Simple Network Management Protocol
Is a client/server (agent/manager) protocol. The network management software used on TCP/IP based networks is based on the SNMP. The agent (the server) runs on the device being managed, which is called the Managed Network Entity. The agent monitors the status of the device and reports that status to the manager.
The manager (the client) runs on the Network Management Station, it collects information from all of the different devices that are being managed, consolidates it, and presents it to the human network manager.
SNMP is a request/response protocol. UDP port 161 is its well-known port. SNMP uses UDP as its transport protocol because it has no need for the overhead of TCP. Reliability is not required because each request generates a response. If the SNMP application does not receive a response, it simply reissues the request. Sequencing is not needed because each request and each response travels as a single datagram.
The request and response messages that SNMP sends in the diagrams are called Protocol Data Units (PDU). These message types allow the manager to request management information, and when appropriate, to modify that information. The messages also allow the agent to respond to manager requests and to notify the manager of unusual situations.
SNMP Protocol Data Units:
GetRequest Manager requests an update
GetNextRequest Manager requests the next entry in a table
GetResponse Agent answers a manager request
SetRequest Manager modifies data on the managed device
Trap Agent alerts manager of an unusual event
The NMS periodically requests the status of each device (GetRequest) and each agent responds with the status of its device (GetResponse). Making periodic requests is called polling. Polling reduces the burden on the agent because the NMS decides when polls are needed, and the agent simply responds. Polling also reduces the burden on the network because the polls originate from a single system are at a predictable rate. The shortcoming of polling is that it does not allow for real-time updates. If a problem occurs on a managed device, the manager does not find out until the agent polled. To handle this, SNMP uses a modified polling system called trap-directed polling.
A trap is an interrupt signalled by a predefined event. When a trap event occurs, the SNMP agent does not wait for the manager to poll, instead it immediately sends information to the manager. Traps allow the agent to inform the manager of unusual events while allowing the manager to maintain control of polling. SNMP traps are sent on UDP port 162. The manager sends polls on port 161 and listens for traps on port 162.
coldStart Agent restarted, possible configuration changes
warmStart Agent reinitialised without configuration changes
enterpriseSpecific An event significant to this hardware or software
authenticationFailure Agent received an unauthenticated message
linkDown Agent detected a network link failure
linkUp Agent detected a network link coming up
egpNeighborLoss The device's EGP neighbour is down
The last tree entries in this table show the roots of SNMP in Simple Gateway Management Protocol (SGMP), which was a tool for tracking the status of network routers. Routers are generally the only devices that have multiple network links to keep track of and are the only devices that run Exterior Gateway Protocol (EGP). These traps are not significant for PCs.
The most important trap for a PC may be the enterpriseSpecific trap. The events that signal trap are defined differently by every vendor's SNMP agent software. Therefore it is possible for the trap to be tuned to events that are significant for a PC. SNMP uses the term enterprise to refer to something that is privately defined by a vendor or organisation as opposed to something that is globally defined by an RFC.
The Structure of Management Information (SMI) defines how data should be presented in an SNMP environment. The SMI defines how managed objects are named, the syntax in which they are defined, and how they are encoded for transmission over the network. The SMI is based on previous ISO work.
Each managed object is given a globally unique name called an object identifier. The object identifier is part of a hierarchical name space that is managed by the ISO. The hierarchical structure is used to guarantee that each name is globally unique. In an object identifier, each level of the hierarchy is identified by a number. All SNMP managed object start with the number 188.8.131.52 .
Object Identifier Hierarchy:
The number of the root is not included in the identifier.
Objects are defined just as formally as they are named. The syntax used to define managed objects is Abstract Syntax Notation One (ASN.1). It is a very formal set of language rules for defining data. It makes the data definition independent of rules for encoding data for transfer over a network.
Only one copy of the manager software is needed for a network. SNMP agents are installed in every system.