What Else But SNMP?

Most network engineers have a love/hate relationship with the Simple Network Management Protocol (SNMP). Okay, maybe it’s more like tolerate/hate. It’s been the de facto standard for most network-connected devices since the late 80s, so we’ve all used it at some point.

But despite the name, SNMP isn’t always simple to use. That, plus the protocol’s age (SNMP is over 30 years old), helps explain why many in our industry have wanted to see SNMP go away, and a viable SNMP alternative emerges, for a while now.

Since Windows 2012 R2 deprecated SNMP—and perhaps even earlier—there have been rumblings that SNMP was going the way of the Dodo. This sentiment ramped up even further after two Google engineers published their SNMP is Dead presentation in 2018.

Welp, it’s four years later, and SNMP still isn’t dead. And since I have my not-so-bold prediction hat on, I say it won’t be dead four years from now either. However, there are SNMP alternatives out there now, and they do offer some advantages. And, in the long term, I not-so-boldly predict we’ll see SNMP give way to some of them.

Why SNMP isn’t dead

Even the most ardent of those claiming that “SNMP is dead” still concede it’s in widespread use. They tout the emergence of SNMP alternatives like telemetry streaming as an indicator that the age of SNMP is over. Frankly, the general point has some merit. In a decade or more, it’s likely that SNMP (v2, v3 and whatever iterations come after) won’t be as ubiquitous as it is today.

It might even be fair to call it “dead” sometime in the 2030s. But as of today, it’s still alive and well.

Let’s get a bit more specific about why:

• Major network vendors still widely support SNMP. You’d be hard-pressed to find network vendors that don’t support SNMP. Even more modern tech like Cisco SD-WAN devices supports SNMP. So do 9200-series Catalyst switches. So does Juniper gear. And F5 Devices. You get the point.
• Network monitoring tools still use SNMP. While SNMP isn’t the only network monitoring protocol, its ubiquity makes it table stakes for all network monitoring software. You’ll not find it in most modern network monitoring tools.
• SNMP can be implemented “securely.” There are absolutely valid security concerns when it comes to SNMP. Not only are SNMP v1 and SNMP v2c plaintext protocols left unhardened, but SNMP can also unintentionally leak a lot of data about your network infrastructure. The practical question for IT is whether or not SNMP can be implemented securely enough to be viable on production networks. In most cases, it can. Between the security enhancements added in SNMP v3, ACLs, and dedicated management networks, a reasonably secure SNMP implementation is possible.
• Entry-level certifications still cover SNMP. Both the current CompTIA Network+ and the CCNA call out SNMP. I’ll admit that IT certs aren’t always up-to-date. And with their DevNet push and network programmability focus, Cisco is absolutely nudging the next generation of IT towards SNMP alternatives. However, the N10-008 is a recent refresh for CompTIA, and Cisco went through their famous “certpocalypse” in 2020 to modernize their certs. Both decided to leave SNMP as part of the curriculum.

Additionally, some of the commonly cited evidence of SNMP’s demise doesn’t quite hold water if you dig a little deeper. Case in point: Google Trends is often cited as evidence of the decline in interest in SNMP. The fact that the Trend graph for the term “SNMP” looks like this:

Clearly, that implies a decreased interest. That’s a fair point. But, let’s compare SNMP searches to other terms you might associate with SNMP alternatives, like NETCONF, RESTCONF, and streaming telemetry.

In that context, SNMP doesn’t look dead at all. It is true that there are use cases—such as the Google network itself—where SNMP is a thing of the past, but the important detail here is that those networks aren’t really representative of most networks.

The bottom 99% of networks are different than the top 1%

Jean Yang of Akita Software wrote a great article about building for the 99% of developers. The basic idea is simple: what works well for FAANG-like development teams doesn’t necessarily work well for non-FAANG teams that lack that size, scale, and expertise.

That same principle applies to the world of networking too. Hyperscale networks, with teams of experts and the ability to heavily invest in standardization and optimization, have different requirements than, say, IT staff at a school district, SMB, or healthcare network.

For the 1% of hyperscalers, it makes perfect sense to optimize just about everything. And moving away from SNMP-polling to a push-based SNMP alternative like telemetry streaming makes sense. There’s a performance gain, network visibility improves, and they can invest the money, time, and expertise it takes to standardize their equipment and processes to benefit from the switch.

For the IT professionals and network MSPs in the bottom 99%, the reality is different. Network devices are a mix of vendors, versions, and capabilities. Budgets are limited. Network teams have to wear all the hats, and can’t hyper-specialize like FAANG teams. And they still need to monitor their networks.

And the incremental performance gains to be had from switching away from SNMP often aren’t worth the effort for the 99%. While CPU utilization increases with polling rates, for most use cases, it isn’t enough to be a major driver of network congestion or performance issues.

SNMP monitoring is still widely supported and a common aspect of effective switch management. Additionally, devices like UPSes, PDUs, printers, and IP cameras may not offer any viable SNMP alternatives. SNMP is the only network monitoring protocol ubiquitous enough, and good enough to get the job done, and the switching costs to an SNMP alternative are high. Until one or more of those stops are true for 99% of IT, we can expect SNMP to stick around for a while.

You don’t have to take my word for it. Reading posts of IT pros on forums like Spiceworks, r/sysadmin, and Hacker News will tell the same story: SNMP is still alive for the 99% of IT. Similarly, nothing we’ve noted in our MSP trends report suggests the death of SNMP is imminent.

SNMP alternatives: What else could you use?

There’s no one-size-fits-all answer when it comes to SNMP alternatives. In part, that’s because SNMP doesn’t just do one thing. For example, you can use SNMP for:

• Monitoring: SNMP polling (using SNMP GET, GETNEXT, GETBULK, etc.) is one of the most common SNMP use cases. SNMP polling enables a variety of network discovery, network monitoring, and network mapping applications.
• Fault detection/event notification: SNMP TRAPs and INFORMs allow SNMP devices to send notifications when a fault or notable event occurs (e.g. a port goes down or a UPS goes on battery).
• Configuration: SNMP SETs allow SNMP managers to configure and control SNMP devices.

What makes a viable SNMP alternative depends on which SNMP use case you’re looking to replace. A lot of the hype in the industry is around “streaming telemetry”, so let’s start there.

Streaming telemetry

For the uninitiated, understanding streaming telemetry isn’t always easy. I’ll try to keep it simple here and use SNMP as a reference to add context.

While SNMP uses MIBs based on SMI/ASN.1 data models, streaming telemetry data models are based on YANG (Yet Another Next Generation), which is described in RFC7923, and OpenConfig. Network devices store their configuration and operational data in these data models and allow external entities to read or update data.

From a network monitoring perspective, SNMP was based on a “pull” model where the SNMP manager had to poll SNMP devices for information. Streaming telemetry uses a publish/subscribe (pub/sub) model. Collectors can subscribe to topics that contain relevant data and the network device will publish the data for consumption— which is why you may hear streaming telemetry vs SNMP described as “push vs pull”.

When compared to SNMP, streaming telemetry allows for a more granular collection of periodic data (such as bandwidth consumption or CPU utilization), enables the incorporation of timestamps along with data (which SNMP polls lack), and makes it easier to integrate network data into open source tooling and network programmability workflows.

In addition to periodic data streams, streaming telemetry can also publish “on change” messages. These notifications can replace or supplement SNMP TRAPs and INFORMs for fault detection and event notification. Administrators can also use protocols like gNMI, RESTCONF, or NETCONF to update device configurations and replace SNMP SETs (or CLI commands).

Other SNMP alternatives

Given where network vendors like Cisco and Juniper seem to be headed, streaming telemetry, and protocols like gNMI and NETCONF, are likely to continue to grow in popularity in the years to come. But they’re not the only SNMP alternatives out there. Other protocols and tools can supplement or replace SNMP for certain use cases too.

• REST and SOAP APIs. Many applications and network devices expose an API that can be used for configuration, control, or monitoring. vCenter’s REST API is a good example of what’s possible with an HTTP-based RESTful API.
• WMI and CIM. Windows Management Instrumentation (WMI) is a popular implementation of the Common Information Model (CIM) for monitoring and managing Windows devices. In many cases, particularly in Windows environments, WMI or CIM can supplement or replace SNMP.
• IPMI. Intelligent Platform Management Interface (IPMI), and vendor-specific implementations like Dell’s IDRAC and HP’s ILO, provide an out-of-band option for server monitoring and management.
• ICMP. Internet Control Message Protocol (ICMP), the protocol that powers ping, can enable simple up/down monitoring and tell you quite a bit about network performance.
• Syslog. Syslog provides a standard to categorize and centralize network log information and can help enable fault detection, event notification, and other network monitoring use cases.
• SSH/Telnet. Sometimes, a command-line interface (CLI) is just the best way to get something done. While network programmability and APIs are replacing the CLI in some cases, it’s still a network staple. The CLI of a network device can do everything from basic switch configuration to capturing detailed metrics on network performance.
• Agent-based monitoring. In some cases, such as server performance monitoring, installing an agent that captures and exposes metrics can provide details that agentless monitoring cannot. The tradeoff is the complexity and bloat of installing an agent.
• Flow protocols. When it comes to network performance, it’s hard to beat flow protocols like NetFlow and sFlow. Coupled with the right analytics, flow protocols can help answer the “who”, “what”, and “where” questions on a network with plenty of granularity. Our TrafficInsights feature is a great example of what’s possible with flow protocols.

Final thoughts: Ubiquity is a feature

SNMP isn’t dead in large part because it’s simply everywhere. That ubiquity drives adoption, driving a positive feedback loop. Until we see the cost of supporting SNMP outweigh the benefits for the 99% of IT and MSP teams, expect it to stick around. The real beginning of the end for SNMP likely comes when the major network vendors (Cisco, Juniper, etc.) drop support. Even then, with such a large footprint, we can expect SNMP to have a long, long tail.

---

Want to see how you can harness the power of SNMP, along with advanced protocols including flow, into a truly intelligent network monitoring and management software solution? Give Auvik a risk-free 14-day trial today and see what you’ve been missing.