Asset Link SNMP
Industrial asset hub discovers the SNMP (Simple Network Management Protocol) supported indirectly managed assets using the Asset Link SNMP application. The user can trigger asset discovery on the selected Asset gateway.
The ICMP (Internet Control Message Protocol) protocol is used to speed up the discovery of SNMP on the reachable assets in the network.
SNMP Discovery Profiles
The Asset Link SNMP application discovers the SNMP supported assets through discovery profiles. this discovery profiles can be configured as part of the application deployment or a configuration update to the application. The user can configure three different discovery profiles which can be one or more of SNMPv1, SNMPv2c, SNMPv3 settings. In case of no configuration changes the network will be discovered with the default SNMPv2c and SNMPv1 profiles with default public community string.
Network Discovery Time
SNMP runs on UDP hence it is vulnerable to packet loss. This can be controlled at SNMP through retries and timeout parameters of each discovery profile. In case of fluctuating network, usually the SNMP discovery would retry and wait configuration per configuration.
Supported Asset Parameters
| No. | Asset parameter |
|---|---|
| 1 | IP address |
| 2 | MAC address |
| 3 | Subnet mask |
| 4 | Router IP address |
| 5 | Station name |
| 6 | Vendor |
| 7 | Asset family |
| 8 | Asset description |
| 9 | Serial number |
| 10 | Article number |
| 11 | Hardware version |
| 12 | Software version |
Note: Parameters (6-12) are read from sysDescr OID. If assets support all these fields similar to Siemens assets it would be displayed. Otherwise if assets support Entity-MIB then
Parameters (6-12) are read from them.
Example (format of sysDescription):
Siemens, SIMATIC NET, SCALANCE W788-2 RJ45, 6GK5 788-2FC00-0AA0, HW: Version 3, FW: Version V06.05.01, SVPJ9185551
Supported Standard MIBs
| Module | OID | Name | Kind | Type |
|---|---|---|---|---|
| SNMPv2-MIB | 1.3.6.1.2.1.1.1 | sysDescr | Scalar | DisplayString |
| SNMPv2-MIB | 1.3.6.1.2.1.1.5 | sysName | Scalar | DisplayString |
| IF-MIB | 1.3.6.1.2.1.2.2.1.6 | ifPhysAddress | Column | PhysAddress |
| RFC1213-MIB | 1.3.6.1.2.1.4.20.1.2 | ipAdEntIfIndex | Column | Integer32 |
| RFC1213-MIB | 1.3.6.1.2.1.4.20.1.3 | ipAdEntNetMask | Column | IpAddress |
| RFC1213-MIB | 1.3.6.1.2.1.4.21.1.7 | ipRouteNextHop | Column | IpAddress |
| ENTITY_MIB | 1.3.6.1.2.1.47.1.1.1.1.2 | entPhysicalDescr | Column | DisplayString |
| ENTITY_MIB | 1.3.6.1.2.1.47.1.1.1.1.8 | entPhysicalHardwareRev | Column | DisplayString |
| ENTITY_MIB | 1.3.6.1.2.1.47.1.1.1.1.9 | entPhysicalFirmwareRev | Column | DisplayString |
| ENTITY_MIB | 1.3.6.1.2.1.47.1.1.1.1.11 | entPhysicalSerialNum | Column | DisplayString |
| ENTITY_MIB | 1.3.6.1.2.1.47.1.1.1.1.12 | entPhysicalMfgName | Column | DisplayString |
| ENTITY_MIB | 1.3.6.1.2.1.47.1.1.1.1.13 | entPhysicalModelName | Column | DisplayString |
Discovery Profile Configuration(example)
{
"discovery_profiles":[
{
"version":"SNMP V2",
"readCommunity":"public",
"writeCommunity":"private",
"port":161,
"timeout":2000,
"retry":3
},
{
"version":"SNMP V1",
"readCommunity":"public",
"writeCommunity":"private",
"port":161,
"timeout":2000,
"retry":3
},
{
"version":"SNMP V3",
"readCommunity":"public",
"writeCommunity":"private",
"port":161,
"timeout":2000,
"retry":3,
"userName":"dummy",
"contextName":"",
"engineId":"",
"securityLevel":"AuthPriv",
"authProtocol": "SHA",
"authPassword":"dummy",
"privProtocol": "AES256",
"privPassword": "dummy"
}
]
}
Note: not required sections e.g. "SNMP V3" can be left empty. The SNMP driver comes with a minimal configuration which typically works.
Supported SNMP Versions
| Type | Version |
|---|---|
| Secure | SNMPv3 |
| Insecure | SNMPv1, SNMPv2 |
SNMP Security Level
| Security Level | Meaning |
|---|---|
| AuthNoPriv | Authenticated but privacy disabled, authentication protocol, authentication password required but privacy protocol, privacy password not required. |
| AuthPriv | Fully secure, authentication protocol, privacy protocol as well as passwords are required. |
| NoAuthNoPriv | Not secure, authentication protocol, privacy protocol as well as passwords are not required. |
SNMP algorithms
| Supported SNMPv3 Privacy Algorithms |
|---|
| DES |
| 3DESEDE |
| AES128 |
| AES192 |
| AES256 |
| Supported SNMPv3 Authentication Algorithms |
|---|
| SHA |
| MD5 |
| HMAC128SHA224 |
| HMAC192SHA256 |
| HMAC256SHA384 |
| HMAC384SHA512 |
Message Flow In SNMP Driver
Figure: SNMP Driver message flow
The SNMP driver processes discovery requests in asynchronous manner using SNMP++ and zeromq for inproc communication.
The discovery service of the SNMP driver receives a discovery request via gRPC and post SNMP request messages into the queue of the SNMP Executor.
An ICMP request is created and posted into the queue of the ICMP Executor.
An ICMP Response containing a list of reachable assets is posted into the queue of the SNMP Executor.
SNMP messages are sent out with relevant OIDs for the reachable assets. The received SNMP responses are posted into the queue of the SNMP collector.
The discovery service polls for the received SNMP responses within the Discovery window (timeout).
Based on the received SNMP responses, discovered asset data would be published by the discovery service.
Glossary
| Acronym | FullName | Meaning |
|---|---|---|
| SNMP | Simple Network Management Protocol | It is an application-layer protocol for monitoring and managing network devices. |
| SNMPv1 | Insecure Version 1 of SNMP | Network devices can be monitored with matching read community string. |
| SNMPv2c | Insecure Version 2c (community based) of SNMP | Network devices can be monitored with enhanced message types and matching read community. |
| SNMPv3 | Secure Version 3 of SNMP | Network devices can be monitored with username, security level, authentication and privacy protocol and passwords with optional context name. |
| MIB | Management Information Base | Collection of information organized hierarchically through which agent can share its current state. |
| OID | Object Identifier | Agent data as well as states are stored in uniquely identified managed objects which are part of MIB hierarchy. |