Simple Network Management Protocol (SNMP)

nullpitNetworking and Communications

Oct 23, 2013 (3 years and 7 months ago)

63 views

14
-
1

Module 14



Simple Network Management Protocol (SNMP)





SNMP is a protocol to monitor and control network attached devices.



SNMP agents that run on the devices can provide status information about the
device upon request, or even send TRAP messages to specific
hosts, when an event
occurs.



SNMP can also be used to manage devices over the network by setting the given
parameter on the device.



SNMP is a client/server protocol.



A SNMP server (or agent) is a piece of software that runs on hosts and keeps one or
more d
atabases of almost live information about the host. These databases are
called Management Information Bases (MIBs).



SNMP client queries SNMP servers for information. This information can be used in
a Network Management System (NMS) to monitor the status of

the device, or can be
used to draw statistics graphs.



Two well
-
known SNMP implementations on FreeBSD are:



bsnmpd: A lightweight SNMP agent available in FreeBSD base system.



Net
-
SNMP: Available in the ports collection. A popular open source SNMP
toolkit.

14.1.

M
anagement Information Base (MIB)




SNMP itself does not define which information (which variables) a managed system
should offer.



Rather, SNMP uses an extensible design, where the available information is defined
by management information bases (MIBs).



MIBs

describe the structure of the management data of a device subsystem; they use
a hierarchical namespace containing object identifiers (OID).

14
-
2



Each OID identifies a variable that can be read or set via SNMP. MIBs use the
notation defined by ASN.1.



The MIB hi
erarchy can be depicted as a tree. The top
-
level MIB OIDs belong to
different standards organizations, while lower
-
level object IDs are allocated by
associated organizations.



This model permits management across all layers of the OSI reference model,
exten
ding into applications.



The figure below shows the top of MIB tree:

Figure 14.1: The top of MIB Tree



The top of the tree consists of standards organizations: iso(
1),ccitt(2),joint
-
iso
-
ccitt(3).



Under the iso(1) node, there is a node called
org(3) for
other organizations.



Under this node is dod(6), for the Departm
ent of Defense.



Under that node is internet(1), a subtree for the Internet community.



So the OID for the Internet tree is 1.3.6.1
.

14
-
3



Under the Interne
t

tree,

we're interested in using SNMP for de
vice management
. As
such,

we will w
ant to take the mgmt(2) branch.



The first node under mgmt(2) is the MIB itself. Since there is only one MIB, the only
node under mgmt(2) is mib
-
2(1).



The
interesting part
of the MIB be
gins at this level in the tree.
We fi
nd the first set of
branches, called object groups, that hold the variables we'll want to query:

system(1), interfaces(2), at(3), ip(4), icmp(5), tcp(6), udp(7), egp(8), cmot(9),
transmission(10), snmp(11).



Let’s say now we want to find the OID for System
Description (sysDescr):



T
he OID for the Internet tree is
.
1.3.6.1, the OID for the system object
group is
.
1.3.6.1.2.1.1, and the OID for the sysDescr object is
.
1.3.6.1.2.1.1.1.



This can be represented in the figure below:


Figure 14.2: Finding the OID
of our desired object.


14
-
4



When we want to actually use this OID in practice, we'll need to tack on another
number to get the value of this variable. We will need to append a .0, representing
the first instance of this object.



As such, when querying for sysDescr from command line using
snmpget
, the query
will look like:

# snmpget hostname community .1.3.6.1.2.1.1.1.0



Most of the time, we need to find the right MIB document for a specific device. For
example, an Extreme switch wi
ll have a different MIB than a Cisco switch.



For device independent settings that could be found on any generic SNMP device, we
will most probably find it in
RFC1213
.

14.2.

bsnmpd




The bsnmpd daemon is a very light
-
weight SNMP daemon that serve only the basic
S
NMP MIBS. The bsnmpd is available in FreeBSD base system, out of the box.



Setting up a basic SNMP server using bsnmpd is easy. Add the following to
/etc/rc.conf
:

bsnmpd_enable="YES"




To manually start the daemon for the first time:

# /etc/rc.d/bsnmpd start




Now bsnmpd(1) is running with the default configuration. We need to customize this
configuration.



The configuration file is located at /etc/snmpd.config. We need to change a few basic
things, such as location and contact fields, and most importantly, the

read and write
to community strings.



In SNMP, the community strings are almost equal to passwords. Anyone who knows
your community string can poll status information from your SNMP server.



There are two types of community string. The first one is read
-
onl
y and the second
one is read
-
write.



The read
-
only community strings are usually used for monitoring.

14
-
5



Whereas the read
-
write community strings can be used to change configuration.
Example, if we detect anomaly, we may want to disable a network interface via
snmpset

using a read
-
write community string.



Following is a sample of snmpd.config file:

location :=

"Datacenter"

contact :=
sysadmin@example.com

system := 1

# FreeBSD

traphost := localhost

trapport := 162

read := "myreadcommunity"

write := "mywritecommunity"



The sample configuration file also contains a module
s section in which it loads
appropriate
modules, if necessary.



One module that is loaded by default is SNMP MIB II module that contains basic
information about the host
.



For more information about the other modules, see documents and MIBs under the
/usr/sh
are/snmp directory.

14.3.

Net
-
SNMP




NET
-
SNMP is a complete suite of open
-
source SNMP tools, including client and
server components, and supports the SNMP v1, v2c, and v3 protocols.



NET
-
SNMP is a fully loaded SNMP toolkit that contains many MIBs and supports
many

protocol extensions, and also includes clients and test tools.



NET
-
SNMP is available in ports tree under the
/usr/ports/net
-
mgmt/net
-
snmp
directory.



After installing the port, you can e
nable the NET
-
SNMP in the
/etc/
rc.conf

file using
appropriate configur
ation variable:

snmpd_enable="YES"




You can then manually start the daemon by issuing the following command:

# /usr/local/etc/rc.d/snmpd start



The NET
-
SNMP configuration is somehow complicated, as compared to bsnmpd.



The configuration consists of a set of
configuration files that can be found under the
/usr/local/share/snmp subdirectory.

14
-
6



The most important configuration file is snmpd.conf, which contains configuration
information for the SNMP server component.



You do not have to edit the configuration files

manually. The
snmpconf

utility can be
used to edit the configuration in a step
-
by
-
step manner.



You need to perform some basic initial setup for your NET
-
SNMP daemon, before
you can actually use it.



These configuration parameters consist of the basic conta
ct and location
information, as well as community names and network access policies.



This can be done using the following command:

# snmpconf

i




The snmpconf

utility then asks you, which component you want to configure and
starts asking you questions abou
t y
our preferred setup parameters.



Once finished, it will automatically install the configuration file in the correct
location, and all you need to do is to start or restart the SNMP daemon.



Client Tools:



The NET
-
SNMP is bundled with several
SNMP client
s a
nd test tools.



Using these utilities, you can perform various SNMP operations from the
command line. The client set consists of the following tools:

Utility Name

Description

snmpget

Queries SNMP server for a specific variable using GET request.

snmpgetnext

Queries SNMP server for a specific variable using GETNEXT request.

snmpset

Sends a SET request to SNMP server to update a specific variable.

snmpwalk

Retrieves a subtree of variables from SNMP server.

snmpbulkget

Queries SNMP server for a
set of variables using GETBULK request.

snmpbulkwalk

Retrieves a subtree of variable from SNMP server using GETBULK request.

snmpdelta

Monitors delta differences in SNMP counter values.

snmpinform

Sends an INFORM
-
PDU to the trap receiver.

snmpnetstat

Displays network status and configuration information of a SNMP server.

snmptest

Communicates with SNMP servers using user specified SNMP requests.

snmpstatus

Retrieves a fixed set of management information from SNMP server.

snmptable

Retrieves an SNMP

table and displays it in tabular format.

14
-
7

snmptranslate

Translates OID names from numeric to text and vice versa.

snmpusm

Manages SNMPv3 users on SNMP servers.

snmpvacm

Manages SNMPv3 View
-
based Access Control on SNMP servers.

snmpdf

Retrieves disk
usage information from SNMP server.

snmptrap

Sends TRAP
-
PDU or TRAP2
-
PDU to trap receiver.




The
snmpget

utility is a handy tool to retrieve SNMP variables from an SNMP agent.

# snmpget

v 1

c public 10.10.1.3 sysName.0


SNMPv2
-
MIB::sysName.0 = STRING: s
erver01.example.org



This example shows retrieveing sysName variable from host 10.10.1.3. This query is
initiaited using SNMP version 1 (
-
v 1
) and a read
-
only community named public is
configured on the SNMP server.



snmpwalk

utility

actually retrieves a com
plete sub
-
tree from the SNMP server. It can
be used to populate a complete set of data from an SNMP
-
enabled host.

# snmpwalk
-
v 1
-
c public 10.10.1.3 IF
-
MIB::ifDescr


I
F
-
MIB::ifDescr.1 = STRING: sis0

IF
-
MIB::ifDescr.2 = STRING: xl0

IF
-
MIB::ifDescr.3 =
STRING: lo0




This example shows how to retrieve th
e ifDescr sub
-
tree from IF
-
MIB.



You

can retrieve the complete SNMP MIB tree from the host, if you do not specify
any SNMP OID in parameters. This will most likely give a huge amount of output, but
it is useful to see what kind of informa
tion you can get from the host.