Background Information on SNMP
From ServersCheck Wiki
Contents |
Introduction
In the late 1970's, computer networks had grown from a simple layout of small, separate networks that were not connected to each other to larger networks that were interconnected. These larger networks were called internets and their size grew at an exponential rate. The larger these networks became the more difficult they became to manage (ie. monitor and maintain), and it soon became evident that a network management protocol need be developed.
The first protocol used was the Simple Network Management Protocol (SNMP); it was commonly considered to be a quickly designed "band-aid" solution to internetwork management difficulties while other, larger and better protocols were being designed.
Out of these protocol designs of the 1980's emerged two different network management protocols. The first was SNMPv2, which incorporated many of the features of the original SNMP (which is still in wide use today) as well as a few added features that addressed the original protocol's shortcomings. The second was the Common Management Information Protocol, which was better organized and contained many more features than either SNMP v1 or v2.
The choice between CMIP and SNMPv2 will soon be made by the general public and will be a very costly one; for the average firm spends about 15% of its total information-systems budget on network management. Among the largest 100 American firms this means an average annual expenditure of $1.3 million on network management. (from Stallings)
The criteria that users desire in a network manager have been studied and reported in two surveys. The results of both show that the user's needs include: an excellent network security system, an easy to use interface, a relatively inexpensive implementation, and the reduction of a systems downtime. These are just some of the criteria that will be used in the forthcoming comparison of both network protocols. (Stallings)
An Introduction to SNMP
SNMP was designed in the mid-1980's as an answer to the communication problems between different types of networks. Its initial aim was to be a "band-aid" solution until a better designed and more complete network manager became available. However, no better choice became available and SNMP became the network management protocol of choice.
The way it works is very simple: It exchanges network information through messages (technically known as protocal data units (or PDU's)). From a high-level perspective, the message (PDU) can be looked at as an object that contains variables that have both titles and values.(Stallings)
There are five types of PDU's that SNMP employs to monitor a network: two deal with reading terminal data, two deal with setting terminal data, and one, the trap, is used for monitoring network events such as terminal start-ups or shut-downs.
Therefore, if a user wants to see if a terminal is attached to the network, he would use SNMP to send out a read PDU to that terminal. If the terminal was attached to the network, the user would receive back the PDU, it's value being "yes, the terminal is attached". If the terminal was shut off, the user would receive a packet sent out by the terminal being shut off informing them of the shutdown.. In this instance a trap PDU would have been dispatched.
The Advantages of SNMP
The largest advantage to using SNMP is that its design is simple, hence it is easy to implement on a large network, for it neither takes a long time to set up nor poses a lot of stress on the network. Also, its simple design makes it easy for a user to program variables they would like to have monitored, for in a more low-level perspective each variable consists of the following information:
- the variable title
- the data type of the variable (e.g., integer, string)
- whether the variable is read-only or read-write
- the value of the variable
The net result of this simplicity is a network manager that is easy to implement and not too stressful on an existing network.
Another advantage of SNMP is that it is in very wide use today. This popularity came about when no other network managers appeared to replace the "band-aid" implementation of SNMP. The result of this is that almost all major vendors of internetwork hardware, such as bridges and routers, design their products to support SNMP, making it very easy to implement.
Expandability is another benefit of SNMP. Because of its simple design, it is easy for the protocol to be updated so that it can expand to the needs of users in the future. The ramifications of this will be seen later on.
The Disadvantages to SNMP and How They Can be Overcome
SNMP is by no means a perfect network manager. It has its faults, yet because of its clever design most of these faults have workarounds.
The first deficiency with SNMP is that it has some large security gaps that can give network intruders access to the information carried along the network. Intruders could also potentially shut down some terminals.
The solution to this problem is simple. Because of the expandability of SNMP, the latest version of SNMP, called SNMPv2, has added some security mechanisms that help combat the 4 largest security problems: privacy of data (to prevent intruders from gaining access to information carried along the network), authentication (to prevent intruders from sending false data across the network), and access control (which restricts access of particular variables to certain users, thus removing the possibility of a user accidentally crashing the network). (Stallings)
The biggest problem with SNMP though is that it is generally considered to be so simple that the information it deals with is neither detailed nor well-organized enough to deal with the expanding networks of the 1990's. This is mainly due to the quick creation of SNMP, for it was never intended to lead network management into the 1990's.
This large problem has been fixed in a newer release of SNMP, SNMPv2. This new version allows for more in-detail specification of variables, including the use of the table data structure for easier data retrieval. Also included are two new PDU's that are used to manipulate the tabled objects. In fact, so many new features have been added that the formal specifications for SNMP have expanded from 36 pages (with v1) to 416 pages with SNMPv2. (Stallings) Some may argue that with SNMPv2 the protocol lost its simplicity, but the fact is that changes to SNMP were necessary. It was an old system that just could not handle the network-intensive world of the 1990's.
SNMPv2 Update
If you have just finished reading the following you might think that SNMPv2 is the way to go. However, SNMPv2 is only alive in theory. SNMPv2 failed because its creators (Case, McCloghrie, Rose, and Waldbusser) could not agree on several key facets (of which I am not aware). Nonetheless finding an SNMP manager or agent that fully supports the proposed v2 extensions is quite difficult. Many agents support the security extensions, yet do so while offering v1's extensions as well. Personally, I believe v2 failed because v1 was so successful. v1 is everywhere today and to expect to fix all its problems while keeping all of its great features was a goal that could not be accomplished. As for a v3 or a reimplementation of v2 I do not think it will happen for a long time, if ever. v1 has outlived anyone's expectations and because of this has made the role of a successor impossible to fulfill. All of this is MHO, and other editorial opinions would be welcomed.
