What is SNMP?

Simple Network Management Protocol (SNMP) is an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior.

Diagram showing why SNMP is still important
Figure 1: How SNMP works

SNMP exposes management data in the form of variables on the managed systems organized in a management information base (MIB), which describe the system status and configuration. These variables can then be remotely queried (and, in some circumstances, manipulated) by managing applications.

Three significant versions of SNMP have been developed and deployed. SNMPv1 is the original version of the protocol. More recent versions, SNMPv2c and SNMPv3, feature improvements in performance, flexibility, and security.

How SNMP has changed over the years?

With the evolution of SNMP from v1 to v3, there have been several changes:

  • Security has improved. SNMP v3 requires authentication and encryption for communicating between the management system and agents.
  • Newer versions support larger values. With SNMP v1, values were 32-bit counters. With SNMP v2 and v3, you can have 64-bit counters for values.
  • SNMP was implemented over UDP. Now TCP is also supported as a transport protocol.

When SNMP was first developed, it was also used to control the target devices/systems. Over the years, given the security challenges involved, SNMP has been more used for monitoring devices, rather than as a protocol for reconfiguring and changing the behavior of the target devices.

Is SNMP Still Relevant?

The first Request for Comments (RFCs) for SNMPv1 appeared in 1988. Over the last 30+ years, several new protocols have emerged for monitoring IT systems, applications, and devices.

  • If you are looking to monitor applications, each application may have its own monitoring interfaces. REST API, web services APIs, JMX, etc., are some of the common methods of monitoring applications. Very rarely do applications support SNMP.
  • Even cloud and virtualization technologies have very limited support for SNMP.
  • More sophisticated network devices, such as load balancers and firewalls support SNMP, but the metrics they expose through SNMP are limited, and very often, other interfaces, such as SSH, API calls, etc., have to be used to collect detailed metrics from these devices.

At the same time, SNMP remains relevant. SNMP is the protocol to use if:

  • What is SNMP?You want to know how your switches and routers are performing in your network.
  • You want to check whether the temperature in your server room is normal.
  • You want to know whether your network printer has sufficient paper or ink.
  • You need to check whether your UPS has sufficient backup power.

A majority of network devices, hardware equipment, environmental devices, and such still support SNMP (and sometimes, nothing else). This is because SNMP can be supported with a very small resource footprint while other APIs and protocols require additional applications/libraries that make their implementation more difficult. Besides network equipment, SNMP is also supported by legacy operating systems, such as Open VMS and OS/400. Some storage and backup technologies also support SNMP. All of this means that any monitoring solution that seeks to provide end-to-end visibility into a network infrastructure has to support SNMP.

The Many Uses of SNMP

One of the biggest advantages of SNMP is that it is an open standard protocol. A number of standard MIBs have been defined that allow monitoring tools to obtain metrics of interest from any device, irrespective of model and vendor, that support the standard MIBs. For example, MIB-II is a standard MIB that allows network equipment to expose information about the number of network interfaces they support and the traffic in and out of each interface (besides a number of other statistics). A monitoring system can poll any device that supports MIB-II, auto discover the interfaces on the device, and monitor bandwidth usage on each interface.

Hierarchical tree structure of MIBs

Figure 2: Hierarchical tree structure of MIBs

There are a number of standard MIBs – for example, the Host Resources MIB for monitoring resource usage on any system and the Fiber Channel MIB to monitor any fiber channel network switch. Vendors provide enterprise specific MIBs that expose additional details about their devices. For example, to monitor the CPU usage of a Cisco router, a monitoring tool must support the Cisco proprietary CPU MIB. Likewise, Cisco routers support a NetFlow MIB. A monitoring tool that supports this MIB can get information about the top sources and destinations that are communicating through the router.

SNMP is mainly used for:

  • Auto-discovering network equipment – Vendor specific MIBs are used to identify the type of each device on the network. Network topologies and interconnections can also be monitored using SNMP.
  • Polling network equipment to collect different types of metrics – Changes to network device status, workload details, and performance metrics (queue lengths, packets dropped, buffer overflows, etc.) are detected by monitoring systems when they compare statistics reported to them by each network device over time.
  • Network devices also emit SNMP traps when abnormalities are detected – For example, when a printer is low on paper, it will send a trap to its monitoring tool, informing it that action has to be taken. Likewise, failure of a network interface may also cause a router to send an SNMP trap. By listening for and processing such SNMP traps, monitoring tools can detect failure conditions that administrators may need to be informed about.

How eG Enterprise Supports SNMP Monitoring

As you have seen above, monitoring tools must support SNMP if they are to provide end-to-end visibility. eG Enterprise is no exception to this:

  • Its network discovery relies on SNMP polling of network devices.
  • SNMP polling is also used for on-going monitoring. While many standard SNMP MIBs are supported, a wide variety of vendor proprietary MIBs are also supported to provide specialized monitoring for different devices. SNMP-based monitoring is agentless – that is, no additional agents need to be deployed or configured to collect performance metrics.
  • Any eG Enterprise agent can also be configured as a SNMP Trap receiver. Traps sent by network devices are processed immediately and alerted in the eG Enterprise console.
Loading and selecting MIB objects in eG Enterprise’s MIB browser
Figure 3: Loading and selecting MIB objects in eG Enterprise’s MIB browser

SNMP v1, v2, and v3 are supported. You can configure the version to use based on the target device(s).

At the same time, if you have proprietary devices that are not supported out of the box, you can use eG Enterprise’s SNMP capability to add new monitoring capabilities for these devices without having to write lines of code to do so. An MIB browser allows you to import new MIBs into the eG Enterprise system. You can choose SNMP objects that eG agents must poll from the browser. The values returned by these objects can also be manipulated by the agents (for example, seconds converted into milliseconds, differences between current and previous values computed) before they are reported as metrics on the eG Enterprise console. SNMP traps to be captured by eG Enterprise can also be configured in the same way.

Questions that Network Monitoring with eG Enterprise Answers

The Challenge of Scalability

One of the bigger challenges with SNMP monitoring is scalability. SNMP devices can take time to respond to requests and if greater security levels are configured, this can greatly reduce the number of target devices that can be monitored.

  • For scalability, eG Enterprise uses multi-threading – so multiple different network devices can be polled simultaneously. Multi-threading also ensures that one slow target device does not slow down the data collection.
  • For further scalability, eG Enterprise uses a decentralized monitoring model. Multiple polling systems can be configured, and the target devices can be allocated to different polling systems.

Conclusion

Even after 30+ years, there is no other monitoring protocol standard like SNMP. Almost all network devices and data center equipment support SNMP. As it is a common standard, SNMP has to be supported by any monitoring system today.

At the same time, as other monitoring protocols are more common for monitoring applications, cloud, virtualization platforms, etc., monitoring tools cannot rely on SNMP alone.