The Simple Network Management Protocol (SNMP) is a network management protocol widely used in the TCP/IP network. SNMP is a method of managing network elements using a network console workstation which runs network management software.
SNMP may be used to achieve a number of communicative operations. The Network Management Station (NMS) relies on SNMP to define sources for network information and obtain network resource information. SNMP is also used to relay reports in the form of trap messages to the NMS so that the station can obtain network status in near real time, to allow the network administrator to quickly take action in the event of system discrepancies and failures.
SNMP is largely used to manage application programs, user accounts, and write/read permissions (licenses) etc., as well as to manage the hardware that makes up the network, including workstations, servers, network cards, routing devices, and switches. Commonly, these devices are located far from the central office where the network administrator is based. When faults occur on the devices, it is expected that the network administrator can be notified automatically of the faults. SNMP effectively operates as a communications medium between the network elements and the network administrator/NMS.
Network elements such as hosts, gateways, terminal servers etc., contain two important components that support the network management functions requested by the network management stations. The management agent resides on the network element in order to retrieve (get) or alter (set) variables.
Network Management Stations (NMS) associate with management agents that are responsible for performing the network management functions requested by the NMS. The MIB stores a number of variables associated with the network element, with each of these variables being considered an MIB object. The exchange of SNMP messages within IP requires only the support of UDP as an unreliable datagram service for which each message is independently represented by a single transport datagram.
A Management Information Base (MIB) specifies the variables maintained by network elements. These variables are the information that can be queried and set by the management process. A MIB presents a data structure, collecting all possible managed objects over the network. The SNMP MIB adopts a tree structure similar to that found in a Domain Name System (DNS).
The object naming tree has three top objects: ISO, ITU-T (originally CCITT), and the joint organizations branch. Under the ISO, there are four objects among which number 3 is the identified organization. A sub-tree of the US Department of Defense dod (6) is defined under the identified organization (3) under which the Internet (1) sub tree is located. The object under the Internet is mgmt (2). What follows mgmt (2) is MIB-II, originally MIB until 1991 when the new edition MIB-II was defined. The tree path itself can be defined as an object identifier (OID) value {1.3.6.1.2.1}.
SNMP defines five types of Protocol Data Units (PDUs), namely, SNMP packets, to be exchanged between the management process and the agent process. The getrequest operation indicates that the management process reads one or more parameter values from the MIB of the agent process. The get-next-request indicates that the management process reads the next parameter value in the lexicographic order from the MIB of the agent process. The set-request indicates that the management process sets one or more parameter values in the MIB of the agent process. The get-response returns one or more parameter values. This operation is performed by the agent process. It is the response to the preceding three operations. Lastly is the trap function which is actively sent by the agent process to inform the management process of important or critical events.
SNMPv1 is the original application protocol by which the variables of an agent's MIB may be inspected or altered. The evolution of SNMP involved not only changes to the protocol but also the MIB that was used. New objects were defined in the MIB resulting in MIB-II (or MIB-2) being defined, including for example sysContact. sysName, sysLocation, sysServices to provide contact, administrative, location, and service information regarding the managed node in the system group, and ipRouteMask, ipRouteMetric5, and ipRouteInfo objects included as part of the IP route table object.
The transition to SNMP version 2 involved a number of revisions that resulted in SNMPv2c being developed including the introduction of a new PDU type in the form of GetBulkRequest-PDU to allow information from multiple objects to be retrieved in a single request and the Inform Request, a manager to manager communication PDU, used where one manager sends information from an MIB view to another manager. Specific objects also use counters as a syntax which in SNMP version 1 represented a 32 bit value. This meant that in given objects such as the byte count of interfaces it was easy for the counter to complete a full cycle of the values and wrap, similar to the odometer that measures mileage in vehicles.
Using the 32 bit counter, octets on an Ethernet interface transmitting at 10Mbps would wrap in 57 minutes, at 100Mbps the counter would wrap in 5.7 minutes, and at 1Gbps it would take only 34 seconds before the counter fully cycled. Objects are commonly polled (inspected) every 1 or 5 minutes, and problems arise when counters wrap more than once between object polling as a true measurement cannot be determined.
To resolve this, new counters were defined in SNMP version 2c in the form of 64 bit counters for any situations where 32 bit counters wrap too fast, which translated to any interface that counts faster than 650 million bits per second. In comparison, using a 64 bit counter for counting octets on a 1Tbps (1,000 Gbps) will wrap in just under 5 years, and it would take an 81,000,000 Tbps link to cause a 64-bit counter to wrap in 30 minutes.
One of the key improvements to SNMPv3 is with regards to security of the transmission of MIB object information. Various threats can be identified. These include modification of object information from an unauthorized entity during transit, the performing of unauthorized management operations by users masquerading as another authorized user; eavesdropping on message exchanges and the modification of the message stream through means such as message replay.
SNMP enhances security through applying four principle measures. Data integrity is applied to ensure that data has not been altered or destroyed in an unauthorized manner, nor have data sequences been altered to an extent greater than can occur non-maliciously.
Data origin authentication is supported to ensure that the claimed identity of the user on whose behalf received data was originated is corroborated using MD5 and SHA-1. Data confidentiality is applied to ensure information is not made available or disclosed to unauthorized individuals, entities, or processes. Additionally, solutions for limited replay protection provide a means of ensuring that a message, whose generation time is outside of a specified time window, is not accepted.
The SNMP agent is an agent process on a device on the network. The SNMP agent maintains managed network devices by responding to NMS requests and reporting management data to the NMS. To configure SNMP on a device, the SNMP agent must be enabled, for which the snmp-agent command is applied.
The snmp-agent sys-info command sets the SNMP system information and is also used to specify the version(s) of SNMP that are supported, where snmp-agent sysinfo version [ [ v1 | v2c | v3 ] * | all ] is used to achieve this, and should be noted that all versions of SNMP are supported by default. The snmp-agent trap enable command, activates the function of sending traps to the NMS, following which the device will proceed to report any configured events to the NMS.
In addition it is necessary to specify the interface via which trap notifications will be sent. This should be the interface pointing towards the location of the NMS, as in the example where the NMS is reached via interface Gigabit Ethernet 0/0/1.
Using the display snmp-agent sys-info command displays contact information of personnel responsible for the system maintenance, the physical location of the device, and currently supported SNMP version(s). The given information in the example represents the typical default system information found within Huawei AR2200 series routers, however this can be altered through the use of the snmpagent sys-info [contact | location | version ] parameters to reflect contact and location details relevant to each individual device.
In the Huawei AR2200 series router, all versions of SNMP (SNMPv1, SNMPv2c and SNMPv3) are enabled by default.
The agent forwards trap messages to the Network Management Station (NMS) using UDP destination port 162.