1203

Get a Live Demo

You need to see DPS gear in action. Get a live demo with our engineers.

Get the SNMP Fast Track GuideBook

Download our free SNMP White Paper. Featuring SNMP Expert Marshall DenHartog.

This guidebook has been created to give you the information you need to successfully implement SNMP-based alarm monitoring in your network.

DPS is here to help.

1-800-693-0351

Have a specific question? Ask our team of expert engineers and get a specific answer!

Learn the Easy Way

Sign up for the next DPS Factory Training!

DPS Factory Training

Whether you're new to our equipment or you've used it for years, DPS factory training is the best way to get more from your monitoring.

Reserve Your Seat Today

SNMP Tutorial - What Is It and How Does It Work?

What is Simple Network Management Protocol? SNMP is an application layer protocol created in 1988 as a short-term solution to manage network elements for growing networks - like the Internet. Simply put, as an open-source protocol, it lets different SNMP-enabled devices communicate with each other to provide robust monitoring and management.

SNMP is a valuable network monitoring tool because it allows for the collection of data, as well as the management of equipment in a network. Since its beginning, it has achieved widespread acceptance and become a standard protocol for tons of applications. As a whole, SNMP information is greatly beneficial in remote monitoring, as it provides insight into issues and facilitates swift responses to potential network failures.

Monitoring a network's health is just as crucial as constructing it. With SNMP, administrators have a powerful ally to ensure that networks run smoothly. This tool is a staple in networks of all sizes, making it indispensable for maintaining operational efficiency.

Key Benefits of SNMP in Network Monitoring:

  • Enhanced Efficiency: SNMP simplifies the management of network devices, reducing the workload on administrators while ensuring comprehensive oversight.

  • Widespread Deployment: Its presence in most network infrastructures highlights its importance in the field, acting as a universal language for network management.

  • Proactive Issue Resolution: By providing real-time data, SNMP enables quick identification and resolution of potential issues, safeguarding network integrity.

Feel free to use our SNMP tutorial download, or contact us for expedited monitoring.

The Architecture of SNMP

SNMP architecture is based on the manager/agent model. The model consists of the following pieces (SNMP components):

snmp manager agent model
  • Manager: An SNMP manager provides the interface between the network management system and the network administrator responsible for the system. In remote monitoring applications, the manager is typically a computer or master station with an SNMP network management software that collects and processes information from multiple remote SNMP agents.

    To understand its functionality within the network, consider the following:

    • Role and Operation: The SNMP Manager acts as the central hub for network monitoring. It runs on the administrator's device, often a computer, and is responsible for overseeing the health and functionality of various network devices.
    • Communication with SNMP Agents: The manager works in tandem with SNMP Agents installed on network devices like routers, switches, and servers. This communication is facilitated through SNMP messages, allowing the manager to retrieve (GET) or update (SET) information as required.
    • Utilization of Management Information Base (MIB): A critical component in this process is the Management Information Base (MIB), a standardized database containing managed objects. The MIB ensures that data exchanged between the manager and agents is structured and comprehensible, guiding the manager in asking the right questions and interpreting responses effectively.
    • Practical Example: Imagine a scenario where you need to monitor a router, a server, and a multilayer switch. By deploying SNMP Agents on these devices, the SNMP Manager installed on your PC can easily gather and analyze information, providing a comprehensive overview of network performance.
  • Agent: An SNMP agent provides the interface between the manager and monitored devices. In alarm monitoring applications, this would be an SNMP capable RTU (Remote Telemetry Unit) that manages objects (components) on itself. RTUs are able to send traps to the manager when an alarm event occurs, and RTUs are also continuously polled by the manager for data collection.
  • Managed Objects: Managed objects or managed devices are logical objects in the software that generally correspond to physical things, like inputs and outputs. In remote monitoring, an RTU will have multiple inputs for sensors or serial connections and outputs to control gear at your sites that don't have SNMP capabilities.
  • Database: The database acts as a sort of dictionary to help your manager and agent communicate. Its called a MIB and will be discussed later in more detail.

How to Understand the Management Information Base (MIB) and Its Object Identifiers (OID)

The manager and agent use a Management Information Base and a relatively small set of commands to swap information. The MIB file is a formatted text file that defines the data objects used by a particular piece of equipment. Each data object is defined with a unique Object Identifier (OID), and the manager and agent know what the OID corresponds to via the MIB.

As a NOC technician, you would load a MIB file into your SNMP manager so it knows how to communicate with its agents. They should have the MIB loaded already from the manufacturer. Installing MIB files in your manager is analogous to installing drivers on a PC to communicate with a printer, for example.

snmp mib tree

MIB tree used by DPS equipment, before it specifies a device and alarm point.

The MIB is organized in a tree structure with individual variables, such as point status or description, being represented as leaves on the branches. A long numeric tag or Object Identifier is used to distinguish each variable uniquely in the MIB and SNMP traps.

How Does SNMP Work?

SNMP uses a few basic commands to communicate between the manager and the agent.

snmp manager agent commands

A few of the most common SNMP commands sent between an agent and the manager.

GET: Ask for Information at Any Time

To get status information from the agent, the manager can issue Get and GetNext messages to request information for a specific variable. Once a Get or GetNext message is received, the agent will issue a GetResponse message to the manager. It will contain either the information that was requested or an error explaining why the request cannot be processed.

SET: Control Your Remote Devices

A Set message allows the manager to request a change be made to a managed object (i.e. a control relay). The agent will then respond with a Get-Response message if the change has been made or an error explaining why the change cannot be made.

TRAP: The Most Common SNMP Message

Trap messages are initiated by the agent and are sent to the manager when an important event happens. This makes Traps perfect for reporting alarms to the manager - rather than wait for a status request from the manager when it gets around to polling the agent.

However, TRAP messages have a significant limitation: they are inherently unreliable. Since SNMP communicates via UDP, there's no guarantee that the message will reach its destination. The sender cannot confirm if the SNMP Manager has received the TRAP message, leaving a gap in communication reliability.

INFORM: Another Valuable Message Type

Inform messages are very similar to traps, except they are slightly more reliable. Inform messages are initiated by the agent, and once the manager receives it, it will send a response to the agent to let it know the message was received. If the agent doesn't receive the response from the manager then the agent will resend the Inform message.

This acknowledgment mechanism is what sets INFORM messages apart. By allowing the SNMP Manager to confirm receipt of the message with a response protocol data unit (PDU), INFORM messages ensure that critical notifications are more likely to reach their intended destination.

SNMPWALK: Get All the Data

SNMPWALK uses multiple Get-Next requests to retrieve an entire tree of network data from a managed object. These are especially useful when using a tool like iReasoning MIB Browser to view all OIDs an agent offers.

Why Is SNMP "Simple?"

Aside from the small number of commands SNMP uses, it is considered simple because of its reliance on an unsupervised or connection-less communication link. The simplicity of SNMP communication has led directly to its widespread use, especially in internet applications. SNMP is considered "robust" because of the independence of the managers and agents. Because they are typically separate devices, if an agent fails, the manager will continue to function, and vice versa.

Understanding the Packet Types and Structure of SNMP

Basic serial telemetry protocols, like TBOS, are byte-oriented with a single byte exchanged to communicate. Expanded serial telemetry protocols, like TABS, are packet-oriented with packets of bytes exchanged to communicate.

The packets contain header, data, and checksum bytes. SNMP is also a packet-oriented protocol. The packets are composed of the message types discussed earlier: Get, GetNext, GetResponse, Set, and Trap.

Each packet, or variable binding, contains an identifier, a type, and a value (if a Set or Response). The agent uses its MIB to determine whether the object is managed and changeable (if processing a Set). The manager uses its MIB to display the readable name of the variable and sometimes interpret its value for any techs who may need to take corrective action.

The Layered Communication Model of SNMP

To send information, SNMP uses a layered communication model.

Layer 1 - Application layer (SNMP layer)

Layer 2 - Transport layer (UDP)

Layer 3 - Internet layer (IP)

Layer 4 - Network Interface layer (i.e., twisted pair copper, RG58 co-axial or fiber)

snmp transport layers

How data is transported through SNMP communication.

While this multi-layer model may seem a bit confusing, it effectively isolates the tasks of communication and ultimately assists in designing and implementing a network.

SNMP Transport Example

To illustrate the function of this layered model, let's look at a single SNMP GET request from the agent's perspective.

Step 1: The SNMP manager wants to know what the Agent's System Name is and prepares a GET message for the appropriate OID.

Step 2: It then passes the message to the User Datagram Protocol (UDP) layer. The UDP layer adds a data block that identifies the manager port that the response packet should be sent to.

Step 3: The packet is then passed to the IP layer, where the data block containing the IP address and Media Access addresses of the manager and the agent are added.

Step 4: The entire assembled packet gets passed to the Network Interface layer. The Network Interface layer verifies media access and availability. It then places the packet on the media for transport.

Step 5: After working its way across bridges and through routers based on the IP information, the packet finally arrives at the agent.

Step 6: Here it passes through the same four layers in exactly the opposite order as it did at the manager.

tcp/ip five layer network model

5-layer network model or Internet Protocol Suite.

Understanding Layers Makes Troubleshooting Easier

Understanding this layered model makes it easier to troubleshoot communication problems. When there is a problem, you can simply trace it down, out one end, into, and up the other. LAN/WAN link and activity status indicators provide some visibility to the Network Interface layer.

While ICMP echo requests and responses (Pings) provide some information regarding the proper functioning of the IP layer, active SNMP processing indicators can be used to verify the passage of the packet through the UDP layer and the functioning of the Application layer. Each step can be verified independently until all steps are working correctly for end-to-end communication.

SNMP Versions - v1 vs v2C vs v3

There are currently three commonly used versions of SNMP: v1, v2C, and v3.

The standards for the SNMP protocol are defined in documents called RFCs (request for comments), proposed by the Internet Engineering Task Force (IETF). You can take a look at the RFCs list for SNMPv1, v2c, and v3 here.

Like any advancement in technology, as newer versions of the protocol came out, the complexity of SNMP rose with them. Take a brief look at the differences between them:

  • SNMPv1: The first version of SNMP. It requires a plain text "community string" as the only form of security, which means anyone on your network with the community string can listen for SNMP messages.
  • SNMPv2C: Version 2C introduced the "Inform" command. Inform allows an SNMP manager to receive a message, but unlike a trap, the manager will send a response, letting the agent know it received the message. If the agent doesn't receive a response, it will resend the message.

    In addition to the Inform command, SNMPv2c brought several key enhancements over SNMPv1:

    GETBULK Messages: This feature allows the retrieval of large blocks of data, improving efficiency in network management tasks by reducing the number of requests needed.

    Security Considerations: Like SNMPv1, SNMPv2c employs community strings for security, which are essentially clear text passwords. These strings come in two types:

    Read-only (RO): Provides access to view Management Information Base (MIB) objects without the ability to alter them, enhancing security by limiting changes.

    Read-write (RW): Grants permission to modify MIB objects, allowing configuration changes to managed devices. This can be risky if not properly secured, as it opens the network to potential tampering.

    While SNMPv2c added functionality and efficiency, it did not address the fundamental security weaknesses of using unencrypted community strings, leaving data vulnerable to interception.

  • SNMPv3: Version three greatly enhanced SNMP security. It introduced the User-based Security Model (USM) for message security, and the View-based Access Control Model (VACM) for access control.
    Version three also supports the SNMP "Engine ID" Identifier which is used to generate a key for authenticated messages.
    In short, SNMPv3 added authentication and encryption. Authentications ensure that traps are read-only by the intended recipient, and encryption ensures the payload cannot be read by unauthorized users.

If you'd like more information on how you can implement the best SNMP network monitoring software for your scenario, let us know what you're trying to accomplish and we'll design a perfect-fit solution for your needs. You'll have 30 days to free trial your monitoring device, and if you don't like it for any reason, simply return it for a full refund.