The present invention relates generally to network management, and more particularly, to setting expressions in network management notifications.
It is desirable to manage and control nodes of a network such as a TCP/IP network from one or more network management stations connected to the network. The network management stations monitor and control other nodes in the network including hosts, routers, etc. A protocol known as the Simple Network Management Protocol (SNMP) is used to communicate management information between network management stations (NMS) and SNMP agent software operating on other network nodes, or the same node as the network management station. SNMP is described in Case, RFC 1157, xe2x80x9cA Simple Network Management Protocol (SNMP),xe2x80x9d (Internet Engineering Task Force May 1990), the contents of which are incorporated by reference herein. Using SNMP in a TCP/IP network, a network management station may monitor traffic at a remote node and modify network operation parameters at the remote node.
FIG. 1 is a block diagram illustrating an exemplary network utilizing SNMP. The network includes at least one management station 10 which controls a plurality of nodes such as workstation 11, bridge 12, router 14, printer 15, or other peripheral devices (e.g., personal computers, hubs, repeaters). The management station 10 includes a SNMP manager 16 (command generator and notification receiver). In order for an SNMP management station 10 to manage a node, the node must be able to run an SNMP agent 17 (command responder and notification originator), which is an SNMP management process typically encoded in software (some nodes may use a hardware implementation).
To facilitate SNMP operation, nodes of the network including the network management stations 10 maintain network management information databases known as MIBs (management information bases) 18. MIBs are described in McCloghrie, et al., RFC 1213, xe2x80x9cManagement Information Base for Network Management of TCP/IP Based Internets: MIB-IIxe2x80x9d (Internet Engineering Task Force March 1991), the contents of which are incorporated by reference herein.
The MIB 18 at each node consists of many individual objects, each having one or more instance. Each instance has a single value. For example, a particular node may include within its MIB an object whose value specifies the total number of IP datagrams received at that node, including those received in error. Each MIB 18 includes a large number of such objects. The object instances and their corresponding values are carried in packets called protocol data units (PDUs) and contain operating parameters, statistics, and control information for the element and its components.
Each MIB object is uniquely identified by a series of integers called in Object Identifier (OID). For example, the object ifinOctets is represented by the OID 1.3.6.1.2.2.1.10. There can be many instances of an object in existence on an agent. For example, there is one instance (and value) of ifinOctects for every physical interface known to the agent. Each instance is identified by appending one or more additional integers to the OID (e.g., 1.3.6.1.2.1.2.2.1.10.x, where x is an integer greater than zero). The first element of this specific OID identifies an overall object identifier domain allocated to the ISO. The second element has the value 3 which is defined as indicating allocation toward an organization under the auspices of the ISO. The third element identifies the US Department of Defense (DOD) as the responsible organization. The fourth element has the value of 1 and identifies the Internet. The fifth element indicates that the identifier is used for management. The remaining elements identify the particular object types with greater specificity.
The organization of objects within an MIB may be illustrated as a tree structure. An example of a portion of such a tree structure is illustrated in FIG. 2. The leaves of the tree instances of individual objects. FIG. 2 shows the MIB tree from its root, xe2x80x9cISOxe2x80x9d, to some of its lower branches. A first branch 21 of primary interest includes the standard MIB objects defined by RFC 1213. A second branch 23 includes MIB objects defined for use by Cisco Systems. The illustration of FIG. 2 does not extend down to individual leaves but rather indicates the prefix of elements in OIDs for various classes of objects. For example, OIDs from MIB objects pertaining to TCP would begin with 1.3.6.1.2.1.6.
The management station communicates with the agents over the network using the SNMP protocol, which allows the management station to query the state of the agent""s local objects and modify them if necessary. SNMP is a request response protocol by which the variables of an agent""s MIB may be inspected or altered. The protocol is described in RFC 1905, xe2x80x9cProtocol Operations for Version 2 of the Simple Network Management Protocolxe2x80x9d, Case, McCloghrie, Rose and Waldbusser, January 1996, the contents of which are incorporated by reference herein.
A typical SNMP operation involves management station sending an SNMP message to agent requesting a particular local parameter. The agent then recovers this parameter by accessing a particular object in the MIB and responds to the request with a reply to the management station including the parameter value. SNMP operations are defined on a list of MIB variable instances called a variable binding (varbind) list. Each element of a varbind list describes a specific MIB variable instance. A varbind element specifies three MIB instance attributes: its object identifier, data type, and value.
The management protocol provides for the exchange of messages which convey management information between the agents and management stations. For example, the management station may send a request to an agent asking it for information or commanding it to update its state in a certain way. The agent typically replies with the requested information or confirms that it has updated its state as requested. Conventional message types include Get, GetNext, GetBulk, Set, Trap and Inform. The Get operation is used by the system to retrieve the value of one or more object instances from an agent. The GetNext operation is used by the system to retrieve the value of the next object instance in a table or list within an agent. The GetBulk operation is used by the system to efficiently retrieve large blocks of data, such as large tables. The Set operation is used by the network management station to set the values of object instances within an agent. The Trap operation is used by agents to asynchronously inform the network management station of a event of interest to one or more network management stations. Notification originators can generate informs, which are notifications that should be acknowledged by notification receivers. In an acknowledgement is not received within a configurable time-window, the notification originator attempts to resend the inform up to a maximum of N returns, where N is a configurable integer. The Trap and Inform operations may be used to send notifications to the manager.
Notifications are unsolicited messages sent from an agent to the SNMP manager to apprise the manager of network events. SNMP notifications allow the agent to initiate communication with management applications when an event of interest to one or more network management stations takes place. These events include cold start, warm start, link down, link up, authentication failure, neighbor loss, and enterprise. SNMP notifications contain a sequence of SNMP objects that typically provide context information on why each notification was generated.
As shown in FIG. 3, the agent 17 may contain an expression MIB 19 along with its other MIBs 18. An expression MIB 19 is a special type of MIB that contains variables which are evaluated expressions of variables contained in another MIB on that agent 17. It is sometimes advantageous for a management station 10 to evaluate expressions of the variables contained in the MIBs 18 of each agent 17. This is generally done to reduce network bandwidth, to conserve CPU utilization that goes into packaging data into SNMP PDUs, or to monitor the behavior of a router in a scalable manner by off-loading simple computations to the managed agent itself. For example, a MIB 18 may contain variables A and B. In order to test for a certain property, it may be necessary to check whether A+B exceeds a certain predefined value. These expressions are evaluated on the agent either on demand (in response to a Get/GetNext request for the results of an expression) or at regular time intervals. Expressions are currently used only in synchronous operations. Since the objects within the notification cannot easily be determined or reconfigured, expressions are not set based on objects contained in an SNMP notification.
There is, therefore, a need for a method and system that provides for evaluation of an expression upon generation of a notification.
A method and system for setting expressions in network management notifications are disclosed. In one embodiment of the invention, the method generally comprises identifying notifications supported by an agent and specifying objects for at least one of the notifications. One or more expressions are defined based on the object specified for the notification and a list of objects and expressions is sent to the agent to configure the notifications received at a management station upon occurrence of an event at the agent.
In another aspect of the invention a method for setting expressions in an agent generally comprises receiving a message from a management station specifying objects for notifications supported by the agent and expressions based on the objects. The agent then sets expressions for the notifications. The expressions are evaluated when a notification containing the expression is generated and an action is performed based on the evaluated expression.
In yet another aspect of the invention a computer program product for setting expressions in an agent generally comprises code that receives a message from a management station specifying objects for notifications supported by the agent and expressions based on the objects and code that sets expressions for the notification. The products further include code that evaluates the expressions when the notification containing the expression is generated, code that performs an action based on the evaluated expression, and a computer readable storage medium for storing the code.
A system for setting expressions at an agent generally comprises means for receiving a message from a management station specifying objects for notifications supported by the agent and expressions based on the objects, means for setting the expressions for the notification, and means for evaluating the expressions when the notification containing the expression is generated. This system further includes means for performing an action based on the evaluated expression.