An overview of SNMP – Simple Network Management Protocol
If you have SNMP based management systems for your network, all your network problems would be instantly diagnosed. No. But what SNMP can do is to give you a top level view of a few important parameters of various network devices that support this protocol including generating alarms when there is a component failure. But the details need to be worked out by the network administrators. For example, it might intimate the user when the router capacity has crossed a certain critical limit and is about to reach the full capacity but it may not tell which applications/ devices/ users are causing the excessive utilization of the router. You get the idea – the overall view.
What is SNMP?
SNMP is the short form of Simple Network Management Protocol. SNMP is a protocol that operates in the Application layer coordinating between a central NMS and various SNMP agents which are running on client devices. It defines a standard language for communications with network devices that are manufactured by multiple vendors and it also defines a standard management framework, security and access control for monitoring and managing different devices in a network. It is a TCP/IP based standard protocol with UDP as its transportation layer protocol.
With an SNMP monitoring tool, a network administrator can query device information, monitor device status, modify device parameters, enable automatic detection of faults, generate alarms, reports etc. Most of the network devices today support management through SNMP and the parameters that can be managed depends on the network device.
Example: A server’s processor utilization, memory usage etc. can be reported to the NMS, if the SNMP agent is running on a server. In a router, parameters like congestion notifications, priority queue levels, interface utilization, interface status etc. can be monitored.
Advantages of SNMP:
¤ SNMP gives a common, non-proprietary interface to manage devices from multiple vendors.
¤ Since it is a standard, different devices can be managed using the same tools and a single interface.
¤ Certain data that cannot be obtained by other means (A protocol analyzer cannot identify physical layer errors in a network switch, for example) can be obtained by an SNMP query.
¤ With SNMP, certain parameters network can be managed automatically. For example, when certain threshold parameters(traps) are set for network devices, alarms are generated via email etc. automatically.
¤ SNMP makes management tasks independent of the features and networking technologies of the managed network devices.
¤ SNMP allows network administrators to constantly monitor key parameters of network devices in order to identify certain trends that enable them to take precautionary measures.
¤ Uniform GUI based reporting makes it easier to monitor the various network devices.
Components of SNMP:
An SNMP enabled network consists of NMS (Network Management Station), SNMP agents and MIB – Management Information Base.
NMS: A network monitoring station is a central server/ software application running on a network device which is used to monitor and manage the various SNMP based network devices in the network. An NMS can request an agent to send a query or change the variables of managed network devices.
Agent: An agent is an application that resides on the network devices that need to be managed. It maintains the information regarding the managed devices, coordinates with the NMS and responds to the NMS queries. It also changes some variables of the managed devices on the instruction of the NMS and is responsible for sending alerts if some preset threshold values are exceeded in the devices.
MIB: A management information base is like a database that resides in each of the agents, and it is a collection of all the Managed Objects. NMS can read or write to the managed objects of the MIB. It also defines the set of characteristics associated with the managed objects like Object Identifier (OI), Access Rights, Data Type of the objects etc. MIB generally stores data in a tree like structure.
SNMP provides the following five basic operations : Get (request sent by the NMS to agent to retrieve any variable), GetNext (request sent by the NMS to retrieve the value of next OID), Set (request sent by the NMS to agent to set the value of a variable), Response (reply message of the agent to NMS) and Traps (Unsolicited message sent by the agent to NMS when a pre-defined event occurs).
What is SNMPv3?
SNMPv3 is the latest version of the protocol. The main difference between the previous versions (SNMPv1, v2c) and the latest version is that, while SNMP v1,v2c used community names for authentication, SNMPv3 uses User based Security Model (USM) and View based Access Control Technologies (VACT).
USM introduces the concept of user name and groups. The authentication packets from the sending end is checked for validity (authentication) and the packets between the NMS and the agent are encrypted to ensure enhanced security.
VASM introduces five elements: Groups, Security level, contexts, MIB views and access policy. Basically these five elements control user rights to management information. The users can be grouped, and the user of a particular group can access the objects defined for a specific MIB view only.
Limitations of SNMP:
While SNMP provides good network management at the macro level, it does not provide many network details required to solve many network issues. Since it needs to manage multiple devices manufactured by different vendors, the parameters that SNMP can manage are quite limited, based on the standards defined. But network devices are always very different from each other. Some are really complex. So, customization for management of particular elements cannot be defined by the user.
excITingIP.com
You can stay up to date on the various computer networking technologies by subscribing to this blog with your email address in the sidebar box that says ‘Get email updates when new articles are published’
A nice start on the topic of SNMP. Note that in SNMPv3 the two mechanisms for authentication and authorization are known as User-based Security Model (USM) as defined in RFC3414 and the View-based Access Control Model (VACM) as defined in RFC3415.
I recently posted a blog topic on SNMPv3 which may be of interest: http://ellisonsoftware.com/2009/01/02/using-snmpv3-for-secure-transmission-of-snmp-messages/
– Mark (info@EllisonSoftware.com)
Hi Mark,
I read your article. It was a good intro to the security aspects included in SNMPv3. Thanks for the link, and your comment.
excITingIP.com