The Ultimate Guide to SNMP

The Ultimate Guide to SNMP

Simple Network Management Protocol (SNMP) is a basic network protocol designed to collect and report data from network devices connected to IP networks — even if the devices are different hardware and run different software. Most modems, routers, switches, servers, workstations, and printers will support SNMP communication. SNMP messages are transported via UDP on port 161.

Without a protocol like SNMP, there would be no way for network management tools to identify devices, monitor network performance, keep track of changes to the network or determine the status of network devices in real-time. SNMP shares system status and configuration information from within a devices Management Information Database (MIB), which can be queried at any time by applications (like Auvik!).

SNMP has a simple architecture based on a client-server model:

• The servers, called managers, collect and process information about the managed devices on the network
• The clients, called agents, are any type of managed device or device component connected to the network. They can include not just computers, but also network switches, phones, printers, and so on. Some devices may have multiple device components. For example, a laptop typically contains a wired as well as a wireless network interface.

It’s important to note,  SNMP itself does not define what data points are polled from a managed system. Rather, SNMP uses an extensible design that allows applications to define their own hierarchies.

The reverse is also true. SNMP can be used to write configuration to networked devices, but this generally requires a more secure version of SNMP (SNMPv3) and devices on your network that support OID changes in this way. It is also a possible vector for attacks, whereby a malicious actor could gain control of devices via this SNMP write feature. Past examples include denial of service attacks and IP address spoofing. It is recommended that SNMP be disabled on networks by default if not in use.

Three significant versions of SNMP have been developed and deployed. SNMPv1 is the original version of the protocol. More recent versions, SNMPv2c and SNMPv3, feature improvements in performance, flexibility and security.

What to go deeper? You may like this article: What Is SNMP and How Does It Work? 

What’s the difference between SNMPv2 and v3?

The features available in different versions of the SNMP protocol vary widely, especially when it comes to security. Note: technically, SNMPv1 is still around, but it is considered extremely unsafe, inefficient, and should not be used.

SNMPv2, in a nutshell, builds off the original core functions of v1, such as GET, TRAP, SET and RESPONSE. SNMPv2 brings 64-bit counters to the table, as well as improvements in security, a greater degree of flexibility when establishing hierarchical management structures, and a simpler MIB discovery. It also introduced new commands, including INFORM and GETBULK to help collect more information. However, SNMPv2 contains a number of security vulnerabilities that makes it unsuitable for external networks.

SNMPv3 was largely developed to close those security holes. With v3:

• Every interaction with a device on the network is effectively authenticated and encrypted
• Users can be assigned access levels, restricting what information they can view
• Access groups can be created to help enforce security

Want to learn which version of SNMP is right for your network. Check out our comparison blog: SNMPv2 vs. SNMPv3: An SNMP Versions Comparison Table

What is an OID?

To provide flexibility, SNMP uses a tree-like format to share information, under which data is always available for IT teams and software to collect.

The data tree consists of multiple tables (or branches) that group together similar devices, called Management Information Bases, or MIBs. Each MIB has a unique identifying number, as well as an identifying string. Each device listed under a MIB (called nodes) is given a unique object identifier, or OID.

There’s a lot of good reasons to use SNMP MIBs and OIDs to help monitor your network:

• Information can be pulled by any IT admin at any time, reducing overhead and ensuring information about the network’s status is always available
• It works no matter how large or small the network is, or what kind of devices are on it
• Some OID values are vendor-specific, which makes it easy to gain some information about a device based simply on its OID
• SNMP makes it possible to collect large amounts of information quickly without clogging the network with traffic.

Another advantage of OIDs is they represent a quick way to zero in on any device in a large network quickly. Sometimes you’ll want to look up a custom OID so you can add it to your monitoring by hand. That’s when you’ll need to use an OID lookup service. There are a number of online resources available that offer OID lookup capabilities. As well, vendor-specific databases provide more information about OIDs that you can generally find in a broad weblist.

Want to learn more tips on how to look up OIDs? This article is for you: How to Look Up a Custom OID

Are there SNMP alternatives?

Despite any rumors you may hear, SNMP isn’t going anywhere anytime soon. That said, SNMP is considered “long in the tooth” as a protocol, and there have been many alternatives developed that look to either complement or replace it, including:

• REST and SOAP APIs. Many applications and network devices expose an API that can be used for configuration, control, or monitoring. vCenter’s REST API is a good example of what’s possible with an HTTP-based RESTful API.
• WMI and CIM. Windows Management Instrumentation (WMI) is a popular implementation of the Common Information Model (CIM) for monitoring and managing Windows devices. In many cases, particularly Windows environments, WMI or CIM can supplement or replace SNMP.
• IPMI. Intelligent Platform Management Interface (IPMI), and vendor-specific implementations like Dell’s IDRAC and HP’s ILO, provide an out-of-band option for server monitoring and management.
• ICMP. Internet Control Message Protocol, the protocol that powers ping, can enable simple up/down monitoring and tell you quite a bit when measuring network performance.
• Syslog. Syslog provides a standard to categorize and centralize network log information and can help enable fault detection, event notification, and other network monitoring use cases.
• SSH/Telnet. Sometimes, a (remote) command-line interface (CLI) is just the best way to get something done. While network programmability and APIs are replacing the CLI in some cases, it’s still a network staple. The CLI of a network device can do everything from basic switch configuration to capturing detailed metrics on network performance.
• Agent-based monitoring. In some cases, such as server performance monitoring, installing an agent that captures and exposes metrics can provide details that agentless monitoring cannot. The tradeoff is the complexity and bloat of installing an agent.
• Flow protocols. When it comes to network performance, it’s hard to beat flow protocols like NetFlow and sFlow. Coupled with the right analytics, flow protocols can help answer the “who”, “what”, and “where” questions on a network with plenty of granularity.

There’s a lot of arguments for and against the ongoing use of SNMP. Dive in here: What Else But SNMP?

How does SNMP help Network Monitoring and Management?

Monitoring networked devices is the core function of SNMP. Since its inception in the 1980s, SNMP has continued (albeit slowly) to evolve as the universal standard for collecting key metrics on devices and individual component performance.

Auvik leverages SNMP by polling devices with a network agent. This agent (the “collector”), is installed on each end device and requests data metrics and reports it back to your Auvik system.

SNMP allows this data collection and reporting to happen quickly and in real-time. No more waiting for data to be ready to transmit, as SNMP is constantly available.

The result is the ability for Auvik to create, among other things, a real-time network infrastructure map— a visualization of the devices, physical connections, and logical connections in a network. From visibility, to troubleshooting, to planning, the most important strategic and practical work of maintaining any network system starts with a network map.

Network maps, sometimes called network diagrams, are one of the most important pieces of network documentation you can have. At a high-level, we can group network maps into two categories:

• Physical network map. A physical network map details the physical devices, cables, connections, and locations on a network. For example, a physical network map might display the Layer 1 connections between devices (e.g., cables and ports) on a network, the devices themselves, and even position in a server rack.
• Logical network map. A logical network map details the logical connections between devices on a network. For example, a logical network map might visualize the Layer 2 and Layer 3 connections that enable data to flow from a server to a default gateway such as a firewall, and then the internet.

Much of the data used to create Layer 2 and Layer 3 maps are captured using SNMP. See our explainer on the OSI model for more information on Layers

There’s a lot more to learn about why SNMP lives at the heart of a good real time monitoring system. Check out out explainer in this article: 7 Best Network Infrastructure Mapping Tools