Previous | Table of Contents | Next |
One of the most useful aspects of SNMP traps is their ability to communicate significant events to a remote network manager. This example illustrates how vendors embellish traps to provide additional information for their customers. The internetwork for this case study consists of more than 20,000 workstations, over 500 servers, and over 350 bridges and routers. Without SNMP, managing such extensive systems would be extremely difficult. In the example shown in Figure 7-5, a remote Router D and another serial link are having difficulties. This example shows how SNMP alerts the network manager to the problems.
Figure 7-5. Communicating device and link status information
Router D with IP address [XXX.YYY.250.1] has a power failure and then returns to normal operation. In Frame 1 of Trace 7.5a, it signals to the manager by sending a LinkUp trap. The SNMP standard (RFC 1157) requires that the trap include the name and value of the ifIndex instance for the affected interface. The routers manufacturer, Cisco Systems, Inc., includes additional information to further identify the interface (see Trace 7.5b). For example, in Frame 1, the Enterprise = {1.3.6.1.4.1.9.1.1} identifies Cisco. The first three object values transmitted come from the ifTable under the Interfaces subtree {1.3.6.1.2.1.2}. These are the ifIndex (1 or 2); the ifDescription (Ethernet0 or Ethernet1); and the ifType (ethernet-csmacd). The last object value, taken from Ciscos private MIB, further identifies what happened (the link is now up).
In Frame 210, a second problem occurs on the serial link between Router B and Router C. This failure triggers the transmission of LinkDown traps from the router. As before, the Enterprise field identifies a Cisco device as the source of the traps and further identifies the failed router port by its IP address: [XXX.YYY.2.3]. The four object values transmitted to the manager communicate the link description (serial0); the type of link (proprietary point-to-point serial); and the reason for the trap (down).
Thus, if failures occur on other segments or communication links, which could even be across the country from each other, SNMP traps can alert the manager that a problem exists. Further troubleshooting by using software utilities such as ICMP Echo (PING) messages, SNMP queries (such as the IP or ICMP groups), or test equipment (such as network analyzers) can then proceed.
Trace 7.5a. Link up and link down traps (summary)
Sniffer Network Analyzer data 23-Mar at 13:08:58, file A:TRAP.ENC, Pg 1 SUMMARY Delta T Destination Source Summary 1 Manager Router D SNMP Trap -v1 Link up ifIndex .. cisco.2.2.1.1.20.1 (4 items) 2 0.4585 Manager Router D SNMP Trap -v1 Link up ifIndex .. cisco.2.2.1.1.20.2 (4 items) . . . 210 27.6608 Manager Router B SNMP Trap Link down ifIndex .. cisco.2.2.1.1.20.1 (4 items)
Trace 7.5b. Link up and link down traps (details)
Sniffer Network Analyzer data 23-Mar at 13:08:58, file A:TRAP.ENC, Pg 1 ------------------------------- Frame 1 ------------------------------- SNMP: ----- Simple Network Management Protocol (Version 1) ----- SNMP: SNMP: Version = 0 SNMP: Community = public SNMP: Command = Trap SNMP: Enterprise = {1.3.6.1.4.1.9.1.1} SNMP: Network address = [XXX.YYY.12.250] SNMP: Generic trap = 3 (Link up) SNMP: Specific trap = 0 SNMP: Time ticks = 797 SNMP: SNMP: Object = {1.3.6.1.2.1.2.2.1.1.1} (ifIndex.1) SNMP: Value = 1 SNMP: SNMP: Object = {1.3.6.1.2.1.2.2.1.2.1} (ifDescr.1) SNMP: Value = Ethernet0 SNMP: SNMP: Object = {1.3.6.1.2.1.2.2.1.3.1} (ifType.1) SNMP: Value = 6 (ethernet-csmacd) SNMP: SNMP: Object = {1.3.6.1.4.1.9.2.2.1.1.20.1} (cisco.2.2.1.1.20.1) SNMP: Value = up SNMP: ------------------------------- Frame 2 ------------------------------- SNMP: ----- Simple Network Management Protocol (Version 1) ----- SNMP: SNMP: Version = 0 SNMP: Community = public SNMP: Command = Trap SNMP: Enterprise = {1.3.6.1.4.1.9.1.1} SNMP: Network address = [XXX.YYY.12.250] SNMP: Generic trap = 3 (Link up) SNMP: Specific trap = 0 SNMP: Time ticks = 799 SNMP: SNMP: Object = {1.3.6.1.2.1.2.2.1.1.2} (ifIndex.2) SNMP: Value = 2 SNMP: SNMP: Object = {1.3.6.1.2.1.2.2.1.2.2} (ifDescr.2) SNMP: Value = Ethernet1 SNMP: SNMP: Object = {1.3.6.1.2.1.2.2.1.3.2} (ifType.2) SNMP: Value = 6 (ethernet-csmacd) SNMP: SNMP: Object = {1.3.6.1.4.1.9.2.2.1.1.20.2} (cisco.2.2.1.1.20.2) SNMP: Value = up SNMP: ------------------------------- Frame 210 ------------------------------- SNMP: ----- Simple Network Management Protocol (Version 1) ----- SNMP: SNMP: Version = 0 SNMP: Community = public SNMP: Command = Trap SNMP: Enterprise = {1.3.6.1.4.1.9.1.1} SNMP: Network address = [XXX.YYY.2.3] SNMP: Generic trap = 2 (Link down) SNMP: Specific trap = 0 SNMP: Time ticks = 45039280 SNMP: SNMP: Object = {1.3.6.1.2.1.2.2.1.1.1} (ifIndex.1) SNMP: Value = 1 SNMP: SNMP: Object = {1.3.6.1.2.1.2.2.1.2.1} (ifDescr.1) SNMP: Value = Serial0 SNMP: SNMP: Object = {1.3.6.1.2.1.2.2.1.3.1} (ifType.1) SNMP: Value = 22 (propPointToPointSerial) SNMP: SNMP: Object = {1.3.6.1.4.1.9.2.2.1.1.20.1} (cisco.2.2.1.1.20.1) SNMP: Value = down SNMP:
Some vendors define traps that have meaning only within their systems. In this example, Network General Corp.s Distributed Sniffer System is monitoring traffic on one segment of an internetwork (see Figure 7-6). The Sniffer allows the network administrator to set thresholds for various traffic parameters and to transmit a trap to the Network Management console if any of these thresholds are exceeded. Youll need a copy of the vendors MIB, such as the one from Network General Corp. shown in Definition 7-1, to properly interpret these enterprise-specific traps. This case study looks at several examples (see Trace 7.6).
Figure 7-6. Using private enterprise traps
Previous | Table of Contents | Next |