Tong Quan Ve Quan Ly Mang (3)

8/6/2019 Tong Quan Ve Quan Ly Mang (3)

1/17

Bi 3 Qu n l lin m ng (MIB-II v SNMP1)

Nguyn Nam H ngBmn K thut My tnh & M ng i hc Thy l i

1 / 17

BI 3 QUN L LIN MNG

MIB-II v SNMPv1Gi i thiu vqun l lin m ngMIB-II

SNMPv1

III.1 Gi i thiu qun l lin mngH thng qun l: thi hnh nhi u kha c nh (15 tnh ch t), lm nn m t c

ch /c cu qun l, trong : nh qu n l (manager), cc i din qu n l (agent), giaothc qun l (protocol) v c s thng tin qu n l (MIB).

Hot ng qun l: Mt hot ng qu n l m ng c th c kh i to b i manager v ch c th

hon thnh v i s tham gia qu n l ca cmanager v agent. Ba lo i hot ng qu n l:+ Truy v n (query). + Thi t lp (set). + Bo co s kin (report).

Kch bn qun l: l mt tp hnh ng qun lm hthng qun lp dngcho m t s kin mng/ i t ng mng, xy ra trong t ng lai c a mt cu hnh m ngcth.

Thnh ph n mng

Nh qu n lMIB

Trm qun l

i dinqun l

MIB

Thnh ph n mng

i dinqun l

MIB

Thnh ph n mng

i dinqun l

MIB

Query

Report

Set


2/17



2 / 17

Kch bn cho php xy d ng quy trnh v n hnh. T ng hnh ng qu n l di nra theo k ch bn th ng ch r tnh hu ng, i t ng p d ng, tham s , hnh th c vth i gian cng cc chnh sch c th.

Mi k ch bn l m t chui trnh t cc hnh ng query, set, report v s cho k tqukhc nhau. chnh l c s ra i ca cc chu Nn qun l v chu Nn thng tin qu nl (SNMP v MIB).

III.2 SNMPv1 v MIB-II

RFC Tiu Nm Tr ng thi1155 C u trc v nh n dng thng tin qu n l cho TCP/IP 1990 Chu Nn

1156 Qu n l m ng TCP/IP d a trn MIB 1990 Chu Nn

1157 SNMP 1990 Chu Nn

1158 Qu n l m ng TCP/IP d a trn MIB-II Nhp

1212 Cc nh ngh a sc tch v MIB 1991 Chu Nn

1213 Qu n l m ng TCP/IP d a trn MIB-II 1991 Chu Nn


3/17



3 / 17

Phn mm khai thc c u trc MIB/SMI c th dng l iReasoning MIB Browser.

- Hnh th MIB c a hthng qu n l nh thno?

- Cc b c xy d ng MIB cho h thng ra sao?- Nhng loi thng ip no c trao i gia manager v agent thc thi cc

hnh ng qun l? V,- Trnh t chui cc thng ip c trao i?

Tm tt lch s :- Giai on u, khng c s chuNn ha, t t c u thc hin thcng.- Giai on tip theo, cc h thng v thnh ph n mng pht tri n phc tp. Mt

sgiao th c c pht tri n (Internet Control Message Protocol - ICMP, PacketInternet Grober - PING) gip ng i dng bi t trang thi ho t ng ca mt thitb no .

- Th i im bt u chu Nn ha l vo kho ng gia nh ng n m 1980, v i t ngphi h p hot ng, ph i h p iu khin (interoperability), c nh du bngmt bn nhp SNMP (cu i 1987) trong khi ch i s ra i ca CMIP


4/17


5/17



5 / 17

Trong th c t, cc MIB u ph thuc giao th c khc nhau m cc nh s n xutphn ph i tun th . Cc giao th c ny (CMIP v SNMP ch ng hn) l khng tr c

tip lm vi c c v i nhau. C n c phin d ch vin, l ASN.1.III.2.2 Cu trc thng tin qun l (OSI SMI)Mc ch chnh c a thng tin qu n l l nh m vo t ng i t ng mng c th, nhndin n, c trng thi, thi t lp trng thi m i cho i t ng.SMI cung c p:

- Mt cu trc ng k chu Nn biu din tham chi u chnh xc/duy nh t it ng qu n l trong MIB.

- Mt c php cho i t ng chung ch ra kiu i t ng c qun l- Quy c t tn cho i t ng qu n l (OID) ph h p v i MIB

t tn i t ng qun l trong MIB- Mi i t ng trong MIB ph i c m t tn g i duy nh t.- Cch t tn tun th phn c p ng k c a y ban tiu chu Nn OSI (cy OSI).- Cy MIB c m t gc (root), sau root l cc cnh (cy con). M i cnh cng c p

c gn m t snguyn t ng dn t tri sang ph i. a ch ny gi l nh danht ng i. ng i duy nh t k tgc n i t ng c lit k, g i l nhdanh tuyt i. Hai nh danh ny n i li v i nhau thnh tn i t ng qun l.V d, 1.3.6.1 l Internet. D i n l:+ Directory(1) : dnh ring cho t ng lai n u d ch vOSI Directory c s dng trn Internet. OID = 1.3.6.1.1

+ Mgmt (2) : t t ccc MIB chu Nn cho Internet u nm d i mgmt. M i khi

mt RFC m i lin quan t i MIB ra i s c IANA (Internet AssignedNumbers Authority) c p cho m t object-identifier d i mgmt. 1.3.6.1.2+ experimental : do IANA qu n l c p pht, dng cho cc th nghim. 1.3.6.1.3

+ private : cc i t ng do ng i dng t nh ngh a, v c IANA c p phts hiu. Cc nh cung c p sn ph Nm mng c th ng k object-identifier chosn ph Nm ca h, v c cp sd i private.enterprises. 1.3.6.1.4


6/17



6 / 17

Ngoi ra:

+ security: dnh cho cc v n an ninh c a i t ng c nh n din trongt ng lai s c mt trong SNMPv2.+ SNMPv2: dnh cho cc ho t ng qun l c m t trong SNMPv2, chng cm rng so v i SNMPv1.

Mi nt trong cy l m t object, c th c gi bng tn ho c id. V d :+ Nt iso.org.dod.internet.mgmt.mib-2.system c OID l 1.3.6.1.2.1.1, ch a tt c

cc object lin quan n thng tin c a mt h thng nh tn ca thit b (iso.org.dod.internet.mgmt.mib-2.system.sysName hay 1.3.6.1.2.1.1.5).

+ OID c a cc hng t thit k nm d i iso.org.dod.internet.private.enterprise.V d: Cisco trong iso.org.dod.internet.private.enterprise.cisco hay 1.3.6.1.4.1.9,

Microsoft trong iso.org.dod.internet.private.enterprise.microsoft (1.3.6.1.4.1.311).

S9 (Cisco) hay 311 (Microsoft) l s dnh ring cho cc cng ty do IANA c p 5.

Nu Cisco hay Microsoft ch to ra m t thit b no , th thi t b ny c th h tr cc MIB chu Nn c nh ngh a sn (nhmib-2) hay h tr MIB c thit k ring. Cc MIB c cng ty no thi t k ring th ph i nm bn d i OID c a cngty .


7/17



7 / 17

C php ca i t ngC php c a i t ng xc nh cu trc, ki u v cc quy t c c php c a i

t ng SNMP.C php c nh ngh a bng lut m ha c bn (BER) c a ASN.1.

internet OBJECT IDENTIFIER ::= {iso org(3) dod(6) 1 }

directory OBJECT IDENTIFIER ::= {internet 1 }

mgmt OBJECT IDENTIFIER ::= {internet 2 }

experimental OBJECT IDENTIFIER ::= {internet 3 }

private OBJECT IDENTIFIER ::= {internet 4 }

Kiu d liu ca i t ng qun lC hai ki u d liu i t ng chnh c sdng trong lin m ng l primitivevconstructor

- Primitive: y l cc ki u d liu n gin nht, khng th phn r thm cna

+ INTEGER: Cc s nguyn: m, d ng v 0.+ OCTET STRING: M t chui lin ti p cc octet (c th rng)

+ NULL: gi tr thhin khng p d ng c v i i t ng ho c thu c tnh+ OBJECT IDENTIFIER: M t chui snguyn (khng m) phn cch b i (cc)

du chm, ch ra tn i t ng- Constructor: L cc ki u d liu c dng xy dng cc ki u khc:

+ SEQUENCE: danh sch c th t (khng thay i) gm cc ki u nhngh a sn.

+ SEQUENCE OF: danh sch c th t(khng thay i) gm mt kiu nhngh a sn.

+ CHOICE: danh sch c th tcc ki u c s n, hoc cc ki u thay th m mt

v ch mt trong s c chn to nn d liu,+ ANY: C th l mt trong s bt ckiu tn ti no


8/17


9/17



9 / 17

SYNTAX: ch ra c php tr u t ng cho i t ng nh m ph h p v i kiu d liu ObjectSyntax nh ngh a trong ASN.1. ObjectSyntax c hai ki u lSimpleSyntax v ApplicationSyntax .

ACCESS: ch ra cch th c truy xu t i t ng MIB b ng lp trnh thng ipgiao th c. Bn kiu con g m: read-only , write-only, read-write, v not-accessible .

STATUS: Ch nh cc yu c u thi hnh cho m t i t ng. Cc l a chn gm: mandatory, optional, v obsolete .

Ba mu i t ng va nu c trong RFC 1115. B n mu sau c thm votrong RFC 1212:

DescrPart: m t i t ng d i dng xu v n bn. Sdng ty .ReferPart: ch ra ph ng thc tham chi u cho t i mt i t ng MIB thu c

module khc. S dng ty .

IndexPart: ch ra shiu hng dng trong m t bng MIB. Gi tr ny r t cn truy xu t ctht i mt i t ng trong MIB.

DefValPart: Ch ra gi tr ngm nh khi m t bn sao i t ng c to ra ln

u tin. S dng ty . nh ngh a bng MIBHai ki u i t ng qu n l trong SNMP MIB: scalar v columnar+ i t ng scalar: gi ng nh mt bin c ki u d liu primitive+ i t ng columnar: l m t mng hai chi u c nh ngh a thng qua

ObjectSyntax. Cc hng v c t ca mng c nh ngh a bng cc ki u SEQUENCEhay SEQUENCE OF.

Cu trc bng MIBEntry 1 Entry 2 . . . Entry N

table row 1table row 2.table row N

Table ::= SEQUENCE OF TableRowTableRow ::= SEQUENCE {

entry1 ::= MIB type1,


10/17



10 / 17

entry2 ::= MIB type2,entryN ::= MIB typeN

}Cc nhmi t ng: (Trang 58-60 ti liu QLMVT)

- Nhm h thng- Nhm giao di n- Nhm d ch a ch - Nhm giao th c IP- Nhm ICMP- Nhm TCP- Nhm UDP

- Nhm EGP- Nhm CMOT- Nhm truy n dn- Nhm SNMP

III.3 SNMP

III.3.1 SNMP l gSNMP Simple Network Management Protocol l giao th c thuc tng ng

dng OSI (t ng 7). C cc c im sau:+ L m t tp h p cc th tc m cc bn tham gia c n tun theo.+ Thi t b hiu v tun th SNMP c gi l SNMP supported ho c SNMP

compartible.

+ SNMP qun l: theo di, l y thng tin, nh n bo co, v c th can thi pcc NE hthng ho t ng theo mu n. SNMP c th :

- Theo di b ng thng, t struyn ca mt router, bi t c tng sbyte

truy n/nhn.- Ly thng tin ti nguyn host: v d my ch c bao nhiu cng,

khng gian tr ng a cng.- T ng nh n cnh bo khi switch c m t port b down.- Ngt k t ni mc port trn switch.

+ SNMP ch y trn n n TCP/IP v qu n l cc thi t b c ni mng TCP/IP.

Thit b c qun l c th l bt c thg c htr TCP/IP.


11/17



11 / 17

+ SNMP dng cc thng ip (bn tin) UDP, l c s qun l thi t b t xa.

+ hot ng, SNMP c n c my qu n l (manager process) v n qu n lchnh my ny cng cc thnh ph n mng k t ni v i my qu n l m chng ng vaitr cc agent (agent process).

+ Hot ng c bn ca SNMP l truy v n, thit lp gi tr MIB.


12/17



12 / 17

III.3.2 Cc phin bn ca SNMPSNMP c 4 phin b n : SNMPv1, SNMPv2c, SNMPv2u v SNMPv3. M i phin

bn c s khc nhau cu trc thng ip v ph ng thc thi hnh. SNMPv1 ph binnht, c nhi u thit b t ng thch v c nhi u phn mm h tr nht. SNMPv3 c bitc thm nhi u tnh n ng bo mt.

III.3.3 Hot ng ca SNMP

Giao th c SNMPv1 c 5 ph ng thc hot ng, t ng ng v i 5 lo i bn tin nh sau :

Gi tin/Ph ng th c Ch c nngGetRequest Manager g i GetRequest cho agent yu c u agent cung c p

thng tin no da vo ObjectID. L u , cng m t thngip GetRequest c th cha nhiu OID ly thng tin t nhiu thit b .

GetNextRequest Manager g i GetNextRequest c ch a mt ObjectID choagent yu cu cung c p thng tin n m k tip ObjectID trong MIB.

SetRequest Manager g i SetRequest cho agent t gi tr cho i t ngca agent d a vo ObjectID.

GetResponse Agent g i GetResponse tr l i cho Manager khi nhn cGetRequest/GetNextRequest

Trap Agent t ng gi Trap cho Manager khi c m t s kin xyra i v i mt object no trong agent.

Lnh GET trc tip ch ra tp cc bi n s c qun l bng ng dn cachng b i ng dn l tnh, bi t tr c.

Lnh GET-NEXTdng duyt cy MIB v thi t lp gi tr . Quy c duytcy: th m nt cha l n l t con tri con ph i. Trt tny c gi l (preorder). T i


13/17



13 / 17

sao ph i c GetNextRequest? V: m t MIB bao g m nhi u OID c sp xp th t nhng khng lin t c, nu bit mt OID th khng xc nh c OID k tip. Do tacn GetNextRequest ly vgi tr ca OID k tip. Nu thc hin GetNextRequestlin tc th ta s ly c ton b thng tin c a agent.

GET v GET-NEXT cho php truy xu t d liu MIB. L nh SET kh i to haythay i gi tr ca hnh ng ca agent, thay i ni dung MIB.

Nh c im ca GET-NEXT l ch cho truy c p mi ln mt hng trong b ng.iu ny c th lm ch m qu trnh i li trn cy, c bit trong tr ng h p bng ckch th c l n. Th ng th h thng ph i qut v truy c p ton b bng. khc phc,SNMPv2 thay l nh GET-NEXT b ng GET-BULK. Lnh GET-BULK truy c p mtshng lin t c a vo payload c a mt khung UDP/IP.

Module agent s t ng gi manager v mt skin ng ng m manager cit nhm k p th i nm bt cc ho t ng bt th ng ca NE b ng lnh TRAP.

Trap l m t s nguyn. Trap c lp v i Request/Response. Request/responsethc hin qun l, trong khi SNMP trap dng cnh bo. Ngu n gi lnh (NE) trap,

gi l Trap Sender v n i nhn trap g i l Trap Receiver. M t trap sender c th ccu hnh gi trap n nhiu trap receiver cng lc. C 2 lo i trap : generic trap vspecific trap).

+ Generic trap c quy nh trong cc chu Nn SNMP,+ Specific trap do ng i dng t nh ngh a. (ng i dng y l hng s n xut

SNMP device).

Theo SNMPv1, generic trap c 7 lo i: (cc s nguyn t 0 .. 6)

+ coldStart: thng bo r ng thi t b gi bn tin ny ang kh i ng ngu i, cuhnh c a n c th b thay i sau khi kh i ng.

+ warmStart: thng bo r ng thi t b gi bn tin ny ang kh i ng li v gi nguyn c u hnh c .

+ linkDown: thng bo r ng thi t b gi bn tin ny pht hi n c mt trongcc k t ni (fanin/fanout) c a n g p li. Trong b n tin trap c tham s ch ra ifIndex

ca k t ni b li.


14/17



14 / 17

+ linkUp: thng bo r ng thi t b gi bn tin c m t k t ni khi ph c tr li.Trong b n tin trap c tham s ch ra ifIndex c a k t ni c khi ph c.

+ authenticationFailure : thng bo r ng thi t b gi bn tin ny v a c m t

phin ch ng thc khng thnh cng (t cc d ch vnh telnet, ssh, snmp, ftp, ).

+ egpNeighborloss: thng bo m t lin l c v i mt EGP neighbor.+ enterpriseSpecific : thng bo r ng bn tin trap ny khng thu c cc ki u

generic nh trn m n l m t loi bn tin do ng i dng t nh ngh a.Ngoi ra ng i dng (nh s n xut thit b) c th t nh ngh a thm cc trap.

III.3.4 Bo mt SNMPCc c chbo mt gm c :+ community string,

+ view, v

+ SNMP access control list

Community String:

Community stringl mt chu i k t m m i cp SNMP manager v SNMPagent cng chia x , ng vai tr nh mt kh Nu gia 2 bn khi trao i d liu.

Community string c 3 lo i : Read-community, Write-Community v Trap-

Community.

- Thng ip GetRequest, GetNextRequest ch a Read-Community.- Write-Community c dng trong b n tin SetRequest. Agent ch chp nhn

thay i d liu khi write-community 2 bn gi ng nhau.

- Trap-community n m trong b n tin trap c a trap sender g i cho trap receiver.Trap receiver ch nhn v l u trbn tin trap ch khi trap-community 2 bn gi ng nhau,

tuy nhin c ng c nhi u trap receiver c cu hnh nh n tt cbn tin trap m khngquan tm n trap-community.


15/17



15 / 17

ViewView l k thut phn vng quy n t ng tc.Khi manager c read-community th n c th c ton b OID c a agent. Tuy

nhin agent c th quy nh ch cho php c mt sOID c lin quan nhau, t c l ch c c mt phn ca MIB. T p con c a MIB ny g i l view, trn agent c th nhngh a nhiu view. M i view th ng c gn lin v i mt community string.

SNMP ACLNguy c lcommunity string r t l n b i n c d ng plaintext.

SNMP SNMP access control list (ACL) c qun tr mng s dng ngay l p tcngn chn cc manager gi mo. y l m t danh sch a ch IP c php qu nl/gim st agent, n ch p dng ring cho giao th c SNMP v c ci trn agent.Nu mt manager c IP khng c php trong ACL g i request th agent s khng x l, d request c community string l ng.

a scc thi t b t ng thch SNMP u cho php thi t lp SNMP ACL.

III.3.5 Cu trc gi tin SNMPSNMP ch y trn n n UDP nn c u trc gi tin SNMP r t n gin, bao g m :

version, community v data


16/17



16 / 17

+ Version : v1 = 0, v2c = 1, v2u = 2, v3 = 3.

+ Data trong b n tin SNMP g i l PDU (Protocol Data Unit). SNMPv1 c 5 ph ngthc hot ng t ng ng 5 lo i PDU. Tuy nhin ch c 2 lo i nh dng bn tin lPDU v Trap-PDU; trong cc b n tin Get, GetNext, Set, GetResponse c cng nhdng l PDU, cn b n tin Trap c nh dng l Trap-PDU.

TM TT C ba thnh ph n c bn trong n n tng qu n l m ng SNMP g m SMI, MIB v

giao th c qun l.

SNMP SMI nh ngh a ba thnh ph n c bn xy dng MIB: (1) c u trc t ngqut qun l thng tin qu n l (d ng cy v d ng bng) nh m biu din cc it ng qu n l; (2) k php nh ngh a i t ng cng cc ki u d liu ca i t ngcng cc hnh ng m m i i t ng c php th c hin; (3) Quy c t tn it ng sao cho n l duy nh t.

SNMP MIB ch a cc thng tin v cc ph n tmng, ng th i nh ngh a cc

hnh ng c php thi hnh v i tng i t ng cth. Trn th c tch gm hai hnhng c php thi hnh v i phn t mng l theo di (monitoring) v ki m sot(control).

Giao th c qun l SNMP nh ngh a cu trc dng trong trao i thng tin v inm loi PDU khc nhau: GetRequest, GetNextRequest, SetRequest, GetResponde vTrap. N m PDU ny c c thgi tin c a ring n.


17/17



17 / 17

CU HI 1. Qun l lin m ng c ba thnh ph n chnh. l nh ng g?2. S dng mt cu hnh m ng no trnh by cc khi ni m v: thnh ph n

mng, th c thqun l m ng, v giao th c thc th.

3. Trnh by cc giao th c Internet m SNMP ph thuc vo? Nu cc d ch vm

cc giao th c ny cung c p cho SNMP?

4. Cc b c xy d ng mt SNMP PDU c a mt giao th c thc th.5. Community String l g?

6. Trnh by cc trap trong SNMP?

Documents

Tong Quan Ve Quan Ly Mang (3)