This is the first of a series of three articles where the SNMP protocol, as a key element of the monitoring management activity, will be introduced from I hope was a basic but accurate, practical perspective.
This article deals with the protocol itself and set up the base camp from where to reach a higher placement by means of the second article (The data), as previous stage to try getting the summit following the route described in the last one (The tools).
Hope you enjoy the trip.
DISCLAIMER: Far for being an extremely accurate text, this article tries to be mainly didactic in order to introduce SNMP protocol from a monitoring system point of view, so inaccurate naming references might be found when comparing it with RFC1157.
Describing the scene
What do four different devices as a blade server, a UPS, a network switch and a humidity sensor share? Among other things:
- They need to be managed, considering managing as the fact of submitting actions and/or getting data and events from/to the device: getting the blade CPU temperature, setting the UPS in test mode, getting the switch port bandwidth or getting an event when a given humidity threshold is reached.
- All four can be attached to a data network.
Conjugate both points and you get 'they can be remotely managed', and having in mind the challenging human nature, you don't choose wrong if imagine tens of methods (protocols, toolsets) to do it, most of them private, closed, hardware manufacturer solutions.
Apply now a pinch of the action-reaction law to imagine a group of guys called Internet Engineering Tasking Force (IETF) defining an open, public standard to manage all kind of devices and SNMP, the Simple Network Management Protocol, is born.
Seriously...
SNMP is a IETF udp-based network protocol to manage network attached devices, formally managed devices, from remote network management systems (NMS). The managed device software component supporting the protocol, formally called agent, is public through UDP port 161 and allows NMSs:
- Setting data to managed devices.
- Getting data from managed devices.
- Receiving events from managed devices.
First and second actions can be considered, respectively, as a NMS-side alteration or inspection of an agent-side stored value called object. Each agent object has an unique identifier, or OID (Object Id), a data type and a value.
Since SNMP defines alteration and inspection -formally SetRequest and GetRequest- operations, security issues need to be defined to restrict who (ie, what NMSs) can perform each operation. In this line, protocol divides Managed Device information into two groups: public and private. Public information is considered read-only whereas private information can be read and written.
Analogously protocol groups NMSs into two named communities: NMSs belonging to the public community can access to public information whereas NMSs belonging to private community can access all data.
Finally protocol gives agents the possibility of, under certain events triggered on the managed device side, sending to centain NMSs what is formally called trap: a datagram sent to UDP port 162 containing information about the event (unique identifier, timestamp, interesting event information). Opposed to SetRequest and GetRequest operations, traps are generated from the agent without the need of a previous NMS request.
Analogously protocol groups NMSs into two named communities: NMSs belonging to the public community can access to public information whereas NMSs belonging to private community can access all data.
Finally protocol gives agents the possibility of, under certain events triggered on the managed device side, sending to centain NMSs what is formally called trap: a datagram sent to UDP port 162 containing information about the event (unique identifier, timestamp, interesting event information). Opposed to SetRequest and GetRequest operations, traps are generated from the agent without the need of a previous NMS request.
Versions
Three different SNMP agent implementations can be found: version 1, version 2c and version 3. Instead of replacing it, each version complements previous versions adding new functionalities. Though IETF recommends the adoption of v3 instead previous versions, both three version based agents are usually found.
Among others, version 2 introduces the ability of performing bulk GetRequests, ie, one single inspection operation retrieving info from more than one object. Instead of returning an error if one of the requested objects cannot be recovered, the rest of objects are sent to the NMS and no error is generated.
Version 3 strenghts protocol security issues in terms of:
- Integrity, to ensure that data flowing from side to side are not modified by a third party.
- Authentication, to ensure that the data source is who must be.
- Encryption, to ensure that data is not accesible to a third party.
- Access control, to restrict what Managed Device data -in terms of getting, setting or receiving traps- can be accesed by each NMS.
The combination of some of these mechanism define three available security levels:
- noAuthNoPriv: Source authentication is based on a matching username, no encription method is used.
- authNoPriv: Source authentication is based on MD5 or SHA protocol using a shared passphrase. No encryption method is used.
- authPriv: Similar to authNoPriv but encription method, based on DES-56 and a shared passphrase is used.
In order to restrict the access to the information, v3 based agents manage users (NMSs) into groups and assign each group read/write permissions on areas of the information structure. Finally, version 3 gives NMSs the possibility of managing -ie adding to, moving and deleting- information objects stored in the information structure of the managed device. How this information is organized is covered on the second article of this series: SNMP for dummies (The Data).
Summarizing
- SNMP, the Simple Network Management Protocol is used to manage heterogeneous devices attached to a network.
- These managed devices build an embedded agent that supports protocol and allow Network Management Systems (NMS) interact with them.
- NMSs can get and set information on managed devices as well as getting traps when certain events occur.
- Three SNMP version agents can be found: v1, v2c and v3. Each version introduces improvements while keeping compatibility with previous.
- SNMP v2c adds bulk capabilities: getting a set of values within a single GetRequest operation.
- SNMP v3 adds peer authentication and content integrity and encryption capabilities, per user based information access and remote information management capabilites.
Interesting links
- SNMP for Dummies: The Data
- IETF - Internet Engineering Tasking Force
- RFC1157 - A Simple Network Management Protocol (SNMP)
- Comparison of SNMP versions 1, 2 and 3.
Last but not least...
If you found this article useful, please leave your comments and support the site by clicking in some (or even in all!) of the interesting advertisements of our sponsors. Thanks in advance!
Tweet |
|
super article. I would say people read this: http://www.eogogics.com/talkgogics/tutorials/SNMP before reading this to get a complete picture.
ReplyDeleteThanks Thirumal, both link and feedback are welcome
Deleteand the traps???
ReplyDeleteLiterally: "Finally protocol gives agents the possibility of, under certain events triggered on the managed device side, sending to centain NMSs what is formally called trap: a datagram sent to UDP port 162 containing information about the event (unique identifier, timestamp, interesting event information). Opposed to SetRequest and GetRequest operations, traps are generated from the agent without the need of a previous NMS request."
Delete