This chapter explains the following Simple Network Management Protocol (SNMP) information:
SNMP Services allows network management stations to obtain timely information about the network activities of OpenVMS server hosts. The information describes such things as routing, line status, the volume of network traffic, and error conditions.
In SNMP, network communication lines are called links. When counting the number of IP datagrams sent and received over most links, the SNMP agent returns the same numbers that are available through the SHOW NETWORKS command in TCPware's Network Control Utility (NETCU). These numbers indicate how many datagrams TCPware delivers.
A trap is an unsolicited message the SNMP agent sends to a management station to inform it that a change in the network occurred. The management station is responsible for diagnosing and monitoring any reported problems. For example, the SNMP agent sends traps to tell the management stations which communication lines are running and which are down.
The SNMP agent sends traps only to clients configured to receive traps, as defined in the SNMP agent configuration file (SNMPD.CONF, described in the SNMP Configuration File section). The SNMP agent supports all traps defined in the SNMP protocol, except EGP-Neighbor-Loss, Warm-Start, and Enterprise-Specific.
TCPware initially enables all supported traps. If for any reason you may want to disable them, you can do so by editing the SNMP agent configuration file (see Traps). The changes take effect the next time you start the agent.
SNMP clients can enable or disable Authentication Failure Traps while the SNMP agent is running. These clients must have READ-WRITE community access, as described in the MIB Access Rules section.
A Management Information Base (MIB) is a collection of network management data residing on the SNMP agent host. The network management station reads and writes MIB data to the agent. Related types of data in the MIB are in groups. Each piece of data within a group is a management object.
All management objects in a MIB are coded in ASN.1. Any authorized clients (or those using the community name "public") can access data in the MIB by using the SNMP Get and GetNext requests.
MIB-II is the MIB version for TCP/IP implementations. The SNMP agent supports all management objects defined in MIB-II, except those in the External Gateway Protocol (EGP) Group.
Figure 6-1 shows an SNMP client and agent exchanging MIB data.
Figure 6-1 Exchanging MIB Data
Two kinds of rules restrict access to the MIB:
The network administrator assigns each SNMP agent and client to at least one community. A community consists of SNMP agents and clients that have the same access profile, or collection of rules that determine whether community members can:
You define access profiles in the SNMP agent configuration file.
Clients with READ-WRITE community access can alter the values of certain management objects in the MIB.
Table 6-1 summarizes the information in each MIB group.
See also RFC 1213, Management Information Base for Network Management of TCP/IP-based Internets: MIB-II, for complete information on each MIB group.
Table 6-1 Summary of MIB Data Group
| Group | Contains objects... | Which... |
|
System |
sysDescr sysUpTime sysContact sysName sysLocation sysServices |
Provides information about the agent host, such as the domain name, geographic location, and the name of a contact person. |
|
Interfaces |
ifNumber ifTable ifEntry ifIndex ifDescr ifType ifMtu ifSpeed ifPhysAddress ifAdminStatus ifOperStatus ifLastChange ifInOctets ifInUcastPkts ifInNUcastPkts ifInDiscards ifInErrors ifInUnknownProtos ifOutOctets ifOutUcastPkts ifOutNUcastPkts ifOutDiscards ifOutErrors ifOutQLen ifSpecific |
Provides generic information about each network interface, such as the speed, administrative status, and the maximum size of transmission units. Counts the number of data errors, and the number of packets sent and received. Contains the Interfaces Table. |
|
Address Translation (AT) |
atTable atEntry atIfIndex atPhysAddress atNetAddress |
Maps the network (IP) address to the physical address. |
|
IP |
ipForwarding ipDefaultTTL ipInReceives ipInHdrErrors ipInAddrErrors ipForwDatagrams ipInUnknownProtos ipInDiscards ipInDelivers ipOutRequests ipOutDiscards ipOutNoRoutes ipReasmTimeout ipReasmReqds ipReasmOKs ipReasmFails ipFragOKs ipFragFails ipFragCreates ipAddrTable ipAddrEntry ipAdEntAddr ipAdEntIfIndex ipAdEntNetMask ipAdEntBcastAddr ipAdEntReasmMaxSize ipRouteTable ipRoute Entry ipRouteInfo |
Counts the number of datagrams sent, received, in error, discarded, fragmented, and reassembled. Contains the IP Address Table, IP Routing Table, and IP Address Translation Table. |
|
ipRouteIfIndex ipRouteMetric1 ipRouteMetric2 ipRouteMetric3 ipRouteMetric4 ipRouteNextHop ipRouteType ipRouteProto ipRouteAge ipRouteMask ipRouteMetric5 ipRouteInfo ipNetToMediaTable ipNetToMediaEntry ipNetToMediaIFIndex ipNetToMediaPhyAddress ipNetToMediaNetAddress ipNetToMediaType ipRoutingDiscards | ||
|
ICMP |
icmpInMsgs icmpInErrors icmpInDestUnreachs icmpInTimeExcds icmpInProbs icmpInSrchQuenchs icmpInRedirects icmpInEchos icmpInEchoReps icmpInTimestamps icmpInTimestampReps icmpInAddrMasks icmpInAddrMaskReps icmpOutMsgs icmpOutErrors icmpOutDestUnreachs icmpOutTimeExcds icmpOutParmProbs icmpOutSrcQuenchs icmpOutRedirects icmpOutEchos icmpOutEchoReps icmpOutTimestamps icmpOutTimestampReps icmpOutAddrMasks icmpOutAddrMaskReps |
Counts the number of ICMP messages sent, received, and in error. Also counts source quenches, redirects, and timestamps. |
|
TCP |
tcpRtoAlgorithm tcpRtoMin tcpRtoMax tcpMaxConn tcpActiveOpens tcpPassiveOpens tcpAttemptFails tcpEstabResets tcpCurrEstab tcpInSegs tcpOutSegs tcpRetransSegs tcpConnTable tcpConnEntry tcpConnState tcpConnLocalAddress tcpConnLocalPort tcpConnRemAddress tcpConnRemPort tcpInErrs tcpOutRsts |
Counts the number of active opens, passive opens, and failed attempts. Also contains the TCP Connection Table. |
|
UDP |
udpInDatagrams udpNoPorts udpInErrors udpOutDatagrams udpTable udpEntry udpLocalAddress udpLocalPort |
Counts the number of datagrams sent and received. Also contains the UDP Listener Table. |
|
SNMP |
snmpInPkts snmpOutPkts snmpInBadVersions snmpInBadCommunityNames snmpInBadCommunityUses snmpInASNParseErrs snmpInTooBigs snmpInNoSuchNames snmpInBadValues snmpInReadOnlys snmpInGenErrs snmpInTotalReqVars snmpInTotalSetVars snmpInGetRequests snmpInGetNexts snmpInSetRequets snmpInGetResponses snmpInTraps snmpOutTooBigs snmpOutNoSuchNames snmpOutBadValues snmpOutGenErrs snmpOutGetRequests snmpOutGetNexts snmpOutSetRequests snmpOutGetResponses snmpOutTraps snmpEnableAuthenTraps |
Counts the number of packets sent and received, invalid community names, and invalid version numbers, and SNMP errors. Also counts the number of requests, responses, and traps sent and received. |
To configure SNMP Services, follow these steps:
|
1 |
Invoke the CNFNET procedure by entering the following command at the DCL prompt: $ TCPWARE:CNFNET SNMP |
|
2 |
Edit the SNMP configuration file, as described in the next section. |
|
3 |
Restart TCPware. |
The SNMP configuration file is SNMPD.CONF. The TCPWARE_ROOT directory includes this file.
The SNMP configuration file defines:
Note! After editing the configuration, stop and restart the SNMP agent so that the changes can take effect.
If you do not edit the configuration file, the SNMP agent uses default values.
Follow these guidelines when entering data in the SNMP configuration file:
To define the values of several MIB objects in the SNMP configuration file, use the corresponding keywords listed in Table 6-2.
Table 6-2 Management Objects
| MIB object name... | Has keyword... |
|
system.sysDescr |
SYSDESCR |
|
system.sysContact |
SYSCONTACT |
|
system.sysLocation |
SYSLOCATION |
|
if.ifTable.ifEntry.ifDescr and if.ifTable.ifEntry.ifSpeed |
INTERFACE |
|
system.sysServices |
SYSSERVICES |
The following paragraphs explain how you define each item.
SYSDESCR [ id-string ]
The id-string should include the full name of the hardware, operating system, and networking software. For example:
SYSDESCR "AlphaServer 8400, VMS V7.1, Process Software Corporation TCPware for OpenVMS"
If you omit the id-string, TCPware tries to obtain this information from your current system. If the attempt fails, the default is System description is unknown.
SYSCONTACT [ contact-name ]
The contact-name specifies the person to contact for the host, and how you can contact this person (such as by mailbox address). For example:
SYSCONTACT "John Smith, X 1234, smith@process.com"
The default is System contact is unknown at this time.
SYSLOCATION [ system-location ]
The system-location specifies the geographical location of the host. For example:
SYSLOCATION "959 Concord Street, Framingham, MA"
The default is: System location is unknown at this time.
INTERFACE [ line-id line-speeddescription ]
The line-id specifies the line identification for the IP layer network device. The line-speed specifies the line speed in bits per second. The description specifies the manufacturer's name, product name, and hardware version for the interface. For example:
INTERFACE qna-1 10000000 "DELQA Ethernet Controller Version 1.0"
If you do not enter a description, TCPware tries to obtain one from your current system. If the attempt fails, the default is System description is unknown.
SYSSERVICES services-set-number
The SNMP agent uses a default value of 72 for this MIB object. You can override this value in the configuration file.
RFC 1213, Management Information Base for Network Management of TCP/IP-based Internets: MIB-II, explains how to calculate the value of services-set-number.
The SNMP configuration file must contain the following information for each client permitted access to the SNMP agent:
COMMUNITY community-name internet-address type
|
community-name |
Specifies the name of the community to which the client belongs. This parameter is case-sensitive. |
|
internet-address |
Specifies the client's internet address. If you enter 0.0.0.0, any address can use the community. |
|
type |
defines the access profile as one of the following:
|
COMMUNITY public 0.0.0.0 is always READ-ONLY. Do not enter any other definition for it. The SNMP agent ignores it.
Example 6-1 shows some community parameters defined in the configuration file.
community northeast 192.168.4.56 READ-ONLY
community northeast 192.168.220.1 READ-WRITE
community southwest 192.168.23.1 READ-WRITE
community southwest 192.168.23.1 TRAPS
All traps that the SNMP agent supports are initially enabled. You can disable traps by editing the configuration file. These changes take effect the next time you start the agent. Table 6-3 shows how to disable traps.
Table 6-3 Disabling Traps
| Disable this trap... | By entering... |
|
Authentication Failure |
no-auth-traps |
|
Link Up |
no-link-traps |
|
Link Down |
no-link-traps |
Note! SNMP clients can enable or disable the Authentication Failure Trap while the SNMP agent is running. These clients must have READ-WRITE community access.
The SNMP Multiplexing (SMUX) protocol is an SNMP subagent extension protocol. Each subagent or peer registers a MIB subtree with the SNMP Agent. Requests for objects residing in a registered MIB subtree are passed from the SNMP Agent using the SMUX protocol to the subagent. The subagent passes the results of an SNMP query back to the SNMP Agent. The practical limit to the number of peers is 30.
The SNMP server only accepts SMUX connections from peers listed by IP address in the SNMPD.CONF file. Use the following syntax in the file:
SMUX_PEER ip-address
The SNMP agent listens on TCP port 199 for peer connections, while the connection to the SNMP client is over UDP port 161, with traps sent over UDP port 162. Multiple peers registering the same subtree are each assigned a priority, and the agent can send multiple variables in a single request. The SMUX protocol is described in RFC 1227.
SNMP Services provides a TEMPLATE_SNMPD.CONF file in TCPWARE_COMMON:[TCPWARE] that you can use as a basis (see Example 6-2).
! SNMP Agent (SNMPD) Configuration File (template)
!
! System description: sysdescr <id string>
! Typically the id string would include:
! VAX cpu model (such as MicroVAX II, VAX 8650, etc)
! VMS and version number
! "Process Software Corporation, TCPware for OpenVMS Version 5.4"
!
sysdescr "place system description string here"
! ! System Contact: syscontact <contact name>
!
syscontact "place name, phone number, and mail address of administrator
here"
!
! System Location: syslocation <location>
!
syslocation "place system location information here"
! Line Interfaces Information: interface <line-id> <line speed>
!<description>
! Note: You usually need not define these. SNMPD provides good defaults.
!
!interface una-0 10000000 "COMPAQ DELUA Ethernet controller"
!
! Communities:
! community <community name> <internet address>
! <READ-ONLY | READ-WRITE | TRAPS>
!
community readers 192.168.1.2 READ-ONLY
community netman 192.168.2.3 READ-WRITE
community nettraps 192.168.3.4 TRAPS
!
! To disable authentication traps, remove the "!" from the following
! line.
!no-auth-traps
!
! To disable link status traps, remove the "!" from the following
1 line.
!no-link-traps
!
! SMUX Peers:
! SMUX_PEER <ip-address>
!
SMUX_PEER 192.168.4.5
SMUX_PEER 192.168.5.6
In addition to SMUX, TCPware's SNMP agent supports subagents serving private MIBs through an application programming interface (API). Under this scheme, anyone willing to have their private MIBs served by TCPware's SNMP agent should develop a shareable image that exports the APIs in them in addition to the routines they may need for accessing the MIB variables.
The SNMP API routines are described in Chapter 18 of the Programmer's Guide, SNMP Extendible Agent API Routines.
When the SNMP agent starts up, it creates a log file called TCPWARE:SNMPSERVER.LOG. This file contains information about the activities of the SNMP agent, such as:
