Francais | English | Espanõl

Simple Network Management Protocol

From Wikipedia, the free encyclopedia

Jump to: navigation, search

Internet protocol suite

5. Application layer

DNS, TLS/SSL, TFTP, FTP, HTTP, IMAP4, IRC, MIME, POP3, SIP, SMTP, SNMP, SSH, TELNET, RTP, SDP, …

4. Transport layer

TCP, UDP, RSVP, DCCP, SCTP, …

3. Network layer

IP (IPv4, IPv6), ICMP, IGMP, ARP, RARP, …

2. Data link layer

Ethernet, Wi-Fi, PPP, FDDI, ATM, Frame Relay, GPRS, Bluetooth, …

1. Physical layer

Modems, ISDN, SONET/SDH, RS232, USB, Ethernet physical layer, Wi-Fi, GSM, Bluetooth, …

edit

el:Πρότυπο:Στοίβα Πρωτοκόλλων

fr:Modèle:Pile de protocoles pt:Predefinição:ProtocolosIP vi:Tiêu bản:IPstack The simple network management protocol (SNMP) forms part of the internet protocol suite as defined by the Internet Engineering Task Force (IETF). More specifically, it is a Layer 7 or Application Layer protocol that is used by network management systems for monitoring network-attached devices for conditions that warrant administrative attention.

More exactly SNMP in reality refers to a set of standards for network management, including a protocol, a database structure specification, and a set of data objects.

Authored by IETF SNMP has emerged out of the ISO/OSI Network management model , along with CMIP , it's correspondent by ITU-T

1 Management Information Base (MIBs)
- 1.1 Abstract Syntax Notation One (ASN.1)
2 SNMP Basic Components

[edit] Management Information Base (MIBs)

The SNMP's extensible design is achieved with management information bases (MIBs), which specify the management data of a device subsystem, using a hierarchical namespace containing object identifiers, implemented via ASN.1. The MIB hierarchy can be depicted as a tree with a nameless root, the levels of which are assigned by different organizations. This model permits management across all layers of the OSI reference model, extending into applications such as databases, email, and the Java EE reference model, as MIBs can be defined for all such area-specific information and operations.

A MIB is a collection of information that is organized hierarchically. MIBs are accessed using a network-management protocol such as SNMP. They are comprised of managed objects and are identified by object identifiers.

A managed object (sometimes called a MIB object, an object, or a MIB) is one of any number of specific characteristics of a managed device. Managed objects are comprised of one or more object instances, which are essentially variables.

Two types of managed objects exist:

Scalar objects define a single object instance.
Tabular objects define multiple related object instances that are grouped in MIB tables.

An example of a managed object is atInput, which is a scalar object that contains a single object instance, the integer value that indicates the total number of input AppleTalk packets on a router interface.

An object identifier (or object ID or OID) uniquely identifies a managed object in the MIB hierarchy. The MIB hierarchy can be depicted as a tree with a nameless root, the levels of which are assigned by different organizations. The top-level MIB object IDs belong to different standards organizations, while lower-level object IDs are allocated by associated organizations.

[edit] Abstract Syntax Notation One (ASN.1)

In telecommunications and computer networking, Abstract Syntax Notation One (ASN.1) is a standard and flexible notation that describes data structures for representing, encoding, transmitting, and decoding data. It provides a set of formal rules for describing the structure of objects that are independent of machine-specific encoding techniques and is a precise, formal notation that removes ambiguities.

ASN.1 is a joint ISO and ITU-T standard, originally defined in 1984 as part of CCITT X.409:1984. ASN.1 moved to its own standard, X.208, in 1988 due to wide applicability. The substantially revised 1995 version is covered by the X.680 series.

[edit] SNMP Basic Components

An SNMP-managed network consists of three key components:

1. Managed devices 2. Agents 3. Network-management systems (NMSs)

A managed device is a network node that contains an SNMP agent and that resides on a managed network. Managed devices collect and store management information and make this information available to NMSs using SNMP. Managed devices, sometimes called network elements, can be routers and access servers, switches and bridges, hubs, computer hosts, or printers.

An agent is a network-management software module that resides in a managed device. An agent has local knowledge of management information and translates that information into a form compatible with SNMP.

An NMS executes applications that monitor and control managed devices. NMSs provide the bulk of the processing and memory resources required for network management. One or more NMSs must exist on any managed network.

[edit] Architecture

The SNMP framework consists of master agents, subagents and management stations..

[edit] Master Agent

A master agent is a piece of software running on an SNMP-capable network component, for example a router that responds to SNMP requests from the management station. Thus it acts as a server in client-server architecture terminology or as a daemon in operating system terminology. A master agent relies on subagents to provide information about the management of specific functionality.

Master agents can also be referred to as managed objects.

[edit] Subagent

A subagent is a piece of software running on an SNMP-capable network component that implements the information and management functionality defined by a specific MIB of a specific subsystem, for example the ethernet link layer. Some capabilities of the subagent are:

Gathering information from managed objects
Configuring parameters of the managed objects
Responding to managers' requests
Generating alarms or traps

[edit] Management Station

The manager or management station is the final component in the SNMP architecture. It functions as the equivalent of a client in the client-server architecture. It issues requests for management operations on behalf of an administrator or application and receives traps from agents as well.

[edit] The SNMP protocol

[edit] SNMPv1 and ASN.1 Data Types

The SNMPv1 SMI specifies that all managed objects have a certain subset of Abstract Syntax Notation One (ASN.1) data types associated with them. Three ASN.1 data types are required:

 The name serves as the object identifier (object ID).  The syntax defines the data type of the object (for example, integer or string). The SMI uses a subset of the ASN.1 syntax definitions.  The encoding data describes how information associated with a managed object is formatted as a series of data items for transmission over the network.

[edit] SNMPv1 and SMI-Specific Data Types

The SNMPv1 SMI specifies the use of a number of SMI-specific data types, which are divided into two categories:  Simple data types  Application-wide data types.

Three simple data types are defined in the SNMPv1 SMI, all of which are unique values: 1. The integer data type is a signed integer in the range of -2,147,483,648 to 2,147,483,647. 2. Octet strings are ordered sequences of 0 to 65,535 octets. 3. Object IDs come from the set of all object identifiers allocated according to the rules specified in ASN.1.

Seven application-wide data types exist in the SNMPv1 SMI: network addresses, counters, gauges, time ticks, opaques, integers, and unsigned integers. 1. Network addresses represent an address from a particular protocol family. SNMPv1 supports only 32-bit IP addresses. 2. Counters are non-negative integers that increase until they reach a maximum value and then return to zero. In SNMPv1, a 32-bit counter size is specified. 3. Gauges are non-negative integers that can increase or decrease but that retain the maximum value reached. 4. A time tick represents a hundredth of a second since some event. 5. An opaque represents an arbitrary encoding that is used to pass arbitrary information strings that do not conform to the strict data typing used by the SMI. 6. An integer represents signed integer-valued information. This data type redefines the integer data type, which has arbitrary precision in ASN.1 but bounded precision in the SMI. 7. An unsigned integer represents unsigned integer-valued information and is useful when values are always non-negative. This data type redefines the integer data type, which has arbitrary precision in ASN.1 but bounded precision in the SMI.

[edit] SNMPv1 MIB Tables

The SNMPv1 SMI defines highly structured tables that are used to group the instances of a tabular object (that is, an object that contains multiple variables). Tables are composed of zero or more rows, which are indexed in a way that allows SNMP to retrieve or alter an entire row with a single Get, GetNext, or Set command.

[edit] SNMPv2 and Structure of Management Information

The SNMPv2 SMI is described in RFC 1902. It makes certain additions and enhancements to the SNMPv1 SMI-specific data types, such as including bit strings, network addresses, and counters. Bit strings are defined only in SNMPv2 and comprise zero or more named bits that specify a value. Network addresses represent an address from a particular protocol family. SNMPv1 supports only 32-bit IP addresses, but SNMPv2 can support other types of addresses as well. Counters are non-negative integers that increase until they reach a maximum value and then return to zero. In SNMPv1, a 32-bit counter size is specified. In SNMPv2, 32-bit and 64-bit counters are defined.

The SNMP protocol operates at the application layer (layer 7) of the OSI model. It specifies (in version 1) five core protocol data units (PDUs):

GET REQUEST - used to retrieve a piece of management information.
GETNEXT REQUEST - used iteratively to retrieve sequences of management information.
GET RESPONSE - used agent responds with data to get and set requests from the manager.
SET REQUEST - used to initialise and make a change to a value of the network element.
TRAP - used to report an alert or other asynchronous event about a managed subsystem. In SNMPv1, asynchronous event reports are called traps while they are called notifications in later versions of SNMP. In SMIv1 MIB modules, traps are defined using the TRAP-TYPE macro; in SMIv2 MIB modules, traps are defined using the NOTIFICATION-TYPE macro.

Other PDUs were added in later versions, including:

GETBULK REQUEST - a faster iterator used to retrieve sequences of management information.
INFORM - an acknowledged trap.

Typically, SNMP uses UDP ports 161 for the agent and 162 for the manager. The Manager may send Requests from any available ports (source port) to port 161 in the agent (destination port). The agent response will be given back to the source port. The Manager will receive traps on port 162. The agent may generate traps from any available port.

[edit] SNMPv2 SMI Information Modules

The SNMPv2 SMI also specifies information modules, which specify a group of related definitions. Three types of SMI information modules[4] exist: MIB modules, compliance statements, and capability statements.  MIB modules contain definitions of interrelated managed objects.  Compliance statements provide a systematic way to describe a group of managed objects that must be implemented for conformance to a standard.  Capability statements are used to indicate the precise level of support that an agent claims with respect to a MIB group. An NMS can adjust its behavior toward agents according to the capabilities statements associated with each agent.

[edit] Development and Usage

[edit] Version 1

SNMP version 1 (SNMPv1) is the initial implementation of the SNMP protocol. SNMPv1 operates over protocols such as User Datagram Protocol (UDP), Internet Protocol (IP), OSI Connectionless Network Service (CLNS), AppleTalk Datagram-Delivery Protocol (DDP), and Novell Internet Packet Exchange (IPX). SNMPv1 is widely used and is the de facto network-management protocol in the Internet community.

The first RFCs for SNMP, now known as Simple Network Management Protocol version 1, appeared in 1988:

RFC 1065 — Structure and identification of management information for TCP/IP-based internets
RFC 1066 — Management information base for network management of TCP/IP-based internets
RFC 1067 — A simple network management protocol

These protocols were obsoleted by:

RFC 1155 — Structure and identification of management information for TCP/IP-based internets
RFC 1156 — Management information base for network management of TCP/IP-based internets
RFC 1157 — A simple network management protocol

Version 1 has been criticized for its poor security. Authentication of clients is performed only by a "community string", in effect a type of password, which is transmitted in cleartext. The '80s design of SNMP V1 was done by a group of collaborators who viewed the officially sponsored OSI/IETF/NSF (National Science Foundation) effort (HEMS/CMIS/CMIP) as both unimplementable in the computing platforms of the time as well as potentially unworkable. SNMP was approved based on a belief that it was an interim protocol needed for taking steps towards large scale deployment of the Internet and its commercialization. In that time period Internet-standard authentication/security was both a dream and discouraged by focused protocol design groups.

[edit] Version 2

Version 2 was not widely adopted due to serious disagreements over the security framework in the standard.

Simple Network Management Protocol version 2 (RFC 1441–RFC 1452), also known as SNMP v2 or SNMP v2p, revises version 1 and includes improvements in the areas of performance, security, confidentiality, and manager-to-manager communications. It introduced GETBULK, an alternative to iterative GETNEXTs for retrieving large amounts of management data in a single request. However, the new party-based security system in SNMP v2, viewed by many as overly complex, was not widely accepted. Community-Based Simple Network Management Protocol version 2, or SNMP v2c, is defined in RFC 1901–RFC 1908. In its initial stages, this was also informally known as SNMP v1.5. SNMP v2c comprises SNMP v2 without the controversial new SNMP v2 security model, using instead the simple community-based security scheme of SNMP v1. While officially only a "Draft Standard", this is widely considered the de facto SNMP v2 standard.

User-Based Simple Network Management Protocol version 2, or SNMP v2u, is defined in RFC 1909–RFC 1910. This is a compromise that attempts to offer greater security than SNMP v1, but without incurring the high complexity of SNMP v2. A variant of this was commercialized as SNMP v2*, and the mechanism was eventually adopted as one of two security frameworks in SNMP v3.

[edit] SNMPv2 Interoperability

As presently specified, SNMPv2 is incompatible with SNMPv1 in two key areas: message formats and protocol operations. SNMPv2 messages use different header and protocol data unit (PDU) formats than SNMPv1 messages. SNMPv2 also uses two protocol operations that are not specified in SNMPv1. Furthermore, RFC 1908 defines two possible SNMPv1/v2 coexistence strategies: proxy agents and bilingual network-management systems.

[edit] Proxy Agents

An SNMPv2 agent can act as a proxy agent on behalf of SNMPv1 managed devices, as follows: • An SNMPv2 NMS issues a command intended for an SNMPv1 agent. • The NMS sends the SNMP message to the SNMPv2 proxy agent. • The proxy agent forwards Get, GetNext, and Set messages to the SNMPv1 agent unchanged. • GetBulk messages are converted by the proxy agent to GetNext messages and then are forwarded to the SNMPv1 agent. The proxy agent maps SNMPv1 trap messages to SNMPv2 trap messages and then forwards them to the NMS.

[edit] Bilingual Network-Management System

Bilingual SNMPv2 network-management systems support both SNMPv1 and SNMPv2. To support this dual-management environment, a management application in the bilingual NMS must contact an agent. The NMS then examines information stored in a local database to determine whether the agent supports SNMPv1 or SNMPv2. Based on the information in the database, the NMS communicates with the agent using the appropriate version of SNMP.

[edit] Version 3

The IETF recognizes Simple Network Management Protocol version 3 as defined by RFC 3411–RFC 3418 (also known as STD0062) as the current standard version of SNMP as of 2004. The IETF considers earlier versions as "Obsolete" or "Historical".

In practice, SNMP implementations often support multiple versions: typically SNMPv1, SNMPv2c, and SNMPv3. See RFC 3584 "Coexistence between Version 1, Version 2, and Version 3 of the Internet-standard Network Management Framework".

SNMPv3 provides three important services: authentication, privacy and access control.

[edit] Usage Examples

Monitoring device uptimes (sysUpTimeInstance)
Inventory of OS versions (sysDescr)
Collect interface information (ifName, ifDescr, ifSpeed, ifType, ifPhysAddr)
Measuring network interface throughput (ifInOctets, ifOutOctets)
Querying a remote ARP cache (ipNetToMedia)

[edit] Applying SNMP

[edit] snmpwalk

The output below is taken from snmpwalk (a Net-SNMP application) performed on a router, and shows general information about the device.

snmpwalk -c public punch system
SNMPv2-MIB::sysDescr.0 = STRING: Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-IO3-M), Version 12.2(15)T5,  RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Thu 12-Jun-03 15:49 by eaarm
SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.9.1.187
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (835747999) 96 days, 17:31:19.99
SNMPv2-MIB::sysContact.0 = STRING: wikiuser
SNMPv2-MIB::sysName.0 = STRING: punch
SNMPv2-MIB::sysLocation.0 = STRING: test
SNMPv2-MIB::sysServices.0 = INTEGER: 78
SNMPv2-MIB::sysORLastChange.0 = Timeticks: (0) 0:00:00.00

[edit] Router graphing software

Much data about the performance, load and error rates of network elements like routers and switches can be gathered through SNMP. There are tools which can gather this data on a regular basis and produce graphs from it. Such graphs can be interpreted by network administrators to evaluate network performance, identify (potential) bottlenecks and help in (re)designing a network.

Example tools of this type are Multi Router Traffic Grapher and Cacti.

[edit] Caveats of SNMP

[edit] Autodiscovery

SNMP by itself is simply a protocol for collecting and organizing information. Most toolsets implementing SNMP offer some form of discovery mechanism, a standardized collection of data common to most platforms and devices, to get a new user or implementor started. One of these features is often a form of automatic discovery, where new devices discovered in the network are polled automatically. For SNMPv1 and SNMPv2c, this presents a security risk, in that your SNMP read communities will be broadcast in cleartext to the target device. While security requirements and risk profiles vary from organization to organization, care should be taken when using a feature like this, with special regard to common environments such as mixed tenant datacenters, server hosting and colocation facilities, and similar environments.

[edit] Negative Impact

SNMP implementations vary across platform vendors. In some cases, SNMP is often an added feature, and not an element of the core design. SNMP's tree structure and linear indexing may not always mate well with the internal data structures that are elements of a platform's basic design. Using SNMP to query certain data sets may result in high CPU utilization that has negative effects on operation. One example of this would be large routing tables, such as BGP or IGP.

[edit] Index Shifting

Modular devices may renumber their indexes whenever slotted hardware is added or removed. Index values are typically assigned at boot time and remain fixed until the next reboot. Hardware added while the device is 'live' may have their indexes assigned at the end of the existing range, only to be reassigned at the next reboot, causing a massive shift for all hardware objects that are polled *after* the new addition. Network inventory and monitoring tools may then experience corruption and mismatch polled data, if unable to account for this behaviour.

[edit] Security Implications

Not implementing encryption versions 1 and 2c are subject to packet sniffing of the clear text community string from the network traffic
Not implementing challenges all versions are subject to bruteforce and dictionary attacks for guessing the community strings/authentification strings
Being UDP based hence connectionless and vulnerable to IP spoofing attacks all versions are subject to bypassing access lists that might have been implemented to restrict snmp access.
Providing configuration/write features that are mostly overlooked by the read/reporting features the protocol is often forgotten and/or misconfigured and can be used to cause much damage.
SNMP tops the list of SANS Common Default Configuration Issues with the issue of default SNMP community strings set to ‘public’ and ‘private’ and is number ten on the SANS The Top 10 Most Critical Internet Security Threats

For more detail on SNMP security implications see the CERT SNMP Vulnerabilities FAQ

[edit] Proxy Agent

[edit] See also

Management information base (MIB)
Object identifier (OID)
Remote monitoring (RMON)
AgentX
SMUX
Simple Gateway Monitoring Protocol (SGMP)
Common management information protocol (CMIP)
Common management information service (CMIS)
CMIP over TCP/IP (CMOT)

Net-SNMP formerly UCD-SNMP snmp server/agent

[edit] External links

[edit] Implementations

[edit] Cisco

[edit] RFCs

RFC 1155 — Structure and Identification of Management Information for the TCP/IP-based Internets
RFC 1156 — Management Information Base for Network Management of TCP/IP-based internets
RFC 1157 — A Simple Network Management Protocol (SNMP)
RFC 1441 — Introduction to version 2 of the Internet-standard Network Management Framework
RFC 1213 — Management Information Base for Network Management of TCP/IP-based internets: MIB-II
RFC 3410 (Informational) — Introduction and Applicability Statements for Internet Standard Management Framework
RFC 3411 (Standard 62) — An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks
RFC 3412 (Standard 62) — Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)
RFC 3413 (Standard 62) — Simple Network Management Protocol (SNMP) Application
RFC 3414 (Standard 62) — User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)
RFC 3415 (Standard 62) — View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)
RFC 3416 (Standard 62) — Version 2 of the Protocol Operations for the Simple Network Management Protocol (SNMP)
RFC 3417 (Standard 62) — Transport Mappings for the Simple Network Management Protocol (SNMP)
- RFC 3418 (Standard 62) — Management Information Base (MIB) for the Simple Network Management Protocol (SNMP)
RFC 3512 (Informational) — Configuring Networks and Devices with Simple Network Management Protocol (SNMP)
RFC 3584 (Best Current Practice) — Coexistence between Version 1, Version 2, and Version 3 of the Internet-standard Network Management Frameworkcs:SNMP

Retrieved from "http://en.wikivisual.com/index.php/Simple_Network_Management_Protocol"