Post on 04-Nov-2020
transcript
Introduction to SNMP
Contents
1. Basic Concepts
2. Management Information Base
3. Simple Network Management Protocol
4. SNMP Application Examples
5. Reference
Appendix: ASN.1 Concept
3
Internet UNIX
1. Basic Concepts
ManagementStationNM
PC UNIX
.... FDDI
Polling RMONDevice Notification
/ Router .... ....PC
Internet PC
4
SNMP Standard
Internet SNMPv1, SNMPv2, SNMPv3
ISO/ITU-T X.700 Series: CMIP/S (Common Management Information Protocol /
Service)
ITU-T M.3000 Series: TMN (Telecommunication Management Networks)
SNMP Concepts
SNMP: Simple Network Management Protocol
De facto standards of network management for TCP/IPnetworks (Internet)
IAB recommends all IP & TCP implementations shouldbe network manageable.
That is, all TCP/IP network devices should supportSNMP.
IAB: Internet Activities Board
SNMP Architectural Model
Key Components One or more Management Stations
• Perform management applications, i.e, Monitor & Control.
Multiple Network Elements• hosts, routers, gateways, ..., which each contain an Agent.
Network Management Protocol• Exchange network management information.
SNMP Architectural Model (cont.)
Management Network Elements (NEs)Station Host Router
NetworkManagement
Protocol. . .
Management Components
Manager
Agent
Network Management Protocol
Management Information Base (MIB)
8
Management Components
Management Station (Manager) Network management applications. Provide an interface which the human network manager can
monitor and control the network.
Network devices should be equipped with agent software sothat they can be managed from a management station. Responds to requests for information from managers. Responds to requests for actions from managers. May asynchronously provide managers with important but
unsolicited information.
9
Management Components (cont.)
Network Management Protocol Communication protocol between managers and agents
NM protocol provides a standard way to exchangemanagement information between managers and agents.
Management Information Base (MIB) A collection of Managed Objects.
The resources to be managed are represented as objects,called Managed Objects (MOs).
10
Management Information Base (MIB)Managed Resources
Each resource to be managed isrepresented by an object, calledmanaged object (MO).
The MIB is a structured collectionof MOs. MIB
variable.
Each agent in an NE maintains anMIB.
Monitor: by reading the values ofMOs in the MIB.
Control: by modifying the values ofMOs in the MIB.
Agent
NE: Network Element
SNMP Services Four Services Get, Set, GetNext, Trap
Five SNMP PDUs GetRequest, SetRequest, GetNextRequest, GetResponse, Trap
Get, Set, GetNext Request
Get Response
Trap
PDU: Protocol Data Unit
SNMP Services
Get
GetNext
Get Request
Get Response
GetNext Request
Get Response
Set
Trap
Set Request
Get Response
Trap Request
13
SNMP Services (cont.)
Get Request: Retrieve the values of objects in the MIB of an agent.
Get-Next Request: Retrieve the values of the next objects in the MIB of an agent.
Set Request: Update the values of objects in the MIB of an agent.
Trap Request Report extraordinary events to the manager.
Get-Next Request
MIB Tree : * In SNMP,Only leaf objects havevalues.
4 5 6
1 2 3
Default UDP Ports for SNMP
ManagementStation
Network Elements (NEs)
162 Any 161 Any
SNMP Standards
SNMP Protocol (Std 15) RFC1157: Simple Network Management Protocol.
Structure of Management Information (SMI) (Std 16) RFC1155: Structure and Identification of Management
Information for TCP/IP-based Internets. RFC1212: Concise MIB Definitions.
MIB-II (Std 17) RFC1213: Management Information Base for Network
Management of TCP/IP-based Internets: MIB-II.
http://www.isi.edu/rfc-editor/rfc.html
2. Management Information Base
Structure of Management Information (SMI) Set of rules on how managed objects should be defined. Objects are defined using Abstract Syntax Notation One ASN.1
(ITU-T X.208 / ISO 8824)
MIB The collection of all defined objects Contains hierarchically organized variables corresponding to
managed objects. MIB-II, RMON MIB, Bridge MIB, Repeater MIB, X.25 MIB,
FDDI MIB, Token Ring MIB, ...
bodyorg
Object Identifier Object Identifier (OID): Global identifier for a particular object type.
An OID consists of a sequence of integers, which specify theposition of the object in the global object identifier tree.
root0 1 2
ccitt iso joint-iso-ccitt0
1 2 3std reg
authority
1.3.6.1.2.1.2
member6
dod1
internet
1.3.6.1.2.1
1.3.6.1.4.1
directory1
2 3 4mgmt experimental private
1 1MMIIBB IIII eenntteerrpprriisseess
system iiinnnttteeerrrfffaaaccceee at IP ICMP TCP UDP EGP Trans. SNMP1 2 3 4 5 6 7 8 10 11
Private MIB Registration
Companies can register their private MIBextensions in the global MIB tree bycontacting the Internet Assigned NumbersAuthority (IANA). http://www.iana.org/
Currently assigned enterprise subtrees
ftp://ftp.isi.edu/in-notes/iana/assignments/enterprise-numbers
20
SMI (RFC1155)RFC1155-SMI DEFINITIONS ::=BEGINEXPORTS -- EVERYTHING
internet, directory, mgmt, experimental, private,enterprises, OBJECT-TYPE, ObjectName,ObjectSyntax, SimpleSyntax,
Counter, Gauge, TimeTicks, Opaque;
internet OBJECT IDENTIFIER ::= { iso org(3) dod(6) 1 }directory OBJECT IDENTIFIER ::= { internet 1 }mgmt OBJECT IDENTIFIER ::= { internet 2 }experimental OBJECT IDENTIFIER ::= { internet 3 }private OBJECT IDENTIFIER ::= { internet 4 }enterprises OBJECT IDENTIFIER ::= { private 1 }
SMI (cont.)OBJECT-TYPE MACRO ::=
BEGINTYPE NOTATION ::=
"SYNTAX" type (TYPE ObjectSyntax)"ACCESS" Access"STATUS" Status
VALUE NOTATION ::= value (VALUE ObjectName)Access ::= "read-only"
| "read-write"| "write-only"| "not-accessible"
Status ::= "mandatory"| "optional"| "obsolete"
ASN.1 Macro
END
ObjectName ::= OBJECT IDENTIFIER
OBJECT-TYPE Example
sysDesc OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..255))
ACCESS read-only
STATUS mandary
::= { system 1}
23
SMI (cont.)ObjectName ::= OBJECT IDENTIFIER
ObjectSyntax ::=CHOICE {
simple SimpleSyntax,application-wide
ApplicationSyntax}
SimpleSyntax ::=CHOICE {
number INTEGER,string OCTET STRING,object OBJECT IDENTIFIER,empty NULL} }
ApplicationSyntax ::=CHOICE {
address NetworkAddress,counter Counter,gauge Gauge,ticks TimeTicks,arbitrary Opaque}
NetworkAddress ::=CHOICE {
internet IpAddress}IpAddress ::=
[APPLICATION 0]IMPLICIT OCTET STRING (SIZE (4))
Counter ::=[APPLICATION 1]IMPLICIT INTEGER (0..4294967295)
Gauge ::=[APPLICATION 2]IMPLICIT INTEGER (0..4294967295)
TimeTicks ::=[APPLICATION 3]IMPLICIT INTEGER (0..4294967295)
Opaque ::=[APPLICATION 4]IMPLICIT OCTET STRING
END
Object Syntax Summary
Simple Syntax Integer
Octet String
Object Identifier
Null
Application Syntax Network Address
Counter
Gauge
Time Ticks
Opaque
25
Concise MIB Definition (RFC 1212)
OBJECT-TYPE MACRO ::=BEGINTYPE NOTATION ::=
"SYNTAX" type(ObjectSyntax)"ACCESS" Access"STATUS" StatusDescrPartReferPartIndexPartDefValPart
VALUE NOTATION ::=value (VALUE ObjectName)
DescrPart ::="DESCRIPTION" value (description DisplayString)
| emptyReferPart ::=
"REFERENCE" value (reference DisplayString)| empty
IndexPart ::=
IndexTypes ::=IndexType | IndexTypes "," IndexType
IndexType ::=value (indexobject ObjectName) | type (indextype)
DefValPart ::="DEFVAL" "{" value (defvalue ObjectSyntax) "}"
| emptyEND
Examples: MIB II (RFC 1213)mib-2 OBJECT IDENTIFIER ::= { mgmt 1 }system OBJECT IDENTIFIER ::= { mib-2 1 }interfaces OBJECT IDENTIFIER ::= { mib-2 2 }at OBJECT IDENTIFIER ::= { mib-2 3 }
tcp OBJECT IDENTIFIER ::= { mib-2 6 }udp OBJECT IDENTIFIER ::= { mib-2 7 }egp OBJECT IDENTIFIER ::= { mib-2 8 }-- cmot OBJECT IDENTIFIER ::= { mib-2 9 }
ip OBJECT IDENTIFIER ::= { mib-2 4 }icmp OBJECT IDENTIFIER ::= { mib-2 5 }
transmission OBJECT IDENTIFIER ::= { mib-2 10 }snmp OBJECT IDENTIFIER ::= { mib-2 11 }
Identification of Managed Objects
Use Object Identifier (OID)
OID = Object Type OID . Instance Identifier Object Type OID: Each Object type has a unique OID
Instance Identifier: Identify instances of object type
E.g .mib-2.interface.ifTable.ifEntry.ifDescr.2
28
Two Kinds of Managed Objects
Type-Specific Objects: sysDescr OBJECT-TYPE
SYNTAX DisplayString (SIZE(0..255))
::= {system 1}
OID: mib-2.system.1.0
Columnar Objects OID:
mib-2.interface.ifTable.ifEntry.ifDescr.2mib-2.interface.ifTable.ifEntry.ifDescr.6mib-2.interface.ifTable.ifEntry.ifType.2mib-2.interface.ifTable.ifEntry.ifType.6
29
Columnar Objects
ifTable OBJECT-TYPESYNTAX SEQUENCE OF IfEntry…::= { interface 2 }
ifEntry OBJECT-TYPESYNTAX IfEntry…INDEX {ifIndex }::= { ifTable 1}
IfEntry ::= SEQUENCE {ifIndex INTEGER,ifDescr DisplayString,ifType INTEGER,
}
ifDescr OBJECT-TYPESYNTAX DisplayString (SIZE(0..255))ACCESS read-onlySTATUS madatory
...::= {ifEntry 2}
30
Columnar Objects.ifTable.ifEntry.1 (1.3.6.1.2.1.2.2.1.1)
.ifTable.ifEntry.2 (1.3.6.1.2.1.2.2.1.2).ifTable.ifEntry.3 (1.3.6.1.2.1.2.2.1.3)
1.3.6.1.2.1.2.2.1.2.6 1.3.6.1.2.1.2.2.1.3.7
31
Index in MIB II ifEntry {ifIndex} atEntry {atNetIfIndex, atNetAddress} ipAddrEntry {ipAdEntAddr } ipRouteEntry {ipRouteDest} ipNetToMediaEntry {ipNetToMediaIfIndex,
ipNetToMediaNetAddress} tcpConnEntry
{tcpConnLocalAddress, tcpConnLocalPort,tcpConnRemoteAddress, tcpConnRemotePort}
udpEntry {udpLocalAddress, udpLocalPort} egpNeighEntry {egpNeighAddr}
32
Index Example
To get the state of the TCP connection:10.144.18.118:1200 ===> 10.144.14.40:1600
Use snmp_get_req. to get the “tcpConnState”of the tcpConnTable in MIB II.
tcpConnState ==> .1.3.6.1.2.1.6.13.1.1
.1.3.6.1.2.1.6.13.1.1.0.144.18.118.1200.10.144.14.40.1600
33
MIB II
System Group Provide general information about the managed system.
Interfaces Group Contains generic information about the physical interfaces.
Address-Translation Group
physical addresses for each physical interface.
IP Group Contains information about the implementation and operation of IP at the
managed system.
ICMP Group Contains information about the implementation and operation of ICMP at the
managed system.
TCP Group
MIB-II (cont.)
Contains information about the implementation and operation of TCP at themanaged system.
UDP Group Contains information about the implementation and operation of UDP at the
managed system.
EGP Group Contains information about the implementation and operation of EGP at the
managed system.
Transmission Group Provides details about the underlying transmission media for each interface.
SNMP Group Provides the statistics of SNMP operations at the managed system.
IETF MIBs
1213 MIB-II
1316 Character Stream
1317 RS-232-like Hardware
1471 PPP
1513 RMON for Token Ring
1757 RMON
2021 RMON-II
.....
SNMP Message Version Identifier
Community Name
3. SNMPMessage ::=
SEQUENCE {version INTEGER {version-1(0)},community OCTET STRING,data ANY
Protocol Data Unit }
The length of SNMP messages should notexceed 484 octets.
Version Community SNMP PDU
SNMP Authentication
Community Relationship between an Agent and Managers.
Community Name Used to validate the SNMP messages.
SNMP Password.
Default ‘Get’ community name: “public”. Authentication Failure Agent sends “Authentication Failure Trap” to Manager.
SNMP PDUPDU ::= SEQUENCE {
request-id INTEGER,
Five SNMP PDUs: error-status INTEGER {noError(0),
GetRquest :GetNextRequest :
GetResponse :SetRequest :
Trap :
[0] PDU[1] PDU[2] PDU[3] PDU[4] Trap-PDU
tooBig(1),noSuchName(2),badValue(3),readOnly(4)genErr(5)},
error-index INTEGER,variable-bindings
SEQUENCE OF {name ObjectName,value ObjectSyntax
}}
PDU: Protocol Data Unit
SNMP PDU (cont.)
GetRequest, GetNextRequest, SetRequest
PDU type request-id 0 0 variable-bindings
GetResponse
PDU type request-id error-status error-index variable-bindings
variable-bindings
name value name value . . . name value
Enterprise:
Trap-PDUTrap-PDU ::= [4]
Type of Object generating trap.
Agent Address:Address of object generating trap.
Generic Trap:Generic trap type.
Specific Trap:Enterprise specific trap.
Time Stamp:Time elapsed between the lastinitialization of the network entity andthe generation of the trap.
Variable Bindings“Interesting” information
IMPLICIT SEQUENCE {enterprise OBJECT IDENTIFIER,agent-addr NetworkAddress,generic-trap INTEGER {
coldStart(0),warmStart(1),linkDown(2),linkUp(3),authenticationFailure(4),egpNeighborLoss(5),enterpriseSpecific(6)},
specific-trap INTEGER, time-stamp TimeTicks, variable-bindings VarBindList
}
PDU type enterprise agent-addr generic-trapspecific-trap time-stamp variable-bindings
How does a Manager do?
NMApplication
Translates InternalData to
ASN.1 Format
Sends RequestPDU to Agent Agent
NMApplication
Translates ASN.1Package to Internal
Data Format
Received ResponsePDU from Agent
Agent
Manager
How does an Agent do?
FromManager
Received SNMPRequest PDUfrom Manager
Translates ASN.1Structure to
Internal Data
Maps MIBVariables to
Internal Variables
ToManager
Sends SNMPResponse PDU
to Manager
Translates ResponsePDU to ASN.1
Format
Implement SNMPRequest to Set orGet MIB Value
Agent
Main Loop of Agent Agent waits for an incoming datagram in Port 161 Reads the datagram from UDP and notes the transport
address of the sending entity. Increments the QUANTUM to keep track of the logical
request-id being processed by agent De-serializes the datagram into an ASN.1 structure. If error
occurs, log error and discard packet. The ASN.1 structure is translated into SNMP message. If
error occurs, log error and discard packet. Check on VERSION-NUMBER field. If error occurs, log
error and discard packet.
Main Loop of Agent (cont.) Community name is looked up.
If community is unknown to agent, agent sendAUTHENTICATION trap to Manager station in Port 162; logerror and discard packet.
Agent loops through list of variables in the request.
If no prototype is found, return a GET-RESPONE with errornoSuchName and discard package.
Once prototype is fund, operation is checked against community profile. Ifmismatch occurs, return get-respone with error noSuchName or readOnlyand discard package.
Otherwise, agent invokes access routine to perform the desired operation.
What's New in SNMPv2
No more Trap PDU, 3 New PDUs: getBulkReq, InformReq, SNMPv2-Trap
Added Security
18 Error Status Values
SNMPv2 SMI / SNMPv2 MIB
M-to-M Communications
Table Operations
...
4. SNMP Application Examples SNMP Commands snmpget [options] node variable [...]
• query a node using SNMP Get request
snmpnext [options] node variable [...]• query a node using SNMP GetNext request
snmpwalk [options] node variable• query a node repeatedly using SNMP GetNext/GetBulk requests
snmptrap [-d] [-p port] [-c community] node enterprise agent-addr generic-trap specific-trap time-stamp variable type value[variable type value...]
• issue an SNMP Version 1 Trap
options:[-d] [-t timeout] [-r retries] [-p port] [-c community] [-v version]
Example for snmpget>>snmpget -d 10.144.18.118 .1.3.6.1.2.1.1.1.0Transmitted 41 bytes to camry (10.144.18.118) port 161:Initial Timeout: 0.80 seconds
0: 30 27 02 01 00 04 06 70 75 62 6c 69 63 a0 1a 02 0'.....public...16: 02 18 bc 02 01 00 02 01 00 30 0e 30 0c 06 08 2b .........0.0...+32: 06 01 02 01 01 01 00 05 00 -- -- -- -- -- -- -- ................0: SNMP MESSAGE (0x30): 39 bytes
5: OCTET-STR COMMUNITY (0x4) 6 bytes: "public"13: GET-REQUEST-PDU (0xa0): 26 bytes15: INTEGER REQUEST-ID (0x2) 2 bytes: 633219: INTEGER ERROR-STATUS (0x2) 1 bytes: noError(0)22: INTEGER ERROR-INDEX (0x2) 1 bytes: 025: SEQUENCE VARBIND-LIST (0x30): 14 bytes27: SEQUENCE VARBIND (0x30): 12 bytes29: OBJ-ID (0x6) 8 bytes: .1.3.6.1.2.1.1.1.039: NULL (0x5) 0 bytes
Example for snmpget (cont.)Received 69 bytes from camry (10.144.18.118) port 161:
0: 30 43 02 01 00 04 06 70 75 62 6c 69 63 a2 36 02 0C.....public.6.16: 02 18 bc 02 01 00 02 01 00 30 2a 30 28 06 08 2b .........0*0(..+32: 06 01 02 01 01 01 00 04 1c 53 75 6e 20 53 4e 4d .........Sun SNM48: 50 20 41 67 65 6e 74 2c 20 53 55 4e 57 2c 55 6c P Agent, SUNW,Ul64: 74 72 61 2d 31 -- -- -- -- -- -- -- -- -- -- -- tra-1...........0: SNMP MESSAGE (0x30): 67 bytes2: INTEGER VERSION (0x2) 1 bytes: 0 (SNMPv1)5: OCTET-STR COMMUNITY (0x4) 6 bytes: "public"13: RESPONSE-PDU (0xa2): 54 bytes15: INTEGER REQUEST-ID (0x2) 2 bytes: 633219: INTEGER ERROR-STATUS (0x2) 1 bytes: noError(0)22: INTEGER ERROR-INDEX (0x2) 1 bytes: 025: SEQUENCE VARBIND-LIST (0x30): 42 bytes27: SEQUENCE VARBIND (0x30): 40 bytes29: OBJ-ID (0x6) 8 bytes: .1.3.6.1.2.1.1.1.039: OCTET-STR (0x4) 28 bytes: "Sun SNMP Agent, SUNW,Ultra-1"
system.sysDescr.0 : DISPLAY STRING- (ascii): Sun SNMP Agent, SUNW,Ultra-1
Example of snmpwalk
snmpwalk 10.144.18.118 .1.3.6.1.2.1.1system.sysDescr.0 : DISPLAY STRING- (ascii): Sun SNMP Agent, SUNW,Ultra-1
system.sysObjectID.0 : OBJECTIDENTIFIER: .iso.org.dod.internet.private.enterprises.42.2.1.1
system.sysUpTime.0 22 days, 22:36:39.58
system.sysContact.0 : DISPLAY STRING- (ascii): lino@ms.chttl.com.tw
system.sysName.0 : DISPLAY STRING- (ascii): camry
system.sysLocation.0 : DISPLAY STRING- (ascii): Information TechnologyLaboratory 3F
system.sysServices.0 : INTEGER: 72 (01001000)B
Example of snmptrap snmptrap -d manager .1.3.6.1.4.1.612.1.1 10.144.18.116 6 99999
0 .1.3.6.1.1 octetstringascii "Trap test"Transmitted 64 bytes to manager (10.144.18.100) port 162:
0: 30 3e 02 01 00 04 06 70 75 62 6c 69 63 a4 31 06 0>.....public.1.16: 09 2b 06 01 04 01 84 64 01 01 40 04 0a 90 12 74 .+.....d..@....t32: 02 01 06 02 03 01 86 9f 43 01 00 30 13 30 11 06 ........C..0.0..48: 04 2b 06 01 01 04 09 54 72 61 70 20 74 65 73 74 .+.....Trap test0: SNMP MESSAGE (0x30): 62 bytes2: INTEGER VERSION (0x2) 1 bytes: 0 (SNMPv1)5: OCTET-STR COMMUNITY (0x4) 6 bytes: "public"
13: V1-TRAP-PDU (0xa4): 49 bytes15: OBJ-ID ENTERPRISE (0x6) 9 bytes: .1.3.6.1.4.1.612.1.126: IPADDRESS AGENT-ADDR (0x40) 4 bytes: 10.144.18.116 (manager2)32: INTEGER GENERIC-TRAP (0x2) 1 bytes: 635: INTEGER SPECIFIC-TRAP (0x2) 3 bytes: 9999940: TIMETICKS TIME-STAMP (0x43) 1 bytes: 0 (0x0)43: SEQUENCE VARBIND-LIST (0x30): 19 bytes45: SEQUENCE VARBIND (0x30): 17 bytes47: OBJ-ID (0x6) 4 bytes: .1.3.6.1.153: OCTET-STR (0x4) 9 bytes: "Trap test"
Get System Information
Get “System Group” of MIB II
Use get_request or get_next_requestsysDescr .1.3.6.1.2.1.1.1.0
sysObjectID .1.3.6.1.2.1.1.2.0
sysUptime .1.3.6.1.2.1.1.3.0
sysContact .1.3.6.1.2.1.1.4.0
sysName .1.3.6.1.2.1.1.5.0
sysLocation .1.3.6.1.2.1.1.6.0
52
Get Interface Information
Get “Interface Group” of MIB II
Repeatedly Use “get_next_request” Note: We don’t know the ifIndex values in
ifTable.First get the next object of .ifTable.ifEntry.0
Then repeatedly “get_next”Until the whole subtree is visited.
53
54
Traffic Monitoring
Get “ifInOctets” and “ifOutOctets” of MIB IIInterface Group
t1: C1 t2: C2
Utilization (%) =(C2 - C1 ) 8
(t2 - t1) Bandwidth 100%
55
56
6. Reference
The Simple Book, marshall T.Rose, Prentice-Hall Inc.
SNMP, SNMPv2 and RMON: The Practical Guide to NetworkManagement, Willeam Stallings
SMI; http://ds.internic.net/rfc/rfc1155.txt
Concise MIB Format; http://ds.internic.net/rfc/rfc1212.txt
SNMP; http://ds.internic.net/rfc/rfc1157.txt
MIB II; http://ds.internic.net/rfc/rfc1213.txt
Trap Format; http://ds.internic.net/rfc/rfc1215.txt
ASN.1 and BER; ITU-T X.208, X.209
Development of SNMP Standards
SNMPv2 SNMPv3
RMON I
RMON II
58
SNMPv3
An Architecture for Describing Internet ManagementFrameworks
Local Processing Model for version 3 of the SimpleNetwork Management Protocol (SNMPv3)
Message Processing and Control Model for version 3of the Simple Network Management Protocol (SNMP)
User-based Security Model for version 3 of the SimpleNetwork Management Protocol (SNMPv3)
View-based Access Control Model (VACM) for version3 of the Simple Network Management Protocol (SNMP)
User-based Security Model (USM) for version 3 of theSimple Network Management Protocol (SNMPv3)
59
RMON I & II
APPLICATION Presentation
Session RMON2
RMON 2
Transport Network
Data Link(MAC)
RMON1
Ethern et
TokenRing
FDDI
Frame Relay,HDLC, PPD,SDLL, X.25,
CIRPPhysical
V-
seriesT1 E1
G703
60
Appendix: ASN.1 Concepts
ASN.1: Abstract Syntax Notation One
ISO/ITU-T Standards: ISO 8824/ITU-T X.208
Abstract Syntax: Use a syntax to define data/data structure independent of
machine-oriented structures and restrictions.
Use in SNMP Define SNMP PDU format
Define management information (MIB)
ASN.1 Reserved Words
All reserved words MUST be upper case BOOLEAN INTEGER BIT STRING
OCTET NULL OF SEQUENCE
SET IMPLICIT CHOICE ANY
EVTERNAL OBJECT END IDENTIFIER
OPTIONAL DEFAULT TRUE COMPONTS
FALSE BEGIN
What are defined using ASN.1 Types: data structures e.g. Counter, Gauge, IpAddess, ...
Values:
e.g. sysContact, ifTable, ifSpeed, ...
Macros: used to change the actual grammar of ASN.1 e.g. OBJECT-TYPE, ACCESS, ...
63
Modules
Module: A collection of ASN.1 descriptionsModule Structure
<module name> DEFINITION ::= BEGIN<module body>
END
Example EmptyModule
DEFINITION ::= BEGINEND
Tags and Types
Tags Every type defined with ASN.1 is assigned a tag
Tag = Class + Number
• Class: (Bit 8,7 in BER tag)– Universal 0 0
– Application 0 1
– Context-specific 1 0
– Private 1 1
• Number: non-negative Integer
BER: Basic Encoding Rules
Tags and Types (cont.) Universal Tag ASN.1 Type
1 BOOLEAN2 INTEGER3 BIT STRING4 OCTET STRING5 NULL
7 ObjectDescriptor8 EXTERNAL9 REAL10 ENUMERATED12-15 Reserved
Universal Tag ASN.1 Type
18 NumericString
19 PrintableString
20 TeletexString
21 VediotextString
22 IA5String
23 UTCTime
24 GeneralizeTime
25 GraphicString
26 VisssibleString
27 GeneralString16 SEQUENCE, SEQUENCE OF17 SET, SET OF
28 CharacterString
29-... Reserved
Values in ASN.1
General format of a value assignment <valuereference> <type> ::= <value>
Examples: BOOLEAN
• Married ::= BOOLEAN
• currentStatus Married ::= FALSE
INTEGER• Color ::= INTEGER{red (0), blue (1), yellow (2)}
• defaultColor Color ::= 1
• defaultColor Color ::= blue
BER
Basic Encode Rules
A transfer syntax notation
ISO/ITU-T Standards: ISO 8825/ITU-T X.209
Values from any abstract syntax defined using ASN.1 can
BER uses Tag, Length, Value (TLV) encoding• Tag: “identifier”, Length: length of content, Value: “contents”
Each value may itself be made up of one or more TLV-encoded values