Simple Network Management Protocol (SNMP)
SNMP is a protocol for managing just about any sort of device that can
be attached to a TCP/IP network. The requirements for the managed devices
are kept minimal to ensure that even small devices can be managed. To "manage"
means to monitor, configure, shutdown, restart, etc.
To manage an internet you must manage the routers, bridges, computers,
printers, etc. Since these devices can be on different physical networks
(e.g. token ring and Ethernet) in different places, the management protocol
must be a higher level protocol (higher than data link level). SNMP
sits on top of a transport protocol (UDP) for this reason.
Advantages to this scheme:
-
one protocol works for all devices that speak IP (uniformity)
-
devices may be anywhere on the net (no need for a direct connection with
managing node)
Disadvantages to this scheme:
-
the lower layers must be working for SNMP to work (devices may be unreachable
when in trouble)
Elements in the SNMP model
-
Managed nodes - anything with an IP connection
-
Management stations - where the software runs, almost always a general
purpose workstation
-
Management information - what the nodes maintain
-
A management protocol - how the nodes and management stations talk to each
other
Each device being managed runs a manager agent, or server. The person
who manages uses a client. Nice clients are graphical. The complexity
is in the management stations; the servers in the nodes are kept as simple
as possible.
Management Data
The form of the data held by each device is specified in the MIB (management
information base). The form of the MIB is standardized so that queries
can be device independent.
Each piece of data held in the MIB is known as an object (but no particular
relation to OO objects). Some examples of the objects kept in the MIB are:
system.sysUpTime time since last reboot
interfaces.ifNumber number of network interfaces
interfaces.ifMtu value of MTU for an interface
ip.ipRoutingTable the IP routing table
tcp.tcpRtoMin minimum TCP retransmission
time
The objects stored in a MIB are defined and referenced using the ISO ASN.1
(Abstract Syntax Notation). ASN.1 specifies a means of creating a
global, absolute, hierarchical name space. Different organizations have
control over different parts of the space. Each level has a number, so
the name of a variable could be textual or a string of numbers.
<figure 7-32 Tanenbaum shows the name space>
root
ccitt
iso
standard
registration authority
member-body
identified-organization
dod
internet
directory
mgmt
experimental
private
security
snmpv2
joint-iso-ccitt
The categories of information in iso.identified-organization.dod.internet.mgmt
are:
system - name, location, description of device
interfaces - network interfaces and their measured traffic
ip - IP packet statistics
icmp - ICMP messages
tcp, udp, egp - statistics on these protocols
Each node in the tree has a number, and you can describe an object with
names, numbers or a mixture of the two. For example:
iso.org.dod.internet.mgmt.mib.ip.ipInReceives
1.3.6.1.2.1.4.3
are both valid names for te ipInReceives variable in the MIB. See
the file /etc/snmp.mib for the ASN.1 definition of the MIB.
ASN.1 (or a subset of it) is also used to transfer information between
heterogeneous machines. An encoding standard is used called Basic Encoding
Rules.
The groups of objects in the MIB (e.g. ip, tcp, system) are of various
types:
Counter32 - 32 bit unsigned counter that wraps
Gauge32 - 32 bit unsigned counter that sticks (doesn't wrap)
TimeTicks - hundredths of a second since some epoch
BIT STRING - 1 to 32 bits
OCTET STRING - variable length byte string
Reporting
Most data is gathered by the management station polling the agents. However,
agents may report interesting events to management stations which are registered
with them. The information is kept to a minimum to reduce network traffic.
If a management station wants to know more about the event it polls the
agent to find out more. Such agent-initiated events are known as traps
and include
coldStart, warmStart, linkDown, linkUp
Some agents aren't smart enough to report on their own. A proxy agent may
talk to them and report for them.
Protocol
The SNMP protocol is quite simple:
Get-request - gets an objects value
Get-next-request - gets the next objects value
Get-bulk-request - fetches a large table
Set-request - set an objects value
Inform-request -
SnmpV2-trap -
The SNMP protocol doesn't use the kinds of commands you might expect (add/delete
routes, disable/enable interface, reboot, etc) but forces everything into
a fetch/store paradigm. This promotes simplicity and stability of
the protocol.
To reboot, you store a value into the MIB which is the timeToNextReboot
variable.
Commands
snmpstat
Available on most UNIX platforms. A simple command line client that
lets you query agents and manipulate MIBs.
Examples of use
This comes from Marking
an interface down
Suppose that a PPP interface attached to a router named paris is reporting
many errors. The administrator can mark the link as being "down'' while
the phone company checks the line. SNMP can be used to do this remotely.
First, the error count can be obtained with snmpstat.
# snmpstat -i paris public
Interface statistics
Type InOctet InPckts
InErrs IfMtu
Name Address
Speed OutOctet OutPckts OutErrs
OutQlen
net1 paris
enetv2 18952186 18239 7036
1500
02000000ec6c
10000000 4392148 4183 147
0
lo0 localhost
loop 5832 64
0 2048
0 5832
64 0
0
ppp0 paris
ppp 3682304 14384
4800 296
9600 2122240 8290
2138 0
Next, the interface can be marked as being ``down'' using setany.
# setany paris public ifAdminStatus.3 -i 2
Name: ifAdminStatus.3
Value: 2
When the line is repaired, the interface can be reactivated in a similar
fashion.