Chapter: Network Programming and Management : Simple Network Management
Simple Network Management Protocol
SIMPLE NETWORK MANAGEMENT PROTOCOL
The
operation that are supported in SNMP are the alteration and inspection of
variables. The three general purpose operations may be performed on scalar
objects.
•
Get : A
management station retrieves a scalar object value from a amanged station.
•
Set: A
management station updates a a scalar object value in a managed station.
•
Tap: A
managed station sends an unsolicited scalar object value to a management
station. Few points to understand in this respect are :
•
It is
not possible to change the structure of a MIB by adding or deleting object
instances – that is addition and deletion of a row of a table is not possible.
•
It is
not possible to issue commands for an action to be performed.
•
Access
is provided only to an leaf object in the object identifiertree.
•
It is
not possible to access an entire table or row of a table with one atomic
action. Communities and Community Names:
In SNMP network management, there are a number
of managed station that control its won MIB and there are a number of
management stations that access some of these agents‘ MIB as per its
requirement. Each MIB managed station controls its won local MIB and must be
able to control the use of that MIB by a number of management stations. There
are three aspects to this control.
•
Authentication
service : The managed station may wish to limit the access to the MIB to
authorized management stations only.
•
Access
Policy : The managed stations may wish to give different access privileges to
different management stations.
•
Proxy
Service : A managed station may act as a proxy to other managed stations. This
may involve implementing the authentication service and / or access policy for
the other managed systems on the proxy system.
An SNMP community is a relationship between an
SNMP agent and a set of SNMP managers that defines authentication, access
control and proxy characteristics. The managed system establishes one community
for each desired combination of authentication, access contro9l and proxy
characteristics. Each community is given a unique community name and the
management station within that community are provided with and must employ the
community name in all get and set opetations. The agent may establish a number
of communities with overlapping management station membership.
Authentication
Service: In the case of SNMP
message, the function of an authentication service would be to assure the recipient that the message is from the
source from which it claims to be. The scheme of authentication is that the
management station includes the community name which functions like a password.
This is although very trivial. But for sensitive application like set , this may trigger an
authentication procedure which may involve encryption and decryption procedure.
Access
Policy : BY defining a community,
the agent limits access to its MIB to a selected set of management stations. BY the use of more than one community, the
agent can provide different categories of MIB access to different management
stations. The two aspects of this control are :
•
SNMP MIB
view: a subset of objects with an MIB. Different MIB views may be defined for
each community.
•
SNMP
access control: an element of the set {READ-ONLY, READ-WRITE}. An access mode
is defined for each community.
The combination of a MIB view and an access mode is referred to as an SNMP community
profile. Thus a community profile consists of a defined subset of the MIB at
the agent, plus an access mode for those objects.
Proxy Service : Proxy
is an SNMP agent that acts on behalf of other devices. Typically other devices do not support SNMP. For each
devices that the proxy system represents, it maintains an S?NMP access policy.
Protocol Specification:
With
SNMP, information is exchanged between a management station and agent in the
form of an SNMP message. Each message includes a version number indicating the
version of SNM, a community name to be used for this exchange and one of five
types of protocol data units as shown below:
GetRequest, getNextRequest and setRequest PDU ‗s have the same format as the getResponse PDU with error-status and error-index fields set to zero. This
convention reduces by one the number of different PDU format with which the
SNMP entity must deal.
Details of fields are given below:
Version : SNMP version (RFC 1157 is version 1)
Community
: A pairing of an SNMP agent with some arbitrary set of SN?MP application
entities
Request-id
: Unique ID is provided for each request
Error-status: Indicates occurrence of exception while
processing a request.
noError
(0), tooBIg(1), noSuchNAme(2), badValues(3), readOnly(4), genErr(5)
error-index: When error status is nonzero, may provide additional information
by indicating
which variable in a list caused the exception.
Variable bindings: A list of variable names and
correcsponding values Enterprise : Type of object generating tap: based on
sysObjectID Agent-addr: Address of object generating trap.
Generic
trap: generic trap type: values are coldStart(0), warmStart(1), linkDown(2),
linkUp(3), authentication-Failure(4), egpNeighborLoss (5),
enterprise-Specific(6)
SpecificTrap: Specific trap code;
Time-stamp: Time elapsed between the last
initialization of the network entity and the generation of the trap.
Transmission of an SNMP message: Steps involved:
1. The PDU is constructed, using the ASN.1
structure defined in RFC 1157
2. This PDU is then passed to an authentication
service, together with the source and destination transport address and
community name. The authentication performs any required transformations for
this exchange, such as encryption or the inclusion of authentication code, and
returns the result.
3. The protocol entity then constructs a message,
consisting of a version field, the community name and the result from step 2
4. The new ASN.1 object is then encoded using the
basic encoding rules and passed to the transport service.
Related Topics