Monitoring your network and staying on top of all that is happening in it is essential for the security and performance of your IT landscape as a whole. Many technologies help with this monitoring and one of them is the Simple Network Management Protocol or SNMP in short.
What is SNMP?
SNMP is an Internet Standard Protocol used for collecting information from managed devices and for sending information to modify the behavior of these devices.
Broadly speaking, SNMP consists of three components and they are:
Network Management Systems
Managed devices are those that sit on the network and can include routers, switches, bridges, hosts, servers, printers, IoT devices, computers, and hubs.
These devices understand the SNMP headers and message formats and respond accordingly.
A managed device can understand SNMP commands because of the SNMP agent installed in it.
In other words, an SNMP agent is a module that translates device information into SNMP format and vice-versa to enable the device to be monitored with this protocol.
Network management systems are networks that run these monitoring systems. They provide the necessary memory and computing power needed to manage the network.
SNMP Concepts – MIB and OID
SNMP has two crucial concepts, namely, OID and MIB.
An OID is an object identifier value, typically an address used to identify a particular device and its status.
For example, you want to monitor a remote temperature sensor sitting on the roof of your building.
But there are three different temperature sensors placed in different parts of the roof.
How can you check the value of the sensor located on the eastern side of the roof? Using the unique OID associated with each device.
In other words, each device has its own unique OID and using that you can track the performance and status of that particular device.
These OIDs are not random addresses, rather they are highly structured and follow a hierarchical tree pattern, similar to the folder system in your computer.
One difference is that all SNMP objects in the tree hierarchy are numbered.
For example, the root object can be number “1” while the next one can be number “3”, followed by “6”, and so on.
This is why an OID will be a string of numbers, starting from the root, so you can trace it down to the exact device.
Let us take the example of an OID here.
1 . 3 . 6 . 1 . 4 . 1 . 1452 . 1 . 2 . 5 . 1 . 3. 21 . 1 . 4 . 7
Here is a breakdown of this address.
- 1 – this is called the ISO and it establishes that this is an OID. This is why all OIDs start with “1”
- 3 – this is called ORG and it is used to specify the organization that built the device.
- 6 – this is the dod or the Department of Defense which is the organization that established the Internet first.
- 1 – this is the value of the internet to denote that all communications will happen through the Internet.
- 4 – this value determines that this device is made by a private organization and not a government one.
- 1 – this value denotes that the device is made by an enterprise or a business entity.
These first six values tend to be the same for all devices and they give you the basic information about them. This sequence of numbers will be the same for all OIDs, except when the device is made by the government.
Moving on to the next set of numbers.
- 1452 – gives the name of the organization that manufactured this device.
- 1 – explains the type of device. In this case, it is an alarm clock.
- 2 – determines that this device is a remote terminal unit.
The rest of the values give specific information about the device.
- 5 – denotes a discrete alarm point.
- 1 – specific point in the device
- 3 – port
- 21 – address of the port
- 1 – display for the port
- 4 – point number
- 7 – state of the point
As you can see, this OID gives detailed information about a device including its service points and based on this value, it is possible to determine the status of a particular device.
MIB is closely related to OID. A MIB is a translator that helps a management station to understand the OID and through it, the status of the device.
In the above example, the first few values are the same for all SNMP devices. But the second part is device-dependent, which means, the manufacturer gets to specify what values mean what. For example, the last value of “7” above can mean that a particular device is working fine or it can mean that the device has not started. It depends on what value the manufacturer chooses to assign for each state.
To avoid confusion, the manufacturer specifies the meaning of each value in a file for your reference and this file is called the MIB.
There is a specific standard and format for these MIB files for uniformity and most devices follow a format called MIB-2. Understanding this format and the meaning of each value is essential to ensure that you read the device well.
To summarize, SNMP is a protocol that helps you to stay on top of the performance and status of all devices in your network.
Every device has a unique address that makes it easy to identify and this is called the Object Identifier or OID.
The manufacturer of a device has the option to give custom values for different status and ports of the device and these values are mentioned in a MIB file.
In other words, you need a MIB file to read and understand the OID and through this, you can know the status of a device.