What is Simple Network Management Protocol?

The network management system is usually based on the Simple Network Management Protocol (SNMP), which is a TCP/IP Application Layer protocol that uses IP within UDP. SNMP, illustrated below in Figure 1, is used to share management information between network devices, usually between a management workstation and routers, switches, or other devices. You can learn more and do some labs in our Cisco CCNA Certification video course.

Figure 1 – Network Management Using SNMP

SNMP has evolved during the years and has now reached version 3 (SNMPv3). Network designers should demand that every environment uses SNMPv3, and not the older, unsecured SNMP versions (1 and 2), because of the advanced security features it presents. SNMP is used by network administrators and engineers to perform the following tasks:

• Monitoring the performance of network devices
• Troubleshooting
• Planning scalable enterprise solutions and intelligent services

SNMP accesses detailed information in Management Information Bases (MIBs) and it uses SNMP agents, as shown in Figure 2.25. An MIB is an object-oriented hierarchical database system stored locally on the network device. An example of an MIB entry is 1.3.6.1.2.1.2.2.1.20.0, with 1 being the root of the MIB tree and 0 being the final leaf.

The SNMP agent is used to send and receive information from the device to the Network Management Station (NMS) and the other way around. To do that, different types of SNMP messages are used. The NMS will run some kind of network management software (e.g., CiscoWorks) that retrieves and displays the SNMP information in a Graphical User Interface (GUI) format. The displayed information is used for controlling, troubleshooting, and planning.

Another SNMP concept is represented by community strings, also known as the access control method. A community is a password that controls what group of people has access to certain information on the device. The concept of community strings presented in earlier versions of SNMP evolved to the username/password authentication method used in SNMPv3.

The managed device contains SNMP agents and an MIB that stores all the information. Different types of messages are used to get information from the NMS to and from the managed device (or the monitored device), as shown in Figure 2 below:

Figure 2 – SNMP Messages

The first message is called the Get Request. This is sent to the managed device when the NMS wants to get a specific MIB variable from the SNMP agent that runs on that device. The Get Next Request information is used to return the next object in the list after the Get Request message returned a value. The Get Bulk message works only in SNMPv3 environments and it can be used to retrieve a big chunk of data (e.g., an entire table); it also reduces the need to use many Get Request and Get Next Request messages. This reduces the overhead on bandwidth utilization on the link.

The Set Request message is also sent by the NMS and is used to set an MIB variable on the agent. The Get Response message is the response from the SNMP agent to the NMS Get Request, Get Next Request, or Get Bulk messages. A Trap is used by the SNMP agent to transmit unsolicited alarms to the NMS when certain conditions occur (e.g., device failure, state change, or parameter modifications). Different thresholds can be configured on the managed device for different parameters (e.g., disk space, CPU utilization, memory utilization, or bandwidth utilization) and Trap messages are sent when the defined thresholds are reached.

SNMPv3 introduced another message called the Inform Request. This is similar to a Trap message and is what a managed device will send to the NMS as an acknowledgment to other messages. The major difference between these two message types is that Inform Request messages are acknowledged by the receiver, unlike the Trap messages, which are not.

Note:     SNMPv3 is defined by the following RFCs: RFC 2571, RFC 2572, RFC 2573, RFC 2574, and RFC 2575.

SNMPv3 provides three security levels:

• NoAuthNoPriv: No authentication and no privacy mechanisms.
• AuthNoPriv: Authentication (e.g., MD5, SHA) but no privacy mechanisms.
• AuthPriv: The highest level; uses authentication (e.g., MD5, SHA) and privacy (e.g., DES).

Read the RFC here.