Simple Network Management Protocol SNMP
table of Contents
1. Network management basic concept ........................................ ................................................ .. 3
2. Simple network management protocol SNMP overview ........................................ .................................... 4
2.1 SNMP development .......................................... ................................................ 4
2.2 SNMP configuration .......................................... ................................................ 5
3. Manage information library MIB .......................................... ................................................ ... 6
4. SNMP 5 protocol data units ....................................... ........................................... 8
5. Manage information structure SMI ........................................ ................................................ ... 11
6. SNMPv2 protocol .......................................... ................................................ ....... 12
6.1 Safety mechanism in SNMPv2 standard ......................................... ............................... 14
6.2 SNMPv2 Party ........................................... ........................................... 14
6.3 SNMPv2 protocol operation .......................................... ............................................ 15
7. SNMPv3 architecture ........................................ ............................................... 15
8. Public management information CMIP .......................................... ............................................... 17
9. Comparison of SNMP and CMIP ......................................... ...................................................... 18
10. Prospects of network management protocols ......................................... ............................................. 18
1. Network Management Basic Concept
With the rapid development of computer and communication technology, network management technology has become an important preface technology. There is currently no precise definition of network management. For example, a public switched network, network management usually refers to real-time network monitoring to make the network performance can still be optimal under unfavorable conditions (such as overload, fault). Another example, the narrow network management only refers to the network traffic management, and the broad network management refers to the system management of the network. The network management function can be summarized as the various activities required for OAM & P, ie network operations, processing, maintenance, and provisioning. Sometimes, the first three are considered, that is, the network management function is considered to OAM. Network management is usually used in the following terms:
l Network Elements (Network Element)
Specific communication devices or logic entities in the network, also known as NE.
l object (Object)
Since the communication and information processing category can identify resources with certain information characteristics. However, it should be noted that "objects" used herein is not exactly the same as the objects defined in the object-oriented system.
l Managed Object
Managed objects refer to abstract representation of network resources that can be managed and controlled using management protocols. For example, a layer of entity or a connection.
l Management Information Library MIB
MIB is an important component in the network management system, which has many managed objects and their properties within a system. MIB This concept is actually a virtual database. This database provides information about managed network elements, and this information is shared by management processes and individual proxy processes. The MIB is used by management processes and individual proxy processes.
l Integrated network management inM
Manage multi-manufacturers produced computer hardware and software resources in a heterogeneous network with a unified approach. This is also called integrated network management.
OSI has already proposed a framework for network management standards in OSI's overall standards, namely ISO 7498-4. ITU-T works closely to ISO in terms of network management to develop X.700 Series Recommendations corresponding to ISO 7498-4.
Two important criteria developed by ISO and ITU-T are:
(1) ISO 9595 ITU-T X.710 Public Management Information Service Definition CMIS
(2) ISO 9596 ITU-T X.711 Public Management Information Protocol Specifications CMIP
2. Simple Network Management Protocol SNMP Overview
2.1 Development of SNMP
Simple Network Management Agreement (SNMP) is the most widely used network management protocol in the TCP / IP network. In May 1990, RFC 1157 defines the first version SNMPv1 of SNMP (Simple Network Management Protocol). RFC 1157 provides a system method for monitoring and managing computer networks together with another file RFC 1155 for managing information. Therefore, SNMP has been widely used and has become a factual standard for network management.
SNMP has been rapidly developed in the early 1990s, and also exposes significant shortcomings, such as difficult to achieve a lot of data transfer, lack of authentication and encryption mechanism. Therefore, SNMPv2 has been released in 1993, with the following features:
l Support distributed network management
l extended the data type
l You can achieve simultaneous transmission of data, improve efficiency and performance
l Enriching the fault handling capacity L Added a collection processing function
l Enhanced a data definition language
However, SNMPv2 does not fully implement the expected goals, especially if the security performance is not improved, such as authentication (such as authentication, authentication, information integrity analysis, prevention of the prevention), encryption, authorization, and Access control, appropriate remote security configuration and management capabilities are not implemented. SNMPV released in 1996
2C
It is the modified version of SNMPv2, which is enhanced, but the security performance is still not improved, and the authentication method based on the SNMPv1 based key key is continued. The IETF SNMPv3 Working Group proposed Internet suggestion RFC 2271-2275 in January 1998, officially forming SNMPv3. This series of files define a system framework including SNMPv1, SNMPv2, and a new security mechanism including verification services and encryption services, and also specifies a special network security and access control rules. It can be said that SNMPv3 adds security and management mechanisms on the basis of SNMPv2.
The Internet also has a long-term network management standard CMOT (Common Management Information Service and Protocol Over TCP / IP), which means "Public Management Information Service and Protocol on TCP / IP". Although CMOT uses OSI's network management standard CMIS / CMIP, it has not yet reached a practical phase.
The most important hungry of SNMP is to be as simple as possible in order to shorten the development cycle. The basic features of SNMP include monitoring network performance, detecting network errors and configuring network devices. When the network is working properly, SNMP can realize statistics, configuration, and test functions. Various error detection and recovery functions can be implemented when the network fails. Although SNMP is a network management protocol based on TCP / IP, it can also be extended to other types of network devices.
2.2 SNMP configuration
Figure 1 is a typical configuration using SNMP. The entire system must have a management station, which is actually an network control center. Run the management process in the management station. There must be a proxy process in each managed object. Management processes and proxy inherions communicate with SNMP packets, while SNMP messages use UDP to transmit. There are two hosts and a router in the figure. The part of the shadows in these protocol stacks is that the parties of these hosts and routers, without shadowing, increasing to achieve network management.
Sometimes the network management protocol cannot control certain network elements, such as the network element is used another network management protocol. This is a Probi Agent. The entrusted agent can provide a collection function such as protocol conversion and filtering operations. The agent is then delegated to manage the management object. Figure 2 shows the configuration of the delegate management.
Figure 2 Configuration of delegated management
SNMP network management consists of three parts, ie management information library MIB, management information structure SMI, and SNMP itself. The following is a brief introduction.
3. Management Information Library MIB
The management information library MIB indicates the variables maintained by the network element (ie information that can be managed and set up). The MIB gives the data structure of all possible managed objects in a network. SNMP's management information library adopts a tree-like structure similar to the domain name system DNS, its root is on top, and there is no name. Figure 3 is a part of the management information library, which is also called object name (Object Naming Tree).
Figure 3 Object Nitations for Managing the Information Library
The top-level object named tree has three, namely ISO, ITU-T, and these two organizations. There are 4 nodes below ISO, where hungry (label 3) is identified. There is a subtree of the US Department of Defense (6) below it, then the following is the Internet (label is 1). When only objects in the Internet are discussed, only the subtree below the Internet (the dotted box with shadows in the figure), and is marked on the Internet node {1
.3
.6
.1}.
The second node below the Internet Node is MGMT (management), the label is 2. Below is the management information library, the original node name is MIB. In 1991, the new version of MIB-II was defined, and the finisher name was changed to MIB-2, and its identification was {
1
.3
.6
. 1.2.1}, or {Internet (1) .2.1}. This identifier is an object identifier.
The initial node MIB divides the information managed into 8 categories, see Table 1. Now DE MIB-2 includes more than 40 information categories.
Table 1 Initial node MIB management information category
category
Mark
The information contained
SYSTEM
Interfaces
Address Translation
IP
ICMP
TCP
UDP
EGP
(1)
(2)
(3)
(4)
(5)
(6)
(7)
(8)
Host or router operating system
Various network interfaces and their assay traffic
Address conversion (such as ARP mapping)
Internet software (IP packet statistics)
ICMP software (statistics have received ICMP messages)
TCP software (algorithm, parameters, and statistics)
UDP software (UDP traffic statistics)
EGP software (external gateway protocol traffic statistics)
It should be noted that the definition of MIB has nothing to do with the specific network management protocol, which is beneficial for vendors and users. Vendors can include SNMP proxy software in products, such as routers, and ensure that the software is still complied with standard after defining new MIB projects. Users can use the same network management client software to manage multiple routers with different versions of MIBs. Of course, a router without a new MIB project cannot provide information about these items.
Here you have to mention the objects in MIB {
1
.3
.6
.1.4.1}, ENTERPRISES, which has exceeded 3000. For example IBM is {1.3.6.1.4.1.2}, Cisco is {1.3.6.1.4.1.9}, Novell is {1.3.6.1.4.1.23}. Any one in the world, the school can obtain a node name as long as I use an email to Iana-mib@isi.edu. Such manufacturers can define the named object names of their own products, so that it can manage with SNMP.
4. 5 protocol data units of SNMP
SNMP specifies that five protocol data unit PDUs (that is, SNMP packets) are used to exchange between management processes and agents.
l Get-request operation: Extract one or more parameter values from the proxy process
l get-next-request operation: Extract the next parameter value that keeps followed by the current parameter value from the proxy process
l set-request operation: Set one or more parameter values for the proxy process
l get-response operation: one or more parameter values returned. This operation is made by the proxy process, which is the response operation of the three operations.
l Trap operation: The proxy process actively issued packets, and the notification management process has some things happening. The three operations in front are made by the management process to the proxy process. The following operations are the proxy process to send to the management process. For the sake of simplicity, three operations are called GET, GET-NEXT, and SET operations in the previous operation. Figure 4 depicts the five packets of SNMP. Note that at the proxy process terminal receives the GET or SET packets with a well-known port 161, and in the management process terminal is used to receive Trap messages with familiarity port 162.
Figure 4 SNMP 5 packet operations
Figure 5 is a SNMP packet format that encapsulates five operations in the UDP datagram. It can be seen that a SNMP message has three parts, namely public SNMP headers, GET / SET header TRAP header, variable binding.
Figure 5 SNMP packet format
(1) The first public SNMP
Total three fields:
l version
The write version field is the version number minus 1, and 0 should be written for SNMP (ie SNMPv1).
l community (Community)
The Community is a string, as a mutant number of managing processes and proxy processes, commonly used 6 characters "public".
l PDU type
According to the type of PDU, one number in 0 to 4 is filled in the corresponding relationship, as shown in Table 2.
Table 2 PDU type
PDU type
name
0
Get-Request
1
Get-next-request
2
Get-response
3
Set-request
4
TRAP
(2) GET / SET head
l Request Identifier (Request ID)
This is an integer value set by the management process. The proxy process is also returned to this request identifier when sending the get-response message. The management process can also send GET messages to many agents, all of which use UDP transfer, which may arrive first. Set the request identifier to enable the management process to identify which request packets are requested for the returned response message.
l error status (Error Status)
One number of 0 to 5 is filld by a number of 0 to 5 when answering by a proxy process, as described in Table 3.
Table 3 error state description
Error status
first name
Description
0
Noerror
everything is normal
1
TOOBIG
The agent cannot be re-answer into a SNMP message
2
NOSUCHNAME
Operation indicates a variable that does not exist
3
Badvalue
A set operation indicates an invalid value or an invalid syntax
4
Readonly
Management process attempt to modify a read-only variable
5
generr
Some other errors
l error index (ERROR INDEX)
When Nosuchname, BadValue or ReadOnly occurs, an integer set by the proxy process at the time of answering, indicating that the error of the variable is offset in the variable list.
(3) TRAP head
l Enterprise (Enterprise)
The object identifier of the network device of the TRAP message is filled. This object identifier is definitely an Enterprise node on the object name tree of Figure 3 {
1
.3
.6
.1.4.1} On a subtype below.
l TRAP type
The official name of this field is Generic-Trap, which is divided into 7 of Table 4.
Table 4 TRAP Type Description
TRAP type
first name
Description
0
Coldstart
Initialization
1
WARMSTART
Agency's reinitialization
2
Linkdown
One interface becomes a fault state from the working state
3
Linkup
An interface becomes a working state from the fault state
4
AuthenticationFailure
Receive messages with an invalid community from the SNMP management process
5
Egpneighborloss
An EGP adjacent router becomes a fault state
6
Enterprisespecific
Agent custom event, you need to use the "specific code" behind
When the above types 2, 3, 5 described above are used, the first variable of the report portion of the message should identify the response interface.
l Specific-code
Indicates a proxy custom time (if the TRAP type is 6), otherwise 0.
l Timestamp (TimeStamp)
Indicates the time experienced by the agent process initialization to the TRAP report, in 10ms. For example, the timestamp is 1908 indicates that the time has occurred after 1908ms after the agent initialization.
(4) Variable-bindings
Indicates the names and corresponding values of one or more variables. In GET or Get-Next messages, the value of the variable should be ignored.
5. Manage Information Structure SMI
In SNMP, there are not many data types. Here we discuss these data types, without concern how these data types are actually encoded.
l Integer
Although a variable is defined as an integer, there are also a variety of forms. Some integer variables have no scope limits, and some integer variables are defined as specific values (for example, the IP forwarding flags only allow these two when they are allowed to forward), some integer variables define a specific range. (For example, the port numbers of UDP and TCP are from 0 to 65535).
l Octer String
0 or more 8 bit bytes, each byte value between 0 and 255. For this type of data type and the next data type BER encoding, the character string's byte number should exceed the length of the string itself. These strings are not strings ending with NULL.
l DisplayString
0 or more 8bit bytes, but each byte must be an ASCII code. In MIB-II, all variables of this type cannot exceed 255 characters (0 characters can be possible).
l Object Identifier
l null
There is no value for the related variables. For example, in GET or GET-NEXT operations, the value of the variable is NULL because these values remain to be taken at the proxy process.
l ipaddress
4-byte length Octer String, the IP address represented by the network. Each byte represents a field of the IP address.
l Physaddress
The OCTER STRING type represents a physical address (eg, the Ethernet physical address is 6 byte lengths).
l counter
Non-negative integers can be incremented from 0 to 232-1 (4294976295). After reaching the maximum, return to 0.
l gauge
Non-negative integers, range from 0 to 4294976295 (or decrease). Lock until the maximum is reached until reset. For example, TCPCurrestab in the MIB is an example of such a variable, which represents the number of TCP connections currently in the Established or Close_Wait state.
l Timeticks
The time counter is incremented by 0.01 seconds, but different variables can have different incremental amplitudes. So when defining this type of variable, you must specify an incremental amplitude. For example, the sysuptime variable in the MIB is the variable of this type, representing the length of time from the start of the agent process from the beginning of the startup, indicated by the number of seconds.
l Sequence
This data type is similar to "structure" in the C programming language. A sequence includes 0 or more elements, each element is another ASN.1 data type. For example, UDPENTRY in the MIB is this type of variable. It represents the current "activation" of the agent process ("activation" indicating that is currently used by the application). In this variable contains two elements: Ø UDPLOCALADDRESS in the ipaddress type indicates the IP address.
Ø UDPLOCALPORT in the Integer type, from 0 to 65535, indicating the port number.
l Sequelof
This is a vector definition, all of which has the same type. If each element has a simple data type, for example an integer type, then we get a simple vector (a one-dimensional vector). But we will see that SNMP is using this data type, each element in its vector is a sequence (structure). Thus it can be seen into a two-dimensional array or table.
6. SNMPv2 protocol
The simplicity is the main reason for the success of SNMP standards. Because in a complex network composed of large, multi-vendor products, the management agreement is critical, but this is also the defect of SNMP - in order to make the agreement simple, SNMP simplifies a lot of functions, such as :
l No batch access mechanism is provided, the access efficiency of large block data is very low;
l Does not provide sufficient safety mechanism, safety is poor;
l Only run on the TCP / IP protocol, not supporting other network protocols;
l The mechanism of communication between Manager and Manager is available, only suitable for centralized management, which is not conducive to distributed management;
l is only suitable for monitoring network devices and is not suitable for monitoring the network itself.
For these issues, it has been in progress on it. As in November 1991, RMON (RMOTE NETW ORK MONITORING) MIB has introduced SNMP's management capabilities for the network itself. It makes SNMP not only manages network devices, but also collect information such as traffic on the local area network and the Internet. In July 1992, a draft S-SNMP (Secure SNMP) draft was published for SNMP lack of security weaknesses.
By early 1993, SNMP Version 2 was introduced (after the SNMPv2 was launched, SNMP was called SNM PV1). SNM-PV2 is incorporated in the previous improvements to SNMP, and is more functional and safe, and the specific manifestation is better than the characteristics of SNMP clarity and easy implementation.
l Provide verification mechanism, encryption mechanism, time synchronization mechanism, etc., security is greatly improved,
l Provides the ability to retrieve a large amount of data, and the efficiency is greatly improved;
l Increase the information exchange mechanism between Manager and Manager to support distributed management. It is divided by the Intermediate Manager to divide the master's task, and the local autonomy of the far site is added.
l can be run on a variety of network protocols, such as OSI, AppleTalk, and IPX, etc., suitable for multi-protocol network environments (but its default network protocol is still UDP).
According to the STEVEN WALDBUSER test results of Carnegie-Mellin University (one of the SNMPv2 standards), the processing capability of SNMPv2 is significantly stronger than SNMPv1, approximately 15 times of SNMPv1.
SNMPv2 consists of 12 protocol text (RFC1441-RFC1452), which has been published as a recommendation of the Internet.
It can be seen that it supports distributed management. Some sites can act as both Manager and act as Agent while playing two roles. As an agent, they accept a request command for higher level management stations, and a part of these request commands is related to the Agent local data, and there is a direct response; the other part is related to the data on the far AG Ent. At this time, the agent requests data from the manager's identity, and then answers to a higher level management station. In the latter case, they are the role of the Proxy (agent). The SNMPv2 standard is described in detail below, including the SNMPv2 standard, the PA RTY entity in the SNMPv2 standard, and how to see the SNMPv2 standard from communication protocol operation, SMI, MIB.
6.1 Safety mechanism in SNMPv2 standard
SNMPv2 has a big improvement to SNMPv1, which enhances the safety mechanism. There are several more threats to management system security:
(1) Information tampering (MODIFICATION)
In the SNMPv2 standard, the management station is allowed to modify some of the values of some managed objects on the Agent. The destroyer may change the packets in the transmission, modulate it into illegal values, and destroy. Therefore, the protocol should be able to verify that the received message is modified during the transmission process.
(2) Puping (Masquerade)
Although there is access control capabilities in the SNMPv2 standard, this is mainly judged from the sender of the message. Users who have no access rights may pretend to be a legitimate user to destroy activities. Therefore, the protocol should be able to verify the authenticity of the sender of the message, and determine whether someone is pretending.
(3) Change of packet stream (Message Stream Modification)
Since the SNMPv2 standard is based on non-connection transmission services, the recessions, resend, and changes in the message flow order are possible. Some destroyers may deliberately delay, reissue, or change the order of the newscoses to achieve damage. Therefore, the agreement should be able to prevent the transfer time from the packets from being too long to leave opportunities for the destroyer.
(4) Theft of the message content (disclosure)
The destroyer may intercept the packets in the transmission and steal its content. Especially when creating new SNMPv2 Party, it must be guaranteed that its content is not stolen, because all operations about this Party are dependent on it. Therefore, the protocol should be able to encrypt the contents of the packets to ensure that it is not obtained by the eavesdropper.
For the above security issues, the Authentication mechanism, the Privacy mechanism, and the time synchronization mechanism are added to ensure the security of the communication.
6.2 SNMPv2 Party
An entity called Party is added to the SNMPv2 standard. Party is a minimum entity with network management functions, which is a subset of all features that SNMPv2 Entity (managed entities) can complete. There are multiple PAR-TY, each of the Manager and Agent, each of each of the sites are equal to each other, each complete its own function. The actual information exchange occurs between Party and Party (in each sending message, you must specify the PAR-TY of the sender and the receiver). Each Party has a unique identifier, a verification algorithm and parameter, and an encryption algorithm and parameter. The introduction of Party adds the flexibility and security of the system, which gives different personnel at different administrative privileges. There are three security mechanisms in SNMPv2: Authentication mechanism, PRIVACY mechanism, and Access Control mechanism. These mechanisms are working at the Party level instead of the Manager / Agent level.
6.3 SNMPv2 protocol operation
The core of the SNMPv2 standard is the communication protocol - it is a request / response protocol.
This agreement provides an intuitive, basic method of exchange management information between Manager and Agent, Manager and Manager.
Each SNMPv2 message consists of some domains:
If the sender, the two Party of the recipient uses the authentication mechanism, which contains information related to the verification; otherwise it is empty (take null). The process of verification is as follows: The Party of the sender and the receiver has a secrete key (Secret Key) and a verification algorithm. Before the message is sent, the sender first fills the key value into the Digest domain as the prefix of the packet. Then, according to the verification algorithm, the message data of the Digest Domain (including the Digest Domain) is calculated, and a summary value (Digest) is calculated, and the Digest value is replaced, and the DIG EST field in the packet is used. . After receiving the message, the receiver first takes the summary value in the message, there is a location, and then put it in the digest in the message with the sender's key. Comparing these two summary values, if the same is true, the sender is indeed a party indicated in the SRCP Arty domain; if it is not the same, the receiving party is determined to determine the sender illegal. The verification machine can prevent illegal users from "pretending to be" a legal party to destroy. The Authinfo domain also includes two time stamps, used to synchronize between the sender and the recipient to prevent the report to be intercepted and retransmitted.
Another major improvement in SNMPv2 is to encrypt communication packets to prevent listeners from stealing message content. In addition to the privdst domain, the rest of the packets can be encrypted. The sender and the receiver use the same encryption algorithm (such as DES).
Communication packets may not add any safety, or only verification, or both.
7. SNMPv3 architecture
The SNMPv3 architecture defined by RFC 2271 reflects modular design ideas, which can simply implement increase and modification. Characteristics:
l Adaptability: Suitable for a variety of operating environments, can manage the easiest network, implement basic management functions, but also provide powerful network management capabilities to meet the management requirements of complex networks.
l The expansion is good: the module can be added as needed.
l Security: has a variety of safety processing modules.
SNMPv3 has three modules: information processing and control modules, local processing modules, and user security modules.
(1) Information processing and control module
Information processing and control module defines in RFC 2272, which is responsible for the generation and analysis of information, and determines whether the information is subject to proxy servers during transmission. In the information generation process, the module receives the PDU from the Dispatcher, and then adds a security parameter from the user security module in the information header. When analyzing the received information, first handle the security parameters in the information head by the user security module, and then the unpackled PDU is given to the scheduler.
(2) Local processing module
The function of local processing module (Local Processing Model is mainly access control, processing packaging data and interrupts. Access control refers to the information of different management stations with different privileges by setting the information of the proxy, which has different permissions when accessing the agent, which is completed at the PDU. Commonly used control strategies have two: Limited management stations can send a command or determine the management station to access the specific part of the agent's MIB. The policies for access control must be set in advance. SNMPv3 flexibly determines access control mode by using primitives with different parameters.
(3) User security module
SNMPv3 adds three new security mechanisms than SNMPv1 and SNMPv2: authentication, encryption, and access control. The local processing module completes the access control function, and the User Security Module provides authentication and data confidentiality. Authentication is a proxy (management station) first must confirm whether the information is from a reliable management station (agent) and information is not changed during transmission. Implement this feature requires the management station and the agent to share the same key. The management station uses the key to calculate the verification code (which is a function of the information), and then adds it in the information, and the agent uses the same key to extract the verification code from the received information, resulting in information. The process of encryption is similar to authentication, and the management station and agent share the same key to achieve encryption and decryption of information. The following is a brief introduction to authentication and encrypted mathematical tools. SNMPv3 uses the private key and authentication key (Authkey) to implement both functions.
Authentication: HMAC is defined in RFC2104, which is a valid tool for generating information verification code using a security hash function and key to obtain a wide range of applications in the Internet. The HMAC used by SNMP can be divided into two types: HMAC-MD5-96 and HMAC-SHA-96. The former's hash function is MD5, using 128-bit authkey as input. The latter hash's hash function is SHA-1, using 160-bit authkey as input.
Encryption: Use the Data Encryption Standard (DES) password link (CBC) code, using 128-bit PrivKey as the input.
8. Public Administration Information CMIP
The CMIP protocol is the network management protocol proposed in the network management framework developed by OSI. With it, it is a network management agreement, it is better to say that it is a network management system. This system contains the following components: a model for describing protocols, a set of management information structures for describing managed objects, identification, and defined management information structures, detailed descriptions of managed objects, and primitives and services for remote management . CMIP is the same as SNMP, is also composed of managed agents and managers, management protocols and management information libraries. In CMIP, the managed agent and manager do not have a clear designation, and any network device can be a managed agent or a manager.
The CMIP management model can be described in three models: The organizational model is used to describe how the management task is assigned; the function model describes the relationship between various network management functions and their relationships, and the information model provides a description of the managed object and related management information. Guidelines. From the tissue model, all CMIP managers and managers exist in one or more domains, and the domain is the basic unit of network management. From a functional model, CMIP mainly implements invalid management, configuration management, performance management, account management, and security management. Each management is done by a special management function (SMFA, Special Management F Unctional Area). From the information model, the CMIP's MIB library is an object-oriented data storage structure, and each functional area is a memory cell that is a MIB library.
CMIP is a lack of application layer protocols completely independent of the lower platform, and its five special management functions are supported by multiple system management functions (SMF). Relatively, CMIP is a fairly complex and detailed network management protocol. Its dedication is the same as SNMP, but protocol data packets used to monitor networks are relatively more. CMIP defines a 11-class PDU. In CMIP, variables appear in very complex and advanced objects, each variable contains variable attributes, variable behavior, and notifications. The variables in CMIP reflect the characteristics of the CMIP MIB library, and this feature shows the management idea of CMIP, that is, events rather than polling. Each agent has independently completed a certain management.
The advantage of CMIP is:
l Each variable is not only delivered, but also completed a certain network management task. This is the greatest feature of the CMIP protocol, which is impossible in SNMP. This reduces the burden on managers and reduces network load.
l Full security. It has a complete set of security management methods such as verification, access control and security logs.
However, the disadvantage of CMIP is also obvious: l It is a large and full protocol, so its resource occupancy is several times more of SNMP. It requires much higher requirements for hardware devices than people.
l Since it runs a considerable number of processes on the network agent, the burden on the network agent is greatly increased.
l Its MIB library is too complicated, difficult to implement. To date, there is no network management system that meets CMIP.
9. Comparison of SNMP and CMIP
SNMP and CMIP are the two main network management protocols in the network. In the future network management, which is the topic of the industry that will take advantage of the industry.
Overall, both SNMP and CMIP agreements are greater than different. Both management objectives, basic components are basically the same. In terms of the structure of the MIB library, many vendors extends the SNMP MIB to the MIB structure of the CMIP, and the definition of the two protocols use the same abstract symbol (ASN.1).
Different, first, SNMP retrieves single information, and CMIP is retrieved for combination information. Second, in terms of information, SNMP is primarily based on polling, while CMIP mainly adopts the report. Again, in terms of transport layer support, SN MP is based on unconnected UDP, while CMIP tends to have a connection data transfer. In addition, both in terms of functions, protocol, performance, standardization, and productization.
10. Prospects of network management protocols
In the network, except SNMP, SNMP V2, CMIP, now I am now rising some new network management protocols and environments. Among them, the distributed computing environment (DME, Distributed Management Environment is the most famous. DME is proposed by OS F (Open Software Foundation). OSF is a non-profit research and development organization that provides a software solution to make a computer from different manufacturers to work together in a real open system computing environment. Its documentation is provided in the form of RFT (Request for Technology).
DME represents a structure. Under this structure, the management system and network can be combined well. It can constitute the basis of distributed system management and maintain a combination with existing network management schemes. It is independent of the operating system and supports the actual and formal network and system management standards. The structure of the DME has many novel things. Previously, whether it is network management or system management, administrators are managed by modifying data related to one resource or service by modifying data related to a resource or service. In the DME environment, information and operations are divided into objects. DME manages the system in units of objects. All DME management operations have a consistent interface and style: communicate with objects. This design is a great advantage is that the modularity is very strong, which is completely object-oriented management, and the system is easy to manage and develop. ISVs can build object libraries or managed object libraries in their own specific management functions, and then add them to existing management applications. All this is simple due to the object-oriented manner of the DME.
DME has two key concepts: Application Services and Framework. Application services provide some of the most important system management functions, while the framework provides the construction module used by the development system management application. This design provides consistency with existing solutions and can interoperate in a multi-vendor distributed network environment. D ME application services include software management (Software Management, Printing Services), and Event Management. They are provided in the form of a set of modules and a pi, there is a consistent user interface. DME also provides a mechanism that enables developers to easily join new services. The DME frame consists of a set of functional constructor, making the development of new network pipe applications simple. These compositions are:
l Management Request Agent (MRB, Management Request Brokers) MRB is the core of the DME framework. Under DME, all requests for objects are received by MRB. The MRB is responsible for finding the location of this object in the network and then forwards the request. MRB supports existing network management protocols SNMP, CMIP, and uses them to collect device information in the network. The MRB also supports the management protocol based on RPC (Remote Procedure Call).
l Object Server Object Server Use to manage and maintain objects in your network. DME provides two types of object servers, one for short-term tasks (such as replacement passwords, etc.) and another for long-term tasks (such as monitoring a network). l Event Management Service When there is a problem or change in the network, you need to notify the management application. DME's event management service provides a function of forwarding, logging in, and filtering such notifications, which can program the filter to analyze an event notification and link this event to a particular action. In addition, in order to make this service easy to use, DME also provides advanced template language for defining events.
l Data Management Service DME provides a management database to store relevant data information about the network managed object. This management data inventory is placed on disk.
At present, the main issue of DME is lack of support, and has not been further inspected.
