Management Information, SNMP, OID's, MIB's - TOPIC 2
GetNextRequest(ipRouteDest, ipRouteMetric1, ipRouteNextHop)
(ipRouteDest.9.1.2.3 = 9.1.2.3), (ipRouteMetric1.9.1.2.3 = 3), (ipRouteNextHop.9.1.2.3 = 99.0.0.3))
GetNextRequest(ipRouteMetric1.9.1.2.3, ipRouteNextHop.9.1.2.3)
(ipRouteMetric10.0.0.51 = 5), (ipRouteNextHop.10.0.0.51 = 89.1.1.42)
What parameters does a get response include?
- Identifier of the request - Error status; successful or not - Error Index; noError, tooBig, noSuchName, badValue etc. - List of Variable bindings defined by the request.; OID and value.
How can Syslog messages be used by a Network Manager, and where are they stored by default?
/var/log/syslog - linux for windows you need to download a syslog server application and set a location to store files Syslog messages are useful for - troubleshooting, debugging, intrusion detection etc
What are characteristics of - Requests for configuration information - logical and physical configuration of device
1. changes rarely 2. changes are made by management application 3. information can be cached 4. Only accesses when - app first takes ownership info known to have changed precaution to provisioned services
Requests for Operational Data and state Information
1. frequent changes 2. required for monitoring not accurately cached 3. device viewing 4. troubleshooting
How many types of managed information are there?
4
what is a netconf datastore?
A Netconf datastore is where config operations are held on a device (config file)
1. Briefly define the following SNMP components: a. Managed device
A managed device is a network node that implements an SNMP interface that allows unidirectional (read-only) or bidirectional (read and write) access to node-specific information.
c. Network Management System.
A network management station (NMS) executes applications that monitor and control managed devices.
Implementation of the system group is mandatory for all systems. If an agent is not configured to have a value for any of the variables what is returned?
A string the length of 0 is returned
All SNMP PDU includes a variable binding. What is a variable binding and how will a Get variable binding vary from Set and Trap?
A variable binding consists of both an OID and value. If it is a get request the value is NULL If it is a SET or Trap it is the value the manager wishes to send.
What are the ACCESS and STATUS defined for the tcpconnentry object, and what do they refer to? ACCESS is not-accessible STATUS is mandatory
ACCESS is not-accessible, defines the minimum level of support required for the object, means in this case it cannot be accessed. STATUS is mandatory defines the implementation support required for this object - in this case it must be supported.
Does a manager or agent send a get response?
Agent The agent sends a get response in reply to a request.
What is a trap?
Agent sends information to bring to the attention of a manager
What are the 5 event types
Alarms Configuration change Threshold - crossing alert Logging Information
b. Agent
An agent is a network-management software module that resides on a managed device.
What are traps triggered by?
An event
Can you think of a MIB object for which it would make sense to define a maximum access of write only?
An example is security-sensitive information such as a password.
What is SNMPv3
Basically SNMPv2 + security.
Although SNMP can be used configure an interface or other device settings what other protocols may be more appropriate.
CLI or Netconf are designed for this purpose.
Multiple Threshold Crossing Events may be generated when a monitored variable is oscillating around the threshold value causing a large number of events to be sent. How can this be overcome?
Can be avoided by ensuring the that the TCA is only cleared when the variable drops below a 2nd lower threshold (hysteresis threshold).
Bulk Requests and Incremental Operations
Can make repeated requests for the same or different information (incremental) or bulk requests for info that meets criteria
What are the drawbacks of the manager periodically polling the agent to obtain historical information?
Creates load on device, manager and network. polling intervals may vary due to loss of connection.
Do traps have priorities set to them?
Critical, Major, Minor, Warning, Marginal, Informational, Normal, Unknown
What type of encryption does SNMPv3 use?
DES (Data encryption standard)
What is Netconf?
Designed to manage configuration of network devices
What are the limitations of SNMP?
Does not allow command of agent by SET operation SNMP does not support query based on object values or types SNMP does not support manager to manager com
What security is added to SNMPv3?
Encryption of management messages - Authentication of senders
Who sends the queries
Generally: Manager sends queries and agent responds - Exception: Traps are initiated by agent.
Which SNMPv2 command can perform the same operation more efficiently? Briefly explain how the command works.
Get bulk The GETBULK operation merely requests a number of GETNEXT responses to be returned in a single packet rather than having to issue multiple GETNEXTs to retrieve all the data that is needed.
Which SNMPv1 command is used to retrieve the contents of a table in a MIB when you do not know what data it may contain. Explain how the command works.
Get next Targets a object you do know in the MIB tree and then returns all subsequent objects
Which SNMP message is used to retrieve an object from an agent's MIB and what message would you expect in reply?
Get request you should recieve a get response with OID and value, if all fields are not filled then no values returned
Which SNMPv2 command could be used to retrieve the same data if the table entries were initially unknown?
Get-Bulk (0, ipRouteDest, ipRouteMetric1, ipRouteNextHop)
What does the ICMP OID contain?
ICMP errors and discards
What is included in logical information
IP address Phone Number Logical Interfaces
What does the IP OID contain?
IP routing etc
What does a MIB module specify?
Information on communication interfaces info on routing protocol info on supported services, voice etc Each module contains objects relating to that module, creating a conceptual tree.
What does the interfaces OID contain?
Interfaces group monitors up/down Octets sent and received Errors and discards
In what ways does a MIB differ from a database management system?
It is an abstracted view of an "active" real-world system, not a set of information that is actually stored somewhere in a file system
What is a MIB schema?
It is how management information is presented in a MIB.
What is meant by 'walking a MIB'. What SNMP command would be used to achieve this?
It is the method used to obtain entries within a MIB. Usually used to obtain all objects in a container, tree, or the whole MIB. get-next
how does a get next request end
It keeps doing this until the agent returns an error, signifying that the end of the MIB has been reached and there are no more objects left to get.
define trap events
Link down cold start - restart warm start link up SNMP auth failure
Why does it use UDP?
Low overhead 161 for sending 162 for receiving
What are MIB definitions usually specified as?
MIB modules
d. MIB
MIB stands for Management Information Base and is a collection of information organized hierarchically.
What does the acronym MIB stand for?
Management Information Base
What are the two types of management interactions?
Manager Initiated - Request - Response Agent Initiated - Events
Are MIB's exclusive to SNMP?
No, they could be represented as a CVS in a spreadsheet or HTML.
If one value cant be provided?
Nothing returned
In SMI what is the difference between an OID designating and object type and an OID designating an object instance?
Object type OID is globally unique to that one singular object Object instance OID is unique only within the MIB it is contained.
Where do you configure trap destinations?
On agents
Identify the 5 fields of an SNMPv2 Get PDU.
PDU Type, Request ID, Error status, Error ID, Variable Bindings (the variable bindings may consist of multiple variable object fields).
Identify the 5 fields of an SNMPv2 Get-Bulk PDU.
PDU Type, Request ID, non-repeaters, max repititions, Variable Bindings (the variable bindings may consist of multiple variable object fields).
What is included in historical information?
Packet counts every 15 mins Event logs Firewall connection attempts
When a management application receives a trap what are the 3 ways it can be handled?
Poll agent for more info log the receipt of trap completely ignore trap
Explain the difference between polling-based and event based management in the exchange of information between manager and agent.
Polling involves the manager interrogating the agent event based involves the agent sending unsolicited messages to the manager.
Decode the following syslog message: <34>1 2013-06-11T13:14:15.003Z rossi.yamaha.com su - ID46 - BOM'su root' failed for lonvick on /dev/pts/8 Identify the source, process, priority and other fields.
Priority is 34, timesstamp "003-10-11 etc", Source machine, process id, message content.
What is PDU?
Protocol Data Unit (PDU) is the message format that managers and agents use to exchange information.
What does the Address Translation OID contain?
Provided for backward capabilty, probably dropped in MIB-III
What is included in state (system) information?
Reboot time Current alarm condition Packet connection counts CPU load, memory etc
What language does SNMP require the information in a MIB to have?
SMI - Structure management information
What do the SNMP manager and an SNMP agent communicate using
SNMP protocol
SNMP v2 additional PDUs
SNMPv2 added the additional PDUs: • get-bulk • notification • inform • report
What is the definition of get next request
Same as for the get request BUT instead of specifying the objects required, it specifies the object before the one it requires in the MIB tree.
What do you call the capability to apply the same management operation to multiple managed objects simultaneously, using only one management request?
Scoping
Which type of devices create Syslog messages?
Servers and network devices
Historical Information
Snapshots of management information, typically performance data, used to analyse behaviour over time. Can be achieved by repeated polling Can be collected at the device e.g direct information into a local file - Local file can then be retrieved say once a day.
What is the advantage of using snmp inform messages in the context of snmp being delivered via UDP rather than TCP?
Snmp inform requires that messages are acknowledged. UDP is an unreliable delivery mechanism with no guarantee that messages or traps are delivered. Inform will enable a manager or agent to guarantee delivery
Name the 4 types of managed information
State Information Physical Configuration information Logical Configuration information Historical information
The following is a typical syslog message: 20:14:26: %SYS-5-MOD_OK:Module 1 is online What does the %SYS-5-MOD_OK part tell us?
System time severity Device Message
What does the TCP OID contain?
TCP connection state Closed listen synsent
Name two of the different paradigms that can underlie a MIB definition language.
Table orientation and object orientation.
What is a get-bulk request?
The GETBULK operation merely requests a number of GETNEXT responses to be returned in a single packet rather than having to issue multiple GETNEXTs to retrieve all the data that is needed.
What is a community string?
The community names, or community strings are essentially passwords.
What is the parametre binding of a get request?
The parameter binding is the OID and a null value (because of cause the value is not yet known)
What is the SET operation used for?
The set command is used to change the value of a managed object or to create a new row in a table.
What is a get next request good for?
This means we just need to identify the starting point of objects in a tree or sub-tree and then we can obtain all subsequent object
What information comes in manager initiated?
Transactional Configuration Opertional data Historical known as *Get Requests*
What are traps?
Traps are messages that asynchronously sent by an agent to a manager
What is included in physical information?
Type Cards Ports MAC Address Serial Numbers
Does SNMP use TCP or UDP between management and agents?
UDP
What is a get request?
Used by a manager to retrieve MIB objects from an agent
How do PDU operations refer to objects within the MIB?
Using OIDs to find relevant object
In what circumstance would you generally use a Get-next command rather than a series of Get commands?
Where a manager doesn't know what objects are in a MIB, or to retrieve the contents of a table.
What is trap throttling?
You can limit the number of traps sent per second from the agent.
What SNMP command could you use to configure an interface rather than using the Command Line Interface.
You could use the Set command if the interface is represented in the MIB by appropriate objects.
What information comes in Agent initiated?
alarms, threshold alerts, log events, config changes known as *trap messages*
In SNMP version 1 passwords are exchanged in clear text, what can you enabled to catch un-authorised connection attempts?
authentication-failure trap
What is included in an alarm event? And what must be included
card failure loss of connectivity temperature to high must include alarm severity alarm category QOS
What security authentication is used in SNMPv1 and v2, what is its main limitation?
community strings which are in clear text
What type of autentication does SNMPv3 use?
hash function with private key :HMAC (Hashed Message Authentication Codes)
What PDU requests allow manager to manager commincation?
inform request PDU
What is the number or OID bindings limited by?
maximum message size.
What is the default community string for ro and rw?
public for read only private read - write
• For example SysLocation.0 object to Sheffield, uk
set system.sysLocation.0 = "Sheffield, UK"
What does the system OID contain?
system uptime system contact system name
If the responding entity can provide for all values, they are included in which field?
variable binding
What is included in PDU parametres?
variable binding OID for object value if unknown - NULL is given
