Friday, April 29, 2011

SNMP - Simple Network Management Protocol

Another basic concept:

When I looked at Wiki, it looked little constipated. So, I will not try to give too many complicated details about SNMP.

Lets look at it in layman's perspective.

Say there is a network device such as switch, router, computer, ATM machine, etc.

When we look at the device directly, we can see it's color, chassis(outer casing), number of ports it has, it's physically visible components like fans, heat sync, etc.

Imagine, how a computer (or a software that is NMS or EMS) can look at a device in a network just like we humans examine a device.

Now what people did is, they put in some information inside the device, so that anyone can ask the device about it's details like, what kind of device is that, who made it, how many ports it has, what are all the hardware components it has, how much data is currently flowing through the device, who is using the device currently, etc.

So, through a command, you can ask a specific detail about the device. It will respond with the information. This interaction is called querying a device.

The set of rules of this querying is termed as protocol. One such protocol that became very famous for its simplicity is SNMP protocol.

So, any vendor who manufactured the device would choose to put an SNMP agent (a software that is running inside the device) inside his device and he can claim that his device is an SNMP device, or it supports SNMP. [Remember that both SNMP agent and EMS can be running inside a device, but they are not the same]

That means, the device can be freely queried about various details of the device by anyone inside the network. There is no secrecy (like Apple IPhone interiors) when it comes to SNMP devices. They freely give out all information about themselves [if the person has the right password ;-)].

So, any manufacturer who supports SNMP, is broadly welcomed in the market because, their devices are open and easy to manage.


How does SNMP function?

The SNMP agent running inside the device, that is the software component, maintains a ready database (pool of information about the device). This database is called MIB (namely Management Information Base). It is basically a tree organization.
The organization of this database (that is what information should be put in which position of the tree) is defined as an international standard, and every manufacturer should follow this if they want to claim that their device is SNMP device. This standard definition is called MIB standard or standard MIB. Some part of the MIB or tree is left free for the vendors to fill in about the peculiarity of the device which may not be common to all devices.
Every vendor creates a new MIB for their every new device following the guidelines of the standard MIB.
So, the SNMP agent’s job is to create a live database based on the MIB definition attached to the device. For example, the number of octets passed through a port(indicates amount of data transferred through a port of a device) is detected by the agent, and the agent updates it’s database, so that if someone does an SNMP query asking the octet count for a port, it will give the latest info on that. So, SNMP agent is alive, lively, keeping the database up to date all the time. [Sometimes, the agent may not update it's database, but when queried, it knows where to pickup the latest info inside the device memory :-)]
Sometimes, it can voluntarily send some info (such as SNMP Traps) to a pre-designated party (usually an NMS).


What common information does the MIB have?

Who manufactured the device? Yes, there is a code given to each manufacturer in the world, and this code is put in a specific place in the MIB, so that anyone can query the device and get the manufacturer name.
What kind of device it is? Is it a switch, or router, or computer? This information is also available in the MIB is a particular place in the MIB tree (it's called sysOID).
What is the IP address of the device?
Which SNMP version the device supports?
List of ports available?
What is the status of a port?
What is the utilization of a particular port of the device?
These are some common data that can be obtained through SNMP queries.
The art of programming/developing the SNMP agent is called SNMP instrumentation or agent development.
If you want to know what kind of information a particular device (say Cisco Telepresence) gives out through SNMP protocol, you should get the MIB definition of that device and read through it. It is a text document that describes the entire MIB tree and which OID will give what info.
Hang on, did I say OID? Oh, OID is Object ID. 'Object' is nothing but a node or a position in the MIB tree. Every position in the MIB tree has a unique identifier. So, for every OID there is a corresponding info. Or, every info supported in SNMP, has a unique OID.
OID uses a dotted notation. e.g sysUpTime = .1.3.6.1.2.1.1.3.0
If you query the above OID, it will return, how much time the device has been up and running (time from last reboot).
In one line, SNMP MIB is "a blueprint of the device". (just like the blueprint of the whitehouse).
Hope this is not as constipated as the Wiki ;)

9 comments:

  1. I have been escaping from SNMP for so long (even though I was part of an EMS application development for around 2 years)... But SNMP had caught my neck now and I have to know at least the basics of it... This article really helped... Thanks for simplifying it da... what is the MIB browser you recommend?

    ReplyDelete
  2. MIB browser? I don't remember any good free MIB browser available.... if your need is expert level MIB browser like inspecting SNMP packages, forming complex bulk queries, I think some commercial MIB browsers are available... for simple use, I think you can try adventnet mib browser or something...

    ReplyDelete
  3. I don't want commercial MIB browsers... I want the simplest freely available MIB browsers... the Adventnet browser you were referring to... is it free?

    ReplyDelete
  4. I have used Ireasong, OidView, and AdventNet mib browsers... either they are free or trial period is available.... enjoy..

    ReplyDelete
  5. Hi your article is good, here you have explained about only the SNMP and the MIB's. Also can you add the different versions of SNMP, and how they are actually differ (in terms of packet/message format) what is the use of it?

    ReplyDelete
  6. Hi its really a nice article, Also can you explain the different versions of SNMP and how they are differ (in terms of message/packet formats). if we manage 3 nodes in an EMS like Node 1 -> version 1; Node 2 -> version 2 ; Node 3 -> version 3, in this scenario, which one is early added in the EMS and why its selected first by the EMS?

    ReplyDelete
  7. @Karthik: Thanks for your comments. About the different SNMP versions, I think a google search will bring you good amount of articles on version differences and packet format.

    About the which version of the node gets added in EMS first, it depends on the implementation of EMS. While discovering the nodes in the network, generally EMS is implemented in such a way that it first uses SNMPv1 to discover devices. Since, SNMPv2 and v3 have backward compatibility with v1, they also get discovered as SNMP devices. But later they will be identified properly which version of SNMP they are running on. This is one of implementing EMS. So, your question can be answered properly only when we talk about a specific EMS.

    ReplyDelete
  8. It is such a informative blog.. whenever i go for some interviews, i will go through this to refresh my memory!!! Thanks Dobby for a wonderful work!!!

    ReplyDelete
  9. It was so informative blog:) i will always go through it whenever i wanna go for an interview... Thanks Dobby for an informative blog... I guess you are working in telecom domain!!!

    ReplyDelete