Network management protocols

Basic concepts and Simple Network Management Protocol (SNMP)

Structure of Management Information

Management Information Base (MIB)

Remote Monitoring (RMON)

Lexicographic Ordering

Protocol and Application Security

 Basic concepts of Simple Network Management Protocol (SNMP)

A network management system is an integrated collection of

tools for network monitoring and control.
• Single operator interface
• Minimal amount of separate equipment.
• Software and network communications capability built into the existing
equipment

Implemented on the application layer of the networking stack

3
 SNMP basic components and their functionalities

SNMP Manager:
• A manager or management system is a separate entity that is
responsible to communicate with the SNMP agent implemented
network devices.
• It is a centralised system used to monitor network. It is also known as
Network Management Station (NMS)
• This is typically a computer that is used to run one or more network
management systems.

SNMP Manager’s key functions

• Queries agents
• Gets responses from agents
• Sets variables in agents
• Acknowledges asynchronous events from agents 4
 SNMP basic components and their functionalities

Managed Devices:
• A managed device or the network element is a part of the
network that requires some form of monitoring and management
• example routers, switches, servers, workstations, printers, UPSs,
etc...

Management Information Base

• consists of information of resources that are to be managed.
• These information is organised hierarchically.
• It consists of objects instances which are essentially variables.

5
 SNMP basic components and their functionalities

SNMP Agent:
• The program that is packaged within the network element. Enabling
the agent allows it to collect the management information database
from the device locally and makes it available to the SNMP
manager, when it is queried for.
• These agents could be standard (e.g. Net-SNMP) or specific to a
vendor (e.g. HP insight agent)

SNMP agent’s key functions

• Collects management information about its local environment
• Stores and retrieves management information as defined in the MIB.
• Signals an event to the manager.
• Acts as a proxy for some non–SNMP manageable network node.
6
 Basic commands of SNMP
GetRequest
SNMP manager sends this message to request data from SNMP
agent.
• It is simply used to retrieve data from SNMP agent.
• In response to this, SNMP agent responds with requested value
through response message.

GetNextRequest
This message can be sent to discover what data is available on a
SNMP agent.
• The SNMP manager can request for data continuously until no more data
is left.
• In this way, SNMP manager can take knowledge of all the available data
on SNMP agent. 7
 Basic commands of SNMP
GetBulkRequest – This message is used to retrieve large data at once
by the SNMP manager from SNMP agent.
• It is introduced in SNMPv2c.

SetRequest – It is used by SNMP manager to set the value of an object

instance on the SNMP agent.

Response – It is a message send from agent upon a request from

manager.
• When sent in response to Get messages, it will contain the data
requested.
• When sent in response to Set message, it will contain the newly set value
as confirmation that the value has been set. 8
 Basic commands of SNMP
Trap – These are the message send by the agent without being requested
by the manager.
• It is sent when a fault has occurred.

InformRequest – It was introduced in SNMPv2c, used to identify if the

trap message has been received by the manager or not.
• The agents can be configured to set trap continuously until it receives an
Inform message.
• It is same as trap but adds an acknowledgement that trap doesn’t
provide.

9
 Management Information Base
MIB is collection of network information.
Contains the real values of managed objects in the agent in the
form of variables, tables of variables.
• Access - through network management protocol.
• managed objects in MIB - represent characteristics of a
managed device.
• Changes is done in agent MIB.
• MIB definition is available in manager.

10
 Structure of Management Information
o Defines the data types allowed in MIB.
o Defines naming structure for each managed objects
(MO).
o Typically each MIB objects has six attributes

• Object Name
• Object Identifier
• Syntax Field
• Access field
• Status Field
• Text Descriptor

11
 SNMP versions
SNMP Version1
• Introduced in 1988
• SNMP protocol facilitates communication between managed
device and SNMP manager.
• Five messages was introduced in SNMP v1.

GetRequest. SetRequest, GetNextRequest(Manager to Agent)

Trap, Response (Agent to Manager)

Communication is via SNMP Protocol Data Units (PDUs) that are

typically encapsulated in UDP packets.
12
 SNMP versions
Issues with SNMP v1
• Security- Very low standards.
• Passwords transmitted as plain text.
• No provision for authenticating message source.
• MIBs were not secured .
• Limited number of error handling

13
 SNMP versions
SNMP v2
o Improvement over SNMP v1.
o Improved security feature.
o added manager to manager communication.
o Four version of SNMP v2- SNMP v2p, SNMP v2c, SNMP v2u, SNMPv2*.
o Bulk Data Transfer
• GetBulkRequest message was added.
• Manager can request multiple values from agent via this message.
• faster retrieval of multiple records
o Manager to Manager communication
• InformRequest -information sharing between two SNMP manager.
o Improved error handling
SNMPv2 includes expanded error code that distinguishes kind of error
condition. 14
 SNMP versions
SNMP v3
o A general framework for all three SNMP versions.
• Implements SNMP v1 and v2 specifications along with proposed new features.
o Improved security feature.
o Secure remote configuration.
Protection against modification of information
SNMP v3 Security
o Majorsecurityimprovementofv3fromearlierversionsare
• Message Integrity -ensures that data has not been modified or tampered while in
transit.
• Authentication-checks if the message is from an authorized source.
• Encryption-encrypt the data to prevent others from seeing the content.
o Data can be collected securely from SNMP devices without fear of
the data being tampered with or corrupted.
15
SNMP v3 Architecture

16
 SNMP v3 Engine

SNMP engine provides services for sending, receiving messages, authenticating and
encrypting messages, and controlling access to managed objects.

o Dispatcher- support concurrent multiple SNMP message.

• Send and receive SNMP message to and from the network.

• Determine SNMP version and forward to corresponding message processing

subsystem.

• Interface between network and SNMP applications.

17
 SNMP v3 Engine
o Message processing Subsystem
• Prepares message for sending in network.
• Extract information from received message.

o Security Subsystem
• Provides security services-authentication, encryption etc.
• Contains multiple subsystem.

o Access Control System

• Provides authorization services.

18
 SNMP v3 Applications
o Command Generator
• used to generate get-request, get-next-request, get-bulk and set-
request messages.
• also processes response received from the sent commands.
o Command Responder
• Processes the get and set request destined for it.
o Notification Receiver
• Receives asynchronous messages and processes that.
o Notification Originator
• Initiates asynchronous messages or traps.
o Proxy Forwarder
• Forwards requests and notification to other SNMP engines,
according to context
• No matter what MO information contained in it.
19
 SNMP
There are two approaches for the management system to obtain
information from SNMP

o Traps
o Polling

20
 SNMP Traps
When an event happens on a network device a trap is sent to the
network management system
o A trap will contain:
• Network device name
• Time the event happened
• Type of event
o Resources are required on the network device to generate a trap
o When a lot of events occur, the network bandwidth may be tied
up with traps – Thresholds can be used to help
o Because the network device has a limited view, it is possible the
management system has already received the information and
the trap is redundant

21
 Trap
Traps are unrequested event reports that are sent to a
management system by an SNMP agent process
•When a trappable event occurs, a trap message is generated by the
agent and is sent to a trap destination (a specific, configured network
address)

•Many events can be configured to signal a trap, like a network cable

fault, failing NIC or Hard Drive, a “General Protection Fault”, or a
power supply failure

•Traps can also be throttled - You can limit the number of traps sent
per second from the agent

•Traps have a priority associated with them - Critical, Major, Minor,

Warning, Marginal, Informational, Normal, Unknown
22
 Trap Receiver
Traps are received by a management application.
Management applications can handle the trap in a few ways:
• Poll the agent that sent the trap for more information about the
event, and the status of the rest of the machine.
• Log the reception of the trap.
• Completely ignore the trap.

Management applications can be set up to

• send off an email
• call a voice mail and leave a message
• send an alphanumeric page to the network administrator’s pager

23
 SNMP Polling
The network management system periodically queries the
network device for information

o The advantage is the network management system is in

control and knows the “big picture”

o The disadvantage is the amount of delay from when an

event occurs to when it is noticed
• Short interval, network bandwidth is wasted
• Long interval, response to events is too slow

24
 SNMP
When an event occurs, the network device generates a
Traps/Polling
simple trap

o The management system then polls the network device

to get the necessary information

o The management system also does low frequency polling

as a backup to the trap

25
 Remote Monitoring (RMON)
o A standard specification that facilitates the monitoring of network
operational activities through the use of remote devices known as
monitors or probes.
o Assists network administrators (NA) with efficient network

o infrastructure control and

Developed to address the management .
issue of remote site and local area
network (LAN) segment management from a centralized location.
o The RMON standard specifies a group of functions and statistics
that may be exchanged between RMON compatible network
probes and console managers.
o RMON performs extensive network-fault detection and provides
26
 RMON Components

RMON: Remote Network

Monitoring
Data SNMP BACKBONE SNMP RMON
Analyzer Traffic NETWORK Traffic Probe
Router Router

LAN

RMON Probe
• Data gatherer - a physical device
Data analyzer
• Processor that analyzes data

27
 Networks with RMONs
Remote FDDI LAN

Router with FDDI Probe

RMON

FDDI
Backbone Network
Router Bridge

Local LAN

Router

NMS Ethernet
Remote Token Ring LAN Probe

Token Ring
Probe

Figure 8.1 Network Configuration with RMONs

28