网络管理(Network Management)

Infrastructure for network management

network_management_infrastructure.png

Internet-standard management framework

SNMP overview: 4 key parts

  • Management information base (MIB):
    • distributed information store of network management data
  • Structure of Management Information (SMI):
    • data definition language for MIB objects
  • SNMP protocol
    • convey manager<->managed object info, commands
  • security, administration capabilities
    • major addition in SNMPv3

SMI: data definition language

  • Purpose: syntax, semantics of management data well-defined, unambiguous

  • base data types:

    • straightforward, boring
  • OBJECT-TYPE
    • data type, status, semantics of managed object
  • MODULE-IDENTITY
    • groups related objects into MIB module

Basic Data Types:

1
2
3
4
5
6
7
8
9
10
11
INTEGER
Integer32
Unsigned32
OCTET STRING
OBJECT IDENTIFIED
IPaddress
Counter32
Counter64
Guage32
Time Ticks
Opaque

SNMP MIB:

SNMP_MIB.png

SMI: object, module examples

  • OBJECT-TYPE: ipInDelivers
1
2
3
4
5
6
7
8
9
10
ipInDelivers OBJECT TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
“The total number of input
datagrams successfully
delivered to IP user-
protocols (including ICMP)”
::= { ip 9}

MODULE-IDENTITY: ipMIB

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
ipMIB MODULE-IDENTITY
LAST-UPDATED “941101000Z”
ORGANZATION “IETF SNPv2
Working Group”
CONTACT-INFO
“ Keith McCloghrie
……”
DESCRIPTION
“The MIB module for managing IP
and ICMP implementations, but
excluding their management of
IP routes.”
REVISION “019331000Z”
………
::= {mib-2 48}

MIB example: UDP module

MIB_eg_UDP_module.png

SNMP naming

  • question: how to name every possible standard object (protocol, data, more..) in every possible network standard??
  • answer: ISO Object Identifier tree:
    • hierarchical naming of all objects
    • each branchpoint has name, number

SNMP_naming.png

OSI Object Identifier Tree:

OSI_Object_Identifier_Tree.png

SNMP protocol

Two ways to convey MIB info, commands:

SNMP_convey_MIB_info.png

SNMP protocol: message types

SNMP_message_type.png

SNMP security and administration

  • encryption: DES-encrypt SNMP message
  • authentication: compute, send MIC(m,k):
    • compute hash (MIC) over message (m), secret shared key (k)
  • protection against playback: use nonce
  • view-based access control:
    • SNMP entity maintains database of access rights, policies for various users
    • database itself accessible as managed object!

TLV Encoding

  • Idea: transmitted data is self-identifying
    • T: data type, one of ASN.1-defined types
    • L: length of data in bytes
    • V: value of data, encoded according to ASN.1 standard

TLV_encoding.png

TLV encoding: example

TLV_encoding_eg.png