SNMP: Simplified. White Paper by F5

Similar documents
Managing BIG-IP Devices with HP and Microsoft Network Management Solutions

Deploying the BIG-IP LTM with IBM QRadar Logging

Load Balancing 101: Nuts and Bolts

Session Initiated Protocol (SIP): A Five-Function Protocol

Optimizing NetApp SnapMirror Data Replication with F5 BIG-IP WAN Optimization Manager

Complying with PCI DSS 3.0

Archived. h h Health monitoring of the Guardium S-TAP Collectors to ensure traffic is sent to a Collector that is actually up and available,

Deploying the BIG-IP System v11 with DNS Servers

Archived. Configuring a single-tenant BIG-IP Virtual Edition in the Cloud. Deployment Guide Document Version: 1.0. What is F5 iapp?

SNMP Basics BUPT/QMUL

Deploying the BIG-IP System with CA SiteMinder

Deploying a Next-Generation IPS Infrastructure

SNMP Basics BUPT/QMUL

Improving VDI with Scalable Infrastructure

Load Balancing 101: Nuts and Bolts

Archived. Deploying the BIG-IP LTM with IBM Cognos Insight. Deployment Guide Document version 1.0. What s inside: 2 Products and versions tested

Maintain Your F5 Solution with Fast, Reliable Support

Prompta volumus denique eam ei, mel autem

Meeting the Challenges of an HA Architecture for IBM WebSphere SIP

Unified Application Delivery

DESIGN GUIDE. VMware NSX for vsphere (NSX-v) and F5 BIG-IP Design Guide

Deploying a Next-Generation IPS Infrastructure

Enhancing VMware Horizon View with F5 Solutions

Data Center Virtualization Q&A

Simple Network Management Protocol

Protecting Against Application DDoS A acks with BIG-IP ASM: A Three- Step Solution

SNMP Simple Network Management Protocol

Introduction to Systems and Network Management

Large FSI DDoS Protection Reference Architecture

SNMP SIMULATOR. Description

Deploying the BIG-IP System with Oracle Hyperion Applications

WHITE PAPER. F5 and Cisco. Supercharging IT Operations with Full-Stack SDN

Optimize and Accelerate Your Mission- Critical Applications across the WAN

Ethernet Switch ZyNOS 4.0

Enabling Long Distance Live Migration with F5 and VMware vmotion

Geolocation and Application Delivery

F5 and Nuage Networks Partnership Overview for Enterprises

Server Virtualization Incentive Program

Configuring SNMP. Understanding SNMP CHAPTER

The Programmable Network

F5 in AWS Part 3 Advanced Topologies and More on Highly Available Services

Document version: 1.0 What's inside: Products and versions tested Important:

Lecture 18: Network Management

CHAPTER. Introduction

Understanding SNMP. Rab Nawaz Jadoon DCS. Assistant Professor COMSATS University, Abbottabad Pakistan. Department of Computer Science

Deploying WAN-Optimized Acceleration for VMware vmotion Between Two BIG-IP Systems

Lecture 11: Introduction to Network Management

The F5 Application Services Reference Architecture

The Myth of Network Address Translation as Security

Webshells. Webshell Examples. How does a webshell attack work? Nir Zigler,

Securing the Cloud. White Paper by Peter Silva

SNMP. Simple Network Management Protocol

Network Functions Virtualization - Everything Old Is New Again

Cookies, Sessions, and Persistence

Configuring RMON. Understanding RMON CHAPTER

PLANEAMENTO E GESTÃO DE REDES INFORMÁTICAS COMPUTER NETWORKS PLANNING AND MANAGEMENT

Resource Provisioning Hardware Virtualization, Your Way

Configuring SNMP. Understanding SNMP CHAPTER

VMware vcenter Site Recovery Manager

SNMP and Network Management

RMON MIB. Presenter: Andreas Pitsillides. Based on presentation by Rouf Boutaba

Protect Against Evolving DDoS Threats: The Case for Hybrid

SNMP. Simple Network Management Protocol Philippines Network Operators Group, March Jonathan Brewer Telco2 Limited New Zealand

Converting a Cisco ACE configuration file to F5 BIG IP Format

Configuring SNMP. Understanding SNMP CHAPTER

RMON on the Workgroup Catalyst Series

Redesde Computadores(RCOMP)

Network Management. Stuart Johnston 13 October 2011

Validating Microsoft Exchange 2010 on Cisco and NetApp FlexPod with the F5 BIG-IP System

F5 Reference Architecture for Cisco ACI

Addressing Security Loopholes of Third Party Browser Plug ins UPDATED FEBRUARY 2017

TCP Optimization for Service Providers

Network Management. Stuart Johnston 08 November 2010

Multi-Tenancy Designs for the F5 High-Performance Services Fabric

Managing the Migration to IPv6 Throughout the Service Provider Network White Paper

Configure SNMP. Understand SNMP. This chapter explains Simple Network Management Protocol (SNMP) as implemented by Cisco NCS 4000 series.

Protecting Against Online Banking Fraud with F5

Operation Manual SNMP. Table of Contents

Citrix Federated Authentication Service Integration with APM

SNMP and Network Management

COSC 301 Network Management

Distributing Applications for Disaster Planning and Availability

QWEST Communications International Inc. Technical Publication

For complete syntax and usage information for the commands used in this chapter, see the Cisco IOS Configuration Fundamentals Command Reference

Internet Management Overview

Applications FTP. FTP offers many facilities :

TELE 301 Network Management

APM Cookbook: Single Sign On (SSO) using Kerberos

v.10 - Working the GTM Command Line Interface

Unit 2. Internet based Network Management

Application and Data Security with F5 BIG-IP ASM and Oracle Database Firewall

Carlos Samitier Joaquin Luque Fernando Gonzalo DIMAT S.A. Manuel Mejías Grupo Endesa Spain Universidad de Sevilla (Spain) Spain

Outline Network Management MIB naming tree, MIB-II SNMP protocol Network management in practice. Network Management. Jaakko Kotimäki.

, Network Management, Future

Considerations for VoLTE Implementation

Configuring SNMP. Understanding SNMP CHAPTER

Simple Network Management Protocol. Slide Set 8

Using the F5 ARX Solution for Automated Storage Tiering

SNMP. Simple Network Management Protocol

BIG IQ Reporting for Subscription and ELA Programs

Transcription:

The Simple Network Management Protocol defines a method for managing devices that connect to IP networks. The "simple" in SNMP refers to the requirements for a managed device, not the protocol. This white paper defines the history, frequently used terms, and implementation of SNMP. White Paper by F5

Introduction It's no secret that managing networks and applications are complex tasks. Multiple technologies are in use today, often by the same organization. This article presents an overview of one technology: the Simple Network Management Protocol (SNMP). SNMP offers a method to monitor and manage network devices and hosts. This document offers a simplified view of SNMP fundamentals and explains how the fundamental components work together. We'll look at concepts including network elements, the Network Management Station (NMS), SNMP and RMON probes, the Management Information Base (MIB), Object Identifiers (OID), and more. Reading this can help you to achieve two objectives: 1) to better understand SNMP's purpose and history, and 2) to help you better understand how its components work together to deliver management information and control network devices. History Prior to SNMP, most network devices were managed as individual elements by proprietary network management software. These software point products could only manage a single vendor's devices, and some were merely text-based command-line utilities. The lack of functionality and interoperability resulted in overly complex management implementations. Using a multitude of management systems and network-related commands made troubleshooting network-related issues extremely difficult, and prevented IT administrators from being able to see a single, more complete view of the end-to-end network. Defined by the Internet Engineering Task Force (IETF) in the late 80s, SNMP was designed to help monitor complex multi-vendor networks. Since then, two more SNMP versions have been ratified by the Internet Engineering Task Force (IETF). SNMP v1 provided the basic structure and process required to define network management information, retrieve information from network devices, control devices, and allow unsolicited messages called Traps to be sent to a NMS. The public, or generic, portion of the SNMP MIB defines generic device information, some limited performance information, and higher level performance information. The public portion defines information that is primarily useful for end stations. Device information and limited network information is available in the public MIB. 1

The lasting power of SNMP developed out of the capability for other organizations to extend the MIB. Most network equipment manufacturers have added private extensions to the SNMP MIB that define proprietary equipment information. For example, an Ethernet switch manufacturer may offer a private MIB extension that includes per-port traffic, user, and error information. SNMP Versions SNMP v1 has been extended several times to incorporate new features, SNMP v2 added several features, including the capability to retrieve data in bulk rather than individually, and added the capability for the NMS to acknowledge a trap message. SNMP v3 added encryption both for the community strings that are used to access to a network device and the SNMP data transmitted between devices. SNMP Data Collection SNMP was primarily used for device-based management, and was designed to be as non-invasive as possible. An important requirement for SNMP was to minimize managed-element processing overhead. SNMP was therefore designed to collect and report information, but not to provide sophisticated information processing. For example, an SNMP-managed node doesn't report information such as link throughput; rather, SNMP defines the information to be collected and relies on the NMS to retrieve and process the information to produce a derived value. In this example, determining link throughput requires an NMS to collect two items from a managed node the packet count from a network interface, and system time. Collection must be performed twice. The NMS then calculates the number of bits sent or received over the specified time period. RMON MIB Extensions The Remote MONitoring (RMON) extensions to SNMP, including RMON 1 and RMON 2, were defined by the IETF to add "flow-based" monitoring, as opposed to "device-based" monitoring, which is what SNMP primarily delivers. The first version, RMON 1, defined ten management groups that focused on OSI Layer 1 and Layer 2 information in Ethernet and Token Ring networks, which help to monitor LANs. The second version, RMON 2, included ten more groups that added support for network protocol- and application-layer monitoring. Compared to standard SNMP agents, agents that fully support RMON management require more processing capability. Because of this requirement, full RMON management is typically carried out by one or more probes designed specifically for RMON. 2

When implemented fully, RMON can provide many of the features and functionality offered by network analyzers. The disadvantage to RMON is that RMON agents shoulder a greater management burden because they must collect information from managed elements and process that information to provide higher-level data. Many network devices lack the processing horsepower required for extensive processing and instead implement only a small subset of the RMON groups. In fact, a device must only support statistics, history, alarms and events, the first four RMON 1 groups, to be labeled as RMON-compliant. SMON MIB Extensions The Switch MONitoring (SMON) definition further extended RMON to include detailed (typically Ethernet-based) LAN switch information. SMON enabled devicewide reporting and control for the one or more virtual LANs (VLANs) defined on the switch. Definitions Often technologies like SNMP change over time due to proprietary vendor extensions and implementations, requiring users to learn numerous new terms. Oddly, SNMP terms have remained true to the initial terminology. While this may seem irrelevant, it actually shows the full commitment and support vendors have made to SNMP. Below are the necessary definitions for understanding how SNMP works. Stand-alone RMON probe appliances are another solution that often delivers more complete RMON feature support than that found in most network equipment. RMON and SMON enabled administrators to place probes in the network to perform remote polling, logging, and trap forwarding functions. Probes typically have the extra processing power to analyze and distill information before it is transferred to an NMS. Network Element(s): "Network elements are devices such as hosts, gateways, terminal servers, and the like, which have management agents responsible for performing the network management functions requested by the network management stations" (J. Case, 1990). Quite simply, a network element is a monitored device. An element is often referred to as a node or a managed node. The (managed) node construct allows SNMP administrators to reference network elements without the complexity normally associated with other system administrators. SNMP administrators may use agent to refer to the software running on a given network element. Network Management Station (NMS): A server that runs the network management application. It is the primary recipient that network elements communicate with to relay the management and control information; it also provides the methods and means to analyze and report significant information. 3

SNMP Relay Device (also known as SNMP Probe, SNMP Collection Point, SNMP Proxy Agent): A node that polls Network Elements to collect information as a proxy for one or more NMSs. The collecting device may itself be an NMS, for example, residing in a regional data center. An SNMP Relay Device helps localize SNMP polling and trap reception, thereby reducing SNMP traffic across enterprise backbones and WAN links. An SNMP Relay Device may do local processing to summarize data that can then be sent in bulk to the NMS. RMON Probe: An RMON probe, which resides on a specific LAN, collects information for that LAN, performs more sophisticated processing than an SNMP agent, and reports more complex information such as link and individual Layer 2 throughput. Management Information Base (MIB): The MIB is a database containing Object Identifier (OID) information. The MIB can be depicted as a hierarchical tree-based structure where the MIB is the "tree" and each individual object is a "leaf." Each individual object is identified by an OID. Levels within the MIB are assigned by different organizations. The top-level MIB OIDs belong to various standards organizations, while lower-level OIDs belong to associated organizations such as Network Equipment Manufacturers, who assign OIDs that extend the MIB with proprietary values. Object Identifier (OID): Object Identifiers identify individual entries, or objects, within the MIB. OIDs are specified using an "x,y" naming convention, defined by Abstract Syntax Notation One (ASN.1). In this naming convention, "x" is a numeric value identifying an OID's position within the MIB tree and "y" is a human-readable OID name, also called a variable name. The numerical OIDs make searching through the MIB and reporting "human readable information" an easier process. Figure 1 represents the F5 OID hierarchy, which defines all OIDs that reside below the string beginning with 1.3.6.1.4.1.3375. 4

Figure 1: F5 OID hierarchy Protocol Data Unit (PDU): A PDU tells the NMS and/or the agent what SNMP action to take. SNMP version 1 contained the five following PDUs: GetRequest, GetNextRequest, SetRequest, GetResponse, and Trap. SNMP version 2 added GetBulk Request and Inform (which acknowledges a Trap). GetResponse is the only PDU used to respond to GetRequest, GetNextRequest, GetBulk, and SetRequest PDUs. All PDUs except Trap are sent via User Datagram Protocol (UDP) on Port 161. Traps are sent on UDP Port 162. Traps or Alerts: Traps or alerts are the method by which important, unsolicited information is reported to an NMS by a network element to an NMS or probe. No trap response is defined in SNMP v1, and each managed element must have one or more Trap receivers defined for the Trap to be effective. In SNMP version 2 and higher, the concept of a Trap was extended using another SNMP message called Inform. Like a Trap, an Inform message is unsolicited. However, Inform enables an NMS running SNMPv2 (or higher) to send a Trap to another NMS, and can also be used by a SNMP v2 (or higher) managed node to send an SNMP v2 Trap. The receiving node sends a response telling the sending NMS that the receiving NMS received the Inform message. Both messages are sent on UDP Port 161. 5

Figure 2: SNMP Communication Community: SNMP specifies two groups, called communities, to enable access to the OIDs on a managed element. SNMP community strings function as passwords to secure access to an element's OIDs. The read-community string, named public by default, allows read-only access, while the write-community string, named private by default, allows write access. Both community strings must be defined for full management access to an element, and common community strings must be defined on all elements, probes, and NMSs for full management in an SNMP domain. Note that until SNMP v3, community strings were sent in clear text, reducing SNMP security. Version 3 specified encrypted community strings and PDUs. Implementation Now that we've looked at definitions, it's easier to see how SNMP operates in a network. In its simplest form, an SNMP agent is loaded on a host with the appropriate MIB components. MIB components include the SNMP MIB, and may include RMON extensions, SMON extensions, private MIB extensions, or a combination. The agent is configured to communicate with one or more NMSs using specific SNMP community strings. The NMS IP address is also configured to enable the agent to send Traps or Notifications. The agent contains the SNMP MIB and typically, the manufacturer's private MIB extensions. The agent may also contain RMON or SMON extensions. The NMS is configured with the same community strings as the elements it manages. The NMS is also configured with the appropriate combination of the SNMP MIB, RMON extensions, SMON extensions, and private MIB extensions required to manage the agents for which it is responsible. The NMS is also configured, either manually or through automatic discovery, with the IP addresses of the agents it is to manage. Note that SNMP communication requires network devices to open UDP Ports 161 and 162 for polling and Traps/Notifications. 6

After initial configuration is complete, the agent collects information. The NMS periodically polls the agent. When appropriate, the agent sends Traps to the NMS. The NMS can also be used to modify agent configuration as appropriate. In a more complicated network, probes or multiple NMSs may be used in remote sites to limit WAN-based SNMP communication. Probes typically collect SNMP, RMON, or SMON MIB and process the data as appropriate (RMON and SMON only). Remote NMSs may also relay information to one or more centralized NMSs. The central NMS polls probes and remote NMSs for agent data, enabling local administration (where appropriate), centralized administration for a complete network overview, and summarized (bulk) data transfer from remote sites to reduce WAN utilization. Perspective Compared to previous monitoring and management methods, SNMP reduces the amount of overhead on the network element. Reduced processing overhead and a common platform enables growth and platform independence. This allows SNMP to be used on almost every IP network, often using a single, centralized NMS. While larger IP networks may require SNMP proxies to minimize WAN-based SNMP traffic, the reduction in the number of NMSs compared to previous methods enabled IT to focus on the other issues and to simplify the management network. Conclusion Through the use of SNMP agents, probes, and NMSs, information technology systems-monitoring has grown dramatically and has drastically reduced the requirement for administrators to manually monitor individual network components. The ability to have systems inform an NMS, and ultimately humans, of error conditions has led to increased uptime and availability. While not perfect, SNMP provides many of the tools necessary to collect and analyze data to enable system tuning for optimum performance and to identify when and where future growth in the network is required. F5 Networks, Inc. 401 Elliott Avenue West, Seattle, WA 98119 888-882-4447 www.f5.com Americas info@f5.com Asia-Pacific apacinfo@f5.com Europe/Middle-East/Africa emeainfo@f5.com Japan f5j-info@f5.com 2016 F5 Networks, Inc. All rights reserved. F5, F5 Networks, and the F5 logo are trademarks of F5 Networks, Inc. in the U.S. and in certain other countries. Other F5 trademarks are identified at f5.com. Any other products, services, or company names referenced herein may be trademarks of their respective owners with no endorsement or affiliation, express or implied, claimed by F5. WP-SNMP Simplified 0113 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback