Essential Principles of SNMP (Simple Network Management Protocol) Tutorial
Overview
SNMP, or Simple Network Management Protocol, was introduced in 1998 with the primary goal of facilitating the monitoring of a large number of network devices. While alternative protocols such as CORBA or TMN were considered, SNMP emerged as the preferred choice. Originally designed for monitoring purposes, SNMP has evolved to enable device control as well.
The protocol has seen three major releases, SNMPv1, SNMPv2, and SNMPv3, with significant enhancements introduced in SNMPv2. SNMP facilitates the monitoring of various network devices, supporting a range of data, from uptime and CPU load to network parameters, device network options, and more.
Architecture:
A network employing SNMP comprises three key components:
SNMP Manager: A software tool on the admin machine for control and data gathering.
SNMP Agent: Software on controlled devices enabling control and interaction.
SNMP MIB (Management Information Base): A structured database facilitating data exchange between the manager and agent.
SNMP manager/agent:
The SNMP manager serves as an interface between operators and the node with the SNMP agent, while the agent can also be viewed as an interface between the SNMP manager and hardware.
Unlike a traditional client-server approach, SNMP agent functions as a service on a controlled device, processing requests on UDP port 161. The SNMP manager acts as a client, sending requests to the SNMP agent.
However, SNMP introduces the concept of a TRAP, a request or notification, reversing the roles temporarily. During a TRAP, the manager becomes a service, listening on UDP port 162, and the agent acts as a client.
Operating at the Application Layer of the OSI model, SNMP utilizes UDP as the default transport, encapsulating interactions between the agent and manager in Protocol Data Unit (PDU) objects.
When encryption is enabled, default TRAPs are sent to UDP port 10162, and communication occurs on UDP port 10161. SNMP configurations allow for flexibility in port assignments.
SNMP manager -> SNMP(PDU) -> UDP -> IP -> Ethernet -> IP -> UDP -> SNMP(PDU) -> agent
Agents collect information about network devices and write it to the MIB database, which managers can access.
How it functions
The SNMP manager sends a request to the agent on UDP port 161 from a random port within the ephemeral port range [2], including a unique RequestID. This request includes the source port and address.
The agent receives the request, parses it, and prepares a response, which is then sent to the address and port specified in the initial request, utilizing the same RequestID. The RequestID is essential for correlating a specific request with its corresponding answer.
Describe SNMP PDU
As you mentioned, SNMP PDU (Protocol Data Unit) encompasses specific commands:
GetRequest: A request from manager to agent to retrieve the value of one or multiple variables.
SetRequest: A request from manager to agent to modify the value of one or multiple variables.
GetNextRequest: A request from manager to agent to obtain the list of available variables. It essentially returns the variable binding of the next variable in the MIB, allowing iterative exploration of the MIB starting from 0.
GetBulkRequest: Introduced in SNMPv2, an enhanced version of GetNextRequest that enables the retrieval of a bulk of data from the MIB.
Response: The response from agent to manager, containing variables and a confirmation of success or failure.
Trap: An asynchronous notification from agent to manager about a specific event.
InformRequest: Introduced in SNMPv2, a notification between managers (later specifications allowed agent->manager communication). It enables managers to share information about MIBs.
PDU:
- version: Specifies the SNMP version being used.
community: Represents a set of symbols that define membership in a specific group.
PDU-type: Contains a numerical identifier representing the type of PDU command (e.g., GetRequest, GetNextRequest, TRAP).
request-id: Functions as a unique identifier for the request.
error-status: A numerical value identifying the type of error or indicating the absence of errors.
error-index: If an error occurs, this field points to the object that caused the error.
For Trap PDUs:
manufacturer field: Identifies the manufacturer of the host.
trap type: Specifies the type of trap being sent.
timestamp: Records the time at which the trap was generated.
SNMP MIB:
MIB Definition: SNMP MIB is short for Management Information Base, serving as a collection of control information. Each network node with an SNMP agent provides its own set of data, which can vary between vendors. Despite these differences, standards are flexible enough to ensure compatibility.
Hierarchical Tree Structure: The MIB has a hierarchical tree structure, with each object characterized by a specific Object Identifier (OID). Each branch of the MIB concludes with a variable, also identified by its own OID, containing a value written by the SNMP agent as shown in the diagram below. This value represents information about the host, such as uptime, CPU load, network load, etc.
SMI Standard: The Structure of Management Information (SMI) standard, along with other predefined standards and principles, governs the structure of the MIB tree. Specific standards like ASN.1 (Abstract Syntax Notation One) and BER (Basic Encoding Rules) apply to MIB, and the MIB tree structure is covered by ISO standards.
Standardization: MIB is well-standardized, ensuring a consistent and reliable structure. Even though real MIB trees may be more complex than a basic picture, the principles of standardization apply, providing a reliable framework for managing network information.
To access specific objects in SNMP, we use Object Identifiers (OIDs), numeric sequences representing branches in the Management Information Base (MIB). Each OID is a set of digits separated by dots. Unlike DNS, SNMP doesn’t have a separate name resolution service; all identification is done with numerical OIDs.
SNMP nodes communicate using these numeric OIDs, and symbolic representations are typically found in documentation or on-screen.
OIDs assigned to MIB objects have specific allocations, with the top structure assigned by ISO/IEC, and lower branches assigned by organizations. The top structure is symbolized by a dot (.
). For example, the iso(o) branch, housing internet(1), is represented numerically as .1.3.6.1
.
directory, OID=1.3.6.1.1 (iso.org.dod.internet.directory)
mgmt, OID=1.3.6.1.2 (iso.org.dod.internet.mgmt)
private OID=1.3.6.1.4 (iso.org.dod.internet.private)
The branch 1.3.6.1.2 (iso.org.dod.internet.mgmt) is particularly relevant, encompassing mib-2 (1), enterprise, and other sub-branches. This branch often serves as a foundational structure for many network devices, making it a key area for obtaining data. For instance, to retrieve information about an IP address, you would reference:
iso.org.dod.internet.mgmt.mib-2.ip, OID=1.3.6.1.2.1.4
SNMP Protection
SNMP’s security evolved significantly from the less secure SNMPv1 to the highly secure SNMPv3. SNMPv1 is considered the least secure, while SNMPv3 stands out as the most secure version. SNMPv3 incorporates authentication-based security, privacy, and supports traffic encryption. Choosing SNMPv3 is advisable for enhanced security measures.
Key security features in SNMPv3, as outlined in official documentation, include:
- Verifying the identity of the message’s origin by checking data integrity.
- Preventing accidental or intentional alterations of in-transit messages through integrity checks, including timestamp verification.
- Thwarting replay attacks by verifying message stream integrity, including timestamp verification.
- Protecting against eavesdropping by utilizing encryption, preventing interception by protocol analyzers.
- Verifying operator authorization and safeguarding critical data from intentional or accidental corruption through an access control table as part of policy-based management.
It’s important to note that different SNMP protocol versions are not compatible due to variations in the structure of Protocol Data Unit (PDU) objects.
For SNMP MIB browsing, several tools are available:
- Free SNMP Walk Tool[3]
- Unbrowse SNMP[4]
- JMIBBrowser[5]
Additionally, Harald Tveit Alvestrand’s articles and guides, along with official documentation, provide valuable resources for further understanding SNMP security and MIB management. Explore Alvestrand’s contributions at http://www.alvestrand.no/objectid/[6] and the official documentation at http://www.snmp.com/protocol/index.shtml[7].
In Summary
Now that you’re well-versed in SNMP and its operations, you’ve taken a crucial stride toward integrating SNMP-based solutions into your network. This step promises to streamline operations, saving valuable time and resources, while offering enhanced control and monitoring capabilities for your network devices and servers. In essence, it paves the way for a more efficient and manageable network, simplifying your professional life.
[1]: https://en.wikipedia.org/wiki/OSI_model#Layer_7:_Application_Layer
[2]: https://en.wikipedia.org/wiki/Ephemeral_port
[3]: https://www.manageengine.com/products/mibbrowser-free-tool/
[4]: https://www.unleashnetworks.com/
[5]: https://sourceforge.net/projects/jmibbrowser/
[6]: https://www.alvestrand.no/objectid/
[7]: http://www.snmp.com/protocol/index.shtml