SNMP in Patrol

www.bmc.com

1© 1999 BMC SOFTWARE, INC.2/10/00

SNMP in Patrol

Eugene GolovinskyBMC Software,SNMP technology group

www.bmc.com


SNMPSimple Network Management Protocol

3

© 1999 BMC SOFTWARE, INC.2/11/00

Why was SNMP invented ?

Designed to run on non-OS systems, later used in various ways for monitoring

No “BRAINS”

SNMP Agent

THE “BRAINS”

SNMP Manager

Maybe no (Free) Cpu Maybe no (Free) Memory Must be able to run everywhere

Real OS Contained all intelligence Made all decisions

4


Protocol, its versions and extentions

What is SNMP About the protocol versions

SNMPv1, SNMPv2 ( c ) and SNMPv3

Some other things:RMON, RMON 2, SMI's and MIB's

SNMPv3 - as a future path for SNMP community ?

5


SNMP implementations

TransportTransport protocol (UDP/IP)BER (iso 8825) - Basic Encoding Rules

TLV (Type, Length, Value) encoding

VersionsSNMPv1SNMPv2SNMPv3

OSI network management implementationCMIP - CMOT ( used primarily in telephony along with

SNMP)

6


SNMP Syntax - SMI

ASN.1 (iso 8824 - “abstract notation one”)SMI uses a subset of ASN.1

Well defined syntax for information exchange

comparable in functionality with XML

7


SNMPv3

New Draft Standard with enhanced SecurityUser Based security model (rfc 2574)

Administration

Security (authentication, privacy and message integrity)

View based access (VACM)

8


RMON (Remote Network Monitoring)

IETF rfc 1271 / rfc 1757 / rfc 1513Physical Layer Management using probes (HW-SW)Extend SNMP functionality

RMON MIB : contains RMON dataPreventive Management : threshold based notificationStatistics/History of data, Packet capturing, Host tables,…Operation modes

Online Offline On Demand

9


RMON2

Continued on RMON (rfc 2021)Statistics on network and upper layersAll of the leading probe vendors support it

NetScout, Technically Elite, Solcom, HP, 3Com, Bay, Cisco, Cabletron

Difficult to use all features because of vendor specific implementations

10


SNMP References

SNMP v1 RFCs 1155 SMI 1157 protocol 1212 Concise MIB 1213 MIB2 1215 traps

SNMP v2 RFCs historical

See also : The Simple Web http://snmp.cs.utwente.nl/

SNMP v2C RFCs 1902-1907

SNMP v3 RFCs 1905-1907 2571-2575 2578-2580

http://www.ietf.org

11


UDP vs. TCP connection

UDP

RMRM

Agents

Console

Console

Agents

TCP• connectionless• scalable• not reliable

• connection oriented• used to be non-scalable• reliable

12


SNMP : Underlying Transport

UDP/IP implications unreliable no confirmation or guarantee order uncertain may duplicate

unsecure No authentication on transport layer No verification of origin (message spoofing) No integrity (message can be tampered with)

13


The SNMP Agent

What is an SNMP agent ? Components :

MIB (the MIB in memory) request handling trap sending

14


Multiple SNMP Agents on 1 system

Conflict : only 1 process can listen on a portSolutions :SMUX (SNMP Multiplexer)AgentX - Agent Extensibility (rfc 2741)Emanate (proprietary SNMP Research)

161

MasterAgent

Sub agent

Sub agent

Sub agent

Application

Application

Device

15


MIB (Management Information Base)

The MIB definition textual description of MIB layoutWritten in SMI : Structure of Management Information

SMI (the MIB definition language)Support for multiple datatypesSupport for data definitions : indexed tables, structures,

values,...

16


NAMING in SNMP

Naming hierarchyunique identifier, down to the instance of any object1.3.6.1.4.1.1031 is the OID of the BMC Software subtree;Object identifier is the name

iso1

3 org

6 dod

1 internet

2mgmt

4private

1 enterprises

442 1031enterpriseID

peerBMC Company X

Whatever you like

17


SNMP Management

Remote Management :

From a geographically separate location configure monitor control

a remote system application device OS

Management console

Mgmt info, i.e., interesting info

“application”

Managed system

Mgmt protocol

18


Management Operations,SNMP requests and responses

Get, Get Next, SetSNMPv1 responses are sent back

Get Bulk (SNMPv2)

Unsolicited Traps from Agent (v1)

Informs (v2 and v3) - confirmed traps

19


Request handling

SNMP Agent gets request from mgr listens on specific port : typically 161 receives request : request ID + OID

Lookup of OID in memoryPerforms operation if possibleSNMP Agent sends response

request ID OID value error status + index

Similar for get-next operation returns next OID in tree

20


Trap sending

SNMP Agent sends7 predefined Generic trap types (0-6)

0-5 = Standard traps

6 = Enterprise Specific

Sends to port 162 (default) on trap receiving machine

Trap destinations has to be configuredPatrol : /snmp/piV1m_list

21


The SNMP Manager

What is an SNMP manager ?

Components :present MIB info (display MIB files)send requests listen for traps

22


Sending Requests

Timebased pollingUser based requests

Authentication :SNMPv1 : community names for r/w (most of the

times, just private/public)SNMPv3 does it with MD5

23


Listening for traps

Only one process can listen on a portThat means only one trap listener per system !

Solution :PATROL : trap demultiplexer (Dietmar

Hildebrand)No PATROL : (write your own)

24


SNMP++

Initial HP initiative, now Open SourceObject oriented development approach to

SNMPv1,v2c,v3High level APIPrimary focus on network management

application developer

References :http://rosegarden.external.hp.com/snmp++

http://www.simple-times.org/pub/simple-times/issues/7-1.html

www.bmc.com


??? Questions ???

www.bmc.com


PATROL SNMP Functionality

27


Patrol SNMP Master and Sub Agent

Only needed when accessing PATROL MIB data !!

Patrol MIB data is KM data

Not needed for :receiving trapssending trapsget/set/walk/... operations

28


Patrol SNMP Master agent configuration

See file ./lib/snmpmagt.cfg default port used to be 1161, community public

No need for BMC master agent if SMUX compatible Master Agent available (eg. AIX)

What about HP ?They use emanate master agent (proprietary from SNMP

Research) Run 2 master agents, one on 161 (default) and one on 1161

(Patrol)

29


Starting Patrol SNMP sub-agent

PATROL SNMP sub-agent can be manually started and stopped from PSLsnmp_agent_start()

starts SNMP sub-agent

snmp_agent_stop()stops SNMP sub-agent

snmp_agent_config() tells if SNMP agent functionality is active

30


PATROL Agent as SNMP sub agent

Ability to send traps

Has an accessible MIBTo access MIB, the master agent must be set up correctly

31


SNMP Traps in Patrol

Automatically :When Patrol event occursTrap destinations : piV1m_List ( + /snmp/trapMibTable=yes)Filter possibility (see config.default for filter options)Through Master Agent or without Master Agent

trapMibTable(yes), trapConfTable (no) - default

From PSL snmp_trap_send : full controlsnmp_trap_raise_std_trap : uses piV1m_List

32


PATROL Agent MIB

33


Objects Table

Contains all the “nodes” from thePATROL namespace, starting fromthe PATH defined in objectsCwd(=objects Current Working Dir)

34


variablesTable

Contains all the “leaves” from thePATROL namespace, starting fromthe PATH defined in objectsCwd(=objects Current Working Dir)

35


Browsing PATROL namespace

Set objectCwd to the tree you want to inspect for example “/”

Go to the desired “node” get the “objectsTable”, you see NT_CPU set objectCwd to “/NT_CPU” … pick inst from objectsTable set objectCwd to “/NT_CPU/CPU_0”… pick param from objectsTable set objectCwd to “/NT_CPU/CPU_0/CPUCpuUtil”

Read the wanted values get the “variablesTable” to find all the attributes

including its value

Problem : No way to protect objectsCwd : other PSL script can change its value in the same time !

36


applicationsTable

Contains all the applicationsloaded in the agent and indexed by application ID

37


applInstTable

Contains all the instancesdiscovered in the agent.Indexed application ID andinstance ID

38


parametersTable

Contains all the parametersin the agent.Indexed by application ID,instance ID and parameter OID

39


Table relationshipsapplicationsTable

id name state ….

0 SOLARIS 0 ….1 CPU 0 ….

2 DISK 0 ….

3 KERNEL 0 ….

4 NFS 0 ….

... …. …. ….

applInstTable

id name status ….

... …. …. ….1.50 CPU 0 ….

2.60 sd5 0 ….

2.61 nfs1 0 ….

2.70 idehd01 0 ….

... …. …. ….

parametersTable

id name value ….

... …. …. ….2.60.150 DSKTps 0 ….

2.61.270 DSKTps 0 ….

2.61.289 DSKBps 0 ….

2.70.300 DSKAvgS.. 0 ….

... …. …. ….

40


Accessing PATROL namespace

Look for the application in “applicationTable”Use that index to get the instances from the

application in “applInstTable”Use both indexes to get the parameters from the

“parametersTable”Get the required attribute from your parameter

This method is “safe” but requires some processing

41


Direct namespace access

“Hooked” on OID of : .variablesTable.variableEntry.variableValue

Need conversion of namespace variable<length> = length of namespace variable<conv> = ascii to value conversion of namespace variable

for example : /CPU = 47.67.80.85

Simply get : bmc.1.1.1.5.1.4.<len>.<conv>

Result :Fastest Namespace accessnot useful for namespace “discovery”Not “walk-able”

42


Execute PSL through SNMP

Set variable “agentExecuteCommand”

Agent will execute immediately

Fail/Success from return value of snmp_set()

43


PATROL Agent as SNMP Manager

Receiving traps

Getting information from SNMP agents

No Master Agent is needed for this !

44


Using PSL to Receive traps

PSL functions :snmp_trap_listen : start listening for traps (open socket)

starts accumulating traps

snmp_trap_ignore : close all listeners (close socket)

snmp_trap_receive : process incoming traps (block/poll based) only 1 per agent

45


Using PSL to Get info from SNMP Agents

What is an SNMP session in PATROL ?snmp_open() : opens an SNMP sessionsnmp_close() : closes an SNMP sessionsnmp_config() : lists the SNMP sessions

No real session (like TCP session) because SNMP = connectionless / stateless

just a memory structure, so ...Easier for the developer … open session once, reuse the

session with the session attributes !Allows you to set timeouts/retries/port Faster

46


PSL functions for SNMP managers

SNMPv1 management functionssnmp_(h_)...snmp_...

Plussnmp_walk

No support for v3 !!Security and administration, get bulk, more

datatypes

47


Q & A

concerns and problems

future

Documents

SNMP in Patrol