Simple Network Management Protocol (SNMP) is a widely used protocol for managing and monitoring network devices on IP networks. It enables network administrators to manage network performance, find and solve network problems, and plan for network growth.
In this article, we’ll take an introductory look at the protocol, see how it works, and we will also examine the main components that comprise this management protocol.
What Does SNMP Do?
SNMP, or Simple Network Management Protocol, is widely recognized for enabling network administrators to centrally monitor the performance of various elements, processes, and functions of devices connected to an IP network.
This protocol is adept at providing comprehensive information about the health, status, and configuration of any SNMP-enabled device.
Less commonly known, however, is SNMP’s capability to remotely modify the configuration of network devices from a centralized management system.
As one of the earliest tools in network orchestration and automation, SNMP plays a crucial role in efficient network management.
SNMP Components
Before we get into the actual operation of SNMP, let’s first take a look at the various components that SNMP uses to achieve its goals.
Devices and Processes
Managed Device – This is any device connected to an IP network that is configured to be managed by SNMP. This could be a router, an IP camera, a PC, a server, a switch, an access point, or any other device that supports SNMP. The vast majority of network devices support SNMP and can be configured as managed devices. These devices run an SNMP process on their operating system which is known as an SNMP agent.
SNMP Agent – This is the software component, or the internal process within the managed device that maintains the data describing the device’s configuration and performance and makes this data available to the SNMP manager. It is also the process that sends, receives, and processes SNMP messages that are exchanged with the SNMP Manager.
SNMP Manager – This is a centralized server or system used to control and monitor the activities of the managed devices. The SNMP Manager typically has an interface with which network administrators can view in real-time as well as historically, the status of, and the events taking place in all managed devices. It is also from this device that configuration changes can be sent to managed devices.
Managed Objects, OIDs, and the MIB
Most of SNMPs power and versatility comes from the way that managed devices store information. Within each managed device there are dozens, hundreds, and sometimes even thousands of managed objects.
These are elements of a particular managed device that are of interest from a network management perspective.
These elements can be anything from device ID, operational status of an interface, internal temperature, CPU and memory utilization metrics, bandwidth utilization metrics, configuration parameters, error and event logs, system time, and any other measurable value that is maintained, measured, or calculated within the device.
These Managed Objects are maintained within what is known as the Management Information Base or MIB.
This too resides on the managed device, and it is essentially a database of the managed objects in a network device.
Each managed object in an MIB is assigned a unique object identifier (OID) and includes information such as performance metrics or configuration settings of the managed device.
MIBs are structured hierarchically and follow a standardized format, allowing them to be universally understood across different systems and devices. This standardization is crucial for ensuring compatibility and effective communication in diverse network environments.
Although the format is standardized across all network devices, each vendor can pick and choose what managed objects they will include within the MIB for each type of device. Here is a portion of the MIB of a Cisco 3700 IOS router:
iso.org.dod.internet.mgmt.mib-2.system.sysDescr.0 = STRING: “Cisco IOS Software, C3700 Software (C3700-ADVENTERPRISEK9-M), Version 12.4(25), RELEASE SOFTWARE (fc2)”
iso.org.dod.internet.mgmt.mib-2.system.sysObjectID.0 = OID: ciscoProducts.3700
iso.org.dod.internet.mgmt.mib-2.system.sysUpTime.0 = Timeticks: (2544367) 7 hours, 7 minutes.
iso.org.dod.internet.mgmt.mib-2.system.sysContact.0 = STRING: “Network Administrator ([email protected])”
iso.org.dod.internet.mgmt.mib-2.system.sysName.0 = STRING: “router1.example.com”
iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifIndex.1 = INTEGER: 1
iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifDescr.1 = STRING: “GigabitEthernet0/0”
iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifType.1 = INTEGER: ethernetCsmacd(6)
iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifMtu.1 = INTEGER: 1500
iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifSpeed.1 = Gauge32: 1000000000
This hypothetical example includes details like the system description (sysDescr), object ID (sysObjectID), uptime (sysUpTime), contact information (sysContact), and name (sysName) of the router. Additionally, it includes information about one of the interfaces (like description, type, MTU, and speed).
SNMP Communication
The value that SNMP provides to network administrators comes from the communication of SNMP information between the managed devices and the SNMP manager. There are two types of communication that take place: SNMP polling and SNMP traps.
SNMP Polling
In SNMP polling, the SNMP manager periodically sends requests to SNMP agents residing on managed devices for specific information found within the MIB.
The requested information may come from various elements of the managed objects within the MIB using the required OID.
SNMP agents respond to such polling with the requested data from the corresponding OID, enabling the network administrator to continuously monitor the network’s health and performance.
What managed objects are polled and how often they are polled is something that is configured on the SNMP manager.
This method of regularly querying devices allows for a consistent and up-to-date view of the network. SNMP polling is a reactive approach to network management, as it relies on the initiative of the SNMP manager to request information.
SNMP Traps
In contrast to the regular polling method described above, traps allow agents to proactively notify the manager of significant events or changes in network conditions.
When a pre-defined event occurs on a network device, such as a system error, a threshold breach, or a status change, the SNMP agent on that device automatically generates a trap message.
This message is then sent to the SNMP manager without any prior request for that information. Traps are important for real-time network monitoring and management as they enable immediate awareness and response to critical events, facilitating swift troubleshooting and resolution of issues.
The efficiency of traps lies in their ability to reduce the need for continuous polling, especially in large networks where constant monitoring of all devices would be impractical.
Overall, SNMP traps represent a proactive approach to network management, complementing the standard SNMP polling mechanism.
SNMP Versions
SNMP was originally defined in 1990 with RFC 1157, but has since gone through several phases of enhancement and improvement. It is a very robust and mature technology, and has been widely adopted in the networking world.
SNMPv1, the first iteration of the protocol, operates over the User Datagram Protocol (UDP) and provides basic features for monitoring network devices.
It uses a simple community-string-based security model, which is not very secure as the community strings are transmitted in clear text.
The SNMPv2c version, commonly referred to as SNMP version 2 “community string-based”, emerged as an improvement over SNMPv1.
It retains the simplicity of SNMPv1 but introduces enhancements in the areas of performance, scalability, and especially in the management data manipulation operations (like bulk retrievals for large tables).
SNMPv2c still uses the community string method for authentication, which means it doesn’t significantly improve security over SNMPv1.
SNMPv3 is the latest version of SNMP and should be used in all modern implementations. SNMPv3 addresses the key issue of security lacking in the earlier versions.
It introduces robust security features, including support for authentication, data integrity, and encryption.
Authentication ensures that the message is from a valid source, integrity checks confirm that the message has not been tampered with during transit, and encryption protects the data from being read by unauthorized sources.
SNMPv3 is considered the most secure version of SNMP and is recommended for environments where security is a concern.
Conclusion
SNMP stands as a fundamental pillar in the realm of network management, offering simplicity, and broad compatibility across various types of network devices and environments.
From its inception, SNMP has evolved through several versions, each addressing the growing demands for more efficient and secure network monitoring and management.
The protocol’s ability to provide essential insights into network performance, health, and operational status makes it an indispensable tool for network administrators.