SNMP and RMON and CMIP
SNMP and CMIP
Model and Protocol
Commands, Agents, the Structure of Managed Information
V1 and V2
MIBs
RMON I and II
SNMP Components
Protocol
Commands
Agents
Management Information Base (MIB)
Network Management System (NMS)
Display
Anaylsis
Statistics
SNMP Concise History
IETF Processes
Significant Dates: 87-88, 90, 94
Biblical and Interpretive Texts
Key RFC's
1157 SNMP
1213 - MIB II
1441-1452 SNMP v2 and migration
1271 Remote Lan MIB 1243 Appletalk MIB 1285 FDDI MIB
1317 RS232 MIB
1418 SNMP over OSI MIB 1304 SMDS MIB 1407 DS3 MIB 1566
Mail Mon MIB
Key Interpretations
The Simple Book: An Introduction to Management of TCP/IP Based Internets (Rose, 1990)
IBM Network Management Strategy (IBM Systems Journal 1992)
SNMP v1 commands
Get Request - requests information from a network device
Get Response - a network device responds to a request with the
information requested
Get-Next-Request - Get the next data value in a table specified by
the previous Get-request
Set-Request - set a parameter on a network device
Trap - A network device will send out a message when an event occurs
Agents
Managed nodes
Trap
Polling
Trap-directed polling
Proxy agents
Reframing management data if foreign device does SNMP
Application gateway to dissimilar management protocols
Caching of management data
Structure of Managed Information (SMI)
Naming tree for object identifiers
ASN.1 for self-defining structures
Creates MIBS
Allows additions to managed objects down and to the right
Naming tree
ccitt(0) iso(1) joint-iso-ccitt(2)
standard (0) registration-authority(1) member-body(2) identified-org (3)
internet subtrees are directory mgmt experimental private
.iso.org.dod.internet.mgmt.mib.
MIB Syntax
Abstact Syntax Notation (ASN.1)
Examples
Name: system.sysDescr.0
OCTET STRING- (ascii): GS Software (GS7-K), Version 9.17(10), RELEASE
SOFTWARE.Patchlevel = 9.1(11.9).Copyright (c) 198
6-1994 by cisco Systems, Inc..Compiled Thu 30-Ju
n-94 08:55 by pitoscia
Name: system.sysObjectID.0 OBJECT IDENTIFIER:
.iso.org.dod.internet.private.enterprises.9.1.1
Name: system.sysUpTime.0
Timeticks: (192111881) 22 days, 5:38:38
MIB I and II
system - the managed node itself (3 to 7)
interfaces - network attachments (22 to 23)
at - Ip address translation (3 to 0) moved to protocols
ip - the Internet Protocol (33 to 38)
icmp - the Internet Control Protocol (26)
MIB I and II
tcp - the Trnasmission Control Protocol (17 to 19)
udp - the User Datagram Protocol (4 to 7 and a new table)
egp - the Exterior Gateway Protocol (6 to 18 and expanded table)
transmission - objects for specific types of interfaces (new)
snmp - network management (new, with 30 items)
Major System Objects
sysDescr description of the device
sysUptime how long ago the agent started
sysLocation device's physical location
sysServices services identified by layers
physical
datalink
internet
end-end-end
application
Major IP Objects
ipDefaultTTL default TTL for IP packets
ipForwDatagrams datagrams forwarded
ipOutRequests datagrams from above
ipInDiscards datagrams discarded due to resource limitations
ipAdEntNetMask subnet-mask for IP address
ipRoute...
Major TCP Objects
tcpActiveOpens number of active opens
tcpAttemptFails number of failed connection attempts
tcpInSegs number of segments received
tcpRetransSegs number of segments retransmitted
tcpInErrs number of segments discarded due to format error
Sample MIB entries
mastiff[kerry]34% snmpwalk cns-gw community ip.ipRoutingTable.ipRouteEntry.ipRouteNextHop
Name: ip.ipRoutingTable.ipRouteEntry.ipRouteNextHop.0.0.0.0
IpAddress: 128.138.138.1
Name: ip.ipRoutingTable.ipRouteEntry.ipRouteNextHop.128.116.0.0
IpAddress: 128.138.1.9
Name: ip.ipRoutingTable.ipRouteEntry.ipRouteNextHop.128.138.0.0
IpAddress: 0.0.0.0
Sample MIB entries
mastiff[kerry]42% snmpwalk cns-gw community
interfaces.ifTable.ifEntry.ifOperStatus
Name: interfaces.ifTable.ifEntry.ifOperStatus.1
INTEGER: up(1)
Name: interfaces.ifTable.ifEntry.ifOperStatus.2
INTEGER: up(1)
Name: interfaces.ifTable.ifEntry.ifOperStatus.6
INTEGER: down(2)
Name: interfaces.ifTable.ifEntry.ifOperStatus.7
INTEGER: down(2)
Sample MIB entries
mastiff[kerry]40% snmpwalk cns-gw community interfaces.ifTable.ifEntry.ifInOctets
Name: interfaces.ifTable.ifEntry.ifInOctets.1
Counter: 1287392613
Name: interfaces.ifTable.ifEntry.ifInOctets.2
Counter: 1615646393
Sample MIB entries
Name: icmp.icmpInDestUnreachs.0
Counter: 483
Name: icmp.icmpInErrors.0
Counter: 0
Name: icmp.icmpInTimeExcds.0
Counter: 12
Name: icmp.icmpInRedirects.0
Counter: 0
Name: icmp.icmpInEchos.0
Counter: 90556
Name: tcp.tcpActiveOpens.0
Counter: 5
Name: tcp.tcpPassiveOpens.0
Counter: 45
SNMP strengths and weaknesses
+ simplicity
+ ubiquity
+ extensibility
- security
- efficiency
- analytic tools
SNMP v2
Security
encryption/decryption
authentication
access control
Set enhancements
locking and row level access
new data types (e.g. 64-bit counter)
error reporting on SET
GETBULK
Multiple agents on a single platform
Hierarchical network management
Inform command
data transfer between managers
Macros for machine-readable MIB annotation
Multiprotocol transport support, including IPX, Appletalk, CLNP
Enhancements to v1
security
digest authentication protocol
symmetric privacy protocol
SMI extentions
MIB-II extensions
semantics as well as syntax - textual conventions to extend
more operational pdus
getbulkrequest
informrequest
conformance statements and migration strategy
more transport options
Architectural framework
admin framework - parties, context and security
information frame - how can info be structured
operational frame - managment, transport, migration
conformance - requirements and interoperability
The snmpv2 entity
a process (box, domain) that performs netman ops
works with parties
has a local database and contexts
may be
agent
manager
proxy (agent to snmp, manager to alien)
What's a party?
id,
transport mode
address (host/port)
auth
v2md5 or noauth
other auth styles
What's a context?
the objects that are known or can be accessed by an entity
local info or remote through use of a proxy
keeps info about
the db identity
the proxy id
mib view
What's an acl
source party/dest party/context id ===> man ops allowed
man ops are privileges added as powers of 2
get =1 getnext = 2 response = 4 set = 8
getbulk = 32 inform=64 snmpv2trap = 128
v2 security
data integrity
origin authentication
both done with digest authentication protocol
based on clocks (synching), keys and digest
confidentiality
symmetric privacy protocol
based on keys and DES
SMI enhancements
module id semantics
object types semantics
notification definitions
MIB for SNMPv2
snmpmodules tree
snmpMIB (1)
objects
conformance
snmpM2M (2)
partyMIB (3)
snmpobjects
snmpstats object resources
traps v1
snmpcompliance
level of conformance to MIB and protocol specs
New pdu's
getbulk
inform request
Man2Man communication
alarms and events
intermanager communications commands
informrequest
set polling frequencies
RMON
Next generation of network monitoring, with comprehensive fault diagnosis, planning, interoperability and performance tuning features.
Additional packet error counters
More flexible historical trend graphing and statistical analysis
Ethernet level traffic matrix
More comprehensive alarms and sniffer-type filters
Still some ambiguity in interpretations
First net MIB versus other device MIB
First configurable MIB
RMON vs Network Analyzers
Net Analyzers -
dispatched - no standard set of measurements
advanced tools - net-specific components
high-price tag - after the fact monitoring
RMON probes and stations
more basic tools - remote
low-cost - technology independent
historical data
RMON Characteristics
Net or host specific data
Traffic and error statistics
by net -by host - by connection
Packet capture
filters
packet decoding at management station
Dedicated probes or incorporated into hubs and routers
Processor intensive; can be disk intensive
RMON References
RMON - RFC 1271
RMON Token Ring Extensions - RFC 1513
Connexions - January 1994
MIBS for a Typical Token Ring Probe
MIB II - interface variables, system variables, protocol stack counts
Private MIB - Device Configuration, Proprietary Measurements, Trap
Configuration
RMON - host table, matrix table, alarms, events, filters, packet
capture, etc.
TR- MON - MAC Statistics, Data Packet Statistics, History
Statistics, Rind Station Order, Ring State and Other Paramters
RMON MIB Groups
Statistics - interface statistics
packets - octets - errors
Ether area (collisions, runts, jabbers, etc.)
cumulative counts
History - history of statistics per interface
pkts/sec - octets/sec - errors/sec -etc
sampled values
configurable by management station
default values are 5 sec and 30 sec
Alarm - thresholds which generate events
any variable (delta value or absolute value)
statistical counter values, packet matches, changes
trip an event
configurable by management station
RMON MIB Groups (Continued)
Hosts - host statistics for all discovered hosts
pkts/host - octets/host - errors/host
in and out
HostTopN - host group ordered by particular stat and interval
top talkers - top Broadcasters top Error Generator
configurable by management station
sorts the hosts table on request; default is none
Matrix - connection statistics
pkts/connection - octets/connection - errors/connection
built on hosts table
RMON MIB Groups (Continued)
Filter - packet match for filter definition
Data Match - Status Match - Triggers -Match Count
Configurable by management station
Packet Capture - capture of filtered packets
Works with filter group
Buffer Size - Sliced Data
Configurable by management station
Event Group - generation and notification of events RMON
Works with alarm group
Log Event - Send Trap - Turn on data capture
Configurable by management station
Token Ring RMON MIB
Modified Statistics and History groups
counts related to the Token Ring operation (MAC packets)
counts related to data packets and interstation communication
Token Ring RMON MIB Four New Groups
Ring Station
RingStationTable (per station error, beacon, etc)
Control Table (ring status, number of active stations, last
beacon, etc.)
Ring Station Order
Ring Station Config
active management of stations on ring
manager can send packets to particular stations on ring
remove, initialize, reconfigure, etc.
Source Routing Group
hop count for source-destination pairs
total frame in/out/through for ring
all routes or single route broadcast
RMON 2
Multilevel diagnostics
Upper level management tools
Address translation and duplicate IP detection
Interoperable probe configuration
Traffic flows per protocol per connection, per application
Uses directory structures instead of static filters
Augments rather than supercede RMON
Recent standard, with RMON Lite
SNMP and Switches
The return of switches: Ether and ATM
Switches hide and isolate traffic
Switches generate enormous amounts of traffic
Switches encourage the virtual
Switches are busy
Making SNMP work
Which devices to monitor
What information to collect
How to monitor
Diagnosing and correcting faults
Justifying cost
Common Management Information Protocol (CMIP)
Supports the OSI protocol stack
Object-oriented
Abstract data types, data encapsulation, inheritance
Connection-oriented and avoids polling
CMIP Model
Extends seven-layer OSI model to include managment information
CMIS are the services that are offered (as functions)
CMISE are the software routines that implement CMIS
CMIP is the protocol for the actual exchange of management info
Distributed management with domains and scoping
CMIP Services
Get - retrieves specific management information
Set - manipulates management information
Action - an imperative command (reboot, reset)
Create - create a new instance of a management object
Delete - deletes an instance of a management object
Event-report - reports extraordinary happenings
Managed Resources
Objects
Attributes that describe the object
Operations that an object can execute
Events the object can generate
Object classes can pass on properties to object instances - inheritance
MIBs and the Structure of Managed Information (SMI)
Managed Resources - Example
Object class - server
attributes (location, hardware, software version, etc.)
operations ( functions, reports , etc.)
events (errors, checkpoints, etc.)
Object instances
hp file server down the hall
engineering novell server
human resources database server
The Status of CMIP
Openview Network Management Architecture is CMIS oriented
OSI Network Management Forum looks at interoperability
DEAD