The following text is copyright 1994 by Network World, permission is hearby given for reproduction, as long as attribution is given and this notice is included.

What is Wrong With SNMP?

By: Scott Bradner

Every now and then you hear people dumping on the Simple Network Management Protocol (SNMP). The complaints are that it is not smart enough, the graphics are not good enough, there is not enough detail in the network representation, you can't manage your air conditioner with it, etc. Other complaints are that it is too chatty, that it lacks security (or that the security it has is too complicated) and that it is too 'incomplete'.

When thinking about the problems and powers of a protocol like SNMP the first thing to do is separate the technology related issues from the implementation related issues.

SNMP itself is quite simple. It is a small set of messages that can be exchanged between a network management station and an SNMP compliant agent in some network device. The agent maintains a database of information (called a Management Information Base - or MIB) about the configuration and status of the device. The messages are commands to retrieve data from entries in the MIB or to set the entry to a new value.

In SNMP version 2 (SNMPv2) there are three data retrieval request messages: get data from one or more entries, get a block of data or get data from the syntactically 'next' entry. The latter command permits a management station to scan the full MIB in an agent without having to know in advance the names of each entry. There is one set request message which can be used to change the contents of one or more database entries. There is a response message that the agent uses to respond to any of the retrieval or set messages. There is a message that can be used for management station to management station communication. Finally, there is a 'trap' message that an agent can send to a management station when something particularly significant happens. There are defined trap messages for power on, link up or down and access control violations. (Humm, I wonder why they did not define a trap message for power going down?)

As you can see, SNMP is quite simple and doesn't include anything about pretty pictures of networks. SNMP is a way to ask questions and convey information. The interpretation and representation of that information is a matter of implementation in the management station.

If a management station does not have a way to create a hierarchical representation of the monitored network, that is a result of a lack of capability in the implementor, not a lack in SNMP. If it tells the operator that the 100 nodes on the LAN at the far end of a wide area link have gone away rather than letting you know that the link went south, the implementer is demonstrating his lack of understanding of cause and effect. Don't blame SNMP.

There are some things that one can legitimately criticize in SNMP. The level of security in SNMPv1 was not something to write home to mother about, unless mother cares as little about network security as most network managers seem to. A clear-text access control string, known as a community name, is carried in each SNMP message. Anyone who could monitor your network could capture the community name and then, in most cases, have the same level of monitoring and control that the legitimate network operations center has. SNMPv2 has a comprehensive security package but it has been criticized as being much to complicated to implement and operate. A new document, RFC 1503, now describes clearly and simply how to administer SNMPv2 network managers. This should help considerably in this, to me, important ,and often neglected area.

The amount of SNMP traffic in a network is a product of the query pattern configured into the management station. If you want to know the status of every router in a thousand router network every second you will have quite a bit of traffic. But, if you are a bit sensible in your expectations the amount of SNMP traffic can be kept to a quite reasonable level.

While finding a description of an air conditioner MIB might be a bit tough, over 40 MIBs have been defined covering a wide (to some too wide) range of applications from protocols to servers, from routers to printers, with more in the works.

So, take care in complaining about SNMP and shoot at the right target. More often than not it is the name on the box not the protocol in the standard.

Disclaimer: Harvard has dozens of ideas about management, this is not one of them.

sob@harvard.edu