Overview #
SNMP is a protocol used for managing and monitoring network devices, providing a standardized way to collect information, configure settings, and receive notifications from these devices in a network. It has evolved over time to address security concerns and is a critical tool for network administrators.
Simple Network Management Protocol (SNMP) is a standard protocol provided with client-server architecture to enable monitoring and statistics for servers and devices. It is a widely used network protocol for managing and monitoring network devices, such as routers, switches, load balancers, servers, printers, and more. The service side is usually accessible (when enabled) via UDP protocol port 161.
What are the main usages of SNMP services #
SNMP (Simple Network Management Protocol) services are widely used in network management systems to monitor and manage network devices and systems. Here are some of the main usages of SNMP services:
Monitoring Network Devices: SNMP allows network administrators to monitor the status and performance of network devices such as routers, switches, servers, printers, and more. SNMP-enabled devices collect various types of data, including traffic statistics, CPU utilization, memory usage, interface status, and error rates, which can be queried by SNMP management systems.
Fault Detection and Notification: SNMP facilitates the detection of network faults and anomalies by providing real-time monitoring capabilities. When predefined thresholds or conditions are met, SNMP agents on network devices can generate SNMP traps or alerts, which are sent to SNMP management systems to notify administrators of potential issues. This helps in proactive fault detection and troubleshooting.
Configuration Management: SNMP enables centralized configuration management of network devices. SNMP management systems can retrieve and modify device configuration parameters, such as network settings, access control lists (ACLs), firmware versions, and SNMP settings, allowing administrators to standardize configurations and enforce policy compliance across the network.
Performance Analysis and Capacity Planning: SNMP data collected from network devices can be used for performance analysis and capacity planning purposes. By monitoring trends and historical data, administrators can identify bottlenecks, optimize network resources, and plan for future capacity requirements. SNMP-based monitoring tools often provide reporting and visualization features to help analyze performance metrics over time.
Security Monitoring and Auditing: SNMP plays a crucial role in security monitoring and auditing by providing visibility into network traffic and device activities. SNMP traps can be configured to alert administrators of security events, such as unauthorized access attempts, configuration changes, and system errors. SNMP-based monitoring systems can also track user authentication and access control policies on network devices.
Provisioning and Inventory Management: SNMP services facilitate provisioning and inventory management of network devices and assets. SNMP management systems can automatically discover and inventory SNMP-enabled devices on the network, retrieve device attributes and capabilities, and track hardware and software inventory information. This helps administrators maintain an up-to-date inventory of network resources and streamline device provisioning processes.
Integration with Network Management Systems: SNMP integrates with comprehensive network management systems (NMS) to provide end-to-end visibility and control of network infrastructure. SNMP management systems often include features such as network topology mapping, event correlation, performance monitoring dashboards, automated actions, and policy-based management, enabling administrators to efficiently manage complex networks.
How does OIDs and MIBs work? #
OIDs (Object Identifiers) and MIBs (Management Information Bases) are fundamental components of the Simple Network Management Protocol (SNMP) framework, used for managing and monitoring network devices. Here’s how they work:
Object Identifiers (OIDs) #
OIDs are hierarchical identifiers used to uniquely identify managed objects within a managed network.
They follow a tree-like structure, with each node representing a different organization, system, or object in the network.
OIDs are represented as a sequence of numbers separated by dots, for example, 1.3.6.1.2.1.1.1.0, where each number corresponds to a specific node in the OID tree.
The first few nodes in the OID tree are standardized by organizations such as the International Organization for Standardization (ISO), the Internet Assigned Numbers Authority (IANA), and the Internet Engineering Task Force (IETF).
OIDs are used in SNMP to uniquely identify managed objects that can be monitored or controlled on network devices, such as interfaces, CPU utilization, memory usage, and system uptime.
Management Information Bases (MIBs) #
MIBs define the structure and semantics of managed objects in a network device.
They organize managed objects into a hierarchical structure and provide a standardized way to access and manage these objects using SNMP.
MIBs are typically defined using a notation called Abstract Syntax Notation One (ASN.1), which defines the syntax and encoding rules for representing managed objects and their attributes.
There are several standard MIBs defined by organizations like the IETF, which define common managed objects and their attributes for various types of network devices (e.g., hosts, routers, switches).
In addition to standard MIBs, organizations and vendors may define proprietary MIBs to extend the capabilities of SNMP and support custom features or functionalities specific to their devices.
How they work together #
When a network management system (NMS) wants to monitor or manage a network device using SNMP, it sends SNMP requests to the device.
These requests include OIDs that specify the managed objects the NMS is interested in, along with the type of operation (e.g., get, set, get-next).
The network device responds to these requests by retrieving the requested information from its MIB and sending back SNMP responses containing the requested data.
The NMS can then interpret the data received from the device based on the structure defined in the MIB and use it for monitoring, troubleshooting, configuration, or other management tasks.
In summary, OIDs uniquely identify managed objects within a network device, while MIBs define the structure and semantics of these objects, allowing SNMP management systems to access and manage them in a standardized way.
Configure SNMP server in the load balancer #
In order to use the SNMP advantages, please ensure you’ve enabled the SNMP service available under System > Services > SNMP in the Enterprise Edition and configure the Community Name to be able to access to the information.
Accessing to the SNMP data #
Now, you can access via snmp client, such as snmpwalk. As an example:
root@linux-server:~$ snmpwalk -v 1 -c <community-name> <load-balancer-ip> .1.3.6.1.4.1.2021 iso.3.6.1.4.1.2021.4.1.0 = INTEGER: 0 iso.3.6.1.4.1.2021.4.2.0 = STRING: "swap" iso.3.6.1.4.1.2021.4.3.0 = INTEGER: 1046524 iso.3.6.1.4.1.2021.4.4.0 = INTEGER: 1046524 iso.3.6.1.4.1.2021.4.5.0 = INTEGER: 1011052 iso.3.6.1.4.1.2021.4.6.0 = INTEGER: 647604 [...]
root@linux-server:~$ snmpwalk -v 1 -c <community-name> <load-balancer-ip> .1.3.6.1.2.1.2.2.1 iso.3.6.1.2.1.2.2.1.1.1 = INTEGER: 1 iso.3.6.1.2.1.2.2.1.1.2 = INTEGER: 2 iso.3.6.1.2.1.2.2.1.1.3 = INTEGER: 3 iso.3.6.1.2.1.2.2.1.1.4 = INTEGER: 4 iso.3.6.1.2.1.2.2.1.1.5 = INTEGER: 5 iso.3.6.1.2.1.2.2.1.2.1 = STRING: "lo" [...]
Most used MIBs and OIDs in the load balancer #
Network Interfaces Statistics #
List NIC names: .1.3.6.1.2.1.2.2.1.2
Get Bytes IN: .1.3.6.1.2.1.2.2.1.10
Get Bytes IN for NIC 4: .1.3.6.1.2.1.2.2.1.10.4
Get Bytes OUT: .1.3.6.1.2.1.2.2.1.16
Get Bytes OUT for NIC 4: .1.3.6.1.2.1.2.2.1.16.4
CPU Load Statistics #
1 minute Load: .1.3.6.1.4.1.2021.10.1.3.1
5 minute Load: .1.3.6.1.4.1.2021.10.1.3.2
15 minute Load: .1.3.6.1.4.1.2021.10.1.3.3
CPU times Statistics #
Percentage of user CPU time: .1.3.6.1.4.1.2021.11.9.0
Raw user cpu time: .1.3.6.1.4.1.2021.11.50.0
Percentages of system CPU time: .1.3.6.1.4.1.2021.11.10.0
Raw system cpu time: .1.3.6.1.4.1.2021.11.52.0
Percentages of idle CPU time: .1.3.6.1.4.1.2021.11.11.0
Raw idle cpu time: .1.3.6.1.4.1.2021.11.53.0
Raw nice cpu time: .1.3.6.1.4.1.2021.11.51.0
Memory Statistics #
Total Swap Size: .1.3.6.1.4.1.2021.4.3.0
Available Swap Space: .1.3.6.1.4.1.2021.4.4.0
Total RAM in machine: .1.3.6.1.4.1.2021.4.5.0
Total RAM used: .1.3.6.1.4.1.2021.4.6.0
Total RAM Free: .1.3.6.1.4.1.2021.4.11.0
Total RAM Shared: .1.3.6.1.4.1.2021.4.13.0
Total RAM Buffered: .1.3.6.1.4.1.2021.4.14.0
Total Cached Memory: .1.3.6.1.4.1.2021.4.15.0
Disk Statistics #
Path where the disk is mounted: .1.3.6.1.4.1.2021.9.1.2.1
Path of the device for the partition: .1.3.6.1.4.1.2021.9.1.3.1
Total size of the disk/partion (kBytes): .1.3.6.1.4.1.2021.9.1.6.1
Available space on the disk: .1.3.6.1.4.1.2021.9.1.7.1
Used space on the disk: .1.3.6.1.4.1.2021.9.1.8.1
Percentage of space used on disk: .1.3.6.1.4.1.2021.9.1.9.1
Percentage of inodes used on disk: .1.3.6.1.4.1.2021.9.1.10.1
System Uptime #
System Uptime: .1.3.6.1.2.1.1.3.0
To know more details about how standard and some product specific MIBs are included in RELIANOID Load Balancer, please refer to this article https://www.relianoid.com/resources/knowledge-base/howtos/understanding-snmp-in-a-siem-environment-and-monitoring-relianoid-appliance/ .