Simple Network Management Protocol (SNMP)

Learn via video courses
Topics Covered

Overview

The Simple Network Management Protocol (SNMP) in computer networks is an Internet Standard protocol for gathering, organizing, and altering information about managed devices on IP networks to affect the behavior of the devices. SNMP in computer networks is commonly supported by cable modems, routers, switches, servers, workstations, printers, and other devices. For network monitoring, SNMP is a commonly used protocol in network administration. A management information base (MIB), which is organized and contains variables on the managed systems, is where SNMP provides management data that explains the state and configuration of the managed systems. Then, by using managing apps, these variables can be remotely accessed.

What is the Concept of Simple Network Management Protocol (SNMP)?

A local area network (LAN) or wide area network(WAN) can use the application-layer protocol known as Simple Network Management Protocol (SNMP)in computer networks to monitor and manage network devices. With SNMP, network devices, including routers, servers, and printers, may communicate with network management systems in a standard language (NMS).

The client-server architecture of SNMP includes the following three elements:

  • A manager for SNMP;
  • An agent for SNMP; and
  • A management information base (MIB).

The SNMP agent serves as the server, the MIB serves as the server's database, and the SNMP manager serves as the client. The agent uses the MIB to respond to queries posed by the SNMP management. The majority of network devices already include SNMP agents because SNMP is so widely used. However, to use the protocol, network managers must first modify the network devices' default configuration settings to enable communication between SNMP agents and the network management system. According to the Internet Engineering Task Force(IETF), SNMP is a component of the first Internet Protocol (IP) suite. There are various SNMP protocol iterations. The most recent version, SNMPv3, has access control, encryption, and authentication security features. Data structures known as SNMP Management Information Bases, or MIBs for short, specify what can be updated and configured on a local device as well as what may be gathered from it. There are many MIBs that are standardized by organizations like the IETF and ISO, as well as proprietary MIBs that are standardized by particular suppliers of IT hardware like Cisco and software like Microsoft and Oracle. The Simple Network Management Protocol (SNMP) in computer networks is an Internet Standard protocol for gathering, organizing, and altering information about managed devices on IP networks to affect the behavior of the devices. SNMP is commonly supported by cable modems, routers, switches, servers, workstations, printers, and other devices. For network monitoring, SNMP is a commonly used protocol in network administration. A management information base (MIB), which is organized and contains variables on the managed systems, is where SNMP provides management data that explains the state and configuration of the managed systems. Then, by using managing apps, these variables can be remotely accessed (and, in some cases, changed). Three significant SNMP versions have been created and put into use. The first iteration of the protocol is called SNMPv1. Performance, versatility, and security have all been enhanced in more current versions, including SNMPv2c and SNMPv3. According to the Internet Engineering Task Force, SNMP is a part of the Internet Protocol Suite (IETF). It comprises a set of protocols for the application layer, a database schema, and several data items for network management.

The Three Components in the Architecture of the SNMP:

SNMP has three parts that work together to carry out its fundamental functions. These are listed below:

SNMP Manager:

A manager or management system is a separate entity that is in charge of interacting with network devices that have SNMP agents installed. Typically, one or more network management systems are run on this machine.

Key capabilities of SNMP Manager:

  • Agents' questions
  • Receives feedback from agents
  • Sets agents' variables
  • Recognizes asynchronous agent events
  • A manager verifies an agent by asking for information that illustrates the agent's actions.
  • By resetting values in the agent database, a manager can also force an agent to carry out a specific task.
  • By alerting the manager to an uncommon circumstance, an agent also helps with management.

SNMP Agent

The main duty of SNMP agents is to reply to SNMP operation requests. Any object that can use the management section of the SNMP protocol is capable of submitting an operation request. One instance of this is the SNMP command from the z/OS® UNIX distribution that comes with this TCP/IP version. GET, GETNEXT, and SET are a few examples of SNMP operations. A MIB object is the subject of an operation. The list of MIB objects offered by the SNMP agent is expanded by a subagent. You define MIB objects relevant to your environment with the subagent and register them with the SNMP agent. A process operating on a controlled device is an SNMP agent. It keeps data on the monitored device up to date, reacts to NMS queries, and sends management data back to the NMS.

  • The SNMP agent executes the necessary MIB operation in response to a request from the NMS (Network Management System) and delivers the operation result to the NMS.
  • The SNMP agent delivers an SNMP trap containing the current device status to the NMS if a fault or event takes place on a monitored device.

Management Information Base

A database used for controlling the entities in a communication network is known as a management information base (MIB). The Simple Network Management Protocol (SNMP) is most frequently linked with the word, but it is also used more broadly in contexts like the OSI/ISO Network management paradigm. Although it is meant to refer to the entire collection of management information that is available about an entity, the term is frequently used to refer to a specific subset, which is more appropriately known as a MIB module. The "Structure of Management Information Version 2 (SMIv2)" RFC 2578 is a subset of Abstract Syntax Notation One (ASN.1) that is used to define objects in the MIB. A MIB compiler is the program that handles the parsing. The tiers of the MIB hierarchy can be represented as a tree with a nameless root that is assigned by various organizations. While lower-level object IDs are assigned by related organizations, top-level MIB OIDs are the property of several standards bodies. As MIBs can be established for all of this domain-specific information and actions, this architecture enables management across all layers of the OSI reference model, extending into applications like databases, email, and the Java reference model. A managed object is one of the distinct features of a managed device, also known as a MIB object or object. One or more object instances, which are effectively variables, make up managed objects. In the MIB hierarchy, a managed object is identified by an OID. This tree-link MIB structure has branches for both proprietary private vendor networking object implementations and public networking standard object implementations. Vendors can request that specific MIB numbers be reserved for their products by applying to the Internet Assigned Numbers Authority (IANA). For instance, SNMP management systems can access over 90 objects in the LAN Manager MIB II to learn more about users who are currently logged on, sessions, shares, and other information. A MIB object's value may be retrieved or, in some situations, changed using SNMP commands.

SNMP Messages

To set up network monitoring using SNMP, various SNMP message types can be used:

GetRequest

The management server always sends a GetRequest message to an agent. To request or obtain the value of one or more MIB objects, messages are sent.

  • You Can Get Information Right Away With GET Requests: This is the GET request's primary use and consists only of the GET request's meaning. A manager-to-agent message asks for the current value of a managed object when a human operator requires information right away when browsing a website. This might be, "Send me the reading from your internal temperature sensor," or "Is the site entrance open right now?" Any information that isn't immediately provided by traps will need to be filled in via GET requests if you want instant data.

  • Keep Alive/Heartbeat requests can be made automatically by the manager using SNMP GET requests to verify that the device is still online. A reliable method of ensuring that the equipment at your unmanned sites is in excellent working order is remote monitoring. It lessens truck rolls, saves you time and money, and might even help your equipment last longer. There is, however, a component to this riddle that is frequently disregarded. Having monitoring equipment on site is insufficient. When something goes wrong, your equipment sends alarms to your RTUs ( Remote Telemetry Units ) or boss, correct? What occurs, though, if your equipment breaks down and is unable to send an alarm? A unit that isn't functioning and a unit with no alerts appear to be nearly identical to your RTU or manager. Because of this, you can't just wait for your RTU to send you asynchronous alarm messages. You could have to wait an eternity if it fails. You should be able to email your boss a proactive request and wait for a response. A more dependable ping technique based on GET requests is supported by SNMP devices in your network. The management sends an SNMP GET message to a device to ask for a certain value, as I previously explained to you.

  • GET-NEXT Messages, third Give the manager access to a complete update of the alarm status. The GET request can be used by SNMP management to execute full updates regularly. This indicates that it will want to hear every alarm state in a certain device. The updating procedure is fairly easy to follow. An agent receives a GET message from a manager asking for data, and the agent responds with a GET-RESPONSE. The manager may simply want that one piece of information, or it may send GET-NEXT messages (and then more) to ask for a complete status update. This is a method of getting around asynchronous notifications, which might be viewed as a simple SNMP flaw. According to their specific criteria, your network elements only send traps when anything is "wrong." Sending GET-NEXT requests repeatedly causes you to override the device's built-in trap logic and gather data for each alarm status and sensor value. Your central SNMP manager can make the finest management decisions with a complete view, either automatically or under your supervision.

GetNextRequest

The GETNEXT command (GetnextRequest) asks a remote entity for a list of instances with the expectation that it would return the next variable in the tree. The agent MUST return the following instance in the MIB tree if a GETNEXT is requested for an item that doesn't exist. The agent must bypass this entry and locate the following instance in the MIB tree to return if a GETNEXT is issued for an item that actually does exist. An End of MIB exception is returned if there are no more MIB objects in the MIB tree.

GetBulkRequest

The same three different request messages are supported by every version of the SNMP protocol, as I've previously said. Which are:

  • Get This is the most typical SNMP message an SNMP manager sends out to request data; it is also known as GetRequest. The response will come in the form of a Response message from the receiving device.
  • GetNext This kind of communication will be sent by the SNMP management to learn what data the device has to offer. The manager can send GetNext messages after receiving the Response message from a Get request until there is no longer any "next" data to be received. Even though they might not have had any prior knowledge of the answering device, the goal of this type of communication is to tell you all the information that is available on a certain device.
  • Set This message, also known as a SetRequest, is a manager-initiated command that modifies a parameter's value on the agent device via SNMP. Messages of this type are used to control or modify configurations and settings.

When it comes to efficiency, GetBulk is far superior to other messages when it comes to obtaining several consecutive values. The best practice in the sector is to employ them wherever possible. For instance, in the aforementioned example, you have successfully gotten data that, absent GetBulk, would have required ten GetNext requests and one Get the message. Also, keep in mind that you must set the non-repeater value to 0 if all you intend to accomplish with a GetBulk request is a series of GetNext actions.

SetRequest

You must include two values in your PDU(Protocol Data Units) when submitting an SNMP Set request: the OID that you want to alter and the new value that it should take. To update an OID value, it must first be read-write (you can check this by reading the MIB files and looking at the ACCESS value) and you must be aware of the types of values that OID accepts. For the agent to perform a Set operation, it is crucial to send the appropriate kind of value. Incorrect values, such as sending an OctetString to an OID that only allows Integer32 values, will result in the agent returning a WrongType error in the SnmpPacket. ErrorStatus Pdu variable.

Response

It is a message that the agent sent in response to the manager's request. It will include the requested data when sent in response to Get messages. As a confirmation that the value has been set, the message delivered in response to the Set message will include the newly set value. In SNMPv1, the Response-PDU message is known as GetResponse-PDU. To make the names GetRequest-PDU and GetResponse-PDU fairly symmetric, this name was probably chosen because it was a response to a get operation. The issue is that this name is unclear for two different reasons. First of all, some individuals seem to think that the PDU's goal is to "get a response." Second, the GetResponse-PDU was also defined as the reply message for SetRequest-PDU as well as the response message for operations other than "gets." The new name is more generic and gets rid of these issues, which make it confusing when a "GetResponse" message is delivered in response to a "SetRequest".

Trap

The most commonly used alarm messages are SNMP traps, which are delivered from a remote SNMP-enabled device (an agent) to a central collector, the "SNMP manager." A Trap might, for example, report a machine overheating incident. The primary method of communication between an SNMP Agent and an SNMP Manager is, as was already said, the Trap messages. When a major event takes place at the Agent level, they are utilized to notify SNMP management. The Trap differs from other messages in that it is immediately triggered by an agent as opposed to waiting for a status request from the SNMP Manager.

SNMP traps are often divided into two categories:

  1. Generic (or Standard) traps
  2. Enterprise-specific traps
  • Six generic traps, including cold start, warm start, linkDown, linkUp, authenticationFailure, and egpNeighborLoss, are included in RFC 1215 of the Internet Engineering Task Force.
  • Custom traps designed to send data about multiple items in a managed device are known as enterprise-specific traps. Manufacturers and IT vendors typically create enterprise-specific traps to permit the delivery of information about specific items in their products.

InformRequest

As a method for transmitting reports and receiving responses, the inform request is described in SNMP version 2. The JMX SNMP manager API has this feature for exchanging management data across SNMP managers. The SNMP manager API contains the tools necessary to send and receive information requests, which are functions that SNMP managers perform both transmit and receive. Inform requests are roughly transmitted in the same manner as other requests and are received like traps. In the sections that follow, both of these methods are described. In this straightforward example, there are two manager programs, one of which sends an information request and the other of which receives and responds to it. In this exchange, there are no SNMP agents present.

Sending a request to inform: A session is used by the management to send an informed request, just like with the other requests. The peer object linked to the request should be an SNMP manager capable of receiving and responding to InformRequest PDUs. This is the sole distinction. Making a peer the default peer object allows you to link it to a session. In this example, we'll do it this way. This means that if we send requests without specifying a peer, they will be sent to our manager peer by default. Because sessions frequently come with agent peers as a default, you can add the manager peer as an argument to the snmpInform method of the session object.

Getting Requests to Inform Inform requests are uninvited occurrences that must be acknowledged by a dispatcher object, just like traps. Managers receive them both. In contrast to traps, an inform request requires a response PDU, and this PDU is required to have the same variable bindings as the original inform request by the SNMP specification. Thus, the SnmpEventReportDispatcher class automatically creates and delivers the informed response back to the originating host as soon as an information request is successfully received and decoded. The information in the information request is then retrieved by the management application via a listener on the dispatcher. Similar to trap listeners, inform request listeners are registered with the dispatcher object. In our example, the dispatcher and listener for inform requests are the only tasks performed by the receiving manager, which makes it quite straightforward.

SNMP Security Levels

It specifies the kind of security technique used to protect SNMP packets. Only SNMPv3 makes use of these. There are 3 different levels of security:

noAuthNoPriv

This security level (no authentication, no privacy) employs a community string for authentication and does not use encryption.

authNopriv

HMAC and Md5 are used in conjunction with this security level's authNopriv (authentication, no privacy), and there is no usage of encryption to protect user data.

authPriv -

This level of security (authentication, privacy) uses HMAC with Md5 or SHA for authentication and the DES-56 algorithm for encryption.

SNMP Versions

It would be practically difficult for a network monitoring solution to identify devices and monitor their performance without SNMP, which is why it is also essential for network administration. SNMP now comes in three major iterations: the original SNMPv1, SNMPv2, and SNMPv3.

SNMPv1

The first iteration of the Simple Network Management Protocol is known as SNMPv1. A team of university academics created SNMP for the first time in 1988 to monitor networked devices using TCP/IP networks. The Internet Architecture Board (IAB) gave SNMP its approval as an internet standard in 1990.

Among the fundamental SNMPv1 instructions are:

  • GET. The managed device or agent receives a "get" request from the management to retrieve a value.
  • GETNEXT. The "get-next" command receives a value from the following OID in the MIB, similar to the "get" command.
  • SET. This command tells the agent to change something.
  • TRAP. A trap is a one-way communication from an agent to a manager to alert them to an incident.
  • RESPONSE. answers the question posed by the manager and returns the result.

In the area of information technology, SNMPv1 is comparable to a dinosaur that is still alive. It is still in use today because it uses minimal resources and offers the very minimum capabilities needed for data polling. The fact that it doesn't demand a lot of resources, however, also contributes significantly to its fundamental flaw. SNMPv1 lacks any encryption techniques and provides extremely minimal security. In SNMPv1, a community is created by pairing an agent (the monitored device) with a haphazard assortment of managers (your network management solution). A name, known as a community string, is given to each community. And this is when security problems start. When a query is made, the community string is sent in plain text, and since most devices have the string set to "public," this can cause several security problems. It is simple for an unauthorized device to connect to the network, obtain data, or make changes using this extremely basic authentication technique. The fact that SNMPv1 only supports 32-bit counters, which is severely restricting for modern networks, is another flaw in the protocol. In some networks, the interface throughput can approach hundreds of gigabits per second, making it simple for 32-bit counters to roll over between polling periods.

SNMPv2c

A fresh version of SNMP was created when networks expanded and usage greatly increased. 64-bit counters, enhanced security, more flexibility in creating hierarchical management systems, and streamlined Management Information Base (MIB) discovery are all features of SNMPv2. Additionally, SNMPv2 adds new commands that are simpler to use. With the use of instructions like "GETBULK," introduced by this protocol, a manager can send an agent many requests for variables at once. In SNMPv1, "INFORM" changed how "Traps" operated. The new "Inform" command demands a response from the manager to the agent, effectively confirming that the message has been received. The SNMPv2 protocol comprises three variants: SNMPv2c, SNMPv2u, and SNMPv2. SNMPv2c is the actual standardized version. So, when someone says "SNMPv2," they're talking about SNMPv2c. SNMPv2c vs. SNMPv3 is a more accurate title for this article, but it's a bit of a mouthful. Sadly, the new security scheme that SNMPv2 introduced prevented this new protocol from being widely adopted. As a result, SNMPv2c was created, which did away with the new security system and replaced it with the well-known community-based strategy. Therefore, despite changes made to MIB structure elements, protocol packet types, and transport mappings in SNMPv2c, it still retains the same security weaknesses as its predecessor. Nevertheless, SNMPv2c is still frequently used today due to its simplicity of use and extra capability. It's important to note that many devices let you create Access Control Lists (ACL) or Approved Managers Lists, which restrict who has access to SNMP data. While this does alleviate some of the SNMP's safe access concerns, it does not answer the worries about privacy and encryption. Although the security of SNMPv2c may be adequate for internal networks, it should never be a consideration for devices that are accessible to the public or the internet. Networks are susceptible to a variety of threats because of the lack of encryption and the straightforward authentication procedure.

SNMPv3

SNMPv3 was created in 1998 to address growing security concerns, building on its predecessors. SNMP View, SNMP Groups, and SNMP Users are the three new components that are introduced. With these three components in place, there is a far lower chance of unauthorized parties being able to read or write data because every interaction with a device on the network is properly authenticated and encrypted. You can access a lot of the network's devices via SNMP. The authentication information of a machine can be found with some effort. It's one of the main methods of network discovery that bad actors can use to find out information about a target business. By letting you specify what data users can access, SNMP view limits this ability. For instance, you can designate two views: one that only allows one group of users to access interface statistics for a particular set of devices, and the other that only allows a different group of users to view hardware health data. In comparison to earlier iterations of the protocol, this user-based paradigm ensures a higher level of security. SNMPv3 also makes it simple for administrators to implement role-based access control because the number of unique usernames that can be produced is unrestricted. Additionally, a login and password are now required every time someone wants to access information, whereas before they weren't. To strengthen security and prevent data tampering and eavesdropping without consuming an excessive amount of resources, SNMPv3 also introduced encryption techniques including SHA, MD5, and DES. However, it should be emphasized that authentication must be enabled for encryption systems to function. For instance, in SNMPv3, the terms "manager" and "agent" were dropped in favor of "SNMP entities." Each entity is made up of an SNMP engine (which is comparable to the "agent" in earlier versions) and one or more SNMP applications (which are comparable to the "manager" in earlier versions).

Role of SNMP

Specific responsibilities played by the SNMP protocol in network management include:

  • It primarily specifies the packet's format for transmission from the management to the agent or vice versa.
  • Additionally, statistics are generated and the results are interpreted via SNMP.
  • The name of the object (variable) and its state are contained in the packets that are sent back and forth between the manager and the agent (values).
  • These values can also be accessed and modified via SNMP.

The Role of SMI

There are specific requirements that must be followed to use SNMP, and these restrictions concern object naming. It's time to examine the functions of SMI now:

  • The fundamental application of SMI (Structure of Management Information) is to specify the basic guidelines for item naming.
  • It is also used to specify the categories of items, such as ( range and length).
  • This serves as an example of how to encode the values and objects.
  • The SMI does not specify how many objects a single entity should be able to manage.
  • Additionally, the relationship between the values of the objects is not defined.

The Role of MIB

This protocol is mostly used to declare the number of objects, name them under the SMI's rules, and then assign a type to each named object to manage each entity.

  • MIB (Management Information Base) is mostly used to generate a set of objects that are defined for each entity and are similar to the database.
  • As a result, the main output of MIB is a collection of named objects and their types.

Advantages of SNMP Protocol

Some advantages of using SNMP are listed below:

  • This protocol for network management is the norm.
  • Operating systems and programming languages have no bearing on this protocol.
  • This protocol has a portable functional design.
  • The SNMP essentially consists of a core set of actions that apply to all managed devices. SNMP hence supports extensibility.
  • The protocol known as SNMP is widely used.
  • It is a simple protocol.
  • Distributed management access is possible using this protocol.

The Disadvantages of SNMP Protocol

These are a few of SNMP's disadvantages:

  • The **bandwidt**h of the network is decreased as a result of this protocol.
  • The three main security concerns with this are access control, authentication, and data privacy.
  • The information that SNMP works with is neither sufficiently detailed nor sufficiently ordered.

Conclusion

  • The most well-known open protocol on the market is SNMP. It is mostly used by network administrators to monitor their networks. You can monitor your devices with the aid of SNMP monitoring tools. Utilizing SNMP has a lot of benefits. Use the appropriate security configurations as well, though.
  • SNMP is a widely used networking protocol, and many manufacturers include SNMP support in their products. For effective network management, SNMP traps are used. Your network management system should be able to collect SNMP traps and give you access to their analysis because they contain important information about the objects in monitored devices.
  • Some solutions for network monitoring and log analysis support SNMP as well. You can set them up to manage SNMP traps and incorporate SNMP trap data into a larger network monitoring plan.
  • A common method for managing and keeping track of device activity on a local or wide-area network is the SNMP trap. aid in data loss detection and reliable data transmission. Determine the causes of packet loss and lag. 
  • Consider a situation where a manager oversees a sizable number of devices in the IT network of your company and each device that the manager monitors consist of numerous objects. To request management information for every object in all the devices for discovery and topology modifications may become nearly impossible or burdensome for the manager.