MODULE 1 MODULE 2. Contents. Unit 1: UNIT 1. Network Management Fundamentals

Transcription

1 Network Management

2 Contents MODULE 1 Unit 1: Network Management Fundamentals 1.1 Origin and Background 1.2 What is Network Management? 1.3 Requirements for Network Management 1.4 Network management Advantages 1.5 Network Management Architecture Questions Unit-2 Standards and Models 2.1 Network Management Standards Protocol Types 2.3 Network Management Protocols 2.4 Stages of Network Management 2.5 Manual, Facilitated, and Automated Management 2.6 OSI and network management model 2.7 Organizational Model Two-Tier Model Three-Tier Model Model with Model(MOM) Peer-NMS 2.8 Information Model SMI and MIB of Information Model 2.9 Communication model 2.10 Functional Model Questions MODULE 2 UNIT 1 FACPS model 1.1 Introduction 1.2 Fault Management A typical fault management system follows these steps

3 1.3 Configuration Management 1.4 Performance Management 1.5 Accounting Management 1.6 Security Management Questions UNIT 2 ASN Introduction 1.2 ASN.1 Encoding Rules 1.3 Current Uses of ASN Developing ASN.1 Applications 1.5 Need for ASN Types and Values of ASN Symbols 1.8 Backus-Nauer Form (BNF) 1.9 ASN.1 Data Types ASN.1 Simple Data Types Structured Data Types 1.10 Modules Structure of Module 1.11 Macro 1.12 Recursion Questions Module 3 Unit 1 SNMP Basics 1.1 Introduction 1.2 What is SNMP? 1.3 Network Monitoring 1.4 SNMP Architecture 1.5 Key Components of SNMP 1.6 How does SNMP work? 1.7 SNMP Standards and Versions 1.8 SNMP Commands 1.9 Benifits 1.10 Limitations Questions

4 UNIT 2 MIB and SMI 3.1 Introduction What does the MIB do? Need for MIB 3.2 Why is the MIB important? 3.3 MIB File Format 3.4 MIB and OID 3.5 SMI 3.6 SMI Data Types Questions MODULE 4 UNIT 1 SNMP V1 1.1 Introduction 1.2 SNMP Version 1 (SNMPv1) SNMPv1 and Structure of Management Information (SMI) 1.3 SNMPv1 and ASN1 Data Types 1.4 SNMP MIB Tables 1.5 SNMPv1 Protocol Operations 1.6 SNMPv1 Message Formats SNMPv1 Message Header SNMPv1 Protocol Data Unit (PDU) Trap PDU Format 1.7 Limitations OF SNMPv1 Questions Unit2 SNMP V2 2.1 Introduction 2.2 SNMPv2 and Structure of Management Information (SMI) 2.3 SMI Information Modules 2.4 SNMPv2 Protocol Operations 2.5 Transmission of an SNMPv2 Message 2.6 SNMPv2 Message Format SNMPv2 Common PDU Format SNMP Version 2 (SNMPv2) GetBulkRequest-PDU Format 2.7 SNMP Security

5 2.8 SNMP Interoperability Proxy Agents Bilingual Network-Management System MODULE 5 Unit 1 SNMP V3 1.1 Introduction 1.2Primary Goals of SNMPv3 1.3 SNMPV3 Security Model 1.4 USM and VASM 1.4.1User-based Security Model (USM) View-based Access Control Model (VACM) 1.5 SNMP Architecture 1.6 SNMPV3 Message Format 1.7 SNMP Applications Unit 2 RMON

6 UNIT-1 Network Management Fundamentals 1.1 Origin and Background In the modern world all most all organizations have good IT infrastructure such as solutions, central database systems, web servers, developer environments, test environments, employee workstations, for its success. All these assets are all running in the server of the organization s network. Since network is a key business aspect of any organization, it is very important to monitor the network. A network consists of many heterogeneous, multivendor complex, interacting hardware and software resources. The resources comprise physical devices such as routers, bridges, hosts, terminal servers, modems, links, interfaces, apart from many protocols that controls and coordinates these devices. When hundreds or thousands of such components are interfaced together by an organization to form a network, day by day network operation management and strategic network growth planning became extremely difficult due to the following facts. Increased complexity of net topologies & technologies Deployment of a large number of incompatible technologies Network often located in remote sites Hence an essential need raised to monitor a network and to have an expert system of control over it. To cater this need Network Management emerged. In an informal way the branch of science which refers to the activities associated with running and controlling a network, along with the technology required to support those activities is called network management.

7 1.2 What is Network Management? More precisely the network management can be defined in the following way. Network Management refers to the activities, methods, procedures, and tools that pertain to the operation, administration, maintenance and provisioning of networked systems. The explanation for the above terms is given below. (i) Operation deals with keeping the network and the services that the network provides, up and running smoothly. It includes monitoring the network to spot problems as soon as possible, ideally before a user is affected. (ii) Administration involves keeping track of resources in the network and how they are assigned. It deals with all the housekeeping that is necessary to keep things under control. (iii) Maintenance is concerned with performing repairs and upgrades for example, when a line card must be replaced, when a router needs a new operating system image with a patch, when a new switch is added to the network. Maintenance also involves corrective and preventive proactive measures such as adjusting device parameters as needed and generally intervening as needed to make the managed network run better. (iv) Provisioning is concerned with configuring resources in the network to support a given service. For example, this might include setting up the network so that a new customer can receive voice service. The role of network management in an organization can be well understood by the figure 1.1

8 Organization Network Management NETWORK Figure Requirements for Network Management Most networks today, whether private networks or a part of big public networks such as the Internet, can be large and complex collections of expensive equipment. Often they are important to an organization's core infrastructure. This network of equipments must meet an end user's needs, and provide the "best" service at the "lowest" cost, In all cases, the network's continued operation and maximum utility is important. Managing such a network can be a daunting task even when the objectives for managing such a system are known. These objectives might include getting better control over network assets, improving service to organizations that use the network, and reducing the downtime of any part of the network. Many problems must be overcome when managing a network to accomplish these objectives. Networks tend to be large and complex, filled with equipment from many vendors; and there are many types of network managers, as well as proprietary solutions that are very popular and installed in many places. Therefore, the perfect network management would include the following features:

9 - Easy to use - manages heterogeneous devices and networks - monitors the network's availability - Utility and performance - Proactively detects problems - troubleshoots and isolates them quickly - operates in a cost-effective manner 1.4 Network management Advantages In the modern world the need for network management is growing very fast because of the following advantages. Lowers costs by eliminating the need for many administrators at multiple locations performing the same function. Makes network administration and monitoring easier and more convenient Coherent presentation of data 1.5 Functions of Network Management Network Management includes the following functions. Monitor network availability and response time. Improve automation. Provide security features. Reroute the traffic whenever necessary. Restore capabilities. Registering users. Quick detection and correction of network problems Without disrupting the network. Monitor data to anticipate problems.

10 Log information for historical analysis. Perform an action when some predefined event or situation has occurred. 1.6 Network Management Architecture Though very network protocol is having its own architecture, a general or basic model of network architecture is designed with the following key elements. Management station Management agent Management information base Network management protocol This is depicted in the figure 1.1.

11 Explanation 1. NMS (Network Management Server) The Network Management Server (NMS) is used to manage and supervise the entire network. It receives all the information and displays it. Commonly used NMS platforms are: Hewlett-Packard OpenViewTM, Cabletron SPECTRUM, SunNet Manager, IBM NetView, Harris Corporation FarScan, and Alcatel MCS-11. The platforms offered by HP, Cabletron and Sun are SNMP managers and can operate with any device that supports SNMP. HP OpenView is widely available and supported, and considered a de facto standard for management platforms. The platforms from Harris and Alcatel are proprietary solutions that do not comply to open industry standards and cannot interoperate with any network device other than their own products. This is a problem for network managers because the network may include equipment from different vendors that do not subscribe to the same proprietary platform. These devices cannot be managed by the management system; the manager is "blind" to these devices' activity and performance. 2. Agent The Network Management Agent(NMA) is more formally called as just agent. It is the second active element in the management architecture. The agent is a software program in the network device that responds to requests for information or actions issued by the management station. The agent may also send the station unsolicited information, known as a Trap. Such a program is very much tied to the internal workings of the device. All devices in a network must have a management agent. Typically, an agent may be embedded or "native" to the device, or alternatively be a "proxy" agent for other protocols.

12 3. Management Information Base (MIB) The third part of the architecture is the information that is exchanged between the manager and the agent; this is called as Management Information Base or MIB. This information is a collection of objects or data values. Each of which represents one aspect of the managed device. For example, the location of the device and the number of erred seconds in the last hour would be two different data values in the MIB. The structure and content of the MIB are standardized across systems of a particular class, such as a bridge MIB or DS-3 MIB. After a MIB is published as a standard, various vendors can build the same kind of equipment that complies with the MIB and be assured that they can be managed in a TCP/IP network. 4. Managed device A managed device is a network node that contains an SNMP agent and that resides on a managed network. Managed devices collect and store management information and make this information available to NMSs using SNMP. Managed devices, sometimes called network elements, can be any type of device including, but not limited to, routers, access servers, switches, bridges, hubs, IP telephones, computer hosts, and printers. 5. Management Entity Inside NMS on the data collection end, two kinds of activities occur within a management utility or facility, called a management entity, whose job is to provide access to management data, controls, and behavior. A function of management entity is given below. Regular polling or sampling of management data occurs, whereby the management entity requests updates from managed devices to reflect recent status of the network being managed.

13 When alerts are received, appropriate responses must be generated 6. Network Management Protocol A network management protocol is used to convey management information between agents and NMS by specifying the rules for communication. The protocol also runs between the managing entity and the managed devices, allowing the managing entity to query the status of managed devices and indirectly effect actions in these devices via its agents. Agents can use the network management protocol to inform the managing entity of exceptional events (e.g., component failures or violation of performance thresholds). SNMP (Simple Network Management Protocol) is the Internet community's de facto standard management protocol. There are many popular network management platforms in the market: Hewlett-Packard OpenViewTM, Cabletron SPECTRUM, SunNet Manager, IBM NetView, Harris Corporation FarScan, and Alcatel MCS-11. The platforms offered by HP, Cabletron and Sun are SNMP managers and can operate with any device that supports SNMP. HP OpenView is widely available and supported, and considered a de facto standard for management platforms. ***** Questions 1. Define network management. 2. State four advantages of network management. 3. State four functions of network management. 4. Explain briefly network management architecture. 5. Explain the following terms. A) NMS B) MIB C) Agent

14 Unit-2 Standards and Models 2.1 Network Management Standards Network management is governed by a large number of protocols that exist for its support. These protocols are termed as network management standards. Protocols are nothing but a special set of rules. These rules allow computers with dissimilar operating systems, network topologies, hardware, etc. to communicate Protocol Types Without standardized protocols for communicating data between computers would be very difficult. The key standard organizations provide a formal specification which is termed as protocols. Protocol standards are usually created in one of the following ways: 1. Defacto Standard - A company creates a protocol that is adopted by other manufacturers. An example of this is IBM's SNA (System Network Architecture) and BiSync. 2. Industry Association - A group of companies get together with the understanding of creating an interoperable standard. It is not sanctioned by one of the formal standards bodies and may selective on their membership. Examples of this type of group are the ATM Forum and The Bluetooth Alliance. 3. Standards Bodies - Groups that are a government accredited organization and immune to prosecution for collusion (as long as they obey their rules). They have an open, formal process for membership, require their membership to share relevant patents on a fair, reasonable and nondiscriminatory basis. The International Telecommunications Union (ITU) and the American

15 National Standards Institute (ANSI) are examples of this type of standards body. There are a large number of organizations creating standards. These organizations usually specialize in the types of standards they work on. Some of the better-known standards organizations are: ANSI The American National Standards Institute ETSI European Telecommunications Standards Institute T1 Committee T1 ADSL The ADSL Forum ATM The ATM Forum ITU The International Telecommunication Union IETF The Internet Engineering Task Force IEEE Institute of Electrical and Electronic Engineers TIA Telecommunications Industry Association Apart from the above standards mentioned, it is better to know about another two important standards ISO and IAB that has contributed to Network Management. International Organization for Standardization (ISO)--An international standards organization responsible for a wide range of standards, including those relevant to networking. This organization is responsible for the OSI reference model and the OSI protocol suite. Internet Activities Board (IAB)--A group of internetwork researchers who meet regularly to discuss issues pertinent to the Internet. This board sets much of the policy for the Internet through decisions and assignment of task forces to various issues. Some Request for Comments (RFC) documents are designated by the IAB as Internet standards, including Transmission Control Protocol/Internet Protocol (TCP/IP) and the Simple Network Management Protocol (SNMP).

16 2.3 Network Management Protocols The following table gives the list of protocols given by standard bodies. These protocols are used in network management. Organization Acronym protocol IETF The Internet Engineering Task Force SNMP, MIBs, SMI, Netconf ISO International Organization for CMIS, CMIP Standardization ITU International Telecommunication Union Telecommunications Management Network (TMN) W3C World Wide Web Consortium XML technologies DMTF Distributed Management Task WBEM, CIM Force OASIS Organization for the Advancement of Structured Information Standards Web Services Distributed Management (WSDM) TMF Tele Management Forum etom and ITIL OMG Object Management Group UML and Corba 2.4 Stages of Network Management All areas of network management follow roughly four basic stages. They are as follows. 1. Policy formulation. This defines the normal operating conditions and expectations for the network. 2. Monitoring. Monitoring collects the status of the network to see if it is following the policies formulated above. 3. Analysis. Analysis determines whether the network is operating correctly or not. If network is not working properly, it determines the cause of the problem and finds what should be done to correct the situation. 4. Control. This phase implements the action plans from the analysis stage to correct the behavior of the network.

17 2.5 Manual, Facilitated, and Automated Management The various stages of management can be carried out in three ways. They are 1. Manual management 2. Facilitated management 3. Automated management 1. Manual Network Management In this management everything must be done by a human network administrator. This is hard and tedious work, as it involves directly working with the network devices. With good network management tools readily available, manual management has become obsolete. 2. Facilitated Network Management In facilitated network management typically, policy formulation and much of analysis is done by a human network manager. Network tools perform all (or most) of the necessary monitoring and control operations. To assist in analysis, network tools tend to prepare the data in an easy to use format, like tables, graphs, and so on. 3. Automated Network Management In the automated management all analyses would be fully automated and done by network management tools. This is exceedingly difficult to do. There is no match for human experience and ingenuity in diagnosing and fixing some problems. This is a very active research area. 2.6 OSI and network management model The International Standards Organization (ISO) created a committee to produce a model for network management, under the direction of the OSI group. ISO/OSI network management model defines a common frame of reference for network management and provides an excellent framework

18 for understanding the major functions that NMS performs. The OSI network management model has four parts. They are Organization Information Communication Functional Fig2.1 OSI reference Network Management architecture model 2.7 Organizational Model The Organization model describes the components of network management such as a manager, agent and so on, and their relationships. The implementation of these components leads to different type of architectures. They are Two-Tier Model, Three-Tier Model, Manager of Managers and Peer NMS. A network object called as network elements consists of hosts, hubs, bridges, routers etc. Network objects are classified as managed and unmanaged elements or objects. The managed

19 objects have a management process running in them called agent. Unmanaged objects do not have agent running in them. The manager communicates with the agent in the managed object. The features of manager, agent and managed object are given below. Manager Sends requests to agents Monitors alarms Houses applications Provides user interface Agent Gathers information from objects Configures parameters of objects Responds to managers requests Generates alarms and sends them to mangers Managed object Network element that is managed Houses management agent All objects are not managed / manageable Two-Tier Model Consider the two tier architecture given in the figure2.2. Agent is built into network element. For example: Managed hub, managed router An agent can manage multiple elements such as Switched hub, ATM switch etc. MDB is a physical database. The manager communicates with the agent in the managed element. Database is in the manager but not in the agent. The manager queries the agent and receives the management data, processes it and stores in MDB.

20 MDB Manager Managed objects Unmanaged objects MDB Management Database Agent process Figure2.2 Two-Tier Network management Organizational model Three-Tier Model Consider the three tier model given in the figure2.3.the intermediate layer acts as both agent and manager. As manager it collects data from network elements processes it and stores the result in data base. As an agent it transmits information to top-level manager. An Example of intermediate level is the management site could be at local site of network and pass information to remote site. MDB Manager MDB Agent / Manager MDB Management Database Managed objects Agent process Figure2.3 Three-Tier Network management Organizational model

21 2.7.3 Model with Model(MOM) Consider the fig 2.4 Here there are two network domains. Such network domains are managed locally and a global view of networks is monitored by managers of managers. Agent NMS manages the domain. MoM presents integrated view of domains. Domain may be geographical, administrative, vendor-specific products, etc. Web-based management project uses similar concept. Fig 2.4 Network Management MOM model Peer-NMS Network management systems can also be configured as shown in the figure2.4. Here NMS runs a management process. The agent and manager devices are called agent NMS and manager NMS. Notice that the manager and agent functions are processes and not systems. Network management system acts as peers and both NMS are having dual role.

22 Agent NMS Manager NMS Manager NMS Agent NMS Fig 2.5 Network management Peer NMS model 2.8 Information Model Information model is concerned with the structure and storage of information. For example consider how information is stored and accessed by all. A book is identified by an International Standard Book Number (ISBN).It is a ten digit number that identifies the author and edition of the book. A figure in a book is uniquely identified by ISBN, Chapter, and Figure number in that hierarchical order.. For example ISBN fig 3.1 refers to figure one of chapter three of the book James F. Kurose and Keith W. Ross: Computer Networking A Top-down Approach Featuring the Internet. Pearson Education. Thus a hierarchy designation ID: {ISBN, chapter, figure number} uniquely identifies the object which is a figure in the book. Here ISBN, chapter, figure number define the syntax(format)of the information associated with the figure and their meanings in the dictionary would be the semantics associated with them. The representation of the objects and information relevant to their management form the management information model SMI and MIB of Information Model The representation of objects and information relevant to their management form Informational Model. The information on network components is passed between agent and management process. The information model specifies the information base to describe managed object and their relationship. For this purpose SMI(Structure of Management Information) and MIB(Management Information Base) is

23 used. MIB is used by both agent and management process to store and exchange the information. The MIB associated with agent is called agent MIB and MIB associated with manager is defined as manager MIB. Few facts about SMI and MIB is summarized below. SMI defines for a managed object the following information. o Syntax o Semantics o plus additional information such as status For example sysdescr: { system 1 } Syntax: OCTET STRING Definition: "A textual description of the entity. " Access: read-only Status: mandatory Management Information Base (MIB) Information base contains information about objects Organized by grouping of related objects Defines relationship between objects It is NOT a physical database. It is a database that is compiled into management module 2.9 Communication model The Communication model deals with how the management data is communicated between the agent and manager process. It is concerned with the transport protocol, the application protocol, and commands and responses between peers. Fig 2.Y represents communication model.

24 Manager Applications Operations / Requests Responses Notifications / Traps Agent Network Elements / Managed Objects Fig2.8 Network management communication model The applications in the manager module initiate requests to the agent in the internet model. It is the part of the operations in the OSI model. The agent executes the request on the network element that is managed object and returns responses to the manager. The notifications/traps are the unsolicited messages such as alarms generated by agent Functional Model The Functional model addresses the network management applications that reside upon the network management station (NMS). ISO has contributed a great deal to network standardization. Their network management model is the primary means for understanding the major functions of network management systems. This model consists of five conceptual areas. They are Performance management Configuration management Accounting management Fault management Security management Each of these functional areas is explained in detail in the chapter. *****

25 Questions 1. State network management standards. 2. Write a brief note about network Management Protocols. 3. Explain stages of Network Management. 4. What is the difference between Manual, Facilitated, and Automated Management? 5. Explain OSI network management architecture model. 6. Explain Organizational Model 7. Explain Communication Model 8. Explain Information Model

26 MODULE 2 Unit 1 FACPS Model The network management is the collection of tasks performed to maximize availability, performance, security and control of a network and its resources. The International Organization for Standardization (ISO) Network Management Forum has divided network management into five functional areas. They are Fault Management Configuration Management Performance Management Accounting Management Security Management This is shown in the figure 2.5 OSI Functional Model Configuration Management Fault Management Performance Management Security Management Accounting Management This model is called as FCAPS model. The following section provides more details about each area because it sets the foundation for network management functional area. Fault Management Network fault management, a key part of the today Network Management architecture, covers functions such as detect, isolate, determine the cause

27 and correct malfunctions in a network. Faults typically manifest themselves as transmission errors or failures in the equipment or interface. Faults result in unexpected downtime, performance degradation and loss of data. Generally, fault conditions need to be resolved as quickly as possible. The objectives of doing fault management are to increase network availability, reduce network downtime and restore network failure quickly. Fault management consists of the following functions: Monitoring and collect of statistics on network devices, traffic conditions and usage in real-time to avoid and forecast potential faults Setting thresholds and alarms that may cause network failure to warn the network admin Setting alarms that warns of performance degradation on network devices and links Setting alarms of network resource (such as hard disk space) usage and limitation problems Remotely control network devices for rebooting, shutting down etc. A typical fault management system follows these steps: When an error occurs, a report is generated and is sent to the fault analyzer. The fault analyzer diagnoses and records the problem. Finally, a system or a person uses the information from the fault analyzer to take appropriate actions such as isolating the error, black-listing failing or failed components, automatically restarting/restoring services, and alerting the system administrator. Configuration Management Configuration management is a set of activities aimed at discovering and documenting (information about) all network and system devices, highlighting changes and deviations from pre-defined standards or baselines and reporting on the status of the network at any given time.

28 The configuration is composed of all the hardware, software, interfaces, and communications circuits associated with network and system devices, local and distributed. Networks are continually adjusted when devices are added, removed, reconfigured, or updated. These changes may be intentional, such as adding a new server to the network, or path related, such as a fiber cut between two devices resulting in a rerouted path. If a network is to be turned off, then a graceful shutdown in a prescribed sequence is performed as part of the configuration management process. The process of configuration management involves identifying the network components and their connections, collecting each device's configuration information, and defining the relationship between network components. In order to perform these tasks, the network manager needs topological information about the network, device configuration information, and control of the network component. It provides the means for central storage of information about the devices and therefore forms the basis for fault-, security-, performance- and accounting management. It is absolutely crucial in providing high availability networks and system environments. Basic functions of configuration management are: Installing the physical equipment and logical configurations. Service planning which addresses planning for the introduction of new services, changing deployed service features, and disconnecting existing services. Job initiation, tracking, and execution Resource initialization Network provisioning Auto-discovery Backup and restore Resource shut down

29 Performance Management Performance management involves measuring the performance of a network and its resources in terms of utilization, throughput, error rates, and response times. With performance management information, a network manager can reduce or prevent network overcrowding and inaccessibility. Performance metrics does work in two levels. They are macro level and micro level. Macro-level aims at throughput, response time, availability, reliability. Micro-level deals with bandwidth, utilization, error rate, peak load, average load. Performance management goal is to determine the effective utilization of network resources in order to remove potential bottlenecks and detect possible failures Network Performance management consists of two components.the first component is a set of functions that evaluates and reports on the behavior of networking equipment and the effectiveness of the network or network element.the second component is a set of various subfunctions that includes gathering statistical information, maintaining and examining historical logs, determining system performance under natural and artificial conditions, and altering system modes of operation Basic functions of performance management are as given below. Find Utilization and error rates Performance data collection Performance data analysis Problem reporting Capacity planning Performance report generation Maintaining and examining historical logs

30 Accounting Management Accounting management is the process of identifying who is using the network and system resources and to what extent, and allocating cost to those users on the basis of their usage. This type of information helps a network manager allocate the right kind of resources to users, as well as plan for network growth. This type of management involves monitoring the login and logoff records, and checking the network usage to determine a user's use of the network. In addition, access privileges and usage quotas can be established and checked against actual for accounting information. This will also provide the basis for comparing the cost of internal operations to market related prices and, if too costly, to consider alternative suppliers of the service (i.e. external or outsourced). Basic functions of accounting management are as given below. Track service/resource use Cost for services Accounting limit Usage quotas Audits Fraud reporting Combine costs from multiple resources Support for different accounting modes Security Management Security management is a process to control the access to network resources according to local guidelines so that the network cannot be sabotaged and sensitive information cannot be accessed by users lacking appropriate authorization. Security management deals with two sets of actions. The first is aimed at denying access to sensitive information or resources by unauthorized users, and the second is preventing malicious events or actions that will lead to access being denied to authorize users

31 (Denial of Service or DOS). Resources to prevent security breaches are as follows. Firewalls (e.g., packet filtering using a TCP/UDP port address) Cryptography (encryption) Authentication (e.g., data integrity & data origin) Authorization (e.g., read, read-write, no-access) Basic functions of security management are Selective resource access Access logs Data privacy User access rights checking Security audit trail log Security alarm/event reporting Take care of security breaches and attempts

32 UNIT 2 ASN Introduction ASN.1 is the acronym for Abstract Syntax Notation One, a language for describing structured information; typically, information intended to be conveyed across some interface or communication medium. ASN.1 has been standardized internationally. It is widely used in the specification of communication protocols. Prior to ASN.1, information to be conveyed in communication protocols was typically specified by bits and bytes in protocol messages. With ASN.1, the protocol designer can view and describe the relevant information and its structure at a high level and need not be unduly concerned with how it is represented while in transmission. Compilers can provide run-time code to convert an instance of user or protocol information to bits on the line. ASN.1 is, in effect, a data definition language, allowing a designer to define the parameters in a protocol data unit without concern as to how they are encoded for transmission.asn.1 can be defined as ASN.1 is a language used for network communication. It addresses both syntax and semantics. 1.2 ASN.1 Encoding Rules Data specified in the ASN.1 is not transmitted as such. Data is converted to standard format before transmission using certain rules. The sets of rules used to transform data specified in the ASN.1 language into a standard format before transmission, is called ASN.1 encoding rules. The process of transformation of the data to encoded form is called encoding. This encoded message can be decoded on any system that has a decoder based on the same set of rules. The ASN.1 encoding rules currently standardized are: Basic Encoding Rules (BER), Distinguished Encoding Rules (DER), Canonical Encoding Rules (CER), Packed Encoding Rules

33 (PER), XML Encoding Rules (XER) and Extended XML Encoding Rules (E- XER). 1. BER BER (Basic Encoding Rules) was created in the early 1980s and is used in a wide range of applications, such as Simple Network Management Protocol (SNMP) for management of the Internet; Message Handling Services (MHS) for exchange of electronic mail and TSAPI for control of telephone/computer interactions. 2. DER DER (Distinguished Encoding Rules) is a specialized form of BER that is used in security-conscious applications. These applications, such as electronic commerce, typically involve cryptography, and require that there be one and only one way to encode and decode a message. 3. CER CER (Canonical Encoding Rules) is another specialized form of BER that is similar to DER, but is meant for use with messages so huge that it is easiest to start encoding them before their entire value is fully available. CER is rarely used, as the industry has locked onto DER as the preferred means of encoding values for use in secure exchanges. 4. PER PER (Packed Encoding Rules)is more recent than the above sets of encoding rules and is noted for its efficient algorithms that result in faster and more compact encodings than BER. PER is used in applications that are bandwidth or CPU starved, such as air traffic control and audiovisual telecommunications. 5. XER

34 XER (XML Encoding Rules) allow you to encode a message that has been defined via ASN.1 using XML. You can now add visibility to your ASN.1- described messages via XML. 6. E-XER E-XER (Extended XML Encoding Rules) is an amendment to the ITU-T Rec. X.693 (23002) ASN.1 Encoding Rules: Specification of XML Encoding Rules (XER). Extended-XER encoding makes ASN.1 an XML schema notation as powerful as XSD, with the simplicity of ASN Current Uses of ASN.1 Though ASN.1 would seem to be obscure, it is actually being used till date. Every call placed on a cellular telephone in North America, Europe, and Japan results in protocol messages. These messages, described using ASN.1 and encoded using one of its predefined encoding rules (e.g., Basic Encoding Rules (BER)), go flying through the air to establish the call. For example useris calling the phone number1234, ASN.1 messages are exchanged between the switching machine and the network database to route the call to the correct common carrier and local phone number to which the 1234-number maps. And when user opts for ISDN or non- ISDN supplementary services, such as reverse charging, closed user groups, and international calling card verification, user is associated with encoded ASN.1 messages. ASN.1 is also used in applications as diverse as parcel tracking, power distribution and biomedicine, its most extensive use continues to be in telecommunications. 1.4 Developing ASN.1 Applications Developing ASN.1 applications is a simple process. This process is divided into four stages as shown below.

35 Stage 1 - Specification Development Stage 2 - Syntax Check and Compile Stage 3 - Writing your Application Stage 4 - Putting your Application to use Stage 1: Specification Development In the first stage, application designers have to decide on the types of messages that the final application(s) will need to send/exchange. Based on the message requirements, a new ASN.1 specification can be drafted or an existing one can be used. When drafting new ASN.1 specifications, it is helpful to decide on the encoding rules (e.g., BER, DER, and PER) which will be used in sending messages. Stage 2: Syntax Check and Compile Most ASN.1 specifications are much more complicated than our previous simple example. Such specifications, when being drafted, often contain typographical and other syntax errors which need to be corrected. Finding and correcting such errors in long and complex ASN.1 specification manually can be an arduous task. Quality ASN.1 compilers can pinpoint such errors allowing the application developer to quickly resolve them. Once such errors are fixed, the ASN.1 specification can be fed again into the ASN.1 compiler to produce data structures and related code for inclusion into the user's application program. The target language in which the data structures and code are produced varies according to the capabilities of the ASN.1 compiler in use.

36 Stage 3: Writing Application In the application code, we can use the data structures produced by the ASN.1 compiler much in the same way as we would use data structures written by us. Additionally, we can use vendor provided runtime library functions (e.g., the OSS-provided ossencode() and ossdecode() functions) to encode, decode, and perform various other functions on application data. It is found that using such pre-prepared library functions will both cut down on the time needed to develop the application. This also increases applications final reliability and correctness. Stage 4: Putting the Application to Use Once application is debugged and tested, we can put it into use to send and receive ASN.1 encoded messages. 1.5 Need for ASN.1 ASN.1 is a fundamental tool for use by applications. It provides the ability to describe the information that will be exchanged independent of the way that information is represented on each of the communicating systems. In order to accomplish this work two types of syntax are used. They are 1. Abstract syntax 2. Transfer syntax Information to be exchanged is converted to ASN.1 language using ASN.1 syntax. This syntax is called as abstract syntax. This abstract syntax has to be encoded using any of the standard encoding rules such as BER,PER.etc before transmission. This encoding syntax is called as transfer syntax. The BER allow the automatic derivation of transfer syntax for every abstract syntax defined using ASN.1. Transfer syntaxes produced by application of the BER can be used over any communications

37 medium which allows the transfer of strings of octets. It is based on the Backus-Nauer Form (BNF) 1.6 Types and Values of ASN.1 The fundamental concepts of ASN.1 are the inter-related notions of type and value. The type may have only a few values, and therefore be capable of conveying only a few distinctions. An example of such a type is Boolean, which has only the two values true and false, with nothing in between. On the other hand, some types, such as Integer and Real, have an infinite number of values and can thus express arbitrarily fine distinctions. 1.7 Symbols ASN.1 uses various symbols. Some of the symbols and their meaning is given below. Symbol Meaning ::= defined as, or assignment or, alternatives, options of a list - signed number -- introduces a comment { } start and end of a list [ ] start and end of a tag ( ) start and end of a subtype.. range 1.8 Backus-Nauer Form (BNF) ASN.1 is based on Backus system and uses the formal syntax language and grammar of Backus-Nauer Form (BNF).To denote an entity we use symbol <>.The rule for representation is given below. <name> ::= <definition>

38 Backus system can be illustrated by developing some Simple Arithmetic Expressions (SAE).The entity digit can be defined in the following way. <digit> ::= Here the symbol represents or.the operation entity op can be defined in the following way. <op> ::= + - x / Definitions on the right hand side are called primitives. Using these primitives we can construct more entities. An entity <numbe> can be constructed form the primitive <digit>. <number> ::= <digit> <digit><number> For example: number 9 is digit 9 number 19 is concatenation of digit 1 and number 9. number 619 is concatenation of digit 6 and number 19. By observing above facts we can construct a simple arithmetic expression<sae> from the primitive and the construct < number>. <SAE> ::= <number> <SAE> <SAE><op><SAE> 1.9 ASN.1 Data Types ASN.1 has built-in types that are simple and structured. A simple type is one for which values are mentioned directly. For example we can define a page of a book as Page Number of simple type, which can take any integer value. This can be written as Page Number::= INTEGER

39 Values for page number can be written as 1,2,3 Basic data types and its conventions are given below. Data Types Convention Example Object name Initial lowercase letter sysdescr, etherstatspkts Application data Initial uppercase letter Counter, IpAddress type Module Initial uppercase letter PersonnelRecord Macro, MIB module All uppercase letters RMON-MIB Keywords All uppercase letters INTEGER, BEGIN ASN.1 Simple Data Types Simple Types BOOLEAN INTEGER BIT STRING OCTET STRING NULL Typical Use Logical, two-state variable values Integer variable values Binary data of arbitrary length Binary data whose length is a multiple of eight Indicate effective absence of a sequence element Structured Data Types ASN.1 structured data type contains multiple data.data types within as structured data type are called as Component types. Consider an example of structure. Simple PageNumber ::= INTEGER ChapterNumber ::= INTEGER

40 Structure BookPageNumber ::= SEQUENCE {ChapterNumber, Separator, PageNumber} Here page number and chapter number are simple data types. BookPageNumber is a structure defined by a SEQUENCE construction of ChapterNumber, and PageNumber component data types. Separator is a VisibleString data type with the value -. Values for structured type can be represented as 1-2, 2-3, etc. Type SET takes values that are unordered lists of component types. The type and value notations for SET are similar to SEQUENCE, except that the type of each component must be distinct from all others and the values can be in any order. For example, Person ::= SET { name IA5String, age INTEGER, female BOOLEAN }. {"Mary", 4, TRUE} {TRUE, "Mary", 4} {4, TRUE, "Mary"} Are three representations of the same instance where name= Mary, age = 4, female= TRUE Modules The fundamental unit of ASN.1 is the module. A module is a named collection of definitions of types and values. The sole purpose of a module is to name a collection of type definitions and/or value definitions (assignments) that constitute a data specification. A module normally groups together a set of related definitions, such as all those used in

41 defining some abstract syntax. However, the basis for grouping definitions into modules is entirely in the hands of the designer, who could put all definitions into one module, or organize them into several modules, according to taste. The only format constraint on type and/or value assignments in a module is that each must be on a new line Structure of Module Consider the module structure given below. <module name> DEFINITIONS ::= BEGIN <name> ::= <definition> <name> ::= <definition> <name> ::= <definition> END A module consists of the module identifier; the keyword DEFINITIONS; followed by; the assignment symbol "::=". The module body consists of the exports and imports statements, if any, followed by the type and value assignments. The whole module is l enclosed between BEGIN and END keywords. Consider the below example for module. InventoryList { } DEFINITIONS ::= BEGIN { ItemId ::= SEQUENCE { partnumber IA5String, quantity INTEGER, wholesaleprice REAL, saleprice REAL }

42 StoreLocation ::= ENUMERATED { Baltimore (0), Philadelphia (1), Washington (2) } } END Here a module reference is InventoryList, followed by an optional object identifier value Macro Macros in ASN.1 are similar to macros in application software; They provide the capability of defining types and values that are not included in the standard procedure. Macros also facilitate grouping of instances of object and concisely define various characteristics associated with an object. The structure of macro is shown below. <macroname> MACRO ::= BEGIN TYPE NOTATION ::= <syntaxofnewtype> VALUE NOTATION ::= <syntaxofnewvalue> <supporting syntax> END Analysis: MACRO is the keyword that indicates a definition of the macro named <macro name>; BEGIN and END delimit the body of the macro definition; TYPE NOTATION and VALUE NOTATION, respectively, introduce the production rules for the user-defined types and their values; and <supporting syntax> gives details about the types in the body of the macro.

43 Macro Example 1: OBJECT-TYPE MACRO ::= BEGIN TYPE NOTATION ::= "SYNTAX" type (TYPE ObjectSyntax) ACCESS" Access "STATUS" Status VALUE NOTATION ::= value (VALUE ObjectName) Access ::= "read-only" "read-write "write-only Status ::= "mandatory "optional "obsolete" END Object-Type Example sysname OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) ACCESS read-write STATUS mandatory ::= { system 5 } Marco Example 2 CAR MACRO::= BEGIN TYPE NOTATION ::= Brand Engine CarType Year VALUE NOTATION ::= value (VALUE OBJECT IDENTIFIER) Brand ::= BRAND value (PrintableString) Engine ::= CC Ccs Ccs ::= Cc Ccs, Cc Cc ::= value (INTEGER ( )) CarType ::= STYLE CType CType ::= Sedan Liftback SUV Other Year ::= YEAR value (INTEGER) END

44 Object-Type Example Camry CAR BRAND Toyota CC 2000, 2400, 3000 STYLE Sedan YEAR 2006 ::= {toyota 3} 1.12 Recursion Recursion, a common feature in high-level languages, is also a feature in ASN.1. Data types, such as a set of sets, records with one or more components being a record, linked lists, and trees, are better understood when viewed as recursive structures. ASN.1 allows definitions of these kinds of data types and values to include recursion. For example, the linked list of integer values, each of whose nodes can be a linked list of integer values, is specified: LinkedList ::= SEQUENCE { label IA5String, value CHOICE { nodevalue INTEGER OPTIONAL, node SEQUENCE OF LinkedList OPTIONAL } }

45 Figure: Instance of a linked list of linked lists. Assume L, shown in the following Figure, is an instance of Linked List consisting of four nodes labeled A,B,C,D, where B is a linked list of three nodes B1,B2,B3 and B3 is a linked list of two nodes B31, B32. Header nodes are not included in this example. Then, the instance can be represented: { label "L", value node { {label "A", value nodevalue 75}, {label "B", value node { {label "B1", value nodevalue 60}, {label "B2", value nodevalue 50}, {label "B3", value node { {label "B31", value nodevalue 48}, {label "B32", value nodevalue 46}

46 } } } {label "C", value nodevalue 35}, {label "D", value nodevalue 15} } ****** Questions 1) Define ASN.1 2) State different data types of ASN.1 3) What is meant by ASN.1 encoding? 4) State and explain different ASN.1 encoding types. 5) State two uses of ASN.1. 6) Explain four stages of developing ASN.1 application. 7) What is the difference between abstract syntax and transfer syntax. 8) Explain module with an example. 9) Explain recursion with example 10) Explain Macro with an example