Book Review: Essential SNMP by Douglas R. Mauro and Kevin J. Schmidt

This book is organised in 14 chapters and 5 annexes. It helps understanding how enterprise monitoring started and is being done in companies today. Specially recommendable to theorists. By no means this post will replace the reading of the book. However, here you are some of the key learning points in a very telegraphic manner:


Chapter 1 - Definition and ISO processes

A first chapter with two distinct parts, a technical one devoted to define and frame SNMP and a procedural one aiming to briefly describe ISO-related IT processes such as change management. As said, good for theorists.

The initial objective of the predecessor of SNMP was to manage Internet routers. There are three versions of SNMP. Version 3, the last one, adds security features such as strong authentication and communication confidentiality.

Two important communication concepts in SNMP: polling and traps.

In network management, polling means querying an agent. The active element that does the polling is the manager, normally the Network Management Station (NMS).

A trap is a communication from the agent in the managed/monitored element to the manager indicating that something worth being-monitored has happened.

Polls and traps can occur simultaneously.

The syntax that defines the set of elements that an agent tracks is called the Structure of Management Information (SMI). The Management Information Base (MIB) is actually the set of tracked elements using the SMI syntax. An agent can implement many MIBs. MIB-II is defined in all agents.

A first introduction to Remote Monitoring (RMON), a monitoring standard that deals with packet-level statistics related to a network.

There is a strong link to ISO standards. Their processes require that the IT systems and networks are monitored.

This chapter refers to a network management and/or monitoring concept called FCAPS i.e. fault management, configuration management, accounting management, performance management and security management.

Regarding reporting, monitoring data is the source for response time reporting, alarm correlation, trouble resolution. Change management is also a process that benefits from monitoring and reporting.


Chapter 2 - Commands and functioning

SNMP uses UDP. Normally SNMP requests are sent to the agent's port 161, responses are sent to the NMS's port 161 and traps are sent from the agent to the NMS's port 162.

Every agent is configured with 3 community strings: read-only, read-write and trap. These strings are the passwords to be able to read data from the agent, to write data e.g. reset counters in the agent and to receive traps.

According to the SMI syntax, any managed object is broken down into three attributes: Name (also called object identifier - OID), type and syntax and encoding (every instance is encoded into a string of octets).

Objects are using a treelike hierarchy, similar to an LDAP directory scheme.

The authors refer in this chapter to specific SNMP operations:

- get: instruction for the agent to send a specific MIB object.
- getnext: instruction for the agent to send a list of MIB objects (a related command is snmpwalk).
- getbulk: to send a large portion of a MIB table.
- set: sets a variable.
- response: to any of the gets.
- trap: a way by the agent to tell the server that something happened.
- notification (packet format related). 
- inform: for acknowledged sending of traps.
- report (only in version 3).



Chapter 3 SNMP Version 3

The SNMPv3 engine has four elements: The Dispatcher, the Message Processing Subsystem, the Security Subsystem and the Access Control Subsystem. This version divides the functionality of SNMP into 5 applications i.e. command generator, command responder, notification originator, notification receiver and proxy forwarder.


Chapter 4 NMS Architectures

The specs for your NMS, in terms of processing power, will be pretty humble. This does not cover however your log storage requirements. A typical data collection time period will be 10 minutes.

Certainly, placing a NMS close to the network that is managing/monitoring makes sense. Being more precise, it is recommendable to place a remote poller on each of the monitored networks that will forward events to your central NMS if required. This way we save long-distance polling requests.

This chapter also mentions the concept of trap-directed polling. This means that the polling will only take place when the NMS receives a specific trap.

Finally, a new concept called Web-Based Enterprise Management is mentioned.


Chapter 5 NMS Configuration

A first NMS that they describe is the HP's OpenView Network Node Manager (they provide a 60-day 250-node trial license). The second one they mention is Castle Rock's SNMPc Enterprise Edition.
Most NMSs have an IP Discovery function and you can load MIBs into them.


Chapter 6 Configuring agents

At least all SNMP agents have these configuration parameters: location, contact, name, read-write and read only community string and trap destination. The fact that the community strings are sent in the clear means that if you need to send SNMP information through networks you do not control, then you need either to use SNMP v3 or a VPN. I would recommend to use both.

Typical SNMP agents: Net-SNMP is the Microsoft agent, HP OpenView Agent can deal with HP-UX and Solaris, Net-SNMP is an open source agent for Unix, Concorde provides SystemEDGE for Unix and Windows, Cisco has their own SNMP agent and they also mention APC Symetra for uninterruptible power supplies (UPSs).


Chapter 7 Polling and setting

Three typical, basic and important SNMP actions: snmpget (to obtain a value from the MIB), snmpset (to write a value in the MIB) and snmpwalk (to go through a subset of the MIB).

Although most of the times we will use an SNMP-based monitoring software e.g. in the book they first present HP OpenView's command line and graphical interface, we can also create our own Perl scripts to read SNMP information from any monitored device. The Net-SNMP tools are also mentioned in this chapter.



Chapter 8 Polling and thresholds

Internal polling is done from the same machine. External polling is performed by the NMS. The local RMON agent can also perform internal polling.

In this chapter we also read about concepts such as data collections and thresholds assigned to them. Most of the thresholds are build on specific collection features e.g. "higher than X for Y consecutive samples".

Certainly, already in this chapter a open source tool for data collection and graphing is mentioned, MRTG.



Chapter 9 Traps

All different NMSs need to be configured on what they do when they receive a trap from an agent. When a trap is received, an event in the NMS is created. It is usual to assign a severity level to each of those events.

For those who cannot afford an expensive NMS, you can also create your own Perl scripts to both receive and send traps. The default destination port for a trap is UDP 162.


Chapter 10 Extensible SNMP agents

Some agents' MIBs can be extended to obtain values from an external entity such as a script running in the monitored device.

An agent can return multiple lines of output data in the form of tables.


Chapter 11 Adapting SNMP to fit your environment

A key chapter that presents how SNMP can provide value to your IT shop/factory:

A nifty example to show the use of SNMP is to generate traps that would record who is logging into a system. Those traps will be stored at the SNMP-trap receiving end. This remote sending will increase the security of those log-in logs.

A second easy business case could be the detection of core dumps being created in a system. A third one will be checking available disk space.

The list of SNMP uses is long: Port monitoring, service monitoring, web content, SMTP health, DNS and statistics from wireless access points among others.

This chapter also mentions an object-oriented Perl package named SNMP::Info. It enables reaching values in the MIB without having to know where exactly they are.


Chapter 12 MRTG

This is the chapter to go when we need to use the Multi Router Traffic Grapher (MRTG): An open-source configurable graphic trend analysis tool. Among other libraries, MRTG requires Perl to run. Graphs can be seen using a browser.

MRTG itself issues get commands, using the read-only community string, to read from the monitored devices.


Chapter 13 RRDtool and Cricket

Similarly to the previous chapter, this one also presents a tool: "The Round Robin Database Tool to store and process data collected via SNMP". Together with RRDtool, Cricket is one of its front-ends. It requires a configuration tree and presents information via a web browser.



Chapter 14 Java and SNMP

Those who have powerful machines, or prefer not to use Perl, can also create SNMP applications with Java. This chapter explains the Java package snmp4j.



Annex A Using input and output octets

Important when we need to measure network interface speeds.

Annex B and annex C present specific SNMP tools, annex D lists the SNMP-related RFCs, annex E talks about Perl modules for SNMP, annex F lists network management software, annex G mentions open source monitoring software and finally annex H presents some guidelines on network troubleshooting.


In a nutshell, I would say SNMP is your friend whenever you have to administer more than one machine.

Thanks to Douglas R. Mauro and Kevin J. Schmidt for this book!

Lights ON for SNMP!