network management - from book .pdf

Full Transcript

CHAPTER 28 Network Management: SNMP We can define network management as monitoring, testing, configuring, and trouble- shooting network components to meet a set of requirements defined by an organiza- tion. These requirements include the smooth, efficient operation of the n...

CHAPTER 28 Network Management: SNMP We can define network management as monitoring, testing, configuring, and trouble- shooting network components to meet a set of requirements defined by an organiza- tion. These requirements include the smooth, efficient operation of the network that provides the predefined quality of service for users. To accomplish this task, a network management system uses hardware, software, and humans. In this chapter, first we briefly discuss the functions of a network management system. Then we concentrate on the most common management system, the Simple Network Management Protocol (SNMP). 28.1 NETWORK MANAGEMENT SYSTEM We can say that the functions performed by a network management system can be divided into five broad categories: configuration management, fault management, per- formance management, security management, and accounting management, as shown in Figure 28.1. Figure 28.1 Functions ofa network management system Functions of a network management system I I I I I I Configuration Fault Performance Security Accounting management management management management management ~ Reconfiguration ~Reactive -Capacity '--Documentation '-- Proactive f--Traffic ~Throughput '--,Response time 873 874 CHAPTER 28 NETWORK MANAGEMENT: SNMP Configuration Management A large network is usually made up of hundreds of entities that are physically or logically connected to one another. These entities have an initial configuration when the network is set up, but can change with time. Desktop computers may be replaced by others; application software may be updated to a newer version; and users may move from one group to another. The configuration management system must know, at any time, the status of each entity and its relation to other entities. Configuration management can be divided into two subsystems: reconfiguration and documentation. Reconfiguration Reconfiguration, which means adjusting the network components and features, can be a daily occurrence in a large network. There are three types of reconfiguration: hardware reconfiguration, software reconfiguration, and user-account reconfiguration. Hardware reconfiguration covers all changes to the hardware. For example, a desk- top computer may need to be replaced. A router may need to be moved to another part of the network. A subnetwork may be added or removed from the network. All these need the time and attention of network management. In a large network, there must be specialized personnel trained for quick and efficient hardware reconfiguration. Unfortu- nately, this type of reconfiguration cannot be automated and must be manually handled case by case. Software reconfiguration covers all changes to the software. For example, new software may need to be installed on servers or clients. An operating system may need updating. Fortunately, most software reconfiguration can be automated. For example, updating an application on some or all clients can be electronically downloaded from the server. User-account reconfiguration is not simply adding or deleting users on a system. You must also consider the user privileges, both as an individual and as a member of a group. For example, a user may have read and write permission with regard to some files, but only read permission with regard to other files. User-account reconfiguration can be, to some extent, automated. For example, in a college or university, at the begin- ning of each quarter or semester, new students are added to the system. The students are normally grouped according to the courses they take or the majors they pursue. Documentation The original network configuration and each subsequent change must be recorded meticulously. This means that there must be documentation for hardware, software, and user accounts. Hardware documentation normally involves two sets of documents: maps and specifications. Maps track each piece of hardware and its connection to the network. There can be one general map that shows the logical relationship between each subnet- work. There can also be a second general map that shows the physical location of each subnetwork. For each subnetwork, then, there is one or more maps that show all pieces of equipment. The maps use some kind of standardization to be easily read and under- stood by current and future personnel. Maps are not enough per se. Each piece of hard- ware also needs to be documented. There must be a set of specifications for each piece SECTION 28.1 NETWORK MANAGEMENT SYSTEM 875 of hardware connected to the network. These specifications must include information such as hardware type, serial number, vendor (address and phone number), time of purchase, and warranty information. All software must also be documented. Software documentation includes informa- tion such as the software type, the version, the time installed, and the license agreement. Most operating systems have a utility that allows the documentation of user accounts and their privileges. The management must make sure that the files with this information are updated and secured. Some operating systems record access privileges in two docu- ments; one shows all files and access types for each user; the other shows the list of users that have a particular access to a file. Fault Management Complex networks today are made up of hundreds and sometimes thousands of compo- nents. Proper operation of the network depends on the proper operation of each component individually and in relation to each other. Fault management is the area of network management that handles this issue. An effective fault management system has two subsystems: reactive fault manage- ment and proactive fault management. Reactive Fault Management A reactive fault management system is responsible for detecting, isolating, correcting, and recording faults. It handles short-term solutions to faults. The first step taken by a reactive fault management system is to detect the exact location of the fault. A fault is defined as an abnormal condition in the system. When a fault occurs, either the system stops working properly or the system creates excessive errors. A good example of a fault is a damaged communication medium. This fault may interrupt communication or produce excessive errors. The next step taken by a reactive fault management system is to isolate the fault. A fault, if isolated, usually affects only a few users. After isolation, the affected users are immediately notified and given an estimated time of correction. The third step is to correct the fault. This may involve replacing or repairing the faulty component(s). After the fault is corrected, it must be documented. The record should show the exact location of the fault, the possible cause, the action or actions taken to correct the fault, the cost, and time it took for each step. Documentation is extremely important for several reasons: o The problem may recur. Documentation can help the present or future administrator or technician solve a similar problem. o The frequency of the same kind of failure is an indication of a major problem in the system. If a fault happens frequently in one component, it should be replaced with a similar one, or the whole system should be changed to avoid the use of that type of component. o The statistic is helpful to another part of network management, performance management. 876 CHAPTER 28 NETWORK MANAGEMENT: SNMP Proactive Fault Management Proactive fault management tries to prevent faults from occurring. Although this is not always possible, some types of failures can be predicted and prevented. For example, if a manufacturer specifies a lifetime for a component or a part of a component, it is a good strategy to replace it before that time. As another example, if a fault happens frequently at one particular point of a network, it is wise to carefully reconfigure the network to prevent the fault from happening again. Performance Management Performance management, which is closely related to fault management, tries to monitor and control the network to ensure that it is running as efficiently as possible. Performance management tries to quantify performance by using some measurable quantity such as capacity, traffic, throughput, or response time. Capacity One factor that must be monitored by a performance management system is the capacity of the network. Every network has a limited capacity, and the performance management system must ensure that it is not used above this capacity. For example, if a LAN is designed for 100 stations at an average data rate of2 Mbps, it will not operate properly if 200 stations are connected to the network. The data rate will decrease and blocking may occur. Traffic Traffic can be measured in two ways: internally and externally. Internal traffic is mea- sured by the number of packets (or bytes) traveling inside the network. External traffic is measured by the exchange of packets (or bytes) outside the network. During peak hours, when the system is heavily used, blocking may occur if there is excessive traffic. Throughput We can measure the throughput of an individual device (such as a router) or a part of the network. Performance management monitors the throughput to make sure that it is not reduced to unacceptable levels. Response Time Response time is normally measured from the time a user requests a service to the time the service is granted. Other factors such as capacity and traffic can affect the response time. Performance management monitors the average response time and the peak-hour response time. Any increase in response time is a very serious condition as it is an indi- cation that the network is working above its capacity. Security Management Security management is responsible for controlling access to the network based on the predefined policy. We discuss security and in particular network security in Chap- ters 31 and 32. SECTION 28.2 SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) 877 Accounting Management Accounting management is the control of users' access to network resources through charges. Under accounting management, individual users, departments, divisions, or even projects are charged for the services they receive from the network. Charging does not necessarily mean cash transfer; it may mean debiting the departments or divisions for budgeting purposes. Today, organizations use an accounting management system for the following reasons: o It prevents users from monopolizing limited network resources. o It prevents users from using the system inefficiently. o Network managers can do short- and long-term planning based on the demand for network use. 28.2 SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) The Simple Network Management Protocol (SNMP) is a framework for managing devices in an internet using the TCPIIP protocol suite. It provides a set of fundamental operations for monitoring and maintaining an internet. Concept SNMP uses the concept of manager and agent. That is, a manager, usually a host, controls and monitors a set of agents, usually routers (see Figure 28.2). Figure 28.2 SNMP concept Agent variables Manager ---,....,-- 1------.-'1;':' Internet Agent :1 SNMP is an application-level protocol in which a few manager stations control a set of agents. The protocol is designed at the application level so that it can monitor devices made by different manufacturers and installed on different physical networks. In other words, SNMP frees management tasks from both the physical characteristics of the managed devices and the underlying networking technology. It can be used in a heterogeneous internet made of different LANs and WANs connected by routers made by different manufacturers. 878 CHAPTER 28 NETWORK MANAGEMENT: SNMP Managers and Agents A management station, called a manager, is a host that runs the SNMP client program. A managed station, called an agent, is a router (or a host) that runs the SNMP server program. Management is achieved through simple interaction between a manager and an agent. The agent keeps performance information in a database. The manager has access to the values in the database. For example, a router can store in appropriate variables the number of packets received and forwarded. The manager can fetch and compare the values of these two variables to see if the router is congested or not. The manager can also make the router perform certain actions. For example, a router periodically checks the value of a reboot counter to see when it should reboot itself. It reboots itself, for example, if the value of the counter is O. The manager can use this feature to reboot the agent remotely at any time. It simply sends a packet to force a 0 value in the counter. Agents can also contribute to the management process. The server program running on the agent can check the environment, and if it notices something unusual, it can send a warning message, called a trap, to the manager. In other words, management with SNMP is based on three basic ideas: 1. A manager checks an agent by requesting information that reflects the behavior of the agent. 2. A manager forces an agent to perform a task by resetting values in the agent database. 3. An agent contributes to the management process by warning the manager of an unusual situation. Management Components To do management tasks, SNMP uses two other protocols: Structure of Management Information (SMI) and Management Information Base (MIB). In other words, man- agement on the Internet is done through the cooperation of the three protocols SNMP, SMI, and MIB, as shown in Figure 28.3. Figure 28.3 Components ofnetwork management on the Internet Management I SNMP 8MI I MIB I Let us elaborate on the interactions between these protocols. RoleofSNMP SNMP has some very specific roles in network management. It defines the format of the packet to be sent from a manager to an agent and vice versa. It also interprets the SECTION 28.2 SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) 879 result and creates statistics (often with the help of other management software). The packets exchanged contain the object (variable) names and their status (values). SNMP is responsible for reading and changing these values. SNMP defines the format of packets exchanged between a manager and an agent. It reads and changes the status (values) of objects (variables) in 8NMP packets. Role ofSMI To use SNMP, we need rules. We need rules for naming objects. This is particularly important because the objects in SNMP form a hierarchical structure (an object may have a parent object and some children objects). Part of a name can be inherited from the parent. We also need rules to define the type of the objects. What types of objects are handled by SNMP? Can SNMP handle simple types or structured types? How many simple types are available? What are the sizes of these types? What is the range of these types? In addition, how are each of these types encoded? We need these universal rules because we do not know the architecture of the com- puters that send, receive, or store these values. The sender may be a powerful computer in which an integer is stored as 8-byte data; the receiver may be a small computer that stores an integer as 4-byte data. SMI is a protocol that defines these rules. However, we must understand that SMI only defines the rules; it does not define how many objects are managed in an entity or which object uses which type. SMI is a collection of general rules to name objects and to list their types. The association of an object with the type is not done by SMI. 8MI defines the general rules for naming objects, defining object types (including range and length), and showing how to encode objects and values. 8M1 does not define the number of objects an entity should manage or name the objects to be managed or define the association between the objects and their values. Role ofMIB We hope it is clear that we need another protocol. For each entity to be managed, this protocol must define the number of objects, name them according to the rules defined by SMI, and associate a type to each named object. This protocol is MIB. MIB creates a set of objects defined for each entity similar to a database (mostly metadata in a data- base, names and types without values). :MIB creates a collection of named objects, their types, and their relationships to each other in an entity to be managed. An Analogy Before discussing each of these protocols in greater detail, we give an analogy. The three network management components are similar to what we need when we write a program in a computer language to solve a problem. 880 CHAPTER 28 NETWORK MANAGEMENT: SNMP Before we write a program, the syntax of the language (such as C or Java) must be predefined. The language also defines the structure of variables (simple, structured, pointer, and so on) and how the variables must be named. For example, a variable name must be 1 to N characters in length and start with a letter followed by alphanumeric characters. The language also defines the type of data to be used (integer, float, char, etc.). In programming the rules are defined by the language. In network management the rules are defined by SMI. Most computer languages require that variables be declared in each specific pro- gram. The declaration names each variable and defines the predefined type. For example, if a program has two variables (an integer named counter and an array named grades of type char), they must be declared at the beginning of the program: int counter; char grades ; Note that the declarations name the variables (counter and grades) and define the type of each variable. Because the types are predefined in the language, the program knows the range and size of each variable. MIB does this task in network management. MIB names each object and defines ~e type of the objects. Because the type is defined by SMI, SNMP knows the range and size. After declaration in programming, the program needs to write statements to store values in the variables and change them if needed. SNMP does this task in network management. SNMP stores, changes, and interprets the values of objects already declared by MIB according to the rules defined by SMI. We can compare the task of network management to the task of writing a program. o Both tasks need rules. In network management this is handled by SMI. o Both tasks need variable declarations. In network management this is handled by MIB. o Both tasks have actions performed by statements. In network management this is handled by SNMP. An Overview Before discussing each component in detail, we show how each is involved in a simple scenario. This is an overview that will be developed later at the end of the chapter. A manager station (SNMP client) wants to send a message to an agent station (SNMP server) to find the number of UDP user datagrams received by the agent. Figure 28.4 shows an overview of steps involved. MIB is responsible for finding the object that holds the number of the UDP user datagrams received. SMI, with the help of another embedded protocol, is responsible for encoding the name of the object. SNMP is responsible for creating a message, called a GetRequest message, and encapsulating the encoded message. Of course, things are more complicated than this simple overview, but we first need more details of each protocol. SECTION 28.2 SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) 881 Figure 28.4 Management overview Number of UDP user datagrams? --------------~ The object has an integer value and is called udpInDatagram with id 1.3.6.1.2.1.7.1.0 --------------~ Retrieve the value of an object with code 06 09. --------------jSNMPI Encapsulate the request in a GetRequest message Structure of Management Information The Structure of Management Information, version 2 (SMIv2) is a component for net- work management. Its functions are 1. To name objects 2. To define the type of data that can be stored in an object 3. To show how to encode data for transmission over the network SMI is a guideline for SNMP. It emphasizes three attributes to handle an object: name, data type, and encoding method (see Figure 28.5). Figure 28.5 Object attributes Object attributes Type Name SMI requires that each managed object (such as a router, a variable in a router, a value) have a unique name. To name objects globally, SMI uses an object identifier, which is a hierarchical identifier based on a tree structure (see Figure 28.6). 882 CHAPTER 28 NETWORK MANAGEMENT: SNMP Figure 28.6 Object identifier 1.3.6.1 (iso.org.dop.intemet) 1.3.6.1.2.1 (iso.org.dod.internet.mgmt.mib-2) The tree structure starts with an unnamed root. Each object can be defined by using a sequence of integers separated by dots. The tree structure can also define an object by using a sequence of textual names separated by dots. The integer-dot representation is used in SNMP. The name-dot notation is used by people. For example, the following shows the same object in two different notations: iso.org.dod.internet.mgmt.mib-2... 1.3.6.1.2.1 The objects that are used in SNMP are located under the mib-2 object, so their identifiers always start with 1.3.6.1.2.1. AU objects managed by SNMP are given an object identifier. The object identifier always starts with 1.3.6.1.2.1. Type The second attribute of an object is the type of data stored in it. To define the data type, SMI uses fundamental Abstract Syntax Notation 1 (ASN.l) definitions and adds some new definitions. In other words, SMI is both a subset and a superset of ASN.1. SMI has two broad categories of data type: simple and structured. We first define the simple types and then show how the structured types can be constructed from the simple ones (see Figure 28.7). SECTION 28.2 SIMPLE NEIWORK MANAGEMENT PROTOCOL (SNMP) 883 Figure 28.7 Data type Simple Type The simple data types are atomic data types. Some of them are taken directly from ASN.l; others are added by SMI. The most important ones are given in Table 28.1. The first five are from ASN.l; the next seven are defined by SMI. Table 28.1 Data types Type Size Description INTEGER 4 bytes An integer with a value between _2 31 and 231 - 1 Integer32 4 bytes Same as INTEGER Unsigned32 4 bytes Unsigned with a value between 0 and 232 - 1 OCTET STRING Variable Byte string up to 65,535 bytes long OBJECT IDENTIFIER Variable An object identifier IPAddress 4 bytes An IP address made of four integers Counter32 4 bytes An integer whose value can be incremented from 0 to 2 32 ; when it reaches its maximum value, it wraps back to O. Counter64 8 bytes 64-bit counter Gauge32 4 bytes Same as Counter32, but when it reaches its maximum value, it does not wrap; it remains there until it is reset TimeTicks 4 bytes A counting value that records time in l~ s BITS A string of bits Opaque Variable Uninterpreted string Structured Type By combining simple and structured data types, we can make new structured data types. SMI defines two structured data types: sequence and sequence of o Sequence. A sequence data type is a combination of simple data types, not neces- sarily of the same type. It is analogous to the concept of a struct or a record used in programming languages such as C. o Sequence of. A sequence of data type is a combination of simple data types all of the same type or a combination of sequence data types all of the same type. It is analogous to the concept of an array used in programming languages such as C. 884 CHAPTER 28 NETWORK MANAGEMENT: SNMP Figure 28.8 shows a conceptual view of data types. Figure 28.8 Conceptual data types - a. Simple variable c. Sequence...... b. Sequence of d. Sequence of (simple variables) (sequences) Encoding Method SMI uses another standard, Basic Encoding Rules (BER), to encode data to be trans- mitted over the network. BER specifies that each piece of data be encoded in triplet format: tag, length, and value, as illustrated in Figure 28.9. Figure 28.9 Encoding format o Tag. The tag is a I-byte field that defines the type of data. It is composed of three subfields: class (2 bits),fonnat (1 bit), and number (5 bits). The class subfield defines the scope of the data. Four classes are defined: universal (00), applicationwide (01), context-specific (10), and private (11). The universal data types are those taken from ASN.l (INTEGER, OCTET STRING, and ObjectIdentifier). The applicationwide data types are those added by SMI (IPAddress, Counter, Gauge, and TimeTicks). The five context-specific data types have meanings that may change from one protocol to another. The private data types are vendor-specific. The format subfield indicates whether the data are simple (0) or structured (1). The number subfield further divides simple or structured data into subgroups. For example, in the universal class, with simple format, INTEGER has a value of 2, OCTET STRING has a value of 4, and so on. Table 28.2 shows the data types we use in this chapter and their tags in binary and hexadecimal numbers. SECTION 28.2 SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) 885 Table 28.2 Codes for data types Data Type Class Format Number Tag (Binary) Tag (Hex) INTEGER 00 0 00010 00000010 02 OCTET STRING 00 0 00100 00000100 04 OBJECT IDENTIFIER 00 0 00110 00000110 06 NULL 00 0 00101 00000101 05 Sequence, sequence of 00 1 10000 00110000 30 IPAddress 01 0 00000 01000000 40 Counter 01 0 00001 01000001 41 Gauge 01 0 00010 01000010 42 TimeTicks 01 0 00011 01000011 43 Opaque 01 0 00100 01000100 44 o Length. The length field is I or more bytes. If it is 1 byte, the most significant bit must be O. The other 7 bits define the length of the data. If it is more than 1 byte, the most significant bit of the first byte must be 1. The other 7 bits of the first byte define the number of bytes needed to define the length. See Figure 28.10 for a depiction of the length field. Figure 28.10 Length format ~ a. The colored part defines the length (2). ~~~ b. The shaded part dermes the length of the length (2 bytes); the colored bytes define the length (260 bytes). o Value. The value field codes the value of the data according to the rules defined in BER. To show how these three fields-tag, length, and value-can define objects, we give some examples. Example 28.1 Figure 28.11 shows how to define INTEGER 14. Example 28.2 Figure 28.12 shows how to define the OCTET STRING "HI." 886 CHAPTER 28 NETWORK MANAGEMENT: SNMP Figure 28.11 Example 28.1, INTEGER 14 02 04 00 00 00 OE , '; 1.li.lOOO100 00000000 00000000 00000000 00001110 Tag Length Value (14) (integer) (4 bytes) Figure 28.12 Example 28.2, OCTET STRING "HI" 04 02 48 49 00000010 ~~'. 01001000 01001001 Tag Length Value Value (String) (2 bytes) (H) (1) Example 28.3 Figure 28.13 shows how to define ObjectIdentifier 1.3.6.1 (iso.org.dod.internet). Figure 28.13 Example 28.3, ObjectIdentifier 1.3.6.1 06 04 01 03 06 01 ~(~..~~~OOOQQIQ(J~·J 00000001 00000011 00000110 00000001 Tag Length Value Value Value Value (ObjectId) (4 bytes) (1) (3) (6) 0) I- 1.3.6.1 (iso.org.dod.intemet) 'I Example 28.4 Figure 28.14 shows how to define IPAddress 131.21.14.8. Figure 28.14 Example 28.4, IPAddress 131.21.14.8 04 83 15 OE 08 000oo100 10000011 00010101 00001110 00001000 Tag Length Value Value Value Value (IPAddress) (4 bytes) (131) (21) (14) (8) I- 131.21.14.8 > I Management Information Base (MIB) The Management Information Base, version 2 (MIB2) is the second component used in network management. Each agent has its own MIB2, which is a collection of all the objects that the manager can manage. The objects in MIB2 are categorized under 10 SECTION 28.2 SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) 887 different groups: system, interface, address translation, ip, icmp, tcp, udp, egp, trans- mission, and snmp. These groups are under the mib-2 object in the object identifier tree (see Figure 28.15). Each group has defined variables and/or tables. Figure 28.15 mib-2 1.3.6.1.2.1 The following is a brief description of some of the objects: D sys This object (system) defines general information about the node (system), such as the name, location, and lifetime. D if This object (inteiface) defines information about all the interfaces of the node including interface number, physical address, and IP address. D at This object (address translation) defines the information about the ARP table. D ip This object defines information related to IP, such as the routing table and the IP address. D icmp This object defines information related to ICMP, such as the number of packets sent and received and total errors created. D tcp This object defines general information related to TCP, such as the connection table, time-out value, number of ports, and number of packets sent and received. D udp This object defines general information related to UDP, such as the number of ports and number of packets sent and received. D snmp This object defines general information related to SNMP itself. Accessing MIB Variables To show how to access different variables, we use the udp group as an example. There are four simple variables in the udp group and one sequence of (table of) records. Figure 28.16 shows the variables and the table. We will show how to access each entity. Simple Variables To access any of the simple variables, we use the id of the group (1.3.6.1.2.1.7) followed by the id of the variable. The following shows how to access each variable. udpInDatagrams 1.3,6.1.2.1.7.1. udpNoPorts 1.3.6.1.2.1.7.2 udplnErrors 1.3.6.1.2.1.7.3 udpOutDatagrams 1.3.6.1.2.1.7.4 888 CHAPTER 28 NETWORK MANAGEMENT: SNMP Figure 28.16 udp group udpLocal udpLocal Address Port However, these object identifiers define the variable, not the instance (contents). To show the instance or the contents of each variable, we must add an instance suffix. The instance suffix for a simple variable is simply a O. In other words, to show an instance of the above variables, we use the following: udpInDatagrams.O 1.3.6.1.2.1.7.1.0 udpNoPorts.O 1.3.6.1.2.1.7.2.0 udpInErrors.O 1.3.6.1.2.1.7.3.0 udpOutDa.tagrams.O 1.3.6.1.2.1.7.4.0 Tables To identify a table, we first use the table id. The udp group has only one table (with id 5) as illustrated in Figure 28.17. So to access the table, we use the following: udpTable... 1.3.6.1.2.1.7.5 However, the table is not at the leaf level in the tree structure. We cannot access the table; we define the entry (sequence) in the table (with id of 1), as follows: udpEntry... 1.3.6.1.2.1.7.5.1 This entry is also not a leaf and we cannot access it. We need to define each entity (field) in the entry. udpLocalAddress 1.3.6.1.2.1.7.5.1.1 udpLocalPoo' 1.3.6.1.2.1.7.5.1.2 These two variables are at the leaf of the tree. Although we can access their instances, we need to define which instance. At any moment, the table can have several values for SECTION 28.2 SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) 889 Figure 28.17 udp variables and tables udpInDatagrams '--- udpLocaIAddress I ---_I udpLocaIPort ( 1.3.6.1.2.1.7.1) (1.3.6.1.2.1.7.5.1.1) (1.3.6.1.2.1.7.5.1.2) udpEntry (1.3.6.1.2.1.7.5.1) udpNoPorts _------I udpLocaIAddress ~~I udpLocaIPort (1.3.6.1.2.1.7.2) (1.3.6.1.2.1.7.5.1.1) (1.3.6.1.2.1.7.5.1.2) udpEntry (1.3.6.1.2.1.7.5.1) udplnErrors (1.3.6.1.2.1.7.3) ··· _------I udpLocalAddress (1.3.6.1.2.1.7.5.1.1) -------, udpLocalPon (1.3.6.1.2.1.7.5.1.2) ~------I udpOutDatagrams udpEnn-y (1.3.6.1.2.1.7.5.1) (1.3.6.1.2.1.7.4) udpTable (1.3.6.1.2.1.7.5) each local address/local port pair. To access a specific instance (row) of the table, we add the index to the above ids. In MIB, the indexes of arrays are not integers (like most programming languages). The indexes are based on the value of one or more fields in the entries. In our example, the udpTable is indexed based on both the local address and the local port number. For example, Figure 28.18 shows a table with four rows and values for each field. The index of each row is a combination of two values. To access the instance of the local address for the first row, we use the identifier augmented with the instance index: udpLocalAddress.181.23.45.14.23...... 1.3.6.1.2.7.5.1.1.181.23.45.14.23 Note that not all tables are indexed in the same way. Some tables are indexed by using the value of one field, others by using the value of two fields, and so on. Lexicographic Ordering One interesting point about the MIB variables is that the object identifiers (including the instance identifiers) follow in lexicographic order. Tables are ordered according to column-row rules, which means one should go column by column. In each column, one should go from the top to the bottom, as shown in Figure 28.19. 890 CHAPTER 28 NETWORK MANAGEMENT: SNMP Figure 28.18 Indexes for udpTable 181.23.45.14 I 23 I 1.3.6.1.2.1.7.5.1.1.181.23.45.14.23 1.3.6.1.2.1.7.5.1.2.181.23.45.14.23 192.13.5.10 1.3.6.1.2.1.7.5.1.1.192.13.5.10.161 o 1.3.6.1.2.1.7.5.1.2.192.13.5.10.161 227.2.45.18 180 I 1.3.6.1.2.1.7.5.1.1.227.2.45.18.180 1.3.6.1.2.1.7.5.1.2.227.2.45.18.180 230.20.5.24 I 212 I 1.3.6.1.2.1.7.5.1.1.230.20.5.24.212 1.3.6.1.2.1.7.5.1.2.230.20.5.24.212 Figure 28.19 Lexicographic ordering I ~ I I 181.23.45.14 I I ) 23 I 1.3.6.1.2.1.7.5.1..181.23.45.14.23 1.3.6.1.2!1.7.5.1. I.181.23.45.14.23 I I I I I 192.13.5.10 I I I I I 161 I 1.3.6.1.2.1.7.5.1..192.13.5.10.161 / 1.3.6.1.2.1.7.5.1..192.13.5.10.161 I I I I I I 227.2.45.18 I I I I I I 180 I 1.3.6.1.2.1.7.5.1..227.2.45.18.1&0 I 1.3.6.1.2.1.7.5.1..227.2.45.18.180 I I I I 230.20.5.24 I I I 212 I 1.3.6.1.2.1.7.5.1..23tl.20.5.24.212 1.3.6.1.2.1.7.5.1..230.20.5.24.212 I I SECTION 28.2 SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) 891 The lexicographic ordering enables a manager to access a set of variables one after another by defining the first variable, as we will see in the GetNextRequest command in the next section. SNMP SNMP uses both SMI and MIB in Internet network management. It is an application program that allows 1. A manager to retrieve the value of an object defined in an agent 2. A manager to store a value in an object defined in an agent 3. An agent to send an alarm message about an abnormal situation to the manager PDUs SNMPv3 defines eight types of packets (or PDUs): GetRequest, GetNextRequest, Get- BulkRequest, SetRequest, Response, Trap, InformRequest, and Report (see Figure 28.20). Figure 28.20 SNMP PDUs UDP connections SNMP SNMP manager agent

Use Quizgecko on...
Browser
Browser