Short for Simple Network Management Protocol, SNMP is an application-layer protocol that is used to effectively manage and monitor all devices that exist on a network. In other words, it's a way to organize and modify real-time information about managed devices on IP networks - all so that administrators can make the most informed decisions possible at all times.
It is supported by practically any device on a network including but not limited to servers, routers, switches, workstations, printers and more.
Thankfully, SNMP has a very straightforward architecture that is based on a simple client-server model. Here, the servers are called SNMP managers and they collect and process information about all of the devices on a network.
The clients are called agents, and this is just a device that refers to any device (or device component) connected to the network. In addition to the above examples, these can include network switches, phones, computers, mobile devices and more.
How SNMP works for network monitoring
SNMP exposes data such as network interface status (bytes in and out, input and output errors), cpu and memory usage. It does this via object identifiers (OID), whose hierarchical tree structure is organized in a MIB (Management Information Base). Vendors can also define their own custom OIDs for vendor specific-monitored objects. In other words, OIDs identify the set of information exposed by the devices and systems that can be monitored via SNMP.
SNMP Traps vs. Informs
Within the context of SNMP, traps are those alert messages that are sent from all of your remote devices to a central collector, known as the manager. This is a slightly different concept from informs or inform requests, which is a feature that allows routers to send informs to SNMP managers when particular events like error conditions occur.
SNMP Polling vs. Traps
Both of these concepts are themselves different from polling, which is a term used to describe when a device asks for (and ultimately receives) information from another device on a network. In SNMP polling, the Management Information Base (MIB) objects request and receive data from the agents deployed at remote sites, rather than the other way around.
SNMP polling is a pull mechanism ideal to collect monitoring data at regular intervals, while SNMP “traps” is a push mechanism ideal to notify about events and to avoid flooding the network with monitoring messages.
How SNMP Works with Telegraf
Telegraf can be deployed with SNMP Input Plugin configured to poll specific OIDs. Telegraf then batches the data and streams it to InfluxDB.
When you use the Telegraf SNMP Trap Input Plugin, your Telegraf deployment will begin to receive SNMP notifications pertaining to all traps and inform requests, thus giving you a real-time view of your system and network performance issues.
By continuing to monitor these SNMP notifications on a regular basis, you can balance resource consumption impact and thus mitigate risk from challenges rather than allowing yourself to be surprised by them.
If you were suddenly dealing with an issue where a critical power supply unit failed, for example, the Telegraf SNMP Trap Input Plugin would allow you to get a notification about it immediately. More than that, Telegraf will send that SNMP trap to the output plugins to further notify your team members that something is going on so that they can quickly take steps to correct it.
Frequently asked questions about SNMP
When was SNMP created?
The SNMP protocol was first introduced all the way back in 1988 in an effort to better meet the growing needs for a standard for managing IP devices on a network — something that was exploding in popularity at the time. SNMP was created in part to provide users with a "simple" set of operators that would allow these devices to be effectively managed remotely, thus opening up a whole new world of possibilities as a result.
Which SNMP Version is best?
Since 1988, three major versions of SNMP have been developed and deployed to the public. SNMPv1 was the original version. SNMPv2 included significant improvements with regards to performance, security and manager-to-manager communications. This version is also the one that introduced the option for 64-bit data counters.
SNMPv3 is interesting in that it actually makes no changes to the protocol (with the sole exception of adding cryptographic security) — it just looks very different thanks to a lot of new textual conventions, concepts and terminology. Support for a larger number of security models was added, as this was always one of the major points of criticism present in earlier releases.
Since security was always considered to be a major weakness in the first two versions of SNMP, SNMPv3 would undoubtedly be considered the best among industry professionals. Keep in mind that authentication in the first two versions amounted to little more than a password that was itself sent in a clear text message between a manager and an agent. This is woefully inadequate these days so if you want to keep your network devices safe while also creating a more effective way to manage them, SNMPv3 would undoubtedly be the way to go.
Why is SNMP so important?
Keep in mind that SNMP was created to help people monitor and manage their networks in the easiest way possible. Not only that, but it works with products and services by many manufacturers — all in a way that is straightforward to use and easy to understand.
If you think that network management was difficult in 1988, things have gotten exponentially more complicated in the decades since. Today, there may be countless devices on a network from mobile devices to workstations to printers and more. This is only going to get more problematic as time goes on with the rise of the Internet of Things.
Don't forget that we are about to enter into a time when literally billions of devices will all be connected to networks around the world creating and sharing information not only with users but with one another. The sheer volume of personal information to be exposed by weak security will soon prove to be catastrophic. Soon, SNMP will become even more valuable than it already is in terms of allowing administrators to understand exactly what is going on with their networks at a given moment, all so that they can take the best steps possible for their protection and maintenance on an ongoing basis.
Having a deployment like SNMP in place today won't just allow people to meet today's challenges — it will also better prepare themselves to address the issues of tomorrow.
What is the difference between SMTP and SNMP?
SMTP is an acronym short for "Simple Mail Transfer Protocol." In other words, it is a protocol used with computer networks for the purposes of email communication. Other than the fact that their acronyms are relatively similar, SMTP and SNMP are two entirely different concepts and should be treated as such.
What is the difference between RMON and SNMP?
The major difference between RMON and SNMP is that the former is used for "flow-based" monitoring while the latter is used for "device-based" monitoring and management. They, too, serve somewhat different purposes.
SNMP can be used to make sure that your network is working at peak efficiency. RMON, on the other hand, can help make sure that this is still true even if a user happens to be offline at the time. They both bring their own unique advantages to the table and both have a home within your network management stack.