Next: Three Flavors of SNMP
Up: Introduction to SNMP
Previous: Introduction to SNMP
Contents
Simple Network Management Protocol is a simple method of interacting with
networked devices. The standard was defined by IETF RFC 1157 in May of 1990.
SNMP can often seem quite confusing and overly complicated, its available APIs
tend to put alot of wrapping around what should be very simple. The available books
on the topic tend to only complicate the subject, not demystify it.
SNMP is extremely easy for any programmer to understand. A gross over simplification
can explain the system simply. A network device runs an SNMP agent as a daemon process
which answers requests from the network. The agent provides a large number of Object Identifiers
(OIDs). An OID is a unique key-value pair. The agent populates these values and makes them available.
An SNMP manager (client) can then query the agents key-value pairs for specific information. From a programming
standpoint it's not much different than importing a ton of global variables. SNMP OIDs can be read or written.
While writing information to an SNMP device is fairly rare, it is a method used by several management applications
to control devices (such as an administrative GUI for your switches). A basic authentication scheme
exists in SNMP, allowing the manager to send a community name (think cleartext password) to authorize
reading or writing of OIDs. Most devices use the insecure community name "public". SNMP communication
is preformed via UDP on ports 161 and 162.
Notice that I didn't mention MIBs yet! The importance of MIBs are greatly overrated. MIBs look
complicated at first, but they are extremely simple. OIDs are numerical and global. An OID looks similar
to an IPv6 address and different vendors have different prefixes and so forth. The OIDs are long enough
that it's complicated for a human to remember or make sense of them, so a method was devised for translating
a numeric OID into a human readable form. This translation mapping is kept in a portable flat text file
called a Management Information Base or MIB. You do not need a MIB to use SNMP
or query SNMP devices, however without a MIB you'll have to simply guess what the data your looking at means.
In some cases this is easy, such as seeing host names, disk usage numbers, or port status information. Other
times it can be more difficult and a MIB is more useful. It is not unusual for some applications
to be written using strictly numeric IODs allowing the end user to avoid the hassles of properly installing a MIB.
The action of "installing" a MIB is really just putting it in a place where your SNMP client application
can find it to perform the translation.
SNMP can be used in 2 ways: polling and traps. Polling just means that you write an application
that sets an SNMP GET request to an agent looking some value. This method is useful because if the device responds
you get the information you want and if the device does not respond you know there is a problem. Polling is
an active form of monitoring. On the other hand, SNMP traps can be used for passive monitoring by configuring
an agent to contact another SNMP agent when some action occurs.
Looking at traps deeper, a network device such as a router can be configured to send SNMP traps for certain events.
For instance, you can configure Cisco IOS to send traps either when an individual event occurs such as a linkDown
(IOS: snmp-server enable traps snmp linkdown) or when any defined trap event
happens (IOS: snmp-server enable traps snmp). When a trap event occurs, the agent on the device will send
the trap to a pre-configured destination commonly called a trap host. The trap host will have it's own
agent running which will accept and process the traps as they come in. The processing of these traps are done by
trap handlers. Trap Handlers can be written in any language and are provided with information from the
sent trap via STDIN. The handler can then do whatever is appropriate to respond to the trap, such as sending email
or doing anything else you could want.
SNMP is most commonly used in conjunction with a Network Management System (NMS).
Popular NMS's include BMC Patrol, CA Unicenter, Sun Management Console (formerly SyMon), IBM Tivoli NetView,
and the world famous HP OpenView. Even an Open Source NMS is now available, the aptly named OpenNMS.
The goal of a NMS is to provide a single point of monitoring and administration of all your SNMP enabled
devices. By configuring your device agents to allow write access you can even manipulate your environment
from a single application. When an environment is architected around a NMS solution you can be given
unparalleled levels of control and visibility over your entire environment at a glance.
While Net-SNMP provides all the tools you would need to build your own NMS we won't discuss the subject any
further here. However, bear in mind that if you
think the vendor of your SNMP enabled device isn't as forthcoming about details of their agent implementation
as you'd like, it's most likely because they would like you to simply buy their NMS or a plug-in
to use their device with one of the other popular NMS's.
Next: Three Flavors of SNMP
Up: Introduction to SNMP
Previous: Introduction to SNMP
Contents
2004-11-23