Note: This article is because of a small project of a gateway agent, it is written as a result of cope with knowledge accumulation. A considerable part of the text is ZT to populate the layout, some details are especially the development of the development, just gave a general framework. But it is also a summary of work.
The reason why I thought it was because the editor of the internal magazine suddenly called me, telling me that the head recommended to her, and then she asked me whether there was a modification before published, scare me, solemnly told her This article is actually just a draft, has not yet perfectd to publish the point - at least I don't think it can be published, because it is a bit possible when writing.
However, it is actually a bit regret, there are many contributions per thousand words, this one has 5k words ~~~
Rapid Development of Network Management SNMP Agent
Foreword
Overview: According to the previous project experience, an SNMP network management agent is introduced. The focus uses the related development package / test tools, shields most of the low-level details, and quickly realizes the network management agent.
Range: This article does not fully discuss the business implementation of the network management system, and does not focus on programming details. Focus on the role and limitations of the Agent in the network management system, and some technical difficulties when using the related development kits.
Keywords:
u SNMP
U Agent
u mib
u smi
u UCD-SNMP
u libsmi
1: Simple network management concept overview
The so-called network management generally refers to monitoring, analysis and control of various devices in the network system, thereby ensuring reliable and efficient operation of the entire network system. The network administrator reaches the purpose of managing the network through the interaction between managers and management agents.
In order to ensure that management information correctly exchange management information between managers and management agents, it is necessary to define the management information and reach an agreement between the two. The former is a management object, sometimes referred to as an object, and the collection of objects is called the management information library MIB (Management Information Base), the latter is a network management protocol. At present, the broader network management protocol in the world is based on TCP / IP's simple network management protocol SNMP (Simple Network Management Protocol), which is simple, easy to implement and has good expansion, is a network management agreement in the industry. standard.
There are 3 versions of the SNMP protocol.
SNMPv1 has 5 basic primitives
l get-request
l set-request
l Get-next-request
l get-reponse
l trap
SNMPv2 added two primitives
l get-bulk- request
L inform-request
SNMPv3 is mainly to be strengthened safely.
Software Structure of Second Network Management System Structure
A typical network management system is composed of the following parts
1: Manager:
The workstation used by the administrator is viewed and analyzed by the network management software.
2: Agent
Net management agent. Net management agent is generally divided into two functional modules and a public module MIB library
2.1 query / setup module
This module accepts query and setting instructions from the Manager, and processes related data according to the instructions, such as returning the data being queried to Manager, or enables the settings to take effect on the relevant Device.
For SNMP Agent, this module needs at least the following protocol interface:
l get-request
l set-request
l Get-next-request
l get-reponse
2.2 Alarm Module Alarm Module Sends the alarm generated by the device to Manager. For SNMP Agent. This module needs at least the Trap protocol interface.
2.3 MIB library
MIB (Managing Information Library) Saves relevant management information for managed devices. In SNMP Agent, MIB usually saves text file format.
A MIB describes objects or entries contained in the database. Each object or entry has the following four properties:
l object type (Object Type)
l syntax (Syntax)
l Access (Access)
l State (Status)
These properties are defined in the management information structure and identification (SMI; RFC 1155/1065) specification in the SNMP specification. SMI is equivalent to the database for MIB.
3 Device
Managed devices can be a process, computer, or distributed system. These devices are responsible for generating and collecting such as configuration, performance, and business data, and alarms, are sources of network management data, while responsible for the organizational and statistics of raw data. The interactive protocol between DEVICE and AGENT can be exchanged without being limited by the SNMP protocol.
4: Agent design
It can be seen that the location of the NMS system is equivalent to the gateway and protocol converter between the manager and the tube device. The range of functional requirements for Agent should be:
l Profile conversion. Conversion of protocols between SNMP protocols and tube devices
l Forward requests. Includes to forward queries to the managed equipment, set request. Alarms generated to Manager forwarding equipment
l Maintain information structure of the tube equipment via the MIB library
l Provide a unified network management interface for Manager, whether it is more complicated by the tube equipment, which only needs to interact with the Agent to interact with the Agent.
l Don't involve network management business logic such as round tufts, alarm strategies. Nor involved in the processing flow of the network management data itself. These are handled by the network management business logic layer of the tube equipment.
l Don't need to analyze data
l Don't save history or real-time network management data
It can be seen that the Agent function is clear and the structure is relatively simple. Although it is essential but non-core components, and the SNMP Agent is already in fact industrial standards, there is a large number of development packages to help developers quickly realize Agent, Developers put energy into the network management business logic.
Three development tool introduction
3.1 UCD-SNMP
The most famous for the development kit of the SNMP network management system is open source project UCD-SNMP (the latest version has been named NET-SNMP). .
UCD-SNMP development package provides resources needed for almost all SNMP network management development
l SNMP API. Package SNMP protocol and network interface details. SNMP operation interface for convenient call
l MIB management. All typical MIB libraries are available. And you can map the MIB library to the inside of the process, and the hierarchical organization data defined by MIB
l Extend the Agent's programming framework. Shield all SNMP operation processes and details, users only need to take over the formatted SNMP request, write network management service code.
l Related tools, including SNMPGET, SNMPGETNEXT, SNMPWalk, SNMPBULKGET, SNMPBULKWalk, SNMPTABLE, SNMPSET, SNMPTRAP, SNMPINFORM, SNMPDELTA, SNMPTEST, SNMPTRANSLATE, SNMPSTATUS, and more. 3.2 Libsmi
LibSMI is also an open source development kit, providing a set of functional functions for the MIB library. It can be easily parsed and modified MIB.
See the attachment for how to use the UCD-SNMP Development Package Extended Agent. Here, some technical difficulties appear in the project:
l Q: Why use libsmi?
A: First introduce the programming framework for UCD-SNMP extension Agent:
When the UCD-SNMP development package is introduced, it is recommended to use the MIB2C script to generate a .c file according to the MIB library, this file defines a static OID (Object ID, MIB database for each metadata index mode) 2D table When receiving the SNMP request, remove the callback function address according to the requested OID from the table.
In the .C file, the main element is a variable structure specifying the details of the object, using the form of the type structure Variable2 array, and each line of the array corresponds to an object of the MIB tree, and is arranged in an OID ascending order. For example, the variable of SlanbasicSet is defined as:
Struct Variable2 SlanbasicSet_Variables [] = {
/ * Magic Number, Variable Type, RO / RW, Callback Fn, L, Oidsuffix * /
#define Slanname 1
{SlanName, Asn_OCTET_STR, RWRITE, VAR_SLANBASICSET, 1, {1}},
#define slanagenttype 2
{SLANAGENTTYPE, ASN_INTEGER, RWRITE, VAR_SLANBASICSET, 1, {2}},
#define SlanagentStatus 3
{SLANAGENTSTATUS, ASN_INTEGER, RONLY, VAR_SLANBASICSET, 1, {3}},
}
This approach has several drawbacks:
First of all, in practice, MIB
2C
Script compatibility is not very good, may not be able to run in different environments.
Second, use MIB
2C
The generated .C file contains a static table, then update the .c file to update the table structure when updating the MIB library. This increases the repetition of development and is not conducive to deployment and maintenance.
Finally, in the generated static table, each OID corresponds to a different callback function by default, it is unreasonable to write almost the same business logic code in each callback function. Generally designed Agent, especially by tube equipment, not simple network devices, but a distributed business system, Agent only plays a network and protocol Adapter request Dispatch's role, and all requests come in, it is based on the internal protocol of the device. And distribute and get the return result, send it to Manager. Thus all OIDs only need to correspond to the same function.
The replacement scheme is to generate a dynamic OID table according to the MIB library every time starting the agent.
When the table, the table data is defined according to the specific needs, mainly the callback function.
At this time, you will need to use libsmi (or other MIB parses, practice, and found that libsmi is the easiest and easy to use).
l Q: Whether the network port of the snmp agent can be modified
A: SNMP Agent needs to use two network ports: query / set port, the default is 161. TRAP (Alarm) Port 162. The TRAP port is determined by Manager, and the agent sends TRAP as the client to the IP address and port of Manager. If you modify the port that does not match the Manager will cause Manager to receive alarm.
The query / set port is listened by the Agent. You can modify it by Agent, but it is recommended to maintain the default 161 port because it is the default agreement of industry standards. To modify this port, you must inform the Mananger end for synchronization.
The data protocols on these two ports are unconnected UDP. If the network structure is more complicated, it must be considered to be discarded by the firewall or gateway.
l Q: How to extend the Agent using a UCD-SNMP framework, what is its process mode.
A: The default is a single process. This does not need to consider too many synchronization problems in the process in the callback function. However, it must be aware that the single-trip processing request is serial, and each request must be rapidly processed, otherwise it may generate a serious efficiency problem, or frequent timeout in the Manager end. In general, although the pressure of the network management system is not very large, the efficiency problem must be considered when the alarm is frequent or the wheel patrol performance parameters.
L Q: Is the system original MIB information in addition to custom MIB information?
A: Yes. UCD-SNMP comes with all the standard defined general MIB libraries, just call the init_mib_all when initializing the agent instead of only initializing the custom Agent. This is basically all universal network management data (such as system information, network information, etc.), and is implemented by UCD-SNMP. A great reduced workload.
l Q: Can Agent run in an environment where UCD-SNMP is installed
A: Must be necessary UCD-SNMP dynamic library
l Q: How should an agreement between Agent and the tube device? Do you have to use UDP?
A: This is not a problem that the UCD-SNMP development package is concerned, and it cares about communication between Manager and Agent. The internal protocol can implement technical decisions according to specific business needs. It is recommended to use XML / FML and other application protocols. At the network layer, the SNMP protocol adopts UDP considerations: the potential value of the network management system is to obtain network management information that can still be maximized when the network fails, so that when the TCP virtual link cannot be maintained, the UDP datagram that is not connected is still Routing can be automatically selected. In the case where the internal especially the network structure is simple and in good quality, it can be used to select TCP / UDP and other protocols.
Q: How does Agent guarantee security?
A:
The SNMP protocol itself is a weak security protocol, the protocol package does not make encryption (SNMPv1 / V2, V3 adds SSL control), which is easy to intercept the analysis. Simple authentication is provided only by group names contained in SNMP, its role is similar to the value of the group name field in the message in the SNMP proxy, and the message is received and processed when it meets the predetermined value. According to the SNMPv1 protocol, the group name of the read-only operation set by most network products is "public", and the group name default value of the read and write operation is "private", in many cases, network management personnel The value is not modified.
SNMP Agent is very easy to attack. Since SNMP mainly uses UDP transmission, it is easy to perform IP sources, so it is sometimes not enough to prevent only access control lists. Most SNMP devices receive SNMP messages from the network broadcast address. Attackers can even know the IP address of the target device, to achieve the purpose of sending a broadcast SNMP packet. In addition, there are several buffers in the UCD-SNMP tool, formatted string vulnerabilities, and temporary file environment competition conditional vulnerabilities, some of which can get remote overflows and perform any command with the UID of SNMPD. Preventive measures are the latest PATCH on the software to strengthen network monitoring. Four test tool introduction
After the Agent development is over, you can use the tool provided by UCD-SNMP such as snmpget, snmpwalk, etc. to access whether the request is properly processed.
It is recommended to use the MIB Management Tools provided by MG-MIBBROWSER or AdvanceNet to access the Agent and receive alarms. Different tools are small in some details, such as the text encoding type, can better test the compatibility of the Agent.
Five concluded words
In the development of the network management business, SNMP has always been one of the standards. In addition, there are other such as
· TMN
Tina
· TL1
· DMTF
· XML
· RADIUS
Wait a series of network management standards and related technologies.
For SNMP development, in addition to UCD-SNMP / Net-SNMP, there are also a series of mature development platforms such as Agent , WinsNMP, AdventNet, HPopenView, IBM NewView.
As a developer, use a relatively stable open source or commercial tool, which can achieve a low cost high efficiency and reliable demand.
Six accessories and reference materials
l http://www.rotman.utoronto.ca/~huang/snmp.html
Simple network management introduction, suitable for entry reading.
l http://snmp.xiloo.com/
Network Management Forum Home. The best network management forum in China
Essence article:
Use of UCD-SNMP packages
UCD-SNMP Development Guide 1-SNMPAPP.C
UCD-SNMP Development Guide 2-TRAP
UCD-SNMP Development Guide 3-Agent
Experience in the application development of megaphysics
Compilation of Agent under VC
Littlegu's SNMP programming experience
l http://www.pcWorld.com.cn/issue/2003/0302/0208_03.asp
SNMP security hazards and countermeasures
