|
|
Figure 7.1 shows the architecture of a router with SNMP, CLI, and HTTP-based management used to control and configure the device. The term agent describes the task or module on the device which terminates the management protocol and makes a request to the protocol or system task. Figure 7.1 shows three separate agents-the SNMP, CLI, and HTTP agents. Each of these agents is a separate task.
Figure 7.1: Router architecture with various management schemes.
The SNMP agent interfaces to UDP to obtain the SNMP PDUs, verifies the PDUs for correctness and determines the action to be performed. The protocol uses multiple types of PDUs to manage read-only and read-write (settable) variables. Read-only variables can only be queried and cannot be modified by a manager, unlike read-write variables. The SNMP agent enforces this rule in case an errant manager sends a request to modify a read-only variable.
The agent is also responsible for authentication. Earlier versions of the SNMP protocol used a simple community string (similar to a text-based password) to authenticate the manager and enforce access permissions. SNMP Version 3 (SNMPv3) has improved on this to use both user-based and message-based security. The SNMP PDU processing is done at the front end of the SNMP agent. The back end is invoked when the protocol verification and sanity checking are completed. The back end will then determine the required action for the PDU. There are two types of request message from the manager: a 'get' and a 'set' of any of the variables in a Management Information Base (MIB), discussed in Section 5.1.1. The agent can also send a notification to the manager via a 'trap' message.
CLI commands are input by the user and verified by the CLI Task/Agent. The actions to be taken by the CLI task based on user input include:
Enforce authentication and access rights (user can only display and not modify variables)
Parse and validate the CLI commands
Determine the action to be performed
Make calls to the system/protocol task
The management mechanism for HTTP is quite similar to the other two agents. Here, an embedded Web server on the target device receives and sends HTML data with management information.
All three methods, while different on the front end, are the same on the back end (as shown by the thick arrows from the three agents in xrefparanum) They need to make calls to the protocol or system task to perform the operation (reading or modifying variables). This commonality is used to describe the typical architecture of a management subsystem.
|
|