Network Management

Due date

Check the course schedule for the due date.

Introduction

In this assignment, you will use various snmp tools  to experiment with network management, the SNMP protocol, MIBs, etc.  SNMP is a request/response protocol, where the requestor asks for SNMP data items and the agent responds with them.

You will be using basic, low-level tools from the net-snmp package to explore the MIBs. This provides the opportunity to better understand the protocol. However, most network administrators use graphical tools to help them monitor and manage many devices. One of the discussion questions will ask you to investigate such graphical tools through the Web.

Acknowledgments

This lab is based on one by Mike Erlinger at Harvey Mudd. This lab is not very polished, so if you have comments, please let me know!

John Stone (MathLAN) and David Ellis (ITS) put a great deal of effort into making SNMP access available to you.

References

• P&D 9.1.4
• Stevens (1994), TCP/IP Illustrated: The Protocols, Chapter 25
• Over a hundred RFCs dealing with SNMP
• RFC 2578:  structure of management information for SNMPv2
• RFC 3416:  protocol operations for SNMPv2

Goals

• To better understand the SNMP protocol by practicing the use of SNMP commands.
• To view actual data using SNMP.

Logistics

Each student should complete this assignment and write it up in his or her lab notebook. However, you may discuss the material with whomever you wish. You may obtain help from anyone you wish, but you should clearly document that help.

You have one week to complete this assignment.

Preparation

Connect to ssh.cs.grinnell.edu using SSH. The tools required for this lab are only available on that machine.

Lab Notebook

Please use script or copy-and-paste to capture the results of your exchanges in your lab notebook. You need not intersperse your commentary with your experiments if this is overly burdensome.

Also remember to include your answers to the discussion questions.

Assignment

Part A: Using net-snmp

SNMP is available to you on three devices: The MathLAN home directory server, the web/mail server, and an Ethernet switch in the science building. I will email you with information about connecting to these three devices.

1. Verify that you can connect to the three devices by fetching their names:

   snmpget -v1 -c <community> <host> sysName.0

2. Find the location and contact person for the three devices using snmpget.

3. Try using snmpgetnext instead of snmpget. What's the difference? Why have both?

4. Investigate a table.
   

   1. In the udp group, recall that udpTable follows the udpOutDatagrams counter. On the home server or the web/mail server, use snmpgetnext to find the first entry in udpTable. Then use snmpgetnext to get subsequent entries in the table until you see an OID that no longer is part of the updTable table.

   2. Then, try using snmptable to fetch the entire udpTable.

   3. Finally, use snmpwalk to get the entire contents of the udp group. 

   4. Which method do you prefer? Why?

5. Now investigate the ifTable on the same server using all three methods. Does your opinion change?

6. The switch has a very large interface table, since it has many ports. Mr. Ellis suggested we focus on interface 10101, the switch's uplink to the router. (The interface table is very large; you will want to look at just this one interface!) How does the traffic on this interface compare to the traffic on the server interfaces you looked at earlier? In particular, how many packets and bytes have gone out? How large is its queue?

7. What has been the average utilization of the switch's uplink over the entire time that the link has been in its current operational state? (Read over the description of the ifTable in Stevens to decide which objects are useful for computing this.)

8. Try using snmpnetstat on one of the three devices. What does this program do? What options does it have?

I would like to have you observe an SNMP exchange using Wireshark, but this proved tricky: You must run Wireshark as root to capture packets, but you must run it as yourself to do X11-forwarding!  I am sure there is a solution (use tcpdump?) but I will figure this out some other time.

Part B: Exploring MIBs

• Compare the uplink interface on the switch to some of the other interfaces, which mostly serve desktop computers.
• Look at some of the other basic groups described by Stevens.
• Investigate the Host Resources MIB, which includes information about the processor, storage, devices, etc. Read RFC 2790 to learn exactly what this MIB includes.

What objects seem especially useful for managing a switch, web server, mail server, or file server? Why?

What would be particularly interesting for future CSC 364 students to look at? Why?

Advice

Remember that you can use the man program to learn how to use other programs such as snmpget.

For the hostnames and communities, see the class email.

Discussion Questions

1. Explain how the snmptable and snmpwalk programs might be implemented.

2. When you fetch a lot of data using SNMP, is it guaranteed that the data is consistent (i.e., it was all captured at the same time and values that should add up do)? Why or why not?

3. Based on your experiences, why would a GUI be valuable for using SNMP to monitor and manage a network? (Or put another way, why would the command-line tools be insufficient?)

4. Use Google to find the web site of at least one graphical tool for viewing SNMP data or managing SNMP devices. Give the the URL and briefly explain the capabilties of the tool. Who is the tool intended for?

5. How much time did you spend on the different parts of this lab?

Assessment

For a B, complete part A and the discussion questions.

For an A, complete parts A and B, and the discussion questions.

Janet Davis (davisjan@cs.grinnell.edu)