Simple Network Management Protocol is an application layer protocol defined by the Internet Architecture Board in RFC 1157. SNMP is used to exchange management information between network devices. It is one of the most commonly used protocols for network management. SNMP is part of the Transmission Control Protocol/Internet Protocol (TCP/IP) suite as defined by the Internet Engineering Task Force.
Organizations use SNMP to monitor and manage devices in a local area network (LAN) or wide area network (WAN). Most network devices on the market come bundled with SNMP agents. If not, some devices allow network admins to install the agents.
SNMP Port Numbers
SNMP generally uses User Datagram Protocol (UDP) port numbers 161 and 162. An SNMP port is an SNMP communication endpoint—a logical construct that identifies SNMP data transfers. SNMP message transfers happen via UDP. The Transport Layer Security (TLS) or Datagram Transport Layer Security (DTLS) protocols are also used at times.
|Request receipt by the agent||UDP||161|
|Manager's communication with the agent||UDP||161|
|Notification receipt by the manager||UDP||162|
|Agent's notification generation||UDP||Any available port|
Why do you need SNMP monitoring tools?
Network admins manage the devices in a network and allocate or release ports, interfaces, and more to ensure continuous uptime and bandwidth-hog-free network operations. Closely monitoring SNMP devices is a significant part of this. SNMP monitoring requires an admin to configure the SNMP agent to send the monitoring data to an SNMP manager. Since the network management tool takes care of monitoring, admins can focus on performing corrective measures.
SNMP monitoring tools are necessary to:
- Automatically discover, monitor, and manage network devices.
- Monitor key performance metrics at the device and interface level.
- Obtain complete, granular visibility into the performance of network devices.
- Configure threshold limits and generate alerts in case of anomalies.
Based on the insights provided by these tools, admins can track the availability and performance of SNMP network devices and pinpoint issues to maintain their network's health. The ideal SNMP monitor tool monitors different versions of the protocol. It helps IT admins get a complete picture of their network environment. SNMP monitoring software also shows the captured data in intuitive formats, like dashboards and graphs.
How does SNMP work?
Traffic flows into your network from different sources. Simple Network Management Protocol communicates with the whole network and the devices in it. As mentioned earlier, SNMP is preconfigured on devices, and once the protocol is enabled, the devices will store their performance stats. Each network server will have multiple management information base (MIB) files. The device MIB files are queried to fetch the monitoring data. The working of SNMP revolves around its components, with each component contributing to the management of resources.
SNMP works by sending protocol data units, also known as SNMP GET requests, to network devices that respond to SNMP. All these communications are tracked, and network monitoring tools use GET requests to fetch data from SNMP.
What are the components of SNMP?
The components of an SNMP-managed environment include an SNMP manager, managed devices with an SNMP agent, and an SNMP MIB that contains SNMP OIDs, all of which play a crucial role.
The SNMP manager is the central system used to monitor the SNMP network. Also known as a network management station (NMS), an SNMP manager is responsible for communicating with the network devices that have an SNMP agent implemented. It runs on a host within the network. The SNMP manager queries the agents, gets responses, sets variables, and acknowledges events from the agents.
A managed device is an SNMP-enabled network entity that is managed by the SNMP manager. These are usually routers, switches, printers, or wireless devices.
An SNMP agent is a software process that plays a crucial role in network management. It responds to SNMP queries from SNMP managers to provide the status and statistics of a network node. The SNMP agent is located locally in the network device, from which the agent collects, stores, and transmits monitoring data to the SNMP manager.
An MIB forms an integral part of network management models. An SNMP MIB is a structure that defines the format of information exchange in an SNMP system. Every SNMP agent maintains an information database describing the parameters of the device it manages. An SNMP manager is a software system that uses SNMP to collect data for fault management, performance management, and capacity planning. An SNMP manager stores collected data in an MIB as a commonly shared database between the agent and the manager.
MIBs are saved as text files in a specific format that MIB editors, SNMP agent builders, network management tools, and network simulation tools can understand, facilitating network building, testing, deployment, and operations. The managed objects in an MIB file are called object identifiers (object IDs or OIDs).
OIDs are identifiable by strings of numbers separated by dots. There are two types of managed objects:
- Scalar objects are defined by a single object instance (i.e., there can only be one result).
- Tabular objects are defined by multiple related object instances that are grouped in MIB tables.
MIBs organize OIDs hierarchically, represented by a tree structure with individual variable identifiers for each OID. This tree structure contains all the manageable features of all the products arranged in it. Each branch of this tree has a number and a name, and each point is named after the complete path—from the top of the tree down—that leads to that point.
To provide an example from the diagram above, the OID of sysDescr is .184.108.40.206.220.127.116.11, which can be found by following the path of green points from ROOT to sysDescr:
- ISO is .1
- ORGANIZATION is .3
- DOD is .6
- INTERNET is .1
- MGMNT is .2
- MIB-2 is .1
- SYSTEM is .1
- sysDescr is .1
There are three Simple Network Management Protocol versions: SNMPv1, SNMPv2c, and SNMPv3.
This is the first version of the protocol that was defined. It is easy to set up and is defined in RFC 1155 and 1157.
This is the revised version with enhanced protocol packet types, transport mappings, and MIB structure elements. But it also uses the existing SNMPv1 administration structure, which is "community-based," hence the version name SNMPv2c. It is defined in RFC 1901, RFC 1905, and RFC 1906.
This version of SNMP supports the remote configuration of SNMP entities. It also adds both encryption and authentication, which can be used together or separately, making this the most secure version yet. SNMPv3 is defined by RFC 1905, RFC 1906, RFC 2571, RFC 2572, RFC 2574, and RFC 2575.
SNMP commands simplify network management. The commands can retrieve, manage, modify, and parse the data.
Basic SNMP Commands
The SNMP manager sends a request to the managed device. Performing the GET command retrieves one or more values from the managed device.
Like the GET command, GET NEXT retrieves the value of the next OID in the MIB tree.
This command retrieves bulk data from a large MIB table.
The SET command is used by managers to modify or assign the value on the managed device.
GET/GET NEXT/GET BULK/SET
Unlike the above commands, which the SNMP manager initiates, SNMP agents initiate the TRAPS command. TRAPS is a signal sent to the manager by the agent when events occur.
Similar to TRAPS, the agent initiates this command. However, unlike TRAPS, INFORM includes a confirmation from the manager once it receives the message.
This command is used to carry back the value or signal of actions directed by the manager.
Typical SNMP Communication
Since they are part of the TCP/IP suite, SNMP messages are bundled and transmitted by UDP. The following image is an example of such communication.
An SNMP trap is any event generated and sent by a device and received by a trap receiver whenever a change of state or an anomaly is detected. A network management system receives these event messages. This means that fault-finding is automated, and you will instantly receive a notification if anything fails. These trap messages are generally encoded, and a trap processor is required to decode them.
How does Site24x7 help with SNMP monitoring?
Site24x7 is an SNMP monitoring tool that automatically discovers and monitors SNMP devices within an IP range. With comprehensive availability monitoring, performance monitoring, trap processing, network mapping, and reporting, Site24x7 caters to all your network monitoring needs. Site24x7 also provides root cause analysis (RCA) and dashboards for easy interpretation and management.
Configure SNMP agents on your network servers so they can export monitoring data to the network management system.
Overview of SNMP
What are SNMP devices?
An SNMP device is managed using the Simple Network Management Protocol. Most common network devices, like routers, switches, firewalls, load balancers, storage devices, uninterruptible power supply (UPS) devices, and printers, are equipped with SNMP. The vendors preconfigure the SNMP agent, and the admins simply have to enable SNMP to start managing the device.
Why is SNMP important?
Network management is crucial to ensuring the proper functioning of different network components. SNMP follows standard protocols and procedures for data collection and communication. It is one of the best solutions for network management—and a simple one at that.
Can SNMPv2 and SNMPv3 coexist?
Yes, SNMPv2 and SNMPv3 can coexist. In a typical management scenario, the network management system communicates with SNMP agents of different versions. A multilingual agent, which supports all three versions, can coexist with agents that support only a single version. This is defined in RFC 25.
This coexistence is more commonly used while migrating from SNMPv2 to SNMPv3. Once migrated, it is recommended to disable the older versions.
What are SNMP community strings?
An SNMP community string, also known as an SNMP string, is a credential that provides access to the SNMP-managed device data stored within a device. It is sent when there is an SNMP GET request. It consists of an ID or a password and is usually 32 characters long. In most cases, the default community string is public.
Community strings are used only by devices that support SNMPv1 and SNMPv2c. Since SNMPv3 is highly secure, it involves username and password authentication along with an encryption key instead of SNMP community strings.
There are three types of SNMP community strings:
|Read-only community string||Fetches only read-only information|
|Read-write community string||Fetches data and edits the device configuration|
|SNMP trap community string||Receives SNMP traps from the device|
What is an SNMP table?
An SNMP table is an ordered collection of objects consisting of zero or more rows. Each object in a table is identified using the table index and can have a single index or multiple indices.
A scalar variable has a single instance and is identified by .0. A tabular object or a columnar variable can have one or more instances and is identified by its index value. The row index has to be appended to the variable's OID to identify a specific columnar variable.