WebJunction

What is SNMP?

SNMP is a distributed system for network management that focuses on centralizing various messages and monitoring the state of the network. This means that you can use SNMP on a variety of devices, including servers and computers, to gather information about their status and performance.

The basic structure of SNMP functions along the lines of a manager and an agent. The manager sends out messages and coordinates the collection of the information, while the agent runs on the network device (router, server, etc.) and answers the query from the manager. It does this by forming queries according to a format understood by the device. With the plethora of network and computer device manufacturers, this could lead to a lot of havoc. Instead, this is avoided by agreeing to a standard way of implementing these queries and the responses to them.

The Internet Engineering Task Force (IETF) defines the format and method for the messages exchanged. The IETF issues Requests for Comments (RFCs) that go through various stages until they are formally approved. Vendors then build their software or product to adhere to this standard. There are Internet Engineering Task Force (IETF) standards for all SNMP versions 1 - 3. Presently the standard for version1 (v1) is historic which means that no further development is taking place on it. Vendors may issue bug fixes and such on this version of SNMP but they will no longer create new features. Of course, sometimes things do not work out smoothly and vendors will not agree on a standard. This happened with the second version of SNMP (known as SNMPv2), but it appears that any differences have now been settled in the most recent version of SNMP (known as SNMPv3). Even with the differences between vendors, most have agreed upon a subset of SNMPv2 known as SNMPv2c that they support in their products. The bottom line: it is safe to use SNMP without worrying that your investment in time, software, or hardware is going to be wasted.

SNMPv3 addresses the most serious problem in SNMPv2: security. Because SNMP exchanges lots of information about your network, it is valuable to have that information protected by a password and also encrypted as it is sent across your network or the internet. SNMPv3 adds those capabilities to the protocol. The only drawback is that many vendors have just begun to incorporate and support SNMPv3 in their products at this point.

SNMP is a protocol that operates over User Datagram Protocol (UDP) on port 161 (for polls) and port 162 (for traps). UDP is a “best-effort” protocol, meaning that it does not guarantee that data will arrive, but instead makes its best effort at sending data to another system. On generally healthy networks, this should not be a problem. The advantage of using UDP is that it is very low overhead which balances out the disadvantage of the non-guaranteed nature of the traffic.

The manager sometimes referred to in SNMP literature as a “network management station” (NMS) sends out queries (known as polls) to the agents. The agent can also send messages to the NMS though “traps” once parameters have been configured on the agent. In this way, information can be sent on a scheduled basis from the agent in response to polls but also to notify the NMS that there are events, such as a failure, the agent has been configured to send to the NMS. In this way, SNMP can alert you to catastrophic failures as well as degradation of service and performance on your network.

What can SNMP help me do?

SNMP will hopefully allow you to head off problems before they erupt into a crisis. For example, if you have implemented SNMP to monitor your web server's performance, it could send a warning when the percentage of free disk space on the server drops below a certain value. This would give you time to obtain additional space for the files on the web server before it crashes or performance drops. In this example, it would help you avert a crisis, and also plan for downtime when you can swap or upgrade the hard drive while minimizing the effect on your staff or patrons.

SNMP can be configured to alert you to possible problems and also give you trended information that allows you to see changes in your network. An example of this would be using Multi-Router Traffic Grapher (MRTG) to track the usage of your internet connection (see links below for more information on MRTG). If you suddenly saw a spike or surge in your internet traffic at 2 A.M. on a Sunday morning, it could point to several different possibilities. In this example, SNMP will not tell you that your web server had been “hacked”, but it will at least let you know to start looking for something on your network that has changed. A logical step would be to then check your web server access logs or the hard drive of your web server for newly added files or changed files, even possibly a root kit allowing hackers full control of the server.

While SNMP cannot help you correlate events, it can identify basic problems that can point to larger issues. For example, while SNMP does log events in real time, it does not provide the context in which those events happen. But depending on the functionality of your SNMP server software, you might be able to view events in certain groups or sequences that can help you determine the cause of a problem. SNMP's main function is really to point out changes in condition or states; it's up to you to figure out the root cause of the problem. But SNMP does provide a valuable service, since it gives you clues to assist you in gathering information about the scope of the problem and its originating time and place.

Why would I want to set up and use SNMP?

SNMP is one of the easiest tools that you can use to manage your network. Almost all vendors of network equipment or computers now support at least SNMPv2. By centralizing the management of your network to a single station, you can save time and effort in predicting problems, planning based on usage trends, and troubleshooting problems when they do occur.

The information supplied to you by SNMP can range from the status of interfaces on your router to whether your printer needs more toner. The variety of options and settings on which you can collect information means that you can customize SNMP to report on what you feel is important in maintaining the health of your network.

SNMP can help you troubleshoot problems on your network, or begin the tracking of problems to determine whether they are isolated to a single computer or spread across your network. For example, if you see repeated login failure events from one machine, it could just be a user forgetting a password. But if you see these events from multiple computers across your network, it might be the sign of someone - either internally or externally - trying to break into your network.

One thing to be aware of is that enabling SNMP on your network can open up security holes. As with all measures, you will need to balance the usefulness of SNMP against security concerns. There are methods to implement SNMP in a more secure manner and these should be considered before implementation occurs. SNMPv3 adds security features that were lacking in the first two versions.

What do I need to get SNMP working on my network?

The requirements to get SNMP working on your network depend on what you want to watch on your network, the types of equipment on your network, and the operating system(s) involved in running those various devices.

The configuration steps for most SNMP implementations are very simple for most manufacturer's products. For example, configuring SNMP on Cisco network products, like routers, requires only a few lines to be entered into the router's configuration. Some products, such as printers, can have SNMP enabled through their web management interface simply by checking a box.

Of course, every vendor is different. For sites using Windows operating systems, there is limited native SNMP functionality built into Windows platforms. To gain full SNMP capabilities, you will need to install the SNMP pieces as an additional service to most base Windows installations. Further coordination or central management of workstations will require additional software. Depending on what you want to manage and monitor, there are a variety of software packages available. These range from open source software, like MRTG, to proprietary management systems like HP OpenView. There are also middle-ground systems, like SolarWinds Engineer's Edition Toolset, IpSwitch's What's Up Gold, and Neon Software's LAN Surveyor.

Where can I learn more about SNMP?

One good place to start is with your vendor's support pages. If you are interested in learning how to setup your network devices--such as routers, switches, and firewalls--to respond to SNMP, it is wise to consult the vendor's documentation first. Otherwise, the standard list of resources includes the IETF's RFCs, various web resources, and the outstanding SNMP book from O'Reilly listed in the resources.

Printed Resources

Essential SNMP, by Douglas Mauro and Kevin Schmidt, July 2001  (ISBN: 0-596-00020-0)

http://www.oreilly.com/catalog/esnmp/

“This practical guide for network and system administrators introduces SNMP along with the technical background to use it effectively. But the main focus is on practical network administration: how to configure SNMP agents and network management stations, how to use SNMP to retrieve and modify variables on network devices, how to configure management software to react to traps sent by managed devices. Covers all SNMP versions through SNMPv3.”

Web Resources

SNMP Frequently Asked Questions

A two-part FAQ that gives a wealth of information about SNMP including extensive listings of additional printed and web resources for even more information.

ftp://rtfm.mit.edu/pub/usenet/comp.protocols.snmp/

Simple Network Management Protocol - SNMP

“The most widely adopted standard provides a way for devices and consoles to communicate.”

http://www.networkmagazine.com/shared/article/showArticle.jhtml?articleID=8702673

SNMP

Good introduction to SNMP, by Yoram Cohen.

http://www2.rad.com/networks/1995/snmp/snmp.htm

Long-Term Monitoring with SNMP

This article by Michael Lucas talks about using MRTG (Multi-Router Traffic Grapher) with SNMP to monitor usage on your network.

http://www.onlamp.com/pub/a/bsd/2000/09/21/Big_Scary_Daemons.html

Network Management on $1.19 a Day

“With this in mind we set out to test network-management applications that could support 1,000 nodes for $10,000--a reasonable proposition, we thought.” By Bruce Boardman and Andy Woods.

http://www.networkcomputing.com/1402/1402f1.html

Walk the SNMP Walk

While this article by Michael Lucas focuses on UNIX systems, it gives useful background about SNMP. http://www.onlamp.com/pub/a/bsd/2000/07/27/Big_Scary_Daemons.html

For the full standards, please consult the following sources from the IETF:

SNMPv1

A Simple Network Management Protocol (SNMP)

http://www.ietf.org/rfc/rfc1157.txt?number=1157

SNMPv2c

Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2 - the version generally supported by most vendors)

http://www.ietf.org/rfc/rfc1905.txt?number=1905

Transport Mappings for Version 2 of the Simple Network Management Protocol (SNMPv2)

http://www.ietf.org/rfc/rfc1906.txt?number=1906

Management Information Base for Version 2 of the Simple Network Management Protocol (SNMPv2)

http://www.ietf.org/rfc/rfc1907.txt?number=1907

SNMPv3

An Architecture for Describing SNMP Management Frameworks

http://www.ietf.org/rfc/rfc2571.txt?number=2571

Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)

http://www.ietf.org/rfc/rfc2572.txt?number=2572

SNMP Applications

http://www.ietf.org/rfc/rfc2573.txt?number=2573

User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)

http://www.ietf.org/rfc/rfc2574.txt?number=2574

View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)

http://www.ietf.org/rfc/rfc2575.txt?number=2575

Products mentioned

Multi Router Traffic Grapher by Tobias Oetiker

“The Multi Router Traffic Grapher (MRTG) is a tool to monitor the traffic load on network-links. MRTG generates HTML pages containing graphical images which provide a LIVE visual representation of this traffic. Check http://www.ee.ethz.ch/stats/mrtg/ for an example. MRTG is based on Perl and C and works under UNIX and Windows NT. MRTG is being successfully used on many sites around the net.”

http://people.ee.ethz.ch/~oetiker/webtools/mrtg/

SolarWinds Engineer's Edition Version 5.5 by SolarWinds.net

“The SolarWinds Engineer's Edition Version 5.5 is an arsenal of networking management tools containing Network Discovery, Fault Monitoring, Performance Monitoring and Performance Management Tools.”

http://www.solarwinds.net/Tools/Engineer/index.htm

WhatsUp Gold by IpSwitch

“WhatsUp Gold enables you to keep your mission-critical network services up and running. It's ideal for businesses of all sizes: larger organizations can use WhatsUp Gold at the departmental level to monitor the availability of mission-critical applications or to complement the existing monitoring system; small-to-medium sized businesses can use it as their all-in-one network management system.”

http://www.ipswitch.com/Products/WhatsUp/index.html

LANSurveyor by Neon Software

LANsurveyor is easy to use, proven network and desktop management software. LANsurveyor is unique because it provides four essential functions in one cost-effective application: automatic network maps, asset management reports, network monitor, and remote administration and distribution.

http://www.neonsoftware.com/LSwin.html