standard MIB organization from the root to additional branches. The branches of the tree serve as logical groupings of related objects. The leaves, or nodes as they are often called, represent individual objects. Also, subtrees are formed and represent both additional intermediate branches and connecting leaves. Objects within a MIB can be referenced by specifying each of the numeric identifiers starting with the top of the tree (or root) and proceeding to the individual leaf or object. The root of the branch is commonly written with a “.”(dot). 400 UNIX System Administration: A Beginner’s Guide Figure 13-2 MIB organization and structure HintHint Accessing MIBs is similar to referencing files within the UNIX operating system. However, one key difference is that UNIX pathnames can be expressed in absolute or relative terms. MIB objects can only be accessed in an absolute manner; the relative format is not available. TEAMFLY Team-Fly ® For example, Figure 13-2 shows root (.) at the topmost position of the tree and sysDescr(1) as the leaf. The common method of expressing object identifiers is to use the dotted notation. This notation requires that a dot separate each branch name or identifier. Often the root is not expressed, as it is implied. To access the sysDescr(1) object, the fully qualified identifier would be written as iso.org.dod.internet.mgmt.mib-2.system.sysDescr This identifier is read from left to right. Objects can also be expressed in a short form by substituting the branch name with the numeric identifier associated with each identifier name. Thus, iso.org.dod.internet.mgmt.mib- 2.system.sysDescr can also be expressed as 1.3.6.1.2.1.1.1. These two expressions are functionally equivalent and reference the same MIB object. By using the structure shown in the figure, an SNMP manager (or MIB browser tool) can drill down into the MIB in an easy yet concise manner. A MIB browser is a software application that traverses a MIB tree, usually showing a graphical display of branches, leaf objects, and associated values. MIB browsers are great for probing an agent for specific information or learning the structure and format of new MIBs. Object Types Within a MIB, different object types represent data structures or values contained in an agent. The objects can represent physical agent attributes, configuration information, or other data. These object types are derived from the Abstract Syntax Notation (ASN.1) standard rules. ASN.1 provides a detailed standard for the implementation and encoding of basic data types that are machine independent and can be transmitted over the network in an unambiguous way. 13 Module 13: Overview of SNMP 401 13 HintHint The reason to choose one identifier form over the other is a matter of preference, although the numeric identifier is much more concise. However, MIB browsers can display MIB objects in either format, thus making it easy to convert from one format to the other. After using SNMP and MIBs for a short while, you will become familiar with both methods and have the opportunity to choose which style is best for you. For us to understand network management, we must be able to read and understand MIB objects. Without a good grasp of MIBs, it will be difficult to use SNMP tools and software to manage a network effectively. Two object data type classes are defined using ASN.1: ● Universal types ● Application types The universal class consists of primitive types that can be used to build additional data types of objects within a MIB. Table 13-1 lists some of the available simple data types found in the universal class. 402 UNIX System Administration: A Beginner’s Guide Ask the ExpertAsk the Expert Question Why are machine independence and unambiguous network transmission important to SNMP or network management? Answer Because network management must address a heterogeneous network environment, a standard way must be provided to ensure that SNMP messages can be transmitted and understood on different systems and devices. Because various computer platforms store information differently, ASN.1 provides a common format. For example, an integer on one system can be expressed with the most significant digit first, while on others it might be expressed with the least significant digit first. Also, ASN.1 data types are found in MIBs. Question Why is it so important to learn the MIB details in this module? Answer The sections in the succeeding modules will focus on using network management tools that manipulate MIB objects. So it seems reasonable to present the types of objects that might be encountered. It is important that the reader understands the different types of objects and why values from these objects are in a certain format or structure. Of equal importance is the access mode of MIB objects, which is discussed in the next section, “Sample MIB Object.” SNMP derives some application data types from the universal class type. These application types define additional sub-types that can be used to represent specific values customized for use within the network management environment. Table 13-2 describes some of the application data types presently available in the application class. Module 13: Overview of SNMP 403 13 ASN.1 Data Type Description INTEGER A data type representing a cardinal number, where no limitation is made on the level of precision that might be required to represent an integer value. OCTET STRING A data type representing zero or more octets, where each octet may take any value from 0 to 255. NULL A data type meant as a placeholder, but currently not used. OBJECT IDENTIFIER A data type representing an authoritatively named object that consists of a sequence of values that specify a MIB tree. SEQUENCE SEQUENCE OF A data type used to denote an ordered list of zero or more elements that contain other ASN.1 types. SEQUENCE OF contains an ordered list of the same ASN.1 type. Table 13-1 SNMP Universal Data Types ASN.1 Data Type Description Counter Counter32 A data type that represents a non-negative integer that increases until it reaches a maximum value and then resets to zero. A counter is an INTEGER that can take a value between 0 and 4294967295. A counter has no defined starting value. Counter64 Just like a counter object except that a counter64 is an INTEGER that can take a value between 0 and 18446744073709551615. DisplayString A data type representing zero or more octets, where each octet may take any value from 0 to 255. A DisplayString is like an OctetString object. Gauge Gauge32 A data type that represents a non-negative integer that may increase or decrease and will trigger at a maximum value. A gauge is like a counter in every other aspect. IpAddress Represents an OCTET STRING that has a length of 4 bytes (32 bits) and where each of the four octets relates to the four bytes of a standard IP address. Table 13-2 SNMP Application Data Types Sample MIB Object MIB objects are important components of network management, and some of the modules in this book specifically describe MIB definitions as they relate to system agents and network management tools. Therefore, when discussing MIBs, the common format shown below will be used: ● Object Name sysDescr ● OID system.1 ● Object Type Octet String ● Access Mode read-only ● Status current ● Description A description of the agent device or entity. This value should include the full name, identification of the system, hardware type, operating system, and network software. It is mandatory that this object type contain only printable ASCII characters. A sample of this object includes the following obtained for a Solaris system: Sun SNMP Agent. This format includes the object name, OID string, object type, access mode, status, and description. The object name is the name used when querying an agent for this particular object. In this example, the sysDescr object is a string that contains a general description of the device or agent contained within the device. The object identifier string, or OID string, shows which group the object is contained in and its logical position in that MIB hierarchy. 404 UNIX System Administration: A Beginner’s Guide ASN.1 Data Type Description Opaque A data type that provides the ability to pass arbitrary information that uses the OCTET STRING data type. NetworkAddress Represents an address from one of several network protocol address standards. Presently, it is the same as IpAddress. TimeTicks Represents a non-negative integer that counts time in hundredths of a second since some established epoch. TimeTicks is like a counter in every other aspect. Table 13-2 SNMP Application Data Types (continued) In this case, it is the first object in the system group. This group can be found within the standard MIB-II definition. The object type is OctetString and can be as long as 255 characters. Recall that Table 13-2 lists the definitions of these ASN.1 types. The access mode indicates how the manager or other tools may manipulate the object. The status field indicates the current status of the object, for example, current or historic. The current status means that the object is presently available within the agent as described within the MIB. That is, if the MIB represents that agent, then all objects labeled as current will be implemented within that agent. Other values can also be used to indicate additional states of the objects. For example, the obsolete reference indicates that the object is no longer supported within the MIB. The deprecated reference can be used to aid interoperability with older versions or implementations of the agent. The description field provides an overview of the object, purpose, and a sample value if appropriate. In the above example, when the sysDescr object is queried, it returns the agent operating system (for example, Solaris), the hostname the agent resides within (socrates), operating system version information, and date information. Another way this book describes MIBs is with a hierarchical graph showing each of the objects laid out in a tree structure. Figure 13-3 shows the general format that represents a MIB tree. In particular, it shows the MIB-II objects found under the system group. As you can see, the formatting includes the use of closed circles ( ) and closed squares ( ). The squares represent discrete objects such as INTEGER and OCTET STRING, but not tables or other groups of objects. The circles represent groups of objects or tables. Also, gray lines and objects that are peripheral further indicate the structure needed to navigate to the group in question. These objects and associated lines that are of interest are drawn in black. Included with these objects is the member index (in parentheses) that shows the relative position of each object within the tree structure. Thus, sysContact(4) is the fourth object within the system group. 13 Module 13: Overview of SNMP 405 HintHint It is very common for those new to SNMP to attempt to alter nonwritable objects. In this case, attempting to alter the sysDescr object will cause the agent to respond with not writable or another error message. SNMP Tables As noted above, an MIB may contain objects that represent physical characteristics of a device or other information contained within an agent. These objects can either be in the form of discrete elements (i.e., individual objects like sysDescr) or, in some cases, two-dimensional tables. Tables store related information that might contain several instances or copies of an MIB object. The best way to illustrate the use of a table is by examining a table within an actual MIB. Defined in the MIB-II standard is the interface group that has the object identifier defined as 1.3.6.1.2.1.2 or iso.org.dod.internet.mgmt .mib-2.interface. Objects within this group represent physical network interfaces and related information installed within a networking device. Performance-related information is also collected and stored within this group. For each interface within a network device, the following information is used to describe the characteristics of the interface and associated configuration: ● Description General description of the interface ● Type The type of interface, such as Ethernet or token ring ● Mtu The maximum transmission size 406 UNIX System Administration: A Beginner’s Guide Figure 13-3 General MIB format Module 13: Overview of SNMP 407 13 ● Speed The transmission speed of the interface ● Physical address The data link protocol or hardware address ● Administration status The current administrative status of the interface ● Operational status The actual operating status of the interface ● Last change The time when the interface became operational Additional objects within the table store the following performance- monitoring information: ● Number of octets (bytes) received or sent ● Number of unicast packets delivered to or sent from higher-level software ● Number of non-unicast packets delivered to or sent from higher-level software ● Number of inbound/outbound packets discarded ● Number of inbound/outbound packets containing errors ● Number of inbound/outbound packets discarded due to bad protocol ● Length of the output packet queue Figure 13-4 shows the structure of the interface group. Tables are used to contain interface information because networking devices can contain more than one interface. For example, a router or switch device can contain literally dozens of interfaces, often supporting different network protocols such as Ethernet, ATM, or FDDI. Using a table provides a straightforward and convenient way to access individual objects within a given interface definition. The interface group includes the ifNumber object, which contains the total number of network interfaces within the networking device. Using the sample data contained in Table 13-3, the ifNumber value would be 2. In this case, the device reports two interfaces: one defined as a pseudointerface and the other defined as an Ethernet. It is common for networking UNIX systems to contain a pseudointerface for internal diagnostic purposes. The rest of the interface group consists of a table called ifTable, which contains a row for each interface defined within the device. This table is 408 UNIX System Administration: A Beginner’s Guide indexed by ifIndex, which contains a value between the range of 1 and the value of ifNumber. The ifIndex object uniquely addresses each column of the table that represents the interface. Table 13-3 shows the entire interface group in the first column and associated values taken from an actual network device in the remaining columns. Each row corresponds to each of the specific MIB objects contained within the ifEntry table. Each ifEntry instance represents an interface defined in the table. To access the object ifDescr for the first interface, one would use the following object identifier (OID) 1.3.6.1.2.1.2.2.1.1 Figure 13-4 Interface group from MIB-II 13 or iso.org.dod.internet.mgmt.mib-2.interface.ifTable.ifEntry.ifDescr The ifDescr object provides a general description of the interface. The objects starting from IfInOctets to IfOutQLen represent traffic counters for device interfaces and can be used to measure network and system performance. Module 13: Overview of SNMP 409 13 MIB Objects IfEntry (1.3.6.1.2.1.2.2.1) IfEntry (1.3.6.1.2.1.2.2.2) IfIndex 1 2 ifDescr Pseudo Interface Ethernet ifType 1 6 ifMtu 1500 1500 IfSpeed 10000000 10000000 ifPhysAddress None 0x00040010ee5d IfAdminStatus 1 1 IfOperStatus 1 1 IfLastChange 0 0 IfInOctets 0 42617 IfInUcastPkts 445 680 IfInNUcastPkts 0 19 IfInDiscards 0 0 IfInErrors 0 5 IfInUnknown-Protos 0 0 IfOutOctets 0 42600 IfOutUcastPkts 445 570 IfOutNUcastPkts 0 94 IfOutDiscards 0 0 IfOutErrors 0 87 IfOutQLen 0 0 ifSpecific null null Table 13-3 Interface Group Instance Table [...]... agent and one or more subagents A single agent is available on the Linux platform Most system agents will usually support a limited number of operating system functions and parameters If we wish to manage database services on this same system via SNMP, this will require that we install another agent to specifically monitor the database functions This poses a problem because both agents will typically... an ordered list of zero or more elements that contain other ASN.1 types ii A data type representing a cardinal number iii A data type meant as a placeholder, but currently not used iv A data type representing an authoritatively named object that consists of a sequence of values that specify a MIB tree 11 Which of the following is information that would be contained in an SNMP table for each interface... used as the primary security mechanism to establish authentication from a network manager to agents within the SNMP The community name or string is used as a password for access to objects This is based on the condition that the network manager knows the agent’s password If the agent has been configured to emit traps, an authenticationFailure trap is generated when a network manager queries an agent... 422 UNIX System Administration: A Beginner’s Guide 1-Minute Drill G What are the advantages of SNMPv3 over previous versions and what are its major current limitations? G Why is a trap message useful? SNMP Response Codes The error codes returned from an SNMPv1 agent are very limited For example, if an SNMP manager requested the set operation on a MIB object, and the agent can’t perform the operation as... managers using the standard SNMP port of 161 For most needs, a single agent approach makes sense and is appropriate However, there are instances when more than one agent is necessary to achieve the desired level of manageability For example, workstation manufacturers will often provide an SNMP agent within their operating system In the case of both Solaris and HP-UX, the vendor provides a master agent... descriptions that are not objects themselves, that can be manipulated by an SNMP manager One good example is the table data structure, where an object describes the shape or size of the table but not the actual rows or columns Accessible-for-notify objects are only available via a notification to a network manager or another agent No direct polling of the object is permitted Read-only objects are not alterable... or more subagents A master agent solves the port conflict problem by becoming the keeper of the standard SNMP port and forwards all the SNMP traffic to the appropriate subagent Subagents are normal SNMP agents, but they are registered with the master agent and assigned nonstandard ports that are used to communicate with the master agent SNMP messages from managers are sent to the master agent, who... be added in a straightforward manner On the negative side, the master agent can pose a problem because it can crash or otherwise become inoperative This would have the adverse effect of disabling the connectivity to all the subagents Because this particular problem can be said of other software systems as well, the risk (although not zero) isn’t necessarily a significant factor Also, because the master... main components of a SNMPv1 message? 6 In the MIB hierarchical tree structure, the represent individual objects 7 What type of objects are not alterable by the network management system, but allow their values to be obtained with a get operation? A Not-accessible B Accessible-for-notify C Read-only D Read-write 13 428 UNIX System Administration: A Beginner’s Guide Mastery Check 8 What does an... information or other statistical data remains accurate rather than getting altered unintentionally Read-write access is necessary when a particular object must be altered to accomplish some specific goal or must be configured in a certain way For example, it might be necessary to disable a router port due to a large number of errors detected on one of its interfaces In this case, the network management system . contained in and its logical position in that MIB hierarchy. 404 UNIX System Administration: A Beginner’s Guide ASN.1 Data Type Description Opaque A data type that provides the ability to pass arbitrary. object. Gauge Gauge32 A data type that represents a non-negative integer that may increase or decrease and will trigger at a maximum value. A gauge is like a counter in every other aspect. IpAddress. the available simple data types found in the universal class. 402 UNIX System Administration: A Beginner’s Guide Ask the ExpertAsk the Expert Question Why are machine independence and unambiguous network