Está en la página 1de 27

Table of Contents

LI NI U ................................................................................................................................................ 2 I. Tng quan v SNMP ................................................................................................................................... 3 1. 2. 3. 4. 5. 6. Khi nim SNMP ............................................................................................................................... 3 Khi nim nn tng ............................................................................................................................ 5 Phng thc hot ng ca SNMP................................................................................................... 11 C ch bo mt ................................................................................................................................ 14 Cu trc bn tin SNMP .................................................................................................................... 17 SNMPv3........................................................................................................................................... 17

6.1. c im mi ca SNMPv3 ................................................................................................................ 17 6.2. Kin trc thc th SNMPv3 ............................................................................................................... 18 6.3. Khun dng bn tin SNMPv3............................................................................................................. 21 6.4. tr bo mt v c thc trong SNMPv3 ........................................................................................ 25

II. Tm hiu gi th vin SNMP4J ................................................................................................................ 27 III. Demo ..................................................................................................................................................... 27

LI NI U

I. Tng quan v SNMP 1. Khi nim SNMP SNMP l giao thc qun l mng n gin SNMP l giao thc qun l mng n gin, dch t cm t Simple Network Management Protocol. Th no l giao thc qun l mng n gin ? Giao thc l mt tp hp cc th tc m cc bn tham gia cn tun theo c th giao tip c vi nhau. Trong lnh vc thng tin, mt giao thc quy nh cu trc, nh dng (format) ca dng d liu trao i vi nhau v quy nh trnh t, th tc trao i dng d liu . Nu mt bn tham gia gi d liu khng ng nh dng hoc khng theo trnh t th cc bn khc s khng hiu hoc t chi trao i thng tin. SNMP l mt giao thc, do n c nhng quy nh ring m cc thnh phn trong mng phi tun theo. Mt thit b hiu c v hot ng tun theo giao thc SNMP c gi l c h tr SNMP (SNMP supported) hoc tng thch SNMP (SNMP compartible). SNMP dng qun l, ngha l c th theo di, c th ly thng tin, c th c thng bo, v c th tc ng h thng hot ng nh mun. VD mt s kh nng ca phn mm SNMP : Theo di tc ng truyn ca mt router, bit c tng s byte truyn/nhn. Ly thng tin my ch ang c bao nhiu cng, mi cng cn trng bao nhiu. T ng nhn cnh bo khi switch c mt port b down. iu khin tt (shutdown) cc port trn switch. SNMP dng qun l mng, ngha l n c thit k chy trn nn TCP/IP v qun l cc thit b c ni mng TCP/IP. Cc thit b mng khng nht thit phi l my tnh m c th l switch, router, firewall, adsl gateway, v
3

c mt s phn mm cho php qun tr bng SNMP. Gi s bn c mt ci my git c th ni mng IP v n h tr SNMP th bn c th qun l n t xa bng SNMP. SNMP l giao thc n gin, do n c thit k n gin trong cu trc bn tin v th tc hot ng, v cn n gin trong bo mt (ngoi tr SNMP version 3). S dng phn mm SNMP, ngi qun tr mng c th qun l, gim st tp trung t xa ton mng ca mnh. SNMP c 4 phin bn : SNMPv1, SNMPv2c, SNMPv2u v SNMPv3. Cc phin bn ny khc nhau mt cht nh dng bn tin v phng thc hot ng. u im trong thit k ca SNMP SNMP c thit k n gin ha qu trnh qun l cc thnh phn trong mng. Nh cc phn mm SNMP c th c pht trin nhanh v tn t chi ph (trong chng 5 tc gi s trnh by cch xy dng phn mm gim st SNMP, bn s thy tnh n gin ca n). SNMP c thit k c th m rng cc chc nng qun l, gim st. Khng c gii hn rng SNMP c th qun l c ci g. Khi c mt thit b mi vi cc thuc tnh, tnh nng mi th ngi ta c th thit k custom SNMP phc v cho ring mnh (trong chng 3 tc gi s trnh by file cu trc d liu ca SNMP). SNMP c thit k c th hot ng c lp vi cc kin trc v c ch ca cc thit b h tr SNMP. Cc thit b khc nhau c hot ng khc nhau nhng p ng SNMP l ging nhau. VD bn c th dng 1 phn mm theo di dung lng cng cn trng ca cc my ch chy HH Windows v Linux; trong khi nu khng dng SNMP m lm trc tip trn cc HH ny th bn phi thc hin theo cc cch khc nhau.

Nh c im ca SNMP Lm tng lu lng ng k. Khng cho php phn b tc ng trc tip cho cc i l. Khng c s iu khin tng hp ca nhiu ni qun l. 2. Khi nim nn tng RFC : (Request for Comments) l cc ti liu m t cc giao thc, th tc hot ng trn internet. RFC do cc c nhn, t chc a ra nh l cc chun, nh pht trin sn phm c th tun theo hoc khng theo mt RFC no . Khi mt RFC tt c nhiu nh pht trin tun theo th cc nh pht trin khc cng nn h tr c th tng thch tt vi cng ng. Theo RFC1157, kin trc ca SNMP bao gm 2 thnh phn : cc trm qun l mng (network management station) v cc thnh t mng (network element).

Network management station thng l mt my tnh chy phn mm qun l SNMP (SNMP management application), dng gim st v iu khin tp trung cc network element. Network element l cc thit b, my tnh, hoc phn mm tng thch SNMP v c qun l bi network management station. Nh vy element bao gm device, host v application.

Mt management station c th qun l nhiu element, mt element cng c th c qun l bi nhiu management station. Vy nu mt element c qun l bi 2 station th iu g s xy ra? Nu station ly thng tin t element th c 2 station s c thng tin ging nhau. Nu 2 station tc ng n cng mt element th element s p ng c 2 tc ng theo th t ci no n trc. SNMP agent : l mt tin trnh (process) chy trn network element, c nhim v cung cp thng tin ca element cho station, nh station c th qun l c element. SNMP application chy trn station v SNMP agent chy trn element mi l 2 tin trnh SNMP trc tip lin h vi nhau. Cc v d minh ha sau y s lm r hn cc khi nim ny : dng mt my ch (= station) qun l cc my con (= element) chy HH Windows thng qua SNMP th bn phi : ci t mt phn mm qun l SNMP (= application) trn my ch, bt SNMP service (= agent) trn my con. dng mt my ch (= station) gim st lu lng ca mt router (= element) th bn phi : ci phn mm qun l SNMP (= application) trn my ch, bt tnh nng SNMP (= agent) trn router.

Object ID Mt thit b h tr SNMP c th cung cp nhiu thng tin khc nhau, mi thng tin gi l mt object. V d : My tnh c th cung cp cc thng tin : tng s cng, tng s port ni mng, tng s byte truyn/nhn, tn my tnh, tn cc process ang chy, . Router c th cung cp cc thng tin : tng s card, tng s port, tng s byte truyn/nhn, tn router, tnh trng cc port ca router, . Mi object c mt tn gi v mt m s nhn dng object , m s gi l Object ID (OID). VD : Tn thit b c gi l sysName, OID l 1.3.6.1.2.1.1.5. Tng s port giao tip (interface) c gi l ifNumber, OID l 1.3.6.1.2.1.2.1. a ch Mac Address ca mt port c gi l ifPhysAddress, OID l 1.3.6.1.2.1.2.2.1.6. S byte nhn trn mt port c gi l ifInOctets, OID l 1.3.6.1.2.1.2.2.1.10. Mt object ch c mt OID, chng hn tn ca thit b l mt object. Tuy nhin nu mt thit b li c nhiu tn th lm th no phn bit ? Lc ny ngi ta dng thm 1 ch s gi l scalar instance index (cng c th gi l sub-id) t ngay sau OID. V d : Tn thit b c gi l sysName, OID l 1.3.6.1.2.1.1.5; nu thit b c

2 tn th chng s c gi l sysName.0 & sysName.1 v c OID ln lt l 1.3.6.1.2.1.1.5.0 & 1.3.6.1.2.1.1.5.1.


7

ch

Mac

address

gi

ifPhysAddress,

OID

1.3.6.1.2.1.2.2.1.6; nu thit b c 2 mac address th chng s c gi l ifPhysAddress.0 & ifPhysAddress.1 v c OID ln lt l 1.3.6.1.2.1.2.2.1.6.0 & 1.3.6.1.2.1.2.2.1.6.1. Tng s port c gi l ifNumber, gi tr ny ch c 1 (duy nht) nn OID ca n khng c phn cp con v vn l 1.3.6.1.2.1.2.1. Mt trong cc u im ca SNMP l n c thit k chy c lp vi cc thit b khc nhau. Chnh nh vic chun ha OID m ta c th dng mt SNMP application ly thng tin cc loi device ca cc hng khc nhau. Object access Mi object c quyn truy cp l READ_ONLY hoc READ_WRITE. Mi object u c th c c nhng ch nhng object c quyn READ_WRITE mi c th thay i c gi tr. VD : Tn ca mt thit b (sysName) l READ_WRITE, ta c th thay i tn ca thit b thng qua giao thc SNMP. Tng s port ca thit b (ifNumber) l READ_ONLY, d nhin ta khng th thay i s port ca n. Management Information Base MIB (c s thng tin qun l) l mt cu trc d liu gm cc i tng c qun l (managed object), c dng cho vic qun l cc thit b chy trn nn TCP/IP. MIB l kin trc chung m cc giao thc qun l trn TCP/IP nn tun theo, trong c SNMP. MIB c th hin thnh 1 file (MIB file), v c th biu din thnh 1 cy (MIB tree). MIB c th c chun ha hoc t to. Mt node trong cy l mt object, c th c gi bng tn hoc id. V d : Node iso.org.dod.internet.mgmt.mib-2.system c OID l

1.3.6.1.2.1.1, cha tt c cc object lin quan n thng tin ca

mt h thng nh tn ca thit b (iso.org.dod.internet.mgmt.mib2.system.sysName hay 1.3.6.1.2.1.1.5). Cc OID ca cc hng t V thit d : k nm di di hay iso.org.dod.internet.private.enterprise. nm di Cisco nm

iso.org.dod.internet.private.enterprise.cisco hay 1.3.6.1.4.1.9, Microsoft iso.org.dod.internet.private.enterprise.microsoft 1.3.6.1.4.1.311. S 9 (Cisco) hay 311 (Microsoft) l s dnh ring cho cc cng ty do IANA cp 5. Nu Cisco hay Microsoft ch to ra mt thit b no , th thit b ny c th h tr cc MIB chun c nh ngha sn (nh mib-2) hay h tr MIB c thit k ring. Cc MIB c cng ty no thit k ring th phi nm bn di OID ca cng ty . Hnh sau minh ha MIB tree :

Hnh Cc objectID trong MIB c sp xp th t nhng khng phi l lin tc, khi bit mt OID th khng chc chn c th xc nh c OID tip theo trong MIB. VD trong chun mib-2 6 th object ifSpecific v object atIfIndex nm k nhau nhng OID ln lt l 1.3.6.1.2.1.2.2.1.22 v 1.3.6.1.2.1.3.1.1.1. Mun hiu c mt OID no th bn cn c file MIB m t OID . Mt MIB file khng nht thit phi cha ton b cy trn m c th ch cha m t cho mt nhnh con. Bt c nhnh con no v tt c l ca n u c th gi l mt mib.

10

Mt manager c th qun l c mt device ch khi ng dng SNMP manager v ng dng SNMP agent cng h tr mt MIB. Cc ng dng ny cng c th h tr cng lc nhiu MIB. 3. Phng thc hot ng ca SNMP Bn tin/phng thc GetRequest GetNextRequest SetRequest GetResponse Trap M t tc dng Manager gi GetRequest cho agent yu cu agent cung cp thng tin no da vo ObjectID (trong GetRequest c cha OID) Manager gi GetNextRequest c cha mt ObjectID cho agent yu cu cung cp thng tin nm k tip ObjectID trong MIB. Manager gi SetRequest cho agent t gi tr cho i tng ca agent

Mi bn tin u c cha OID cho bit object mang trong n l g. OID trong GetRequest cho bit n mun ly thng tin ca object no. OID trong GetResponse cho bit n mang gi tr ca object no. OID trong SetRequest ch ra n mun thit lp gi tr cho object no. OID trong Trap ch ra n thng bo s kin xy ra i vi object no. GetRequest Bn tin GetRequest c manager gi n agent ly mt thng tin no . Trong GetRequest c cha OID ca object mun ly. VD : Mun ly thng tin tn ca Device1 th manager gi bn tin GetRequest OID=1.3.6.1.2.1.1.5 n Device1, tin trnh SNMP agent trn Device1 s nhn c bn tin v to bn tin tr li. Trong mt bn tin GetRequest c th cha nhiu OID, ngha l dng mt GetRequest c th ly v cng lc nhiu thng tin.

11

GetNextRequest Bn tin GetNextRequest cng dng ly thng tin v cng c cha OID, tuy nhin n dng ly thng tin ca object nm k tip object c ch ra trong bn tin. Ti sao phi c phng thc GetNextRequest ? Nh bn bit khi c qua nhng phn trn : mt MIB bao gm nhiu OID c sp xp th t nhng khng lin tc, nu bit mt OID th khng xc nh c OID k tip. Do ta cn GetNextRequest ly v gi tr ca OID k tip. Nu thc hin GetNextRequest lin tc th ta s ly c ton b thng tin ca agent. SetRequest Bn tin SetRequest c manager gi cho agent thit lp gi tr cho mt object no . V d : C th t li tn ca mt my tnh hay router bng phn mm SNMP manager, bng cch gi bn tin SetRequest c OID l 1.3.6.1.2.1.1.5.0 (sysName.0) v c gi tr l tn mi cn t. C th shutdown mt port trn switch bng phn mm SNMP manager, bng cch gi bn tin c OID l 1.3.6.1.2.1.2.2.1.7 (ifAdminStatus) v c gi tr l 2 7. Ch nhng object c quyn READ_WRITE mi c th thay i c gi tr. GetResponse Mi khi SNMP agent nhn c cc bn tin GetRequest, GetNextRequest hay SetRequest th n s gi li bn tin GetResponse tr li. Trong bn tin GetResponse c cha OID ca object c request v gi tr ca object . Trap Bn tin Trap c agent t ng gi cho manager mi khi c s kin xy ra bn trong agent, cc s kin ny khng phi l cc hot ng thng xuyn ca agent m l cc s kin mang tnh bin c. V d : Khi c mt port

12

down, khi c mt ngi dng login khng thnh cng, hoc khi thit b khi ng li, agent s gi trap cho manager. Tuy nhin khng phi mi bin c u c agent gi trap, cng khng phi mi agent u gi trap khi xy ra cng mt bin c. Vic agent gi hay khng gi trap cho bin c no l do hng sn xut device/agent quy nh. Phng thc trap l c lp vi cc phng thc request/response. SNMP request/response dng qun l cn SNMP trap dng cnh bo. Ngun gi trap gi l Trap Sender v ni nhn trap gi l Trap Receiver. Mt trap sender c th c cu hnh gi trap n nhiu trap receiver cng lc. C 2 loi trap : trap ph bin (generic trap) v trap c th (specific trap). Generic trap c quy nh trong cc chun SNMP, cn specific trap do ngi dng t nh ngha (ngi dng y l hng sn xut SNMP device). Loi trap l mt s nguyn cha trong bn tin trap, da vo m pha nhn trap bit bn tin trap c ngha g. Theo SNMPv1, generic trap c 7 loi sau : coldStart(0), warmStart(1), linkDown(2), linkUp(3), authenticationFailure(4), egpNeighborloss(5), enterpriseSpecific(6). Gi tr trong ngoc l m s ca cc loi trap. ngha ca cc bn tin generic-trap nh sau : coldStart : thng bo rng thit b gi bn tin ny ang khi ng li (reinitialize) v cu hnh ca n c th b thay i sau khi khi ng. warmStart : thng bo rng thit b gi bn tin ny ang khi ng li v gi nguyn cu hnh c. linkDown : thng bo rng thit b gi bn tin ny pht hin c mt trong nhng kt ni truyn thng (communication link) ca n gp li. Trong bn tin trap c tham s ch ra ifIndex ca kt ni b li.

13

linkUp : thng bo rng thit b gi bn tin ny pht hin c mt trong nhng kt ni truyn thng ca n khi phc tr li. Trong bn tin trap c tham s ch ra ifIndex ca kt ni c khi phc. authenticationFailure : thng bo rng thit b gi bn tin ny nhn c mt bn tin khng c chng thc thnh cng (bn tin b chng thc khng thnh cng c th thuc nhiu giao thc khc nhau nh telnet, ssh, snmp, ftp, ). Thng thng trap loi ny xy ra l do user ng nhp khng thnh cng vo thit b. egpNeighborloss : thng bo rng mt trong s nhng EGP neighbor 8 ca thit b gi trap b coi l down v quan h i tc (peer relationship) gia 2 bn khng cn c duy tr. enterpriseSpecific : thng bo rng bn tin trap ny khng thuc cc kiu generic nh trn m n l mt loi bn tin do ngi dng t nh ngha. Ngi dng c th t nh ngha thm cc loi trap lm phong ph thm kh nng cnh bo ca thit b nh : boardFailed, configChanged, powerLoss, cpuTooHigh, v.v. Ngi dng t quy nh ngha v gi tr ca cc specific trap ny, v d nhin ch nhng trap receiver v trap sender h tr cng mt MIB mi c th hiu ngha ca specific trap. Do nu bn dng mt phn mm trap receiver bt k nhn trap ca cc trap sender bt k, bn c th c v hiu cc generic trap khi chng xy ra; nhng bn s khng hiu ngha cc specific trap khi chng hin ln mn hnh v bn tin trap ch cha nhng con s. i vi cc phng thc Get/Set/Response th SNMP Agent lng nghe port UDP 161, cn phng thc trap th SNMP Trap Receiver lng nghe port UDP 162. 4. C ch bo mt
14

Mt SNMP management station c th qun l/gim st nhiu SNMP element, thng qua hot ng gi request v nhn trap. Tuy nhin mt SNMP element c th c cu hnh ch cho php cc SNMP management station no c php qun l/gim st mnh. Cc c ch bo mt n gin ny gm c : community string, view v SNMP access control list. Community string Community string l mt chui k t c ci t ging nhau trn c SNMP manager v SNMP agent, ng vai tr nh mt khu gia 2 bn khi trao i d liu. Community string c 3 loi : Read-community, Write-Community v Trap-Community. Khi manager gi GetRequest, GetNextRequest n agent th trong bn tin gi i c cha Read-Community. Khi agent nhn c bn tin request th n s so snh Read-community do manager gi v Read-community m n c ci t. Nu 2 chui ny ging nhau, agent s tr li; nu 2 chui ny khc nhau, agent s khng tr li. Write-Community c dng trong bn tin SetRequest. Agent ch chp nhn thay i d liu khi writecommunity 2 bn ging nhau. Trap-community nm trong bn tin trap ca trap sender gi cho trap receiver. Trap receiver ch nhn v lu tr bn tin trap ch khi trap-community 2 bn ging nhau, tuy nhin cng c nhiu trap receiver c cu hnh nhn tt c bn tin trap m khng quan tm n trap-community. Community string c 3 loi nh trn nhng cng mt loi c th c nhiu string khc nhau. Ngha l mt agent c th khai bo nhiu read-community, nhiu write-community. Trn hu ht h thng, read-community mc nh l public, write-community mc nh l private v trap-community mc nh l public. Community string ch l chui k t dng cleartext, do hon ton c th b nghe ln khi truyn trn mng. Hn na, cc community mc nh thng l public v private nn nu ngi qun tr khng thay i th chng
15

c th d dng b d ra. Khi community string trong mng b l, mt ngi dng bnh thng ti mt my tnh no trong mng c th qun l/gim st ton b cc device c cng community m khng c s cho php ca ngi qun tr. View Khi manager c read-community th n c th c ton b OID ca agent. Tuy nhin agent c th quy nh ch cho php c mt s OID c lin quan nhau, tc l ch c c mt phn ca MIB. Tp con ca MIB ny gi l view, trn agent c th nh ngha nhiu view. V d : agent c th nh ngha view interfaceView bao gm cc OID lin quan n interface, storageView bao gm cc OID lin quan n lu tr, hay AllView bao gm tt c cc OID. Mt view phi gn lin vi mt community string. Ty vo community string nhn c l g m agent x l trn view tng ng. V d : agent nh ngha read-community inf trn view interfaceView, v sto trn storageView; khi manager gi request ly OID ifNumber vi community th agent s l inf khng th tr s li c p ng do do ifNumber nm trong khng nm trong interfaceView; nu manager request OID hrStorageSize vi community inf hrStorageSize interfaceView; nhng nu manager request hrStorageSize vi community sto th s c tr li do hrStorageSize nm trong storageView. Vic nh ngha cc view nh th no ty thuc vo tng SNMP agent khc nhau. C nhiu h thng khng h tr tnh nng view. SNMP access control list Khi manager gi khng ng community hoc khi OID cn ly li khng nm trong view cho php th agent s khng tr li. Tuy nhin khi community b l th mt manager no vn request c thng tin. ngn chn hon ton cc SNMP manager khng c php, ngi qun tr c th dng n
16

SNMP access control list (ACL). SNMP ACL l mt danh sch cc a ch IP c php qun l/gim st agent, n ch p dng ring cho giao thc SNMP v c ci trn agent. Nu mt manager c IP khng c php trong ACL gi request th agent s khng x l, d request c community string l ng. a s cc thit b tng thch SNMP u cho php thit lp SNMP ACL. 5. Cu trc bn tin SNMP SNMP chy trn nn UDP. Cu trc ca mt bn tin SNMP bao gm : version, community v data.

Hnh Version : v1 = 0, v2c = 1, v2u = 2, v3 = 3. Phn Data trong bn tin SNMP gi l PDU (Protocol Data Unit). SNMPv1 c 5 phng thc hot ng tng ng 5 loi PDU. Tuy nhin ch c 2 loi nh dng bn tin l PDU v Trap-PDU; trong cc bn tin Get, GetNext, Set, GetResponse c cng nh dng l PDU, cn bn tin Trap c nh dng l Trap-PDU. 6. SNMPv3 6.1. c im mi ca SNMPv3
17

SNMPv3 da trn vic thc hin giao thc, loi d liu v u quyn nh SNMPv2 v ci tin phn an ton. SNMPv3 cung cp an ton truy nhp vo cc thit b bng cch kt hp s xc nhn v m kho cc gi tin trn mng. Nhng c im bo mt cung cp trong SNMPv3 l: Tnh ton vn thng tin : m bo cc gi tin khng b sa trong khi truyn. S xc nhn: Xc nhn ngun ca thng tin gi n. M kho: o ni dung ca gi tin, ngn cn vic gi thng bo t ngun khng c xc nhn. SNMPv3 cung cp c m hnh an ton v cc mc an ton. M hnh an ton l thc hin vic xc nhn c thit lp cho ngi s dng v nhm ngi s dng hin c. Mc an ton l mc bo m an ton trong m hnh an ton. S kt hp ca m hnh an ton v mc an ton s xc nh c ch an ton khi gi mt gi tin. Tuy nhin vic s dng SNMPv3 rt phc tp v cng knh d n l s la chn tt nht cho vn bo mt ca mng. Vic s dng s tn rt nhiu ti nguyn do trong mi bn tin truyn i s c phn m ha BER. Phn m ha ny s chim mt phn bng thng ng truyn do lm tng ph tn mng. Mc d c coi l phin bn ngh cui cng v c coi l y nht nhng SNMPv3 vn ch l tiu chun d tho v vn ang c nghin cu hon thin. 6.2. Kin trc thc th SNMPv3 Kin trc thc th SNMPv3 (RFC257) c th hin trn hnh sau gm c cu SNMP v cc ng dng.

18

Hnh Kin trc thc th ca SNMPv3 C cu SNMPv3 gm 4 thnh phn: iu phi (Dispatcher). Phn h x l bn tin (Message Processing Subsystem). Phn h bo mt (Security Subsystem). Phn h iu khin truy nhp (Access Control Subsystem). Phn h iu phi bn tin x l bn tin gi v nhn, khi nhn c bn tin phn h ny s xc nhn phin bn ca SNMP v gi bn tin ti phn h x l bn tin tng ng. Phn h x l bn tin chia thnh 3 khi (module) nh sau :

19

Hnh Phn h x l bn tin trong SNMPv3 Module SNMPv3 tch phn d liu ca bn tin gi ti phn h bo mt gii nn v nhn thc. Phn h bo mt cng c nhim v nn d liu. Cu trc module ca phn h bo mt nh sau :

Hnh Cu trc module ca phn h bo mt trong SNMPv3 SNMPv3 tng thch hon ton vi SNMPv1 v SNMPv2, n gm m hnh bo mt da trn ngi dng v m hnh bo mt chung x l SNMPv1, SNMPv2. Cu trc module n gin khi thm vo cc module bo mt dng khc trong qu trnh pht trin. Khi s liu tch ra khi PDU v n s c gi
20

ti ng dng thch hp qua phn h iu khin truy nhp. Phn h iu khin truy nhp chu trch nhim xc nh i tng b qun l v cch thc truy nhp ti n. Hin nay ch c mt m hnh iu khin truy nhp nhng n c th m rng trong tng lai (RFC2575).

Hnh Cu trc phn h iu khin truy nhp trong SNMPv3 M hnh iu khin truy nhp c th nhn thy (RFC 2575) quyt nh ngi dng c th truy nhp (c hoc t trng thi) cho i tng qun l. 6.3. Khun dng bn tin SNMPv3 RFC 2572 nh ngha cc khun dng bn tin SNMPv3. Khun dng bn tin SNMPv3 c phn chia trong trong bn phn D liu chung (Common data)- Trng ny xut hin trong tt c cc bn tin SNMPv3. Bo mt m hnh d liu (Security model data)- Vng ny c ba phn: phn chung, phn dnh cho s chng thc v phn cho d liu ring. Context Hai trng nhn dng v tn c dng cung cp context cho PDU no s phi x l. PDU Vng ny cha mt SNMPv2c PDU.

21

Hnh Khun dng bn tin SNMPv3 MessageVersion Trng u tin trong bn tin l trng phin bn

SNMP.Trng ny cung cp tnh tng thch vi cc phin bn khc nhau. Gi tr 3 trong trng ny ch ra y l mt bn tin SNMPv3. Gi tr 2 v 1 tng ng vi SNMPv2 v SNMPv1. MessageID Nhn dng bn tin l mt s c s dng gia hai thc th cho bn tin tng quan. n v d liu giao thc PDU cha trng nhn dng yu cu v c s dng nhn dng trong SNMPv1 v SNMPv2c, nhng t SNMPv3 c m ha PDUs, message ID u nm bn trong tiu . MaxMessageSize Kch thc bn tin ln nht MaxMessageSize l kch thc ln nht ca bn tin c h tr bi bn gi bn tin. y l gi kch thc ln nht giao thc vn chuyn c th mang m khng cn phn on. Bn pha thu s dng gi tr MaxMessageSize bo m s tr li ca n vn nm trong phm vi kch thc cho php. MessageFlags C nh du bn tin c di 1 byte, xc nh s thit lp chng thc v t ring cho bn tin. N cng thng bo khi bn tin yu cu

22

mt s p li t pha my thu. C ba bit c s dng khi vic m ha khng thnh cng. Khng c chng thc v khng c s ring l (gi tr bit 000). Chng thc v khng c s ring l (gi tr bit 001). Chng thc v ring l (gi tr bit 011). C ba trng hp trn u c th t cnh bo ty chn. MessageSecurity Bo mt bn tin l mt i tng s nguyn c t bo mt cho bn tin. Phm vi ca nhng gi tr h tr nh sau: 0 c dnh cho any (bt k). 1 c dnh cho SNMPv1. 2 c dnh cho SNMPv2c. 3 c dnh cho USM (User-based Security Model). 4-555 c dnh cho nhng m hnh bo mt tiu chun khc. Cc gi tr ngoi 255 c th c dng cho m hnh bo mt tiu chun. Bn thu cng phi dng cng m hnh bo mt khi x l bo mt hot ng. Phn h bo mt iu khin qu trnh x l ny ca bn tin SNMPv3. M hnh bo mt d liu chung Phn chung ca m hnh bo mt d liu bao gm cc trng sau: EngineID: S nhn dng duy nht ca engine SNMPv3. EngineBoots: l khong thi gian m engine SNMP bt u up hoc reset gi tr ca usmUserTable cui cng b sa i. EngineTime: S giy m gi tr EngineBoots cui c sa i. UserName: Tn ca ngi dng.
23

Nhng trng trn i trc cc vng d liu chng thc v ring l. EngineID v UserName c dng to mt ch s trong mt bng gi l usmUserTable. Bng ny lu gi d liu m hnh bo mt cho EngineID v cp ngi dng. M hnh bo mt d liu qua chng thc Hai giao thc chng thc h tr trong SNMPv3 l MD5 v SHA. C hai giao thc cng phc v cho mc ch: xc nhn thng bo SNMPv3. Thut ton MD5 tnh ton 16 byte (128 bit) digest v 12 byte u tin (96 bit) bao gm cc thnh phn ca bn tin bn trong cc trng chng thc. Ngi dng phi chn mt cha kha b mt 16-octet (byte) dng cho thut ton MD5. Nu ngi dng chn thut ton chng thc SHA th thut ton tnh ton 20 byte (160 bit) digest v mt ln na 12 byte u tin (96 bit) bao gm nhng thnh phn ca bn tin chng thc. Ngi dng phi chn mt cha kha b mt 20-octet dng thut ton SHA. D gii thut no c dng th trng giao thc chng thc l mt chui 12 byte c dng lm nhn dng chng thc bn tin. Khi mt thc th SNMPv3 (manager) mun gi mt yu cu cho thc th khc (agent) phi dng mt cha kha b mt cho c hai pha. M hnh bo mt d liu qua giao thc ring Trng ca giao thc ring l l chui 18 byte octet dng cho thut ton tiu chun m ha d liu DES (Data Encryption Standard). M ha dng kha 16 byte. 8 octet u tin ca kha b mt 16 octet dng nh kha DES. 8 octet tip theo c dng nh mt vector khi to. C hai dng mt kha ring b mt m ha v gii m bn tin.

24

6.4.

tr bo mt v

c thc trong SNMPv3

Mt trong nhng mc tiu chnh nu khng coi l mt mc ch chnh chnh khi pht trin SNMPv3 l thm c tnh bo mt cho qun l SNMP. Xc thc v bo v thng tin, cng nh xc thc v iu khin truy cp, c nu r trn. Cu trc SNMPv3 cho php s dng linh hot bt c mt giao thc no cho xc thc v bo v thng tin. D sao, nhm IETF SNMPv3 a ra m hnh bo mt ngi dng. 6.4.1. Cc mi e do bo mt. C 4 mi e do n thng tin qun l mng khi mt thc th qun l c truyn n thc th khc l: Thng tin c th b thay i bi mt ngi dng khng c php no trong khi truyn. Ngi dng khng c php c gng gi trang nh ngi dng c php. Thng tin SNMP c chia lm nhiu gi nh truyn i theo nhiu hng v pha nhn phi sp xp li. V vy n c th b ngi no lm tr 1 gi tin, b gi li do mt ngi khng c php to ra ... lm thay i thng tin ca bn tin. B ngn chn hoc b l bn tin. t nht c 2 mi e do trn thng xy ra vi kt ni d liu truyn thng, nhng vi m hnh bo mt ngi dng SNMP th n c coi l khng c mi e do. Th nht l t chi dch v, mt xc thc ngi dng s b t chi dch v bi thc th qun l. N khng b coi nh mi e do, khi mng li c th l l do ca s t chi, v mt giao thc s thc thi mc ch ny. Th hai l thng k lu lng bi mt ngi dng khng xc thc. Nhm IETF SNMv3 xc nh rng khng c thun li quan trng no t c bng cch chng li s tn cng ny.
25

6.4.2. M hnh bo mt

Hnh : M hnh bo mt M hnh bo mt trong SNMPv3 l m hnh bo mt ngi dng (User-base Security Model vit tt l USM). N phn nh khi nim tn ngi dng truyn thng. Nh chng ta nh ngha giao din dch v tru tng gia cc phn h khc nhau trong thc th SNMP, by gi chng ta s nh ngha giao din dch v tru tng trong USM. Cc nh ngha ny bao trm ln khi nim v giao din gia dch v ging USM v xc thc khng ph thuc v dch v ring. Hai primitive c kt hp vi mt dch v xc thc, mt to ra bn tin xc thc i, v mt kim tra bn tin xc thc n. Tng t, 2 primitive c kt hp vi cc dch v ring: encryptData m ho bn tin i v decryptData gii m bn tin n. Cc dch v c cung cp bi module xc thc v module ring trong phn h bo mt cho bn tin i v bn tin n. M hnh x l bn tin dn chng cho USM trong phn h bo mt. Da trn mc bo mt gn trn bn tin, USM ln lt c dn qua module xc thc v module ring. Kt qu c a tr li m hnh x l bn tin bi USM.
26

II. Tm hiu gi th vin SNMP4J

III. Demo

27