Simple Network Management Protocol
简单网络管理协议
Table of Contents
目录
Chapter Goals章节目标
[url=http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/snmp.htm#xtocid1]Simple Network Management Protocol简单网络管理协议
Background背景SNMP Basic ComponentsSNMP基本组成SNMP Basic CommandsSNMP基本命令SNMP Management Information BaseSNMP管理信息基础SNMP and Data RepresentationSNMP和数据表示SNMP Version 1SNMP v1
SNMPv1 and Structure of Management InformationSNMPv1和管理信息结构
SNMPv1 and ASN.1 Data TypesSNMPv1和ASN.1数据类型SNMP MIB TablesSNMP MIB表
SNMPv1 Protocol OperationsSNMPv1协议实施
SNMPv2 and Structure of Management InformationSNMPv2和数据信息结构SMI Information Modules系统管理中断信息模块SNMPv2 Protocol OperationsSNMPv2协议实施
SNMP ManagementSNMP管理SNMP SecuritySNMP安全SNMP InteroperabilitySNMP协作
Proxy Agents代理服务器代理Bilingual Network-Management System能说两种语言的网络管理系统
SNMP Reference: SNMPv1 Message FormatsSNMP参考: SNMPv1消息格式
SNMPv1 Message HeaderSNMPv1消息头SNMPv1 Protocol Data UnitSNMPv1协议数据单元Trap PDU Format陷阱协议数据单元格式
SNMP Reference: SNMPv2 Message FormatSNMP参考: SNMPv2消息格式
SNMPv2 Message HeaderSNMPv2消息头SNMPv2 Protocol Data Unit”SNMPv2协议数据单元
Get Bulk PDU Format取得散装协议数据单元格式
Chapter Goals
章节目标
Discuss the SNMP Management Information Base. Describe SNMP version 1. Describe SNMP version 2. 论述SNMP管理信息基础
描述SNMP v1
描述SNMP v2
Simple Network Management Protocol
简单网络管理协议
Background
背景
The Simple Network Management Protocol (SNMP) is an application layer protocol that facilitates the exchange of management information between network devices. It is part of the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite. SNMP enables network administrators to manage network performance, find and solve network problems, and plan for network growth.
简单网络管理协议(SNMP)是一种应用层协议, 便于在网络设备间交换管理信息. 它是TCP/IP协议簇的一部分. 网络管理员使用SNMP管理网络性能, 发现和解决网络故障, 并计划网络增长.
Two versions of SNMP exist: SNMP version 1 (SNMPv1) and SNMP version 2 (SNMPv2). Both versions have a number of features in common, but SNMPv2 offers enhancements, such as additional protocol operations. Standardization of yet another version of SNMP—SNMP Version 3 (SNMPv3)—is pending. This chapter provides descriptions of the SNMPv1 and SNMPv2 protocol operations. Figure 56-1 illustrates a basic network managed by SNMP.
有两种SNMP版本: SNMP v1和SNMP v2. 它们有一些共同的特征, 但SNMPv2提供增强功能, 例如附加的协议操作.另一种版本SNMPv3的标准化还没有完成. 这一章提供对SNMPv1和SNMPv2协议操作的描述. 图56-1描述SNMP管理的基本网络.
Figure 56-1: SNMP Facilitates the Exchange of Network Information Between Devices
图 56-1: SNMP便于设备间的网络信息的交换.
SNMP Basic Components
SNMP基本组成
An SNMP-managed network consists of three key components: managed devices, agents, and network-management systems (NMSs).
一个SNMP管理的网络包含三个主要部分: 被管理设备、代理和网络管理系统(NMSs).
A managed device is a network node that contains an SNMP agent and that resides on a managed network. Managed devices collect and store management information and make this information available to NMSs using SNMP. Managed devices, sometimes called network elements, can be routers and access servers, switches and bridges, hubs, computer hosts, or printers.
一个被管理设备是一个包含一个SNMP代理并处于被管理的网络中的一个网络结点。被管理设备收集和存储管理信息,并使用SNMP使这些信息对网络管理系统有用。被管理设备有时被称为网络元素,可能是路由器和访问服务器,交换机和网桥,集线器,计算机主机或打印机。
An agent is a network-management software module that resides in a managed device. An agent has local knowledge of management information and translates that information into a form compatible with SNMP.
代理是处于被管理设备中的一个网络管理软件模块。代理有管理信息的本地知识,并能转化为SNMP一致的格式。
An NMS executes applications that monitor and control managed devices. NMSs provide the bulk of the processing and memory resources required for network management. One or more NMSs must exist on any managed network.
网络管理系统执行应用程序监控被管理设备。网络管理系统为网络管理提供大量的处理和内存资源。在任何被管理的网络中至少存在一个网络管理系统。
Figure 56-2 illustrates the relationships of these three components.
图 56-2 描述了这三个组成的关系。
Figure 56-2: An SNMP-Managed Network Consists of Managed Devices, Agents, and NMSs
图 56-2:SNMP被管理网络包含被管理设备、代理和网络管理系统
SNMP Basic Commands
SNMP基本命令
Managed devices are monitored and controlled using four basic SNMP commands: read, write, trap, and traversal operations.
被管理设备被监控,使用如下四个基本SNMP命令:读,写,陷阱和traversal操作。
The read command is used by an NMS to monitor managed devices. The NMS examines different variables that are maintained by managed devices.
网络管理系统使用读命令来监控被管理设备。网络管理系统检查被被管理设备维持的不同的变量。
The write command is used by an NMS to control managed devices. The NMS changes the values of variables stored within managed devices.
网络管理系统使用写命令控制被管理设备。网络管理系统改变存储在被管理设备中的变量值。
The trap command is used by managed devices to asynchronously report events to the NMS. When certain types of events occur, a managed device sends a trap to the NMS.
被管理设备使用陷阱命令向网络管理系统asynchronously报告事件。当一定类型的事件发生,被管理设备向网络管理系统发送一个陷阱。
Traversal operations are used by the NMS to determine which variables a managed device supports and to sequentially gather information in variable tables, such as a routing table.
网络管理系统使用Traversal操作决定被管理设备支持那些变量,从而收集信息到变量表中,例如路由表。
SNMP Management Information Base
SNMP管理信息库
A Management Information Base (MIB) is a collection of information that is organized hierarchically. MIBs are accessed using a network-management protocol such as SNMP. They are comprised of managed objects and are identified by object identifiers.
管理信息库是被hierarchically组织的信息的收集。管理信息库使用网络管理协议如SNMP访问。它们包含被管理对象和被对象标识符识别。
A managed object (sometimes called a MIB object, an object, or a MIB) is one of any number of specific characteristics of a managed device. Managed objects are comprised of one or more object instances, which are essentially variables.
一个被管理对象(有时被称为一个管理信息库对象,一个对象或一个管理系统库)是被管理设备中所有特殊的特征中的一个。被管理对象包含一个或多个对象实例(实质上是变量)。
Two types of managed objects exist: scalar and tabular. Scalar objects define a single object instance. Tabular objects define multiple related object instances that are grouped in MIB tables.
有两种类型的被管理对象:标量和列表。标题对象定义一个单独的对象实例。列表对象定义多个关联的对象实例,并分组在同一个管理信息库表中。
An example of a managed object is at input, which is a scalar object that contains a single object instance, the integer value that indicates the total number of input AppleTalk packets on a router interface.
一个被管理对象的例子是输入,一个标量对象包含一个单独的对象实例,整型值显示在路由器接口上输入AppleTalk数据包的总数目。
An object identifier (or object ID) uniquely identifies a managed object in the MIB hierarchy. The MIB hierarchy can be depicted as a tree with a nameless root, the levels of which are assigned by different organizations. Figure 56-3 illustrates the MIB tree.
一个对象标识符(对象ID)在管理信息库层次中独特地识别一个被管理对象。管理信息库层次能被描述为一棵没有名字的根的树,水平被不同的组织指派。图 56-3 描述管理信息库树。
The top-level MIB object IDs belong to different standards organizations, while lower-level object IDs are allocated by associated organizations.
顶层MIB对象ID属于不同的标准组织,同时低层对象ID被联合的组织分配。
Vendors can define private branches that include managed objects for their own products. MIBs that have not been standardized typically are positioned in the experimental branch.
卖主可以定义私有的分支,为他们自己的产品包含被管理对象。管理信息库在实验的分支中还没有代表性地标准化。
The managed object at input can be uniquely identified either by the object name—iso.identified-organization.dod.internet.private.enterprise.cisco.temporary variables. AppleTalk. At input —or by the equivalent object descriptor, 1.3.6.1.4.1.9.3.3.1.
被管理对象输入能被独特地标识,对象名称(国际标准化组织).被识别(组织)模块.互联网.私有的.企业.思科.临时变量.AppleTalk。输入或等价的对象描述符,1.3.6.1.4.1.9.3.3.1.
Figure 56-3: The MIB Tree Illustrates the Various Hierarchies Assigned by Different Organizations
图 56-3:管理信息库树描述了不同的组织分配了不同变量层次
SNMP and Data Representation
SNMP和数据表示
SNMP must account for and adjust to incompatibilities between managed devices. Different computers use different data representation techniques, which can compromise the capability of SNMP to exchange information between managed devices. SNMP uses a subset of Abstract Syntax Notation One (ASN.1) to accommodate communication between diverse systems.
SNMP在被管理设备之间必须说明和调整到不相容。不同的计算机使用不同的数据表示技术,能折衷SNMP的性能在被管理设备间交换信息。SNMP使用抽象语法符号1(ASN.1)的子集在不同的系统之间提供通讯。
SNMP Version 1
SNMPv1
SNMP version 1 (SNMPv1) is the initial implementation of the SNMP protocol. It is described in Request For Comments (RFC) 1157 and functions within the specifications of the Structure of Management Information (SMI). SNMPv1 operates over protocols such as User Datagram Protocol (UDP), Internet Protocol (IP), OSI Connectionless Network Service (CLNS), AppleTalk Datagram-Delivery Protocol (DDP), and Novell Internet Packet Exchange (IPX). SNMPv1 is widely used and is the de facto network-management protocol in the Internet community.
SNMPv1是SNMP协议的最初实现。它在请求注释(RFC)1157中有描述,管理信息结构(SMI)规范中有功能描述。SNMPv1运行在协议之上,如UDP,IP,开放式系统互联参考模型无连接网络服务(CLNS),AppleTalk数据报投递协议(DDP),和Novell网络数据报交换(IPX)。SNMPv1被广泛地使用,成为因特网内事实上的网络管理协议。
SNMPv1 and Structure of Management Information
SNMPv1和管理信息结构
The Structure of Management Information (SMI) defines the rules for describing management information, using Abstract Syntax Notation One (ASN.1). The SNMPv1 SMI is defined in RFC 1155. The SMI makes three key specifications: ASN.1 data types, SMI-specific data types, and SNMP MIB tables.
管理信息结构(SMI)定义描述管理信息的规则,使用抽象语法符号1(ASN.1)。SNMPv1 管理信息结构被定义在RFC1155中。管理信息结构制定三种主要的规范:ASN.1数据类型,SMI-specific数据类型和SNMP MIB表。
SNMPv1 and ASN.1 Data Types
SNMPv1和ASN.1数据类型
The SNMPv1 SMI specifies that all managed objects have a certain subset of Abstract Syntax Notation One (ASN.1) data types associated with them. Three ASN.1 data types are required: name, syntax, and encoding. The name serves as the object identifier (object ID). The syntax defines the data type of the object (for example, integer or string). The SMI uses a subset of the ASN.1 syntax definitions. The encoding data describes how information associated with a managed object is formatted as a series of data items for transmission over the network.
SNMPv1管理信息结构指定所有被管理对象有一个抽象语法符号1(ASN.1)数据类型的子集与它们关联。三种ASN.1数据类型是必需的:姓名、语法和编码。服务的名称被看作对象标识符(对象ID)。语法定义对象的数据类型(例如,整型或字符串)。管理信息结构使用ASN.1语法定义的子集。编码数据描述信息怎么被关联到被管理对象,被格式化为一系列数据项,用于网络传输。
SNMPv1 and SMI-Specific Data Types
SNMPv1和管理信息结构-specific数据类型
The SNMPv1 SMI specifies the use of a number of SMI-specific data types, which are divided into two categories: simple data types and application-wide data types.
SNMPv1管理信息结构指定一系列管理信息结构-specific数据类型的使用,被划分为两种:简单数据类型和广泛应用数据类型。
Three simple data types are defined in the SNMPv1 SMI, all of which are unique values: integers, octet strings, and object IDs. The integer data type is a signed integer in the range of -2,147,483,648 to 2,147,483,647. Octet strings are ordered sequences of 0 to 65,535 octets. Object IDs come from the set of all object identifiers allocated according to the rules specified in ASN.1.
三种简单数据类型被定义在SNMPv1管理信息结构中,所有取唯一的值:整型、八位位组字符串和对象ID。整型数据类型是一个范围在-2,147,483,648 to 2,147,483,647之间的单独的整型。八位位组字符串是0到65535八位位组的规则序列。对象ID来自所有对象标识符依照ASN.1中的指定规则分配的。
Seven application-wide data types exist in the SNMPv1 SMI: network addresses, counters, gauges, time ticks, opaques, integers, and unsigned integers. Network addresses represent an address from a particular protocol family. SNMPv1 supports only 32-bit IP addresses. Counters are non-negative integers that increase until they reach a maximum value and then return to zero. In SNMPv1, a 32-bit counter size is specified. Gauges are non-negative integers that can increase or decrease but that retain the maximum value reached. A time tick represents a hundredth of a second since some event. An opaque represents an arbitrary encoding that is used to pass arbitrary information strings that do not conform to the strict data typing used by the SMI. An integer represents signed integer-valued information. This data type redefines the integer data type, which has arbitrary precision in ASN.1 but bounded precision in the SMI. An unsigned integer represents unsigned integer-valued information and is useful when values are always non-negative. This data type redefines the integer data type, which has arbitrary precision in ASN.1 but bounded precision in the SMI.
七种广泛应用数据类型存在在SNMPv1管理信息结构:网络地址、计数器、规格、时间记号、不透明物和无符号整型。网络地址表示一个来自一个特殊协议族的一个地址。SNMPv1只支持32位IP地址。计数器是非负整型,增加直至达到最大值,然后返回到零。在SNMPv1中,一个32位计数器大小被指定。规格是非负整型,能增加或减少,但它们保留达到的最大值。时间记号表示自一些事件的一秒的每一百。不透明物表示一个任意的编码,被使用在任意的信息字符串中,在管理信息系统中,不需要与严格的数据类型一致。整型表示有符号的整型值信息。这个数据类型重新定义了整型数据类型,在ASN.1中有任意的精确度,但是在管理信息结构中,是有限制的。无符号整型表示无符号整型值信息,整型数据类型在ASN.1中有任意的精确度,但是在管理信息结构中是有限制的。
SNMP MIB Tables
SNMP管理信息库表
The SNMPv1 SMI defines highly structured tables that are used to group the instances of a tabular object (that is, an object that contains multiple variables). Tables are composed of zero or more rows, which are indexed in a way that allows SNMP to retrieve or alter an entire row with a single Get, GetNext, or Set command.
SNMPv1管理信息结构定义抽象的结构表,用于分组列表对象(一个对象包含多个变量)实例。表格由零或多行组成,在某种程序上,索引允许SNMP使用简单的Get,GetNext或Set命令去重新得到或改变一个完整的行。
SNMPv1 Protocol Operations
SNMPv1协议操作
SNMP is a simple request/response protocol. The network-management system issues a request, and managed devices return responses. This behavior is implemented by using one of four protocol operations: Get, GetNext, Set, and Trap. The Get operation is used by the NMS to retrieve the value of one or more object instances from an agent. If the agent responding to the Get operation cannot provide values for all the object instances in a list, it does not provide any values. The GetNext operation is used by the NMS to retrieve the value of the next object instance in a table or a list within an agent. The Set operation is used by the NMS to set the values of object instances within an agent. The Trap operation is used by agents to asynchronously inform the NMS of a significant event.
SNMP是一种简单的请求/应答协议。网络管理系统发出一个请求,被管理设备返回一个应答。这种行为使用使用四种协议操作:Get,GetNext,Set,和Trap中的一种实现。Get操作被网络管理系统用于重新取得代理中一个或多个对象实例的值。GetNext操作被网络管理系统用于重新取得代理中表格或链表中下一个对象实例的值。Set操作被网络管理系统用于在代理中设置一个对象实例的值。Trap操作被代理用于asynchronously通知网络管理系统一个有意义的事件。
SNMP Version 2
SNMPv2
SNMP version 2 (SNMPv2) is an evolution of the initial version, SNMPv1. Originally, SNMPv2 was published as a set of proposed Internet standards in 1993; currently, it is a draft standard. As with SNMPv1, SNMPv2 functions within the specifications of the Structure of Management Information (SMI). In theory, SNMPv2 offers a number of improvements to SNMPv1, including additional protocol operations.
SNMPv2是初始版本SNMPv1的发展,最初,SNMPv2在1993年以被提议为因特网标准发布;当前,它是一个标准草案。在管理信息结构规范中有SNMPv1,SNMPv2功能功能详述。在理论上,SNMP2提供了SNMPv1的实现,包括附加的协议操作。
SNMPv2 and Structure of Management Information
SNMPv2和管理信息结构
The Structure of Management Information (SMI) defines the rules for describing management information, using ASN.1.
管理信息结构(SMI)定义了使用ASN.1描述管理信息的规则。
The SNMPv2 SMI is described in RFC 1902. It makes certain additions and enhancements to the SNMPv1 SMI-specific data types, such as including bit strings, network addresses, and counters. Bit strings are defined only in SNMPv2 and comprise zero or more named bits that specify a value. Network addresses represent an address from a particular protocol family. SNMPv1 supports only 32-bit IP addresses, but SNMPv2 can support other types of addresses as well. Counters are non-negative integers that increase until they reach a maximum value and then return to zero. In SNMPv1, a 32-bit counter size is specified. In SNMPv2, 32-bit and 64-bit counters are defined.
SNMPv2管理信息结构在RFC1902中有描述。它制定了一些对SNMPv1管理信息结构-specific数据类型额外的增强,例如包含位字符串,网络地址和计数器。位字符串中只在SNMPv2中有定义,由零或更多的指定值的位组成。网络地址表示一个来自特殊协议族的地址。SNMPv1只支持32位IP地址,但SNMPv2能支持其他类型的地址。计数器是非负整型,增加直到它们达到最大值,然后返回到零。在SNMPv1中,32位计数器大小是指定的。在SNMPv2中,32位和64位计数器被定义。
SMI Information Modules
管理信息结构信息模块
The SNMPv2 SMI also specifies information modules, which specify a group of related definitions. Three types of SMI information modules exist: MIB modules, compliance statements, and capability statements. MIB modules contain definitions of interrelated managed objects. Compliance statements provide a systematic way to describe a group of managed objects that must be implemented for conformance to a standard. Capability statements are used to indicate the precise level of support that an agent claims with respect to a MIB group. An NMS can adjust its behavior toward agents according to the capabilities statements associated with each agent.
SNMPv2管理信息结构也指定信息模块,指定一组关联的定义。有三种类型的管理信息结构信息模块:MIB模块,顺从声明和性能声明。MIB模块包含相关的被管理对象的定义。顺从声明提供描述一组被管理对象的一种系统方法,必须实现与标准一致。性能声明显示支持的精确层次,代理要求考虑MIB组。为了代理依照性能声明关联到每个代理,网络管理系统可以调整它的行为。
SNMPv2 Protocol Operations
SNMPv2协议操作
The Get, GetNext, and Set operations used in SNMPv1 are exactly the same as those used in SNMPv2. However, SNMPv2 adds and enhances some protocol operations. The SNMPv2 Trap operation, for example, serves the same function as that used in SNMPv1, but it uses a different message format and is designed to replace the SNMPv1 Trap.
Get,GetNext和Set操作用于SNMPv1中,在SNMPv2中可以正确地同样使用。SNMPv2增加和增强一些协议操作。SNMPv2 Trap操作,例如,提供同样的功能在SNMPv2中,但是它使用一种不同的消息格式,被设计用于替代SNMPv1 陷阱。
SNMPv2 also defines two new protocol operations: GetBulk and Inform. The GetBulk operation is used by the NMS to efficiently retrieve large blocks of data, such as multiple rows in a table. GetBulk fills a response message with as much of the requested data as will fit. The Inform operation allows one NMS to send trap information to another NMS and to then receive a response. In SNMPv2, if the agent responding to GetBulk operations cannot provide values for all the variables in a list, it provides partial results.
SNMPv2也定义两种新的协议操作:GetBulk和Inform。GetBulk操作被网络管理系统有效地重新取得大块的数据,例如表中的多行。GetBulk填充一个合适的并足够多的被请求的应答消息。Inform操作允许一个网络管理系统发送陷阱信息到另一个网络管理系统,然后重新行到一个应答。在SNMPv2中,如果代理应答GetBulk操作不能提供链表中所有变量的值,它将提供部分结果。
SNMP Management
SNMP管理
SNMP is a distributed-management protocol. A system can operate exclusively as either an NMS or an agent, or it can perform the functions of both. When a system operates as both an NMS and an agent, another NMS might require that the system query manage devices and provide a summary of the information learned, or that it report locally stored management information.
SNMP是一种分布式的管理协议。系统能操作专用地NMS或代理,或它都能执行功能。当一个系统操作如NMS和代理,另一个NMS可能需要系统询问管理设备,提供有学问的信息的摘要,或报告局部的存储管理信息。
SNMP Security
SNMP安全
SNMP lacks any authentication capabilities, which results in vulnerability to a variety of security threats. These include masquerading occurrences, modification of information, message sequence and timing modifications, and disclosure. Masquerading consists of an unauthorized entity attempting to perform management operations by assuming the identity of an authorized management entity. Modification of information involves an unauthorized entity attempting to alter a message generated by an authorized entity so that the message results in unauthorized accounting management or configuration management operations. Message sequence and timing modifications occur when an unauthorized entity reorders, delays, or copies and later replays a message generated by an authorized entity. Disclosure results when an unauthorized entity extracts values stored in managed objects, or learns of notifiable events by monitoring exchanges between managers and agents. Because SNMP does not implement authentication, many vendors do not implement Set operations, thereby reducing SNMP to a monitoring facility.
SNMP缺乏任何的证明能力,导致多种安全攻击威胁。包括伪装事件,修改信息,消息序列,定时修改和揭发。伪装事件包括一个未授权的实体企图通过伪装成一个经授权的管理实体来执行管理操作。修改信息包括未授权的实体企图更改一个经授权的实体产生的消息,从而消息导致未授权管理或配置管理操作。当一个未授权的实体重新排序,延迟或拷贝和更新重放一个经授权实体产生的消息,消息序列和定时修改发生。当一个未经授权的实体析取存储在被管理对象中的值或学习须申报的监视管理器与代理间的交换事件时,揭发结果。因为SNMP没有实现鉴定,许多卖主没有实现Set操作,因此削减了SNMP的监控能力。
SNMP Interoperability
SNMP协作
As presently specified, SNMPv2 is incompatible with SNMPv1 in two key areas: message formats and protocol operations. SNMPv2 messages use different header and protocol data unit (PDU) formats than SNMPv1 messages. SNMPv2 also uses two protocol operations that are not specified in SNMPv1. Furthermore, RFC 1908 defines two possible SNMPv1/v2 coexistence strategies: proxy agents and bilingual network-management systems.
在目前的说明中,SNMPv2与SNMPv1在两个主要领域是矛盾的:消息格式和协议操作。SNMPv2消息使用不同于SNMPv1的头和协议数据单元(PDU)格式。SNMPv2也使用两种在SNMPv1中没有指定的协议操作。此外,RFC1908定义在SNMPv1/v2中可能共存的策略:代理服务器代理和能说两种语言的网络管理系统。
Proxy Agents
代理服务器代理
An SNMPv2 agent can act as a proxy agent on behalf of SNMPv1 managed devices, as follows:
An SNMPv2 NMS issues a command intended for an SNMPv1 agent. The NMS sends the SNMP message to the SNMPv2 proxy agent. The proxy agent forwards Get, GetNext, and Set messages to the SNMPv1 agent unchanged. GetBulk messages are converted by the proxy agent to GetNext messages and then are forwarded to the SNMPv1 agent. The proxy agent maps SNMPv1 trap messages to SNMPv2 trap messages and then forwards them to the NMS.
SNMPv2代理能作为一个代理服务器代理在SNMPv1被管理设备上,如下:
SNMPv2网络管理系统为SNMPv1代理发布一个有意义的命令
网络管理系统发送SNMP消息到SNMPv2代理服务器代理
代理服务器代理无变化地执行Get,GetNext和Set消息到SNMPv1代理
GetBulk消息被代理服务器代理修改为GetNext消息,然后转寄到SNMPv1代理
代理服务器代理绘制SNMPv1陷阱消息到SNMPv2陷阱消息,然后把它们传送到网络管理系统。
Bilingual Network-Management System
能说两种语言的网络管理系统
Bilingual SNMPv2 network-management systems support both SNMPv1 and SNMPv2. To support this dual-management environment, a management application in the bilingual NMS must contact an agent. The NMS then examines information stored in a local database to determine whether the agent supports SNMPv1 or SNMPv2. Based on the information in the database, the NMS communicates with the agent using the appropriate version of SNMP.
能说两种语言的SNMPv2网络管理系统支持SNMPv1和SNMPv2。为支持双重的管理环境,一个在能说两种语言的网络管理系统中的管理应用程序必须连接到一个代理。网络管理系统然后解释存储在本地数据库中的信息,决定支持SNMPv1或SNMPv2代理。依赖于数据库中的信息,网络管理系统使用SNMP适当的版本与代理通信。
SNMP Reference: SNMPv1 Message Formats
SNMP参考:SNMPv1消息格式
SNMPv1 messages contain two parts: a message header and a protocol data unit (PDU). Figure 56-4 illustrates the basic format of an SNMPv1 message.
SNMPv1消息消息包含两部分:消息头和协议数据单元(PDU)。图 56-4 描述SNMPv1消息的基本格式。
Figure 56-4: An SNMPv1 Message Consists of a Header and a PDU
图 56-4:SNMPv1消息包含头和PDU
SNMPv1 Message Header
SNMPv消息头
SNMPv1 message headers contain two fields: Version Number and Community Name. The following descriptions summarize these fields:
Version number—Specifies the version of SNMP used. Community name—Defines an access environment for a group of NMSs. NMSs within the community are said to exist within the same administrative domain. Community names serve as a weak form of authentication because devices that do not know the proper community name are precluded from SNMP operations. SNMPv1消息头包含两部分:版本号和团体名称。
下面描述了这些域的概述:
版本号——指定使用的SNMP的版本
团体名——为一组网络管理系统定义一个访问环境。在网络管理系统中,团体存在于相同的管理领域。因为设备能排除未知的正当的团体名的SNMP操作,所以团体名服务可作为一种弱的形式的鉴定。
SNMPv1 Protocol Data Unit
SNMPv1协议数据单元
SNMPv1 PDUs contain a specific command (Get, Set, and so on) and operands that indicate the object instances involved in the transaction. SNMPv1 PDU fields are variable in length, as prescribed by ASN.1. Figure 56-5 illustrates the fields of the SNMPv1 Get, GetNext, Response, and Set PDUs transactions.
SNMPv1协议数据单元包含一系列明确的命令(Get,Set等)和操作数,显示与处理事务有关的对象实例。SNMPv1协议数据单元域长度是可变的,由ASN.1规定。图 56-5 描述了SNMPv1 Get,GetNext,Response和Set协议数据单元处理的域。
Figure 56-5: SNMPv1 Get, GetNext, Response, and Set PDUs Contain the Same Fields
图 56-5:SNMPv1 Get,GetNext,Response和Set数据协议单元包含相同的部分
The following descriptions summarize the fields illustrated in Figure 56-5:
PDU type—Specifies the type of PDU transmitted. Request ID—Associates SNMP requests with responses. Error status—Indicates one of a number of errors and error types. Only the response operation sets this field. Other operations set this field to zero. Error index—Associates an error with a particular object instance. Only the response operation sets this field. Other operations set this field to zero. Variable bindings—Serves as the data field of the SNMPv1 PDU. Each variable binding associates a particular object instance with its current value (with the exception of Get and GetNext requests, for which the value is ignored). 下面描述了图56-5中被描述的域的概述:
PDU类型——指定传输的PDU的类型
请求ID ——使SNMP请求和应答相联系
错误情形——显示错误和错误类型。只有应答操作规定这个域。其它操作设置这个域为零。
错误索引——使一个错误与一个特殊的对象实例相联系。只有应答操作有这个域。其它操作这个域为零。
变量捆绑——服务当作SNMPv1协议数据单元的数据域。每个变量捆绑与一个特殊的对象实例及其当前值(使用Get和GetNext请求的异常,这个值被忽略)相关联。
Trap PDU Format
陷阱PDU格式
Figure 56-6 illustrates the fields of the SNMPv1 Trap PDU.
图 56-6 描述了SNMPv1陷阱协议数据单元的域。
Figure 56-6: The SNMPv1 Trap PDU Consists of Eight Fields
图 56-6:SNMPv1陷阱协议数据单元包含八部分:
The following descriptions summarize the fields illustrated in Figure 56-6:
Enterprise—Identifies the type of managed object generating the trap. Agent address—Provides the address of the managed object generating the trap. Generic trap type—Indicates one of a number of generic trap types. Specific trap code—Indicates one of a number of specific trap codes. Time stamp—Provides the amount of time that has elapsed between the last network reinitialization and generation of the trap. Variable bindings—The data field of the SNMPv1 Trap PDU. Each variable binding associates a particular object instance with its current value. 下面描述了在图56-6中描述的各个域的概述:
企业——识别产生陷阱的被管理对象的类型
代理地址——提供产生陷阱的被管理对象的地址
一般的陷阱类型——显示一般的陷阱类型
明确的陷阱编码——显示明确的陷阱代码
时间邮票——提供在最后的网络reinitialization和产生陷阱之间流逝的时间
变量捆绑——SNMPv1 陷阱协议数据单元的数据域。每个变量绑定关联到一个特殊的对象实例及其当前值。
SNMP Reference: SNMPv2 Message Format
SNMP参考:SNMPv2消息格式
SNMPv2 messages consist of a header and a PDU. Figure 56-7 illustrates the basic format of an SNMPv2 message.
SNMPv2消息包含头和PDU。图 56-7 描述了一个SNMPv2消息的基本格式。
Figure 56-7: SNMPv2 Messages Also Consist of a Header and a PDU
图 56-7:SNMPv2消息也包含头和PDU
SNMPv2 Message Header
SNMPv2消息头
SNMPv2 message headers contain two fields: Version Number and Community Name. The following descriptions summarize these fields:
Version number—Specifies the version of SNMP that is being used. Community name—Defines an access environment for a group of NMSs. NMSs within the community are said to exist within the same administrative domain. Community names serve as a weak form of authentication because devices that do not know the proper community name are precluded from SNMP operations. SNMPv1消息头包含两部分:版本号和团体名称。
下面描述了这些域的概述:
版本号——指定使用的SNMP的版本
团体名——为一组网络管理系统定义一个访问环境。在网络管理系统中,团体存在于相同的管理领域。因为设备能排除未知的正当的团体名的SNMP操作,所以团体名服务可作为一种弱的形式的鉴定。
SNMPv2 Protocol Data Unit
SNMPv2协议数据单元
SNMPv2 specifies two PDU formats, depending on the SNMP protocol operation. SNMPv2 PDU fields are variable in length, as prescribed by Abstract Syntax Notation One (ASN.1).
SNMPv2指定了两种PDU格式,依赖于SNMP协议操作。SNMPv2协议数据单元的长度是可变的,,由ASN.1规定。
Figure 56-8 illustrates the fields of the SNMPv2 Get, GetNext, Inform, Response, Set, and Trap PDUs.
图 56-5 描述了SNMPv2 Get,GetNext,Response和Set协议数据单元处理的域。
Figure 56-8: SNMPv2 Get, GetNext, Inform, Response, Set, and Trap PDUs Contain the Same Fields
图 56-5:SNMPv1 Get,GetNext,Response和Set数据协议单元包含相同的部分
The following descriptions summarize the fields illustrated in Figure 56-8:
PDU type—Identifies the type of PDU transmitted (Get, GetNext, Inform, Response, Set, or Trap). Request ID—Associates SNMP requests with responses. Error status—Indicates one of a number of errors and error types. Only the response operation sets this field. Other operations set this field to zero. Error index—Associates an error with a particular object instance. Only the response operation sets this field. Other operations set this field to zero. Variable bindings—Serves as the data field of the SNMPv2 PDU. Each variable binding associates a particular object instance with its current value (with the exception of Get and GetNext requests, for which the value is ignored). 下面描述了图56-5中被描述的域的概述:
PDU类型——指定传输的PDU的类型
请求ID ——使SNMP请求和应答相联系
错误情形——显示错误和错误类型。只有应答操作规定这个域。其它操作设置这个域为零。
错误索引——使一个错误与一个特殊的对象实例相联系。只有应答操作有这个域。其它操作这个域为零。
变量捆绑——服务当作SNMPv1协议数据单元的数据域。每个变量捆绑与一个特殊的对象实例及其当前值(使用Get和GetNext请求的异常,这个值被忽略)相关联。
GetBulk PDU Format
GetBulk协议数据单元格式
Figure 56-9 illustrates the fields of the SNMPv2 GetBulk PDU.
图 56-9描述了SNMPv2 GetBulk协议数据单元的域。
Figure 56-9: The SNMPv2 GetBulk PDU Consists of Seven Fields
图 56-9:SNMPv2 GetBulk协议数据单元包含七部分
The following descriptions summarize the fields illustrated in Figure 56-9:
PDU type—Identifies the PDU as a GetBulk operation. Request ID—Associates SNMP requests with responses. Non repeaters—Specifies the number of object instances in the variable bindings field that should be retrieved no more than once from the beginning of the request. This field is used when some of the instances are scalar objects with only one variable. Max repetitions—Defines the maximum number of times that other variables beyond those specified by the Non repeaters field should be retrieved. Variable bindings—Serves as the data field of the SNMPv2 PDU. Each variable binding associates a particular object instance with its current value (with the exception of Get and GetNext requests, for which the value is ignored). 下面描述了图56-9中描述的域的概述:
PDU类型——识别一个GetBulk操作的PDU
请求ID ——关联SNMP请求和应答
非中继器——在变量绑定域中,指定一系列对象实例,应该不止一次地从请求的开始处重新得到。当一些实例标题对象只有一个变量时,这个域被使用。
最大重复——定义其它变量被非中继器域应该被重新得到的指定的最大时间
变量绑定——服务当作SNMPv2协议数据单元的数据域。每个变量绑定关联到一个特殊对象实例及其当前值(使用Get和GetNext请求的异常,这个值被忽略)。
Review Questions
复习问题
Q—What are MIBs, and how are they accessed?
A—A Management Information Base (MIB) is a collection of information that is organized hierarchically. MIBs are accessed using a network-management protocol such as SNMP. They are comprised of managed objects and are identified by object identifiers.
Q—什么是MIBs,如何访问?
A—管理信息库(MIB)是一个有组织的有层次的收集信息。MIBs使用网络管理协议如SNMP访问。包含被管理对象和对象标识符鉴定。
Q—SNMP uses a series of _____ and ______to manage the network.
A—Gets and Puts. SNMP uses a Get object and a Put object to manage devices on a network such as get counters.
Q—SNMP使用一系列____和____来管理网络。
A—Gets和Puts。在网络中SNMP使用一个Get对象和一个Put对象去管理设备,如取得计数器。
Q—Name three of the seven fields of the SNMP v2 GETBULK.
A—PDU Type, Request ID, Nonrepeaters, Max Repetitions, Variable Bindings (the variable bindings consists of variable object fields that make up the three remaining fields).
Q—命名SNMPv2 GETBULK 的3/7域。
A—PDU类型,请求ID,非中继器,最大重复,变量绑定(变量绑定包含变量对象域由三个保留域组成)。