SNMP protocol learning
Simple Network Management Agreement (SNMP: Simple Network Management Protocol) is a network management protocol defined by the Internet Engineering Task Force (IETF: Internet Engineering Task Force). This protocol is based on a Simple Gateway Monitoring Protocol (SGMP: Simple Gateway Monitor Protocol). With SNMP, a management workstation can remotely manage all network devices that support this protocol, including monitoring network status, modify network device configuration, and receive network event warnings. Although SNMP begins to be an IP-based network management, it is also successfully used for telephone network management as an industrial standard.
Network management
Network management based on T C P / I P contains two parts: network management station (also called management process, m a g e R station) and a tube network unit (also called the Managed Apparatus NetWork Element). There are many types of tube equipment, such as routers, X terminals, terminal servers, and printers. The commonality of these tube equipment is to run T C P / I P protocol. The software and management related software are called the agent (A g e n t) or a proxy process. The management station is generally a workstation with a color monitor, which can display all the status of the tube device (such as whether the connection is dropped, the flow conditions on various connections, etc.).
There are two ways between management processes and proxy processes. One is whether the management process issues a request to the proxy process, asking a specific parameter value (for example: how many unreachable I C M P ports?). Another way is that the proxy process actively reports some important events to the management process (for example: a connection outlet). Of course, the management process can change the parameter values of the proxy process in addition to the proxy process (for example, change the default IP TTL value to 6 4) as required.
Network management based on T C P / I P contains 3 components:
1) A management information library M i B (Management Information Base). The management information library contains all the parameters that can be queried and modified in all proxy processes. RFC 1213 [McCloghrie and rose 1991] Defines the second edition of M i B called M I B - I I.
2) About a set of common structures and representations of M i B. Managed Management Information Structure S M i (Structure of
Management information. This is defined in RFC 1155 [ROSE AND MCCLOGHRIE 1990]. For example, the S m i definition counter is a non-negative integer, its count range is 0 ~ 4 294 967 295, and when the maximum is reached, the count starts from 0.
3) The communication protocol between the management process and the proxy process is called simple network management protocol S n m p (Simple Network Management Protocol). Defined in RFC 1157 [Case et al. 1990]. S N m P includes a format such as a datagram. Although a wide variety of protocols can be adopted in the transportation layer, in S N m p, the most used protocol or U d P.
2, SNMP system
SNMP uses a special form of a Client / Server model: agency / management station model. Management and maintenance of the network is done by the management of the interaction between the workstation and the SNMP agent. Each SNMP is responsible for answering the SNMP Management Workstation (main agent) for the various queries of the MIB definition information. The figure below is the implementation model of the SNMP protocol.
3, NMP packet type SNMP proxy and management station communicate through standard messages in the SNMP protocol, each message is a separate duty. SNMP uses UDP (User Data News Protocol) as a fourth layer protocol (transport protocol), performs no connection operation. SNMP specifies five protocol messages (that is, SNMP packets) used to exchange between management processes and agents.
Get-request, get-next-request with get-response
The SNMP Management Station retrieves information from the Get-Request message from the network device with the SNMP agent, while the SNMP agent responds with a GET-RESPONSE message. Get-next-request is used to combine the column elements in a specific table object with Get-Request. Such as:
First, the number of interfaces of the device you want to query is obtained by the following primitives:
{Iso Org (3) DOD (6) Internet (1) mgmt (2) MIB (1) Interfaces (2) ifnumber (2)}
Then use the primitive below to query (where the first time to use Get-Request, after which get-next-request):
{Iso org (3) DOD (6) Internet (1) mgmt (2) MIB (1) Interfaces (2) ifeable (2)}
Set-request
The SNMP Management Station uses set-request to remote configuration for network devices (including device names, device properties, delete devices, or valid / invalidation of a device properties, etc.).
TRAP
The SNMP agent uses TRAP to send unsampic messages to the SNMP management station, generally used to describe an event of an event.
The front Request operation is sent by the management process to the proxy process. The following response and trap operations are processed by the proxy process. For the sake of simplicity, the three operations are called GET, GET-NEXT, and SET operations in the future. The figure below describes the five types of packets of SNMP. Note that at the proxy process terminal receives the GET or SET packets with a well-known port 161, and in the management process terminal is used to receive Trap messages with familiarity port 162.
5 packets of SNMP
4, SNMP packet format
The SNMP message packet contains two parts: SNMP header and protocol data unit PDU. The data news structure is shown below.
Figure SNMP packet format
Version Identifier: Make sure the SNMP agent uses the same protocol, each SNMP agent directly abandoned Dativance with its own protocol version.
Community name: Used for SNMP to authenticate from the agent; if the network is configured to be verified, SNMP will authenticate the IP address of the community name and management station if the network is configured to verify. If it fails, the SNMP will be The management station sends an authentication failed Trap message (see);
Protocol Data Unit (PDU): where the PDU indicates the message type of SNMP and its related parameters.
The following figure is a SNMP packet format that encapsulates five operations in the UDP datagram. It can be seen that a SNMP message has three parts, namely public SNMP headers, GET / SET header TRAP header, variable binding.
1) Public SNMP head
Total three fields:
Version l Write version field is the version number minus 1, and 0 should be written for SNMP (ie SNMPv1). Community Community is a string, as a mutant number of management processes and proxy processes, commonly used 6 characters "public".
The PDU type is filled in a number of 0 to 4 according to the type of PDU, and its correspondence is shown in Table 2. Table 2 PDU type
PDU type
name
0
Get-Request
1
Get-next-request
2
Get-response
3
Set-request
4
TRAP
2) GET / SET header L request identifier (Request ID) This is a integer value set by the management process. The proxy process is also returned to this request identifier when sending the get-response message. The management process can also send GET messages to many agents, all of which use UDP transfer, which may arrive first. Set the request identifier to enable the management process to identify the returned response packet which request message
Error Status fills in 0 ~ 5 in the 0 ~ 5, see the description of Table 3 when answering by the proxy process.
Table 3 error state description
Error status
first name
Description
0
Noerror
everything is normal
1
TOOBIG
The agent cannot be re-answer into a SNMP message
2
NOSUCHNAME
Operation indicates a variable that does not exist
3
Badvalue
A set operation indicates an invalid value or an invalid syntax
4
Readonly
Management process attempt to modify a read-only variable
5
generr
Some other errors
ERRORL INDEX When the error occurs when Nosuchname, BadValue, or Readonly appears, an integer set when answering the response, indicating that the error in the variable is offset in the variable list. 3) TRAP head
Enterprise (Enterprise) The object identifier of the network device of the Trap message. This object identifier is definitely on a sub-tree below the Enterprise node {1.3.6.1.4.1} on the object name tree of Figure 3.
TRAP Type This field official name is Generic-Trap, which is divided into 7 of Table 4.
TRAP type
first name
Description
0
Coldstart
Initialization
1
WARMSTART
Agency's reinitialization
2
Linkdown
One interface becomes a fault state from the working state
3
Linkup
An interface becomes a working state from the fault state
4
AuthenticationFailure
Receive messages with an invalid community from the SNMP management process
5
Egpneighborloss
An EGP adjacent router becomes a fault state
6
Enterprisespecific
Agent custom event, you need to use the "specific code" behind
When the above types 2, 3, 5 described above are used, the first variable of the report portion of the message should identify the response interface.
Specific-code indicates a proxy custom time (if the TRAP type is 6), otherwise 0.
Timestamp indicates the time experienced by the agent process to initialize the event of the TRAP report, and unit is 10ms. For example, the timestamp is 1908 indicates that the time has occurred after 1908ms after the agent initialization.
4) Variable bindings (variable-bindings)
Indicates the names and corresponding values of one or more variables. In GET or Get-Next messages, the value of the variable should be ignored.
5. Administration Information Library MIB
Managing the information library MIB is the structure of all agent processes that can be managed and set by the management process. The management information library specified by IETF (which defines accessible network devices and its properties, and the object identifier --Oid: Object Identifier uniquely specified) SMI is called SMI.
Object identification is a data type that indicates an object of "Authorization" named. "Authorization" means that these logos are not casually allocated, which is managed and assigned by some authorities. The object identifier is an integer sequence, separated by point ("."). These integers constitute a tree structure, the object identifier begins with the top of the tree, and the top is not identified, represented by R O O t. The figure below shows this tree structure used in S N m P. All M I b variables start from 1. 3. 6. 1. 2. 1. Each junction on the tree also has a text name. M. This is mainly for people to read. In practical applications, the M i b variable name is identified by an object identification when the management process and the proxy process are interactive, and of course, it is from 1. 3. 6.1. 2. 1. In Fig. 2 5 - 6, in addition to giving the M i B object identification, I S O. O R n. D O D. I N T E R N E T .P R I V A T E. E N T E R P R I S E S (1. 3. 6. 1. 4. 1) This logo. This is reserved for the manufacturer's custom. About 4 0 0 identities under this node are listed in the A S I g n e D Number RFC.
The MIB is a tree structure, and the SNMP protocol message accesses devices in the network by traversing nodes in the MIB tree directory.
The figure below gives the SNMP to access the object identification tree (OID: Object Identifier) of the network device in the NMS system.
Figure 12
The figure below gives an OID setting example of a query for a DS1 line state.
6, instance identification
When the M i B variable is operated, if the value of querying and setting variables, each variable of M I B must be identified. First, only the leaf node is operable. S n m p cannot process a full line of the table or a column.
6.1 Simple variable
The processing method for simple variables is processed by adding ". 0" after its object identity. For example, the counter UDP I n d atagrams in the foregoing is 1. 3. 6. 1. 2. 1. 7. 1, which. 1, its instance identifier is 1. 3. 6. 1. 2. 1. 7. 0, the corresponding text name is ISO. ORG. DOD. Internet. Mgmt. Mib. UDP. UDP I n D atagrams. 0. Although this variable is usually abbreviated as udp i n d atagrams. 0, in SNMP packets, the name of this variable is identified by its object 1. 3. 6. 1. 2. 1. 7. 1. 0 .
6.2 form
The instance identification of the table is much more complicated. Figure
6.3 Dictionary Sort
MI i b is sorted in accordance with an object identification, there is an implicit sorting rule - "First list", do not add ".0". The M i B table is sorted in the order of the dictionary based on its object identity.
7. Configure SNMP services on Windows 2000
7.1 Install SNMP under Windows 2000
1) Open Windows 2000 Control Panel
2) Double-click the "Add and Remove Programs" icon
3) Select Add to delete the Windows component, the component panel appears.
4) Hook up the management and monitoring toolbox
5) Click "Details"
6) Hook the simple network management agreement and click OK
7) Click Next to continue until it is complete.
7.2 Configuring Windows2000 SNMP Services
1) Open Windows 2000 Control Panel
2) Double-click Administrative Tools icon
3) Double-click the service icon
4) Select SNMP Service
5) Edit Properties, select the agent tag
6) Confirm that Contact and Location are selected
7) Select the trap label
8) Try Community Name: Public
9) Click to join the list
10) On the trap destination, click Add and fill in IP Address.
11) Click OK
12) Select a safety label
13) Highlight public and click Edit, change Community Rightes to Read Create
14) Click OK
15) Stop SNMP service and restart
16) Double-click SNMP Trap Service, select "Auto" in the starting method.
17) Click OK
18) Stop SNMP TRAP Service and restart
8, no problem
a) SNMPv2 has not seen, don't know how big it is?
b) Object identification tree is hierarchical, is it encoded from left to right?
c) Isn't all the information you want to check on this object tree? Is there any other place?
d) If it is an error, how can I determine whether the network is questioned or the syntax problem of the command?
e) SNMP variables stored in the form of a table format, the columns of the table are generally fixed, but the number of rows is not sure, so it seems that it is not good to find anyone?
f) TRAP time, is the Manager party wants to send a confirmation to receive an error, or not?
g) When you start managing a router device, the metaphor is to send a name to it, what is the basic step?
h) Does the instance identifies that each device is determined in the factory? Can't increase by name, is it?
i) Will SNMPv1 can only be used online in TCP / IP protocol?
j) Is the MIB format in each device?
k) Can get multiple variables at once?
l) In the case of the object identity, it is used before.
