25 Apr 2013

Simple Network Management Protocol (SNMP)

SNMP is a popular protocol for network management. It is used for collecting information from, and configuring, network devices, such as servers, printers, hubs, switches, and routers on an Internet Protocol (IP) network. SNMP can collect information such as a server's CPU level, Server chassis Temperature… the list is nearly endless of what you can do with SNMP if configured properly.

Microsoft Windows Server 2003 provides SNMP agent software that works with third-party SNMP management software to monitor the status of managed devices and applications. Many SNMP based network management software applications come with 'client' software that will install on your Windows Server 2003 system, some do not. Some network management suites do not include a client portion of the software and this is where you may need to install and configure a Server's SNMP Service. 

Introduction to the Simple Network Management Protocol (SNMP)

SNMP was made with one design in mind… to be simple. SNMP is a simple protocol that can be used on just about any networking device in use today. In some environments it's used heavily, in others it's scarce. Some view it as a security threat; others see it as a way to efficiently manage some of their key systems. However you decide to see it, SNMP is a easy to use, easy to set up and not very difficult to understand.

The SNMP protocol was designed to provide a "simple" method of centralizing the management of TCP/IP-based networks – plain and simple. If you want to manage devices from a central location, the SNMP protocol is what facilitates the transfer of data from the client portion of the equation (the device you are monitoring) to the server portion where the data is centralized in logs for centralized viewing and analysis. Many application vendors supply network management software: IBM's Tivoli, Microsoft's MOM and HP Openview are three of over 100+ applications available today to manage just about anything imaginable. The protocol is what makes this happen. The goals of the original SNMP protocols revolved around one main factor that is still in use today: Remote Management of Devices. SNMP is commonly used to manage devices on a network.

SNMP uses UDP

UDP stands for User Datagram Protocol and is the opposite of TCP, Transmission Control Protocol which is a very reliable and high overhead protocol.

User Datagram Protocol is very low overhead, fast and unreliable. It is defined by RFC 768. UDP is easier to implement and use than a more complex protocol such as TCP. It does however provide plenty of functionality to allow a central manager station to communicate with a remote agent that resides on any managed device that it can communicate with. The unreliability comes in the form of checks and balances whereas if TCP sends something, it waits for an acknowledgment and if it doesn't hear back, it will resend. Since logging of devices usually happens within a time period that is cyclic in nature, then it's common sense that you missed the event and you'll catch it next time… the tradeoff being that the low overhead protocol is simple to use and doesn't eat up all your bandwidth like TCP based applications going across your WAN.

SNMP Operation

SNMP design is pretty simple. There are two main players in SNMP. The manager and the agent. The manager is generally the 'main' station such as HP Openview. The agent would be the SNMP software running on a client system you are trying to monitor.

The manager is usually a software program running on a workstation or larger computer that communicates with agent processes that run on each device being monitored. Agents can be found on switches, firewalls, servers, wireless access points, routers, hubs, and even users' workstations – the list goes on and on. As seen in the illustration, the manager polls the agents making requests for information, and the agents respond when asked with the information requested.

Network Management Station (NMS)

The manager is also called a Network Management Station or NMS for short. The software used to create the NMS varies in functionality as well as expense. You can get cheaper applications with lesser functionality or pay through the nose and get the Lamborghini of NMS systems. Other functionalities of the NMS include reporting features, network topology mapping and documenting, tools to allow you to monitor the traffic on your network, and so on. Some management consoles can also produce trend analysis reports. These types of reports can help you do capacity planning and set long-range goals.

SNMP Primitives

SNMP has three control primitives that initiate data flow from the requester which is usually the Manager. These would be get, get-next and set. The manager uses the get primitive to get a single piece of information from an agent. You would use get-next if you had more than one item. When the data the manager needs to get from the agent consists of more than one item, this primitive is used to sequentially retrieve data; for example, a table of values. You can use set when you want to set a particular value. The manager can use this primitive to request that the agent running on the remote device set a particular variable to a certain value. There are two control primitives the responder (manager) uses to reply and that is get-response and trap. One is used in response to the requester's direct query (get-response) and the other is an asynchronous response to obtain the requester's attention (trap). As I mentioned earlier, I alluded to the fact that the manager doesn't always initiate – sometimes the agent can as well. Although SNMP exchanges are usually initiated by the manager software, this primitive can also be used when the agent needs to inform the manager of some important event. This is commonly known and heard of as a 'trap' sent by the agent to the NMS.

The Management Information Base (MIB)

We just learned what primitives were… the agent and the manager, exchanging data. The data they exchange also has a name. The types of data the agent and manager exchange are defined by a database called the management information base (MIB).The MIB is a virtual information store. Remember, it is a small database of information and it resides on the agent. Information collected by the agent is stored in the MIB. The MIB is precisely defined; the current Internet standard MIB contains more than a thousand objects. Each object in the MIB represents some specific entity on the managed device.

SNMPv2 and SNMPv3

With all TCP/IP related protocols, it's a well known fact that anything dating before the creation of IPv6 (or IPng) has security weaknesses such as passwords sent in cleartext. SNMP in its original form is very susceptible to attack if not secured properly, messages sent in cleartext exposing community string passwords, or default passwords of public and private being 'guessed' by anyone who knew how to exploit SNMP… beyond its inherent weaknesses SNMP in its original implementation is still very simple to use and has been widely used throughout the industry. SNMP in its first version lacked encryption or authentication mechanisms. So, now that SNMP in its first version was good enough, work began to make it better with SNMPv2 in 1994. Besides for some minor enhancements, the main updates to this protocol come from the two new types of functionality, where traps can be sent from one NMS to another NMS as well as a 'get-bulk' operation that allows larger amounts of information to be retrieved from one request. SNMPv3 still being worked on and is incorporating the best of both versions and enhanced security as well. SNMPv3 provides secure access to devices by a combination of authenticating and encrypting packets over the network. The security features provided in SNMPv3 are message integrity which ensures that a packet has not been tampered with while in transit, authentication which is determining the message is from a valid source and encryption, which is the securing of the packet by scrambling its contents.

No comments:

Post a Comment