“Cool and evil.”
That’s how Paul Querna summed up the Simple Network Management Protocol, or SNMP, back in 2003. He was writing about how the protocol can be used to collect lots of network information easily, but can also seem convoluted.
Querna’s phrase sums up SNMP quite effectively. The protocol certainly has its shortcomings, just like any other technology. And those drawbacks are more pronounced in some SNMP versions than in others.
At the same time, though, SNMP is a vital tool for effective network management. It’s not perfect, but it’s one of the best solutions available for monitoring and managing devices on the network.
Below, I discuss SNMP’s role in network management, identify the various SNMP versions available, and explain how to use SNMP effectively and securely on your network.
What is SNMP?
SNMP is a network protocol created in 1989 to provide a consistent and reliable way for different devices on a network to share information with one another. It allows devices to communicate even if the devices are different hardware and run different software.
Without a protocol like SNMP, there would be no way for network management tools to identify devices, monitor network performance, keep track of changes to the network, or determine the status of network devices in real time. .
SNMP has a simple architecture based on a client-server model. The servers, called managers, collect and process information about devices on the network.
The clients, called agents, are any type of device or device component connected to the network. They can include not just computers but also network switches, phones, printers, and so on. Some devices may have multiple device components. For example, a laptop typically contains a wired as well as a wireless network interface.
SNMP data hierarchy
While the SNMP architecture is simple, the data hierarchy the protocol uses can seem complicated if you’re not familiar with it. Fortunately, it’s relatively simple once you understand the philosophy behind it.
To provide flexibility and extensibility, SNMP doesn’t require network devices to exchange data in a rigid format of fixed size. Instead, it uses a tree-like format, under which data is always available for managers to collect.
The data tree consists of multiple tables (or branches, if you want to stick with the tree metaphor), which are called Management Information Bases, or MIBs. MIBs group together particular types of devices or device components. Each MIB has a unique identifying number, as well as an identifying string. Numbers and strings can be used interchangeably (just like IP addresses and hostnames).
Each MIB consists of one or more nodes, which represent individual devices or device components on the network. In turn, each node has a unique Object Identifier, or OID. The OID for a given node is determined by the identifier of the MIB on which it exists combined with the node’s identifier within its MIB.
This means OIDs take the form of a set of numbers or strings (again, you can use these interchangeably). An example is 126.96.36.199.4.8188.8.131.52.184.108.40.206.3.3562.3.
Written with strings, that OID would translate to:
Using the OID, a manager can query an agent to find information about a device on the network. For example, if the manager wants to know whether an interface is up, it would first query the interface MIB (called the IF-MIB), then check the OID value that reflects operational status to determine whether the interface is up.
Why use OIDs?
The MIB and OID data hierarchy may seem confusing, but there are several important advantages to a system like this. One is that information can be pulled by the manager without having to send an explicit request for the agent to collect it. That reduces overhead and ensures information about the network’s status is always readily available.
The system also provides an easy, flexible way to organize many devices across a network. It works no matter how large or small the network is, or what kind of devices are on it.
SNMP also makes it possible to collect large amounts of information quickly without clogging the network with traffic. Because information about device status is always available in a simple format and is updated in real-time, managers can pull it without waiting for the data to be collected or requiring large data transfers.
Last but not least, it’s worth noting that some OID values are vendor-specific, which makes it easy to gain some information about a device based simply on its OID. For example, if an OID starts with 220.127.116.11.4.1.9, it applies to a Cisco device. Other vendors have their own OID specifications. (Wireshark, the open source network scanner, offers a handy OID lookup tool.) The standard OID prefix, which can be used for almost any device that supports SNMP, is 18.104.22.168.2.
The final important thing to understand about SNMP is that the features available in different versions of the protocol vary widely, especially when it comes to security.
As well, SNMPv1 uses certain default credentials, which admins don’t always update, making it easy for unauthorized parties to gain access to sensitive information about the network. Unfortunately, SNMPv1 is still used on a relatively wide basis today because some networks haven’t yet updated.
SNMPv2, which appeared in 1993, offered some security enhancements but it was supplanted in 1998 by SNMPv3, which remains the most recent version of the protocol and the most secure.
SNMPv3 makes data encryption possible. It also allows admins to specify different authentication requirements on a granular basis for managers and agents. This prevents unauthorized authentication and can optionally be used to require encryption for data transfers.
The bottom line is that, while the security issues in SNMPv1 earned SNMP a bad name in some circles, SNMPv2 and especially SNMPv3 solved those problems. The newer versions of SNMP provide an up-to-date, secure way to monitor the network.
If the poor security in SNMPv1 has you worried, fret not. SNMP is not normally enabled by default on devices. That means that, in most cases, admins have to log in and turn it on in order to make SNMP data available. This requirement reduces the risk of running an insecure SNMP version without realizing it.
This also means that to use SNMP to manage your network, you usually have to enable it first.