- Authors
- Name
- Youngju Kim
- @fjvbn20031
Network Management and SNMP
Systematic network management is essential for reliably operating large-scale networks. Detecting failures, monitoring performance, and managing configurations across networks with thousands of routers, switches, and servers is a highly complex task.
In this post, we examine the overview of network management, the components of management infrastructure, the operating principles of SNMP (Simple Network Management Protocol), and MIB with ASN.1 representation.
1. Network Management Overview
1.1 What Is Network Management
Network management is the activity of monitoring, testing, polling, configuring, analyzing, evaluating, and controlling the hardware, software, and human resources of a network and its components to meet real-time network service requirements at reasonable cost.
1.2 Five Areas of Network Management
Five Areas of Network Management (ISO FCAPS Model)
=====================================================
1. Fault Management
- Network failure detection, logging, alerting
- Failure cause analysis and recovery
- Example: Link down, equipment failure detection
2. Configuration Management
- Managing network device settings
- Configuration change tracking and auditing
- Example: Router interface config, VLAN setup
3. Accounting Management
- Measuring and recording network resource usage
- Collecting billing information
- Example: Per-user bandwidth usage, traffic statistics
4. Performance Management
- Network performance monitoring and optimization
- Traffic pattern analysis, bottleneck detection
- Example: Link utilization, delay, packet loss rate
5. Security Management
- Network access control and security policy management
- Security event monitoring
- Example: Authentication, authorization, audit logs
2. Network Management Infrastructure
2.1 Key Components
Network Management Infrastructure
====================================
+-------------------------------------------+
| Management Server (NMS) |
| [Management Application] |
| [MIB Database] |
| [SNMP Manager] |
+-------------------------------------------+
| | |
SNMP SNMP SNMP
| | |
+--------+--+ +--------+--+ +--------+--+
| Router | | Switch | | Server |
| [Agent] | | [Agent] | | [Agent] |
| [MIB] | | [MIB] | | [MIB] |
+------------+ +------------+ +------------+
Managed Devices
Components:
1. Managing Entity (NMS)
- Runs network management applications
- Collects information from and controls managed devices
2. Managed Device
- Routers, switches, servers, printers, etc.
- Runs agent software
3. Agent
- Process running on managed device
- Collects device status information and stores in MIB
- Responds to NMS requests
4. MIB (Management Information Base)
- Database storing managed object information
- Each object assigned a unique OID
5. Network Management Protocol
- Communication protocol between NMS and agents
- SNMP is the de facto standard
3. SNMP (Simple Network Management Protocol)
3.1 Role of SNMP
SNMP is an application-layer protocol that exchanges management information between the management server (NMS) and agents on managed devices.
SNMP Operation Modes
======================
1. Request-Response
NMS --> [GetRequest] --> Agent
NMS <-- [Response] <-- Agent
2. Trap
NMS <-- [Trap] <-- Agent
(Asynchronous, agent sends voluntarily)
Transport Protocol: UDP
- GetRequest/SetRequest: UDP port 161
- Trap: UDP port 162
Reason: Must operate even during network failures,
avoiding TCP connection setup overhead
3.2 SNMP PDU (Protocol Data Unit)
SNMP Message Types
====================
Message Type | Direction | Description
----------------+-----------------+----------------------------------
GetRequest | NMS -> Agent | Request one or more MIB object values
GetNextRequest | NMS -> Agent | Request next object value in MIB tree
GetBulkRequest | NMS -> Agent | Request many MIB values at once (v2)
SetRequest | NMS -> Agent | Set MIB object value (config change)
Response | Agent -> NMS | Response to request (with values)
Trap | Agent -> NMS | Async event notification (unsolicited)
InformRequest | NMS -> NMS | Inter-manager information transfer (v2)
3.3 SNMP Operation Examples
SNMP Operation Scenarios
==========================
Scenario 1: Interface Status Query
NMS: "Tell me the status of eth0 on router R1"
--> GetRequest (OID: 1.3.6.1.2.1.2.2.1.8.1)
Agent: "eth0 is in up state"
<-- Response (Value: 1 = up)
Scenario 2: MIB Table Walk
NMS: "First interface info"
--> GetNextRequest (OID: 1.3.6.1.2.1.2.2.1)
Agent: "ifIndex.1 = 1"
<-- Response
NMS: "Next info"
--> GetNextRequest (OID: 1.3.6.1.2.1.2.2.1.1.1)
Agent: "ifDescr.1 = eth0"
<-- Response
Scenario 3: Failure Alert (Trap)
Agent: "Link eth0 is down!"
--> Trap (linkDown, ifIndex=1)
NMS: Receives alert and notifies administrator
4. SMI (Structure of Management Information)
4.1 Role of SMI
SMI provides the rules and structure for defining MIB objects. It specifies the naming, data types, and encoding methods for MIB objects.
What SMI Defines
==================
1. Object Names: OID (Object Identifier)
- Hierarchical tree structure
- Dot-separated numeric strings
- Example: 1.3.6.1.2.1.1.1 = sysDescr
2. Data Types: ASN.1 base types
- INTEGER
- OCTET STRING
- Counter32
- Gauge32
- TimeTicks
- IpAddress
3. Encoding: BER (Basic Encoding Rules)
- TLV (Type-Length-Value) format
- Byte encoding for network transmission
4.2 OID Tree Structure
OID (Object Identifier) Tree
================================
root
/ | \
iso(1) ...
|
org(3)
|
dod(6)
|
internet(1)
/ | \
mgmt(2) private(4) ...
| |
mib-2(1) enterprises(1)
/ | \ |
system interfaces ip ...
(1) (2) (4)
| |
sysDescr ifNumber
(1.1) (2.1)
Full OID Examples:
sysDescr = 1.3.6.1.2.1.1.1
iso.org.dod.internet.mgmt.mib-2.system.sysDescr
ifNumber = 1.3.6.1.2.1.2.1
iso.org.dod.internet.mgmt.mib-2.interfaces.ifNumber
5. MIB (Management Information Base)
5.1 MIB-2 Key Groups
MIB-2 Object Groups
======================
Group | OID | Description
---------------+-------------------+---------------------------
system (1) | 1.3.6.1.2.1.1 | System basic information
interfaces (2) | 1.3.6.1.2.1.2 | Network interfaces
at (3) | 1.3.6.1.2.1.3 | Address translation (ARP)
ip (4) | 1.3.6.1.2.1.4 | IP protocol statistics
icmp (5) | 1.3.6.1.2.1.5 | ICMP statistics
tcp (6) | 1.3.6.1.2.1.6 | TCP statistics
udp (7) | 1.3.6.1.2.1.7 | UDP statistics
snmp (11) | 1.3.6.1.2.1.11 | SNMP self statistics
5.2 MIB Object Examples
system Group Objects
======================
OID | Name | Type | Description
-----------------------+--------------+-------------+-------------
1.3.6.1.2.1.1.1 | sysDescr | OCTET STRING| System description
1.3.6.1.2.1.1.2 | sysObjectID | OID | Vendor identifier
1.3.6.1.2.1.1.3 | sysUpTime | TimeTicks | Uptime
1.3.6.1.2.1.1.4 | sysContact | OCTET STRING| Admin contact
1.3.6.1.2.1.1.5 | sysName | OCTET STRING| Device name
1.3.6.1.2.1.1.6 | sysLocation | OCTET STRING| Device location
interfaces Group (ifTable):
OID | Name | Description
-----------------------+--------------+------------------
1.3.6.1.2.1.2.2.1.1 | ifIndex | Interface number
1.3.6.1.2.1.2.2.1.2 | ifDescr | Interface description
1.3.6.1.2.1.2.2.1.5 | ifSpeed | Interface speed
1.3.6.1.2.1.2.2.1.8 | ifOperStatus | Operational status (1=up)
1.3.6.1.2.1.2.2.1.10 | ifInOctets | Received bytes
1.3.6.1.2.1.2.2.1.16 | ifOutOctets | Transmitted bytes
6. ASN.1 (Abstract Syntax Notation One)
6.1 Role of ASN.1
ASN.1 is a standard notation for defining the structure of network management data. It is used for formal definition of MIB objects.
ASN.1 MIB Object Definition Example
=======================================
sysDescr OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..255))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A textual description of the entity."
::= { system 1 }
ifOperStatus OBJECT-TYPE
SYNTAX INTEGER {
up(1),
down(2),
testing(3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The current operational state of the interface."
::= { ifEntry 8 }
6.2 BER Encoding
BER (Basic Encoding Rules) TLV Format
=========================================
Each data element encoded as Tag-Length-Value
+------+--------+-------+
| Tag | Length | Value |
+------+--------+-------+
Example: Encoding INTEGER value 5
Tag: 02 (INTEGER type)
Length: 01 (1 byte)
Value: 05
Encoded result: 02 01 05
Example: Encoding OCTET STRING "Hi"
Tag: 04 (OCTET STRING type)
Length: 02 (2 bytes)
Value: 48 69 (ASCII for "Hi")
Encoded result: 04 02 48 69
7. SNMP Version Evolution
7.1 SNMPv1, v2c, v3 Comparison
SNMP Version Comparison
=========================
Item | SNMPv1 | SNMPv2c | SNMPv3
---------------+---------------+---------------+--------------
Release | 1988 | 1996 | 2004
Security | Community str.| Community str.| USM (Auth+Enc)
Authentication | Plaintext | Plaintext | HMAC-MD5/SHA
Encryption | None | None | DES/AES
Access Control | Basic | Basic | VACM (granular)
Bulk Transfer | None | GetBulk | GetBulk
7.2 SNMPv3 Security Model
SNMPv3 Security Architecture
===============================
USM (User-based Security Model):
3 Authentication Levels:
1. noAuthNoPriv: No authentication, no encryption
- Access by username only
- For environments where security is unnecessary
2. authNoPriv: Authentication, no encryption
- Message authentication via HMAC-MD5 or HMAC-SHA
- Prevents tampering, eavesdropping possible
3. authPriv: Authentication and encryption
- Authentication: HMAC-MD5/SHA
- Encryption: DES or AES
- Prevents both eavesdropping and tampering
VACM (View-based Access Control Model):
- Define accessible MIB views per user
- Granular access control: read-only, read-write, etc.
- Different views assignable by security level
8. Modern Network Management Tools
Beyond SNMP: Modern Network Management
==========================================
Tool/Technology | Purpose | Features
----------------+----------------------+----------------------------
SNMP | Device monitoring | Standard, lightweight, legacy
NetFlow/sFlow | Traffic analysis | Flow-based detailed analysis
YANG/NETCONF | Config management | XML-based, transaction support
gNMI/gRPC | Telemetry | Streaming, high performance
Prometheus | Metric collection | Pull-based, time-series DB
Grafana | Visualization | Dashboards, alerting
Ansible | Automated config | Agentless, idempotent
Terraform | Infrastructure as Code| IaC, declarative config
Evolution Direction:
1. SNMP: Still used for basic device monitoring
2. NETCONF/YANG: Overcomes SNMP config management limitations
3. Streaming Telemetry: Real-time data collection
4. SDN: Centralized network management and control
9. Network Management Hands-On Example
SNMP Command Examples (snmpwalk, snmpget)
============================================
System Info Query:
snmpget -v2c -c public 192.168.1.1 sysDescr.0
Response: "Cisco IOS Software, Version 15.1"
snmpget -v2c -c public 192.168.1.1 sysUpTime.0
Response: 12345678 (1/100 sec units = ~1.4 days)
Interface Status Query:
snmpwalk -v2c -c public 192.168.1.1 ifOperStatus
Response:
ifOperStatus.1 = up(1)
ifOperStatus.2 = down(2)
ifOperStatus.3 = up(1)
Traffic Statistics Query:
snmpget -v2c -c public 192.168.1.1 ifInOctets.1
Response: 1234567890 (received bytes)
snmpget -v2c -c public 192.168.1.1 ifOutOctets.1
Response: 987654321 (transmitted bytes)
10. Summary
| Concept | Key Points |
|---|---|
| FCAPS | Five management areas: Fault, Config, Accounting, Performance, Security |
| SNMP | UDP-based network management protocol (ports 161/162) |
| MIB | Managed object information store, identified by OID |
| OID | Hierarchical tree-structured object identifier |
| SMI | Rules and structure for MIB object definition |
| ASN.1 | Data structure notation, encoded with BER |
| SNMPv3 | USM (auth/encryption) + VACM (access control) security |
| Trap | Agent asynchronously notifies NMS of events |
This post concludes the Computer Networking series. We have examined the entire Internet protocol stack, from the application layer to the physical layer. Understanding what problems each layer solves and how they cooperate with each other is what matters most.
References
- James F. Kurose, Keith W. Ross, "Computer Networking: A Top-Down Approach", 6th Edition, Chapter 9
- RFC 3411 - Architecture for SNMP Management Frameworks
- RFC 3414 - User-based Security Model (USM) for SNMPv3
- RFC 3415 - View-based Access Control Model (VACM) for SNMP