Skip to content Skip to sidebar Skip to footer
Home / Why Use Read-only Access When Working With Snmpv2

Why Use Read-only Access When Working With Snmpv2

Post a Comment
Book Home Essential SNMP Search this book

2.6. SNMP Operations

We've discussed how SNMP organizes information, but we've left out how we really go about gathering management information. Now, we're going to take a look under the hood to see how SNMP does its thing. The Protocol Data Unit (PDU) is the message format that managers and agents use to send and receive information. In that location is a standard PDU format for each of the following SNMP operations:
  • get
  • get-next
  • get-bulk (SNMPv2 and SNMPv3)
  • fix
  • get-response
  • trap
  • notification (SNMPv2 and SNMPv3)
  • inform (SNMPv2 and SNMPv3)
  • report (SNMPv2 and SNMPv3)
Let's have a expect at each of these operations.

two.vi.1. The get Performance

The get asking is initiated by the NMS, which sends the request to the amanuensis. The agent receives the request and processes it to all-time of its ability. Some devices that are under heavy load, such as routers, may not be able to respond to the asking and volition have to drop it. If the amanuensis is successful in gathering the requested information, it sends a become-response back to the NMS, where it is candy. This procedure is illustrated in Effigy 2-five.

Figure 2-5

Figure ii-v. get asking sequence

How did the agent know what the NMS was looking for? I of the items in the go request is a variable binding. A variable binding, or varbind, is a list of MIB objects that allows a request's recipient to see what the originator wants to know. Variable bindings can be thought of as OID=value pairs that make it easy for the originator (the NMS, in this example) to pick out the information it needs when the recipient fills the request and sends back a response. Permit's look at this operation in action: 
$                                  snmpget cisco.ora.com public .1.3.6.1.ii.1.1.6.0                                 arrangement.sysLocation.0 = ""
TIP: All the Unix commands presented in this chapter come from the Net-SNMP agent package (formerly the UCD-SNMP projection), a freely available Unix and Windows NT agent. Chapter 5, "Network-Management Software" provides a URL from which you lot can download the packet. The commands in this packet are summarized in Appendix C, "Net-SNMP Tools".

Several things are going on in this example. First, we're running a command on a Unix host. The control is called snmpget. Its main chore is to facilitate the gathering of management data using a become request. Nosotros've given it three arguments on the control line: the name of the device we would like to query (cisco.ora.com), the read-simply community cord (public), and the OID we would like gathered (.1.three.half dozen.1.2.1.one.6.0). If we wait dorsum at Table 2-5 we see that 1.iii.vi.1.2.1.ane is the arrangement group, but there are two more integers at the finish of the OID: .half-dozen and .0. The .six is actually the MIB variable that nosotros wish to query; its human-readable name is sysLocation. In this case, we would like to see what the system location is set to on the Cisco router. Every bit yous tin see by the response (

system.sysLocation.0 = ""

), the organisation location on this router currently is not prepare to anything. Besides note that the response from snmpget is in variable binding format, OID=value.

There is one more thing to look at. Why does the MIB variable take a .0 tacked on the end? In SNMP, MIB objects are defined by the convention x.y, where 10 is the actual OID of the managed object (in our instance, 1.three.six.i.2.one.1.6 ) and y is the instance identifier. For scalar objects (that is, objects that aren't defined as a row in a table) y is always 0. In the example of a tabular array, the instance identifier lets you select a specific row of the tabular array; 1 is the first row, ii is the 2d row, etc. For case, consider the ifTable object we looked at earlier in this chapter. When looking up values in the ifTable, we would use a nonzero instance identifier to select a particular row

in the table (in this example, a particular network interface).
TIP: Graphical NMS applications, which include most commercial packages, practice not utilise command-line programs to retrieve management information. Nosotros use these commands to requite you a feel for how the retrieval commands work and what they typically return. The information a graphical NMS retrieves and its retrieval procedure are identical to these command-line programs; the NMS but lets y'all formulate queries and displays the results using a more user-friendly GUI.
The gocontrol is useful for retrieving a single MIB object at a time. Trying to manage anything in this fashion tin can be a waste of fourth dimension, though. This is where the go-next command comes in. It allows you to retrieve more than than i object from a device, over a menstruum of time.

two.6.2. The become-next Operation

The become-next operation lets you outcome a sequence of commands to retrieve a group of values from a MIB. In other words, for each MIB object we want to remember, a separate get-next request and get-response are generated. The get-next command traverses a subtree in lexicographic club. Since an OID is a sequence of integers, it's easy for an agent to start at the root of its SMI object tree and piece of work its way down until it finds the OID it is looking for. When the NMS receives a response from the amanuensis for the go-next command it simply issued, information technology problems another get-side by side command. It keeps doing this until the agent returns an error, signifying that the end of the MIB has been reached and there are no more objects left to get. If we look at another example, we can meet this behavior in activity. This time we'll utilize a command called snmpwalk. This command simply facilitates the go-adjacent process for us. Information technology's invoked just similar the snmpget control, except this time we specify which branch to start at (in this instance, the system group): 
$                  snmpwalk cisco.ora.com public system                                organisation.sysDescr.0 = "Cisco Internetwork Operating Organisation Software  ..IOS (tm) 2500 Software (C2500-I-L), Version xi.2(5), RELEASE  SOFTWARE (fc1)..Copyright (c) 1986-1997 past cisco Systems, Inc... Compiled Mon 31-Mar-97 19:53 by ckralik" system.sysObjectID.0 = OID: enterprises.9.ane.19 system.sysUpTime.0 = Timeticks: (27210723) 3 days, 3:35:07.23 system.sysContact.0 = "" system.sysName.0 = "cisco.ora.com" system.sysLocation.0 = "" organisation.sysServices.0 = 6
The get-next sequence returns seven MIB variables. Each of these objects is part of the system group equally it's defined in RFC 1213. We see a system object ID, the amount of time the system has been up, the contact person, etc. Given that yous've merely looked upwardly some object, how does get-next figure out which object to look up adjacent? become-next is based on the concept of the lexicographic ordering of the MIB'southward object tree. This order is fabricated much simpler because every node in the tree is assigned a number. To empathise what this means, let's start at the root of the tree and walk downwardly to the organization node.

To get to the system group (OID 1.3.6.1.2.1.1), nosotros beginning at the root of the object tree and work our way down. Figure 2-6 shows the logical progression from the root of the tree all the mode to the organization group. At each node in the tree, nosotros visit the lowest-numbered co-operative. Thus, when we're at the root node, nosotros commencement past visiting ccitt. This node has no nodes underneath it, so we move to the iso node. Since iso does accept a child we motion to that node, org. The process continues until we reach the organization node. Since each co-operative is made up of ascending integers (ccitt(0) iso(1) join(2), for example), the agent has no problem traversing this tree structure all the way down to the organization(1) group. If nosotros were to proceed this walk, we'd go along to system.1 (organization.sysLocation), system.2, and the other objects in the system group. Adjacent, we'd get to interfaces(2), and and so on.

Figure 2-6

Figure ii-6. Walking the MIB tree

2.6.3. The get-bulk Performance

SNMPv2 defines the become-majority performance, which allows a management application to retrieve a big section of a table at one time. The standard become operation can attempt to remember more than 1 MIB object at once, merely message sizes are limited by the agent'south capabilities. If the agent can't return all the requested responses, it returns an error message with no data. The become-bulk operation, on the other hand, tells the agent to send as much of the response back as information technology can. This means that incomplete responses are possible. Ii fields must be ready when issuing a get-majority command: nonrepeaters and max-repetitions. Nonrepeaters tells the go-majority control that the kickoff N objects tin can be retrieved with a simple go-next performance. Max-repetitions tells the go-bulk command to effort up to Chiliad get-side by side operations to call back the remaining objects. Figure ii-7 shows the get-bulk command sequence.

Figure 2-7

Effigy two-7. get-majority request sequence

In Figure 2-7, nosotros're requesting iii bindings: sysDescr, ifInOctets, and ifOutOctets. The total number of variable bindings that nosotros've requested is given by the formula N + (M * R), where N is the number of nonrepeaters (i.e., scalar objects in the request -- in this example 1, considering sysDescr is the only scalar object), Yard is max-repetitions (in this instance, we've gear up it arbitrarily to 3), and R is the number of nonscalar objects in the request (in this case 2, because ifInOctets and ifOutOctets are both nonscalar). Plugging in the numbers from this case, we get 1 + (iii * 2) = vii, which is the full number of variable bindings that can exist returned past this get-bulk request.

The Net-SNMP package comes with a command for issuing get-bulk queries. If we execute this command using all the parameters previously discussed, it will look like the post-obit: 
$                                  snmpbulkget -v2c -B i 3 linux.ora.com public sysDescr ifInOctets ifOutOctets                                organization.sysDescr.0 = "Linux linux 2.2.5-xv #3 Thu May 27 19:33:18 EDT 1999 i686" interfaces.ifTable.ifEntry.ifInOctets.1 = 70840 interfaces.ifTable.ifEntry.ifOutOctets.1 = 70840 interfaces.ifTable.ifEntry.ifInOctets.two = 143548020 interfaces.ifTable.ifEntry.ifOutOctets.2 = 111725152 interfaces.ifTable.ifEntry.ifInOctets.3 = 0 interfaces.ifTable.ifEntry.ifOutOctets.3 = 0
Since get-majority is an SNMPv2 command, you lot have to tell snmpgetbulk to utilize an SNMPv2 PDU with the -v2c pick. The nonrepeaters and max-repetitions are set with the -B one iii option. This sets nonrepeaters to 1 and max-repetitions to 3. Notice that the control returned seven variable bindings: ane for sysDescr and three each for ifInOctets and ifOutOctets.

2.6.iv. The set Operation

The gear up control is used to change the value of a managed object or to create a new row in a table. Objects that are defined in the MIB as read-write or write-only can be altered or created using this command. It is possible for an NMS to prepare more than ane object at a fourth dimension.

Figure 2-8

Figure 2-eight. gear up asking sequence

Figure 2-8 shows the set request sequence. It'due south similar to the other commands we've seen so far, merely information technology is really irresolute something in the device'due south configuration, as opposed to just retrieving a response to a query. If nosotros look at an example of an actual set up, you volition see the control accept place. The following instance queries the sysLocation variable, then sets it to a value: 

$                                  snmpget cisco.ora.com public system.sysLocation.0                                organization.sysLocation.0 = "" $                                  snmpset cisco.ora.com private organisation.sysLocation.0 southward "Atlanta, GA"                                arrangement.sysLocation.0 = "Atlanta, GA" $                                  snmpget cisco.ora.com public arrangement.sysLocation.0                                system.sysLocation.0 = "Atlanta, GA"
The first command is the familiar get command, which displays the current value of sysLocation. In one of the previous examples nosotros saw that information technology was undefined; this is still the case. The 2d command is snmpset. For this command, nosotros supply the hostname, the read-write customs string (private), and the variable we want to ready (system.sysLocation.0), together with its new value (south "Atlanta, GA"). The s tells snmpset that we want to gear up the value of sysLocation to a string; and "Atlanta, GA" is the new value itself. How do we know that sysLocation requires a string value? The definition of sysLocation in RFC 1213 looks similar this: 
sysLocation OBJECT-TYPE     SYNTAX  DisplayString (SIZE (0..255))     Access  read-write     STATUS  mandatory     DESCRIPTION         "The physical location of this node (e.m., 'telephone cupboard,          tertiary floor')."     ::= { system 6 }
The SYNTAX for sysLocation is DisplayString (SIZE (0..255)), which means that information technology's a string with a maximum length of 255 characters. The snmpset command succeeds and reports the new value of sysLocation. Just just to confirm, nosotros run a concluding snmpget, which tells united states that the ready actually took effect. It is possible to set more than i object at a fourth dimension, just if whatsoever of the sets neglect, they all neglect (i.due east., no values are changed). This behavior is intended.

2.6.5. get, become-next, get-bulk, and set Error Responses

Error responses help y'all determine wether your get or fix asking was processed correctly past the agent. The get, go-next, and set operations can return the fault responses shown in Table two-vi. The error status for each error is prove in parentheses.

Table two-6. SNMPv1 Fault Messages

SNMPv1 Error Bulletin Description 
noError(0)
 In that location was no problem performing the request. 
tooBig(one)
 The response to your asking was also large to fit into 1 response. 
noSuchName(two)
 An agent was asked to become or set an OID that information technology can't observe; i.east., the OID doesn't exist. 
badValue(three)
 A read-write or write-only object was prepare to an inconsistent value. 
readOnly(4)
 This mistake is generally not used. The noSuchName fault is equivalent to this one. 
genErr(v)
 This is a catch-all mistake. If an mistake occurs for which none of the previous messages is appropriate, a genError is issued.

The SNMPv1 error messages are not very robust. In an try to fix this problem, SNMPv2 defines boosted error responses that are valid for get, set, go-side by side, and become-bulk operations, provided that both the amanuensis and NMS back up SNMPv2. These responses are listed in Table 2-7.

Table 2-seven. SNMPv2 Error Letters

SNMPv2 Error Message Description 
noAccess(6)
 		A set to an inaccessible variable was attempted. This typically occurs when the variable has an Access blazon of not-accessible. 
wrongType(7)
 An object was set to a blazon that is unlike from its definition. This mistake will occur if you lot try to set an object that is of type INTEGER to a cord, for example. 
wrongLength(viii)
 An object'southward value was set to something other than what it calls for. For instance, a string tin can be defined to have a maximum graphic symbol size. This fault occurs if you effort to set a string object to a value that exceeds its maximum length. 
wrongEncoding(9)
 		A set operation was attempted using the wrong encoding for the object being set. 
wrongValue(10)
 A variable was set to a value it doesn't understand. This can occur when a read-write is defined equally an enumeration, and you try to set it to a value that is not one of the enumerated types. 
noCreation(xi)
 		Yous tried to fix a nonexistent variable or create a variable that doesn't exist in the MIB. 
inconsistentValue
 A MIB variable is in an inconsistent state, and is not accepting whatsoever set requests. 
resourceUnavailable(13)
 No organization resource are bachelor to perform a set. 
commitFailed(14)
 This is a catch-all error for fix failures. 
undoFailed(fifteen)
 A gear up failed and the agent was unable to curlicue back all the previous fixsouth up until the bespeak of failure. 
authorizationError(xvi)
 		An SNMP command could non be authenticated; in other words, someone has supplied an wrong community string. 
notWritable(17)
 A variable will not take a ready, even though it is supposed to. 
inconsistentName(18)
 You attempted to set a variable, but that attempt failed because the variable was in some kind of inconsistent state.

2.half-dozen.6. SNMP Traps

A trap is a manner for an amanuensis to tell the NMS that something bad has happened. In the Department ane.iii, "Managers and Agents" of Chapter i, "What Is SNMP?" nosotros explored the notion of traps at a general level; now we'll look at them in a bit more particular. Figure 2-9 shows the trap-generation sequence.

Figure 2-9

Figure 2-9. Trap generation

The trap originates from the agent and is sent to the trap destination, every bit configured within the agent itself. The trap destination is typically the IP address of the NMS. No acknowledgment is sent from the NMS to the agent, so the agent has no mode of knowing if the trap makes it to the NMS. Since SNMP uses UDP, and since traps are designed to report problems with your network, traps are peculiarly prone to getting lost and not making it to their destinations. However, the fact that traps can become lost doesn't brand them any less useful; in a well-planned environment, they are an integral part of network direction. It's better for your equipment to try to tell you that something is incorrect, even if the bulletin may never reach you, than merely to surrender and let you lot approximate what happened. Here are a few situations that a trap might report:
  • A network interface on the device (where the agent is running) has gone down.
  • A network interface on the device (where the agent is running) has come support.
  • An incoming telephone call to a modem rack was unable to establish a connection to a modem.
  • The fan on a switch or router has failed.

When an NMS receives a trap, it needs to know how to interpret it; that is, it needs to know what the trap means and how to interpret the data it carries. A trap is offset identified by its generic trap number. There are seven generic trap numbers (0-6), shown in Table 2-8. Generic trap 6 is a special catch-all category for "enterprise-specific" traps, which are traps defined by vendors or users that fall outside of the half-dozen generic trap categories. Enterprise-specific traps are farther identified by an enterprise ID (i.e., an object ID somewhere in the enterprises branch of the MIB tree, iso.org.dod.internet.private.enterprises) and a specific trap number chosen by the enterprise that divers the trap. Thus, the object ID of an enterprise-specific trap is enterprise-id.specific-trap-number. For instance, when Cisco defines special traps for its individual MIBs, it places them all in its enterprise-specific MIB tree (iso.org.dod.internet.private.enterprises.cisco). Every bit we'll see in Chapter 10, "Traps", y'all are gratuitous to define your ain enterprise-specific traps; the only requirement is that you register your ain enterprise number with IANA.

A trap is usually packed with information. Every bit you'd look, this information is in the form of MIB objects and their values; as mentioned earlier, these object-value pairs are known as variable bindings. For the generic traps 0 through five, knowledge of what the trap contains is generally congenital into the NMS software or trap receiver. The variable bindings independent by an enterprise-specific trap are determined past whomever defined the trap. For instance, if a modem in a modem rack fails, the rack's amanuensis may send a trap to the NMS informing it of the failure. The trap volition most likely be an enterprise-specific trap defined by the rack'southward manufacturer; the trap'south contents are up to the manufacturer, merely information technology will probably contain enough information to permit you make up one's mind exactly what failed (for example, the position of the modem card in the rack and the channel on the modem carte).

Table 2-eight. Generic Traps

Generic Trap Name and Number Definition
coldStart (0) Indicates that the agent has rebooted. All management variables will be reset; specifically, Countersouthward and Estimatesouth will be reset to zero (0). One overnice thing well-nigh the coldStart trap is that information technology can be used to determine when new hardware is added to the network. When a device is powered on, it sends this trap to its trap destination. If the trap destination is set correctly (i.e., to the IP address of your NMS) the NMS can receive the trap and make up one's mind whether it needs to manage the device.
warmStart (1) Indicates that the agent has reinitialized itself. None of the management variables will exist reset.
linkDown (2) Sent when an interface on a device goes down. The commencement variable bounden identifies which interface went down.
linkUp (3) Sent when an interface on a device comes support. The first variable binding identifies which interface came support.
authenticationFailure (four) Indicates that someone has tried to query your agent with an incorrect community cord; useful in determining if someone is trying to gain unauthorized access to one of your devices.
egpNeighborLoss (v) Indicates that an Outside Gateway Protocol (EGP) neighbor has gone downwards.
enterpriseSpecific (six) Indicates that the trap is enterprise-specific. SNMP vendors and users define their own traps nether the individual-enterprise branch of the SMI object tree. To process this trap properly, the NMS has to decode the specific trap number that is part of the SNMP message.

In Affiliate i, "What Is SNMP?" nosotros mentioned that RFC 1697 is the RDBMS MIB. One of traps defined by this MIB is rdbmsOutOfSpace : 

rdbmsOutOfSpace TRAP-Blazon     ENTERPRISE  rdbmsTraps     VARIABLES   { rdbmsSrvInfoDiskOutOfSpaces }     Description         "An rdbmsOutOfSpace trap signifies that i of the database          servers managed by this agent has been unable to allocate          infinite for i of the databases managed by this agent. Care          should be taken to avoid flooding the network with these traps."     ::= ii

The enterprise is rdbmsTraps and the specific trap number is 2. This trap has ane variable binding, rdbmsSrvInfoDiskOutOfSpaces. If nosotros look elsewhere in the MIB, nosotros volition observe that this variable is a scalar object. Its definition is: 

rdbmsSrvInfoDiskOutOfSpaces OBJECT-Type     SYNTAX  Counter     ACCESS  read-just     Status  mandatory     DESCRIPTION         "The total number of times the server has been unable to obtain          deejay space that information technology wanted, since server startup. This would exist          inspected by an amanuensis on receipt of an rdbmsOutOfSpace trap."     ::= { rdbmsSrvInfoEntry  9 }

The

Clarification

for this object indicates why the notation about taking care to avoid flooding the network (in the

DESCRIPTION

text for the

TRAP-TYPE

) is so important. Every fourth dimension the RDBMS is unable to allocate infinite for the database, the agent will transport a trap. A decorated (and full) database could end up sending this trap thousands of times a twenty-four hour period.

Some commercial RDBMS vendors, such as Oracle, provide an SNMP agent with their database engines. Agents such as these typically have functionality above and beyond that constitute in the RDBMS MIB.

Library Navigation Links

Copyright © 2002 O'Reilly & Associates. All rights reserved.

sislercathe1974.blogspot.com

Source: https://docstore.mik.ua/orelly/networking_2ndEd/snmp/ch02_06.htm

Post a Comment for "Why Use Read-only Access When Working With Snmpv2"