Paessler Blog - All about IT, Monitoring, and PRTG

SNMP. A Pillar In IT: What You Must Know About Its Versions and FCAPS

Written by Martina Wittmann | Mar 1, 2017

There is no way a network administrator has never heard of SNMP. Or, let's say it in a positive way: Every network administrator will come across SNMP, sooner or later. And it doesn't matter how old you are.

As a professional network administrator, it is your job to manage your company's information technology. You ensure its availability, you keep it performant, you identify and solve problems quickly, you take care of security. This means that you prevent loss of revenue, or ultimately, even loss of lives depending on who you work for. Customers, patients as well as your company and its staff rely on your work.

Curious about SNMP? The following lines give you an introduction to SNMP, from a bird's-eye view.

FCAPS

In the late 80s, some ISO (International Organization of Standardization) fellows figured out 5 important functions that proper network management generally should include.

  • Fault Management
  • Configuration Management
  • Accounting Management
  • Performance Management
  • Security Management

This ensemble of network management functions is also called the FCAPS model. It was (re)defined by the ISO in ISO/IEC 7498-4: 1989, and ITU-T Recommendation M.3400, 02/2000. 

Now, what about SNMP? What does it have to do with ISO management functions? Before we answer this question, let's start a little journey back to where it all began. The origins of SNMP date back to the late 80s, too, when network administration lacked suitable network administration tools that were not dependent on hardware manufacturers. In these times, two important protocols came up. The CMISE/CMIP (Common Management Information Services Element/Common Management Information Protocol) and SNMP (Simple Network Management Protocol), which has its roots in the SGMP (Simple Gateway Monitoring Protocol) alias RFC 1028.

SNMP v*

It didn't take very long to develop SNMP v1, based on SGMP. Defined in 1988, it was then broadly accepted and used and it is still used now, 30 years later, which is nearly an eternity in IT. SNMP v1 provides the basic functionalities for data polling, it is relatively easy to use and doesn't create much overhead because it doesn't include any encryption algorithms. So for security reasons, use SNMP v1 in LANs only. Its biggest limitation, however, is its 32-bit counter architecture which is, nowadays, not enough for GB/s size networks. By the way, when it comes to network management information transfer in WANs, the CMISE/CMIP protocol is the right protocol to go for.

SNMP v2 supports 64-bit counters, but still sends critical data as clear text, so it does not really enhance security. And if you come across SNMP v2, it is mostly "SNMP v2c" that manufacturers or networkers are speaking about, with the "c" standing for "community". Two other SNMP v2 versions exist, SNMP v2p and SNMP v2u, but they are only implemented in rare cases.

Defined in 2002, SNMP v3 includes the advantages of SNMP v2c and adds security solutions like user accounts, authentication, and optional encryption of data packages. This enhances security, of course, and makes SNMP v3 the recommended SNMP version when it comes to security. However, it also makes configuration more difficult, especially user management, and you will need much more CPU, especially with short monitoring intervals that create a great number of SNMP messages.

It's up to you to decide which SNMP version to choose. If you even have a choice, because not all devices support all SNMP versions. If they do, you can choose SNMP v3. However, keep in mind that you might need a workaround in case SNMP causes too much load in your network and slows down traffic and computing power.

SNMP Allround Talent

When you get SNMP working, you can monitor nearly everything. Not only the CPU load of a server, the fan status of a disk array, the printed sheets by a printer, or the traffic on a switch, or router, or hub. But also the air conditioning at your site, the humidity in the soil of your plants, and the level of coffee beans in your coffee machine. SNMP not only allows you to get answers upon requests, but also upon events. For example, a ventilation unit cooling down some of your most important server racks can inform you if something unusual happens to its fans that might have more than negative consequences for your hardware.

As said before, you can monitor nearly everything, as long as it "speaks" SNMP.

And to answer the question "What's SNMP?" with one sentence: SNMP is a protocol for management information transfer in networks, for use in LANs especially.

Manage FCAPS with SNMP

Now, does SNMP provide all the necessary functions to properly manage your network? Remember, according to the FCAPS model you need to manage faults, configuration, accounting, performance, and security. Let's see.

 

Fault Management Yes
Configuration Management Yes
Accounting Management Yes
Performance Management Yes
Security Management Partly

 

Looks good, doesn't it? But how exactly are these FCAPS functions realized with SNMP? I'll give you some examples.

  • Fault Management. For example, SNMP traps report errors without having been requested. Like in the case of the above mentioned ventilation unit, an SNMP trap can inform you about a problem with the fans. You can then install a new cooling unit before data is actually lost because of heated disks. This makes you a hero. Also SNMP GET requests and data storage allow you to become proactive. In clear text this means that you would check out new fiberglass internet connection possibilities if your traffic trend has constantly been out the roof over the past year, so you and your company people won't constantly stumble upon bottlenecks the following year. Using SNMP, moreover, you can send SET requests, for example, to deactivate or restart a given interface in case of errors. (Just a little side note: Please always use the SNMP SET function carefully and think twice about whether you really need to send it.) All in all, the fault management with SNMP is very powerful, and even more powerful with a solid notification system provided by your monitoring solution.
  • Configuration Management. When it comes to configuration, SNMP GET requests allow you to register all connected devices in your network and will return important inventory data, like installed programs, system info, and service tags. It's always good to have an overview of what's going on on the workstations in your company. With the help of SNMP SET requests, you can carry out configuration tasks like changing server names, if this prevents chaos in your network.
  • Accounting Management. All measurements made with SNMP provide a great data base for billing. You can base your invoices on real data like for bandwidth usage and server usage which makes SNMP a valuable tool especially if you are an MSP.
  • Performance Management. Many, and I mean really many, manufacturers use SNMP to provide important info regarding their devices, like CPU usage, disk space, availability, and limits, as well as very specific info of all kinds. So if you use SNMP for monitoring, you get the status of (nearly) all your network devices and connections. As an admin, you surely love having a healthy and performant network, including healthy and performant servers and workstations and important hardware and processes that keep your company functioning every day. Based on your monitoring data you can analyze trends and manage your network capacity proactively like you can when managing faults with SNMP.
  • Security Management. This is where you can rely only partly on SNMP. SNMP GET requests allow you, for example, to check user logins to your company VPN, which is good because it updates you on potential security risks. However, sadly SNMP traps may imply firewall attacks. In this case, syslog is the more common alternative regarding security management.

Wrapping It Up

Okay, as you might know from experience or as you might have heard, setting up SNMP can sometimes be quite nerve-wracking, and SNMP may be criticized for security issues. However, when you get it working, it is absolutely reliable. And it is widespread, among administrators and hardware manufacturers, which makes it a universal and thus powerful monitoring protocol. And as long as other network management protocols don't start having their heyday, there won't be any new standard to retire good old SNMP.

New Horizons

Stay tuned on our SNMP blog series if at least one of the following questions has already crossed your mind: