Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved


Chapter 6 SNMPv2c and SNMPv3 : Technical Description

Technical Description
The SNMP server exchanges network management information with SNMP client software running on a network management host. The server responds to requests for information and actions from the client. The server also controls access to the server’s Management Information Base (MIB), the collection of objects that can be viewed or changed by the SNMP client.
The SNMP client collects information on network connectivity, activity, and events by polling network elements. Communication between the SNMP server and client occurs through Protocol Data Unit (PDU) messages in one of the following forms:
Get, GetBulk, and GetNext requests—The client requests information from the server; the server returns the information in a Get response PDU message.
Set requests—The client changes the value of a MIB object controlled by the server; the server indicates status in a Set response PDU message.
SNMP has six types of Protocol Data Unit (PDU) messages. These are defined in Table 9.
Transmitted by the client to the server to obtain the identifiers and the values of a group or collection of variables rather than one variable at a time.
Transmitted by the client to the server to obtain the identifiers and the values of variables located after the designated variables.
Transmitted by the server to the client in response to a Get request, a Get Next request, or a Set request.
Transmitted by the server, on its own initiative, to inform the client of an event noted on a network element.
SNMPv2c Management Information Base
A MIB is a hierarchy of information used to define managed objects in a network element. These sets represent a resource, event, or activity that occurs in the network element.
MIBs are either standard or enterprise-specific. Standard MIBs are created by the IETF and documented in various RFCs. Refer to “SNMPv2c Traps” for a list of supported MIBS.
Enterprise-specific MIBs are developed and supported by a specific vendor for proprietary functions and features not addressed by standard MIBs. They provide consistency of management data representation across a vendor’s product line. If your network contains network elements that have enterprise-specific MIBs, you must obtain them from the vendor and compile them into your network management software.
The TIBCO enterprise-specific MIB defines both the environmental and routing data included as MIB objects for TIBCO Messaging Appliance P-7500 systems and their components. Refer to Appendix A TIBCO Enterprise-specific MIB in TIBCO Messaging Appliance P-7500 Maintenance and Troubleshooting for details.
SNMPv2c Traps
A trap reports status changes occurring on a network element, most often errors or failures.
SNMP traps are defined in either standard or enterprise-specific MIBs. Standard traps are created by the IETF and documented in various RFCs. The standard traps are compiled into the network management software. You can also download the standard traps from the IETF Web site, at http://www.ietf.org.
Enterprise-specific traps are developed and supported by a specific equipment manufacturer. If your network contains network elements that have enterprise-specific traps, you must obtain them from the manufacturer and compile them into your network management software.
SNMPv2c traps supported by the TIBCO Messaging Appliance P-7500 system software include:
For trap descriptions or to download, refer to the RFC Index on IETF Web site, at http://www.rfc-editor.org/rfc-index2.html.
Refer to “Configuring Enterprise-specific Traps” for the traps developed and supported by TIBCO for TIBCO Messaging Appliance P-7500.
Note: SNMPv3 uses notifications in place of traps. Notifications differ from traps only in that they are acknowledged by the client.
SNMPv3 Security Improvements
SNMPv2c provides only password protection for the name of the groups querying the server, through the community name and IP address. In contrast, SNMPv3 supports both authentication and encryption for the name of the groups querying the server.
With SNMPv3, only authorized users can communicate with each other. Based on the concept of applying security levels to the name of the groups querying the server, the server decides whether the group is allowed to view or change specific MIBs. Consequently, an SNMPv3 client can interact with a network element only if the administrator configured the network element to allow the interaction.
SNMPv3 authenticates users through the HMAC-MD5-96 protocol, while CBC-DES is the encryption protocol (for privacy). TIBCO Messaging Appliance P-7500 recognizes up to 16 groups for SNMP access that can have any of the following predefined SNMPv3 security levels:
TIBCO Messaging Appliance P-7500 supports one predefined SNMPv3 view: everything. This view includes all MIBs associated with the system.
SNMPv3 uses the User-based Security Model (USM) for message security. USM specifies authentication and encryption, and uses the concept of a user for which security parameters such as authentication are configured for both the server and the client. Consequently, messages sent using USM are better protected than messages sent with SNMPv2c community strings, where passwords (that is, community names) are sent openly. SNMPv3 can be used to secure the network element from the following threats:
In contrast, when an SNMPv2c server receives a message request, the server extracts the client’s community name. The SNMPv2c community table is searched for a matching community name. If a match is found, the IP address is accepted. An unmatched community name causes an SNMP authentication error. Each entry in the community table identifies:

Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved