February 3, 1998 Subject: CS590W - Topics in Internetworking Instructor: Dr. Deep Medhi Scribe: Jill Connaghan WARNING: These notes may not be error-proof. Be aware! Check appropriate books/papers, or check with Instructor when in doubt. SNMP: Simple Network Management Protocol 4 components for Network Management: Management Station Management Agent Protocol Information model (MIB) MS (Management Station with SNMP) /^ |^ \^ // || \\ (communication for each direction between MS and A) V/ V| V\ A A A (Management Agents with SNMP) >From every aspect it looks like all the other applications we have looked at: you need to send requests and get something back. What is different? What is it trying to accomplish? The simplest case is 1 management station with a bunch of agents. Both must be SNMP literate. Typically in the network, you have an SNMP daemon running to request and get response. If you have SNMP software, the software can be the manager. SNMPWALK /public/courses/cs590w/bin/snmpwalk Do for a particular machine or else the response is huge. Snmpwalk will give everything about a particular machine without you having to give all the commands (GET, GETNEXTs). The other machine does not have to be UNIX: only SNMP literate, otherwise you will get a timeout. Also need UDP. 5 types of Messages: Manager (Any Port) Port 162 where listening for trap Get | /|\ /|\ Requests: GetNext | | Response | Trap Set V | | Agent Port 161 (Any Port) Listening Port Runs on top of UDP with specific port: normal is 161; trap is 162. MESSAGE FORMAT: The concept is similar to DNS messages Version number typically is Version 1. Some use Version 2 and they are working on Version 3. Request and response have the same format. Trap format is different. Does it need 2 different ports? Conceptually, it should not matter. Why different ports? Trap is like out-of-band data. You might think of trap as a prioritized message since it is on a different port and you can process it right away. Classification: trap is really only one directional. Management Information model How to organize it to query? Good to decouple messaging (basic function). Don't have to change if add new functionality. Object Identifier (ASN.1) If there is an object identifier, there must be an object. But how is it different from a simple structure? Really it is just a set of variables; the object cannot take an action by itself. Need Status Information: Is it valid? Is it obsolete? Accessibility: for everyone or only some people? iso(1) | |-org(3) | |-dod(6) | |-internet(1) | |--directory(1) |--mgmt(2) (see mgmt subtree below) | . | . |--experimental(3) |--private(4) |--security(5) |--snmpv2(6) |--mgmt(2) | |--mib-2(1) | |--system(1) |--interface(2) |--ip(4) |--icmp(5) |--tcp(6) |--udp(7) | . You may want to provide mib for directory, and so you can crate some structure within it. If they need a new mib for testing, get a member under experimental. Private: within your organization, enterprise. Most major companies have one. SNMPv1 has no security features. These are addressed under SNMPv2. MIB-2 is related to SNMPv1. What happened to MIB-1? It was experimental and incomplete; they gave up on it. Example: SysDescr OBJECT-TYPE SYNTAX Display String (an ASN.1 type) (size(0..255)) ACCESS Read-only STATUS mandatory (not all objects are required) DESCRIPTION "string" (any comment) ::={system1} What is the description going to contain: OSF1 box or WindowsNT or anything you want to provide. System Description: tells about the machine (the agent) itself. System Name: often same as host ("aurora"). System Location: often is the default "unknown" System object ID System up time (time since the system came up) System contact (frequently "unknown") System services The workstation/PC many have many different possible interfaces. TCP/IP always has an interface Defined for loopback Aurora has 3 interfaces: 1. Ethernet 2. serial line 3. loopback Each interface is assigned an Index. For each interface: Short description string: Ethernet, local loop Type: SLIP line Number of packets (in, out; discards, errors, etc) Maximum transmission unit allowed Speed of interface Physical address Etc. SNMPWALK does everything: generates a huge listing. To run, do % snmpwalk -v 1 hostname public where hostname is any machine such as aurora/primus/titan etc. Can query on a particular interface. SNMPv1 RFCs 1155 structure and identification of mgmt information 1157 management protocol 1212/1213 definition; mib-2 1215 conventions for defining traps There could be multiple courses on SNMP. It is an application for the network not the user: similar to DNS in this respect. Version 2 added security. The bad thing that slowed its deployment was incompatibility with Version 1. There may a SNMPv1.5: an agreement to stay with Version 1 but with some features of Version 2. MIB is a database of management information, but they don't call it a database. Can define it for new interfaces. TCP/IP, mail monitoring, what do you want to monitor For new interfaces, assign it to a working group, create a first draft, and then haggle over the necessary fields. Sort of client/server but not quite (trap). The new thing is MIB: not in Telnet or ftp or DNS. For machine and each interface you want to monitor. SNMP is misnamed: 1. It doesn't manage: only monitors. You have to write your own to manage. 2. Right name might be SNMIP. 3. Version 1 does not manage because there is no security and no authority. Anybody can send a message. One ISP has a separate network for management. Don't trust management on the main network. Decouple for security. Need something for interfaces to do checking. Trap function: You are going down or an interface is not working, so inform management. If it is a large network with 1000s of agents, you may have a 3-tier system with an intermediate level of managers for 15-20 stations. Manager / Sub-mgr / \ Agent Agent The purpose of the intermediate manager is to filter information and pass it to the higher manager. Or it may be by geographic entity. The organization of the structure is how you want to do it: it is not part of a standard specification. Why UDP instead of TCP? You are querying for a specific object identifier. Requery if you don't get the response. The application takes care of it. Don't want TCP overhead for the small amount of data. Up time may be an optional object. STATUS says whether it is mandatory or optional. If a node has SNMP, it has to support the minimum mandatory objects but not the optional ones. If a feature is not supported, it may return 0. The manager needs to know how to interpret it (e.g. 0 may not mean 'no lost packets'.) ============================================================================= HTTP HyperText Transfer Protocol We will not discuss HTML HyperText Markup Language. It is a tagging scheme for interpretation. The beauty and power of it and its precursor TeX is that it is in ASCII and can be easily read. Many word processors save their data in proprietary binary formats which other processors (and even later versions of the same processor) may not be able to read. Why not just use TeX? TeX is not simple like HTML. It is like a program with open, close, etc. HTML is good because it is simple. Now you can do it in word processors such as Word and save as HTML. HTTP HyperText Transfer Protocol How to access a document. Why not just ftp the document? ftp doesn't display it: just transfers it. The 1st HTTP v0.9 in 1991 was very skeletal like ftp. 1. Connection 2. Request 3. Response 4. Disconnect It was exclusively stated to work only for TCP/IP listening at Port #80. Reliable transfer is important. HTTP is an application-layer protocol with connection through TCP. Request is a one-liner: GET document-name It gets a file like ftp but it is different. There are 3 parts to the URL: Protocol identifier Domain name What file we want The domain name is stripped off since there is already a connection to it. 0.9 requirement for search: for GET with + or ?, do command. Response is an HTML file. 0.9 response was peculiar: It said each line of the HTML file could be any length, but it truncated the line if it was longer than 80. The end of the HTML file ends the connection. HTTP is described in RFC1945. Basic HTTP is 0.9. The most common now is HTTP/1.0. There is a version 1.1 but most use 1.0. Now want more than the minimal HTTP 0.9. Basic HTTP: Request chain----> (User agent (UA) uses client to do it) UA---------v--------o single connection (v) to original server (o) <-------------- response chain With 1.0 the original server may not respond: may be a proxy or gateway. Request chain------------> UA--v--A--v--B--v--C--v--o (A, B, C are intermediaries) <-------------- response chain Trying to reduce the web server work load. RFC 1945 What is a connection? 2 important are: proxy (from request side; client or server) gateway (from server) 0.9 assumes the protocol is http. Now also ftp, pgn(?), and other different protocols. Response was ASCII; now images. How should non-ASCII objects within the document be handled? Augmented BNF (+,?) defined in RFC1945. Goes back to RFC822 (original mail). What display strings are accepted for implementation? Basic rules for what is an octet? What is hex? What changes in GET request? Put HTTP version at the end: HTTP/v1.0. If omitted, assume 0.9. GET: Simple request (0.9) Full request (1.0) POST is 1.0 Next time we'll discuss types of requests and POST and HTTP performance and web servers.