Shulou(Shulou.com)06/02 Report--

This article is to share with you about the basic concepts related to SNMP, the editor thinks it is very practical, so I share it with you to learn. I hope you can get something after reading this article.

I. the concept of network management

In the narrow sense, the network management only refers to the network traffic management, while in the broad sense, the network management refers to the system management of the network. Network management functions can be summarized as OAM&P, that is, various activities required by the operation of the network (Operation), processing (Administration), maintenance (Maintenance), service provision (Provisioning) and so on. Sometimes the first three are considered, that is, the network management function is attributed to OAM.

The following terms are commonly used in network management:

L Network element (network element)

A specific communication device or logical entity in the network, also known as the network element.

L object (object)

Identifiable resources with certain information characteristics in the field of communication and information processing. It should be noted, however, that the "objects" used here are not exactly the same as those defined in object-oriented systems.

L managed object (managed object)

Managed object refers to the abstract representation of network resources that can be managed and controlled by management protocols. For example, an entity of a layer or a connection.

L Management Information Base MIB

MIB is an important component of a network management system, which consists of many managed objects and their attributes in a system. The concept of MIB is actually a virtual database. This database provides information about managed network elements, which is shared by the management process and the various agent processes. MIB is used by both the management process and the various agent processes.

L Integrated Network Management INM

Use a unified approach to manage computer hardware and software resources produced by multiple vendors in a heterogeneous network. This is also known as integrated network management.

II. Related concepts of SNMP

The basic functions of SNMP include monitoring network performance, detecting and analyzing network errors and configuring network devices. When the network is working properly, SNMP can realize the functions of statistics, configuration and testing. When the network fails, all kinds of error detection and recovery functions can be realized.

Several important concepts in SNMP:

L manage processes (NMS)

In addition to asking the agent process for certain parameter values, the management process can also change the parameter values of the agent process as required. Responsible for sending requests and receiving trap messages sent by the agent process.

L Principal Agent (proxy agent)

Provide resource information for devices without SNMP services, and principal agents can provide aggregation functions such as protocol conversion and filtering operations. Then entrust the agent to manage the management object.

L Agent process (Agent)

The software related to the managed device and management is called the agent or the agent process. There are two ways to manage communication between a process and an agent process. One is that the management process sends a request to the agent process asking for a specific parameter value. Another way is for the agent process to actively report to the management process that some important events have occurred.

Lcommunity (Community)

In fact, the community is used to achieve identity authentication between management application entities, which can be understood as a login account with permissions, which is an important credential to access network devices. If community is public and its permissions are read-only, you can view data about records as soon as you log in with this user. If its permissions are read-write, you have the right to modify some of these settings, such as blocking the port of a switch. By default, public is used as the read-only community and private as the read-write community.

LMIB (Management Information Base)

It is called a management information base and contains all the parameters that can be queried and modified for all agent processes.

LSMI (Structure of Management Information)

Called Management Information structure, it is a set of common structures and representation symbols of MIB. SMI defines a set of rules for device maintenance that are used to name and encode managed objects.

LOID (object Marker)

It is a series of dotted symbols based on SMI (Structure of Management Information) management information structure. These dotted symbols uniquely identify a data parameter in any network device. Their collection is what we call the MIB (Management Information Base) management information base.

III. SNMP communication mode

The SNMP agent and the management station communicate through standard messages in the SNMP protocol, each of which is a separate Datagram. SNMP uses UDP (user Datagram Protocol) as the layer 4 protocol (transport protocol) for connectionless operations. SNMP specifies five types of protocol messages (that is, SNMP messages) for the exchange between management processes and agents.

The whole system must have a management station (management station), which is actually a network control center. Run the management process within the management station. There must be an agent process in every managed object. The management process and the agent process communicate using SNMP messages, while SNMP messages are transmitted using UDP. There are two ways to manage communication between a process and an agent process. One is that the management process sends a request to the agent process, asking or setting a specific parameter value, called Polling;, while the other is that the agent process actively reports the occurrence of some important events to the management process, which is called Trap. The default agent listening port in SNMP is 161and the port that receives trap is 162.

There are two hosts and a router in the figure. The shaded parts of these protocol stacks are originally owned by these hosts and routers, while the unshaded parts are added for network management.

Sometimes the network management protocol cannot control certain network elements, for example, the network element uses a different network management protocol. Principal agent (proxy agent) can be used at this time.

IV. SNMP security

SNMPv1 uses the field of "community" as the authentication password of the management process and agent process, and only has the corresponding "community name" to have access, which is only a simple plaintext exchange; the security mechanism of SNMPv2 has no essential improvement; SNMPv3 has proposed a new security mechanism, as well as a set of special network security and access control rules.

There are three community names: read-only, read-write, and trap. By default, public gets read-only and private gets read-write permission.

5. SNMP operation

There are mainly five kinds of messages in SNMP protocol: get, get-next, set and get-response,trap.

Lget-request operation: extract one or more parameter values from the agent process

Lget-next-request operation: extract the next parameter value immediately following the current parameter value from the agent process

Lset-request operation: sets one or more parameter values for the agent process

Lget-response operation: one or more parameter values returned. This action is issued by the agent process and is a response to the first three operations.

Ltrap operation: an active message sent by the agent process to notify the management process that something has happened.

The first three messages are sent by the management process; the latter two are sent by the agent process. On the agent process side, the familiar port 161is used to receive get or set messages, while on the management process side, the familiar port 162is used to receive trap messages.

The following five SNMP operations are explained in detail.

(1) get-request operation

The management station needs to actively read the value of the management object to the agent to obtain the operation data and management information of the device or network, and then plan the network management. SNMP does not support reading one table or one row of data in a table at a time. However, when you need to read multiple data, it will increase the burden on the network if you read it multiple times, so Get-Request supports submitting multiple object identifiers (OID) at a time to get their values at once and improve network utilization.

(2) get-next-request operation

SNMP does not support reading one table or one row of data at a time, and Get-Next-Request provides an easy way. If you Get-Next-Request an OID, you will receive the instance ID of the next readable object, and then the Get-Next-Request will get the next instance ID. If you continue to execute it, you will be able to read the whole table. On the one hand, the implementation of Get-Next-Request is simple, but there is inevitably a big problem when reading the data in the table. The data in the table is in behavioral units, and each row consists of several columns. If you read a row of data, you should read each column of this row, but the Get-Next-Request table of SNMP is the first column followed by a row, that is to say, read all the row data in the first column first, and then read all the rows in the next column. In this way, the client needs to do a lot of work. On the other hand, this obviously transmits a lot of unnecessary data and wastes bandwidth. Like Get-Request, Get-Next-Request can bind multiple OID or instance identifiers in PDU to improve efficiency. Similarly, in the case of binding multiple OID, the PDU of the corresponding Get-Response will also return the next available instance identifier or corresponding error for each OID. Binding multiple OID can be more efficient than performing a single Get-Next-Request.

(3) set-request operation

In network management, it is sometimes necessary to reconfigure some parameters, configuration and status of the equipment. A remote management mechanism is needed, as is the case with Set-Request. Set operation can perform set operations on objects with permissions of write-only and read-write in MIB.

Although the set operation provides a convenient way to change the configuration, SNMP does not directly provide operations to operate remote devices. But this does not mean that SNMP does not have this capability, and we can achieve this performance indirectly with the help of Set-Request operations. The device defines an operating object through MIB, the type is write-only or read-write, and the agreed operation takes a value, and NMS can set the object. After the device knows that the value of the object has changed in its own way, it can perform the operation according to the meaning of the value of the object, so as to realize remote control.

The set operation also allows you to provide several set objects and values at a time to manipulate multiple objects in a PDU. The successful reply package of the set operation contains the latest value of the set object (that is, the set value).

(4) get-response operation

GetResponse responds to get, set and getNext, which are passively generated and sent out by agent. When the operation is executed successfully, the GetResponsePDU contains the object oid and their values that are requested in the operation. As mentioned earlier, the first three operations all support binding multiple objects in a PDU, and the corresponding GetResponse response also contains the value of the corresponding variable. For failed operations, GetResponse needs to mark the corresponding error code in PDU. GetResponse does not operate on the request-id domain in the request packet and returns the original number, so that the requester can accurately match the response packet with the request packet, and it can also be used as a basis for the request and receiver to verify duplicate packets.

When the operation is successful, the error-status value is noError,error-index 0. Fill in the value field of the variable in variablebindings with the corresponding value.

When the operation fails, error-status is the corresponding error code, and if the error is caused by an object in the variablebindings group, error-index is the index of that object in variablebindings.

(5) trap operation

The first three operations of SNMP are initiated by NMS actively. There are a large number of devices in the network, and it takes some time for NMS to take a turn. If the device has an important state change, by the time the next round-robin arrives, it may have lost real-time performance, and NMS can not grasp the device data or state changes in time. On the other hand, considering the occupation of the network, it is impossible to round-robin the device at a very small interval. Therefore, a mechanism is needed to enable the device to issue alarms independently, notify changes in status or configuration, and other important events. Trap is a proactive alarm PDU issued by agent, notifying NMS of important changes.

Five common types of Trap are defined in RFC 1157 for alerting these common network states. A custom type is also provided, and a PDU unit provides subcode of the custom Trap for implementers of the SNMP to define and send their own Trap.

On the other hand, but Trap also has some problems, because SNMP uses UDP, connectionless datagrams, Trap may not be passed to NMS, on the other hand, agent does not know whether NMS receives Trap. In addition, sending Trap is generally caused by an important state, in some cases, the system has a catastrophic failure, resulting in the Trap can not be sent, such as system crash, network failure and so on. Therefore, a network management system should comprehensively use these operations and complement each other in order to establish a reliable management system. Relying on each operation alone is one-sided.

RFC does not mention how to judge whether SNMP is lost, but common sense judgment can be made according to the characteristics of TCP/IP protocol, such as GetRequest and GetNextRequest. If you do not receive the GetResponse reply packet of agent within a set time, you can think that GetRequest, GetNextRequest or GetResponse is lost, and you can try the next request until there is a result or no reply to give up. For SetRequest, after executing the SetRequest, you can send a GetRequest query to see if the set was successful. Because Trap is an one-way Datagram, there is no reply, and there is no way to judge whether it is successfully sent to the destination. It needs to be detected by the active round robin of NMS.

In v2 and v3 versions, some changes have been made to the operation of SNMP and other operations have been added to enhance security. For example, the PDU structure of SNMP v2-Trap is the same as GetRequest, GetNextRequest, SetRequest and InformRequest, rather than having its own special format in v1. InformRequest: the management station reports the reported message to another management station. InformRequest is a new operation introduced by SNMP v2, which is initiated by the management station and reports status or data to another management station. Unlike Trap, InformRequest needs to be answered by the receiver. GetBulkRequest: the operation of the management station to read several rows from the table to the agent. VI. Message format in SNMP

The SNMP messages of the five operations are encapsulated into UDP Datagram format. It can be seen that a SNMP message consists of three parts, namely, the public SNMP header, the get/set header trap header, and variable binding.

(1) Public SNMP header

There are three fields:

L version

Integer, the version number minus 1 is written into the version field, so the value of the first edition is 0, the value of the second edition is 1, and the value of the third edition is 2. The default value is 0, which is the first edition.

L Community (community)

A community is a string that serves as a plaintext password between the management process and the agent process, commonly used as a six-character "public".

LPDU Typ

According to the type of PDU, fill in a number in 0q4, and the corresponding relationship is shown in Table 2.

Table 2 PDU types

PDU Typ

Name

0

Get-request

one

Get-next-request

two

Get-response

three

Set-request

four

Trap

(2) get/set header

L request identifier (request ID)

This is an integer value set by the administrative process. The agent process also returns this request identifier when sending a get-response message. The management process can send get messages to many agents at the same time, all of which are sent using UDP, and those sent first may arrive later. A request identifier is set to enable the management process to identify which request message the returned response message is for.

L error status (error status)

When answered by the agent process, fill in a number in 0room5, as described in Table 3.

Table 3 error status description

Error state

First name

Description

0

NoError

Everything's fine.

one

TooBig

The agent was unable to load the answer into a SNMP message

two

NoSuchName

The operation indicates a variable that does not exist

three

BadValue

An set operation indicates an invalid value or invalid syntax

four

ReadOnly

The administrative process attempted to modify a read-only variable

five

GenErr

Some other mistake.

L error Index (error index)

An integer set by the agent process in response to an error of noSuchName, badValue, or readOnly that indicates the offset of the variable with the error in the list of variables.

(3) trap header

L Enterprise (enterprise)

The object identifier of the network device that filled in the trap message. This object identifier must be on a subtree under the enterprise node {1.3.6.1.4.1} on the object naming tree in figure 3.

Ltrap Typ

The official name of this field is generic-trap, which is divided into seven categories in Table 4.

Table 4trap type description

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.