Overview#SNMP (Simple Network Management Protocol) is a widely available protocol that facilitates management of networked devices from a central location. An SNMP Architecture has 3 major elements:
- Managers (software) are responsible for communicating with (and managing) network devices that implement SNMP Agents (also software).
- Agents reside in devices such as workstations, switches, routers, microwave radios, printers, and provide information to Managers.
- MIBs (Management Information Base) describe data objects to be managed by an Agent within a device. MIBs are actually just text files, and values of MIB data objects are the topic of conversation between Managers and Agents.
We need to mention Object Identifiers (OIDs) here. Each MIB object definition has a unique OID, which is a dotted list of integers. For example, the OID for data object "hrDiskStorageCapacity" is ".188.8.131.52.184.108.40.206.6.1.4".
When Managers and Agents communicate they refer to MIB data objects using OIDs.
Manager & Agent Communications#Managers can be viewed as Clients and Agents as Servers. The operations between Managers and Agents are quite simple:
- get commands are sent by a Manager to an Agent to request data values defined by a MIB. The agent will send a response with the requested values. Closely related requests are getnext and getbulk.
- A Manager can also send set commands to an Agent. If the MIB defines a data object as read-write, then the Agent will accept the data value sent with the set command and process it (store it or execute appropriate actions).
- Agents will send unsolicited traps (alarms) to Managers to alert them to important events.
- Monitoring device performance
- Detecting device faults (or recovery from faults)
- Collecting long term performance data (trend reports)
- Remote device configuration
- Remote device control
The operations of SNMP are "simple", but the totality of SNMP is not -- typical ramp-up time for an individual (on their own) to learn how to effectively use SNMP can easily be six months or more.
SNMP Standards and Versions#SNMP Standards are described in RFC (Request for Comments) documents published by the IETF (Internet Engineering Task Force). Standards Topics can generally be categorized into:
- Messaging Protocols between Managers and Agents (which encompasses security issues)
- MIB Syntax Standards
- "Standard MIB" Definitions
- SNMPv1 was the first protocol introduced, and is still widely used. It implements get, getnext, getresponse, and trap operations. Security for SNMPv1 is based on a "community string" that is sent with each message, and functions as a password. If the Manager includes the correct password in a request to an Agent, the agent will send a response. The community string is sent in the clear (not encrypted) and thus the security it provides is quite weak.
- SNMPv2 usually refers to SNMPv2c (other SNMPv2's were proposed, but only SNMPv2c currently has significant support). SNMPv2c introduced the ability to transmit SMIv2 MIB-objects of type "Counter64". SNMPv2c also provides for expanded messaging operations: getbulk, inform, report, and a new v2trap operation (same functionality as the SNMPv1 trap). Enhanced agent error responses were also added. SNMPv2c uses the same community string security as SNMPv1.
- SNMPv3 is the most recent introduction, and is a major step forward in improving security. Security enhancements include:
- User Authentication -- verification of the identity of the SNMP Entity (Manager or Agent) sending the message. Authentication is based on definitions of users, and on shared secret keys used to produce a message hashed authentication code sent with each message.
- Encryption -- the message payload can be optionally encrypted based on a second shared key.
- VACM (View Access Control Model) -- Agents can be configured to control who can access which MIB objects under agent management. For example, User "Barney Bigwig" can access critical read-write control data, while User "Robbie Repair" can access only read-only data.
- Message Timeless Checks ensure that messages are not delayed or replayed.
MIB Syntax Standards#MIBs are written in either of two syntax standards:
- SMIv1 is the earliest version, and was introduced along with SNMPv1. SMIv1 MIBs are very functional and quite common. Data objects defined by SMIv1 MIBs can be transmitted between Managers and Agents using any of the 3 messaging protocols (SNMPv1, SNMPv2c, SNMPv3).
- SMIv2 was introduced along with SNMPv2c. Major enhancements include:
- Introduction of new data base types, including the "Counter64".
- Although derived data types could be defined using SMIv1, SMIv2 formalizes this syntax, and also defines some "Standard Textual Conventions" such as "Display String".
- Improvements that enhance the documentation of MIB files and objects, such as:
- Module Identity Statement
- Conformance Statements
- Improved NOTIFICATION-TYPE syntax replaces TRAP-TYPE syntax
An SMIv2 MIB can usually be translated into an SMIv1 MIB. The primary exceptions are: a) A Counter64 object has no SMIv1 counterpart, b) An improperly coded NOTIFICATION-TYPE object cannot be translated to an SMIv1 TRAP-TYPE object with the same OID.
Data defined by SMIv2 MIB Objects can be transmitted between Managers and Agents by any of the 3 messaging protocols. The only exception to this is that Counter64 data cannot be transported in SNMPv1 messages.
"Standard MIB" Definitions#Depending on the origin (author) of a MIB, we can categorize MIBs into either:
- Standard MIBs are authored by persons associated with the IETF. For example, a Standard Printer MIB exists, and printer manufacturers commonly implement Agent support for this MIB (in addition to their own Enterprise MIBs).
- Enterprise MIBs are authored by non-standards-committee organizations (e.g., Cisco, HP, Chateau Systems). All such organizations must apply for a unique "Enterprise ID" issued by IANA (Internet Assigned Number Authority). Enterprise MIB objects are then organized under these unique assigned OIDs.
Standard MIB Examples:#
- DS1, DS3
- Token Ring
- Fibre Channel Fabric Element
- Ping, Traceroute
- Print Job Monitoring