SNMP Tutorial – What is SNMP ? How SNMP Works ? What’s the default SNMP Port Number?

What is SNMP

SNMP stands for simple network management protocol. As the name suggest this protocol is used to manage and monitor the network devices. It can manage devices like computers/servers, routers, printer or any devices which can be accessed over the network.

It is an application layer protocol used for communication between network device via LAN or WAN.

What is SNMP used for

Let’s understand the uses of SNMP with an example. As everyone of us knows about Facebook. Just imagine that daily billion of people are using Facebook and uploading lots of data like images, videos, text etc to the Facebook. All of this data is being uploaded to the Facebook servers available in their geographically distributed data centers, which communicates with each other via network protocols.

Thus, to monitor and manage all of these servers, SNMP protocol can be used. For example, if any of the server consuming lots of memory or CPU, which can cause disruption for the Facebook application. then it might lead to application downtime which can result into huge loss for the company. Thus, there should be some mechanism which can continuously monitors all these kinds of critical events related to the health/ resource utilization of the servers and network devices. So, SNMP can be considered one of the best solutions which can be used to monitor and manage these devices remotely.

SNMP is mainly used for:

  • Monitoring network devices
  • Configuring Network Devices
  • Auditing Network Device
  • Detecting faults and unauthorized access

SNMP is most widely supported protocol by network devices like switches, routers, scanners and IoT supported devices. Lot’s of network devices comes with bundled SNMP agents which can be easily enabled and configured so that they can communicate with Network Management System (NMS) or Manager for monitoring and management purpose.

SNMP Architecture

It has following main components

It follows simple client-server model. Where manager act as a server while agents act a client. Manager asks for the information which needs to be processed from the agents which are installed and configured on the network devices which needs to be monitored.

Let’s discuss each component in detail

SNMP Manager

It is an interface between the user and management information provided by the agents.  Basically, it’s a software platform which is used to monitor and manage the network devices. It is also called as Network management system (NMS). Manager continuously poll the agents at some regular time interval to get the required information about the node under monitoring and then translate this data into human readable format.

There are many network management software available in the market which offers different capabilities to manage the network devices. Some of NMS has capabilities to send an email notification to the administrator in case the value of the managed object exceeds the threshold.

Main function of SNMP Manager
  1. It queries SNMP Agents
  2. It gets response from SNMP agents
  3. It translates the response into human readable format
  4. It sets variable values in case of an alarm
  5. It acknowledges events from agents

SNMP Agents

It is an interface between the SNMP manager and the network devices which needs to be monitored. These agents are pre-installed on most of the devices, but they need to be enable and configure before they can start collecting the data. They can collect wide range of data like CPU utilization, memory utilization, disk utilization and many other performance parameters for the underlying hardware or the service being monitored. This collected data is stored in the database which is called as Management information base (MIB) and it is accessed by the manager whenever it is queried for. These agents can spontaneously send a message to the Manager/ NMS in case any error occurs instead of waiting for manager to ask for it. The standard SNMP agents available in the market is NET-SNMP though there are some vendor specific customized agents are also available.

Main Functions of SNMP Agents
  1. Collects the information about different performance parameters for the device being monitored
  2. Store all the data locally in the database called Management Information base (MIB)
  3. Serves the collected data to Manager whenever Manager query for it
  4. Send event notification to manager in case of any error occurs

Managed Nodes

The devices which are being monitored and managed by SNMP are called Managed nodes.

These are the nodes/devices where agents are installed and configured to collect the management information.

Management Information Base (MIB)

It’s the information data base which is populated by SNMP agents for each of the node being monitored. It contains the information about different subsystem or performance parameter of the devices or the services. Manager send the data query to the agents which in return respond to the Manager along with the requested data stored in the MIB if it is available otherwise it respond with the error indicating why the request can not be processed.

Object Identifier (OID)

Each managed node has their individual MIB which is in the form of hierarchical tree structure. It contains the information about different objects which can be manged by manager. Each of these objects inside the MIB is identified by their object Identifier which is known as OID. This OID is unique for each of the object and follow a specific format where a number is separated by the decimal to form a long numeric tag or identifier e.g 1.3.6.4.1.5635. These OID’s also consist of a readable label and various other parameters which is required to understand the properties of various objects/parameters stored in the database.

When the manager wants to get the information about specific parameters of the manged node then it sends a get message to the agent to find the value of a specific variable which is identified by it OID in the MIB. Some of the OID’s are vendor specific which makes it easy to get the basic information about the devices by just looking at the OID. For example, CISCO devices OID starts with 1.3.6.1.4.1.9.

what is SNMP

How SNMP works

SNMP is essentially a member of TCP/IP protocol suit where each SNMP message is wrapped as User Datagram Protocol (UDP) packets which further wrapped and transmitted as an IP packet to the physical layer device.

How SNMP works

It uses some basic commands to exchange management information between Manager and Agents. Below diagram explains the communication between SNMP Manager and agent.

snmp commands

Basic commands of SNMP

  • GET: GET message is sent by the SNMP manager to SNMP agents installed in the managed node to get the values of any managed object or parameter identified by its OID in MIB.
  • RESPONSE: RESPONSE message is sent from agent to Manager which contains the requested data.
  • GETNEXT: GETNEXT message is sent from manager to agent to query the next OID in MIB hierarchy.
  • GETBULK: GETBULK message is used by manager to agent to retrieve the large volume of data from MIB tables using multiple GETNEXT messages. This message was introduced in SNMPv2c.
  • SET:  SET message is used by manager to modify or assign a value in MIB to a specified variable of managed device.
  • TRAP: TRAP message is self-initiated by the agent to inform the manager about an important event in case of any failure or error occurrence.
  • INFORM: Upon receiving a TRAP message from agents, there is no way to confirm whether the TRAP message is received by the Manager or not. Thus, to overcome this issue, INFORM messages came into existence. It was introduced in SNMPv2c. This message is also initiated by SNMP agents. The main difference between TRAP and INFORM message is that upon receiving an INFORM message the manager sends back the response to the agents which confirms the delivery of the message. If the agent does not receive the acknowledgement response from Manager, then it can again send the INFORM message. Therefore INFORM messages can also called as acknowledged TRAP.

What is SNMP Trap

SNMP Traps are the alert notification messages sent from SNMP agents to Manager.

These messages are generated by agents whenever any important event or information about any error needs to be informed to Manager.  For example, A trap message can be generated if an application start consuming the memory more than the allowed threshold value.

Devices which needs to be monitored or managed comes with Pre-Installed agents. They send the event notification to manager on UDP port 162 from any available port. Traps are unreliable because there is no mechanism in place which can confirm the agent that whether manager has received any event notification or not. Because Manager does not send any acknowledgement back to the agent upon receiving the notification.

Thus, SNMP traps are also called as unacknowledgeable event notifications sent from Agent to Manager.

Difference Between SNMP TRAP and INFORM Message

SNMP PORT

The Ports which are used by SNMP for communication between Manager and agents are called SNMP ports.

Typically, a port is a unique number to identity any application or it’s service on a particular host.

SNMP uses User datagram Protocol (UDP) for communication between Manager and Agents, which is a transport layer protocol. SNMP uses the following default ports for communication.

  • UDP Port 161 (SNMP)
  • UDP Port 162 (SNMPTRAP)

How SNMP Manager uses default port to communication with Agents

  • SNMP Manager can use any available source port to send SNMP messages (GET, GETNEXT, GETBULK, SET)
  • SNMP Manager sends messages (GET, GETNEXT, GETBULK, SET) on UDP port 161 in SNMP agent node i.e. the node which needs to be managed
  • SNMP Manager receives the RESPONSE message on the same source port from which it sends the messages
  • SNMP Manager uses UDP Port 162 to receive the TRAP and INFORM message from agents

How SNMP Agent uses default port to communication with Manager

  • SNMP Agent receives all messages (GET, GETNEXT, GETBULK, SET) from Manager on UDP port 161
  • SNMP Agent sends the RESPONSE message to the Manager on the same source port from which Manager sends the messages
  • SNMP Agent can send the TRAP and INFORM messages to Manager from any available port
  • SNMP Agent sends the TRAP and INFORM message on UDP port 162 on SNMP Manager

SNMP Versions

SNMP has three versions namely SNMPv1, SNMPv2c and SNMPv3.  Each of these versions has their pros and cons associated with them.

SNMPv1

SNMPv1 was introduced in 1988 and it does not have any encryption algorithms which was not a big matter of concern in that time. But in today’ time where the security of data is utmost priority for everyone thus using this version is clearly a security risk for critical systems. That’s the reason many companies are restricting the usage of SNMPv1.  Moreover, it just supports 32-bit counter architecture which was enough for that time but certainly it’s not sufficient in today’s time where gigabyte sized networks are running. RFC 1155 and 1157 and defines SNMPv1.

SNMPv2c

This was the revised and enhanced version of SNMPv1 which was introduced in 1993. There are few iteration of SNMPv2 came into existence but the most commonly used was community based thus it was named as SNMPv2c. This version supports 64-bit counter architecture and Certainly it was must to have upgrade from SNMPv1 to SNMPv2c but still it does not have any changes w.r.t to security aspects. It was still sending the critical data as clear text. RFC 1901, RFC 1905, and RFC 1906 defines SNMPv2c.

SNMPv3

SNMPv3 was the major upgrade where many short comings of earlier version were considered and fixed. It came into existence in early 2000’s.  This new version is called as SNMPv3 which has all 64-bit counter architecture along with all the security features in place. The main key features of this upgrade were user accounts, authentication and optional encryption. We can use these features together or separately as per our requirement. But addition of these authentication and encryption features made the protocol complex and also come with compatibility issues for the legacy devices using SNMPv1 and SNMPv2c. RFC 1905, RFC 1906, RFC 2570, RFC 2572, RFC 2574, and RFC 2575 defines SNMPv3.

Check out the difference between SNMPv1, SNMPv2c and SNMPv3

Other Useful Links

Leave a comment