Snmp

Introduction to SNMP www.sriinduit.blogspot.com

Contents 1. Basic Concepts 2. Management Information Base 3. Simple Network Management Protocol 4. SNMP Application Examples 5. Reference Appendix: ASN.1 Concept

1. Basic Concepts Internet RMON Device Firewall / Router Management Station ... Polling Notification ... NM UNIX . . .. FDDI UNIX PC . . .. . . .. PC UNIX PC

網路管理標準化如果每個廠商的網路設備均提供一套獨特專屬 (Proprietary) 的網管方法與介面，網路管理工作將很難執行。網路管理標準化每個網路設備必須提供一致的網路管理介面 ( 亦即相同的網路管理通信協定 ) 。

網路管理相關標準 Internet SNMPv1, SNMPv2, SNMPv3 ISO/ITU-T X.700 Series: CMIP/S (Common Management Information Protocol / Service) ITU-T M.3000 Series: TMN (Telecommunication Management Networks)

SNMP Concepts SNMP: Simple Network Management Protocol De facto standards of network management for TCP/IP networks (Internet) IAB recommends all IP & TCP implementations should be network manageable. That is, all TCP/IP network devices should support SNMP. IAB: Internet Activities Board

SNMP Architectural Model Key Components One or more Management Stations Perform management applications, i.e, Monitor & Control. Multiple Network Elements hosts, routers, gateways, ..., which each contain an Agent . Network Management Protocol Exchange network management information.

SNMP Architectural Model ( cont. ) Manager Agent Agent . . . Management Station Host Router Network Elements (NEs) Network Management Protocol SNMP Network 網路介面 SNMP UDP IP 網路介面 SNMP UDP IP 網路介面 SNMP UDP IP

Management Components Manager Agent Network Management Protocol Management Information Base (MIB)

Management Components Management Station (Manager) Network management applications. Provide an interface which the human network manager can monitor and control the network. Agent Network devices should be equipped with agent software so that they can be managed from a management station. Responds to requests for information from managers. Responds to requests for actions from managers. May asynchronously provide managers with important but unsolicited information.

Management Components (cont.) Network Management Protocol Communication protocol between managers and agents NM protocol provides a standard way to exchange management information between managers and agents. Management Information Base (MIB) A collection of Managed Objects. The resources to be managed are represented as objects, called Managed Objects (MOs).

Management Information Base (MIB) Each resource to be managed is represented by an object, called managed object (MO). The MIB is a structured collection of MOs. Essentially, each MO is a data variable. Each agent in an NE maintains an MIB. Monitor: by reading the values of MOs in the MIB. Control: by modifying the values of MOs in the MIB. 網路介面 SNMP UDP IP Agent Managed Resources MIB NE: Network Element

SNMP Services Four Services Get, Set, GetNext, Trap Five SNMP PDUs GetRequest, SetRequest, GetNextRequest, GetResponse, Trap Manager Agent(s) PDU: Protocol Data Unit Get, Set, GetNext Request Get Response Trap

SNMP Services Get GetNext Set Trap Get Request Get Response Manager Agent GetNext Request Get Response Manager Agent Set Request Get Response Manager Agent Trap Request Manager Agent

SNMP Services ( cont. ) Get Request: Retrieve the values of objects in the MIB of an agent. Get-Next Request: Retrieve the values of the next objects in the MIB of an agent. Set Request: Update the values of objects in the MIB of an agent. Trap Request Report extraordinary events to the manager.

Get-Next Request In SNMP, Only leaf objects have values. ＊ :Non-Leaf Object :Leaf Object 1 2 3 4 5 6 MIB Tree :

Default UDP Ports for SNMP 網路介面 SNMP UDP IP Manager Management Station Network Elements (NEs) 網路介面 SNMP UDP IP Agent 162 Any 161 Any

SNMP Standards SNMP Protocol (Std 15) RFC1157 : Simple Network Management Protocol. Structure of Management Information (SMI) (Std 16) RFC1155 : Structure and Identification of Management Information for TCP/IP-based Internets. RFC1212 : Concise MIB Definitions. MIB-II (Std 17) RFC1213 : Management Information Base for Network Management of TCP/IP-based Internets: MIB-II.

2. Management Information Base Structure of Management Information (SMI) Set of rules on how managed objects should be defined. Objects are defined using Abstract Syntax Notation One ASN.1 (ITU-T X.208 / ISO 8824) MIB The collection of all defined objects Contains hierarchically organized variables corresponding to managed objects. MIB-II, RMON MIB , Bridge MIB, Repeater MIB, X.25 MIB, FDDI MIB, Token Ring MIB, ...

Object Identifier Object Identifier (OID): Global identifier for a particular object type. An OID consists of a sequence of integers, which specify the position of the object in the global object identifier tree. root ccitt iso joint-iso-ccitt directory 0 1 2 std reg authority member body org 0 1 2 3 dod internet 6 1 1 2 3 4 mgmt experimental private MIB II system 1 interface 2 at 3 IP 4 ICMP 5 TCP 6 UDP 7 EGP 8 Trans. 10 SNMP 11 1 1 enterprises 1.3.6.1.2.1.2 1.3.6.1.4.1 1.3.6.1.2.1 MIB II interface enterprises

Private MIB Registration Companies can register their private MIB extensions in the global MIB tree by contacting the Internet Assigned Numbers Authority (IANA). http://www.iana.org/ Currently assigned enterprise subtrees ftp://ftp.isi.edu/in-notes/iana/assignments/enterprise-numbers

SMI (RFC1155) RFC1155-SMI DEFINITIONS ::= BEGIN EXPORTS -- EVERYTHING internet, directory, mgmt, experimental, private, enterprises, OBJECT-TYPE, ObjectName, ObjectSyntax, SimpleSyntax, ApplicationSyntax, NetworkAddress, IpAddress, Counter, Gauge, TimeTicks, Opaque; internet OBJECT IDENTIFIER ::= { iso org(3) dod(6) 1 } directory OBJECT IDENTIFIER ::= { internet 1 } mgmt OBJECT IDENTIFIER ::= { internet 2 } experimental OBJECT IDENTIFIER ::= { internet 3 } private OBJECT IDENTIFIER ::= { internet 4 } enterprises OBJECT IDENTIFIER ::= { private 1 }

SMI ( cont. ) OBJECT-TYPE MACRO ::= BEGIN TYPE NOTATION ::= "SYNTAX" type (TYPE ObjectSyntax) "ACCESS" Access "STATUS" Status VALUE NOTATION ::= value (VALUE ObjectName) Access ::= "read-only" | "read-write" | "write-only" | "not-accessible" Status ::= "mandatory" | "optional" | "obsolete" END ObjectName ::= OBJECT IDENTIFIER ASN.1 Macro

OBJECT-TYPE Example sysDesc OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) ACCESS read-only STATUS mandary ::= { system 1}

ObjectName ::= OBJECT IDENTIFIER ObjectSyntax ::= CHOICE { simple SimpleSyntax, application-wide ApplicationSyntax} SimpleSyntax ::= CHOICE { number INTEGER, string OCTET STRING, object OBJECT IDENTIFIER, empty NULL} } ApplicationSyntax ::= CHOICE { address NetworkAddress, counter Counter, gauge Gauge, ticks TimeTicks, arbitrary Opaque } NetworkAddress ::= CHOICE { internet IpAddress} IpAddress ::= [APPLICATION 0] IMPLICIT OCTET STRING (SIZE (4)) Counter ::= [APPLICATION 1] IMPLICIT INTEGER (0..4294967295) Gauge ::= [APPLICATION 2] IMPLICIT INTEGER (0..4294967295) TimeTicks ::= [APPLICATION 3] IMPLICIT INTEGER (0..4294967295) Opaque ::= [APPLICATION 4] IMPLICIT OCTET STRING END SMI ( cont. )

Object Syntax Summary Simple Syntax Integer Octet String Object Identifier Null Application Syntax Network Address Counter Gauge Time Ticks Opaque

Concise MIB Definition (RFC 1212) OBJECT-TYPE MACRO ::= BEGIN TYPE NOTATION ::= "SYNTAX" type(ObjectSyntax) "ACCESS" Access "STATUS" Status DescrPart ReferPart IndexPart DefValPart VALUE NOTATION ::= value (VALUE ObjectName) DescrPart ::= "DESCRIPTION" value (description DisplayString) | empty ReferPart ::= "REFERENCE" value (reference DisplayString) | empty IndexPart ::= "INDEX" "{" IndexTypes "}" | empty IndexTypes ::= IndexType | IndexTypes "," IndexType IndexType ::= value (indexobject ObjectName) | type (indextype) DefValPart ::= "DEFVAL" "{" value (defvalue ObjectSyntax) "}" | empty END

Examples: MIB II (RFC 1213) ifEntry OBJECT-TYPE SYNTAX IfEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "An interface entry containing objects at the subnetwork layer and below for a particular interface." INDEX { ifIndex } ::= { ifTable 1 } ifTable OBJECT-TYPE SYNTAX SEQUENCE OF IfEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A list of interface entries. The number of entries is given by the value of ifNumber." ::= { interfaces 2 } mib-2 OBJECT IDENTIFIER ::= { mgmt 1 } system OBJECT IDENTIFIER ::= { mib-2 1 } interfaces OBJECT IDENTIFIER ::= { mib-2 2 } at OBJECT IDENTIFIER ::= { mib-2 3 } ip OBJECT IDENTIFIER ::= { mib-2 4 } icmp OBJECT IDENTIFIER ::= { mib-2 5 } tcp OBJECT IDENTIFIER ::= { mib-2 6 } udp OBJECT IDENTIFIER ::= { mib-2 7 } egp OBJECT IDENTIFIER ::= { mib-2 8 } -- cmot OBJECT IDENTIFIER ::= { mib-2 9 } transmission OBJECT IDENTIFIER ::= { mib-2 10 } snmp OBJECT IDENTIFIER ::= { mib-2 11 }

Identification of Managed Objects Use Object Identifier (OID) OID = Object Type OID . Instance Identifier Object Type OID: Each Object type has a unique OID Instance Identifier: Identify instances of object type E.g .mib-2.interface.ifTable.ifEntry.ifDescr . 2

Two Kinds of Managed Objects Type-Specific Objects: sysDescr OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) ::= {system 1} OID: mib-2.system.1 . 0 Columnar Objects OID: mib-2.interface.ifTable.ifEntry.ifDescr . 2 mib-2.interface.ifTable.ifEntry.ifDescr . 6 mib-2.interface.ifTable.ifEntry.ifType . 2 mib-2.interface.ifTable.ifEntry.ifType . 6

Columnar Objects ifTable OBJECT-TYPE SYNTAX SEQUENCE OF IfEntry … ::= { interface 2 } IfEntry ::= SEQUENCE { ifIndex INTEGER, ifDescr DisplayString, ifType INTEGER, … } ifEntry OBJECT-TYPE SYNTAX IfEntry … INDEX {ifIndex } ::= { ifTable 1} ifDescr OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) ACCESS read-only STATUS madatory ... ::= {ifEntry 2}

Columnar Objects ifIndex ifDescr ifType . . . 1 le0 6 . . . 6 llc0 1 . . . 7 lo0 24 . . . 9 le1 6 . . . .ifTable.ifEntry.1 (1.3.6.1.2.1.2.2.1. 1 ) .ifTable.ifEntry.2 (1.3.6.1.2.1.2.2.1. 2 ) .ifTable.ifEntry.3 (1.3.6.1.2.1.2.2.1. 3 ) 1.3.6.1.2.1.2.2.1.3.7 1.3.6.1.2.1.2.2.1.2. 6

Index in MIB II ifEntry {ifIndex} atEntry {atNetIfIndex, atNetAddress} ipAddrEntry {ipAdEntAddr } ipRouteEntry {ipRouteDest} ipNetToMediaEntry {ipNetToMediaIfIndex, ipNetToMediaNetAddress} tcpConnEntry {tcpConnLocalAddress, tcpConnLocalPort, tcpConnRemoteAddress, tcpConnRemotePort} udpEntry {udpLocalAddress, udpLocalPort} egpNeighEntry {egpNeighAddr}

Index Example To get the state of the TCP connection: 10.144.18.118:1200 ===> 10.144.14.40:1600 Use snmp_get_req. to get the “tcpConnState” of the tcpConnTable in MIB II. tcpConnState ==> .1.3.6.1.2.1.6.13.1.1 .1.3.6.1.2.1.6.13.1.1.10.144.18.118.1200.10.144.14.40.1600

MIB II System Group Provide general information about the managed system. Interfaces Group Contains generic information about the physical interfaces. Address-Translation Group Contains information about the mapping between network addresses and physical addresses for each physical interface. IP Group Contains information about the implementation and operation of IP at the managed system. ICMP Group Contains information about the implementation and operation of ICMP at the managed system.

MIB-II ( cont. ) TCP Group Contains information about the implementation and operation of TCP at the managed system. UDP Group Contains information about the implementation and operation of UDP at the managed system. EGP Group Contains information about the implementation and operation of EGP at the managed system. Transmission Group Provides details about the underlying transmission media for each interface. SNMP Group Provides the statistics of SNMP operations at the managed system.

IETF MIBs 1213 MIB-II 1316 Character Stream 1317 RS-232-like Hardware 1471 PPP 1513 RMON for Token Ring 1757 RMON 2021 RMON-II .....

3. SNMP SNMP Message Version Identifier Community Name Protocol Data Unit The length of SNMP messages should not exceed 484 octets. Message ::= SEQUENCE { version INTEGER {version-1(0)}, community OCTET STRING, data ANY } Version Community SNMP PDU

SNMP Authentication Community Relationship between an Agent and Managers. Community Name Used to validate the SNMP messages. SNMP Password. Default ‘Get’ community name: “public”. Authentication Failure Agent sends “ Authentication Failure Trap ” to Manager.

SNMP PDU PDU ::= SEQUENCE { request-id INTEGER, error-status INTEGER { noError(0), tooBig(1), noSuchName(2), badValue(3), readOnly(4) genErr(5)}, error-index INTEGER, variable-bindings SEQUENCE OF { name ObjectName, value ObjectSyntax } } GetRquest : GetNextRequest : GetResponse : SetRequest : Trap : [0] PDU [1] PDU [2] PDU [3] PDU [4] Trap-PDU Five SNMP PDUs: PDU: Protocol Data Unit

SNMP PDU ( cont. ) PDU type request-id 0 0 variable-bindings GetRequest, GetNextRequest, SetRequest PDU type request-id error-status error-index variable-bindings GetResponse variable-bindings name value name value name value . . .

Trap-PDU Trap-PDU ::= [4] IMPLICIT SEQUENCE { enterprise OBJECT IDENTIFIER, agent-addr NetworkAddress, generic-trap INTEGER { coldStart(0), warmStart(1), linkDown(2), linkUp(3), authenticationFailure(4), egpNeighborLoss(5), enterpriseSpecific(6)}, specific-trap INTEGER, time-stamp TimeTicks, variable-bindings VarBindList } Enterprise: Type of Object generating trap. Agent Address: Address of object generating trap. Generic Trap: Generic trap type. Specific Trap: Enterprise specific trap. Time Stamp: Time elapsed between the last initialization of the network entity and the generation of the trap. Variable Bindings “ Interesting” information PDU type enterprise agent-addr generic - trap variable-bindings specific - trap time-stamp

How does a Manager do? Translates Internal Data to ASN.1 Format Translates ASN.1 Package to Internal Data Format NM Application NM Application Agent Agent Manager Sends Request PDU to Agent Received Response PDU from Agent

How does an Agent do? From Manager To Manager Agent Received SNMP Request PDU from Manager Translates ASN.1 Structure to Internal Data Maps MIB Variables to Internal Variables Sends SNMP Response PDU to Manager Translates Response PDU to ASN.1 Format Implement SNMP Request to Set or Get MIB Value

Main Loop of Agent Agent waits for an incoming datagram in Port 161 Reads the datagram from UDP and notes the transport address of the sending entity. Increments the QUANTUM to keep track of the logical request-id being processed by agent De-serializes the datagram into an ASN.1 structure. If error occurs, log error and discard packet. The ASN.1 structure is translated into SNMP message. If error occurs, log error and discard packet. Check on VERSION-NUMBER field. If error occurs, log error and discard packet.

Main Loop of Agent (cont.) Community name is looked up. If community is unknown to agent, agent send AUTHENTICATION trap to Manager station in Port 162; log error and discard packet. Agent loops through list of variables in the request. If no prototype is found, return a GET-RESPONE with error noSuchName and discard package. Once prototype is fund, operation is checked against community profile. If mismatch occurs, return get-respone with error noSuchName or readOnly and discard package. Otherwise, agent invokes access routine to perform the desired operation.

What's New in SNMPv2 No more Trap PDU, 3 New PDUs: getBulkReq, InformReq, SNMPv2-Trap Added Security 18 Error Status Values SNMPv2 SMI / SNMPv2 MIB M-to-M Communications Table Operations ...

4. SNMP Application Examples SNMP Commands snmpget [options] node variable [...] query a node using SNMP Get request snmpnext [options] node variable [...] query a node using SNMP GetNext request snmpwalk [options] node variable query a node repeatedly using SNMP GetNext/GetBulk requests snmptrap [-d] [-p port] [-c community] node enterprise agent-addr generic-trap specific-trap time-stamp variable type value [variable type value...] issue an SNMP Version 1 Trap options:[-d] [-t timeout] [-r retries] [-p port] [-c community] [-v version]

Example for snmpget >> snmpget -d 10.144.18.118 .1.3.6.1.2.1.1.1.0 Transmitted 41 bytes to camry (10.144.18.118) port 161: Initial Timeout: 0.80 seconds 0: 30 27 02 01 00 04 06 70 75 62 6c 69 63 a0 1a 02 0'.....public... 16: 02 18 bc 02 01 00 02 01 00 30 0e 30 0c 06 08 2b .........0.0...+ 32: 06 01 02 01 01 01 00 05 00 -- -- -- -- -- -- -- ................ 0: SNMP MESSAGE (0x30): 39 bytes 2: INTEGER VERSION (0x2) 1 bytes: 0 (SNMPv1) 5: OCTET-STR COMMUNITY (0x4) 6 bytes: "public" 13: GET-REQUEST-PDU (0xa0): 26 bytes 15: INTEGER REQUEST-ID (0x2) 2 bytes: 6332 19: INTEGER ERROR-STATUS (0x2) 1 bytes: noError(0) 22: INTEGER ERROR-INDEX (0x2) 1 bytes: 0 25: SEQUENCE VARBIND-LIST (0x30): 14 bytes 27: SEQUENCE VARBIND (0x30): 12 bytes 29: OBJ-ID (0x6) 8 bytes: .1.3.6.1.2.1.1.1.0 39: NULL (0x5) 0 bytes

Example for snmpget (cont.) Received 69 bytes from camry (10.144.18.118) port 161: 0: 30 43 02 01 00 04 06 70 75 62 6c 69 63 a2 36 02 0C.....public.6. 16: 02 18 bc 02 01 00 02 01 00 30 2a 30 28 06 08 2b .........0*0(..+ 32: 06 01 02 01 01 01 00 04 1c 53 75 6e 20 53 4e 4d .........Sun SNM 48: 50 20 41 67 65 6e 74 2c 20 53 55 4e 57 2c 55 6c P Agent, SUNW,Ul 64: 74 72 61 2d 31 -- -- -- -- -- -- -- -- -- -- -- tra-1........... 0: SNMP MESSAGE (0x30): 67 bytes 2: INTEGER VERSION (0x2) 1 bytes: 0 (SNMPv1) 5: OCTET-STR COMMUNITY (0x4) 6 bytes: "public" 13: RESPONSE-PDU (0xa2): 54 bytes 15: INTEGER REQUEST-ID (0x2) 2 bytes: 6332 19: INTEGER ERROR-STATUS (0x2) 1 bytes: noError(0) 22: INTEGER ERROR-INDEX (0x2) 1 bytes: 0 25: SEQUENCE VARBIND-LIST (0x30): 42 bytes 27: SEQUENCE VARBIND (0x30): 40 bytes 29: OBJ-ID (0x6) 8 bytes: .1.3.6.1.2.1.1.1.0 39: OCTET-STR (0x4) 28 bytes: "Sun SNMP Agent, SUNW,Ultra-1" system.sysDescr.0 : DISPLAY STRING- (ascii): Sun SNMP Agent, SUNW,Ultra-1

Example of snmpwalk snmpwalk 10.144.18.118 .1.3.6.1.2.1.1 system.sysDescr.0 : DISPLAY STRING- (ascii): Sun SNMP Agent, SUNW,Ultra-1 system.sysObjectID.0 : OBJECT IDENTIFIER: .iso.org.dod.internet.private.enterprises.42.2.1.1 system.sysUpTime.0 : Timeticks: (198219958) 22 days, 22:36:39.58 system.sysContact.0 : DISPLAY STRING- (ascii): [email_address] system.sysName.0 : DISPLAY STRING- (ascii): camry system.sysLocation.0 : DISPLAY STRING- (ascii): Information Technology Laboratory 3F system.sysServices.0 : INTEGER: 72 (01001000)B

Example of snmptrap snmptrap -d manager .1.3.6.1.4.1.612.1.1 10.144.18.116 6 99999 0 .1.3.6.1.1 octetstringascii "Trap test" Transmitted 64 bytes to manager (10.144.18.100) port 162: 0: 30 3e 02 01 00 04 06 70 75 62 6c 69 63 a4 31 06 0>.....public.1. 16: 09 2b 06 01 04 01 84 64 01 01 40 04 0a 90 12 74 [email_address] 32: 02 01 06 02 03 01 86 9f 43 01 00 30 13 30 11 06 ........C..0.0.. 48: 04 2b 06 01 01 04 09 54 72 61 70 20 74 65 73 74 .+.....Trap test 0: SNMP MESSAGE (0x30): 62 bytes 2: INTEGER VERSION (0x2) 1 bytes: 0 (SNMPv1) 5: OCTET-STR COMMUNITY (0x4) 6 bytes: " public " 13: V1-TRAP-PDU (0xa4): 49 bytes 15: OBJ-ID ENTERPRISE (0x6) 9 bytes: .1.3.6.1.4.1.612.1.1 26: IPADDRESS AGENT-ADDR (0x40) 4 bytes: 10.144.18.116 (manager2) 32: INTEGER GENERIC-TRAP (0x2) 1 bytes: 6 35: INTEGER SPECIFIC-TRAP (0x2) 3 bytes: 99999 40: TIMETICKS TIME-STAMP (0x43) 1 bytes: 0 (0x0) 43: SEQUENCE VARBIND-LIST (0x30): 19 bytes 45: SEQUENCE VARBIND (0x30): 17 bytes 47: OBJ-ID (0x6) 4 bytes: .1.3.6.1.1 53: OCTET-STR (0x4) 9 bytes: " Trap test "

Get System Information Get “System Group” of MIB II Use get_request or get_next_request sysDescr .1.3.6.1.2.1.1.1.0 sysObjectID .1.3.6.1.2.1.1.2.0 sysUptime .1.3.6.1.2.1.1.3.0 sysContact .1.3.6.1.2.1.1.4.0 sysName .1.3.6.1.2.1.1.5.0 sysLocation .1.3.6.1.2.1.1.6.0

Get Interface Information Get “Interface Group” of MIB II Repeatedly Use “get_next_request” Note: We don’t know the ifIndex values in ifTable. First get the next object of .ifTable.ifEntry.0 Then repeatedly “get_next” Until the whole subtree is visited.

Traffic Monitoring Get “ifInOctets” and “ifOutOctets” of MIB II Interface Group t 1 : C 1 t 2 : C 2 (C 2 - C 1 )  8 (t 2 - t 1 )  Bandwidth  100% Utilization (%) =

6. Reference The Simple Book, marshall T.Rose, Prentice-Hall Inc. SNMP, SNMPv2 and RMON: The Practical Guide to Network Management, Willeam Stallings SMI; http://ds.internic.net/rfc/rfc1155.txt Concise MIB Format; http://ds.internic.net/rfc/rfc1212.txt SNMP; http://ds.internic.net/rfc/rfc1157.txt MIB II; http://ds.internic.net/rfc/rfc1213.txt Trap Format; http://ds.internic.net/rfc/rfc1215.txt ASN.1 and BER; ITU-T X.208, X.209

Development of SNMP Standards SNMPv2  SNMPv3 RMON I RMON II

SNMPv3 An Architecture for Describing Internet Management Frameworks Local Processing Model for version 3 of the Simple Network Management Protocol (SNMPv3) Message Processing and Control Model for version 3 of the Simple Network Management Protocol (SNMP) User-based Security Model for version 3 of the Simple Network Management Protocol (SNMPv3) View-based Access Control Model (VACM) for version 3 of the Simple Network Management Protocol (SNMP) User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)

Appendix: ASN.1 Concepts ASN.1: Abstract Syntax Notation One ISO/ITU-T Standards: ISO 8824/ITU-T X.208 Abstract Syntax: Use a syntax to define data/data structure independent of machine-oriented structures and restrictions. Use in SNMP Define SNMP PDU format Define management information (MIB)

ASN.1 Reserved Words All reserved words MUST be upper case BOOLEAN INTEGER BIT STRING OCTET NULL OF SEQUENCE SET IMPLICIT CHOICE ANY EVTERNAL OBJECT END IDENTIFIER OPTIONAL DEFAULT TRUE COMPONTS FALSE BEGIN

What are defined using ASN.1 Types: data structures e.g. Counter, Gauge, IpAddess, ... Values: instances (variables) of a type e.g. sysContact, ifTable, ifSpeed, ... Macros: used to change the actual grammar of ASN.1 e.g. OBJECT-TYPE, ACCESS, ...

Modules Module: A collection of ASN.1 descriptions Module Structure <module name> DEFINITION ::= BEGIN <module body> END Example EmptyModule DEFINITION ::= BEGIN END

Tags and Types Tags Every type defined with ASN.1 is assigned a tag Tag = Class + Number Class: (Bit 8,7 in BER tag) Universal 0 0 Application 0 1 Context-specific 1 0 Private 1 1 Number: non-negative Integer BER: Basic Encoding Rules

Tags and Types (cont.) Universal Tag ASN.1 Type 1 BOOLEAN 2 INTEGER 3 BIT STRING 4 OCTET STRING 5 NULL 6 OBJECT IDENTIFIER 7 ObjectDescriptor 8 EXTERNAL 9 REAL 10 ENUMERATED 12-15 Reserved 16 SEQUENCE, SEQUENCE OF 17 SET, SET OF Universal Tag ASN.1 Type 18 NumericString 19 PrintableString 20 TeletexString 21 VediotextString 22 IA5String 23 UTCTime 24 GeneralizeTime 25 GraphicString 26 VisssibleString 27 GeneralString 28 CharacterString 29-... Reserved

Values in ASN.1 General format of a value assignment <valuereference> <type> ::= <value> Examples: BOOLEAN Married ::= BOOLEAN currentStatus Married ::= FALSE INTEGER Color ::= INTEGER{red (0), blue (1), yellow (2)} defaultColor Color ::= 1 defaultColor Color ::= blue

Basic Encode Rules BER A transfer syntax notation ISO/ITU-T Standards: ISO 8825/ITU-T X.209 Values from any abstract syntax defined using ASN.1 can be encoded with BER BER uses Tag, Length, Value (TLV) encoding Tag : “identifier”, Length : length of content, Value : “contents” Each value may itself be made up of one or more TLV-encoded values T T L T L V V V L

Snmp

More Related Content

Snmp