Using SNMP to Monitor Networks

Normal 0 false false false EN-US JA X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; mso-pagination:widow-orphan; font-size:12.0pt; font-family:Cambria; mso-ascii-font-family:Cambria; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Cambria; mso-hansi-theme-font:minor-latin; mso-fareast-language:JA;}

Initially it was designed for just switches and routers but over the years it has gained popularity and is used to monitor almost any electronic device. The SNMP consists of three major components.

The network management software is tasked with interacting with the devices in the network that implement the agents. The agents exist in the network devices and the give information to the network management software as requested. The management information base describes the objects to be monitored within the network device. These are usually just plain text files. Each object in the management information base has a unique object identifier which is normally a dotted list of integers. Whenever the agent and the network management software interact, they use the object identifiers to refer to a specific object.

An object identifier may be sent across with a corresponding value attached to it, known as binding. The agents may be perceived as the servers and the network management software as the client. The network management software sends a get command to the agent requesting for specific data as defined by the management information base. The agent then responds with the requested information. The agents can also send alarms or traps to the network management software to notify them of any important events.

All SNMP software standards can be classified into messaging protocol, management information base syntax standards and management information base definitions. Only three messaging protocols exist. SNMPv1 was the first version and is still widely used. However its security is based on the community string which acts as a password. This community string is not encrypted hence a weakness in the security. SNMPv2 brought with it the ability to transmit the Counter64 management information base definitions. It also enhanced the agent error responses.

However, it used the same community string as SNMPv1 hence was still not secure. SNMPv3 improved on security. Its enhancements include user authentication, encryption and a view access control model. Management information bases can only be written in two syntax standards. SMIv1 was introduced alongside SNMPv1. Data defined by SMIv1 can be used in any of the three messaging protocols to transmit data between the network management software and the agent.

SMIv2 was introduced alongside SNMPv2 and with this the counter64 data type was introduced. SMIv2 can be used in any of the three messaging protocol. SMIv2 can be translated to SMIv1 with the exception of the counter64 object data.

Management information bases can be categorized as either standard or enterprise management information bases. Standard management information bases are composed by the Internet Engineering Task Force, IEFT while the enterprise management information bases are composed by non standard committees however they must apply for an Enterprise ID.
SNMP has its advantages and disadvantages.

Some of its advantages include that it is widely used hence popular, availability of many standard management information bases, system resources are not impacted on by agents and it is ideal for monitoring. Disadvantages include it not being efficient on available bandwidth, encoding is complicated and insecurity although SNMPv3 has this resolved.