SNMP Tutorial

What is SNMP?

Simple Network Management Protocol (SNMP) was originally made for the management of devices such as switches and routers, its usage has grown so much nowadays that it is used for monitoring of nearly any electronic device one can think of.  It is a protocol which is majorly designed to manage networked devices from a single-central location. SNMP is now used to monitor and manage television broadcast studios, airborne military platforms, automated fare collection systems, emergency radio networks, energy distribution systems, and much more.  Microsoft Windows Server 2003 provides SNMP agent software that works with third-party SNMP management software to monitor the status of managed devices and applications.


SNMP Architecture

SNMP ARCHITECTURE

As SNMP is a client/server protocol, SNMP nodes can be classified as either clients (SNMP managers) or servers (SNMP agents). SNMP managers, also called network management systems (NMSs), have a more central role in the network. It will actively query and collect messages from SNMP agents in the network. The agent also has the controls on the access to the agent’s Management Information Base (MIB), MIBs are nothing but text files, and values of MIB data objects are the topic of conversation between Managers and Agents. MIBs describe the structure of the management data of a device subsystem; they use a hierarchical namespace containing object identifiers (OID).Each MIB object definition has a unique OID; the concept of OID is very similar to Modbus Register in Modbus Protocol. An OID consists of a dotted list of integers. For example, within the MIB of a particular UPS, the OID for data object.

 Example of and OID is “upsThreePhaseInputFrequency” is “.1.3.6.1.4.1.935.1.1.1.8.2.1”.

 

When Managers and Agents communicate, they refer to MIB data objects using OID’s.
An OID sent with a corresponding value {OID,Value} is referred to as “binding”.

As SNMP agents are individual SNMP processes running on a host, multiple agents can be active on a single network node at any given time. The SNMP agent provides the interface between the manager and the physical device(s) being managed.




Various Commands in SNMP Protocol

SNMP has been accepted widely around the world because it has very specific commands. Also there a few commands to remember and they still get the job done. Here is a list of few commands used in SNMP:

  • GET: These commands are sent by a Manager to an Agent to request data values defined by a MIB. The Agent will respond with the requested values. It is performed to retrieve one or more values from the managed device.
  • GET BULK: The GETBULK operation is used to retrieve huge data from large MIB table.
  • GET NEXT: This operation is similar to the GET. The significant difference is that the GET NEXT operation fetches the value of the next OID in the MIB tree.
  • SET: A SET message allows the manager to request a change be made to the value of a specific variable in the case of an alarm remote that will operate a relay. This operation is used by the managers to modify or assign the value of the Managed device. The agent will then respond with a GET-RESPONSE message indicating the change has been made or an error indication as to why the change cannot be made.
  • TRAPS: All the above commands are initiated from the SNMP Manager, but TRAPS are initiated by the Agents. It is a signal to the SNMP Manager by the Agent on the occurrence of an event. It is a spontaneous command to manager about an important event.
  • INFORM: This command is similar to the TRAP initiated by the Agent, additionally INFORM includes confirmation from the SNMP manager on receiving the message.
  • RESPONSE: It is the command used to carry back the value(s) or signal of actions directed by the SNMP Manager.
How does communication take place in SNMP?

As SNMP is the part of TCP⁄ IP protocol suite, the SNMP messages are wrapped as User Datagram Protocol (UDP) and intern wrapped and transmitted in the Internet Protocol.

Commands get GET⁄ GET NEXT⁄ GET BULK⁄ SET communicate as below:


Various SNMP Versions

Three messaging protocols exist:

  • SNMPv1 was introduced first, and it is still wide used in wide areas. It implements “get”, “getnext”, “getresponse”, “set”, and “trap” operations. The community string acts as a password and so security for SNMPv1 is based on a “community string” that is transmitted along with every message. Only if the Manger includes the correct password in a request to an agent, the agent will send a response. The community string is not encrypted and thus the security it provides is weak.
  • SNMPv2c: It introduced the ability to transmit SMIv2 MIB-definitions of type “Counter64”.SNMPv2c also provides expanded messaging operations: “getbulk”, “inform”, “report”, and a new “v2trap” operation (same functionality as the v1 “trap”).  It also introduced enhanced error responses by Agents. SNMPv2c utilizes the same community string security as SNMPv1.
  • SNMPv3 is the most recent introduction, and it is a major step forward in improving security. One of them is user Authentication: Which is verifiying of the identity of the SNMP Entity (Manager or Agent) sending the request. Managers and Agents share knowledge of valid users, and there is a shared secret key defined for each user. One another one feature is Encryption in which message payload can be optionally encrypted based on a second shared key. VACM (View Access Control Model) is also an added security feature. In this agents can now be configured to control that can access which MIB Objects under agent management.  For example, User = “Operations Chief” can access critical read-write control data, while User = “Plant Monitor” can access only read-only status data.

 Each version had the following security aspects:

SNMP v1   -   Community–based security

SNMP v2c -   Community–based security

SNMP v2u -   User–based security

SNMP v2   -   Party–based security

SNMP v3   -   User–based security

Tested Devices

Advantages of SNMP

  • The popularity of Protocol is widespread       
  • Agents do not hinder the processing of monitored system at all.
  • Many standard MIBs are available for free.
  • Many products available which support SNMP.
  • Protocol well suited for remote monitoring and control.
Applications
  •  Monitoring device performance
  •  Detecting device faults, or recovery from faults
  •  Collecting long term performance data
  •  Remote configuration of devices
  •  Remote device control