Simple Network Management Protocol (SNMP)

Introduction to Simple Network Management Protocol (SNMP)

As a network consultant or network administrator, your work is not completed after you have installed the network and set up the user account and application. Your next role is network management. It is like a battle that never ends.
There are two types of network management problems: software-related problems, such as data security and access permission, and hardware-related problems. Here we will focus on the second type of discussion, that is, some ideas used to deal with software-related management problems by using Simple Network Management Protocol (SNMP, manages network hardware as a whole.

There are many SNMP-related English websites, but there are few Chinese websites. This is the original intention of my humble colleagues to set up this website. Here we will start with the basic principles, introduce what SNMP is, and guide new users to practice it in person. In the near future, I will provide a simple release and source code based on X Windows on Linux and Solaris.

1. What is network management?

There are two types of network management. The first type is the management of network applications, user accounts (such as file usage), and access permissions (licenses. They are all software-related network management issues. We will not discuss it here.

The second type of network management is composed of hardware that makes up the network. This category includes workstations, servers, NICS, routers, bridges, and hubs. Generally, these devices are far away from your location. For this reason, if the network administrator can be notified automatically when a device is faulty, everything will be fine. However, your vro will not notify you by phone when an application problem occurs, and it will not notify you when the router is congested.

To solve this problem, vendors have already set up the network management function in some devices, so that you can remotely ask about their status, they can also give you a warning when a specific type of event occurs. These devices are usually called "smart" devices.

Network management is generally divided into four categories:

Managed node (or device)	That is, the device you want to monitor
Proxy	Special software or firmware used to track the status of managed devices (firmware)
Network management workstation	A central device that communicates with agents on different managed nodes and displays the agent status.
Network Management Protocol	Protocols used by network management workstations and Dali to exchange information.

When designing and constructing a network management infrastructure, you need to remember the following two network management principles:

1. The traffic caused by management information should not significantly increase the network traffic.
2. The Protocol proxy on the managed device should not significantly increase the additional overhead of system processing, so that the main functions of the device are weakened.

2. What is SNMP?

The Simple Network Management Protocol (SNMP) was first proposed by the Internet Engineering Task Organization (IETF) research team to solve the router management problems on the Internet. Many people think that SNMP runs on the IP address because the Internet runs the TCP/IP protocol, but this is not the case.

SNMP is designed to be Protocol Independent, so it can be used on IP, IPX, appletalk, OSI, and other transport protocols used.

SNMP is a series of protocol groups and specifications (see the table below) that provide a way to collect Network Management Information from devices on the network. SNMP also provides a way for devices to report problems and errors to network management workstations.

Name	Description
MiB	Management Information Library
SMI	Structure and identification of Management Information
SNMP	Simple Network Management Protocol

There are two methods to collect data from managed devices: polling-only and interrupt-based.

If you only use the round-robin method, the network management workstation is always under control. The defect of this method lies in the real-time information, especially the real-time error. How often do you Poll and follow the device sequence during round-robin? If the polling interval is too small, too much unnecessary traffic will be generated. If the polling interval is too large and the order is incorrect during the polling, the notifications about some major catastrophic events will be too delayed. This violates the proactive network management purpose.

When an exception occurs, the network management workstation can be notified immediately by means of interruption (assuming that the device has not crashed, there is still an available channel between the managed device and the management workstation ). However, this method is not without its defects. First, system resources are required to generate errors or self-traps. If you have to forward a large amount of information in the trap, the managed device may have to consume more time and system resources to generate the trap, this affects the implementation of its main functions (in violation of the principles of Network Management 2 ).

Moreover, if several self-traps of the same type occur in succession, a large amount of network bandwidth may be occupied by the same information (in violation of network management principle 1 ). Especially if you are stuck with questions about network congestion, things will become very bad. One way to overcome this defect is to set a threshold (threshold) for the managed device ). However, unfortunately, this method may once again violate principle 2 of network management, because the device must consume more time and system resources to determine whether a trap should be generated.

Result: The combination of the above two methods: TRAP-directed polling may be the most effective method for network management. Generally, the network management workstation polls the agent in the managed device to collect data, and displays the data in the console in a digital or graphical representation. This allows the network administrator to analyze and manage devices and network traffic.

The agent in the managed device can report errors to the network management workstation at any time, such as pre-defined threshold out-of-bounds. The agent does not need to wait until the management workstation polls the agent to receive these errors. These errors are known as SNMP traps ).

In this method, you can use a network management workstation to query a device (assuming it is still reachable ), for more information.

3. What is a managed device?

You may have heard a lot about "SNMP manageable devices", "SNMP compatible devices", or "SNMP managed devices. But what exactly are they? How are they different from smart devices?

Simply put, all the above statements mean "a network device that includes the network management proxy ". These also mean that the proxy supports SNMP protocol for information exchange. As mentioned above, a smart device may not need to use or support the SNMP protocol. So what is a proxy?

1. Proxy

An agent is a special software (or firmware) that contains information about a special device and/or the environment in which the device is located. When a proxy is installed on a device, the above devices are listed as "managed ". In other words, a proxy is a database.

The data contained in the database varies with the installed device. For example, on a vro, the proxy will contain information about the route selection table, the total number of received and sent packets, and so on. For a bridge, the database may contain information about the number of forwarding packets and the filtering table.

A proxy is a software or firmware that communicates with the network management console. You can perform the following tasks on the "Link" of the console:

• The network management workstation can obtain information about the device from the agent.
• The network management workstation can modify, add, or delete table items in the proxy. For example, you can select table items for routes in the database maintained by the proxy.
• The network management workstation can set a threshold for a specific self-trap.
• The proxy can send self-traps to the network management workstation.

Remember that the agent in the managed device does not provide information voluntarily unless there is an event when the threshold is exceeded.

In some accidental circumstances, a specific device may be missing system resources, or the device does not support the transport protocol required by the SNMP proxy, but cannot implement an SNMP proxy. Does this mean you cannot monitor this device? This is not the case. In this case, there is no way at all. You can use a proxy agent, which is equivalent to a foreign device ).

The trusted proxy does not run on managed external devices, but on another device. The network management workstation first contacts the trusted proxy and points out (in some way) the consistency between the trusted proxy and external devices. Then the delegate translates the protocol commands it receives into the management protocols supported by any external device. In this case, the trusted proxy is called the application gateway ).

If an external device does not support any management protocols, the delegated agent must use some passive methods to monitor the device. For example, a trusted proxy of a ring bridge can monitor its performance and generate self-traps if it detects any congestion errors reported by the bridge. Fortunately, most Internet devices currently support SNMP management, so you can easily use an SNMP management device, such as a hub, bridge, or router. Some vendors even provide SNMP agents on their NICs.

2. MiB

We usually seldom call a database in a managed device a database. In SNMP terminology, it is often referred to as the Management Information Library (MIB ).

A mib describes the objects or table items contained in the database. Each object or table item has the following four attributes:

• Object Type)
• Syntax)
• Access)
• Status)

These attributes are defined in the management information structure and identity (SMI; RFC 1155/1065) specification of one of the SNMP specifications. SMI is equivalent to the schema for databases for MIB. SMI defines each object "what looks like ".

1. Object Type

This attribute defines the name of a specific object, such as sysuptime. It is just a tag. SMI uses Asn to represent data..1 (Abstract Syntax Notation One ). The object must be "identified ". For the Internet management MiB, the ASN.1 The start of the identifier is as follows:

Internet object identifier: ={Iso org (3) DOD (6) 1}

Or use a simple format:

1.3.6.1

This is from ASN.1. extracted from the document. It defines a tree format for the identifier. The tree is composed of a root and many labeled nodes connected to it. Each node is identified by a non-negative integer value and a text description as concise as possible. Each node may also have sub-nodes that are also marked.

When describing an object identifier (Object indentifier), you can use several formats. The simplest format is to list the integers found by traversing the tree from the root to the discussed object. Starting from the root level, there are three nodes ():

• CCITT (0)
• ISO (1)
• Joint-iso-CCITT (2)

Each "branch" is managed by the management organization shown in the tag.

2. Syntax

This attribute specifies the data type, such as integer, 8-Bit String number (string; range: 0 to 255), object identifier (pre-defined data type alias), or null. Null is the reserved space.

3. Access

Access indicates the access level of the specified object. Valid values include read-only, read-write, write-only, and unaccessable.

4. Status

Status defines the implementation needs of this object: required (the object must be implemented by the managed node); optional (the managed object may implement this object ); or obsolete (the managed device does not need to implement this object ).

　

3. Simple Network Management Protocol

The Simple Network Management Protocol allows the network management workstation software to communicate with the agent in the managed device. Such communication can include inquiry messages from the management workstation, response messages from the proxy, or self-trapped messages from the proxy to the management workstation.

To minimize the traffic caused by network management (network management principle 1), SNMP uses an asynchronous Client/Server method. This means that an SNMP entity (management workstation or managed device) does not need to wait for a response after a message is sent; however, the response will be generated in addition to self-contained situations. If needed, the entity can send another message, or continue its pre-defined function. SNMPv1 is easy to implement and does not occupy much resources. It only has five request/response primitives:

• Get-Request
• Set-Request
• Get-next-Request
• Get-reponse
• Trap

The network management workstation can extract the variable values of interest to its application, as long as the get-request or get-next-request message is sent. The former is the read operation of the specified object, and the latter provides a tree traversal operator to determine which objects a proxy process supports. The network management workstation can modify the variable values in the Agent process by sending a set-request message.

If no error occurs, the proxy process can use the get-reponse primitive to answer these requests. In addition, the trap primitive allows the proxy process to send an alarm to the network management workstation asynchronously to tell it that an event meets The Preset conditions.

The experience in implementation and the continuous improvement in the design process bring the Protocol improvement suggestions to SNMPv2, that is, add a block read Operation Get-bulk-Request Message to the network management workstation. You can call a request primitive to extract a large amount of data (such as reading the content of a table) to improve efficiency. SNMPv2 also introduces communication between management processes and management processes for status reporting. Therefore, an inform-request primitive is added and get-response is simplified to a more reasonable name, reponse. The trap packet has been changed to SNMPv2-trap and has the same format as all protocol packets.

4. Cleverly and effectively manage your network

The two methods of network management are pro-active and re-active. Most of the time, we always have to respond to an event, but this is not an effective network management.

In a proactive manner, all your existing resources are fully used. If you have a smart hub, find it. Almost all existing routers support SNMP at least at the MIB-I level. If you are not sure, please contact the vendor.

When managing a network, you need to be clear about the first thing you need to know when the network goes wrong. But how do you identify problems with the network? For humans, you will look for the following symptoms and you will check the mild pulse of the body. Symptoms on your network can also be monitored, such as changes in bandwidth usage over time, CPU utilization on servers and routers, and errors that often occur on the network cable (you always have the following errors ). Please use the network management workstation to track these statistics for a period of time. It is better to say two weeks and calculate the average value at different times of the day. This will be your baseline ).

A baseline is a series of numbers that reflect a "healthy" network. For humans, a "normal and healthy" body temperature is 37 degrees. This is the baseline for distinguishing whether a person has a fever. You also need a baseline to determine whether your network is faulty. You can have an early warning system by monitoring network threshold settings in managed devices and looking for symptoms of failures.