SNMP

What is Simple Network Management Protocol (SNMP)?

What is SNMP?

Simple Network Management Protocol (SNMP) is a networking protocol used for the management and monitoring of network-connected devices in Internet Protocol networks. The SNMP protocol is embedded in devices such as routers, switches, servers, firewalls, and wireless access points accessible using their IP address. SNMP provides a common mechanism for network devices to relay management information within single and multi-vendor LAN or WAN environments. It is an application layer protocol in the OSI model framework.

Typically, the SNMP protocol is implemented using the User Datagram Protocol (UDP). UDP is a connectionless protocol that works like the Transmission Control Protocol (TCP) but assumes that error-checking and recovery services are not required. Instead, UDP continuously sends datagrams to the recipient whether they receive them or not.

SNMP Management Information Bases (MIBs) are data structures that define what can be collected from the device and what can be configured. There are many MIBs defined by standards bodies such as the IETF and ISO, as well as proprietary MIBs defined by specific IT equipment vendors such as Cisco and software vendors such as Microsoft and Oracle.

There are three different versions of SNMP:

  • SNMP version 1 (SNMPv1): This was the first implementation, operating within the structure management information specification, and described in RFC 1157.
  • SNMP version 2 (SNMPv2): This version was improved to support more efficient error handling and is described in RFC 1901. It was first introduced as RFC 1441. It is often referred to as SNMPv2c.
  • SNMP version 3 (SNMPv3): This version improves security and privacy. It was introduced in RFC 3410.

SNMP version 2 is the most commonly deployed SNMP protocol version today. The most recent iteration, SNMP version 3, includes security features that support authentication and encrypting SNMP messages as well as protecting packets during transit.

SNMP Runtime Components

These are the main runtime components in an SNMP-enabled environment:

  • SNMP-managed devices and resources: These are the devices and network elements on which an agent runs.
  • SNMP agent: This software runs on the hardware or service being monitored by SNMP, collecting data on various metrics like CPU usage, bandwidth usage or disk space. As queried by the SNMP manager, the agent sends this information back to the SNMP management system.
  • SNMP manager (also referred to as SNMP server): This component functions as a centralized management station running an SNMP management application on many different operating system environments. It actively requests agents send SNMP updates at regular intervals.
  • Management information base (MIB): This data structure is a text file (with a .mib file extension) that describes all data objects used by a particular device that can be queried or controlled using SNMP including access control. Inside the MIB there are many different managed objects which can be identified by Object Identifiers. An Object Identifier (OID) is a MIB identifier that is used to delineate between devices within the MIB. OIDs are unique generated as numeric identifiers used for access to MIB objects.

In operation, the Simple Network Management Protocol uses one or several administrative SNMP managers, which oversee groups of networked computers and associated devices. A continually running software program, called an agent, feeds information to the managers by way of SNMP. The agents create variables out of the data and organizes them into hierarchies described by management information bases.

SNMP is one of the most widely deployed networking industry protocols and is supported on a variety of hardware—from common network elements like routers, switches, and wireless access points to endpoints such as printers, scanners, and Internet of Things (IoT) devices. In addition to hardware, SNMP can is used to monitor Dynamic Host Configuration Protocol (DHCP) configuration services.

While SNMP is used in a network of any size, its biggest value is when used in larger networks. By using SNMP, a network administrator is able to manage and monitor all SNMP devices from a single interface.

SNMP Commands

SNMP performs many functions that rely on a mix of push and pull communications between network devices and the network management system. At its core set of functions, it can execute read or write commands, such as resetting a password or changing a configuration setting. It can also determine how much network bandwidth, CPU and memory are in use. Some SNMP managers can automatically send the administrator an email or text message alert if a predefined threshold is exceeded. The following PDUs, or protocol data units, describe the messaging commands supported by the protocol:

  • Get Request: A request to retrieve the value of a variable or list of variables.
  • Set Request: Sent by the SNMP manager to the agent to issue configurations or commands.
  • GetNext Request: Sent by the SNMP manager to agent to retrieve the values of the next record in the MIB's hierarchy.
  • GetBulk Request: Sent by the SNMP manager to the agent to obtain large tables of data by performing multiple GetNext Request commands.
  • SNMP Response: Sent by the agent to the SNMP manager, issued in reply to a
  • SNMP Trap: Asynchronous trap messages from SNMP agents alert an SNMP manager that a significant event such as an error or failure, has occurred.
  • SNMP Inform: Confirms receipt of a trap.

SNMP ports are utilized via UDP 161 for SNMP Managers communicating with SNMP Agents (i.e. polling) and UDP 162 when agents send unsolicited Traps to the SNMP Manager.

Limitations of SNMP Management

One of the chief limitations of SNMP comes from its focus on device-specific metrics. While these are essential to understanding device status, they are siloed from other infrastructure data sets such as traffic flow records. In addition, SNMP doesn't provide any insight into user experience or digital experience.

See how ThousandEyes network monitoring can help you to complement your current internal network SNMP monitoring practices with a top-down approach to Digital Experience Monitoring that incorporates app experience, end-to-end network metrics, network paths, Internet routing and outage insights, plus SNMP device layer status and context.