SNMP protocol is an application layer protocol defined by the Internet Architecture Board in RFC1157. SNMP is used to exchange management information between network devices. It is one of the most common protocols used for network management. SNMP is part of the Transmission Control Protocol/Internet Protocol (TCP/IP) suite as defined by the Internet Engineering Task Force.
Organizations use SNMP to monitor and manage devices on a local area network (LAN) or wide area network (WAN). Most network devices in the market come bundled with SNMP agents. If not, some devices also allow network admins to install the agents.
SNMP Port Number
SNMP generally uses User Datagram Protocol (UDP) port number 161/162. An SNMP port is the SNMP communication endpoint. It is a logical construct that identifies SNMP data transfer. SNMP message transfer happens via UDP. The Transport Layer Security (TLS) or Datagram Transport Layer Security (DTLS) protocols are also used at times.
|Request receipt by the agent||UDP||161|
|Manager's communication with the agent||UDP||161|
|Notification receipt by the manager||UDP||162|
|Agent's notification generation||Any available port|
Why do you need SNMP monitoring tools?
Network admins generally manage the devices in a network and allocate and free up ports and interfaces to ensure continuous uptime and bandwidth-hog-free network operations. Closely monitoring SNMP devices is a major part of this. SNMP monitoring requires an admin to configure the SNMP agent to send the monitoring data to an SNMP manager. Since the network management tool takes care of monitoring, admins can focus on performing corrective measures.
SNMP monitoring tools are necessary to:
- Automatically discover, monitor, and manage network devices.
- Monitor key performance metrics at the device and interface level.
- Obtain complete visibility and granularity into the performance of network devices.
- Configure threshold limits and generate alerts in case of anomalies.
Based on the insights provided by these tools, admins can track the availability and performance of SNMP network devices and pinpoint issues to maintain their network's health. The ideal SNMP monitor tool monitors different versions of the protocol and helps IT admins get a complete picture of their entire network environment. SNMP monitoring software also provides the captured data in intuitive formats like dashboards and graphs.
How does SNMP work?
Traffic flows across your network from different sources. SNMP communicates with the whole network and the devices in it. As mentioned earlier, SNMP is preconfigured on devices, and once the protocol is enabled, the devices will store their performance stats. Each network server will have multiple MIB files. The device MIB files are queried to fetch the monitoring data. The working of SNMP revolves around its components, wherein each component contributes management of resources.
SNMP works by sending protocol data units, also known as SNMP GET requests, to network devices that respond to SNMP. All these communications are tracked, and network monitoring tools use them to fetch data from SNMP.
What are the components of SNMP?
The components of an SNMP-managed environment include an SNMP manager, its managed devices, an SNMP agent, and a management information base (MIB), all of which play a crucial role in its architecture.
The SNMP manager is the central system used to monitor the SNMP network. Also known as a network management station (NMS), an SNMP manager is responsible for communicating with the SNMP-agent-implemented network devices. It runs on a host on the network. The manager queries the agents, gets responses, sets variables in them, and acknowledges events from them.
A managed device is an SNMP-enabled network entity that is managed by the SNMP manager. These are usually routers, switches, printers, or wireless devices.
An SNMP agent is a software process that responds to SNMP queries to provide status and statistics about a network node. SNMP agents play the most important role in management. They are locally located and associated with SNMP network devices from which they collect, store, and transmit monitoring data. Data is transmitted to the designated SNMP manager when queried.
A management information base (MIB) forms an integral part of network management models.
An SNMP MIB is a structure that defines the format of information exchange in an SNMP system. Every SNMP agent maintains an information database describing the parameters of the device it manages. An SNMP manager is a software system that uses SNMP to collect data for fault management, performance management, and capacity planning. SNMP managers store collected data in a MIB as a commonly shared database between the agent and the manager. MIBs are saved as a text file in a specific format that MIB editors, SNMP agent builders, network management tools, and network simulation tools can understand, facilitating network building, testing, deployment, and operations. The managed objects in an MIB are called object identifiers (object IDs or OIDs).
Object Identifiers (OIDs) are identifiable by strings of numbers separated by dots. There are two types of managed objects:
- Scalar: Objects defined by a single object instance (i.e. there can only be one result.)
- Tabular: Objects defined by multiple related object instances that are grouped in MIB tables.
MIBs organize OIDs hierarchically, which can be represented in a tree structure that has individual variable identifiers for each OID. This tree structure contains all the manageable features of all products arranged in it. Each branch of this tree has a number and a name, and each point is named after the complete path—from the top of the tree down—that leads to that point.
To provide an example from the diagram above, the OID of sysDescr is ".22.214.171.124.126.96.36.199", which can be found by following the path of green points from ROOT to sysDescr:
- ISO is .1
- ORGANIZATION is .3
- DOD is .6
- INTERNET is .1
- MGMT is .2
- MIB-2 is .1
- SYSTEM is .1
- sysDescr is .1
There are three versions of SNMP: SNMPv1, SNMPv2c, and SNMPv3.
- SNMPv1: The initial version of the protocol. It is easy to set up and is defined in RFC 1155 and 1157.
- SNMPv2c: The revised version with enhanced protocol packet types, transport mappings, and MIB structure elements, but also uses the existing SNMPv1 administration structure ("community-based" and hence SNMPv2c). It is defined in RFC 1901, RFC 1905, and RFC 1906.
- SNMPv3: Facilitates remote configuration of SNMP entities. It also adds both encryption and authentication, which can be used together or separately, making this the most secure version yet. SNMPv3 is defined by RFC 1905, RFC 1906, RFC 2571, RFC 2572, RFC 2574, and RFC 2575.
Basic SNMP Commands
- GET: A request sent by the SNMP manager to the managed device. Performing the GET command retrieves one or more values from the managed device.
- GET NEXT: Similar to the GET command, GET NEXT retrieves the value of the next OID in the MIB tree.
- GET BULK: Used to retrieve bulk data from a large MIB table.
- SET: Used by managers to modify or assign the value of the managed device.
- TRAPS: Unlike the above commands, which are initiated from the manager, the TRAPS command is initiated by agents. TRAPS is a signal sent to the manager by the agent when events occur.
- INFORM: Similar to TRAP in that it is initiated by the agent, but unlike TRAP, INFORM includes a confirmation from the manager once it receives the message.
- RESPONSE: Used to carry back the values or signal of actions directed by the manager.
GET/GET NEXT/GET BULK/SET
Typical SNMP Communication
SNMP messages, since they are part of the TCP⁄ IP suite, are bundled and transmitted by the User Datagram Protocol (UDP). The following image is an example of such communication.
An SNMP trap is any event generated and sent by a device and received by a trap receiver whenever a change of state or anomaly is detected. These event messages generated by devices are received by a network management system. This means that fault-finding is automated and you'll be notified of anything that fails instantly. These trap messages are generally encoded, and a trap processor is required to decode them.
How can Site24x7 help in monitoring your network?
Site24x7 is an SNMP monitoring tool that automatically discovers and monitors SNMP devices within an IP range. With comprehensive availability monitoring, performance monitoring, trap processing, network mapping, and reporting, Site24x7 caters to all your network monitoring needs. Site24x7 also provides root cause analysis (RCA) and dashboards for easy interpretation and management.
Configure SNMP agents on your network servers so that they can export monitoring data to the network management system.
What are SNMP devices?
An SNMP device is a device that is managed using SNMP. Most common network devices, like routers, switches, firewalls, load balancers, storage devices, UPS devices, and printers, are equipped with SNMP. The vendors preconfigure the SNMP agent, and the admins simply have to enable SNMP to start managing the device.
Why is SNMP important?
Network management is crucial to ensure the proper functioning of different network components. SNMP follows standard protocols and procedures for data collection and communication and is proven to be the best solution for network management—and a simple one at that.
Can SNMP v2 and v3 coexist?
Yes, SNMP v2 and v3 can coexist. In a typical management scenario, the network management system communicates with SNMP agents of different versions. A multilingual agent, which supports all three versions, can coexist with other agents that support only a single version. This is defined in RFC 25.
This coexistence is more commonly used while migrating from v2 to v3. Once migrated, it is recommended to disable the older versions and use the stable and secure SNMP v3.
What are SNMP community strings?
An SNMP community string is a credential that provides access to SNMP-managed device data stored within the device and sent along with an SNMP GET request. Also known as a community string or an SNMP string, it consists of an ID or a password. It is usually 32 characters long. In most cases, the default community string is public.
Community strings are used only by devices that support SNMP v1 and SNMP v2c. Since SNMP v3 is highly secure, it uses username-password authentication along with an encryption key instead of SNMP community strings.
There are three types of SNMP community strings:
|Read-only community string||Fetch only read-only information|
|Read-write community string||Fetch data as well as edit the device configuration|
|SNMP trap community string||Receive SNMP traps from the device|
What is an SNMP table?
An SNMP table is an ordered collection of objects consisting of zero or more rows. Each object in a table is identified using the table index and can have a single index or multiple indices.
A scalar variable has a single instance and is identified by .0. A tabular object or a columnar variable can have one or more instances and is identified by its index value. To identify a specific columnar variable, the row index has to be appended to the variable’s OID.