IntroductionSNMP (Simple Network Management Protocol) is a widely used network device management protocol. The protocol simplifies network management by providing a unified interface for many different devices connected to the same network.In this article, you will learn about SNMP, how it works, its components, and some basic SNMP commands.
What is SNMP?SNMP is an internet standard application-layer protocol allowing different devices on a network to communicate and exchange data. It is a part of the TCP/IP protocol suite and one of the most widely accepted network protocols.SNMP enables users to identify devices, monitor network performance, and keep track of network changes and device status in real-time. SNMP monitors network elements using the SNMP agent that must be enabled for it to work.The devices that use SNMP to communicate include routers, switches, printers, firewalls, load balancers, workstations, servers, cameras, and many other. SNMP collects and organizes the data from all those devices using their IP address, which facilitates network troubleshooting, monitoring, and management.
Why Do You Need SNMP Monitoring?SNMP monitoring helps users collect various information from network devices. Since many device manufacturers support SNMP, it is easy to collect data from various network devices, NAS appliances, printers, and scanners and process it in monitoring software.Using SNMP to monitor and manage network devices also improves customer experience because it enables the administrator to anticipate demands and quickly resolve any network errors.
There are multiple advantages to using SNMP:
Note: See the best tools for monitoring network bandwidth on a Linux server.
- Suitable for all businesses.
- Straightforward monitoring.
SNMP ComponentsAn SNMP system contains the following key components:
- A network management system (NMS). Manages network elements on a network.
- SNMP agent. The software that runs on the monitored hardware or service, collects metric data, and performs the requested operations in the MIB of the managed device.
- A Management Information Base (MIB). The MIB is an information database that contains the managed device parameters.
- Managed device. A node on the network (routers, access servers, switches, hubs, etc.) containing the SNMP agent and the MIB (Management Information Base).
SNMP ManagerThe SNMP manager (or SNMP server) is a centralized management station responsible for communicating with the devices running the SNMP agent. The manager sends requests to the SNMP agent and receives responses at regular intervals.It is usually a machine that runs one or more network management systems. The key functions of an SNMP manager are to:
- Send queries and requests to SNMP agents.
- Receive the responses from SNMP agents.
- Set or change different variables in SNMP agents.
- Acknowledge asynchronous events from agents.
SNMP AgentThe SNMP agent is a piece of software contained within a network device, used to monitor and manage those devices in a network.Enabling the agent allows it to accept queries and requests from SNMP managers and respond by providing the device status and required metrics or by setting the requested variable. The agent obtains the necessary data from the MIB of the managed object.Depending on the type of device, the SNMP agent can be standard or vendor-specific. The key functions of an SNMP agent are to:
- Collect data about its local environment.
- Store and retrieve data from the MIB.
- Notify the manager about an event.
- Act as a proxy for some non-SNMP manageable network nodes.
SNMP PortSNMP has two default port numbers it utilizes to send UDP data packets when sending or responding to a request:
- Port 161. Used when the NMS sends requests to the SNMP agent. If you want to change the default NMS port number, ensure that the port number used for sending requests and by the SNMP agent for responding to requests is the same.
- Port 162. Used by the SNMP agent to send traps or informs to the NMS. When changing the port number, make sure it is the same as the one used by the NMS for receiving traps and inform messages.
Managed DeviceA managed device is a network node that contains an SNMP agent. Almost every device in a network (e.g., routers, switches, servers, printers, etc.) functions as a managed device. The NMS monitors and controls the managed devices using three SNMP commands:
readcommand. Used by the NMS for monitoring managed devices.
writecommand. Used by the NMS for controlling managed devices.
trapcommand. Used by the managed devices to report events to the NMS.
MIBThe Management Information Base (MIB) is a data structure that contains local network device values that can be collected, configured, and modified. It is a text file describing all data objects used by a particular device that can be queried or controlled via SNMP.Typically, the values in a MIB include a set of statistical and control values for the hardware nodes on a network. The values correspond to the possible queries that the SNMP Manager can request from the SNMP agent. The agent collects and stores the data locally.The SNMP agent maintains the database, while the SNMP manager uses the database to send or retrieve information and forward it to the NMS.There are many different standardized MIBs defined by the IETF or ISO, but also proprietary MIBs defined by specific vendors. SNMP allows users to extend the MIB values to a particular agent if they are using proprietary MIBs. The diagram above shows data hierarchy and organization inside a MIB. The tree structure contains all the manageable features of all network devices. Each branch has a number and a name, and each point is named after the complete path, from the top of the tree to the point itself.
OIDThe MIB contains many managed objects identified using Object Identifiers (OID). An OID is a numeric MIB identifier used to distinguish between different devices in the base. The system uses the OIDs to access MIB-managed objects.There are two types of managed objects:
- Scalar objects. Unique, defined by a single object instance.
- Tabular objects. Defined by multiple related object instances that are grouped in MIB tables.
TrapsSNMP traps are messages the SNMP agent sends to notify the NMS about events or alarms in a network device. The traps inform the network administrator about a device's status and events.There are two types of notification messages - traps and informs. While they have the same goal of informing the administrator about an event, they differ in the fact that an inform message requires a response from the NMS, while the trap message doesn't. Additionally, SNMPv1 doesn't support inform messages.Each trap message contains the following information:
- Enterprise. The device that generates the trap message (trap source).
- Agent address. The trap source IP address.
- Generic trap. Specifies the trap type.
- Specific trap. Includes private trap information of an enterprise.
- Timestamp. Specifies the time elapsed between the reinitialization of the network entity and trap message creation.
- Variable bindings. A list of variable names and corresponding values.
SNMP VersionsDifferent versions of SNMP have different features available, especially in terms of security. The following list denotes the key features of each SNMP version:
SNMP MonitoringSNMP monitoring provides data that facilitates tracking a network device's status, making it ideal for IT monitoring. It allows network administrators to keep track of the most critical parameters of the system, including switches, access points, and routers, but also other network-connected devices, such as printers, hardware sensors, and others.The sections below focus on how SNMP monitoring works, the metrics it provides, the commands it utilizes to obtain the data, and some available tools for SNMP monitoring.
How Does SNMP Monitoring Work?The SNMP monitoring utility is a central hub for retrieving data from SNMP agents on the monitored devices. The hub also serves as a recipient for any event messages sent from the device agent.However, although the devices contain an SNMP agent, it is considered agentless monitoring because there is no need to install the monitoring software on the devices, as the vendors have already implemented the SNMP protocol on the device.Therefore, the monitoring works with the default device software without needing additional access rights from the device vendor. You must install a custom monitoring agent on the system if you decide to use a custom monitoring agent.
SNMP Monitoring CommandsThe information exchange in SNMP monitoring is conducted by using a set of commands. The commands are listed below:
Get. The command is a request sent by the SNMP manager to the network device. Its goal is to retrieve data from the device.
GetNext. Similar to
Get, but it retrieves the value of the following OID in the MIB tree.
GetBulk. Retrieves large amounts of data from large MIB tables. It works by executing multiple
GetNextrequests and returns it all in a single response.
Set. Used for modifying or assigning a value to a managed device.
Trap. The SNMP agent sends the command to the SNMP manager, informing it about an event.
Informis also sent by the SNMP agent to the manager, informing about an event. The difference is that
Informmessages require a confirmation from the SNMP manager that the message has been received.
Response. The response messages carry back the value(s) or instructions for the device as directed by the SNMP manager.
Although SNMP v2 and v3 support the same commands, they differ significantly in terms of security features.
SNMP MetricsSNMP allows users to collect various metrics from devices connected to a network. The metrics include:
- Uptime. The amount of time a device has been powered on and connected to the network.
- Throughput. The amount of data transferred from the source to the destination within a given timeframe.
- Temperature. The current operating temperature of the device.
- Interface Errors. A list of errors that occurred during the device's operation.
- CPU Utilization and Memory Usage. The device's performance and resource statistics.