Tutorial: Simple Network Management Protocol (SNMP)

What is SNMP?

Simple Network Management Protocol (SNMP) is a widely used protocol designed to facilitate the management of networked devices from a central location.  Designed originally for the management of devices such as routers and switches, its usage has grown rapidly to encompass the monitoring of nearly any electronic device one can think of.  SNMP is now  used to monitor and manage television broadcast studios, automated fare collection systems, airborne military platforms, energy distribution systems, emergency radio networks, and much more.

SNMP Architecture

The SNMP architecture is composed of three major elements:

• Managers (software) are responsible for communicating with (and managing) network devices that implement SNMP Agents (also software).
• Agents reside in devices such as workstations, switches, routers, microwave radios, printers, and provide information to Managers.
• MIBs (Management Information Base) describe data objects to be managed by an Agent within a device. MIBs are actually just text files, and values of MIB data objects are the topic of conversation between Managers and Agents.

Before we go any further, we need to introduce the concept of Object Identifiers or OID’s. Each MIB object definition has a unique OID, which is a dotted listed of integers. For example, within the Host Resource MIB, the OID for data object “hrDiskStorageCapacity” is “.1.3.6.1.2.1.25.3.6.1.4”.

When Managers and Agents communicate, they refer to MIB data objects using OID’s.

An OID sent with a corresponding value {OID,Value} is referred to as “binding”.

Managers can be viewed as Clients; and Agents, as Servers. The operations between Managers and Agents are quite simple:

• “get” commands are sent by a Manager to an Agent to request data values defined by a MIB. The Agent will respond with the requested values. Closely related requests are “getnext” and “getbulk”.
• A Manager can also send “set” commands to an Agent. If the MIB defines a data object as read-write, then the Agent will accept the data value sent with the “set” command and process it appropriately (store it or execute appropriate action).
• Agents will send unsolicited “traps” (alarms) to Managers to alert them to important events.

The basic operations of SNMP are quite “simple”, but the totality of SNMP is far from that.  The typical ramp-up time for an individual learning to use SNMP effectively on his or her own can easily stretch to six months or longer.

SNMP Standards and Versions

SNMP Standards are described in Request for Comments (RFC) documents published by the Internet Engineering Task Force (IETF).  Standards Topics can generally be categorized into:

• Messaging protocols between Managers and Agents (which encompasses security issues)
• MIB syntax standards
• “Standard MIB” definitions

Messaging Protocols

Three messaging protocols exist:

• SNMPv1 was the first protocol introduced, and it is still widely used. It implements “get”, “getnext”, “getresponse”, “set”, and “trap” operations. Security for SNMPv1 is based on a “community string” that is transmitted with each message. The community string acts as a password. If the Manger includes the correct password in a request to an agent, the agent will send a response. The community string is not encrypted and thus the security it provides is quite weak.

• SNMPv2 usually refers to SNMPv2c (other v2’s were proposed, but only v2c survives today). It introduced the ability to transmit SMIv2 MIB-definitions of type “Counter64”.  SNMPv2c also provides expanded messaging operations: “getbulk”, “inform”, “report”, and a new “v2trap” operation (same functionality as the v1 “trap”).  It also introduced enhanced error responses by Agents. SNMPv2c utilizes the same community string security as SNMPv1.

• SNMPv3 is the most recent introduction, and it is a major step forward in improving security. Security enhancements include User Authentication and Encryption. User Authentication:  Verification of the identify of the SNMP Entity (Manager or Agent) sending the request. Managers and Agents share knowledge of valid users, and there is a shared secret key defined for each user. When an Entity sends an SNMPv3 message, the secret key is used to create a hash of the message, and this hashed value is included with the message. If the receiving Entity can recreate this hash, then the message is said to be “authenticated” as from a valid user.  Encryption:  Message payload can be optionally encrypted based on a second shared key. VACM (View Access Control Model):  Agents can now be configured to control who can access which MIB Objects under agent management.  For example, User = “Operations Supervisor” can access critical read-write control data, while User = “Plant Monitor” can access only read-only status data. Message Timeless Checks ensure that messages are not delayed or replayed.

MIB Syntax Standards  

MIBs are written in either of the following two syntax standards:

SMIv1 is the earliest version and was introduced along with SNMPv1. SMIv1 MIBs are very functional and very common.

Data defined by SMIv1 MIB Objects can be transmitted between Managers and Agents by any of the three messaging protocols, viz., SNMPv1, SNMPv2c, or SNMPv3.

SMIv2 was introduced along with SNMPv2c.  Major enhancements include:

Introduction of new data base types, including the “Counter64” data type.

Although derived data types could be defined in SMIv1, SMIv2 formalizes this syntax and also defines some “Standard Textual Conventions” such as “Display String”.

Improvements that enhance the documentation of MIB files and objects, such as:

• Module Identity Statement
• Conformance Statements
• Improved Trap Definition Syntax (“NOTIFICATION-TYPE”)

An SMIv2 MIB can usually be translated into an SMIv1 MIB.  The primary exceptions are: a) A Counter64 type object cannot be translated. b) An improperly coded NOTIFICATION-TYPE cannot be translated to an SMIv1 TRAP-TYPE with the same OID.

Data defined by SMIv2 MIB Objects can be transmitted between Managers and Agents by any of the three messaging protocols, viz., SNMPv1, SNMPv2c, or SNMPv3.  The only exception to this is that Counter64 Object data cannot be transported by SNMPv1 messages.

“Standard MIB” Definitions

Depending on the origin (author) of a MIB, we can categorize MIBs into either:

• Enterprise MIBs
• Or Standard MIBs

Enterprise MIBs are authored by non-standards-committee organizations, e.g., Cisco or HP. All such organizations must apply for a unique “Enterprise ID” issued by the Internet Assigned Number Authority (IANA).  Enterprise MIBs are then organized under these unique ID’s.

Standard MIBs are authored by persons associated with the IETF.  For example, a standard Printer MIB exists, and printer manufacturers commonly implement an Agent to support this MIB in addition to their own Enterprise MIBs.

Other Standard MIB examples include:

• X.25
• Modems
• DS1, DS3
• Bridges
• ATM
• Token Ring
• Fiber Channel Fabric Element MIB
• Ping, Traceroute, Lookup MIBs
• Print Job Monitoring MIB
• ICMPv6 MIB
• Mail Monitoring MIB

Strengths and Weaknesses

Strengths

• Widespread popularity
• Many standard MIBs available
• Agents have low impact on monitored system resources
• Well suited to monitoring
• Many products available

Weaknesses

• Not as comprehensive as some other protocols
• Not bandwidth efficient
• Complicated message encoding rules
• Security has been on on-going concern.  SNMPv3 was developed in response to this issue.
• UDP, or other connectionless, protocol is used, which creates issues regarding verification of operations:  Trap-Send verification (did it really reach the Manager?); Verification (success) of any “set” operation to an Agent.  However, cleverly designed MIBs and Manager logic can overcome these problems.

Applications

Here are some typical uses of SNMP:

• Monitoring device performance
• Detecting device faults, or recovery from faults
• Collecting long term performance data
• Remote configuration of devices
• Remote device control

How to Learn More

Courses

• SNMP Essentials:  A Fast-Track Tutorial (3 days, SNMP-ESSENT):  The first of our series of three courses on SNMP, this course is designed to fast-track individuals and organizations wishing to become SNMP-competent.  It employs highly interactive lecture combined with hands-on exercises to help you effectively acquire the necessary knowledge and skills and apply them to real-life situations.
• SNMPv3: Secure SNMP (1 day, SNMPV3):  Our intermediate level SNMP course, it deals with the security and other enhancements embodied in SNMPv3, the latest version of this protocol.
• SNMP Agent Development (1 day, SNMP-AGENT):  Our final course on SNMP, it is aimed at the software developers responsible for programming SNMP agents for deployed devices.

Books

• Understanding SNMP MIBs by David Perkins & Evan McGinnis.  Prentice Hall, 1997
• SNMP, SNMPv2, SNMPv3, and RMON 1 and 2 by William Stallings.  Addison-Wesley, 1996
• Essential SNMP  by Mauro & Schmidt.  O’Reilly, 2005
• A Practical Guide to SNMPv3 and Network Management by David Zeltserman.  Prentice-Hall PTR, 1999

Web Sites

• http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol  Good overview of SNMP.
• http://www.simpleweb.org/tutorials  Some good tutorials.
• http://www.snmplink.org  Lots of good information that is kept current. Includes tutorial information, references, and tools.
• http://www.ietf.org  Internet Engineering Task Force is the repository of all SNMP standards
• http://www.iana.org  Internet Assigned Numbers Authority is responsible for the registration of enterprise OIDs