
tcp
(mib-2 6)
tcpOutRsts (15)
tcpRtoAlgorithm (1)
tcpInErrors (14)
tcpRtoMin (2)
tcpConnTable 13)
tcpRtoMax (3)
tcpRetranSegs (12)
tcpMaxConn (4)
tcpOutSegs (11)
tcpActiveOpens (5)
tcpPassiveOpens (6)
tcpInSegs (10)
Minimum value for
tcpAttemptFails (7)
tcpCurrEstab (9)
retransmission timer
tcpEstabResets (8)
# segments
retransmitted
# segments
received
# segments
sent
tcpConnState (1)
tcpConnLocalAddress (2)
tcpCommRemPort (5)
tcpConnRemAddress(4)
tcpConnLocalPort (3)
Reside in management
stations and network
elements
Manager and agent
Pairing of both entities
forms SNMP community
Administrative model
defines administrative
relationship between
communicating entities
Communication processes
(PDU handlers)
Peer processes that support
application entities
SNMP Manager
SNMP Manager
SNMP Manager
Authentication Scheme
Authentication Scheme
Authentication Scheme
Authentic Messages
Authentication Scheme
SNMP Agent
no encryption
READONLY
READWRITE
read-only
write-only
read-write
Object 1
Object 2
Object 3
Object 4
not-accessible
SNMP Agent
Operations on an object is
MIB Access
Community
Agent 1
Community Profile 1
Community Profile 2
Agent 2
access policy
Agents 1 and 2
Manager 1 manages
community 1, manager 2
community 2,and manager
3 (MoM) both
communities 1 and 2
Community 1
Agent 1
Community Profile 1
Community Profile 2
Agent 2
Example: Enterprise
management
Manager 3
(Community 1, Community 2)
Community 2
Agent 3
Community Profile 3
Community Profile 4
Manager 2
(Community 2)
Agent 4
SNMP community
elements to be managed
by an SNMP manager
An SNMP MIB is
created to handle the
non-SNMP objects
SNMP Manager
(Community 1)
SNMP
Agent
Proxy Agent
SNMP Community
non-SNMP
Community
Message Format
version
community
application entities
Communication between
remote peer processes
Message consists of :
Version identifier
Community name
data
Message Format
version
community
data
3 different versions:
SNMPv1, SNMPv2, SNMPv3
community
data
requestid
errorstatus
errorindex
variable-bindings
request-id:
name
value
VarBindList
var-bind 2
name
value
...
VarBind
::= SEQUENCE {
name ObjectName,
value ObjectSyntax
}
ObjectName
var-bind n
name
value
Time
Stamp
variable-bindings