Shaikh, Salman

EP086183

Simple Network Management Protocol (RFC 3411)

What is SNMP?

During the early period of the internet, nearly all operation of the network were operated and
managed manually. Although the method allowed for flexible decision making it posed several
problems in the long run. Although manually operating a network, updating and error detection
of a small network is fairly manageable, the task would become exponentially difficult as the
networks grew larger and larger. The rapid growth of networks made it nearly impossible to
manually detect errors. It further increased the risk of human errors during its operation and
maintenance. The problem existed because this network system of devices could not alert the
administrators to the problem when they occurred. All such networks are defined as
unmanaged networks. The solution to this dilemma was provided through Simple Network
Management Protocol (SNMP).

SNMP was first proposed by the Network engineering Task Force(NETF) to replace unmanaged
networks with managed ones in 1988. This new network system was a necessity at the time to
address the management problems of an ever growing internet.

How Does SNMP work?

SNMP is a software suite that uses user datagram protocols (UDP) and runs in a network
containing at least one server with administrative privilege and one or more host devices. The
operation of SNMP can be summarized as managing, maintaining and monitoring the entire
network.

In order for SNMP to work on a network system, three fundamental components are required

a) Managed Device(s)
b) Agent
c) Network Management System (NMS)

1
 Shaikh, Salman
EP086183

All network (host) devices or nodes that recognize and use SNMP are called managed
devices. These devices have the ability to perform unidirectional or bidirectional
communication with the NMS software installed on the server with administrative
privileges. This is done by using SNMP software module called agents that are installed on
the host devices. Hence, the server is referred to as manager while the host devices are
referred to as agents in SNMP terminology. The data packet exchanged between manager
and agents are usually values for specific data elements present on the managed devices or
updates for those elements. Therefore, the data exchanged between manager and agents
are a direct representation of the data elements and are called variables. Most of the
network devices used today are all managed devices e.g. routers, switches, bridges etc.

It is important to point out that SNMP like all network protocols adheres to the OSI layer
hierarchy. SNMP is an application layer protocol i.e. it is an OSI layer 7 protocol. Like all the
protocols it has layer specific functionality and relies on other layer protocols to complete
its operations. Hence, SNMP is modular software whose only function is to send and receive
variables. The definitions of functions and variables as well as the variable hierarchy used by
SNMP are available in a software module called Management Information Base (MIB).

What are the components of the Simple Network Management Protocol?

SNMP is an Application layer protocol and exists as a software suite. According to the
SNMPv1 architecture the manager and agents each use a specific UDP port to send and
receive variables. The manager can send a variable through any of its ports but agents can
only receive that variable through UDP port 161. Similarly when an agent sends a response
through any of its ports, it can only be received by manager through UDP port 162.

Variable data can be sent and received between manager and agents by using a set of
defined functions called Protocol Data Unit (PDU). SNMPv1 defined 5 core PDU’s for its
operation. Two additional PDU’s were added when SNMPv2 replaced SNMPv1. These PDU’s
were carried over to SNMPv3 that is currently being implemented.

The seven SNMP PDU’S currently used are defined as follows:

2
 Shaikh, Salman
EP086183

1) GetRequest: This PDU sends a request from manager to agent for current value of the
variables specified. The variables whose values are requested can be specified in a
variable binding. When this request is received the agent replies by sending the current
values of the requested variables.
2) SetRequest: This PDU sends a request from manager to agent to modify value of the
variables specified. The variables whose values areto be modified can be specified in a
variable binding. When this request is received the agent replies by sending the updated
values of the requested variables.
3) GetNextRequest: This PDU sends a request from manager to agent for a list of all
variables available to that agent. When this request is received the agent replies by
sending a variable binding containing all the variables available to it in the order
specified to it by MIB. The list can be read using an iterative application.
4) GetBulkRequest: This PDU was introduced in SNMPv2 as an enhanced version of
‘GetNextRequest’. It allows for multiple iteration of GetNextRequest to be sent per
request.
5) Response: This PDU is executed when an agent (or manager) receives notification from
GetRequest, SetRequest , GetNextRequest , GetBulkRequest, or InformRequest PDU. It
sends a reply to any of the above queries. Another function of Response PDU is to send
error report to manager if any problem is encountered.
6) Trap: Trap is an SNMPv1 core function that was later modified under SNMPv2
specifications and renamed SNMPv2-Trap. This notification is sent from agent to
manager. It consists of a sysUpTime value, the identity of the trap as specified by MIB
and an optional variable binding.
7) InformRequest: This PDU was introduced in SNMPv2 to address a common UDP
problem. Dropping packets is very common in UDP ports. Hence, trap alerts or error
notification are often dropped before reaching the manager. This PDU was introduced
to alleviate this issue. The content of this notification are the same as ‘Trap’ PDU
however it is sent from one manager to another. The manager that receives this
notification responds by repeating the data packet back to the sending manager.

3
 Shaikh, Salman
EP086183

The data sent in a PDU interaction has a specific format. Following are the nine field from left to
right in a PDU data packet.

1) IP header
2) UDP header
3) Version
4) Community
5) PDU-Type
6) Request-ID
7) Error-Status
8) Error-Index
9) Variable bindings

The fields may or may not contain data based on the PDU requirement.

What is the history of SNMP RFC?

SNMP was standardized in 1988. SNMPv1 was implemented in RFC 1065, RFC 1066, and RFC
1067. The above RFC were later replaced by RFC 1155, RFC 1156, and RFC 1157. RFC 1156 was
replaced by RFC 1213.

SNMPv2 replaced SNMPv1. The first edition of SNMPv2 comprised of RFC 1441-1452. After 2
revisions SNMPv2 was replaced by SNMPv3 consisting of RFC 3411-3418. This is the currently
implemented version of SNMP and has the following additions over SNMPv2:

a) New SNMP message format

b) Security for messages
c) Access control
d) Remote configuration of SNMP parameters

4
 Shaikh, Salman
EP086183

What does RFC 3411 define?

RFC 3411 defines the outlines for the SNMPv3 network infrastructure. The main purpose of
SNMPv3 infrastructure implementation are:

a) Reduction of agents required in an SNMP network

b) Using intermediate agents called proxy agents
c) Using command line driven managers
d) Use of devices that act as both managers and agent known as mid-level managers.
e) Use of devices for managing large number of managed nodes also called network
management stations.

The goals defined by RFC 3411 for implementation of SNMPv3 are as follows:

a) Using minimum amount of material by reusing SNMPv2 components.

b) Introduction of SNMP data security components.
c) The new architecture must be durable.
d) Simplification of SNMP architecture.
e) Making implementation as inexpensive as possible.
f) Make the design modular.
g) Make it capable of supporting large networks.

The most noticeable addition to SNMPv3 is the addition of security system to protect data over
UDP port. The RFC 3411 specifically defines the security threats against which the SNMPv3
security system has been implemented:

a) Modification of information is a problem where in transit SNMP data is altered causing

falsification of variable values.
b) Masquerade is a threat where a network entity may attempt to perform unauthorized
operation by assuming the identity of an authorized administrative entity.

5
 Shaikh, Salman
EP086183

c) Message stream modification is a problem where unauthorized modification of the

data order may occur naturally or by a malicious entity causing delays or repetition of
data to an extreme extent.
d) Disclosure is the threat of foreign entities observing the data or stealing it.

Other features defined by SNMPv3 RFC 3411 include new format for PDU interaction. It has the
ability to update nodes remotely without the need to manually change the software
components. SNMPv3 also emphasizes modularity and simplification of design to make
implementation of future upgrades possible. Another security feature added to SNMPv3 is
access control. This feature allows administrator to decide whether an entity should be allowed
access to a node or data. Finally the SNMPv3 is backward compatible i.e. it has the ability to use
SNMPv2 specifications as well as SNMPv1 specifications when necessary.

6
 Shaikh, Salman
EP086183

Reference

a) http://www.wikipedia.org , Keyword:SNMP, last modified on 12 October 2010 at 14:51

b) D. Harrington, R. Presuhn, B. Wijnen, “An Architecture for Describing Simple Network

Management Protocol (SNMP) Management Frameworks “, RFC 3411, December 2002