4.4 Explain the function of SNMP in network operations

SNMP, or Simple Network Management Protocol is an open source framework for collecting data about different network devices.  That data includes statistics, configuration, and network status.

An SNMP manager is a server that collects data from the different devices.  We might call this device a Network Management Station, or NMS.

Each device that reports to the server has a software program known as a SNMP agent.  The agent collects data from the device and sends it to the manager via an SNMP protocol.

The agent stores the variables for its device in a Management Information Base (MIB).  For a single device, this MIB could contain hundreds or thousands of variables.

Each variable is known as an object ID or OID.  The OIDs can be open-source or vendor proprietary.  They are organized into a hierarchy.   Variable names can be complicated, so it is easier to manage the devices via an NMS.

The SNMP agent can send data to the NMS regularly, or the NMS can regularly query the SNMP agent on each device.  When an abnormal issue is detected, the NMS can notify an operator via e-mail or an on-screen alert.  The NMS can also reconfigure the affected device.

NMS uses a Get message to request information from the agent.  These Get messages may be called SNMP Get, GetNext or GetBulk.  The device replies with a Get Response message.  A server can send a device a Set message to change its configuration.

It also uses an SNMP Set message to change the configuration on the device.

The SNMP agent can be configured to send an alert when a variable reaches a certain level.  In that case, the SNMP agent sends a Trap message or an Inform message to the NMS.  Trap messages were created in the first version of SNMP.  They are sent via UDP and the agent doesn’t keep track of whether the message is received.  Inform messages use UDP, but the NMS must send a response to acknowledge receipt.

We should use an ACL to secure our SNMP so that only an authorized NMS can send or receive messages with our network device.  We can also secure our SNMP with a password.

SNMPv1 and SNMPv2 used communities.  A community was defined by a community string.  The agent and the manager needed to belong to the same community, by knowing the community string.  The Get and Set messages include the community string in plain text.  The community string is kind of like a password.  An agent won’t accept a message with the wrong community string (the wrong password).

A community could be read-only (RO) where the NMS can’t change anything on the device or read-write (RW) where the agent accepts both Get and Set messages from the NMS. SNMPv3 introduced security and removed communities.  It has three features.  First, it provides encryption so that a message cannot be read by an unauthorized user.  Second it provides authentication so that a manager can authenticate with a client device via a username and password, which are not sent in plain text.  Third, it provides message integrity so that we can verify that the SNMP message was not modified during transmission.