Uncategorized

SNMP – A Holistic view

Sending
User Rating 5 (1 vote)

“The world of network/system management starts and ends today with SNMP “.. is that an understatement.. absolutely not … at least not to the extent of people who look for monitoring most of the network related parameters and te basic hardware related monitoring of servers(blame the manufactures who don't expose everything to SNMP ) .. Now , lets look at SNMP in detail..

SNMP – Simple Network Management Protocol is based on UDP (transmits information as packets rather than as a continuous flow of information as in TCP ) . Its used in devices which are IP addressable to detect events which require attention from administrators . Its defined by the IETF and forms a part of the IP suite . Going deeper into it, it consists of an application layer protocol, a database schema and a set of data objects.

Now, coming to what it does, its a medium using which we can figure out the information which helps us assess the conditions/parameters on the objects which helps us understand what's going on in a system.

Lets look at how the whole setup works.. it basically works in a client server model , where we have a manager or a Network Management System, which queries the SNMP agent which resides on the individual managed systems (what an irony !!) . These queries are answered by the agents, in the form of UDP packets, which provides system configuration information about the managed system, The manager does the job of collating all the information which it receives from each of these agents and provides them as information to the end-user in the form he want ..

The SNMP agent exports the information on the managed system in the form of variables and also has the ability to accept values from outside and update the variables which enables a user to control a system remotely.The variables are organized hierarchically and as a unit, including the metadata(type and description of the variable) are described as an MIB or a Management Information Base.

Now, lets look at the basic components of a management environment…..

NMS OverviewNMS – A birds eye view

The center of it all, we have a network management system, which is basically a costly piece of Software if we buy from a big vendor ( IBM Tivoli, EMC Smarts,CA Spectrum )  which does the  job of  polling each SNMP agent on the systems that we want to manage (be it a router,switch or a server ) .

Then comes the agent which does the job of collating all the information on the managed system to a format which is readable to the management system  . The agent organizes this data as a MIB the description of which is given above.  A management system address each managed device using  its IP address thus leveraging the IP stack. The data within the MIB is addressed as object identifiers ( OIDs ) . Each OID represents a variable on the managed system which can be read (for retrieving information ) or modified (to control system behavior) .

There are two types of communication which is possible using an SNMP agent .. the first is the normal querying which is explained above. The second type is a trap, which is a means by which the agent can communicate an error condition to the management system .

The Seven PDUs possible using SNMP are as described below…

GetRequest

Retrieve the value of a variable or list of variables. Desired variables are specified in variable bindings (values are not used). Retrieval of the specified variable values is to be done as an atomic operation by the agent. A Response with current values is returned.

SetRequest

Change the value of a variable or list of variables. Variable bindings are specified in the body of the request. Changes to all specified variables are to be made as an atomic operation by the agent. A Response with (current) new values for the variables is returned.

GetNextRequest

Returns a Response with variable binding for the lexicographically next variable in the MIB. The entire MIB of an agent can be walked by iterative application of GetNextRequest starting at OID 0. Rows of a table can be read by specifying column OIDs in the variable bindings of the request.

GetBulkRequest

Optimized version of GetNextRequest. Requests multiple iterations of GetNextRequest and returns a Response with multiple variable bindings walked from the variable binding or bindings in the request. PDU specific non-repeaters and max-repetitions fields are used to control response behavior. GetBulkRequest was introduced in SNMPv2.

Response

Returns variable bindings and acknowledgement for GetRequest, SetRequest, GetNextRequest, GetBulkRequest and InformRequest. Error reporting is provided by error-status and error-index fields. Although it was used as a response to both gets and sets, this PDU was called GetResponse in SNMPv1.

Trap

Asynchronous notification from agent to manager. Includes current sysUpTime value, an OID identifying the type of trap and optional variable bindings. Destination addressing for traps is determined in an application specific manner typically through trap configuration variables in the MIB. The format of the trap message was changed in SNMPv2 and the PDU was renamed SNMPv2-Trap.

InformRequest

Acknowledged asynchronous notification from manager to manager. This PDU use the same format as the SNMPv2 version of Trap. Manager-to-manager notifications were already possible in SNMPv1 (using a Trap), but as SNMP commonly runs over UDP where delivery is not assured and dropped packets are not reported, delivery of a Trap was not guaranteed. InformRequest fixes this by sending back an acknowledgement on receipt. Receiver replies with Response parroting all information in the InformRequest. This PDU was introduced in SNMPv2.

Now to wind up , lets look at the three different versions of SNMP ..

SNMPv1 was the standard version of SNMP. The SNMPv2 was created as an update of SNMPv1 with several features. The key enhancements of SNMPv2 are focused on the SMI, Manager-to-manager capability, and protocol operations. The SNMPv2c combined the community-based approach of SNMPv1 with the protocol operation of SNMPv2 and omitted all SNMPv2 security features.

One notable deficiency in SNMP was the difficulty in monitoring networks, as opposed to nodes on networks. A substantial functional enhancement to SNMP was achieved by the definition of a set of standardized management objects referred to as the Remote Network Monitoring MIB (RMON MIB) objects. Another major deficiency in SNMP was the complete lack of security facilities. The development of SNMPv3 was based on the security issues. SNMPv3 defines two security-related capabilities, namely USM and VACM…. lets look at those in detail later on …

Source: From my lost blog : http://harisudhakar.wordpress.com/category/technical/

Share your Thoughts