SNMP is a networking monitoring protocol that is incorporated within the TCP/IP suite of Internet protocols. It is used to monitor and manage devices remotely across a network and has 3 key components which are the managed devices, snmp agents and network management systems often just referred to as an NMS.
A managed device is an active network device such as a server, router, switch, workstation or in fact any device that is network capable. The managed devices are programmed to collect information from the host device, possible store that information and have the ability to forward that information to the Network Management Station.
An SNMP agent is a piece of software residing on a host network device which collects the programmed information and communicates that information in the form of SNMP Traps to the Network Management Station.
A Network Management Station is used to monitor and control SNMP host devices through a series of simple messages and also report that information to the network monitoring team in the form of some kind of alarm or report.
The NMS can run a number of application processes designed to gather information about known networked devices. This information can be status information such as a change in status of a Router interface or a Switch Port, device configuration changes or information relating to the performance of a managed device.
Often the software applications loaded onto Network Management Stations are proprietary, but do contain and operate with TCP/IP standards based SNMP. One good example of an SNMP application is HP Openview.
Devices that communicate with a NMS are often configured to be a member of a known community with a community string or password providing the community identity or authentication. Later versions of SNMP use a stronger form of Authentication and Encryption of SNMP messages. A NMS must be part of a community before it can receive or view messages or make configuration changes to the devices already part of the community.
The SNMP messages themselves contain the information from the managed device or instructions from the NMS in a data field and each message also contains the identity of the community to which the device belongs. The SNMP messages are sent across the network encapsulated within a UDP (User Datagram Protocol) packet, which in turn is encapsulated within an IP (Internet Protocol) packet.
The agent software installed on the host devices have what is known as a MIB (Management Information Base), which is a database containing a list of manageable objects on the device. When a device needs to inform the Network Management Station about a configuration or status change, it sends a message known as a TRAP to the community NMS informing of the change.
The NMS has a number of message types it can use to interrogate or make changes to configuration on the managed devices and these are:
GET – Is used to ask the managed device for certain information about a managed object on the device. It could be a request for status of a router interface or the amount of disk space on the device hard disk drive.
GET-NEXT – Used to request the value of the next managed object in the device MIB.
SET – This is where the NMS can actually change the value of a managed object’s variable, providing the object allows READ / WRITE access. If READ Only then this will not be possible.
The Management Information Base on the managed device will contain hierarchically organized information which are identified by what are known as object identifiers, which are universally known.