In large network management, the headache for network administrators is how to know the running status of network devices that are not around in real time. To view the running status of network devices on one machine, it is obviously not very realistic. Here I will introduce you to a method that uses the SNMP protocol to automatically help administrators collect network running conditions. In this way, the network administrator only needs to sit on his own location to understand the operating status of the company's network devices.
The Chinese name of SNMP is Simple Network Management Protocol, which is an application layer protocol. With this Simple Network Management Protocol, the network administrator can easily exchange management information between the SNMP proxy and the Manager. Its main role is to help enterprise network managers better understand network performance, discover and solve network problems, and plan the future development of the network.
It is also relatively easy for network administrators to deploy SNMP applications. The following is a simple example of how to use the SNMP protocol in an enterprise network to help the network administrator understand the network running status in real time.
For example, the network administrator wants to know the running status of the vro in real time on his computer, provided that he does not leave his position. What should I do now?
I. Basic Components of SNMP applications.
Before explaining this solution, I would like to talk about the basic components of the SNMP application, which will help you understand the subsequent configuration. Generally, SNMP applications are composed of network management systems, SNMP proxies, and managed devices.
An SNMP agent is a network management software that resides on a network device. This function is to convert local management information, such as log information, from a network device to an SNMP-compatible format. Send this information to the SNMP Management System at intervals. The main function is to convert the log files in routers and other network devices. This allows the SNMP Management System to read data.
Managed devices are the network devices we need to manage. These devices often contain SNMP proxies. These SNMP agents actively collect and store management information and provide the information to the network management system through SNMP. Most manufacturers' network devices, such as Cisco routers and switches, now have the SNMP proxy function. For this reason, in the SNMP application solution, these network devices or servers with SNMP proxies are called managed devices.
The Network Management System communicates with the SNMP agent on the managed device to collect information, collect statistics, and issue alarms. In practice, the network management system is usually installed on the host of the network administrator. This allows him to collect the running information of various network devices without leaving his location.
Ii. Main commands of the SNMP application.
SNMP has few commands, but all of them are more practical.
The first command is the READ command. That is, the network administrator can run the Read command on the network management system to view the running status of the managed device. If the Administrator finds that a router device is abnormal, the previously configured Access Control List does not work. In this case, you can use the Read command in the network management system of your computer to understand the current running status of the vro to find out where the problem has occurred.
The second command is the WRITE command. For example, the network administrator reads the command to find that the access control list of the vro is invalid. In this case, the network administrator can issue a command to the router through the network management system on the host to re-enable the access control list. That is to say, writing commands is mainly to send operation commands to vrouters and other managed devices.
The preceding two commands are sent from the network administrator. That is, the initiative is on the Administrator's side.
The third command is the Trap command. That is to say, the network administrator first sets some metrics in the vrouters and other managed devices, such as CPU utilization. When this indicator is exceeded, the SNMP proxy on the vro and other managed devices will send this information to the network management system. Administrators can learn this information through the network management system, so that they can take countermeasures as soon as possible. If described in a professional language, the Trap command is used to send event reports to the SNMP manager ibab.
The fourth command is the notification (Inform) command. Similar to the trap command, this command is mainly used for SNMP event notification. However, it is very different from the trap command, that is, the trap command is unreliable, and the Inform command is reliable. That is to say, after a Trap Command sends a message, even if it is completed, it will not be concerned about whether the network management system actually receives this information. After the Inform Command sends a message, it will wait for the response from the network administrator. If the SNMP agent does not receive the confirmation message, the Inform message will be sent after a period of time. Therefore, from this perspective, the Inform command is more reliable.
The third and fourth commands automatically report exceptions to the network administrator when a vro or other managed device has an exception. In this case, the Network Administrator does not have to stare at the network management system every day. In case of exceptions, a vro or other managed devices will automatically report an alarm to the network administrator. Thus, the Network Administrator does not miss any alarm and takes time to handle the problem.
Iii. Notes for SNMP reference.
When using the SNMP solution to collect the running information of managed devices, pay attention to security vulnerabilities. Attackers can use the SNMP protocol to understand the configurations of managed devices and the internal network topology. You can even change the configurations of network devices to meet their needs for further intrusion. In addition, attackers can also access the management information library through some auxiliary tools of SNMP, such as SNMP discovery tools or capture SNMP Packets, to grasp the basic information required for the next attack.
Therefore, network administrators also need to pay attention to the possible security vulnerabilities when enjoying the convenience of SNMP. For this security problem, I have the following suggestions.
First, use SNMPv2 to replace SNMPv1. Currently, the Simple Network Management Protocol (SNMP) has two versions. The first version has poor security, such as transmitting data in plain text. If data is transmitted in plain text on the network, illegal attackers can use some hacking tools to easily capture SNMP Packets and collect some available information. In the second version, the Network Management Protocol has been improved. The most important change is to convert plaintext transmission to ciphertext transmission. In this way, illegal attacks become meaningless if you want to illegally obtain SNMP packets through network listening and other means. Because they get the message in time, the content of the message is encrypted and cannot be read. All the incoming SNMP Packets are useless. In addition, the second version of the Simple Network Management Protocol also enhances some operational content, such as improving the Inform command operation methods. Therefore, no matter in terms of security or management, the Simple Network Management Protocol of the second version is much better than that of the first version. Therefore, it is recommended that the network administrator use the second version when conditions are met.
The second is to use an independent authentication mechanism for identity authentication. Because the SNMP protocol does not have the identity authentication capability, it exposes a serious vulnerability in the face of security threats. Therefore, an unauthorized entity can operate on the identity of an authorized entity. For example, unauthorized users may try to change the SNMP Packets generated by authorized administrator users. If an unauthorized user records, delays, or copies and replays the heat preservation generated by the authorized user, the message sequence and time are modified. Therefore, if the SNMP protocol is not configured with an authentication mechanism, the security of the enterprise network is a great challenge. I believe that management convenience and security are equally important at any time.
Third, select a proper access mode. As we all know, Cisco routers provide two access modes: user-level mode and privileged-level mode. The user mode allows you to view some basic information about a vro without changing its configuration. When using the Simple Network Management Protocol to collect and manage vrouters, you can also select the access mode. The SNMP proxy on the vro allows you to configure different strings in the non-user access mode and the privileged access mode to control the access mode. For example, if you want the SNMP proxy to access the vro in privileged mode, you can add the RW option after the command. If you want to access the vro in user mode, you can add the RO parameter. In general, we recommend that you use the user mode for access. The privileged mode is used only when tasks cannot be completed in user mode. This access mode can greatly improve the security factor of the SNMP solution.
- Application Analysis of SNMP in Data Network Monitoring
- SNMP management framework and its implementation on Cisco Routers