Infrastructure for network management
Internet-standard management framework
SNMP overview: 4 key parts
- Management information base (MIB):
- distributed information store of network management data
- Structure of Management Information (SMI):
- data definition language for MIB objects
- SNMP protocol
- convey manager<->managed object info, commands
- security, administration capabilities
- major addition in SNMPv3
SMI: data definition language
Purpose: syntax, semantics of management data well-defined, unambiguous
base data types:
- straightforward, boring
- OBJECT-TYPE
- data type, status, semantics of managed object
- MODULE-IDENTITY
- groups related objects into MIB module
Basic Data Types:
|
|
SNMP MIB:
SMI: object, module examples
- OBJECT-TYPE: ipInDelivers
|
|
MODULE-IDENTITY: ipMIB
|
|
MIB example: UDP module
SNMP naming
- question: how to name every possible standard object (protocol, data, more..) in every possible network standard??
- answer: ISO Object Identifier tree:
- hierarchical naming of all objects
- each branchpoint has name, number
OSI Object Identifier Tree:
SNMP protocol
Two ways to convey MIB info, commands:
SNMP protocol: message types
SNMP security and administration
- encryption: DES-encrypt SNMP message
- authentication: compute, send MIC(m,k):
- compute hash (MIC) over message (m), secret shared key (k)
- protection against playback: use nonce
- view-based access control:
- SNMP entity maintains database of access rights, policies for various users
- database itself accessible as managed object!
TLV Encoding
- Idea: transmitted data is self-identifying
- T: data type, one of ASN.1-defined types
- L: length of data in bytes
- V: value of data, encoded according to ASN.1 standard
TLV encoding: example