What is SNMP?
Simple Network Management Protocol (SNMP) is an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior.
SNMP exposes management data in the form of variables on the managed systems organized in a management information base (MIB), which describe the system status and configuration. These variables can then be remotely queried (and, in some circumstances, manipulated) by managing applications.
Three significant versions of SNMP have been developed and deployed. SNMPv1 is the original version of the protocol. More recent versions, SNMPv2c and SNMPv3, feature improvements in performance, flexibility, and security.
Is SNMP Still Relevant?
The first Request for Comments (RFCs) for SNMPv1 appeared in 1988. Over the last 30+ years, several new protocols have emerged for monitoring IT systems, applications, and devices.
- If you are looking to monitor applications, each application may have its own monitoring interfaces. REST API, web services APIs, JMX, etc., are some of the common methods of monitoring applications. Very rarely do applications support SNMP.
- Even cloud and virtualization technologies have very limited support for SNMP.
- More sophisticated network devices, such as load balancers and firewalls support SNMP, but the metrics they expose through SNMP are limited, and very often, other interfaces, such as SSH, API calls, etc., have to be used to collect detailed metrics from these devices.
At the same time, SNMP remains relevant. SNMP is the protocol to use if:
- You want to know how your switches and routers are performing in your network.
- You want to check whether the temperature in your server room is normal.
- You want to know whether your network printer has sufficient paper or ink.
- You need to check whether your UPS has sufficient backup power.
A majority of network devices, hardware equipment, environmental devices, and such still support SNMP (and sometimes, nothing else). This is because SNMP can be supported with a very small resource footprint while other APIs and protocols require additional applications/libraries that make their implementation more difficult. Besides network equipment, SNMP is also supported by legacy operating systems, such as Open VMS and OS/400. Some storage and backup technologies also support SNMP. All of this means that any monitoring solution that seeks to provide end-to-end visibility into a network infrastructure has to support SNMP.
The Many Uses of SNMP
One of the biggest advantages of SNMP is that it is an open standard protocol. A number of standard MIBs have been defined that allow monitoring tools to obtain metrics of interest from any device, irrespective of model and vendor, that support the standard MIBs. For example, MIB-II is a standard MIB that allows network equipment to expose information about the number of network interfaces they support and the traffic in and out of each interface (besides a number of other statistics). A monitoring system can poll any device that supports MIB-II, auto discover the interfaces on the device, and monitor bandwidth usage on each interface.
There are a number of standard MIBs – for example, the Host Resources MIB for monitoring resource usage on any system and the Fiber Channel MIB to monitor any fiber channel network switch. Vendors provide enterprise specific MIBs that expose additional details about their devices. For example, to monitor the CPU usage of a Cisco router, a monitoring tool must support the Cisco proprietary CPU MIB. Likewise, Cisco routers support a NetFlow MIB. A monitoring tool that supports this MIB can get information about the top sources and destinations that are communicating through the router.
SNMP is mainly used for:
- Auto-discovering network equipment – Vendor specific MIBs are used to identify the type of each device on the network. Network topologies and interconnections can also be monitored using SNMP.
- Polling network equipment to collect different types of metrics – Changes to network device status, workload details, and performance metrics (queue lengths, packets dropped, buffer overflows, etc.) are detected by monitoring systems when they compare statistics reported to them by each network device over time.
- Network devices also emit SNMP traps when abnormalities are detected – For example, when a printer is low on paper, it will send a trap to its monitoring tool, informing it that action has to be taken. Likewise, failure of a network interface may also cause a router to send an SNMP trap. By listening for and processing such SNMP traps, monitoring tools can detect failure conditions that administrators may need to be informed about.
How eG Enterprise Supports SNMP Monitoring
As you have seen above, monitoring tools must support SNMP if they are to provide end-to-end visibility. eG Enterprise is no exception to this:
- Its network discovery relies on SNMP polling of network devices.
- SNMP polling is also used for on-going monitoring. While many standard SNMP MIBs are supported, a wide variety of vendor proprietary MIBs are also supported to provide specialized monitoring for different devices. SNMP-based monitoring is agentless – that is, no additional agents need to be deployed or configured to collect performance metrics.
- Any eG Enterprise agent can also be configured as a SNMP Trap receiver. Traps sent by network devices are processed immediately and alerted in the eG Enterprise console.
SNMP v1, v2, and v3 are supported. You can configure the version to use based on the target device(s).
At the same time, if you have proprietary devices that are not supported out of the box, you can use eG Enterprise’s SNMP capability to add new monitoring capabilities for these devices without having to write lines of code to do so. An MIB browser allows you to import new MIBs into the eG Enterprise system. You can choose SNMP objects that eG agents must poll from the browser. The values returned by these objects can also be manipulated by the agents (for example, seconds converted into milliseconds, differences between current and previous values computed) before they are reported as metrics on the eG Enterprise console. SNMP traps to be captured by eG Enterprise can also be configured in the same way.
The Challenge of Scalability
One of the bigger challenges with SNMP monitoring is scalability. SNMP devices can take time to respond to requests and if greater security levels are configured, this can greatly reduce the number of target devices that can be monitored.
- For scalability, eG Enterprise uses multi-threading – so multiple different network devices can be polled simultaneously. Multi-threading also ensures that one slow target device does not slow down the data collection.
- For further scalability, eG Enterprise uses a decentralized monitoring model. Multiple polling systems can be configured, and the target devices can be allocated to different polling systems.
Even after 30+ years, there is no other monitoring protocol standard like SNMP. Almost all network devices and data center equipment support SNMP. As it is a common standard, SNMP has to be supported by any monitoring system today.
At the same time, as other monitoring protocols are more common for monitoring applications, cloud, virtualization platforms, etc., monitoring tools cannot rely on SNMP alone.