The average organization today runs a network of tens, thousands or, for the largest corporations, millions of network and system devices. A big part of IT operations management is keeping tabs on the health and status of network infrastructure and enterprise devices. Now imagine a network administrator (let’s call her Jessica) who’s interested in regularly checking the status of a specific device down the hallway. So, every hour, Jessica gets up from her chair and walks to where the node is to confirm that it’s working as it should. Now imagine that Jessica needs to monitor a dozen devices, and that half are in a data center across town. 3 months later, her company is acquired by a much larger firm, and she is now responsible for 100s of devices spanning the globe. It’s a whole different ballgame though when you have dozens or more nodes.
That’s why businesses today must procure a network management suite or other automated mechanisms of monitoring their corporate network. There are numerous tools one could use to collect network device information. The overwhelming majority of such tools are based on SNMP technology.
What is SNMP
Introduced in 1988, Simple Network Management Protocol (SNMP) is a widely used protocol that monitors and manages the devices on a network. It operates at the application layer of the networking stack. SNMP establishes a standard language format and a common framework for use by all network devices. The devices can convey information to one another via port 161 even though they run on diverse software and hardware. Simply put, SNMP is the tool that allows a user to "talk" to all of the system's devices.
What is SNMP Used for
SNMP is the principal protocol used to retrieve network information or configure network devices. A network administrator, a network administrator can keep watch over thousands of nodes with a single dashboard. This interface would facilitate everything from automatic alerts to batch commands.
In the absence of essential protocols like SNMP, it would be hard for network management tools to, in real-time, identify network devices, track network performance, monitor network changes or determine the status of nodes.
How SNMP Works
SNMP is based on a client-server model. It relies on a mixture of push and pull messaging between the SNMP Manager (the server) and SNMP agents (the clients). It can be configured as read-only (information retrieval) or read-write (information retrieval and device configuration). It can issue commands such as password reset or configuration changes. It can determine the amount of memory, CPU, and network bandwidth in use at any given time. Some SNMP managers send the administrator a text or email message once a certain predefined threshold is breached. Most SNMP network management communication is synchronous. That is, the SNMP manager initiates a query and the SNMP agents respond with the information requested before the manager can make another query.
Components of SNMP
SNMP has four main components.
Managed Network Nodes
SNMP helps monitor all devices on the network that are running an SNMP agent. These managed nodes capture and store information that they then make available to an SNMP agent as they await information requests from the SNMP manager. The managed nodes could be servers, desktop computers, laptops, smartphones, VoIP phones, smartwatches, routers, switches, printers, and scanners. They may also include Internet of Things (IoT) devices such as smart locks, security cameras, large screen displays, HVACs, smart meters, air quality sensors, motion sensors, and office robots.
This is a client application running on the monitored node. It collects various metrics such as disk space and bandwidth use. The SNMP agent is the workhorse of SNMP and is where much of the more complex action occurs. The agent retains an organized inventory of settings, parameters, and more. When contacted by the SNMP Manager (which we discuss shortly), the agent relays this information back to the manager. Agents may also send information without prompting especially when errors are involved.
Virtually all modern computing hardware comes with an SNMP agent preinstalled. The agent won’t send the data to just any SNMP manager. The manager must be pre-authenticated with the right credentials. The agent can also be configured to serve as an intermediary between an SNMP manager and devices its connected to but that aren’t configured for SNMP. This capability makes it immensely scalable.
The SNMP Manager is the network management system that serves as a central console where all SNMP agents feed device data. It translates information from agents into a readable format for the network administrator’s consumption. Readable formant could mean reports, graphs, alerts, and more. It provides the bulk of memory and processing resources needed for network management.
The manager polls agents for information at regular intervals. What the manager does with the information it receives is dependent on its feature set and sophistication. There’s a wide range of free SNMP managers available on the web but you often get what you pay for (or don’t pay for in this case). Free managers are greatly constrained in their abilities or the number of nodes they can support.
Enterprise-grade SNMP managers, on the other hand, have highly advanced features that are a great fit for complex networks. Some of the things they can do include performing inventory, generating reports, analyzing data over long periods for performance problems, identifying bottlenecks and sending text or email alerts when a key system fails. While businesses can expect to make large investments of time, resources, and money into these technologies, the return on investment from fewer issues, shorter down times, and automation makes the investment more than worth it.
Management Information Base (MIB)
This is the component of SNMP that most people find most difficult to understand. The MIB is a hierarchical text file loaded onto the SNMP manager that lists and describes the properties of a node that can be controlled or queried via SNMP. In simpler terms, the MIB is the set of questions the SNMP manager is authorized to ask the SNMP agent. Each item in a MIB is assigned a unique identifier referred to as an object identifier or OID.
- GET: Sent by the SNMP manager to an SNMP agent to obtain the value of a given object.
- RESPONSE: Reply to a GET request.
- GETNEXT: Sent by the manager to obtain the next OID value in the MIB.
- GETBULK: A batch command to retrieve the values of multiple variables at one go without the need to issue the GETNEXT command repeatedly.
- SET: Sent by the SNMP manager to an SNMP agent, SET modifies the value of a node configuration variable.
- TRAP: Asynchronous communication from an SNMP agent to the SNMP manager indicating the occurrence of a failure, error, restart, lost connection, improper authentication, or another significant event.
- INFORM: INFORMs is a form of TRAP that request a delivery receipt from the SNMP manager.
TRAP versus INFORM
We mentioned that the SNMP manager primarily works synchronously. The asynchronous commands TRAP and INFORM are therefore the exception, which is why it’s necessary to take a closer look at them.
Both INFORM and TRAP serve the same purpose but INFORM is more reliable than TRAP because it requests an acknowledgment of receipt. When the SNMP manager receives an INFORM, it must send back the acknowledgment. If the sending agent doesn’t receive an acknowledgment, it can send the INFORM again.
TRAPs are used more frequently since they consume fewer network resources. Whereas a TRAP is discarded immediately it’s sent, an INFORM is retained in memory until the request times out or an acknowledgement is received. Also, a TRAP will only be sent out once whereas an INFORM could be resent multiple times. The INFORM retries increase network traffic contributing to higher network overheads.
TRAP and INFORM are therefore a trade-off between network resources and communication reliability. By monitoring memory usage and traffic volume, network administrators can determine whether they have adequate spare capacity to use INFORMs.
SNMP Pros Heavily Outweigh the Cons
True to its name, SNMP is founded on relatively simple logic which is why it can be applied to virtually any network size. But as we alluded to at the beginning, its advantages become more apparent the larger the network involved. Individually and manually logging into thousands of network nodes would be impossible (or at the minimum, extremely time-consuming).
Like any other technology, it does have its shortcomings. These cons are more pronounced in the older versions of it. The most recent version (released in 1998) includes security improvements that not only encrypt and authenticate its messages but also protect in-transit packets. Still, any drawbacks pale in comparison to the network management advantages SNMP delivers.
You now have a good enough working knowledge of SNMP in networking to shop for and implement an appropriate network monitoring solution for your business.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.