Simple Network Management Protocol (SNMP) is a standard set of communication rules, that is, a protocol. This protocol governs the main way for querying and monitoring the hardware and software on a computer network.
It doesn’t matter whether the hardware is from Juniper or Cisco, or whether the software is UNIX or Windows, SNMP uses a standardized method of querying information and finding paths to necessary information. Without SNMP monitoring, there would be no way to see what was on a network, know how the devices were performing, and detect problems.
SNMP has been around since 1989 in various forms, and while alternatives have arisen, it still remains among the most-used solutions for monitoring and managing network-connected devices. It is one of the key monitoring tools that allows a network manager or network administrator to understand the status of network infrastructure.
The Basics of SNMP Monitoring
In concept, SNMP is fairly simple. Devices on a network each have a program called an SNMP agent, which gathers information about a device, organizes it into entries in a consistent format, and is able to respond to SNMP queries. These devices can include phones, printers, switches, and other hardware, in addition to servers and workstations. These SNMP queries will come from the SNMP manager, which polls, collects and processes information about all of the SNMP-enabled devices on the network. This is really all that is needed for network monitoring.
The SNMP Agent
The agent is actually where most of the work happens. Its job is to gather information about its device, organize that information, and respond to the manager’s queries with appropriate information. It also configures which managers can have access to its information, and can become an intermediary to report information on devices it can connect to, but that are not themselves configured for SNMP traffic.
Network hardware and software generally have the agent already built in. It just needs to be enabled and configured.
The SNMP Manager
An SNMP management station can range from simple to complex. It typically monitors SNMP activity, keeping a record of all the device data, and has the capability to create useful reports.
SNMP Message Structure
While this manager/agent architecture is simple and straightforward, SNMP’s data hierarchy is somewhat less so. As you might expect from a protocol that has survived since 1989 and is still in wide use, SNMP was designed to be flexible and extensible. So it does not have a fixed format. Instead, it uses a hierarchical tree structure called the Management Information Base (MIB). This is more complex in terminology than it is in concept.
Each branch is labeled both with an identifying number and with a text string. These can be used interchangeably, the same way that IP Addresses are numbers and hostnames are strings, but can be used to refer to the same device. To refer to a specific node, you trace the route from the root to it, adding each branch as you go. Each junction is represented by a dot. The complete address with all the branches is called an object identifier (OID). The object being identified is an identifiable fact about a network device, such as CPU utilization, or interface status. Most of these objects are standard, but manufacturers with special requirements also come up with their own.
It’s a bit as if instead of using a number address and then looking the location up on a map, you found a house by a list of the turns you take to get there, with a dot for each intersection. Using the MIB files, most network management software can display an OID tree, often in a list of folders like a file system on a computer. This method has several advantages, despite the difficulty in describing it. Agents are set up with all the OIDs, that is, all the states of all relevant elements of their device, and so they can be provided to the manager in response to simple request.
It also makes organizing devices across a network simple and flexible.
SNMP Message Types
SNMP’s high use and long time popularity derive from the fact that its messages are simple. There are seven data types. A manager can:
- Request an agent to provide the current value of an OID (Get)
- Request the next object in the MIB. This means you can traverse a tree without needing to specify OIDs. (GetNext)
- Make multiple GetNext requests (GetBulk).
- Tell an agent to change a value on a remote host, the only write operation in the entire SNMP protocol (Set)
An agent can send back:
- A response, with the requested information (Response)
- A “trap” message, not requested by the manager, which provides information about device events. SNMP traps were renamed “notifications” in later SNMP versions (Trap)
Finally, the manager can confirm the receipt of a trap message (Inform). This small set of messages allows you to get information about your network, including:
- Bandwidth usage
- Disk usage
- CPU and memory usage
- Device failures
With more complex implementations, you can generate reports, send SMS or text alerts, and keep inventory.
SNMP Versions: Uses and Limitations
The initial SNMPv1 is the simplest and most basic and it still used quite a bit. It’s familiar, it’s everywhere, and it’s easily acquired. What it isn’t is particularly secure. For example, it authenticates in plain text. An unauthorized device can pretend to be a manager. If there are suspicions about the use of SNMP in general, they probably stem from this version’s known problems.
Currently, the most widely used version is the second, SNMPv2c, because it has several enhancements. SNMPv3, still the most recent version, is from 1998, contains authentication requirements, and has the ability to take advantage of the security provided by transport protocols, including SSH and TLS. But the security makes it more complex to configure, and for basic uses the earlier versions are more than adequate.
Simplicity vs. Flexibility
One advantage of SNMP is that, in its basic configuration, it is simple, easy to configure, and often free. Such implementations are limited in their features, but sometimes only the basics are needed. More complex implementations have features like reporting, inventory control, and alerts. You almost certainly already have SNMP agents already built in to your hardware and software. You just need to acquire a management station and enable those agents in order to use SNMP to monitor your network.