Introduction to SNMP

SNMP (Simple Network Management Protocol) is a UDP-based protocol used mostly for managing network-attached devices, such as routers, switches, computers, printers, video cameras, and so on. Some applications also allow access to internal counters via the SNMP protocol.

SNMP not only allows you to read performance statistics from the devices, it can also send control messages to instruct a device to perform some action—for example, you can restart a router remotely by using SNMP commands.

There are three main components in a system managed by SNMP:

• The management system, which is responsible for managing all devices

• The managed devices, which are all devices managed by the management system

• The SNMP agent, which is an application that runs on each of the managed devices and interacts with the management system

This relationship is illustrated in Figure 1-1.

Snmp Architecture
Figure 1-1. The SNMP network components

This approach is rather generic. The protocol defines seven basic commands, of which the most interesting to us are get, get bulk, and response. As you may have guessed, the former two are the commands that the management system issues to the agent, and the latter is a response from the agent software.

How does the management system know what to look for? The protocol does not define a way of exchanging this information, and therefore the management system has no way to interrogate the agents to obtain the list of available variables.

The issue is resolved by using a Management Information Base (or MIB). Each device usually has an associated MIB, which describes the structure of the management data on that system. Such a MIB would list in hierarchical order all object identifiers (OIDs) that are available on the managed device. The OID effectively represents a node in the object tree. It contains numerical identifiers of all nodes leading to the current OID starting from the node at the top of the tree. The node IDs are assigned and regulated by the IANA (Internet Assigned Numbers Authority). An organization can apply for an OID node and when assigned is responsible for managing the OID structure below the allocated node.

Figure 1-2 illustrates a portion of the OID tree.

Mib Oid Python

Let's look at some example OIDs. The OID tree node that is assigned to the Cisco organization has a value of 1.3.6.1.4.1.9, which means that all proprietary OIDs that are associated with the Cisco manufactured devices will start with these numbers. Similarly, the Novell devices will have their OIDs starting with 1.3.6.1.4.1.23.

I deliberately emphasized proprietary OIDs because some properties are expected to be present (if and where available) on all devices. These are under the 1.3.6.1.2.1.1 (System SNMP Variables) node, which is defined by RFC1213. For more details on the OID tree and its elements, please visit http: / /www.alvestrand. no/objectid/top .html. This web site allows you to browse the OID tree and contains quite a large collection of the various OIDs.

The System SNMP Variables Node

In most cases the basic information about a device will be available under the System SNMP Variables OID node subtree. Therefore let's have a close look at what you can find there.

This OID node contains several additional OID nodes. Table 1 -1 provides a description for most of the sub nodes.

Table 1-1. System SNMP OIDs

OID String OID Name

1.3.6.1.2.1.1.2 sysObjectID

1.3.6.1.2.1.1.6 sysLocation

1.3.6.1.2.1.1.7 sysServices

1.3.6.1.2.1.1.8 sysLastChange

Description

A string containing a short description of the system or device. Usually contains the hardware type and operating system details.

A string containing the vendor-specific device OID node. For example, if the organization has been assigned an OID node 1.3.6.1.4.1.8888 and this specific device has been assigned a .1.1 OID space under the organization's space, this field would contain a value of 1.3.6.1.4.1.8888.1.1.

A number representing the time in hundreds of a second from the time when the system was initialized.

An arbitrary string containing information about the contact person who is responsible for this system.

A name that has been assigned to the system. Usually this field contains a fully qualified domain name.

A string describing the physical location of the system.

A number that indicates which services are offered by this system. The number is a bitmap representation of all OSI protocols, with the lowest bit representing the first OSI layer. For example, a switching device (operating on layer 2) would have this number set to 22 = 4. This field is rarely used now.

A number containing the value of sysUpTime at the time of a change to any of the system SNMP objects.

A node containing multiple sysEntry elements. Each element represents a distinct capability and the corresponding OID node value.

The Interfaces SNMP Variables Node

Similarly, the basic interface statistics can be obtained from the Interfaces SNMP Variables OID node subtree. The OID for the interfaces variables is 1.3.6.1.2.1.2 and contains two subnodes:

• An OID containing the total number of network interfaces. The OID value for this entry is 1.3.6.1.2.1.2.1; and it is usually referenced as ifNumber. There are no subnodes available under this OID.

• An OID node that contains all interface entries. Its OID is 1.3.6.1.2.1.2.2 and it is usually referenced as ifTable. This node contains one or more entry nodes. An entry node (1.3.6.1.2.1.2.2.1, also known as ifEntry) contains the detailed information about that particular interface. The number of entries in the list is defined by the ifNumber node value.

You can find detailed information about all ifEntry subnodes in Table 1-2. Table 1-2. Interface entry SNMP OIDs OID String OID Name Description

1.3.6.1.2.1.2.2.1.1 ifIndex A unique sequence number assigned to the interface.

1.3.6.1.2.1.2.2.1.2 ifDescr A string containing the interface name and other available information, such as the hardware manufacturer's name.

1.3.6.1.2.1.2.2.1.3 ifType A number representing the interface type, depending on the interface's physical link and protocol.

1.3.6.1.2.1.2.2.1.4 ifMtu The largest network datagram that this interface can transmit.

1.3.6.1.2.1.2.2.1.5 ifSpeed The estimated current bandwidth of the interface. If the current bandwidth cannot be calculated, this number should contain the maximum possible bandwidth for the interface.

1.3.6.1.2.1.2.2.1.6 ifPhysAddress The physical address of the interface, usually a MAC address on Ethernet interfaces.

1.3.6.1.2.1.2.2.1.7 ifAdminStatus This OID allows setting the new state of the interface. Usually limited to the following values: 1 (Up), 2 (Down), 3 (Testing).

1.3.6.1.2.1.2.2.1.8 ifOperStatus The current state of the interface. Usually limited to the following values: 1 (Up), 2 (Down), 3 (Testing).

1.3.6.1.2.1.2.2.1.9 ifLastChange The value containing the system uptime (sysUpTime)

reading when this interface entered its current state. May be set to zero if the interface entered this state before the last system reinitialization.

1.3.6.1.2.1.2.2.1.10 ifInOctets The total number of bytes (octets) received on the interface.

1.3.6.1.2.1.2.2.1.11 ifInUcastPkts The number of unicast packets forwarded to the device's network stack.

1.3.6.1.2.1.2.2.1.12 ifInNUcastPkts The number of non-unicast packets delivered to the device's network stack. Non-unicast packets are usually either broadcast or multicast packets.

1.3.6.1.2.1.2.2.1.13 ifInDiscards The number of dropped packets. This does not indicate a packet error, but may indicate that the receive buffer was too small to accept the packets.

OID String OID Name

1.3.6.1.2.1.2.2.1.15 ifInUnknownProtos

1.3.6.1.2.1.2.2.1.17 ifOutUcastPkts

1.3.6.1.2.1.2.2.1.19 ifOutDiscards

Description

The number of received invalid packets.

The number of packets that were dropped because the protocol is not supported on the device interface.

The number of bytes (octets) transmitted out of the interface.

The number of unicast packets received from the device's network stack. This number also includes the packets that were discarded or not sent.

The number of non-unicast - packets received from the device's network stack. This number also includes the packets that were discarded or not sent.

The number of valid packets that were discarded. It's not an error but may indicate that the send buffer is too small to accept all packets.

The number of outgoing packets that couldn't be transmitted because of the errors.

The length of the outbound packet queue.

Usually contains a reference to the vendor-specific OID describing this interface. If such information is not available the value is set to an OID 0.0, which is syntactically valid, but is not pointing to anything.

Authentication in SNMP

Authentication in earlier SNMP implementations is somewhat primitive and is prone to attacks. An SNMP agent defines two community strings—one for read-only access and the other for read/write access. When the management system connects to the agent, it must authenticate with one of those two strings. The agent accepts commands only from a management system that has authenticated with valid community strings.

Querying SNMP from the Command Line

Before we start writing our application, let's quickly look at how to query SNMP from the command line. This is particularly useful if you want to check whether the information returned by the SNMP agent is correctly accepted by your application.

The command-line tools are provided by the Net-SNMP-Utils package, which is available for most Linux distributions. This package includes the tools to query and set SNMP objects. Consult your Linux distribution documentation for the details on installing this package.

The command-line tools are provided by the Net-SNMP-Utils package, which is available for most Linux distributions. This package includes the tools to query and set SNMP objects. Consult your Linux distribution documentation for the details on installing this package.

The most useful command from this package is snmpwalk, which takes an OID node as an argument and tries to discover all subnode OIDs. This command uses the SNMP operation getnext, which returns the next node in the tree and effectively allows you to traverse the whole subtree from the indicated node. If no OID has been specified, snmpwalk will use the default SNMP system OID (1.3.6.1.2.1) as the starting point. Listing 1-1 demonstrates the snmpwalk command issued against a laptop running Fedora Linux.

Listing 1-1. An example of the snmpwalk command $ snmpwalk -c public -On 192.168.1.68

.1.3.6.1.2.1.1.1.0 = STRING: Linux fedolin.example.com 2.6.32.11-99.fc12.i686 #1« SMP Mon Apr 5 16:32:08 EDT 2010 i686

.1.3.6.1.2.1.1.2.0 .1.3.6.1.2.1.1.3.0 .1.3.6.1.2.1.1.4.0

.1. .1. .1. .1. .1. .1. .1. .1. .1. .1. .1. .1. .1. .1. SNMP .1.3. .1.3 .1.3

1.2 1.2 1.2 1.2 1.2 1.2 1.2 1.2 1.2 1.2 1.2 1.2 1.2 1.2

OID: .1.3.6.1.4.1.8072.3.2.10 Timeticks: (110723) 0:18:27.23 STRING: Administrator ([email protected]) STRING: fedolin.example.com

STRING: MyLocation, MyOrganization, MyStreet, MyCity, MyCountry Timeticks: (3) 0:00:00.03 1 2 3

OID

. 1

3.

b.1

6

3

10

3

1

1

OID

. 1

3.

b.1

6

3

11

3

1

1

OID

. 1

3.

b.1

6

3

15

2

1

1

OID

. 1

3.

b.1

6

3

1

OID

. 1

3.

b.1

2

1

49

OID

. 1

3.

b.1

2

1

4

OID

. 1

3.

b.1

2

1

50

OID

. 1

3.

b.1

6

3

16

2

2

STRING STRING STRING

User-based Security Model.

The SNMP Management Architecture MIB.

The MIB for Message Processing and Dispatching.

The management information definitions for the^

The MIB module for SNMPv2 entities

The MIB module for managing TCP implementations

The MIB module for managing IP and ICMP^

implementations

STRING STRING Timeticks: Timeticks: Timeticks: Timeticks: Timeticks: Timeticks: Timeticks: Timeticks:

The MIB module for managing UDP implementations View-based Access Control Model for SNMP.

0:00:00.03 0:00:00.03 0:00:00.03 0:00:00.03 0:00:00.03 0:00:00.03 0:00:00.03 0:00:00.03

.1.3.6.1.2.1.2.2.1.9.5 = .1.3.6.1.2.1.2.2.1.10.1 .1.3.6.1.2.1.2.2.1.10.2

INTEGER: 1 INTEGER: 2 INTEGER: 3 INTEGER: 4 INTEGER: 5 STRING: lo STRING: ethO STRING: wlan1 STRING: panO STRING: virbrO

INTEGER: softwareLoopback(24)

INTEGER: ethernetCsmacd(6)

INTEGER: ethernetCsmacd(6)

INTEGER: ethernetCsmacd(6)

INTEGER: ethernetCsmacd(6)

INTEGER: 16436

INTEGER: 1500

INTEGER: 1500

INTEGER: 1500

INTEGER: 1500

Gauge32: 10000000

Gauge32: 0

Gauge32: 10000000

Gauge32: 10000000

Gauge32: 10000000

STRING:

STRING: 0:d:56:7d:68:b0 STRING: 0:90:4b:64:7b:4d STRING: 4e:e:b8:9:81:3b STRING: d6:f9:7c:2c:17:28

INTEGER

up(1)

INTEGER

up(1)

INTEGER

up(1)

INTEGER

down(

2)

INTEGER

up(1)

INTEGER

up(1)

INTEGER

down(

2)

INTEGER

up(1)

INTEGER

down(

2)

INTEGER

up(1)

Timeticks: (0

0:

00

00

00

Timeticks: (0

0:

00

00

00

Timeticks: (0

0:

00

00

00

Timeticks: (0

0:

00

00

00

Timeticks: (0

0:

00

00

00

Counter32: 89275

Counter32: 0

.1.3.6.1.2.1.2.2.1.10.3 .1.3.6.1.2.1.2.2.1.10.4 .1.3.6.1.2.1.2.2.1.10.5 .1.3.6.1.2.1.2.2.1.11.1 .1.3.6.1.2.1.2.2.1.11.2 .1.3.6.1.2.1.2.2.1.11.3 .1.3.6.1.2.1.2.2.1.11.4 .1.3.6.1.2.1.2.2.1.11.5 .1.3.6.1.2.1.2.2.1.12.1 .1.3.6.1.2.1.2.2.1.12.2 .1.3.6.1.2.1.2.2.1.12.3 .1.3.6.1.2.1.2.2.1.12.4 .1.3.6.1.2.1.2.2.1.12.5 .1.3.6.1.2.1.2.2.1.13.1 .1.3.6.1.2.1.2.2.1.13.2 .1.3.6.1.2.1.2.2.1.13.3 .1.3.6.1.2.1.2.2.1.13.4 .1.3.6.1.2.1.2.2.1.13.5 .1.3.6.1.2.1.2.2.1.14.1 .1.3.6.1.2.1.2.2.1.14.2 .1.3.6.1.2.1.2.2.1.14.3 .1.3.6.1.2.1.2.2.1.14.4 .1.3.6.1.2.1.2.2.1.14.5 .1.3.6.1.2.1.2.2.1.15.1 .1.3.6.1.2.1.2.2.1.15.2 .1.3.6.1.2.1.2.2.1.15.3 .1.3.6.1.2.1.2.2.1.15.4 .1.3.6.1.2.1.2.2.1.15.5 .1.3.6.1.2.1.2.2.1.16.1 .1.3.6.1.2.1.2.2.1.16.2 .1.3.6.1.2.1.2.2.1.16.3 .1.3.6.1.2.1.2.2.1.16.4 .1.3.6.1.2.1.2.2.1.16.5 .1.3.6.1.2.1.2.2.1.17.1 .1.3.6.1.2.1.2.2.1.17.2 .1.3.6.1.2.1.2.2.1.17.3 .1.3.6.1.2.1.2.2.1.17.4 .1.3.6.1.2.1.2.2.1.17.5 .1.3.6.1.2.1.2.2.1.18.1 .1.3.6.1.2.1.2.2.1.18.2 .1.3.6.1.2.1.2.2.1.18.3 .1.3.6.1.2.1.2.2.1.18.4 .1.3.6.1.2.1.2.2.1.18.5 .1.3.6.1.2.1.2.2.1.19.1 .1.3.6.1.2.1.2.2.1.19.2 .1.3.6.1.2.1.2.2.1.19.3 .1.3.6.1.2.1.2.2.1.19.4

=

Counter32

11649462

=

Counter32

0

=

Counter32

0

=

Counter32

1092

=

Counter32

0

=

Counter32

49636

=

Counter32

0

=

Counter32

0

=

Counter32

0

=

Counter32

0

=

Counter32

0

=

Counter32

0

=

Counter32

0

=

Counter32

0

=

Counter32

0

=

Counter32

0

=

Counter32

0

=

Counter32

0

=

Counter32

0

=

Counter32

0

=

Counter32

0

=

Counter32

0

=

Counter32

0

=

Counter32

0

=

Counter32

0

=

Counter32

0

=

Counter32

0

=

Counter32

0

=

Counter32

89275

=

Counter32

0

=

Counter32

922277

=

Counter32

0

=

Counter32

3648

=

Counter32

1092

=

Counter32

0

=

Counter32

7540

=

Counter32

0

=

Counter32

17

=

Counter32

0

=

Counter32

0

=

Counter32

0

=

Counter32

0

=

Counter32

0

=

Counter32

0

=

Counter32

0

=

Counter32

0

=

Counter32

0

. 1 . 1 .1 .1 .1 .1 .1 .1 .1 .1 .1 .1 .1 .1 .1 .1 .1 .1 of

Counter32: Counter32: Counter32: Counter32: Counter32: Counter32:

= Gauge32:

= Gauge32:

= Gauge32:

= Gauge32:

= Gauge32:

OID OID OID OID OID

Timeticks: (8232423) 22:52:04.23

No more variables left in this MIB View (It is past the end tree)

As an exercise, try to identify some of the listed OIDs using Tables 1-1 and 1-2 and find out what they mean.

Was this article helpful?

+1 0

Post a comment