Simple Network Management Protocol (SNMP) is an application-layer protocol for monitoring and managing network devices on a local area network (LAN) or wide area network (WAN). The purpose of SNMP is to provide network devices such as routers, servers and printers with a common language for sharing information with a network management system (NMS).
The protocol’s client/server architecture has three components: an SNMP Manager, an SNMP Agent and a Management Information Base (MIB). The SNMP Manager acts as the client, the SNMP Agent acts as the server and the Management Information Base acts as the server’s database. When the SNMP Manager asks the Agent a question, the Agent uses the MIB to supply the answer.
There are multiple versions of the SNMP protocol, and SNMP is so popular that most network devices come pre-bundled with SNMP Agents. In order to make use of the protocol, however, network administrators must first change the default configuration settings of their network devices so SNMP Agents can communicate with the network’s management system.
SNMP is part of the original Internet Protocol Suite as defined by the Internet Engineering Task Force (IETF). The most recent version of the protocol, SNMPv3, includes security mechanisms for authentication, encryption and access control.
How SNMP works
SNMP software agents on network devices and services communicate with a network management system to relay status information and configuration changes. The NMS provides a single interface from which administrators can issue batch commands and receive automatic alerts.
SNMP relies on the concept of a management information base (MIB) to organize how information about device metrics gets exchanged. The MIB is a formal description of a network device’s components and status information. MIBs can be created for any network device in the Internet of Things (IoT), including IP video cameras, vehicles, industrial equipment and medical equipment. In addition to hardware, SNMP can be used to monitor services such as Dynamic Host Configuration Protocol (DHCP).
SNMP uses a blend of pull and push communications between network devices and the network management system. The SNMP Agent, which resides with the MIB on a network device, collects status information constantly but will only push information to the network monitoring system upon request or when some aspect of the network crosses a pre-defined threshold known as a trap. Trap Messages are typically sent to the management server when something significant, such as a serious error condition, occurs.
SNMP also includes an "inform" message type that allows a network monitoring tool to acknowledge messages from a device. Inform messages allow the Agent to reset a triggered alert. Network management tools can also use a "set" message to make changes to a network device through the SNMP Agent. This capability allows the network manager to make change device configurations in response to new network events.
In most cases, SNMP functions in a synchronous model, with communication initiated by the SNMP Manager and the Agent sending a response. Typically, SNMP uses UDP as its transport protocol. The well known UDP ports for SNMP traffic are 161 (SNMP) and 162 (SNMPTRAP). These two ports are fundamental defaults and are the same in all versions of SNMP.
SNMP is called “simple” because of the uncomplicated nature of the protocol's architecture. SNMP can issue read or write commands, such as resetting a password or changing a configuration setting. It can also report back how much bandwidth, CPU and memory are in use. One of the most widely used protocols, SNMP is supported on an extensive range of hardware -- from conventional network equipment like routers, switches and wireless access points to endpoints like printers, scanners and Internet of Things (IoT) devices.
Components of SNMP
There are four main components in an SNMP-managed network:
SNMP agent: This software runs on the hardware or service being monitored, collecting data about disk space, bandwidth use and other important network performance metrics. When queried by the SNMP manager, the agent sends the requested information back to the management system. An agent may also proactively notify the NMS if an error occurs. Most devices come with an SNMP agent pre-installed but it typically needs to be turned on and configured.
SNMP-managed network nodes: These are the network devices and services upon which the agents run.
SNMP manager: The network management system (NMS) is a software platform that functions as a centralized console to which agents feed information. The NMS will actively request agents to send updates at regular intervals, and what a network manager can do with that information depends heavily on how feature-rich the NMS is. There are several free SNMP managers available, but they are typically limited in their capabilities or the number of nodes they can support. At the other end of the spectrum, enterprise-grade platforms offer advanced features for more complex networks, with some products supporting up to tens of thousands of network nodes.
Management information base (MIB): This database is a text file (.mib) that itemizes and describes all objects on a particular device that can be queried or controlled using SNMP. Each MIB item is assigned an object identifier (OID).
How SNMP works
SNMP can perform a multitude of functions, using a blend of push and pull communications between network devices and the management system. It can issue read or write commands, such as resetting a password or changing a configuration setting. It can also report back how much bandwidth, CPU and memory are in use, with some SNMP managers automatically sending the administrator an email or text message alert if a predefined threshold is exceeded.
Most of the time, SNMP functions in a synchronous model, with communication initiated by the SNMP manager and the agent sending a response. These commands and messages, typically transported over User Datagram Protocol (UDP) or Transmission Control Protocol/Internet Protocol (TCP/IP), are known as protocol data units (PDUs):
- GETRequest: Generated by the SNMP manager and sent to an agent to obtain the value of a variable, identified by its OID, in
- RESPONSE: Sent by the agent to the SNMP manager, issued in reply to a GETRequest, GETNEXTRequest, GETBULKRequest, and a SETRequest. Contains the values of the requested variables.
- GETNEXTRequest: Sent by the SNMP manager to agent to retrieve the values of the next OID in the MIB's hierarchy.
- GETBULKRequest: Sent by the SNMP manager to the agent to efficiently obtain a potentially large amount of data, especially large tables.
- SETRequest: Sent by the SNMP manager to the agent to issue configurations or commands.
- TRAP: An asynchronous alert sent by the agent to the SNMP manager to indicate a significant event, such as an error or failure, has occurred.
- INFORMRequest: An asynchronous alert similar to a TRAP, but requires confirmation of receipt by the SNMP manager.