What is SNMP and how does SNMP work? We often get asked how SNMP works and more specifically how to use SNMP for monitoring. So we thought it would be useful to share a simple guide covering how SNMP works.
The short answer to what is SNMP: Simple Network Management Protocol (SNMP) is an application layer protocol that is used to monitor the network, detect network faults and sometimes even used to configure remote devices.
What is SNMP?
Simple Network Management Protocol (SNMP) is a set of protocols for network management and monitoring. These protocols are supported by tons of network devices like routers, switches, servers, hubs, bridges, workstations, printers, modem racks and other network components and devices. Supported devices are all network-attached items that must be monitored to detect conditions. These conditions must be addressed for proper, appropriate and ongoing network administration. SNMP standards include an application layer protocol, a set of data objects and a methodology for storing, manipulating and using data objects in a database schema.
The SNMP protocol is included in the application layer of TCP/IP as defined by the Internet Engineering Task Force (IETF).
Imagine your organization has 1000’s of devices and you were asked to check each of them, every day. This would easily occupy all of your time and be an incredibly tedious task. Luckily, SNMP was designed to make things a whole lot easier!
Typically, SNMP uses one or several administrative computers (managers), to oversee groups of networked computers and associated devices. A constantly running software program, called an agent, feeds information to the managers by way of SNMP. The agents create variables out of the data and organize them into hierarchies. The hierarchies, along with other metadata, may be types and descriptions of the variables and are described by management information bases – hierarchical virtual databases of network objects.
Now that we’ve covered what is SNMP – lets look at how SNMP works.
How SNMP works?
How SNMP works – 3 Key SNMP Components
There are three key components of a network managed by SNMP, they are the managed devices (routers, servers, switches, etc.), software agents, and a network management system. There may be more than one NMS on a given managed network. Here is a bit more detail about the 3 components of SNMP:
- SNMP Manager
It is a centralized system used to monitor the network. It is also known as Network Management Station (NMS)
- SNMP agent
It is a software management software module installed on a managed device. Managed devices can be network devices like PC, router, switches, servers, etc.
- Management Information Base
MIB consists of information on resources that are to be managed. This information is organized hierarchically. It consists of objects instances which are essentially variables.
Types of SNMP messages
SNMP’s popularity and use can likely be attributed to its simplicity. SNMP uses 7 protocol data units. The 7 different variables are:
- GetRequest –
Request an agent to provide the current value of an OID.
SNMP manager sends this message to request data from SNMP agent. It is simply used to retrieve data from SNMP agent. In response to this, SNMP agent responds with requested value through response message.
- GetNextRequest –
Request the next object in the MIB. This means you can traverse a tree without needing to specify OIDs.
This message can be sent to discover what data is available on a SNMP agent. The SNMP manager can request for data continuously until no more data is left. In this way, SNMP manager can take knowledge of all the available data on SNMP agent.
- GetBulkRequest –
Make multiple GetNext requests.
This message is used to retrieve large data at once by the SNMP manager from SNMP agent. It is introduced in SNMPv2c.
- SetRequest –
Tell an agent to change a value on a remote host, the only write operation in the entire SNMP protocol.
It is used by the SNMP manager to set the value of an object instance on the SNMP agent.
An agent can send back:
- Response –
A response, with the requested information.
It is a message sent from agent upon a request from manager. When sent in response to Get messages, it will contain the data requested. When sent in response to Set message, it will contain the newly set value as confirmation that the value has been set.
- Trap –
A “trap” message, not requested by the manager, which provides information about device events. SNMP traps were renamed “notifications” in later SNMP versions.
These are the message sent by the agent without being requested by the manager. It is sent when a fault has occurred.
- InformRequest –
The manager can confirm the receipt of a trap message.
It was introduced in SNMPv2c, used to identify if the trap message has been received by the manager or not. The agents can be configured to set trap continuously until it receives an Inform message. It is the same as trap but adds an acknowledgment that trap doesn’t provide.
SNMP has evolved into three different versions. There are 3 versions of SNMP:
- SNMPv1 –
This was the first implementation, operating within the structure management information specification, and described in RFC 1157. It uses community strings for authentication and UDP only.
- SNMPv2c –
This version has improved support for efficiency and error handling and is described in RFC 1901. It was first introduced in RFC 1441 and is more appropriately known as SNMP v2c. It uses community strings for authentication. It uses UDP but can be configured to use TCP.
- SNMPv3 –
This version improves security and privacy. It was introduced in RFC 3410. It uses Hash-based MAC with MD5 or SHA for authentication and DES-56 for privacy. This version uses TCP. Therefore, the higher the version of SNMP, the more secure it will be.
SNMP Security Levels
Defining the type of security algorithm performed on SNMP packets. These are used in only SNMPv3. There are 3 security levels namely:
- noAuthNoPriv –
This (no authentication, no privacy) security level uses community string for authentication and no encryption for privacy.
- authNopriv – This security level (authentication, no privacy) uses HMAC with Md5 for authentication and no encryption is used for privacy.
- authPriv – This security level (authentication, privacy) uses HMAC with Md5 or SHA for authentication and encryption uses DES-56 algorithm.
SNMP and TCP service monitoring
Now that we’ve covered what is SNMP and how SNMP works, lets look at how SNMP values can be monitored.
With software like Domotz you can monitor SNMPv2 devices and configure alerts based on the OID value. For instance, you could receive an alert if a device exceeds a certain temperature, or a printers toner cartridges drop below a certain level.
Domtoz Eyes are the advanced monitoring capabilities for SNMP, TCP and, in the future, ZigBee monitoring.
Domotz Eyes snapshot:
- Each Domotz Agent is automatically allotted 5 Eyes for advanced TCP and SNMP monitoring
- The Eyes enable the ability to specify SNMPv2 OID to be monitored and the ability to set-up alerts (based on the value of the OID)
- In the coming months, we’ll be releasing templates for Domotz Eyes which will make the application of Eyes on a large number of devices much easier to configure and scalable. With the upcoming templates, you’ll automatically be able to apply the Eyes on multiple devices that have the same configuration (like Crestron or Cisco).
Fun Fact: You can use Domotz Eyes to monitor all sorts of things! Read how our customer support rep, Henrique, uses this feature to monitor his aquarium.