MIB Study
From OpenNMS
Contents |
Understanding MIBs
MIB Studies are a comprehensive review of documents published by Vendors for SNMP enabled systems (having SNMP agents). SNMP is the standard management protocol and a MIB (Management Information Base) is a set of all objects maintained by an agent and accessible via the SNMP protocol. A MIB definition is a file definining the structure of this information and is written using ASN.1 (Abstract Syntax Notation).
<a name="ObjectIds" id="ObjectIDs"></a>
System Object IDs
SNMP agents supporting MIB2 must provide a unique System Object ID (system.sysObjectID.0). This ID is used by network management entities, such as [OpenNMS], to determine the monitoring capabilities of a device. OpenNMS, specifically, uses the sysObjectID in order to automattically determine what performance reporting and thresholding measure to employ for a device.
sysObjectID is defined in the MIB2 RFC 1213...
sysObjectID OBJECT-TYPE
SYNTAX OBJECT IDENTIFIER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The vendor's authoritative identification of the
network management subsystem contained in the
entity. This value is allocated within the SMI
enterprises subtree (1.3.6.1.4.1) and provides an
easy and unambiguous means for determining `what
kind of box' is being managed. For example, if
vendor `Flintstones, Inc.' was assigned the
subtree 1.3.6.1.4.1.4242, it could assign the
identifier 1.3.6.1.4.1.4242.1.1 to its `Fred
Router'."
::= { system 2 }
For exmaple, from the OpenNMS node table, you can see that OpenNMS has discovered devices with the following Enterprice IDs:
opennms=# select distinct nodesysoid, substr(nodesysdescription, 1, 40) from node;
nodesysoid | substr
----------------------------+-----------------------------------------
.1.3.6.1.4.1.11.2.3.7.11.19 | HP J4813A ProCurve Switch 2524, revision
.1.3.6.1.4.1.388.1.5 | Symbol Access Point, S/W rev:- S/W rev:
.1.3.6.1.4.1.8744.1.12 | CN3500 - Hardware revision 55-01-0007-01
.1.3.6.1.4.1.8744.1.12 | CN3500 - Hardware revision 55-01-0007-02
.1.3.6.1.4.1.8744.1.12 | CN3500 - Hardware revision 55-01-0020-00
.1.3.6.1.4.1.8744.1.16 | CN3200 - Hardware revision 50-00-0009-01
.1.3.6.1.4.1.8744.1.16 | CN3200 - Hardware revision 50-00-0009-02
.1.3.6.1.4.1.8744.1.16 | CN3200 - Hardware revision 50-00-0013-01
.1.3.6.1.4.1.8744.1.20 | CN320 - Hardware revision 50-00-0008-01
.1.3.6.1.4.1.8744.1.20 | CN320 - Hardware revision 50-00-0008-02
.1.3.6.1.4.1.8744.1.24 | CN330 - Hardware revision 50-00-0024-01
.1.3.6.1.4.1.8744.1.5 | CN3000 - Hardware revision 50-00-0002-04
.1.3.6.1.4.1.8744.1.5 | CN3000 - Hardware revision 50-00-0006-01
.1.3.6.1.4.1.8744.1.5 | CN3000 - Hardware revision 50-00-0014-01
.1.3.6.1.4.1.8744.1.8 | CN300 - Hardware revision 50-00-0006-01
.1.3.6.1.4.1.89.1.1.62.8 | LinkProof Branch - 50M
The majority of the sysObjectIDs discovered, by this instance of OpenNMS, contains the enterprise 8744. Enterprise numbers are controlled by IANA and 8744 is assigned:
8744
Colubris Networks Inc.
Eric Perie
Eric.Perie@colubris.com
These numbers can be here: [IANA] (careful, this is a very large page for a browser). Another interesting example is:
3746
Swisscom AG
Markus Schuetz
markus.schuetz@swisscom.com
<a name="ColubrisMIB" id="ColubrisMIB"></a>
Traps
Complete monitoring of network devices using SNMP requires 2 asynchronous processes:
- Polling of network entities by the network management entity
- Notifications from network entities to the network management entity
Traps (now defined as Notifications since version SNMPv2c), are unsolicited UDP messages alerting network managers of state changes on the network entity that may or may not be useful to the businesses monitoring requirements.
Follow this link to study interesting Traps from Colubirs devices. Colubris Traps
Interesting performance metrics:
I usally go after the counters in the MIBs first for they are typically the most interesting. I use a little script like this to first show me all the Counter[32|64] objects and pick out the ones with interesting names. I then go back in the MIB files are read about the ones I like. Here is the Perl script I wrote from studying MIBs:
mibObjGrep.pl
Then run this command to get all the counters from a file:
./mibObjGrep.pl -m ".*OBJECT-TYPE" -s "SYNTAX.*Counter" -f COLUBRIS-QOS-MIB.my
Or, to run against all the MIB definition files in your current directory:
ls *.my | while read line; do ./mibObjGrep.pl -m ".*OBJECT-TYPE" -s "SYNTAX.*Counter" -f $line; done
That gives me output I can quickly browse and I know which file and line number of the objects that I'm interested in:
...
TCP-MIB.my: 96: tcpActiveOpens OBJECT-TYPE: SYNTAX Counter32
DESCRIPTION "The number of times TCP connections have made a direct
transition to the SYN-SENT state from the CLOSED state."
TCP-MIB.my: 105: tcpPassiveOpens OBJECT-TYPE: SYNTAX Counter32
DESCRIPTION "The number of times TCP connections have made a direct
transition to the SYN-RCVD state from the LISTEN state."
TCP-MIB.my: 114: tcpAttemptFails OBJECT-TYPE: SYNTAX Counter32
DESCRIPTION "The number of times TCP connections have made a direct
transition to the CLOSED state from either the SYN-SENT
state or the SYN-RCVD state, plus the number of times TCP
connections have made a direct transition to the LISTEN
state from the SYN-RCVD state."
TCP-MIB.my: 126: tcpEstabResets OBJECT-TYPE: SYNTAX Counter32
DESCRIPTION "The number of times TCP connections have made a direct
transition to the CLOSED state from either the ESTABLISHED
state or the CLOSE-WAIT state."
...
For Colubris Lovers
See: Colubris Performance Metrics
New Pages