MIB Study
Subscribe

From OpenNMS

Jump to: navigation, search


Understanding MIBs

MIB Studies are a comprehensive review of documents published by Vendors for SNMP enabled systems (having SNMP agents). SNMP is the standard management protocol and a MIB (Management Information Base) is a set of all objects maintained by an agent and accessible via the SNMP protocol. A MIB definition is a file definining the structure of this information and is written using ASN.1 (Abstract Syntax Notation).


<a name="ObjectIds" id="ObjectIDs"></a>


System Object IDs

SNMP agents supporting MIB2 must provide a unique System Object ID (system.sysObjectID.0). This ID is used by network management entities, such as [OpenNMS], to determine the monitoring capabilities of a device. OpenNMS, specifically, uses the sysObjectID in order to automattically determine what performance reporting and thresholding measure to employ for a device.

sysObjectID is defined in the MIB2 RFC 1213...

         sysObjectID OBJECT-TYPE
             SYNTAX  OBJECT IDENTIFIER
             ACCESS  read-only
             STATUS  mandatory
             DESCRIPTION
                     "The vendor's authoritative identification of the
                     network management subsystem contained in the
                     entity.  This value is allocated within the SMI
                     enterprises subtree (1.3.6.1.4.1) and provides an
                     easy and unambiguous means for determining `what
                     kind of box' is being managed.  For example, if
                     vendor `Flintstones, Inc.' was assigned the
                     subtree 1.3.6.1.4.1.4242, it could assign the
                     identifier 1.3.6.1.4.1.4242.1.1 to its `Fred
                     Router'."
             ::= { system 2 }


For exmaple, from the OpenNMS node table, you can see that OpenNMS has discovered devices with the following Enterprice IDs:

opennms=# select distinct nodesysoid, substr(nodesysdescription, 1, 40) from node;
        nodesysoid          |                  substr                   
----------------------------+-----------------------------------------
.1.3.6.1.4.1.11.2.3.7.11.19 | HP J4813A ProCurve Switch 2524, revision 
.1.3.6.1.4.1.388.1.5        | Symbol Access Point, S/W rev:- S/W rev: 
.1.3.6.1.4.1.8744.1.12      | CN3500 - Hardware revision 55-01-0007-01 
.1.3.6.1.4.1.8744.1.12      | CN3500 - Hardware revision 55-01-0007-02 
.1.3.6.1.4.1.8744.1.12      | CN3500 - Hardware revision 55-01-0020-00 
.1.3.6.1.4.1.8744.1.16      | CN3200 - Hardware revision 50-00-0009-01 
.1.3.6.1.4.1.8744.1.16      | CN3200 - Hardware revision 50-00-0009-02 
.1.3.6.1.4.1.8744.1.16      | CN3200 - Hardware revision 50-00-0013-01 
.1.3.6.1.4.1.8744.1.20      | CN320 - Hardware revision 50-00-0008-01
.1.3.6.1.4.1.8744.1.20      | CN320 - Hardware revision 50-00-0008-02
.1.3.6.1.4.1.8744.1.24      | CN330 - Hardware revision 50-00-0024-01
.1.3.6.1.4.1.8744.1.5       | CN3000 - Hardware revision 50-00-0002-04 
.1.3.6.1.4.1.8744.1.5       | CN3000 - Hardware revision 50-00-0006-01 
.1.3.6.1.4.1.8744.1.5       | CN3000 - Hardware revision 50-00-0014-01 
.1.3.6.1.4.1.8744.1.8       | CN300 - Hardware revision 50-00-0006-01
.1.3.6.1.4.1.89.1.1.62.8    | LinkProof Branch - 50M

The majority of the sysObjectIDs discovered, by this instance of OpenNMS, contains the enterprise 8744. Enterprise numbers are controlled by IANA and 8744 is assigned:

 8744
   Colubris Networks Inc.
     Eric Perie
     Eric.Perie@colubris.com

These numbers can be here: [IANA] (careful, this is a very large page for a browser). Another interesting example is:

 3746
   Swisscom AG
     Markus Schuetz
     markus.schuetz@swisscom.com

<a name="ColubrisMIB" id="ColubrisMIB"></a>


Traps

Complete monitoring of network devices using SNMP requires 2 asynchronous processes:

  • Polling of network entities by the network management entity
  • Notifications from network entities to the network management entity

Traps (now defined as Notifications since version SNMPv2c), are unsolicited UDP messages alerting network managers of state changes on the network entity that may or may not be useful to the businesses monitoring requirements.

Follow this link to study interesting Traps from Colubirs devices. Colubris Traps


Interesting performance metrics:

I usally go after the counters in the MIBs first for they are typically the most interesting. I use a little script like this to first show me all the Counter[32|64] objects and pick out the ones with interesting names. I then go back in the MIB files are read about the ones I like. Here is the Perl script I wrote from studying MIBs:

mibObjGrep.pl

mibObjGrep.pl

Then run this command to get all the counters from a file:

./mibObjGrep.pl -m ".*OBJECT-TYPE" -s "SYNTAX.*Counter" -f COLUBRIS-QOS-MIB.my

Or, to run against all the MIB definition files in your current directory:

ls *.my | while read line; do ./mibObjGrep.pl -m ".*OBJECT-TYPE" -s "SYNTAX.*Counter" -f $line; done

That gives me output I can quickly browse and I know which file and line number of the objects that I'm interested in:

...
TCP-MIB.my: 96: tcpActiveOpens OBJECT-TYPE:    SYNTAX      Counter32
    DESCRIPTION            "The number of times TCP connections have made a direct
            transition to the SYN-SENT state from the CLOSED state."


TCP-MIB.my: 105: tcpPassiveOpens OBJECT-TYPE:    SYNTAX      Counter32
    DESCRIPTION            "The number of times TCP connections have made a direct
            transition to the SYN-RCVD state from the LISTEN state."


TCP-MIB.my: 114: tcpAttemptFails OBJECT-TYPE:    SYNTAX      Counter32
    DESCRIPTION            "The number of times TCP connections have made a direct
            transition to the CLOSED state from either the SYN-SENT
            state or the SYN-RCVD state, plus the number of times TCP
            connections have made a direct transition to the LISTEN
            state from the SYN-RCVD state."


TCP-MIB.my: 126: tcpEstabResets OBJECT-TYPE:    SYNTAX      Counter32
    DESCRIPTION            "The number of times TCP connections have made a direct
            transition to the CLOSED state from either the ESTABLISHED
            state or the CLOSE-WAIT state."
...

For Colubris Lovers

See: Colubris Performance Metrics


Interesting performance metrics for thresholding