Archive-name: snmp-faq/part1 Posting-Frequency: every few months or so Last-Modified: 2 Jul 2003 Version: 2.57 comp.protocols.snmp PART 1 of 2 FAQ - Frequently Asked Questions - FAQ Simple Network Management Protocol ---------------------------------- This 2-part document is provided as a service by and for the readers and droogs of Internet USENET news group comp.protocols.snmp and may be used for research and educational purposes only. Any commercial use of the text may be in violation of copyright laws under the terms of the Berne Convention. My lawyer can whup your lawyer. Anthology Edition Copyright 2002,2003 Thomas R. Cikoski, All Rights Reserved ------------------------------------------------------------ Please feel free to EMail corrections, enhancements, and/or additions to the Reply-To address, above. Your input will receive full credit in this FAQ unless you request otherwise. mailto:splinter@panix.com As a result of the abuses of EMail now taking place on the Internet, we have a policy of NOT providing the EMail address of individual contributors in these postings. We will continue to provide EMail addresses of commercial contributors unless requested not to. ------------------------------------------------------------- A NOTE ON WEB SITES AND URLS: THEY MAY BE OBSOLETE! Neither the contributors nor the editor of this FAQ are responsible for the stability or accuracy of any URL, Web site address, or EMail address listed herein. We take reasonable care to ensure that these data are transcribed correctly and are always open to correction. If, however, a particular URL disappears from the Web there is not much we can do about it. ------------------------------------------------------------- Please also visit our cousin newsgroup news://comp.dcom.net-management. New this month: -------------- > More of the usual stuff Note on host names and addresses: please email me with any changes to URLs, host names or IP addresses. The MIT host rtfm has an autoresponder which always replies to postings with an incorrect IP. It would be nice if every host had that, but they don't, so I need your assistance. SUBJECT: TABLE OF CONTENTS 1.00.00 FAQ PART 1 of 2: IN THIS DOCUMENT 1.01.00 --General 1.01.01 What is the purpose of this FAQ? 1.01.02 Where can I Obtain This FAQ? 1.01.03 Parlez-vous francais? 1.01.04 Why is SNMP like golf? 1.01.05 What is a droog anyway? 1.01.50 HELP ME! MY SNMP PRODUCT IS DUE NEXT WEEK! 1.01.99 This FAQ Stinks! 1.10.00 --General Questions about SNMP and SNMPv1 1.10.01 What is SNMP? 1.10.02 How do I develop and use SNMP technology? 1.10.04 How does the Manager know that its SET arrived? 1.10.10 How does an Agent know where to send a Trap? 1.10.12 Which community string does the agent return? 1.10.15 How can I remotely manage community strings? 1.10.17 What is the largest SNMP message? 1.10.30 Are there security problems with SNMP? 1.11.00 --RFC 1.11.01 What is an RFC? 1.11.02 Where can I get RFC text? 1.12.00 --SNMP Reference 1.12.01 What books are there which cover SNMP? 1.12.02 What periodicals are heavily oriented to SNMP? 1.12.03 What classes are available on the topic of SNMP? 1.12.04 What email discussion groups are available for SNMP? 1.12.05 What trade shows cater to SNMP? 1.12.06 What SNMP product User Groups are available? 1.12.07 Where can I find SNMP-related material on WWW? 1.12.08 What related mailing lists exist? 1.12.20 What related newsgroups exist? 1.12.21 Are there introductory materials? 1.13.00 --Miscellaneous 1.13.01 SNMP and Autodiscovery 1.13.02 SNMP Traps and NOTIFICATION-TYPE 1.13.03 SNMP and/versus The Web 1.13.04 SNMP and Java 1.13.05 SNMP and CORBA 1.13.06 SNMP and Visual Basic 1.13.07 SNMP and IPv6 1.13.10 SNMP and C# 1.13.12 SNMP and Perl 1.20.00 --General Questions about SNMPv2 1.20.01 What is SNMPv2? 1.20.02 What is SNMPv2*/SNMPv1+/SNMPv1.5? 1.20.03 What is SNMPv2c? 1.20.04 What the heck other SNMPv's are there? 1.22.00 --General Questions about SNMPv3 1.22.01 What is SNMP V3? 1.30.00 --RMON 1.30.01 What is RMON? 1.30.02 RMON Standardization Status 1.30.03 RMON Working Group. 1.30.04 Joining the RMON Working Group Mailing List 1.30.05 Historical RMON Records 1.30.06 RMON Documents 1.30.07 RMON2 1.40.00 --ISODE 1.40.01 What is ISODE? 1.40.02 Where can I get ISODE? 1.40.03 Is there an ISODE/SNMP mailing list? 1.50.00 --Using SNMP to Monitor or Manage 1.50.01 How do I calculate utilization using SNMP? 1.50.02 What are Appropriate Operating Thresholds? 1.50.03 Are MIBs available to monitor application traffic? 1.50.04 How can I make sense of the Interfaces Group? 1.50.10 When do I use GETBULK versus GETNEXT? 1.50.12 What free products can be used to monitor? 1.75.00 -- SNMP Engineering and Consulting 1.75.01 SNMP Engineering and Consulting Firms 2.00.00 FAQ PART 2 of 2: NOT IN THIS DOCUMENT 2.01.00 --CMIP 2.01.01 What is CMIP? 2.01.02 What books should I read about CMIP? 2.01.03 A CMISE/GDMO Mailing List 2.01.04 What is OMNIPoint? 2.02.00 --Other Network Management Protocols 2.02.01 What alternatives exist to SNMP? 2.10.00 --SNMP Software and Related Products 2.10.01 Where can I get Public Domain SNMP software? 2.11.01 Where can I get Proprietary SNMP software? 2.12.01 Where can I get SNMP Shareware? 2.13.01 Miscellaneous FTP and WWW Sources 2.14.01 What CMIP software is available? 2.15.01 SNMP and Windows NT/95/98 2.16.01 More About CMU SNMP Software 2.17.01 Miscellaneous SNMP-related Products 2.18.01 SNMP and OS/2 2.18.02 SNMP and SCO Unix 2.18.03 SNMP and Linux 2.18.04 SNMP and AS/400 2.20.01 SNMP++ 2.21.01 What is AgentX? 2.25.00 -- SNMP Engineering and Consulting 2.25.01 SNMP Engineering and Consulting Firms 2.30.00 --The SNMP MIB (Management Information Base) 2.30.01 What is a MIB? 2.30.02 What are MIB-I and MIB-II 2.30.03 How do I convert SNMP V1 to SNMP V2 MIBs? 2.30.04 How do I convert SNMP V2 to SNMP V1 MIBs? 2.30.05 What are enterprise MIBs? 2.30.06 Where can I get enterprise MIBs? 2.30.10 Can I mix SMIv1 and SMIv2 in one MIB? 2.31.01 MIB Compiler Topics 2.32.01 How can I get ______ from the _____ MIB? 2.35.01 How can I register an Enterprise MIB? 2.35.02 Where can I find Enterprise Number Assignments? 2.37.01 How Do I Create a Table Within a Table? 2.37.05 How Do I Reset MIB Counters via SNMP? 2.37.07 How can I change a published MIB? 2.38.01 How unique must MIB variable names be? 2.38.03 Explain MODULE-COMPLIANCE versus AGENT-CAPABILITIES 2.38.04 Which parts of my MIB are mandatory? 2.38.10 Can a CMIP MIB be converted to SNMP? 2.38.11 Can an SNMP MIB be converted to CMIP? 2.38.12 Can a table index value legally be zero? 2.38.14 Where can I find the _____ MIB? 2.38.20 How can I convert a MIB to XML Format? 2.38.22 What is the maximum number of entries in a table? 2.40.00 --SMI 2.40.01 What is the SMI? 2.40.02 What is SMIv2? 2.40.03 Table Indexing and SMI 2.40.04 Floating Point Numbers in SMI? 2.40.05 SMIv1 versus SMIv2? 2.45.00 --ASN.1 2.45.01 What is ASN.1? 2.45.02 Why is ASN.1 not definitive for SNMP? 2.45.05 Where can I find a free ASN.1 compiler? 2.50.00 --BER 2.50.01 How is the Integer value -1 encoded? 2.50.02 What is the Maximum Size of an SNMP Message? 2.50.05 Where can I find BER encoding rules? 2.60.00 -- Agent Behavior 2.60.01 Proper Response to empty VarBind in GetRequest? 2.60.02 Master Agent versus Proxy Agent 2.60.03 Proper Response to GET-NEXT on Last MIB Object? 2.60.10 How can I find the SNMP version of an Agent? 2.60.12 How should an agent respond to a broadcast request? 2.60.14 What does an Agent send in a trap? 2.98.00 Appendix A. Glossary 2.99.00 Appendix B. Acknowledgements & Credits 1.00.00 FAQ PART 1 of 2: 1.01.00 --General 1.01.01 SUBJECT: What is the purpose of this FAQ? This FAQ is to serve as a guide to the resources known to be available for helping you to understand SNMP, SNMPv2, and their related technologies. OSI/CMIP is touched on briefly as well because we're fair-minded folk. There is NO INTENT that this be a one-stop SNMP tutorial. There is NO INFERENCE that this is an authoritative or official document of any kind. What you see is what you get. You WILL need to read the books listed herein, maybe even some of the RFCs. You may wish to take a class as well. Just think of this as your "tourist guide book." 1.01.02 SUBJECT: Where Can I Obtain This FAQ? This FAQ is available on the WWW at: http://www.pantherdig.com (both text and HTML formats are available) http://www.snmp.com/FAQs/snmp-faq-part1.txt http://www.snmp.com/FAQs/snmp-faq-part2.txt http://www.faqs.org/faqs/by-newsgroup/comp/comp.protocols.snmp.html http://www.faqs.org/faqs/snmp-faq/ http://www.lib.ox.ac.uk/internet/news/faq/archive/snmp-faq.part1.html http://www.lib.ox.ac.uk/internet/news/faq/archive/snmp-faq.part2.html See also: ftp://ftp.cs.utwente.nl/pub/src/snmp/ http://www.faqs.org/faqs/snmp-faq/part1/index.html http://www.faqs.org/faqs/snmp-faq/part2/index.html You can also find the most recent Web posting via http://www.deja.com/usenet [formerly "dejanews"] and, last but not least, you can use your favorite search engine such as http://www.altavista.digital.com http://www.infoseek.com http://www.yahoo.com This FAQ is officially archived (as with all "licensed" FAQs) at rtfm.mit.edu [18.181.0.24] under /pub/usenet/news.answers as snmp-faq/part1 &/part2, or under /pub/usenet/comp.protocols.snmp as its own self (the only files in that directory). Use anonymous ftp to retrieve or send e-mail to mailto:mail-server@rtfm.mit.edu with "send usenet/news.answers/finding-sources" for instructions on FTP via e-mail. 1.01.03 SUBJECT: Parlez-vous francais? 1.01.03.01 > >Un petit conseil: Si tu postais en anglais, beaucoup plus de gens >pourraient t'aider... > Thomas Galley 1.01.03.02 Alternativement, si tu es vraiment fachez avec l'anglais ;-), poster (ou xposter avec fu2) sur fr.comp.reseaux.supervision. Steve Common 1.01.03.03 If you are in the Bayonne area and would like to forget SNMP for a few hours in a great little country hotel, try L'Auberge de Biaudos (**) RN 117 15mn from Bayonne 05 59 56 79 70 Tom Cikoski 1.01.03.04 SNMP-oriented Web Site hosted en France, avec quelques linques francaises. http://www.snmplink.org Pierrick Simier 1.01.04 SUBJECT: Why is SNMP like golf? > usually the fewer polls you take the better off you are > but you are sometimes lost in the woods > it helps to have a good set of tools in the bag > it helps to have good instruction > you need a few beers after a bad round 1.01.05 SUBJECT: What is a droog anyway? What's a droog? Eric Meyer It is sad to think that an entire new generation of SNMPers has arisen to push their elder brethern and sisteren, who have done such hard, essential pioneer work, out of the way, and are too young to have seen "Clockwork Orange". The label was actually applied to the readership of comp.protocols.snmp by a rather snide and vehement proponent of SMUX. I took it as a badge of honor. 1.01.50 SUBJECT: HELP ME! MY SNMP PRODUCT IS DUE NEXT WEEK! From time to time there appear posts in news:comp.protocols.snmp which bring a tear to the eye of the casual observer. They often have this form: "My boss told me I need to have the SNMP running on our new 100GB Muxiblaster for next week's first release. What is SNMP? Can I have it for Thursday?" Sometimes there come, in private email, messages to regulars of this newsgroup, often in this form: "Please to sending me all SNMP keywords now. Regards." Or: "Tell me [by email] how SNMP differs from TMN and CMIP." Oy! The "simple" in SNMP doesn't mean "trivial". It cannot be learned by flipping through a few emails or news posts. The "simple" in SNMP is only in contrast to protocols which are thought to be even more complex than SNMP. There is no magic solution to learning SNMP. All of us who have mastered the subject did so by 1)reading several books on the subject, 2)reading/playing with the sample code from CMU or NET-SNMP, 3)implementing several trial products over a period of months. If your boss expects SNMP miracles and will not listen to reason, either become a good liar or find a new job. Or, as David Perkins posted in recent response to a newbie: "It will take you at least 6 months or so of studying and usage to "comprehend SNMP very well". I suggest that you read a few books (more than one) on SNMP and RMON, since authors focus on different aspects of the subject area." You can find these resources listed in this FAQ and on several other Web sites devoted to SNMP. Good luck! 1.01.99 SUBJECT: This FAQ Stinks! 1.01.99.01 The material is out-of-date! A concerned reader writes: "The SNMP FAQ contains incorrect sometimes outdated information and it might therefore cause more questions than it answers. What is your policy with regard to corrections? It sometimes looks that you are just adding corrections and not removing the incorrect text. This makes the FAQ difficult to use and it keeps incorrect stuff around, which again causes confusion." "There is also an issue with relationship to other documents. For example, the SimpleTimes contains an up-to-date list of RFCs related to SNMP. The FAQ contains several more or less correct and outdated lists. I think it would be useful in cases like this to just refer to a `reliable' source instead of trying to include information which is not maintained." Editor's note: Our concerned reader is perceptive. We rely on the good will and support of our readers to notice omissions, commissions and deprecations in the FAQ, although we do try and update RFC lists from time to time. We will act on any notice from you that something ought to be changed. Please send me your corrections. URLs change often and we don't have the time to check them routinely. We also publish the large personal collections of several contributors, some of which offer conflicting details. That's the way it is with tribal documents such as this. If any error in this FAQ causes you to waste or loose precious time then you probably expected too much to begin with. Please use it with our good wishes and this disclaimer. 1.01.99.02 In what language should you post? The following exchange once took place ... A> Ich benvtige Wissen |ber SNMP und MIB und MIB II. Bin A> allerdings kein Informatik- oder A> Nachrichtentechnikstudent. Wenn einer von euch helfen kann, A> dann wdre ich sehr dankbar. B> [This is an international newsgroup, so the common language should be english.] While B has a point, we support the right of posters to ask questions in any language. Your best chance of receiving an answer, of course, is if you ask in English. For online translation, try www.babelfish.com. 1.10.00 --General Questions about SNMP and SNMPv1 1.10.01 SUBJECT: What is SNMP? The current state of the art [Ed Note: Jan 2003] is well summarized in every recent RFC which contains a MIB module: The SNMP Management Framework presently consists of five major components: o An overall architecture, described in RFC 2571 [RFC2571]. o Mechanisms for describing and naming objects and events for the purpose of management. The first version of this Structure of Management Information (SMI) is called SMIv1 and is described in STD 16, RFC 1155 [RFC1155], STD 16, RFC 1212 [RFC1212] and RFC 1215 [RFC1215]. The second version, called SMIv2, is described in STD 58, RFC 2578 [RFC2578], RFC 2579 [RFC2579] and RFC 2580 [RFC2580]. o Message protocols for transferring management information. The first version of the SNMP message protocol is called SNMPv1 and is described in STD 15, RFC 1157 [RFC1157]. A second version of the SNMP message protocol, which is not an Internet standards track protocol, is called SNMPv2c and is described in RFC 1901 [RFC1901] and RFC 1906 [RFC1906]. The third version of the message protocol is called SNMPv3 and is described in RFC 1906 [RFC1906], RFC 2572 [RFC2572] and RFC 2574 [RFC2574]. o Protocol operations for accessing management information. The first set of protocol operations and associated PDU formats is described in STD 15, RFC 1157 [RFC1157]. A second set of protocol operations and associated PDU formats is described in RFC 1905 [RFC1905]. o A set of fundamental applications is described in RFC 2573 [RFC2573]. The view-based access control mechanism is described in RFC 2575 [RFC2575]. A more detailed introduction to the current SNMP Management Framework can be found in RFC 2570 [RFC2570]. Juergen Schoenwaelder 1.10.01.01 The Simple Network Management Protocol is a protocol for Internet network management services. It is formally specified in a series of related RFC documents. (Some of these RFCs are in "historic" or "informational" status) RFC 1067 - A Simple Network Management Protocol RFC 1089 - SNMP over Ethernet RFC 1140 - IAB Official Protocol Standards RFC 1147 - Tools for Monitoring and Debugging TCP/IP Internets and Interconnected Devices [superceded by RFC 1470] RFC 1155 - Structure and Identification of Management Information for TCP/IP based internets. RFC 1156 (H)- Management Information Base Network Management of TCP/IP based internets RFC 1157 - A Simple Network Managment Protocol RFC 1158 - Management Information Base Network Management of TCP/IP based internets: MIB-II RFC 1161 (H)- SNMP over OSI RFC 1187 - Bulk Table Retrieval with the SNMP RFC 1212 - Concise MIB Definitions RFC 1213 - Management Information Base for Network Management of TCP/IP-based internets: MIB-II RFC 1215 (I)- A Convention for Defining Traps for use with the SNMP RFC 1224 - Techniques for Managing Asynchronously-Generated Alerts RFC 1270 (I)- SNMP Communication Services RFC 1303 (I)- A Convention for Describing SNMP-based Agents RFC 1470 (I)- A Network Management Tool Catalog RFC 1298 - SNMP over IPX (obsolete, see RFC 1420) RFC 1418 - SNMP over OSI RFC 1419 - SNMP over AppleTalk RFC 1420 - SNMP over IPX (replaces RFC 1298) [EDITOR'S NOTE: RFCs for SNMPv2 and SNMPv3 are under their respective headings.] SNMPv1 is now historic, and SNMPv3 is now standard and is described by RFCs 3410-3418 (note: 3410 is informational). Michael Kirkham 1.10.01.02 "Just a reminder that if you are new to SNMP (or know someone who is) you might want to check out my Web page at:" http://www.inforamp.net/~kjvallil/t/snmp.html Tyler Vallillee Tyler Vallillee has a live SNMP site at http://www.geocities.com/SiliconValley/Horizon/4519/snmp.html I assume this replaced the old link in the FAQ. The page calls a missing javascript file so it gives a 404 instead of loading. Switch off Javascript and the page loads OK. I've mailed Tyler about this so hopefully it will be fixed soon. John Bradshaw 1.10.01.03 You can find the "Intro to SNMP" courtesy of the WayBack machine at www.archive.org: http://web.archive.org/web/20010803180509/www.ddri.com/Doc/ You can probably also find other long-lost URLs there, too. Phil Hord The 'Overview of SNMP' document can currently be located at http://www-t.zhwin.ch/it/ksy/Block07/SNMP_Overview.pdf - I've no idea whether this link is reliable I'm afraid. (Also referenced in FAQs 1.12.07.11 and 1.12.21.01) Bruce Coker The URL for the SNMP overview document given in FAQ section 1.10.01.03 is still active but the document is apparently no longer available from that site, or from the alternative site that the page now refers you to. I did find a copy of the document from May 2001 on the Wayback machine: http://web.archive.org/web/20010602180805/www.ddri.com/Doc/SNMP_Overview.html Alan Levy 1.10.01.04 Concord Communications offers a free network management reference guide that includes the information you are looking for. View online or download it at http://www.concord.com/resctr/survival/guide/intro.htm Rob Tandean 1.10.02 SUBJECT: How do I develop and use SNMP technology? To deploy and use SNMP technology for management involves many steps. If you are a device vendor you need to: 1) decide what aspects of your products you want to be managable via SNMP 2) select the standard MIBs to implement (and the objects/traps within them to implement) 3) create proprietary MIB modules containing objects and traps for the management areas not covered by standard MIBs 4) Select an SNMP agent toolkit vendor 5) put instrumentation in your devices 6) following the directions from the SNMP toolkit vendor, create access routines (which some SNMP toolkit vendors call method routines) to get and set the values of from your instrumentation 7) Select an SNMP agent test package, and test your agent 8) Select an SNMP management API library 9) Write SNMP applications to manage your device If you are an end-user, you need to: 1) determine what SNMP management capability that you have in your current devices 2) determine the SNMP management capability that is available in similar devices from other vendors (in case you need to upgrade or change) 3) determine what you want to accomplish with management 4) find off the self management packages that provide the management functions you want 5) possibly upgrade or replace your current devices with one that are managable with the package you chose. 6) implement additional management functions using scripting 7) implement additional management functions using custom written code using a purchased off the self SNMP management API library 8) configure your agents and applications to talk to each other. David T. Perkins 1.10.04 SUBJECT: How does the Manager know that its SET arrived? Praveen Dulam queried: > SNMP is based on UDP. So the SNMP is not a reliable protocol. Let's say > you did the SNMP SET operation. How do we gurantee that the SNMP SET > packet reached the Agent. > > Do we need to write some application level programming to do this. Yes, the management application and the agent need to work cooperatively to take care of reliability. Note that when an agent acts upon a SET request it will send a response packet that is either a positive or negative acknowledgment (the error code tells which). So the main problem is what to do at the management station when you time out and get no response at all. If the SET operation is idempotent (i.e. a second application on top of a previous one does not change the results) then you can just re-send the SET. That would be the case if you are just storing values. But not all SET operations work that way: there may be side effects when an object is written. Mike Heard 1.10.10 SUBJECT: How does an Agent know where to send a Trap? I've noticed on the comp.protocols.snmp mailing list that the question "how does an agent know where to send traps" (short answer is "its implementation specific", long answer is, indeed, long, but has been well answered numerous times) is, indeed, a Frequently Asked Question. Any chance of adding it to your quite impressive FAQ posting? T. Max Devlin [Editor's Note: What T. Max is getting at here is that the trap destination IP address is not represented in MIB-II, so how can the agent know what it is? The answer is that most agents require an external configuration process to take place before they can be put into service, and that is how the IP address, among other interesting parameters, is set in the agent. How this setup is actually done varies among agent developers.] 1.10.12 SUBJECT: Which community string does the agent return? Holger wrote: > which community string is used in a response to a set-request and which is > used in a response to a get-request? The packet is a turn-around document with respect to the community string. The community string in the response is typically whatever it was in the request. [snip] if you were to use the community-string field for passing different information from the agent back to the manager then it would not be standard SNMP. Since you referred to "the" read/write community string let me point out that there can be multiple read and multiple write communities (although your agent/config file may constrain that in some way). You can use them to provide views of different portions of the mib for instance (but there is no v1/v2c standard for this mapping). The community string is a poor man's password scheme because it is sent unencrypted in v1/v2c packets and tries to to do the job of authentication, privacy, and views. V3 does away with it. Jim Jones [Editor's Note: I would have said "SNMPv3 offers more and better options for security and privacy in SNMP messages."] 1.10.15 SUBJECT: How can I remotely manage community strings? Paul Nye wrote: >I'm looking for a utility that enables me to change community names on >multiple devices from a single management console. > >For example, provided I have the correct SU password, I would like to be >able to identify a subnet or IP address range and the utility would query >any SNMP aware device in the range, test whether the SU/community names are >the same and if so, replace the SU password with one of my choice. Because the methodology for setting community strings is not standardized, every type of device/agent version may have a different mechanism for handling this chore. Therefore, there are no "single console" products for setting community strings. For this to be feasible, you would have to be able to differentiate every agent type, and know how that particular vendor/system/agent handles it. T. Max Devlin 1.10.17 SUBJECT: What is the largest SNMP message? George Chandy wrote: > Is there a limit to the size of messages in SNMP ? Every implementation must at least accept messages of 484 octets in size (RFC 1906). That is the lower limit you can always bet on. The upper limit basically depends on the two SNMP engines that communicate. In most cases, people try to avoid IP fragmentation as it reduces the likelihood that the message reaches its destination. [snip] Note that the only hard limit in the SNMP protocol is the number of varbinds you can have in a PDU. And that limit is 2147483647 - quite a big number if you ask me. Juergen Schoenwaelder Remember that the definitions in a MIB module are architectual, and not implementation limits. Note that the OCTET STRING data type does have a limit of 65535 octets, which will not fit in a UDP packet. Thus, there are limits imposed by the protocol and transport in addition to implementation limits of the SNMP agent or managed system. David T. Perkins 1.10.30 SUBJECT: Are there security problems with SNMP? 1.10.30.01 See http://www.cert.org/advisories/CA-2002-03.html 1.10.30.02 Recently there was a CERT advisory having to do with SNMPv1. The problem was that the code to process SNMP messages when it encountered malformed BER encoding, unsupported ASN.1 tags, or ASN.1 that didn't follow the format of messages did not "do the right thing". The code had programming errors which in some cases caused the code to crash the system. What the SNMP message processing code was suppose to do is increment the counter snmpInASNParseErrs and drop the message. David Perkins 1.11.00 --RFC 1.11.01 SUBJECT: What is an RFC? The letters stand for the title Request For Comment, which is the initial stage in the process for creating Internet standards. RFCs go through several stages of review and refinement before they are adopted as final by the Internet community. 1.11.02 SUBJECT: Where can I get RFC text? 1.11.02.01 On WWW: ------- Ohio State University has an extensive set of RFCs in html (browser) format. To see RFC 9898 (for example), use the following URL: http://www.cis.ohio-state.edu/htbin/rfc/rfc9898.html ^^^^^^^ Put actual RFC number here. Simply change the RFC number in the above URL to access the correct file for your purpose. Also, for an RFC "Home Page" see http://www.cis.ohio-state.edu/hypertext/information/rfc.html 1.11.02.02 RFC-Info Simplified Help submitted by: Mark Wallace ----- Use RFC-Info by sending an email messages to RFC-INFO@ISI.EDU. 1. To get a specific RFC send a message with text as follows: Retrieve: RFC Doc-ID: RFC1500 This gets RFC 1500. All RFC numbers in the Doc-Id are 4 digits (RFC 791 would be Doc-ID: RFC0791). 2. To get a specific FYI send a message with text as follows: Retrieve: FYI Doc-ID: FYI0004 3. To get a list of available RFCs that match a certain criteria: LIST: RFC Keywords: Gateway Returns a list of RFCs with the word Gateway in the title or specified as a keyword. 4. To get information about other ways to get RFCs, FYIs, STDs, or IMRs. HELP: ways_to_get_rfcs HELP: ways_to_get_fyis HELP: ways_to_get_stds HELP: ways_to_get_imrs 5. To get help about using RFC-Info: HELP: help or HELP: topics =============================================================== 1.11.02.03 Other possible sites: ftp.internic.net ftp.uu.net merit.edu nic.ddn.mil - note: avoid using this one, it's SLOW nis.nsf.net src.doc.ic.ac.uk venera.isi.edu ftp.std.com munnari.oz.au \___ Pacific Rim Sites use these archie.au / 1.11.02.04 Use anonymous ftp & look for rfc or pub/rfc directories above. Details on obtaining RFCs via FTP or EMAIL may be obtained by sending an EMAIL message to "rfc-info@ISI.EDU" with the message body "help: ways_to_get_rfcs". For example: >> To: rfc-info@ISI.EDU >> Subject: getting rfcs >> help: ways_to_get_rfcs 1.11.02.05 You can get a CD ROM with all the RFCs as of the date of the CD ROM > Info Magic > 11950 N. Highway 89 > Flagstaff, AZ > (800) 800-6613 > (520) 526-9565 > > http://www.infomagic.com/catalog5.htm#standards > > Title is 'International & Domestic Standards' ($30) Mark Aubrey 1.11.02.06 In Germany and Europe, try Christian Seyb: "I also offer a CDROM with all RFCs as of the date of beginning of Aug 93." The following CDROM is available for DM 98,-- (app. $60) and contains the following software: - Linux SLS V1.03, Kernel 0.99.11 and utilities for Linux - 386BSD version 0.1 including patch-kit 0.2.4 - NetBSD version 0.8 - Utilities for 386BSD and NetBSD - The Berkely Second Networking Distribution - GNU software (gcc 2.4.5, emacs 19.17, gmake 3.68, etc) - X11R5 up to patch 25 and lots of Contributed Software - TeX version 3.14 - The Internet RFCs up to RFC1493 - News, mail and mailbox software and many utilities for Unix Issue: Aug 1993 Contact: CDROM Versand Helga Seyb Fuchsweg 86 Tel: +49-8106-302210 85598 Baldham Fax: +49-8106-302310 Germany Bbs/Fax: +49-8106-34593 Christian Seyb | | Mailbox/uucp/Fax: 08106-34593 1.11.02.07 Aloha and greetings from Cologne, Germany. Maybe it is interested for you, that the Technical University of Cologne has a good script which translate the RFCs into HTML-RFCs. So you can link between the RFCs and you can get online. You can try it by using the URL http://rfc.fh-koeln.de/rfc.html 1.11.02.08 General RFC Information http://www.cis.ohio-state.edu/hypertext/information/rfc.html Praveen 1.11.02.09 http://www.simple-times.org/pub/simple-times/issues/8-1.html#standards 2/3 down the page is a complete list of SNMP RFCs 1.11.02.10 http://www.simpleweb.org maintains up-to-date RFC list for network management. 1.11.02.11 Try here: http://www.rfc-editor.org/ I grab a copy of the RFC Index every once in a while and do my searches on that. You can get the index here (it's about 540K): ftp://ftp.rfc-editor.org/in-notes/rfc-index.txt Michael Fuhr 1.12.00 --SNMP Reference 1.12.01 SUBJECT: What books are there which cover SNMP? You may wish to visit http://www.pantherdig.com/snmpfaq for a preset search on Barnes & Noble dot Com for SNMP. A small part of each sale goes toward supporting the SNMP FAQ. 1.12.01.00 SNMP Books from Barnes & Noble dot com 1. SNMP, SNMPv2, SNMPv3, and RMON 1 and 2 William Stallings / Hardcover / Addison Wesley Longman, Inc. / December 1998 ISBN: 0201485346 To order from Barnes & Noble: http://service.bfast.com/bfast/click?bfmid=2181&sourceid=1713751&bfpid=0201485346&bfmtype=book 2. Understanding SNMP MIBs: With Cdrom Evan McGinnis,With David Perkins / Hardcover / Prentice Hall / September 1996 ISBN: 0134377087 To order from Barnes & Noble: http://service.bfast.com/bfast/click?bfmid=2181&sourceid=1713751&bfpid=0134377087&bfmtype=book 3. Windows NT SNMP: Simple Network Management Protocol James D. Murray,Deborah Russell (Editor) / Paperback / O'Reilly & Associates, Incorporated / February 1998 ISBN: 1565923383 To order from Barnes & Noble: http://service.bfast.com/bfast/click?bfmid=2181&sourceid=1713751&bfpid=1565923383&bfmtype=book 4. Managing Internetworks with SNMP with Cdrom Mark A. Miller,P. E. Miller / Paperback / IDG Books Worldwide / July 1999 ISBN: 076457518X To order from Barnes & Noble: http://service.bfast.com/bfast/click?bfmid=2181&sourceid=1713751&bfpid=076457518X&bfmtype=book 5. A Practical Guide to SNMPv3 and Network Management Dave Zeltserman / Hardcover / Prentice Hall / May 1999 ISBN: 0130214531 To order from Barnes & Noble: http://service.bfast.com/bfast/click?bfmid=2181&sourceid=1713751&bfpid=0130214531&bfmtype=book 6. Troubleshooting with SNMP & Analyzing MIBs Louis Steinberg / Paperback / McGraw-Hill Companies, The / June 2000 ISBN: 0072124857 To order from Barnes & Noble: http://service.bfast.com/bfast/click?bfmid=2181&sourceid=1713751&bfpid=0072124857&bfmtype=book 7. SNMP Network Management Paul Simoneau / Paperback / McGraw-Hill Companies, The / January 1999 ISBN: 0079130755 To order from Barnes & Noble: http://service.bfast.com/bfast/click?bfmid=2181&sourceid=1713751&bfpid=0079130755&bfmtype=book 8. Snmp++: An Object-Oriented Approach to Developing Network Management Applications Peter E. Mellquist,Hewlett-Packard Company / Paperback / Prentice Hall / July 1997 ISBN: 0132646072 To order from Barnes & Noble: http://service.bfast.com/bfast/click?bfmid=2181&sourceid=1713751&bfpid=0132646072&bfmtype=book 9. LAN Management with SNMP and RMON Gilbert Held / Paperback / Wiley, John & Sons, Incorporated / August 1996 ISBN: 0471147362 To order from Barnes & Noble: http://service.bfast.com/bfast/click?bfmid=2181&sourceid=1713751&bfpid=0471147362&bfmtype=book 10. SNMP Application Developers Manual Robert L. Townsend / Hardcover / Wiley, John & Sons, Incorporated / December 1997 ISBN: 0471286400 To order from Barnes & Noble: http://service.bfast.com/bfast/click?bfmid=2181&sourceid=1713751&bfpid=0471286400&bfmtype=book 11. Total SNMP: Exploring the Simple Network Management Protocol Sean J. Harnedy,Sean J. Harnedy / Paperback / Prentice Hall / June 1997 ISBN: 0136469949 To order from Barnes & Noble: http://service.bfast.com/bfast/click?bfmid=2181&sourceid=1713751&bfpid=0136469949&bfmtype=book 12. How to Manage Your Network Using SNMP: The Networking Management Practicum Marshall T. Rose,Keith McCloghrie / Paperback / Prentice Hall / September 1994 ISBN: 0131415174 To order from Barnes & Noble: http://service.bfast.com/bfast/click?bfmid=2181&sourceid=1713751&bfpid=0131415174&bfmtype=book 13. RMON: Remote Monitoring of SNMP-Managed LANs David T. Perkins / Hardcover / Prentice Hall / September 1998 ISBN: 0130961639 To order from Barnes & Noble: http://service.bfast.com/bfast/click?bfmid=2181&sourceid=1713751&bfpid=0130961639&bfmtype=book 14. SNMP V3 Survival Guide: Practical Strategies for Integrated Network Management Rob Frye,Jon Saperia / Hardcover / Wiley, John & Sons, Incorporated / January 1999 ISBN: 0471356468 To order from Barnes & Noble: http://service.bfast.com/bfast/click?bfmid=2181&sourceid=1713751&bfpid=0471356468&bfmtype=book 15. SNMP-Based ATM Network Management Heng Pan / Hardcover / Artech House, Incorporated / September 1998 ISBN: 0890069832 To order from Barnes & Noble: http://service.bfast.com/bfast/click?bfmid=2181&sourceid=1713751&bfpid=0890069832&bfmtype=book 16. SNMP: Simple Network Management Protocol: Theory and Practice, Versions 1 and 2: Theory and Practice, Versions 1 and 2 Mathias Hein,David Griffiths (Editor) / Paperback / Itcp / May 1995 ISBN: 1850321396 To order from Barnes & Noble: http://service.bfast.com/bfast/click?bfmid=2181&sourceid=1713751&bfpid=1850321396&bfmtype=book For a list of other books which may or may not be in print, go to http://www.pantherdig.com/snmpfaq/otherbks.txt 1.12.02 SUBJECT: What periodicals are heavily oriented to SNMP? 1.12.02.01 One bi-monthly newsletter is "SIMPLE TIMES". You can subscribe via email at mailto:/st-subscriptions@simple-times.org Use HELP on the Subject line for details. Also try http://www.simple-times.org For back issues of Simple Times, try http://www.simple-times.org/pub/simple-times/issues 1.12.02.02 ConneXions, The Interoperability Report 480 San Antonio Road, Suite 100 Mountain View, CA 94040 Ph: 415-941-3399 Fx: 415-949-1779 1.12.03 SUBJECT: What classes are available on the topic of SNMP? 1.12.03.01 Softbank Forums 303 Vintage Park Drive Foster City, CA 94404 415-578-6986 EMail: onsite@interop.com 1.12.03.02 Network World Technical Seminars Ph: 800-643-4668 (direct: 508-820-7493) Fx: 800-756-9430 [Fax back line, ask for document 55] 1.12.03.03 Learning Tree International 1805 Library St Reston, VA 22090-9919 800-843-8733 or 703-709-6405 http://www.learningtree.com 1.12.03.04 American Research Group, Inc. PO Box 1039 Cary, NC 27512 919-380-0097 1.12.03.05 Chateau Systems, Inc SNMP Training & Development 360 862-1154 http://www.chateausystems.com Larry R. Walsh 1.12.04 SUBJECT: What email discussion groups are available for SNMP? 1.12.04.01 SUBJECT: Mailing lists for SNMPv1 "This mailing list is currently being managed with ListProcessor, v6.0c." Updates to be made include the request address. It should be: listproc@lists.psi.com The subject line is not looked at. The body of the message should contain: subscribe For the snmp list, subscribe to the list by sending a message to: listproc@lists.psi.com with a message body of: subscribe snmp @" George Smith It appears the new valid snmpv1 mailing list address is snmp-request@lists.psi.com. However, when I tried to subscribe to snmpv2 mailing list, my email was simply not recieved by anyone. Paul Ledbetter 1.12.04.02 SUBJECT: Mailing lists for SNMPv2 "For the snmpv2 list, subscribe to the list by sending a message to: snmpv2-request@tis.com with a message body of: subscribe snmpv2 @" George Smith [Editor's Note: Out of action? See above topic] 1.12.05 SUBJECT: What trade shows cater to SNMP? These days nearly every networking trade show in the US, and many outside the US, covers the SNMP market. The "big name" in internetworking is (their text): "NetWorld+Interop (the definitive networking event) Online registration at http://www.interop.com Phone registration and customer service: 800-962-6513 and 650-372-7079 Mail registration NetWorld+Interop c/o ZD Events PO Box 45295 San Francisco CA 94145-0295" 1.12.06 SUBJECT: What SNMP Product User Groups Are There? 1.12.06.01 HP OPENVIEW: For owners of a run time license to HP OpenView, there is the the OpenView Forum (a yearly fee is charged). OpenView users should be directed to the OpenView Forum at their web site: http://www.ovforum.org "You might also want to include a pointer/reference somewhere on your site for Summit Online. It's a great resource (check it out). The URL is http://www.summitonline.com" Rick Sturm There is an email list for the ovforum. It is very active (20-40 messages per day). to submit questions or responses: ovforum.ovforum.org To Subscribe: I think it's majordomo@ovforum.org. If you try to subscribe to ovforum.ovforum.org it will respond with subscription instructions. Matt Dougherty 1.12.06.02 SUNNET MANAGER (revised 3/95): If you wish to subscribe to snm-people, send a message to listproc@zippy.Telcom.Arizona.EDU with no subject, containing only the words: subscribe snm-people "Kent F Enders" [^^^^^^^^^^^^^^^^^^^] [Editor's note: we assume this should be your name here!] If you wish to unsubscribe from snm-people, send the message: unsubscribe snm-people For more information on using listproc, send the message: help This list is devoted to the issues revolving around the use of the SunNet Manager Software package. An anonymous FTP area is set up on Zippy.Telcom.Arizona.EDU as ftp://128.196.128.85/~/pub/snm For those users that do not have access to ftp directly, zippy also supports ftps by mail. If you want to try it out send an email message with the word `help' in the body of the message for some instructions. Send that email message to ftpmail@zippy.telcom.arizona.edu. An archive of the mail messages sent to the list subscribers is maintained as well. To get an index of these messages send a message to listproc@zippy.telcom.arizona.edu with a single line message of: INDEX SNM-PEOPLE To remove your name from the mailing list send a one line mail message to listproc@zippy.telcom.arizona.edu. The message should contain the line: UNSUBSCRIBE SNM-PEOPLE To receive a list of the commands for the listproc send a message to listproc@zippy.telcom.arizona.edu with a message of: HELP To send a message to the list send mail to mailto:snm-people@zippy.telcom.arizona.edu 1.12.06.03 IBM NetView There is a NetView User's mailing list (not affiliated or run by Tivoli) that is a great place to learn about NetView and ask questions. Quoting from the nv-l instructions: To subscribe to the NV-L list, send mail to LISTSERV@UCSBVM.UCSB.EDU (not to NV-L nor NV-L-request), with the single line in the body of the note: SUBSCRIBE NV-L firstname lastname This list is for the discussion of NetView and all related products, platforms, usage questions, bugs, and for the dissemination of announcements and updates by members of the NetView Association. Vendors are welcome to post short announcements of products and/or services. You may want to visit the Tivoli NetView web page at: http://www.support.tivoli.com/faqs/prod5.html Also, the IBM NetView "red books" are a good practical source of information on NetView. Try http://www.rs6000.ibm.com/resource/aix_resource/Pubs/redbooks/ or http://www.redbooks.ibm.com Brett Coley 1.12.07 SUBJECT: Where can I find SNMP-related material on WWW? [from comp.dcom.net-management...] ---------------- 1.12.07.01 it's best if you check out the following www page: it's devoted to network management and contains an excellent overview and links to all the different organisations and commitees: http://smurfland.cit.buffalo.edu/NetMan/index.html Andreas Weder 1.12.07.02 Re: HNMS: http://snmp.cs.utwente.nl/General/snmp-faq.html Re: The tkined & scotty network management system: http://www.cs.tu-bs.de/ibr/cgi-bin/sbrowser.cgi http://www.cs.tu-bs.de/ibr/projects/nm/scotty/tcl+snmp.html http://wwwhome.cs.utwente.nl/~schoenw/scotty/ 1.12.07.03 [Deleted] 1.12.07.04 Commercial SNMP Software (See SNMP FAQ Part 2): 1.12.07.05 [Deleted] 1.12.07.06 THIS SPACE WAS FORMERLY OCCUPIED BY A HUGE BUT UNMAINTAINED LIST OF URLS SUBMITTED IN 1996 BY BRUCE BARNETT. IT HAS BEEN REMOVED TO CONSERVE SPACE AND SINCE SO MANY OF ITS LINKS HAD BECOME OBSOLETE. TO SEE IT FOR POSSIBLE VALUE, GO TO http://www.pantherdig.com/snmpfaq/bb_urls.txt 1.12.07.07 eg3.com is a free resource, serving the needs of designers in board-level, embedded, dsp, and realtime. We already link to Simple Network Management Protocol, as an important resource for the engineer in our free listings. Judy Perry 1.12.07.08 http://www.snmpworld.com 1.12.07.09 http://www.SNMPLink.org -- based in France & well-maintained 1.12.07.10 http://www.simpleweb.org -- from Germany & well-maintained 1.12.07.11 Good overview of net management generalities, context into which snmp fits: http://netman.cit.buffalo.edu/Doc/DStevenson Good snmp intro for tech guys (like me). I wouldn't want to talk about snmp before knowing about half this stuff. Ignore chapter 4, though, as it's basically hype for their software. But eveything else is not wasted reading. http://www.ddri.com/Doc/SNMP_Overview.pdf The SNMP FAQ is very outdated, I feel. Better is the UCD-SNMP FAQ that comes with the linux software! Erik Kruus 1.12.07.12 http://net-snmp.sourceforge.net 1.12.07.13 I would like to announce that a forum for users of Sniffer Technologies products is open at http://www.snifferusers.org. Jim Moore 1.12.08 SUBJECT: What related mailing lists exist? 1.12.08.01 J. Lindsay wrote: "I have started a mailing list for those interested in web-based network and systems management. To subscribe send email to mailto:web-manage-request@qds.com with an email body of "subscribe web-manage " The most applicable usenet news group is news://comp.dcom.net-management. TO UNSUBSCRIBE: If you send an "unsubscribe me" message to the list itself it is almost certain your mail box will overflow with people flaming you. The list is open and unmoderated. All requests should go to: mailto:web-manage-request@qds.com 1.12.20 What related newsgroups exist? 1.12.20.01 Please also visit our cousin newsgroup news://comp.dcom.net-management. 1.12.20.02 There's a discussion group on delphi concerning Enterprise Management. The areas covered are CA Unicenter, HP OpenView, Tivoli, Platinum Tech, Enterprise Management,Trade Shows, EM User Groups, Networking Jobs, Industry Discussion, and General Discussion. Again, this is focusing on Enterprise Management. There are over 423 members to this forum as of 11/11/98. You can visit this site at.... http://www.delphi.com/emc2 Christopher Smiga 1.12.21 SUBJECT: Are there introductory materials? 1.12.21.01 Look for a document called "ACE-SNMP An Introductory Overview of SNMP" at http://www.ddri.com, I've found it very easy to read and understand and a needed step before getting at RFCs. Alessandro Scotti 1.12.21.02 "SNMP for Dummies" at: http://www.netcom-sys.com/techdocs.html Is also good startup reading. John J. Miller 1.13.00 --Miscellaneous 1.13.01 SUBJECT: SNMP and Autodiscovery 1.13.01.01 "Automated topology discovery is a hard problem due to the diversity of deployed systems and the wide distribution of resource information. I will briefly mention some reasons why a ping/traceroute based approach will not work : subnetting, tunneling, firewalls, virtual LANS. Your network topology discovery tool would have to extract more information like subnet masks, etc and use heuristics for "guessing" the real topology. I was a teaching assistant for the computer networks course offered in the spring at Columbia, and assigned the third class project on network topology discovery. You may want to refer to the project resources WWW page at the URL="http://www.cs.columbia.edu/networks97/project3/resources.html" Alexander V. Konstantinou" 1.13.01.02 "[...]these are some of the methods that I had used 1. SNMP Broadcast on your local net; all SNMP agents respond 2. Listening for RIP, and OSPF ports, you'll get info on the routers around, and consequently the different sub-networks connected by this router. If you need a better discovery you could listen on both IP and IPX ports. 3. ICMP Router interface discovery; this will again give you information on all the router interfaces (sub-nets) 4. Once you know a sub-net and it's mask (I'm speaking about IP nets) you could issue an ICMP-echo spray to all the possible IP addresses in that range, the one's who are alive will respond. But this has to be fine tuned so that you do not swamp the network with disocvery packets. In case of IPX you issue an IPX diagnostic message spray (the counterpart of ICMP in Novell networks). 5. You could walk the routing tables (MIB2) and get information about other routers and sub-nets. You could figure out the type of the sub-net (MAC layer) by looking up "ifType" for each of the router interfaces. NOTE: The typical problems you would face is handling unnumbered router ports, and proxy-ARP issues." Mohit Tendolkar 1.13.01.03 Check out this paper: http://www.cs.cornell.edu/skeshav/papers/discovery.pdf Daniel Secci 1.13.02 SUBJECT: SNMP Traps and NOTIFICATION-TYPE 1.13.02.01 - Traps I am relatively ignorant about SNMP. However, I have spent a reasonable amount of effort investigating agents, managers, the technology, and I have read most of the important RFCs. There are a bunch of related but simple, practical questions to which I cannot get a straight answer: Are SNMP traps useful in the real world? Can you depend on traps being sent across networks? Do agents repeat traps? How do you select a polling interval if there are traps you consider very important? RFC 1215 (the one with the TRAP-TYPE macro) says traps are a bad idea (well, sort of). RFC 1224 seems to describe a method to acknowledge SNMP traps and throttle them? What's the real feeling...you know, in practice? The real state of the art? Shyamal Prasad Traps are very useful to us. They let us know when a router link goes down, when network performance is degrading, when a power failure has occurred, etc. - just to name a few. You don't poll for traps - the agent just sends the traps to the network management station(s) you tell it to send them to. Now you can program the network management station to take automatic action if you so desire. For example, if one of our ethernet concentrators sends us traps on a misbehaving port we automatically do some checking and if it is a situation that could potentially take our whole segment down we automatically partition the port off of the network. I'm sure this has saved numerous network outages. Yes, agents may send repetitive traps. The way you throttle or deal with them depends on the software you use on your network management station. All that said - you cannot rely on traps alone. For example, if I die - I cannot pick up the phone and tell someone that "I am dead". Neither can a SNMP agent. Therefore it is good to poll the agents periodically just to see if they are alive and well. Blaine Owens 1.13.02.02 - NOTIFICATION-TYPE The current terminology in use in SNMP is the following: The NOTIFICATION-TYPE construct is used to define events or conditions of interest in a managed system. (In the earlier, but now obsolete, version of the SMI, the TRAP-TYPE construct was used.) SNMPv1 protocol contains the TRAP message type that is sent when an event or condition defined by a NOTIFICATION-TYPE construct occurs. SNMPv2c and SNMPv3 protocols contain the v2TRAP and INFORM message types that are sent when an event or condition defined by a NOTIFICATION-TYPE construct occurs. A v2TRAP message is not confirmed, and an INFORM message is confirmed (that is, a response message is sent back). There is no such thing as an alarm in SNMP. David T. Perkins 1.13.02.03 - Enterprise versus Generic Traps There were 6 defined traps [SNMPv1] that were considered to be common that could be generally useful for most/many SNMP agents [perhaps some more important than others]. There was also the need to let agent/MIB designers implement the idea of traps that were specific to their hardware/software/management needs. In the v1 packet there are 2 fields associated with these, the one for generic traps would be given a value of 0..5 to identify which of the generic traps the packet was related to, or 6, in which case the other [enterprise specifc] field was used to carry the information about what trap was being triggered. Plus there are was another OID field in the v1 trap packet that the manager application would get to identify the [enteprise specific] trap since different agents on different types of hardware would likely use the same values. The v1 approach was not great. With v2 packets this changes somewhat. SMIv2 MIBs traps (NOTIFICATIONS) are not identified as some integer value but rather as a node in the tree. The 6 generic traps were specified as 6 children of a parent node down under a new SNMPv2 subtree in the world-wide tree specification (with node values 1..6, not 0..5). There is no longer a special trap packet format for v2... the old v1 special fields are now v2 varbinds in a standard v2 response packet. Jim Jones 1.13.02.04 -- SNMPv1 Traps versus SNMPv2/v3 Notifications In the SNMPv1 protocol, there is a single type of operation to send an unsolicited message from an agent to a manager, which is a [v1]Trap. SMIv1 uses the TRAP-TYPE construct to define the conditions when such a message can be generated, the identification of the message, and the management information to be contained in the message. When the second version of the SNMP framework was created, it was realized that the simple model for sending unsolicited messages needed to be generalized and a few problems solved. The class of unsolicited messages was renamed to notfications, and contained two types, which are v2TRAP (an unconfirmed notification), and INFORM (a confirmed notification). (Please note that an it is incorrect to characterize v1/v2TRAPs as unreliable and INFORMs as reliable.) Due to politics at the time, INFORMS were labelled as "manager-to-manager" communication. However, this labelling has been fixed (and anyone that claims that INFORMs are "manager-to-manager" communications is living with a 1996 world view and not a present world view!) The first and second frameworks for SNMP-based management do not contain a standard mechanism to configure where to send notification nor the other details such as which type, and the security parameter values. The result has been proprietary definitions that vary in sophistication. The simplest is a table of IP addresses where to send traps (with no support for INFORMs, and other properties). The third version of the SNMP framework contains in RFC 2573 and RFC 2576 a VERY RICH mechanism for managing notification generation. David T. Perkins 1.13.03 SUBJECT: SNMP and/versus the Web 1.13.03.01 SNMP MIB Browsers for Web Software 1.13.03.01.01 Commercially Available. 1.13.03.01.01.01 MibMaster, an SNMP to HTML Gateway from Equivalence http://www.equival.com/ An evaluation version is available free. A fully-functional version can be purchased. 1.13.03.01.02 Public Domain. http://www.uni-ulm.de/urz/mibbtogather/ 1.13.03.02 Web Browsers as Network Agents/Managers No data available. 1.13.04 SUBJECT: SNMP and Java "If you have a Linux or Windows NT environment check out: http://www.equival.com/ For Java see: http://www.adventnet.com/" Carl H. Wist Other sources: http://www.mindspring.com/~jlindsay/javamgmt.html http://www.research.att.com/~nikos/marvel/ http://madonna.postech.ac.kr/~sunhokim/snmp.html http://java.sun.com/products/JavaManagement/index.html http://www.thinsoft.com/ http://www.west.nl/archive/java/snmp/ http://www.westhawk.co.uk/ Hope this helps. Martin Cooley 1.13.04.01 Java Classes/Applets/Etc for SNMP 1.13.04.01.01 Commercially Available 1.13.04.01.01.01 AdventNet, Inc. http://www.adventnet.com mailto:info@adventnet.com AdventNet, Inc. 5645 Gibraltar Drive Pleasanton, CA 94588 USA Phone: +1-925-924-9500 Fax: +1-925-924-9600 1.13.04.01.01.02 SunSoft http://java.sun.com Note: the above is one place to start, but don't forget to search the Web "Another option for building SNMP agents in Java is Sun's Java Dynamic Management Kit (JDMK) product. Take a look at http://www.sun.com/software/java-dynamic/ JDMK is based on Java Beans -- as the agent developer, all you have to do is to adhere to the Java Beans design patterns in your Java code. An SNMP MIB compiler is provided that translates an SNMP MIB definition into Java Beans, you then need to fill in the methods of the generated Beans." Dave Hendricks > ... could some one tell me how to subscribe to the JDMK mailing > list I have subscribed using the indication of the JDMK home page but I > do not think some thing happening on this list : You should subscribe by sending an email to listserv@java.sun.com containing in the body: SUBSCRIBE JDMK-FORUM (I am not sure whether you should also remove your signature, but I guess it is safer anyway) To get a better response time, please direct your questions regarding JDMK to the JDMK-FORUM list rather than to this forum. The JDMK-FORUM archives are accessible at http://archives.java.sun.com You might want to have a look at the Java Dynamic Management Kit at http://www.sun.com/software/java-dynamic/ Daniel Fuchs 1.13.04.01.01.03 Gamelan http://www.gamelan.com Lots of links to Java sites, developers, code, etc. 1.13.04.01.01.04 [...]Furthermore, the coupling of Sun's Jini and JDMK looks promising for creating "plug-and-manage" systems http://www.sun.com/consumer-embedded/cover/jdmkjini.html Steve Common 1.13.04.01.01.05 You may want to mention Cyberons for Java -- SNMP Manager Toolkit from Netaphor This product sells for $499 per developer license and royalty-free unlimited distributions. The product also provides high level functions such as device discovery, MIB walks, columnar and row access to tabular data, etc. A programmer's guide is available online at http://cyberons.com. Shripathi Kamath Cyberons for Java SNMP Manager Toolkit version 2.0 supports SNMP v3, and includes easy-to-use classes which provide access to all v3 features. We paid a great deal of attention while designing these classes to ensure that management applications can be written to work with all versions of SNMP with minimal differences in code, and provide numerous examples to illustrate usage. Also available as a separate product is Cyberons for Java SNMP Utilities 1.0, which is a set of utilities to work with the SNMP Manager Toolkit. These utilities include a MIB compiler/loader, a MIB browser and test application. More information about these products, including a complete programmer's guide, can be obtained from http://cyberons.com Gopal Narayan 1.13.04.01.02 Public Domain 1.13.04.01.02.01 From Jan-Arendt Klingel ... "Beside MIB-Master there is the JaSCA class library (Java SNMP Control Applet). The URL is http://termiitti.akumiitti.fi/nixu/. The organisation is called Nixu Oy and is located in Finland. One of the three authors is Pekka Nikander (Pekka.Nikander@nixu.fi). [Note: This site seems to have moved to www.nixu.fi, is all in Finnish.] 1.13.04.01.02.02 There is a mailing list called "Java Network Management Mailing List" on java-nm@adventnet.com. To subscribe send an email to majordomo@adventnet.com with a body of "subscribe java-nm". There is not so much traffic on the list (maybe because of a bug in the majordomo list). 1.13.04.01.02.03 The URL http://www.West.nl/archive/java/snmp/ seems to have disappeared. -Ed 1.13.04.01.02.04 A very nice Java tool can be found on http://misa.zurich.ibm.com/~lde/. It's Luca Deris hot application called "Liaison", developed at the IBM Research Center in Zurich. There are SNMP and CMIS-agents to query network management data. [Note: Site reported unreachable, 11/20/98] In the next three months I will hopefully present a network management application with Java "droplets". The URL is http://193.174.26.169:8080. Remember to switch off "lock ports above 1024" at your firewall." Jan-Arendt Klingel 1.13.04.01.02.05 From "Patrick" If you are looking for creating SNMP agents in Java, you can look at : JDMK : contains a mib compiler that creates java (agent) classes from a mib. JMAPI : Java Management API (JMAPI) Java Dynamic Management Kit : http://www.sun.com/software/java-dynamic JMAPI : http://java.sun.com:80/products/JavaManagement/index.html 1.13.04.01.02.06 "JMGMT is a java implementation of a SNMP stack. It also includes source code of examples [of] how to start writing servlets and an agent with JMGMT. The JMGMT java classes include packages for * the representation of ASN.1 values, * BER encoding and decoding of ASN.1 values, * the representation of SNMP v1 packets, * SNMP I/O with peers and connections, * and SNMP exception handling. 2nd public release, now with full source code. JMGMT is a java implementation of a SNMP v1 stack. It also includes the complete source code of all classes and examples how to start writing servlets and an agent with JMGMT. The JMGMT java classes include packages for = * the representation of ASN.1 values, = * BER encoding and decoding of ASN.1 values, = * the representation of SNMP v1 packets, = * SNMP I/O with peers and connections, = * and SNMP exception handling. = The JMGMT classes are free and available for download on http://i31www.ira.uka.de/~sd/mgmt/jmgmt-1.1.zip API documentation is online at http://i31www.ira.uka.de/~sd/mgmt/jmgmt/README.html Sven Doerr 1.13.04.01.02.07 You may try MIB Designer which is a Java 1.2.2/1.3 application that will run on Unix if that Unix support one of the JREs. MIB Designer has all the features you requested and much more. It can be found at http://www.mibdesigner.com Frank Fock 1.13.05 SUBJECT: SNMP and CORBA 1.13.05.01 >I am currently using an SNMP Manager from SNMP Research on a UNIX >Solaris box and am looking for a CORBA compliant SNMP Manager. Does >anyone know of such an animal? >Dave Stephens What do you mean when you say "CORBA compliant" SNMP manager? If you mean that the SNMP manager should provide a CORBA programming interface you will find some products when you search the internet for the term "JIDM" (Joint Inter Domain Management). Werner Poeppel 1.13.05.02 I worked on such a project. SNMP and TL1 were embedded peers running on top of Corba. Esentially, the implementation for the SNMP functions made Corba service calls to get the data they needed to satisfy the SNMP request. The Corba layer abstracts the device and, thus, the SNMP/TL1/etc developers worked at a high-level. This made it fast to support new MIBs (as long as the Corba IDL was there), but at a slight/moderate cost to performance. One challenge is the style of IDL, i.e. course- or fine-grained object defs. Course grained object defs makes it easy/efficient for such things as GUIs to operate over Corba but meant SNMP had to pull a lot more data than it typically needed to satisfy a SNMP request. Also [you] have to provide "next" IDL methods otherwise it is very inefficient for SNMP getNext hooks to repeatedly make Corba calls until the "right" object is found. In sum, my impression is that if SNMP is the primary method of managing a device, then SNMP/Corba stack is questionable. If SNMP is a minor service, then maybe this is a good choice. Either way, IDL designers need to consider SNMP issues before they set the IDL into stone. I understand there are tools/stds to convert MIBs into Corba IDL, which would make it easy/efficient to stack SNMP over Corba. However, this produces fine-grained object defs which may not be suitable for Java/GUI impls that use such tools to serve as the primary mgmt interface. Lauren Heintz 1.13.06 SUBJECT: SNMP and Visual Basic 1.13.06.01 Terri Coleman wrote: > > I need to be able to write SNMP Sets and Gets from within a Visual Basic > application. Can anyone help? Maybe this package of ocx's contains what you are looking for http://www.dart.com/powertcp/ Free trail version for download available. Bernhard Fischer 1.13.06.02 LogiSoft AR has SNMPv2 toolkit for Visual Basic that includes SNMP ActiveX control and utilities supporting v1 and v2c Look up www.logisoftar.com Alan Revzin 1.13.06.03 NETAPHOR SOFTWARE, INC., has recently released Cyberons, a suite of ActiveX components for engineering and networking applications, which includes a SNMP Manager control. Please note that we do not support trap reception at this time, though this feature will be included in our next release. But if you want to perform SNMP Get, GetNext and Set operations with a real lightweight control, which requires minimal VB code in order to be functional, I think you will find the Cyberons product to be an ideal match. You can check out our free 30-day trial by downloading it from http://www.netaphor.com/products/index.asp Gopal Narayan 1.13.06.04 You may want to try Mabry Software. They have an OCX that you can download from http://www.mabry.com. Richard Grier 1.13.07 SUBJECT: SNMP and IPv6 > I have a question regarding SNMP and IPv6, and more particularly > SNMP v1 and IP v6. > > Can SNMP v1 be used over an IP v6 network? > > Daniel Fuchs Yes. The only thing that is missing are concrete values for the TDomain and appropriate TCs which define the address formats. This is being worked on. The latest document is available at: Discussions take place on the mailing list. > In that case how do you handle the agent-addr field of the > trap v1 PDU? (agent-addr is NetworkAddress which is IpAddress > which is OCTET STRING (SIZE(4)) which doesn't have enough room > for an IP v6 address). This not only applies to IPv6 but also to other non-IPv4 transports. In general, agent-addr is broken and the second version of the protocol operations use a trap format which does not have the agent-addr field anymore. > Now if you're agent is bilingual (or trilingual) how do you > handle trap conversion from v2 to v1 when your network is > based on IPv6? With SNMPv3, you use the engineID to identify the originator of a notification. In SNMPv2 or SNMPv1, you are lost. > Is there any RFC that specifically addresses SNMP and IPv6 ? Not really. The ID I have cited above is part of the solution. I am not sure we need much more because UDP is UDP regardless which IP version you use (except that the network layer address format changes). Juergen Schoenwaelder 1.13.10 SUBJECT: SNMP and C# >I am planning to make an SNMP manager (using C#) that will query any SNMP >agent. Currently I'm not able to find any SNMP libraries for C#. Can anyone >point me to a direction. >Also any simple C# code for SNMP will be helpful. >Rubaiyat You access SNMP devices using the SNMP provider for WMI.WMI is wrapped by the System.Management namespace classes. Please refer the folowing link for more more details http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/ installing_the_wmi_snmp_provider.asp http://www.c-sharpcorner.com/Code/2002/Sept/SnmpLib.asp Sreejumon Also, have a look at this snmp libraries for .NET: http://www.csharphelp.com/archives2/archive380.html Kumar Gaurav Khanna I know some of you have posted looking for a C# Snmp library or one for dotnet. Anyone who is interested check out NetToolWorks, Inc. http://www.nettoolworks.com 1.13.12 SUBJECT: SNMP and Perl 1.13.12.01 SNMP::Info - Object Oriented Perl5 Interface to Network devices and MIBs through SNMP. SNMP::Info - Version 0.4 AUTHOR Max Baker ("max@warped.org") SNMP::Info was created at UCSC for the netdisco project (www.netdisco.org) DESCRIPTION SNMP::Info gives an object oriented interface to information obtained through SNMP. This module lives at http://snmp-info.sourceforge.net Check for newest version and documentation. 1.20.00 --General Questions about SNMPv2 1.20.01 SUBJECT: What is SNMPv2? SNMPv2 is a revised protocol (not just a new MIB) which includes improvements to SNMP in the areas of performance, security, confidentiality, and manager-to-manager communications. SNMPv2 Framework : The following RFCs identify the major components of SNMPv2. Historical ---------- RFC 1441 - Introduction to SNMP v2 RFC 1442 - SMI For SNMP v2 RFC 1443 - Textual Conventions for SNMP v2 RFC 1444 - Conformance Statements for SNMP v2 RFC 1445 - Administrative Model for SNMP v2 RFC 1446 - Security Protocols for SNMP v2 RFC 1447 - Party MIB for SNMP v2 RFC 1448 - Protocol Operations for SNMP v2 RFC 1449 - Transoport Mappings for SNMP v2 RFC 1450 - MIB for SNMP v2 RFC 1451 - Manager to Manger MIB RFC 1452 - Coexistance between SNMP v1 and SNMP v2 Micha Kushner adds: RFC Number Title Status -------------- RFC 1901 Introduction to Community-based SNMPv2 Experim Standard RFC 1902 SMI for SNMPv2 Draft Standard RFC 1903 Textual conventions for SNMPv2 Draft Standard RFC 1904 Conformance statements for SNMPv2 Draft Standard RFC 1905 Protocol operations for SNMPv2 Draft Standard RFC 1906 Transport mappings for SNMPv2 Draft Standard RFC 1907 MIB for SNMPv2 Draft Standard RFC 1908 Coexistence between SNMPv1 and SNMPv2 Draft Standard Wes Hardaker adds: "All SNMPv2 versions but one are historical. Only SNMPv2c is experimental, but is widely accepted as the SNMPv2 standard. Note that the other pieces of SNMPv2 (protocol, SMI, etc) are on the standards track. Only the architecture that ties them together is experimental. The SNMPv2 messaging protocol, etc, are referenced in the SNMPv3 documents, which are on the standards track at draft standard right now." 1.20.02 SUBJECT: What is SNMPv2*/SNMPv1+/SNMPv1.5/SNMP++? SNMPv2 had been announced for many months, and most of us assumed that it was accepted as the next step up from SNMPv1. That assumption was false. In fact there were several points on which the members of the IETF subcommittee could not agree. Primary among them was the security and administrative needs of the protocol. Simply put, SNMPv2*/SNMPv1+/SNMPv1.5 is SNMPv2 without the contentious pieces, but *with* the stuff everyone agrees is of value. You may wish to check http://www.int.snmp.com/v2star.html for more details. === Edward M. Hourigan wrote: : I keep hearing about SNMP++. What is it? Are there any web pages : describing what it is? I believe there is a Web site with this info at : http://rosegarden.external.hp.com/snmp++/ Hope this helps, John Silva also: The original SNMP++ 2.6 sources can be found at http://rosegarden.external.hp.com/snmp++ If you`re looking for a Linux/Solaris/Digital port you might try http://fock.de/frank/english/agent++src Frank Fock [Editor's Note: See also Part 2: Public Domain SNMP software] I'd like to announce availability of MG-WinSNMP SDK V1.0b6, a 32-bit implementation of WinSNMP specification. It is available under the shareware license and you are welcome to download it from the following URLs: http://www.mg-soft.si/ http://www.abit.co.jp/varidocs/download.html This release of MG-WinSNMP SDK (wsnmp32.dll, a 32-bit winsnmp.dll library) by MG-SOFT Corporation has been published in order to gain compatibility with the Revision 2.5f of SNMP++, an Open Specification for Object Oriented Network Management Development Using C++ by Peter Erik Mellquist, Hewlett Packard Company. (http://rosegarden.external.hp.com/snmp++/) Matjaz Vrecko [Editor's Note: See also Part 2: Public Domain SNMP software] 1.20.03 SUBJECT: What is SNMPv2c? SNMPv2c is the combination of the enhanced protocol features of SNMPv2 without the SNMPv2 security. The "c" comes from the fact that SNMPv2c uses the SNMPv1 community string paradigm for "security". 1.20.04 SUBJECT: What the heck other SNMPv's are there? 1.20.04.01 See http://www.simple-times.org/pub/simple-times/issues/5-1.html 1.20.04.02 Unfortunately, many people are confused about the SNMP protocol versions, which are: SNMPv1 - a standard and widely used SNMPv2p - party based, now obsolete (not used) SNMPv2c - community based, "expermental", but has usage SNMPv2u - user based, experimental and not used SNMPv3 with USM - standards track, trying to get traction In SNMPv1, there was no standards-track mechanism defined that specified where to send traps, so every vendor defined their own approach. The SNMPv3 framework documents include mechanisms that can also be used in SNMPv1 and SNMPv2c. They are very complicated, but do work in specifying the targets for traps in SNMPv1 and traps and informs in SNMPv2c and SNMPv3. David T. Perkins 1.20.04.03 My advice would be to make SNMPv1 the first priority and SNMPv3 the second. I would not bother to implement SNMPv2c unless it came for free with the agent toolkit. Mike Heard 1.20.04.04 There are several varients of the SNMPv2 protocol. They are: SNMPv2p(OBSOLETE): For this version, much work was done to update the SNMPv1 protocol and the SMIv1, and not just security. The result was updated protocol operations, new protocol operations and data types, and party-based security from SNMPsec. This version of the protocol, now called party-based SNMPv2 is defined by RFC 1441, RFC 1445, RFC 1446, RFC 1448, and RFC 1449. (Note this protocol has also been called SNMPv2 classic, but that name has been confused with community-based SNMPv2. Thus, the term SNMPv2p is preferred.) SNMPv2c(experimental, but widely used): This version of the protocol is called community string-based SNMPv2. It is an update of the protocol operations and data types of SNMPv2p, and uses community-based security from SNMPv1. It is defined by RFC 1901, RFC 1905, and RFC 1906. SNMPv2u(experimental): This version of the protocol uses the protocol operations and data types of SNMPv2c and security based on users. It is defined by RFC 1905, RFC 1906, RFC 1909, and RFC 1910. SNMPv2*(experimental): This version combined the best features of SNMPv2p and SNMPv2u. (It is also called SNMPv2star.) The documents defining this version were never published as RFCs. Copies of these unpublished documents can be found at the WEB site owned by SNMP Research (a leading SNMP vendor and previously a proponent of this version). What this all means is that SNMPv2c is in current usage, whereas the other variants are only around in limited form in labs are in some versions of software that have been obsoleted. David Perkins 1.22.00 --General Questions about SNMPv3 1.22.01 SUBJECT: What is SNMP V3? 1.22.01.01 Refer to http://www.ietf.org/html.charters/snmpv3-charter.html 1.22.01.02 See also: "I am happy to announce that a SimpleTimes issue on SNMPv3 is now available from the SimpleTimes Web server: http://www.simple-times.org/ The journal is available in PostScript and HTML format. New SimpleTimes issues are announced over a special mailing list. More details about the SimpleTimes project and how to subscribe to this mailing list can be found in the December 1997 issue or on the Web server. I hope you all enjoy reading this issue on SNMPv3 and I wish you all the best for 1998." Juergen Schoenwaelder Juergen later added: "You can find these links and many more on the SNMPv3 web page at: http://www.ibr.cs.tu-bs.de/projects/snmpv3/" 1.22.01.03 Micha Kushner/David Partain adds: RFC Number Title Status=PROPOSED -------------- Status = 3D PROPOSED RFC 2271 An Architecture for Describing SNMP Management Frameworks RFC 2272 Message Processing and Dispatching for the Simple Network Management Protocol (SNMP) RFC 2273 SNMPv3 Applications RFC 2274 User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3) RFC 2275 View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP) Status = 3DDRAFT STANDARD RFC 2570 Introduction to Version 3 of the Internet-standard Network Management Framework (Status=3DINFORMATIONAL) RFC 2571 An Architecture for Describing SNMP Management Frameworks RFC 2572 Message Processing and Dispatching for the Simple Network Management Protocol (SNMP) RFC 2573 SNMP Applications RFC 2574 User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3) RFC 2575 View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP) Internet- Draft Coexistence between Version 1, Version 2, and Version 3 of the Internet-standard Network Management Framework 1.22.01.04 also, for SNMPv3 implementations ... "See the list on http://www.ibr.cs.tu-bs.de/projects/snmpv3/#Implementations" Simon Leinen 1.22.01.05 Bill Stallings writes: My paper, "SNMPv3: A Security Enhancement to SNMP" published in the 4th Quarter 1998 issue of the online journal IEEE Communications Surveys, is now available at http://www.comsoc.org/pubs/surveys. http://www.comsoc.org/pubs/surveys/4q98issue/stallings.html 1.22.01.06 Some pertinent excerpts from the RFC index: 1157 Simple Network Management Protocol (SNMP). J.D. Case, M. Fedor, M.L. Schoffstall, C. Davin. May-01-1990. (Format: TXT=74894 bytes) (Obsoletes RFC1098) (Also STD0015) (Status: HISTORIC) --- 3410 Introduction and Applicability Statements for Internet-Standard Management Framework. J. Case, R. Mundy, D. Partain, B. Stewart. December 2002. (Format: TXT=61461 bytes) (Obsoletes RFC2570) (Status: INFORMATIONAL) 3411 An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks. D. Harrington, R. Presuhn, B. Wijnen. December 2002. (Format: TXT=140096 bytes) (Obsoletes RFC2571) (Also STD0062) (Status: STANDARD) 3412 Message Processing and Dispatching for the Simple Network Management Protocol (SNMP). J. Case, D. Harrington, R. Presuhn, B. Wijnen. December 2002. (Format: TXT=95710 bytes) (Obsoletes RFC2572) (Also STD0062) (Status: STANDARD) 3413 Simple Network Management Protocol (SNMP) Applications. D. Levi, P. Meyer, B. Stewart. December 2002. (Format: TXT=153719 bytes) (Obsoletes RFC2573) (Also STD0062) (Status: STANDARD) 3414 User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3). U. Blumenthal, B. Wijnen. December 2002. (Format: TXT=193558 bytes) (Obsoletes RFC2574) (Also STD0062) (Status: STANDARD) 3415 View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP). B. Wijnen, R. Presuhn, K. McCloghrie. December 2002. (Format: TXT=82046 bytes) (Obsoletes RFC2575) (Also STD0062) (Status: STANDARD) 3416 Version 2 of the Protocol Operations for the Simple Network Management Protocol (SNMP). R. Presuhn, Ed.. December 2002. (Format: TXT=70043 bytes) (Obsoletes RFC1905) (Also STD0062) (Status: STANDARD) 3417 Transport Mappings for the Simple Network Management Protocol (SNMP). R. Presuhn, Ed.. December 2002. (Format: TXT=38650 bytes) (Obsoletes RFC1906) (Also STD0062) (Status: STANDARD) 3418 Management Information Base (MIB) for the Simple Network Management Protocol (SNMP). R. Presuhn, Ed.. December 2002. (Format: TXT=49096 bytes) (Obsoletes RFC1907) (Also STD0062) (Status: STANDARD) Michael Kirkham 1.30.00 --RMON 1.30.01 SUBJECT: What is RMON? ---------------- The Remote Network Monitoring MIB is a SNMP MIB for remote management of networks. While other MIBs usually are created to support a network device whose primary function is other than management, RMON was created to provide management of a network. RMON is one of the many SNMP based MIBs that are on the IETF Standards track. 1.30.02 SUBJECT: RMON Standardization Status RMON is one of the many SNMP based MIBs that are on the IETF Standards track (RFC 1310). Currently (Jan 94) RMON has two instantiations in the IETF standards process. First, RFC 1271 - a Proposed Standard, specifies the general structure of RMON and the particulars of an Ethernet based RMON agent. RFC 1513 - a Proposed Standard specifies the additional RMON groups and specifics for a Token Ring network. 1.30.03 SUBJECT: RMON Working Group. The RMON Working Group is an IETF Working Group under the Network Management Area. The WG meets periodically - usually at all IETF meetings. The WG maintains a mailing list for Questions and Comments concerning RMON. Mail List: mailto:rmonmib@cs.hmc.edu ? If no luck there, try rmonmib@cisco.com The group's charter can be found at: http://www.ietf.cnri.reston.va.us/html.charters/rmonmib-charter.html 1.30.04 SUBJECT: Joining the RMON Working Group Mailing List To join the RMON Working Group mailing list, send mail to: Mail List Request: mailto:rmonmib-request@jarthur.claremont.edu. DO NOT send a request to join message to the general mailing list. [Editor's Note: We have received a complaint that this request may bounce. The claremont.edu addresses may no longer be active] You may also wish to try: mailto:rmonmib-request@cisco.com (Thanks to James Stansell for the detective work.) 1.30.05 SUBJECT: Historical RMON Records There are copies of the RMON mailing list messages and meeting minutes within the IETF archive structure - available at various sites. There is also a RMON archive directory which can be accessed via anonymous ftp at: jarthur.cs.hmc.edu, directory /pub/rmon [Editor's Note: We have received a complaint that site no longer exists (or, was not at home when someone called). Anyone know if this site remains active? Is this the same place as jarthur.claremont.edu?] 1.30.06 SUBJECT: RMON Documents 1. RMON White Paper in the anonymous ftp directory at jarthur.cs.hmc.edu. There are two formats: frame and postscript. This paper was developed by members of the RMON working group prior to an Interop. It is a superficial discussion of RMON. 2. Chapter 7 in "SNMP, SNMPv2 and CMIP: The Practical Guide to Network Management Standards" by William Stallings, (c) 1993 Addison-Wesley, goes into some detail on the RMON MIB. 1.30.07 SUBJECT: RMON2 RMON2 is an IETF standards track effort. The IETF RMON working group started on the RMON2 MIB module back in the fall of 1994. It was published as RFC 2021 in January 1997. All of the leading probe vendors, including NetScout, Technically Elite, Solcom, HP, etc have probes that support it. Also, many of the networking device manufacturers including Bay Networks and 3Com have embedded RMON2 support in their products. There was an interoperability test summit in December 1997, which was attended by all of the companies above plus Cisco and Cabletron. The RMON2 specification is quite stable and ready for advancement in the standards process. Two additions are in the works to be published. They are RMON extensions for switches and an RMON extension for fast networks. The major difference [between RMON and RMON2] is that RMON provided statistics only at the data link layer, where as RMON2 provides statistics at the network and upper layers. As to the original questions from Paul Black, It is difficult to take advantange of all the features in RMON with generic tools. With RMON2, it is even more difficult. Try http://www.netscout.com http://www.tecelite.com http://www.solcom.com David T. Perkins [post edited for conciseness] 1.40.00 --ISODE 1.40.01 SUBJECT: What is ISODE? ------ ISODE (pronounced "eye-so-DEE") is an acronym for "ISO Develoment Environment". It is an implementation of SNMP which can be used as the starting point for further refinement by you. In order to use it you must agree to the conditions. This quote is from "The Simple Book", 2nd ed.: "[ISODE] is openly available but is NOT in the public domain. You are allowed and encouraged to take this software and use it for any lawful purpose. However, as a condition of use, you are required to hold harmless all contributors." Most MIB compilers seen by this editor sprang from ISODE roots. 1.40.02 SUBJECT: Where can I get ISODE? The old archive was ... ftp.ics.uci.edu:mrose/isode-snmpV2/isode-snmpV2.tar.Z 4BSD/ISODE 8.0 SNMPv2 package This distribution has moved. One place a copy can be obtained is listed below. Questions may be sent to ISODE-SNMPv2@ida.liu.se Mailing list may be subscribed by sending mail to isode-snmpv2-request@cs.utk.edu ftp://ftp.ida.liu.se/pub/isode-snmpV2/isode-snmpV2.tar.gz A copy of the 4BSD/ISODE 8.0 SNMPv2 package ftp://ftp.ida.liu.se/pub/isode-snmpV2/isode-8.tar.gz ftp://ftp.ida.liu.se/pub/isode-snmpV2/isode-snmpV2.tar.gz 1.40.03 SUBJECT: Is there an ISODE SNMPv2 Mailing List? Yes. To subscribe, send email to: mailto:isode-snmpv2-request@cs.utk.edu 1.50.00 --Using SNMP to Monitor or Manage 1.50.01 SUBJECT:How do I calculate utilization using SNMP? Brad Harris wrote: > We are trying to setup T-1 utilization percentage stats using ifInOctets > and ifOutOctets. MANY ANSWERS FOLLOW: 1.50.01.01 I would suggest: (DELTA(ifInOctets) + DELTA(ifOutOctets)) * 8 -------- * 100 (DELTA(sysUpTime) / 100) * 1 540 000 where DELTA(attribute) means the difference of the value of attribute between two polls. Of course, the values for ifInOctets, ifOutOctets and sysUpTime should be requested in one single PDU. Olivier Miakinen 1.50.01.02 Serial lines (including TDM systems like T1) measure interface speed as half duplex. That is, the 1.544 Megabit per second bandwidth is one way; a full duplex line actually has twice that value. 1.544 Mb for transmit, 1.544 Mb for receive. If you want the "interface utilization", then you would add outOctetcs and inOctets together, as you did, but use 3088000 for the interface speed. If you want "line utilization" (which is more valuable for typical management operations), you could use the "max" value of in or out Octets, as in the previous example. This is more useful, because the line may be at 50% utilization (using your method) and still be saturated, if all traffic is going one way. T. Max Devlin 1.50.01.03 Make sure your time delta doesn't exceed the wrap time the 32 bit MIB2 counters, ~6 Hrs for T1. Its a nice touch if ifInOctets and ifOutOctets are bound in the same PDUs. Also bind sysUpTime in each PDU so you can detect agent reload. Charlie Dellacona 1.50.01.04 T1 circuits are duplex, you have to have separate utilisation formulae for both in and out. Otherwise you run the risk of missing that your heavily utilised in one direction because the other is very light. In many configurations this is a likely situation, a short frame requesting data from a server or mainframe resulting in megabytes heading in the opposite direction. Wim Harthoorn 1.50.01.05 To make your figures mean something useful, generate incoming and outgoing utilization separately. A T1 link is full-duplex....1.544 Mbps in each direction. An organizational T1 Internet link will saturate on the incoming side while the outgoing side is less than half utilized. Your formula would indicate that the link had some extra bandwidth capability when in reality its a major bottleneck. Gary Flynn 1.50.01.06 You are missing a few subtleties of getting this exactly right. What you want to do is sample (all in one packet exchange) the values of ifInOctets, ifOutOctets, and sysUptime. Then, you sample all three again (after some interval) and use the three deltas to compute: Delta(ifInOctets)*8 -- => Input % utilization Delta(sysUptime)*154 And likewise for output. Note that there are two factors of 100 folded into the denominator (that's why 154 instead of 1540000), one since sysUptime is hundredths of a second and the second to get a percent rather than a fraction. You could also fold the 8 and 154 together as well, but that's not an integer... And be sure your Delta function properly accounts for wrapping. You should do this periodically, each time computing the deltas from the previous sample, dropping intervals that are "insane" (e.g. sysUptime has a large delta [positive or negative] compared to the wall [or monitoring system] clock). You will want to compute _both_ deltas and plot them over time as well as extracting just the maximum value. You want a sampling period that's small enough to really indicate peaks, without being so short it overloads the monitoring or monitored systems. If you can, you want to monitor both ends of the line (ifOutOctets at one end may be greater than ifInOctets at the other, in which case it's a better measure of load in that direction). Michael A. Patton 1.50.01.07 Dependent on your need for reproduction and historical tracking of the utilization and other factors such as error rates, you might want to consider purchasing a performance monitoring and reporting tool to help you through some of this. We have a tool for doing precisely what you want, and it also solves for cases of counter roll-over and sysuptime resets. Our tool is called ClearStats and is very economical and flexible. We have autodiscover and automated/scheduled reporting. Check us out at http://www.clearstats.com John Catalano 1.50.01.08 Dan Cox wrote: > if you look in the rmon mib and look at the description of > etherstatsoctets it tells you if you > want to get utilization that you sample etherstatsoctets at two > intervals and use this formula. I want someone to explain the formula > to me. > > Here it is > Packets * (9.6 + 6.4) + (Octets * .8) > utilization = ---------------------------------------------- > Interval * 10,000 > > I assuming this is for 10 mbps ethernet. > What is the 9.6 and 6.4? > Why do you need to know the number of packets? > What formula do you use if you are using 100 mbps ethernet? > What if it is full-duplex? In the formula, 9.6 is the interpacket gap time in micro seconds. 6.4 is the preamble+start-frame-delimiter time in micro seconds. Each time you send a packet, these are present. The 10,000 is the speed. You change this to 100,000 for 100 Mb/s ethernet. For full duplex, the formula is the same, but it applies to each channel. That is, full duplex is a point-to-point technology. If you connect nodes A and B. There are essentially two dedicated and contention free channels, one from from A to B and the other from B to A. You can compute utilization on each channel. David T. Perkins 1.50.01.09 Have a look at http://www.statscout.com/support/paper1.html for a little bit of info on calculating utilization statistics. Paul Koch 1.50.01.10 Raja Kolli wrote: > How do you represent the speed for full-duplex links e.g. full-duplex 10Mb > ethernet, Should it be 10Mbps or 20Mbps? Or is there any other object (new > ifType value etc.,) that can be used to represent full-duplex operation? > Appreciate any pointers on the standrards. Page 7 of RFC 2358, Definitions of Managed Objects for the Ethernet-like Interface Types, describes how the ifSpeed object from IF-MIB should be set for full-duplex ethernet interfaces: [RFC quote deleted -- go get yourself a copy. Ed.] So, the answer to your question is that for a full-duplex 10BaseT interface ifSpeed should be 10Mbps, just as it is for a half-duplex interface. C. M. "Mike" Heard 1.50.02 SUBJECT: What are Appropriate Operating Thresholds? >We've just installed brand new PS Hubs and a SSII switch 3300 with SNMP >capabilities from 3Com, and we're managing it with the Transcend Workgroup >for Windows 6.0 application. Does anyone know which are the suitable >thresholds for both hub and switch alarms? Basicly, I'd like to know just >the more usual : Total errors, FCS errors, alignment errors, broadcast >packets, runts, collisions, undersize and oversize packets, long and short >events. > > Jorge Alaman~ac [Editor's Note: T. Max Devlin's response has been edited to fit. These out takes are noted by "[...]".] Suitable thresholds are environmentally sensitive; everybody's "correct" values area little different. The best you will get from products or info sources are more "defaults" than "best guesses", IMHO. We've found that the ideal setting for thresholds does not correlate to absolute numbers, or even typical ranges. [...] The best approach, seriously, to thresholding is to consider, not some absolute concept of the perfect network metrics, but the results of the thresholding. Essentially, you should look at a simple plot of your values over a few hours and a few days (baselining), then pick a threshold value that will result in an "appropriate" number of alerts. If you want a log-style "this is how many times this happens", you might want every peak to trip the threshold. If a more report-oriented "the occurrences happened at this time", a slightly higher value might be called for. "This is a problem, you should know about it even if you can't 'fix' it" thresholds might trigger a few times a week, and the "the network is broken; get busy" alerts should essentially be set high enough so that they never happen under typical network conditions. The real issue is not what the numbers should be, but how often you want to know about it. [...] But just so I don't leave you high and dry, here's some beginning defaults, if you insist: Total errors: <2% FCS errors: <2% Alignment errors: <1% broadcast packets: Start with 10%; bring up if you are flooded, bring down if it never triggers runts: <1%, but some systems might have much larger values under normal conditions collisions: 10% undersize and oversize packets: <1% long and short events: <1% T. Max Devlin 1.50.03 SUBJECT: Are MIBs available to monitor application traffic? George Koukoulas wrote: : I would like to find out if there are any MIBs about management : of application traffic, meaning separate management of ftp, : http, telnet, smtp, etc application traffic. There are two to-be-published MIBs that may be of interest to you. The Application Management MIB provides statistics for application or service IO channels. On top of these channels, one can have transaction streams with transaction kind specific statistics. The WWW Services MIB provides a core set of statistics for Web services. It is written against an abstract document transfer protocol. Mappings to FTP and HTTP are defined in the document. Both MIBs have been approved by the IESG for publication as Prosposed Standards. They are currently sitting in the queue of the RFC editor waiting for publications as RFCs. Both MIBs are the product of the application management working group. Juergen Schoenwaelder 1.50.04 SUBJECT: How can I make sense of the Interfaces Group? You should definitely look at RFC 2863 which is the latest definition of the interfaces group. The introductionary text is very valuable in order to understand of the IF-MIB evolved over time. Juergen Schoenwaelder 1.50.04.01 > If an interface is full duplex, does that mean it can transmit at a > rate of 'ifSpeed' in each direction simultaneously, or does it mean that > the interface has 'ifSpeed' worth of bandwidth in total? > > Glenn Reesor ifSpeed should represent an estimate of the bandwidth of the interface. ifHighSpeed should be used if ifSpeed isn't large enough. http://www.faqs.org/rfcs/rfc1573.html Les Cargill There seems to be rough consensus on the former interpretation, i.e., that the interface can transmit at a rate of 'ifSpeed' in each direction simultaneously. Mike Heard 1.50.04.02 > If an interface is half duplex, does that mean that it can transmit > at a rate of 'ifSpeed' in each direction, but only one direction at a > time? > > Glenn Reesor There seems to be nearly universal agreement on this interpretation. In searching the IETF mail archive (specifically 1998-07.mail.aug4) I found the following two excerpts which might be helpful: On Friday, 3 Apr 1998, Gary Hanson wrote: > > Should the ifSpeed for a T1 interface be 1.54Mb or should it be 3.08Mb > > in that it can sustain 1.54Mb in both the transmit and receive > > The latest for the DS1-MIB is > unambiguous on this point. In section 3.1 it says to use 1544000 > for the ifSpeed for DS1 lines. On Wednesday, 20 May 1998, John Flick wrote: > > 5) How do you tell if the interface is half or full-duplex for > > both ethernet and token ring interfaces? > > The current answer for Ethernet is ifMauType. Using ifSpeed, as one > response suggested, has been used by some vendors (a survey I did a > few months ago showed about half of the responders doubled ifSpeed for > full-duplex, though most agreed that this is a kludge). The consensus > of the hubmib WG was that this should be disallowed. The hubmib WG is > currently debating whether ifMauType is adequate, or if we need to add > an object for duplex mode to either the Ethernet MIB or IF-MIB. Mike Heard 1.50.04.03 The Interfaces Group of RFC1213 has been superseded by RFC2863 and RFC2864: 2863 The Interfaces Group MIB. K. McCloghrie, F. Kastenholz. June 2000. (Format: TXT=155014 bytes) (Obsoletes RFC2233) (Status: DRAFT STANDARD) 2864 The Inverted Stack Table Extension to the Interfaces Group MIB. K. McCloghrie, G. Hanson. June 2000. (Format: TXT=21445 bytes) (Status: PROPOSED STANDARD) Although RFC1643 is a full-standard, it does not properly support 100 BaseT. It has been superseded by RFC2665, which does: 2665 Definitions of Managed Objects for the Ethernet-like Interface Types. J. Flick, J. Johnson. August 1999. (Format: TXT=110038 bytes) (Obsoletes RFC2358) (Status: PROPOSED STANDARD) Even though these are all SMIv2 MIBS, everything in them except for the Counter64 objects in the IF-MIB can indeed be implemented in an SNMPv1 agent. Mike Heard 1.50.10 SUBJECT: When do I use GETBULK versus GETNEXT? 1.50.10.01 You use GETNEXT, typically, to get selected columns from one or more rows of a table. If you want the values for columns S(1)..S(s) from columns C(1)..C(c) (where s I am looking for some Network Monitoring Software that will give > alerts when a device or server goes down and that will also log and > monitor snmp information for devices and be able to graph the data it > logged. > Cyberspew I use a combination of nagios (updated version of netsaint) and mrtg with rrdtool. Nagios provides complete network monitoring, including device and service availability. It will even produce graphics of the nodes in your network. Mrtg allows you to graph any snmp object on your network; the most common of which are incoming and outgoing traffic. I also use it to monitor cpu usage, disk usage and webcache requests. http://nagios.sf.net/ http://people.ee.ethz.ch/~oetiker/webtools/mrtg/ RRDtool is an alternative logger for mrtg, which does not generate graphs automatically, in order to save cpu time. http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/ If you do not want to go down the free route, there is program for windows that will do all of this (except you cannot choose any snmp object to graph - only traffic) from Solarwinds, called Network Performance Monitor. Their website is at http://www.solarwinds.net/. Chris 1.75.00 -- SNMP Engineering and Consulting 1.75.01 SUBJECT: SNMP Engineering and Consulting Firms [Editor's Note: Business entities named in this section should have a minimum of three years of direct experience implementing SNMP solutions at either the manager or agent node.] 1.75.01.01 Core Competence Inc. David M. Piscitello 3 Myrtle Bank Lane Hilton Head, SC 29926 Email: dave@corecom.com Phone: (843) 683-9988 Fax: (843) 689-5595 1.75.01.02 SNMP Research International, Inc. 3001 Kimberlin Heights Road Knoxville, TN 37920-9716 Ph: 865-579-3311 Fx: 865-579-6565 mailto:info@snmp.com http://www.snmp.com SNMP Research provides consulting and development services in conjunction with the licensing of our products and development tools. Our customers' needs include the following: Product definition MIB design, Hardware design Implementation System integration/testing Life-cycle maintenance Our expertise and business model allows us to match our resources with customers' needs anywhere along this spectrum. 1.75.01.03 Panther Digital Corporation Danbury, CT OEM Software Engineers and Consultants http://www.pantherdig.com panther@pantherdig.com 203 312-0349 1.75.01.04 G & H Computer Services, Inc Daytona Beach, FL http://www.gandhsoftware.com 904 255-1599 904 253-1545 FAX 1.75.01.05 Prism Communications, Inc 10015 Old Columbia Road, Suite F-100 Columbia MD 21046 Tel: 410-381-1515 Fax: 410-381-8787 mailto: info@prismComm.com http://www.prismComm.com Prism Communications has extensive experience with the development of SNMP v1/2/3 based solutions including RMON1/2 and AgentX. Customers look to us to design enterprise MIBs, develop embedded agents, extend/develop manager frameworks, develop scripts for detailed testing. We have extensive experience with VxWorks/pSOS, Win32 and Solaris environments and are a Solutions Partner for HP OpenView. END OF PART 1, SNMP FAQ PLEASE CONTINUE WITH PART 2.