SNMP

(Simple Network Management

Protocol) based
Network Management
 Network Management: What is it?

Network management includes

deployment,integration and
coordination of the hardware, software,
and human elements to monitor, test,
poll, configure, analyze, evaluate and
control the network and element
resources to meet the real-time,
operational performance, and Quality of
service requirements at a reasonable
cost.
Network Management: Why is it needed?
Lowers costs by eliminating the need for
many administrators at multiple locations
performing the same function
Makes network administration and
monitoring easier and more convenient
Coherent presentation of data
 OSI Network Management Model

ISO/OSI network management model defines

a common frame of reference for network
management, and provides an excellent
framework for understanding the major
functions that NMSs perform.
The OSI network management model
incorporates the following five layers:
 Performance management
 Fault management
 Configuration management

Accounting management

Security management
 Functional Areas of Network Management
(According to OSI Network Management Model)

Performance Management – how smoothly is the network running

Fault Management - reactive and proactive network fault management
(deals with problems and emergencies in the network)

Configuration Management – keeping track of device settings and how

they function

Accounting Management - cost management and charge back

assessment
Security Management - SNMP (Version 1 and 2) doesn’t provide much
here
 In-Band Versus
Out-of-Band Management

When planning a distributed management solution,

consider the path that the management data must
take
There are two path options for network management
information—in-band and out-of-band
In-band management traffic travels along the network
data path
Out-of-band management traffic alerts travel on a
separate non-data path. An out-of-band management
solution supports communications between
management agents and the manager device,
regardless of the status of the data network
In band/Out band Management

Out-of-Band In Band Management

Management
N/w Management arch.
 Network Management Architectures

1) Management Entity
On the data collection end, two kinds of
activities occur within a management utility or
facility, called a management entity, whose job
is to provide access to management data,
controls, and behaviors:
1. Regular polling or sampling of management data
occurs, whereby the management entity
requests updates from managed devices to
reflect recent status of the network being
managed.
2. When alerts are received, appropriate responses
must be generated
 Network Management Architectures
(contd.)
2) Managed Device

A Managed device is a piece of network equipment

that resides on a managed network.

At each managed device, a special piece of

software(process) called a management agent
responds to polls for collected data, where the
management agent itself has custody of a
management database (MDB) of information that it
collects and maintains over time
Network Management Architectures (contd.)

3) N/w Management Protocol

The protocol runs between managing entity and the

managed device.

Allows the managing entity to query the status of the

managed devices .

Agents can use the network management protocol to

inform the managing entity of exceptional events.
 SNMP & The OSI Model

7 Application Layer Management and Agent APIs

SNMP
6 Presentation Layer ASN.1 and BER
5 Session Layer RPC and NetBIOS
4 Transport Layer TCP and UDP
3 Network Layer IP and IPX
2 Data Link Layer Ethernet, Token Ring, FDDI
1 Physical Layer
 Versions

•Two major versions SNMPv1, SNMPv2

•SNMPv1 is the recommended standard
•SNMPv2 has become split into:
•SNMPv2u - SNMPv2 with user-based security
•SNMPv2* - SNMPv2 with user-based security and additional features
•SNMPv2c - SNMPv2 without security
•SNMPv3 - Future
 Client Pull & Server Push

SNMP is a “client pull” model

The management system (client) “pulls” data from
the agent (server).

SNMP is a “server push” model

The agent (server) “pushes” out a trap message to a
(client) management system
 The Internet- Standard Management
Framework

SNMP is a tool (protocol) that allows for remote

and local management of items on the network
including servers, workstations, routers, switches
and other managed devices.
Comprised of agents and managers

•Agent - process running on each managed node collecting

information about the device it is running on.

•Manager - process running on a management workstation that

requests information about devices on the network.
 The Internet- Standard Management
Framework (contd.)
SNMP network management consists of four parts:
•Management Information Base (MIB)
•A map of the hierarchical order of all managed objects and
how they are accessed

•Structure of Management Information (SMI)

•Rules specifying the format used to define objects managed
on the network that the SNMP protocol accesses

•SNMP Protocol
•Defines format of messages exchanged by management
systems and agents.
•Specifies the Get, GetNext, Set, and Trap operations

•Security and administration capabilities

•The addition of these capabilities represents the major
enhancement in SNMPv3 over SNMPv2
Registered Tree
 MIB-2
MIB-II Standard Internet MIB
Definition follows structure given in SMI
MIB-II (RFC 1213) is current standard
definition of the virtual file store for SNMP
manageable objects
Has 10 basic groups
 system
 interfaces
 at
 ip
 icmp
 tcp

udp

egp

transmission

snmp
If agent implements any group then is has
to implement all of the managed objects
within that group
 Ports & UDP

•SNMP uses User Datagram Protocol (UDP) as the

transport mechanism for SNMP messages

Ethernet
Frame IP CRC
Packet
UDP
SNMP Message
Datagram

•Like FTP, SNMP uses two well-known ports to operate:

•UDP Port 161 - SNMP Messages

•UDP Port 162 - SNMP Trap Messages
 Four Basic Operations

•Get
Retrieves the value of a MIB variable stored on the agent machine
(integer, string, or address of another MIB variable)

•GetNext
Retrieves the next value of the next lexical MIB variable

•Set
Changes the value of a MIB variable

•Trap
An unsolicited notification sent by an agent to a management
application (typically a notification of something unexpected, like an error)
 Basic operations contd..
get_request
get_response port 161

get_next_request
get_response port 161

Manager set_request Agent

get_response port 161

trap
port 162 port 161
 Traps
•Traps are unrequested event reports that are sent to a
management system by an SNMP agent process
•When a trappable event occurs, a trap message is generated
by the agent and is sent to a trap destination (a specific,
configured network address)
•Many events can be configured to signal a trap, like a
network cable fault, failing NIC or Hard Drive, a “General
Protection Fault”, or a power supply failure
•Traps can also be throttled -- You can limit the number of
traps sent per second from the agent
•Traps have a priority associated with them -- Critical, Major,
Minor, Warning, Marginal, Informational, Normal, Unknown
 Trap Receivers
•Traps are received by a management application.
•Management applications can handle the trap in a few ways:
•Poll the agent that sent the trap for more information about the event, and
the status of the rest of the machine.
•Log the reception of the trap.
•Completely ignore the trap.
 Languages of SNMP

•Structure of Management Information (SMI)

specifies the format used for defining managed objects that are
accessed via the SNMP protocol

•Abstract Syntax Notation One (ASN.1)

used to define the format of SNMP messages and managed
objects (MIB modules) using an unambiguous data description
forma

•Basic Encoding Rules (BER)

used to encode the SNMP messages into a format suitable for
transmission across a network
 SNMP MESSAGE ENCODING
MANAGER ABSTRACT SYNTAX AGENT MIB

BER BER
TRANSFER SYNTAX
UDP UDP

IP IP

LINK LINK

THE DESCRIPTION OF MIBS AND MESSAGE

FORMATS IS BASED ON THE ASN.1 SYNTAX
THE MAPPING FROM AN ABSTRACT SYNTAX
UPON A TRANSFER SYNTAX IS DEFINED BY THE
BASIC ENCODING RULES (BER)
Basic Message Format

Message Length
Message Version Message Preamble
Community String

PDU Header

SNMP Protocol
Data Unit
PDU Body
variable
VARIABLEbindings:
BINDINGS

NAME 1 VALUE 1 NAME 2 VALUE 2 ••• ••• NAME n VALUE n

SNMP
SNMPPDU:
PDU

* REQUEST ERROR ERROR

PDU TYPE ID STATUS INDEX VARIABLE BINDINGS

SNMP
SNMPmessage:
MESSAGE

VERSION COMMUNITY SNMP PDU

 SNMP Agents
Two basic designs of agents

•Extendible Agents
•Open, modular design allows for adaptations to new
management data and operational requirements

•Monolithic Agents
•not extendible
•optimized for specific hardware platform and OS
 Remote Monitoring (RMON)
The RMON MIB is used to monitor and administer remote
segments of a distributed network

Within an RMON network monitoring data is defined by a set of

statistics and functions and exchanged between various
different monitors and console systems. Resultant data is used
to monitor network utilization for network planning and
performance-tuning, as well as assisting in network fault
diagnosis.

RMON places agents, called network probes, at various

locations on the distributed network

Probes are standalone devices that contain a NIC, a processor,

memory, and software
 Community Names
• A community string is a password that allows access to a network device.
It defines what "community of people" can access the SNMP information
that is on the device.
• Community names are used to define where an SNMP message is
destined for.
• Set up your agents to belong to certain communities.
• Set up your management applications to monitor and receive traps from
certain community names.
• There are actually three community strings for SNMP-speaking devices:
• The SNMP Read-only community string
• The SNMP Read-Write community string
• The SNMP Trap community string
 PROXY MANAGEMENT
MANAGER PROXY AGENT

A NODE MAY NOT SUPPORT SNMP, BUT MAY BE MANAGEABLE BY SNMP

THROUGH A PROXY AGENT RUNNING ON ANOTHER MACHINE

TERM HAS TRADITIONALLY BEEN USED FOR DEVICES THAT :


TRANSLATE BETWEEN DIFFERENT TRANSPORT DOMAINS

TRANSLATE BETWEEN DIFFERENT SNMP VERSIONS

TRANSLATE BETWEEN SNMP AND OTHER MANAGEMENT PROTOCOLS

AGGREGATE LOW LEVEL MANAGEMENT INFO INTO HIGH LEVEL INFO ETC

NOWADAYS THE TERM DENOTES A DEVICE THAT FORWARDS SNMP MESSAGES,

BUT DOESN’T LOOK AT THE INDIVIDUAL OBJECTS
 SNMP Consoles,
Tools, Utilities, and Key Files
There are many of these available, the lion’s
share of the market belongs to three products:
 HP Open View’s Network Node Manager

(NNM)
 IBM’s Tivoli Net View

 Computer Associates’ Unicenter TNG

There are also many smaller utilities that are

helpful when supporting a management system
(Novell ManageWise, Sun MicroSystems Solstice, Microsoft SMS Server, Compaq Insight
Manger, SnmpQL - ODBC Compliant,Empire Technologies,CincoNetworks NetXray,SNMP
Collector Win9X/NT,Observer)
 Architecture of NSM Products
NSM products are made up of three layers:
WorldView Layer: repository for the graphical
visualization of the enterprise.

COR

Real World Interface

Worldview Application Interface
Manager Layer:

Agent Technology: Contains the agent facilities that monitor and
determine the state of enterprise
 Enterprise Management: A collection of integrated managers
that control and automate a variety of functions and responses
within the enterprise
Agent Technology Layer: Agents gather information from
enterprise through remote access monitoring and control
resource. Agents reside on or near managed objects and
provide information to a management application.
Following steps outline what occurs architecturally when an
agent detects a threshold breach on the device it is monitoring:

•Agent identifies a threshold has been crossed for a resource it is

monitoring. It passes this information to the SNMP administrator by way of
the Distributed Services Bus.
•The SNMP administrator takes the information from the Agent, encodes an
SNMP Trap Protocol Data Unit and send it to the Manager.
•The SNMP Gateway receives the Trap PDU, decodes it, and sends it to
the Manager by way of DSB.
•The Manager determines if the alert represents a change in status for the
resource and, if so, passes the status update to the WorldView Gateway by
way of DSB.
•The WorldView Gateway then updates the status of the managed object in
the COR.
 About NSM Products
•Supports management of multiple distributed domains. Each server can import
the map of one or more servers.
•Provides both local and remote access using the Remote Console Component.
•Polling agents perform discovery of locally attached devices.
•Supports a multi-level hierarchy map. Each hierarchy can represent
cities, buildings or sub networks.
•Automatically lays out each map network as a tree, ring, or snaked
bus topology.
•Each map object uses a device specific or user selected icon, and the
object color indicates the device status
•Automatically generates scheduled daily, weekly and monthly statistic
reports. Report format include graph, bar chart, distribution,and
summary and can be exported to a variety of destinations.
EXAMPLE NETWORK
 Advantages of using SNMP
Standardized
universally supported
extendible
portable
allows distributed management access
lightweight protocol
THANK YOU