Sep 28, 2012

SNMP Basics

Here is a great writeup on SNMP basics that I have blatantly stolen from Paessler.com.

SNMP, MIBs and OIDs - an Overview

SNMP is one of the most commonly used technologies when it comes to network monitoring. Bandwidth Monitoring programs like PRTG Network Monitor use it. But how does SNMP work? What are MIBs and OIDs? Read this short introduction into the world of SNMP!

SNMP Basics

SNMP stands for Simple Network Management Protocol and consists of three key components: managed devices, agents, and network-management systems (NMSs). A managed device is a node that has an SNMP agent and resides on a managed network. These devices can be routers and access server, switches and bridges, hubs, computer hosts, or printers. An agent is a software module residing within a device. This agent translates information into a compatible format with SNMP. An NMS runs monitoring applications. They provide the bulk of processing and memory resources required for network management.

MIB, OID, etc.

MIB stands for Management Information Base and is a collection of information organized hierarchically. These are accessed using a protocol such as SNMP. There are two types of MIBs: scalar and tabular. Scalar objects define a single object instance whereas tabular objects define multiple related object instances grouped in MIB tables.
OIDs or Object Identifiers uniquely identify manged objects in a MIB hierarchy. This can be depicted as a tree, the levels of which are assigned by different organizations. Top level MIB object IDs (OIDs) belong to different standard organizations. Vendors define private branches including managed objects for their own products.
SNMP version 1, which is the SNMP standard supported by PRTG Network Monitor, was the initial development of the SNMP protocol. A description can be found in Request for Comments (RFC) 1157 and it functions within the specification of the Structure of Management Information (SMI). It operates over User Datagram Protocol (UDP), Internet Protocol (IP), OSI Connectionless Network Services (CLNS), AppleTalk Datagram Delivery Prtocol (DDP), and Novell Internet Packet Exchange (IPX). SNMP v1 is considered the de facto network management protocol in the Internet community.
SNMP works on the basis that network management systems send out a request and the managed devices return a response. This is implemented using one of four operations: Get, GetNext, Set, and Trap. SNMP messages consist of a header and a PDU (protocol data units). The headers consist of the SNMP version number and the community name. The community name is used as a form of security in SNMP. The PDU depends on the type of message that is being sent. The Get, GetNext, and Set, as well as the response PDU, consist of PDU type, Request ID, Error status, Error index and Object/variable fields. The Trap consist of Enterprise, Agent, Agent address, Generic trap type, Specific trap code, Timestamp and Object/Value fields.
MIBs are a collection of definitions which define the properties of the managed object within the device to be managed (such as a router, switch, etc.) Each managed device keeps a database of values for each of the definitions written in the MIB. As such, it is not actually database but implementation dependant. Each vendor of SNMP equipment has an exclusive section of the MIB tree structure under their control.
In order for all of this to be properly organized, all of the manageable features of all products (from each vendor) are arranged in this tree. Each 'branch' of this tree has a number and a name, and the complete path from the top of the tree down to the point of interest forms the name of that point. This is the OID. Nodes near the top of the tree are extremely general I nature. For example, to get to the Internet, one has to reach to the fourth tier. As one moves further down, the names get more and more specific, until one gets to the bottom, where each node represents a particular feature on a specific device (or agent).