Chapter: Network Programming and Management : Simple Network Management
SNMP v2 Management Information
SNMP v2 MANAGEMENT INFORMATION
SNMPv2 is a major upgrade over SNMPv1 that
expands functionality of SNMP and broadens its applicability to include OSI
based as well as TCP/IP based networks. SNMPv1 based on SMI and MIB was quite
simple and easy to implement. However, it was not able to take care of the more
complex environment containing arbitrary resources and had very low security
features. Grouping based on the community name alone for security was
inadequate as an attacker can easily observe the message content and find the
community name. Because of this SNMPv1 was vulnerable to attacks that can
modify or disable a network configuration.
Two different working groups were formed - one
to deal with security aspects and other to deal with other aspects including
protocol management information. However, over a period of 4 eight years – 1992
- 1996 the issue of security implementation could not be worked out
satisfactorily. Hence the SNMPv2 was released without security enhancement.
SNMPv2 can support either a highly centralized
network management strategy or a distributed one. IN the latter case, some
systems operate in the role of both manager and agent. In its agent role, such
a system will accept commands from a superior management system; these commands
may deal with access to information stored locally at the intermediate manager
or may require the intermediate manager to provide summary information about
agents subordinate to itself.
The key enhancements to SNMPv2 are in the following category:
•
Structure of Management Information (SMI) : This deals with Object definition, Conceptual Tables, Notification
definition and information modules.
•
Manager to Manager to capability.
•
Protocol Operation.
IN this the macro used to define objects types
has been expanded to include several new data types and to enhance the
documentation associated with an object. A new convention has been provided for
creating and deleting conceptual rows in a table. SNMPv2 MIB contains basic
traffic information about operation of the SNMPv2 protocol. It includes two new
PDUs.
SNMPv3 : The
final form of SNMPv2 contains no provision for security. This deficiency is
removed in SNMPv3. The documents (RFC 2271,72,73,74, &75) define a set of
security capability and a framework that enables that set to be used with the
SNMPv2 or SNMPv1.
ABSTRACT SYNTAX NOTATION ONE (ASN.1)
ABSTRACT SYNTAX NOTATION ONE (ASN.1) IS A
FORMAL LANGUAGE FOR
ABSTRACTLY DESCRIBING MESSAGES TO BE EXCHANGED
AMONG
AN EXTENSIVE RANGE OF APPLICATIONS INVOLVING THE
INTERNET,
INTELLIGENT NETWORK, CELLULAR PHONES,
GROUND-TO-AIR
COMMUNICATIONS, ELECTRONIC COMMERCE, SECURE
ELECTRONIC
SERVICES, INTERACTIVE TELEVISION, INTELLIGENT
TRANSPORTATION SYSTEMS,
VOICE OVER IP AND OTHERS. DUE TO ITS
STREAMLINED ENCODING RULES, ASN.1
IS ALSO RELIABLE AND IDEAL FOR WIRELESS
BROADBAND AND OTHER RESOURCE-CONSTRAINED
ENVIRONMENTS.
EXAMPLE OF A MESSAGE DEFINITION SPECIFIED WITH ASN.1 NOTATION:
Report ::= SEQUENCE { author OCTET STRING,
title OCTET STRING, body OCTET
STRING,
}
REPORT" IS THE NAME OF THIS TYPE OF MESSAGE. SEQUENCE
INDICATES
THAT THE MESSAGE IS A SEQUENCE OF DATA ITEMS.
THE FUNDAMENTAL UNIT OF ASN.1 IS THE MODULE.
THE SOLE PURPOSE OF A
MODULE IS TO NAME A COLLECTION OF TYPE
DEFINITIONS AND/OR VALUE
DEFINITIONS (ASSIGNMENTS) THAT CONSTITUTE A
DATA SPECIFICATION. A TYPE
DEFINITION IS USED TO DEFINE AND NAME A NEW
TYPE BY MEANS OF A TYPE
ASSIGNMENT
AND A VALUE DEFINITION IS USED TO DEFINE AND
NAME A SPECIFIC VALUE,
WHEN IT IS NECESSARY, BY MEANS OF A VALUE
ASSIGNMENT.
THE FIGURE BELOW CONTAINS AN EXAMPLE MODULE. IT IS DEFINED AS A
MODULE REFERENCE INVENTORYLIST, FOLLOWED BY AN OPTIONAL
OBJECT IDENTIFIER VALUE 1 2 0 0 6 1 (SEE THE SIMPLE TYPES
SECTION.),
FOLLOWED BY THE KEYWORD DEFINITIONS,
FOLLOWED BY THE
OPTIONAL
TAG
DEFAULT (NOT INCLUDED IN THE EXAMPLE),
FOLLOWED BY
THE ASSIGNMENT CHARACTER
SEQUENCE ::= ,
FOLLOWED BY THE KEYWORDS BEGIN AND END BRACKETING THE MODULE
BODY
InventoryList {1 2 0 0 6 1} DEFINITIONS ::=
BEGIN
{
ItemId ::= SEQUENCE
{
partnumber IA5String, quantity INTEGER, wholesaleprice REAL,
saleprice REAL
}
StoreLocation ::= ENUMERATED
{
Baltimore (0), Philadelphia (1),
Washington (2)
}
}
ED
Figure:
Example of an ASN.1 module.
ASSIGNMENT:
A TYPE
ASSIGNMENT CONSISTS OF A TYPE REFERENCE (THE NAME OF THE TYPE), THE CHARACTER
SEQUENCE ::= (‘‘IS DEFINED AS’’), AND THE APPROPRIATE TYPE.
VALUE
ASSIGNEMENT gadget ItemId ::=
partnumber
quantity wholesaleprice
)
BUILT IN TYPE:
SN.1'S BUILT-IN SIMPLE TYPES ARE SHOWN IN THE FOLLOWING
TABLE . THE
UNIVERSAL CLASS NUMBER (TAG) AND A TYPICAL USE OF EACH TYPE ARE
ALSO INCLUDED.
Type BOOLEAN takes values TRUE and FALSE.
Usually, the type reference for BOOLEAN describes the true state.
TYPE INTEGER TAKES ANY OF THE INFINITE SET OF INTEGER VALUES. ITS
SYNTAX IS SIMILAR TO PROGRAMMING LANGUAGES SUCH AS C OR PASCAL. IT
HAS AN ADDITIONAL NOTATION THAT NAMES SOME OF THE POSSIBLE VALUES
OF THE INTEGER. FOR EXAMPLE,
ColorType ::= INTEGER
{
red (0)
white (1)
blue (2)
}
TYPE BIT STRING TAKES VALUES THAT ARE AN
ORDERED SEQUENCE OF ZERO OR
MORE BITS.
OCCUPATION ::= BIT STRING
{
clerk (0)
editor (1)
artist (2)
publisher (3)
}
Names
the first bit ``clerk", the second bit ``editor", and so on. Strings
of bits can then be written by listing the named bits that are set to 1. For
example, (editor, artist) and '0110'b are two representations for the same
value of ``occupation".
TYPE OCTET STRING TAKES VALUES THAT ARE
AN ORDERED
SEQUENCE OF ZERO OR MORE EIGHT-BIT OCTETS.
TYPE NULL
TAKES ONLY ONE VALUE, NULL. IT CAN BE USED AS A PLACE
MARKER,
BUT OTHER ALTERNATIVES ARE MORE COMMON.
TYPE OBJECT IDENTIFIER NAMES INFORMATION
OBJECTS (FOR EXAMPLE,
ABSTRACT SYNTAXES OR ASN.1 MODULES). THE TYPE
NOTATION REQUIRES THE
KEYWORDS OBJECT IDENTIFIER. THE NAMED
INFORMATION OBJECT IS A NODE ON
AN OBJECT IDENTIFIER TREE
THAT IS MANAGED AT THE INTERNATIONAL LEVEL. ISO,
CCITT, OR ANY
OTHER ORGANIZATION IS ALLOWED A SUBTREE WHICH
THE
ORGANIZATION DEFINES. ON EACH LEVEL J OF THE
OBJECT IDENTIFIER TREE, NODES ARE NUMBERED 0,1,2,.... A LIST OF POSITIVE
NUMBERS,
ENCLOSED IN BRACES AND ORDERED BY LEVEL
STARTING FROM THE ROOT,
UNIQUELY IDENTIFIES AN INFORMATION OBJECT AT A
NODE OF THE TREE. THIS
ORDERED LIST OF POSITIVE NUMBERS DELIMITED BY
BRACES IS THE VALUE
NOTATION FOR TYPE OBJECT IDENTIFIER.
the following figure illustrates the concept of an object
identifier tree. for example, in the subtree with root ``retailstores'' the
information object ``payroll'' has local value
0 6 2. more formally, if
CLOTHINGTYPE ::= OBJECT IDENTIFIER
THEN PAYROLL CLOTHINGTYPE ::= {0 6 2}.
IF THE RETAIL STORES ARE CONSIDERED AS PART OF AN INTERNATIONAL
``MEGACORP'' THEN 1 2 0 0 6 2 UNIQUELY IDENTIFIES ``PAYROLL''.
TYPE ENUMERATED IS SIMILAR TO THE INTEGER TYPE, BUT NAMES SPECIFIC
VALUES ONLY. FOR EXAMPLE,
ColorType ::= ENUMERATED
{
red (0)
white (1)
blue (2)
}
except that colortype can take only the values specifically in the
list; that is, no other values
than 0
for ``red", 1 for ``white", or 2 for ``blue".
type character string takes values that are
strings of characters from some defined (iso- or ccitt-registered) character
set.
STRUCTURED TYPES
ASN.1'S BUILT-IN STRUCTURED TYPES ARE SHOWN IN THE FOLLOWING TABLE.
THE UNIVERSAL CLASS NUMBER (TAG) AND A TYPICAL USE OF EACH TYPE ARE
ALSO INCLUDED.
Type SEQUENCE is an ordered list of zero or
more component types. The type notation requires braces around the list and
permits a local identifier preceding the list to act as the name of the
sequence type.
AirlineFlight ::=
SEQUENCE
{
airline IA5String,
flight NumericString,
seats SEQUENCE
{
maximum
INTEGE
R, occupied
INTEGE
R, vacant
INTEGE
R
},
airport
SEQUEN
CE
{
origin IA5String,
stop1 [0] IA5String
OPTIONAL, stop2 [1]
IA5String
OPTIONAL, destination
IA5String
},
crewsize
ENUMERATED
{
six (6),
eight (8),
ten (10)
},
cancel BOOLEAN DEFAULT FALSE}.
this
instance of airlineflight indicates that american airlines flight 1106 flies
non-stop from baltimore-washington airport to los angeles. the airplane
requires a crew of 10 people, has 320 seats, of which 107 are filled and 213
are empty. the flight is not canceled. two components, stop1 and stop2 of the
sequence type airport are tagged with the context- specific tags [0] and [1] to
avoid ambiguity due to consecutive optional components not having distinct
types. without the tags, the definition of airport would be invalid in asn.1.
type sequence of is similar to sequence, except
that all values in the ordered list must be of the same type. for example, the
seats type in the above example could be sequence of integer instead of
sequence.
type set takes values that are unordered lists
of component types. The
type and value notations for set are similar to
sequence, except that the type of each component must be distinct from all
others and the values can be in any order.
Person ::= SET
{
name IA5String,
age INTEGER,
female BOOLEAN
}.
TYPE SET OF TAKES VALUES THAT ARE UNORDERED
LISTS OF A SINGLE
TYPE. THE SEQUENCE TYPE EXAMPLE ABOVE WOULD BE
VALID IF THE
SEATS TYPE WERE SET OF INTEGER INSTEAD OF
SEQUENCE.
Type CHOICE takes one value from a specified
list of distinct types.
Prize ::= CHOICE
{
car IA5String,
cash INTEGER,
nothing BOOLEAN
}.
Type SELECTION enables the user to choose a
component type from a specified CHOICE type.
Winner ::= SEQUENCE
{
lastName VisibleString,
ssn VisibleString,
cash < Prize
}
Tagged
Type tagged is used to enable the receiving system to correctly decode values from several datatypes that a Protocol determines may be transmitted at any given time.
Its type notation consists of three elements: a user-defined tag,
followed by the value notation of the type being tagged.
The
user-defined tag consists of a class and class number contained in braces.
Class is universal, application, private, or context-specific. The universal
class is restricted to the asn.1
Particular organization or country.
Context-specific distinguishes members
of a sequence or set, the alternatives of a choice, or universally tagged set
members. Only the class number appears in braces for this data type; the term
coontext-specific does not appear.
Character String Types
The most common Character String Types are listed as follows:
Macros in ASN.1 are similar to macros in
application software, they provide the capability of defining types and values
that are not included in the standard repertoire One significant use of ASN.1
macros is in OSI application protocol standards, specifically for defining
remote operations and object classes. In this section, we include two macros,
ERROR and OPERATOR, that appear in the common service elements
<macro
name> MACRO ::= BEGIN
TYPE NOTATION ::= <user-defined type notation> VALUE NOTATION
::= <user-defined value notation>
<supportin
g syntax>
END
THE FOLLOWING ERROR MACRO DEFINED IN X.219 PROVIDES A
SPECIFIC INSTANCE OF THE GENERAL TEMPLATE.
ERROR MACRO ::= BEGIN
TYPE NOTATION ::= Parameter
VALUE NOTATION ::= value (VALUE CHOICE
{
localValue
INTEGE
R, globalValue OBJECT
IDENTIFIER
}
)
Parameter ::= ``PARAMETER'' NamedType | empty
NamedType ::= identifier type | type
END
IN THIS DEFINITION, DETAILS OF PARAMETER AND NAMEDTYPE ARE IN THE
SUPPORTING SYNTAX. PARAMETER CONSISTS OF THE KEYWORD `` PARAMETER'' FOLLOWED
BY A NAMED
TYPE; IT MAY
NOT HAVE
AN ENTRY.
THE VALUE NOTATION IS A CHOICE OF INTEGER OR
OBJECT
IDENTIFIER. THE DEFINITION
ALLOWS USERS TO DEFINE
OPERATION ERRORS. FOR EXAMPLE, THE ERROR MACRO IS USED IN
THE REMOTE OPERATIONS SERVICE ELEMENT (ROSE) OF A
FOLLOWING CHAPTER TO DEFINE BADQUEUENAME AS FOLLOWS:
BadQueueName
ERROR
PARAMETE
R
QueueName
::= 0
BadQueueName HAS TYPE ERROR, ONE PARAMETER
``queuename'' (IDENTIFIED
ELSEWHERE AS TYPE IA5STRING), AND VALUE 0. IN
THE REMOTE
OPERATION, ONLY THE VALUE 0 IS TRANSMITTED, THE
OTHER TERMS IN THE DEFINITION ARE FOR THE USER'S BENEFIT.
Related Topics