SNMP protocol introduction...

SNMP protocol Overview
SNMP (Simple Network Management Protocol) is a Simple Network Management Protocol, which provides a framework for the network management system to manage the underlying network. The SNMP protocol is widely used in many types of network devices, software, and systems, mainly because it has the following features:
First, SNMP is easy to implement compared with other types of network management systems or management protocols. SNMP management protocols, MIB, and other related system frameworks can run on different types of devices, from low-end PCs to high-end hosts, servers, routers, switches, and other network devices. An SNMP Management Proxy component does not require a large amount of memory space during runtime, so it does not require too much computing power. The SNMP protocol can be developed quickly in the target system, so it is easy to appear in new products or upgraded old products. Although the SNMP Protocol lacks some advantages of other network management protocols, it is simple in design, flexible in expansion, and easy to use. These features greatly make up for other shortcomings in the SNMP Protocol application.

Secondly, the SNMP protocol is an open free product. Only approved by the IETF standard agenda (IETF is an organization under IAB) Can the SNMP protocol be modified; vendors can also modify the SNMP protocol in private, however, these results are likely to outshine, because they must persuade other vendors and users to support their non-standard improvement on the SNMP protocol, which is contrary to their original intention.

Third, the SNMP protocol has a lot of detailed documents (such as RFC, and other articles and instructions). The network industry also has a deep understanding of this Protocol, these are the foundation for the development and improvement of the SNMP protocol.

Finally, the SNMP protocol can be used to control various devices. For example, non-traditional devices such as telephone systems, environmental control devices, and other devices that can access the network and need to be controlled can use the SNMP protocol.

With these features, SNMP has been considered as the preferred management protocol for network device vendors, application software developers, and end users.
SNMP is a connectionless protocol, which means that it does not support dedicated connections such as telnet or FTP. SNMP transmits information between the management proxy and the Administrator by sending request messages and returning responses. This mechanism reduces the burden on the Management proxy, and does not have to support other protocols and connection-based processing processes. Therefore, the SNMP Protocol provides a unique mechanism to handle reliability and fault detection problems.
In addition, the network management system is usually installed in a relatively large network environment, including a large number of different types of network and network devices. Therefore, in order to divide management responsibilities, the entire network should be divided into several user partitions, which can classify network devices meeting the following conditions into the same SNMP partition: they can provide a line for implementing the security required by a partition. The SNMP protocol supports this security model based on the partition name (community string) information. You can physically add it to each network device in the selected partition. Currently, the partition-based authentication model in SNMP is very insecure and has a serious security problem. The main reason is that the SNMP Protocol does not provide encryption, nor does it guarantee that partition information cannot be directly copied from the network during SNMP packet exchange. Only one data packet capture tool can be used to decrypt the entire SNMP data packet, so that the partition name is exposed. For this reason, most sites are prohibited from managing proxy device settings. However, this method has a side effect. In this way, you can only monitor the values of data objects without modifying them, which limits the availability of the SNMP protocol.

SNMP commands and packets
The SNMP Protocol defines the data packet format and information exchange between the network administrator and the management agent. It also controls the MIB Data Objects of the management agent. Therefore, it can be used to process various tasks defined by the management agent. The SNMP protocol is easy to use because it provides three basic operation commands for controlling MIB objects. They are: Set, get, and trap:
Set: it is a privileged command, because it can be used to modify the configuration of the device or control the running status of the device.

Get: it is the most frequently used command in the SNMP protocol, because it is the basic way to obtain management information from network devices.

Trap: when the network management system has no clear requirements, the management agent notifies the network management system of some special situations or problems.

The SNMP protocol also defines the packet flow when the preceding three commands are executed, but it does not define other device management proxy commands. Only the set and get commands can be used for operations on MIB Data Objects, the two commands target the values of data objects. For example, the SNMP protocol does not define the reboot command. However, the management agent software associates the MIB Data Object with the Internal commands of the device, so that some special command operations can be implemented. If you want to restart a device, the management system will set the value of a restart-related MIB Data Object to 1 (our assumption ). This will trigger the management agent to execute the command to restart the device, and reset the MIB Data Object to the original state.
An SNMP packet consists of three parts: version field, Community field, and SNMP protocol data unit field ), the length of the data packet is not fixed.
Version domain: this domain is used to describe which version of SNMP protocol is used now. Currently, Version 1 is the most widely used SNMP protocol.

Partition: a partition is a basic security mechanism used for identity authentication when an SNMP administrator accesses an SNMP Management proxy. The partition name is the password for managing the proxy. The Administrator is allowed to access the data object on the premise that the network administrator knows the password for the network proxy. If you use the Configuration Management proxy to execute the Trap Command, when the network administrator queries the management proxy with an incorrect partition name, the system sends an autenticationfailure trap message.

Protocol Data Unit domain: There are five types of PDU in SNMPv1, some of which are request and some are response ). These include getrequest, getnextrequest, setrequest, getresponse, and trap. SNMPv2 adds two types of PDU: getbulkrequest and informrequest.


The SNMP administrator uses getrequest to retrieve information from the network device with the SNMP proxy. The SNMP proxy responds to the getrequest message with the getresponse message. There is a lot of information that can be exchanged, such as the system name, the time when the system runs normally after it is started, and the number of network interfaces in the system. Getrequest and getnextrequest can be used together to obtain objects in a table. Getrequest retrieves a specific object, while getnextrequest is the next object in the request table. You can use setrequest to remotely configure parameters in a device. Set-request allows you to set the device name, disable a port, or clear items in an address resolution table. Trap is an SNMP trap. It is a non-request message sent by the SNMP agent to the management site. These messages tell the management site that a specific event has occurred on the device, such as a port failure or power failure. The management site can handle the event accordingly.

MiB Overview
The Management Information Database (MIB) is an information repository that contains data about configuration and performance in the management agent. It has an organizational system and a public structure, it contains multiple data objects belonging to different groups. As shown in.


MIB Data Objects are organized in a tree hierarchy. Each branch in the tree structure has a dedicated name and a digital identifier. Indicates the standard MIB organization system, which lists all contents from the root of the MIB tree to the branches of each layer. The branches of the structure tree actually represent the logical grouping of data objects. Leaf, also called node, sometimes represents various data objects. In the tree structure, use a subtree to indicate the middle branches and the added leaves.
With this tree structure, the MIB browser can access the entire MIB database in a convenient and concise way. The MIB browser is a tool that traverses the entire MIB structure tree and usually displays branches and leaf objects in a graphical form. You can use its digital identifier to find the data object in the MIB. This digital identifier starts from the top (or root) of the structure tree until each leaf node (that is, the data object. This access mode is the same as that of the file system. The main difference between the two is that the path name in the file system can be expressed in absolute or relative mode, while the MIB Data Object can only be expressed in absolute mode, rather than relative mode. For example, in the figure, ISO (1) is at the top of the tree, while sysdescr (1) is at the leaf node. Root (.) cannot be seen now, and all other branches are extended from here. The identifier of the data object is usually represented by a dot. To access the data object sysdescr (1), its complete identifier should be like this: iso.org. DOD. Internet. Mgmt. mib-2.system.sysDescr (This identifier should be read from left to right ). A data object can also be expressed in a shorter format, that is, a numerical identifier instead of a branch name. In this way, the above form of identifier iso.org. DOD. Internet. Mgmt. mib-2.system.sysDescr can also be expressed in 1.3.6.1.2.1.1.1. The two expressions are consistent, indicating the same MIB Data Object. Although Digital identifiers look more concise, it is still a matter of personal preferences to choose the expression format. Fortunately, many MIB browsers can represent data objects in any format of the two, which makes mutual conversion between the two formats very easy.

MIB access method
When defining a MIB Data Object, the access control information determines the operation types that can act on the data object. The SNMP Protocol provides the following MIB Data Object Access methods:
Read-Only)

Read-write)

Not-accessible)

The network management system cannot change the MIB Data Object in read-only mode, but can read the value of the data object through the get or trap command. During the service period of a product, some MIB information will never change. For example, the MIB Data Object sysdescr represents the system description, which contains the vendor information required to manage the agent software. Another reason for determining that some data objects are read-only is to ensure that the performance information and other statistical data are correct and will not be changed due to misoperations.

As a data transmission method, SNMP is combined with the data organization form MIB to provide underlying protection for the network management system. A real network management system can be built on SNMP or other network management protocols, such as CMIP. However, it also needs to be described in another article.