Network Management and SNMP protocol

Source: Internet
Author: User
Tags snmp

Traditional System Administrators are concerned with many problems, such as installation and configuration, backup and recovery, resource sharing, system security, and performance optimization, which are important aspects of network management today. In addition, the complexity of the network makes the managed objects not centralized, but scattered in the system. Distributed Management requires the network administrator to have a new understanding of system management on the protocol hierarchy of the network, that is, the system management coverage is re-considered from the perspective of the physical layer, link layer, network layer, transport layer and application layer. Combining these aspects and application-oriented (or business-oriented) management capabilities is the main direction of network management software today.

The connotation of network management and the classification of network management software need to be described in another article. This article only briefly introduces the basic elements of network management software and the example of Network Management Protocol-SNMP.

Elements of the network management system

A typical network management system includes four elements: Administrator, management proxy, management information database, and Agent service device. Generally, the first three elements are required, and the fourth element is only optional.

1. Administrator)

One of the important functions of the network management software is to assist the network administrator in managing the entire network. Network management software requires the management agent to regularly collect important device information, and the collected information will be used to determine whether an independent network device, part of the network, or the status of the entire network is normal. The Administrator should regularly query the host running status, configuration, and performance information collected by the management agent.

2. Agent)

The network management agent is a software module residing in network devices. The devices here can be UNIX workstations, network printers, or other network devices. The management agent can obtain information about the running status, features, and System Configurations of local devices. The management agent software is like an information broker of each managed device, which completes the collection information task assigned by the network administrator. The management agent software acts as an intermediary between the management system and the management agent software resident device, and manages the device by controlling the information in the Management Information Database (MIB) of the device. The management agent can convert the commands issued by the network administrator according to the standard network format, collect the required information, and then return the correct response. In some cases, the administrator can set a MIB object to execute certain operations on the system.

Management proxy software for routers, switches, hubs, and many other network devices is generally provided by the original network device manufacturer. It can be a part of the underlying system or an optional upgrade module. The device manufacturer determines which MIB objects can be controlled by their management agent software, and which objects can reflect the problems that the management agent software developers are interested in.

3. Manage the information database (MIB)

The Management Information Database (MIB) defines a data object that can be controlled by the network management system. MiB is an information repository that contains thousands of data objects. a network administrator can control, configure, or monitor network devices by directly controlling these data objects. The network management system can control MIB Data Objects through the network management proxy software. No matter how many MIB of data objects there are, management agents must maintain their consistency, which is also one of the tasks for managing agent software. Several common standard management information databases have been defined, including special objects that must be supported by network devices, therefore, these MIB Support Simple Network Management Protocol (SNMP ). The most widely used and common MIB are MIB-II. To use different network components and technologies, some MIB of other types have been developed, which are recorded in RFC (request for comments.

4. Proxy)

The proxy device acts as a bridge between the standard network administrator software and systems that do not directly support the standard protocol. Using the proxy device, you can transition from the old protocol to the new version without upgrading the entire network.

For the network management system, what is important is the protocol used between the Administrator and the proxy, such as SNMP, And the MIB library they comply. Next, we will introduce them separately.

SNMP protocol Overview

SNMP (Simple Network Management Protocol) is a Simple Network Management Protocol, which provides a framework for the network management system to manage the underlying network. The SNMP protocol is widely used in many types of network devices, software, and systems, mainly because it has the following features:

First, SNMP is easy to implement compared with other types of network management systems or management protocols. SNMP management protocols, MIB, and other related system frameworks can run on different types of devices, from low-end PCs to high-end hosts, servers, routers, switches, and other network devices. An SNMP Management Proxy component does not require a large amount of memory space during runtime, so it does not require too much computing power. The SNMP protocol can be developed quickly in the target system, so it is easy to appear in new products or upgraded old products. Although the SNMP Protocol lacks some advantages of other network management protocols, it is simple in design, flexible in expansion, and easy to use. These features greatly make up for other shortcomings in the SNMP Protocol application.

Secondly, the SNMP protocol is an open free product. Only approved by the IETF standard agenda (IETF is an organization under IAB) Can the SNMP protocol be modified; vendors can also modify the SNMP protocol in private, however, these results are likely to outshine, because they must persuade other vendors and users to support their non-standard improvement on the SNMP protocol, which is contrary to their original intention.

Third, the SNMP protocol has a lot of detailed documents (such as RFC, and other articles and instructions). The network industry also has a deep understanding of this Protocol, these are the foundation for the development and improvement of the SNMP protocol.

Finally, the SNMP protocol can be used to control various devices. For example, non-traditional devices such as telephone systems, environmental control devices, and other devices that can access the network and need to be controlled can use the SNMP protocol.

With these features, SNMP has been considered as the preferred management protocol for network device vendors, application software developers, and end users.

SNMP is a connectionless protocol, which means that it does not support dedicated connections such as telnet or FTP. SNMP transmits information between the management proxy and the Administrator by sending request messages and returning responses. This mechanism reduces the burden on the Management proxy, and does not have to support other protocols and connection-based processing processes. Therefore, the SNMP Protocol provides a unique mechanism to handle reliability and fault detection problems.

In addition, the network management system is usually installed in a relatively large network environment, including a large number of different types of network and network devices. Therefore, in order to divide management responsibilities, the entire network should be divided into several user partitions, which can classify network devices meeting the following conditions into the same SNMP partition: they can provide a line for implementing the security required by a partition. The SNMP protocol supports this security model based on the partition name (community string) information. You can physically add it to each network device in the selected partition. Currently, the partition-based authentication model in SNMP is very insecure and has a serious security problem. The main reason is that the SNMP Protocol does not provide encryption, nor does it guarantee that partition information cannot be directly copied from the network during SNMP packet exchange. Only one data packet capture tool can be used to decrypt the entire SNMP data packet, so that the partition name is exposed. For this reason, most sites are prohibited from managing proxy device settings. However, this method has a side effect. In this way, you can only monitor the values of data objects without modifying them, which limits the availability of the SNMP protocol.

SNMP commands and packets

The SNMP Protocol defines the data packet format and information exchange between the network administrator and the management agent. It also controls the MIB Data Objects of the management agent. Therefore, it can be used to process various tasks defined by the management agent. The SNMP protocol is easy to use because it provides three basic operation commands for controlling MIB objects. They are: Set, get, and trap:

Set: it is a privileged command, because it can be used to modify the configuration of the device or control the running status of the device.

Get: it is the most frequently used command in the SNMP protocol, because it is the basic way to obtain management information from network devices.

Trap: when the network management system has no clear requirements, the management agent notifies the network management system of some special situations or problems.

The SNMP protocol also defines the packet flow when the preceding three commands are executed, but it does not define other device management proxy commands. Only the set and get commands can be used for operations on MIB Data Objects, the two commands target the values of data objects. For example, the SNMP protocol does not define the reboot command. However, the management agent software associates the MIB Data Object with the Internal commands of the device, so that some special command operations can be implemented. If you want to restart a device, the management system will set the value of a restart-related MIB Data Object to 1 (our assumption ). This will trigger the management agent to execute the command to restart the device, and reset the MIB Data Object to the original state.

An SNMP packet consists of three parts: version field, Community field, and SNMP protocol data unit field ), the length of the data packet is not fixed.

Version domain: this domain is used to describe which version of SNMP protocol is used now. Currently, Version 1 is the most widely used SNMP protocol.

Partition: a partition is a basic security mechanism used for identity authentication when an SNMP administrator accesses an SNMP Management proxy. The partition name is the password for managing the proxy. The Administrator is allowed to access the data object on the premise that the network administrator knows the password for the network proxy. If you use the Configuration Management proxy to execute the Trap Command, when the network administrator queries the management proxy with an incorrect partition name, the system sends an autenticationfailure trap message.

Protocol Data Unit domain: There are five types of PDU in SNMPv1, some of which are request and some are response ). These include getrequest, getnextrequest, setrequest, getresponse, and trap. SNMPv2 adds two types of PDU: getbulkrequest and informrequest.

The SNMP administrator uses getrequest to retrieve information from the network device with the SNMP proxy. The SNMP proxy responds to the getrequest message with the getresponse message. There is a lot of information that can be exchanged, such as the system name, the time when the system runs normally after it is started, and the number of network interfaces in the system. Getrequest and getnextrequest can be used together to obtain objects in a table. Getrequest retrieves a specific object, while getnextrequest is the next object in the request table. You can use setrequest to remotely configure parameters in a device. Set-request allows you to set the device name, disable a port, or clear items in an address resolution table. Trap is an SNMP trap. It is a non-request message sent by the SNMP agent to the management site. These messages tell the management site that a specific event has occurred on the device, such as a port failure or power failure. The management site can handle the event accordingly.

MiB Overview

The Management Information Database (MIB) is an information repository that contains data about configuration and performance in the management agent. It has an organizational system and a public structure, it contains multiple data objects belonging to different groups. As shown in.

MIB Data Objects are organized in a tree hierarchy. Each branch in the tree structure has a dedicated name and a digital identifier. Indicates the standard MIB organization system, which lists all contents from the root of the MIB tree to the branches of each layer. The branches of the structure tree actually represent the logical grouping of data objects. Leaf, also called node, sometimes represents various data objects. In the tree structure, use a subtree to indicate the middle branches and the added leaves.

With this tree structure, the MIB browser can access the entire MIB database in a convenient and concise way. The MIB browser is a tool that traverses the entire MIB structure tree and usually displays branches and leaf objects in a graphical form. You can use its digital identifier to find the data object in the MIB. This digital identifier starts from the top (or root) of the structure tree until each leaf node (that is, the data object. This access mode is the same as that of the file system. The main difference between the two is that the path name in the file system can be expressed in absolute or relative mode, while the MIB Data Object can only be expressed in absolute mode, rather than relative mode. For example, in the figure, ISO (1) is at the top of the tree, while sysdescr (1) is at the leaf node. Root (.) cannot be seen now, and all other branches are extended from here. The identifier of the data object is usually represented by a dot. To access the data object sysdescr (1), its complete identifier should be like this: iso.org. DOD. Internet. Mgmt. mib-2.system.sysDescr (This identifier should be read from left to right ). A data object can also be expressed in a shorter format, that is, a numerical identifier instead of a branch name. In this way, the above form of identifier iso.org. DOD. Internet. Mgmt. mib-2.system.sysDescr can also be expressed in 1.3.6.1.2.1.1.1. The two expressions are consistent, indicating the same MIB Data Object. Although Digital identifiers look more concise, it is still a matter of personal preferences to choose the expression format. Fortunately, many MIB browsers can represent data objects in any format of the two, which makes mutual conversion between the two formats very easy.

MIB access method

When defining a MIB Data Object, the access control information determines the operation types that can act on the data object. The SNMP Protocol provides the following MIB Data Object Access methods:

Read-Only)

Read-write)

Not-accessible)

The network management system cannot change the MIB Data Object in read-only mode, but can read the value of the data object through the get or trap command. During the service period of a product, some MIB information will never change. For example, the MIB Data Object sysdescr represents the system description, which contains the vendor information required to manage the agent software. Another reason for determining that some data objects are read-only is to ensure that the performance information and other statistical data are correct and will not be changed due to misoperations.

As a data transmission method, SNMP is combined with the data organization form MIB to provide underlying protection for the network management system. A real network management system can be built on SNMP or other network management protocols, such as CMIP. However, it also needs to be described in another article.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.