Friday, April 29, 2011

SNMP - Simple Network Management Protocol

Another basic concept:

When I looked at Wiki, it looked little constipated. So, I will not try to give too many complicated details about SNMP.

Lets look at it in layman's perspective.

Say there is a network device such as switch, router, computer, ATM machine, etc.

When we look at the device directly, we can see it's color, chassis(outer casing), number of ports it has, it's physically visible components like fans, heat sync, etc.

Imagine, how a computer (or a software that is NMS or EMS) can look at a device in a network just like we humans examine a device.

Now what people did is, they put in some information inside the device, so that anyone can ask the device about it's details like, what kind of device is that, who made it, how many ports it has, what are all the hardware components it has, how much data is currently flowing through the device, who is using the device currently, etc.

So, through a command, you can ask a specific detail about the device. It will respond with the information. This interaction is called querying a device.

The set of rules of this querying is termed as protocol. One such protocol that became very famous for its simplicity is SNMP protocol.

So, any vendor who manufactured the device would choose to put an SNMP agent (a software that is running inside the device) inside his device and he can claim that his device is an SNMP device, or it supports SNMP. [Remember that both SNMP agent and EMS can be running inside a device, but they are not the same]

That means, the device can be freely queried about various details of the device by anyone inside the network. There is no secrecy (like Apple IPhone interiors) when it comes to SNMP devices. They freely give out all information about themselves [if the person has the right password ;-)].

So, any manufacturer who supports SNMP, is broadly welcomed in the market because, their devices are open and easy to manage.


How does SNMP function?

The SNMP agent running inside the device, that is the software component, maintains a ready database (pool of information about the device). This database is called MIB (namely Management Information Base). It is basically a tree organization.
The organization of this database (that is what information should be put in which position of the tree) is defined as an international standard, and every manufacturer should follow this if they want to claim that their device is SNMP device. This standard definition is called MIB standard or standard MIB. Some part of the MIB or tree is left free for the vendors to fill in about the peculiarity of the device which may not be common to all devices.
Every vendor creates a new MIB for their every new device following the guidelines of the standard MIB.
So, the SNMP agent’s job is to create a live database based on the MIB definition attached to the device. For example, the number of octets passed through a port(indicates amount of data transferred through a port of a device) is detected by the agent, and the agent updates it’s database, so that if someone does an SNMP query asking the octet count for a port, it will give the latest info on that. So, SNMP agent is alive, lively, keeping the database up to date all the time. [Sometimes, the agent may not update it's database, but when queried, it knows where to pickup the latest info inside the device memory :-)]
Sometimes, it can voluntarily send some info (such as SNMP Traps) to a pre-designated party (usually an NMS).


What common information does the MIB have?

Who manufactured the device? Yes, there is a code given to each manufacturer in the world, and this code is put in a specific place in the MIB, so that anyone can query the device and get the manufacturer name.
What kind of device it is? Is it a switch, or router, or computer? This information is also available in the MIB is a particular place in the MIB tree (it's called sysOID).
What is the IP address of the device?
Which SNMP version the device supports?
List of ports available?
What is the status of a port?
What is the utilization of a particular port of the device?
These are some common data that can be obtained through SNMP queries.
The art of programming/developing the SNMP agent is called SNMP instrumentation or agent development.
If you want to know what kind of information a particular device (say Cisco Telepresence) gives out through SNMP protocol, you should get the MIB definition of that device and read through it. It is a text document that describes the entire MIB tree and which OID will give what info.
Hang on, did I say OID? Oh, OID is Object ID. 'Object' is nothing but a node or a position in the MIB tree. Every position in the MIB tree has a unique identifier. So, for every OID there is a corresponding info. Or, every info supported in SNMP, has a unique OID.
OID uses a dotted notation. e.g sysUpTime = .1.3.6.1.2.1.1.3.0
If you query the above OID, it will return, how much time the device has been up and running (time from last reboot).
In one line, SNMP MIB is "a blueprint of the device". (just like the blueprint of the whitehouse).
Hope this is not as constipated as the Wiki ;)