SNMP Protocol Architecture – MIBs and OIDs explained

SNMP protocol architecture

Simple Network Management Protocol (SNMP) is one of the most widely used monitoring protocols in networking. The protocol provides a medium for SNMP-enabled devices to communicate and share performance data. Today there are tons of network monitoring tools that use SNMP for real-time performance monitoring. In this article, we’re going to look at what SNMP is, including its protocol architecture, Management Information Base (MIB), and Object Identifiers (OIDs).

What is SNMP, and How does it Work? 

SNMP is an Application Layer protocol that was created back in 1988. The SNMP protocol enables devices throughout the network to communicate. The protocol works by having the SNMP manager or management station, which sends SNMP Get-requests to SNMP agents (or “client entities” if you’re using SNMP version 3) located inside devices.

SNMP agents are essentially local programs within devices that collect performance data from the Management Information Base (MIB) and send it to the SNMP manager when polled (we’ll look at this process and the architecture of SNMP in further detail below).

Once the information has been forwarded to the SNMP manager the user can pull up a GUI to monitor the performance in real-time. In effect, SNMP enables a user to monitor a network full of devices from a single location.

SNMP Architecture (SNMP Manager, SNMP Agent, MIBS and OIDs) 

SNMP Manager image

SNMP’s architecture is based on a client-server model or manager-agent model with managers and agents. It’s important to note that in the explanation below we will be focusing on SNMPv1 to keep things simple.

These each play a different role:

  • SNMP manager – Queries SNMP agents and gathers information from devices throughout the network.
  • SNMP agent – A program inside SNMP-enabled devices that collects performance data from the MIB when a request is made by the manager.
  • Management Information Base – Database of managed objects organized hierarchically that have OIDs.

SNMP Manager 

The SNMP Manager is the computer that you use to query agents within the network for performance data and can also set variables in agents. The manager sends a request and then the agent responds with performance data. The manager also listens for SNMP traps and acknowledges asynchronous events.

SNMP Agent 

The agent listens for requests from the manager and responds when polled. When a request is made the agent takes data from the local MIB and sends it through to the SNMP manager. The agent also issues SNMP traps to alert the manager about performance events.

MIB (and OIDs!)

The MIBis a database and ASCII text file that’s shared between an SNMP agent and an SNMP manager. The MIB is a collection of managed objects structured hierarchically in a tree structure. Managed objects come as scalar objects with a single instance or tabular objects with multiple instances (such as a table).

Each managed object is given a unique OID to differentiate it from other objects. The OID is essentially a numerical tag that acts as an address. The format is as follows: 

In a nutshell, SNMP agents collect performance data from the MIB located on the local device and then sends that data forward to a manager, where it can be viewed remotely with a network monitoring tool.

How Do Agents and Managers Communicate? (SNMP Messages) 

SNMP messages are transferred through User Datagram Protocol (UDP), a connectionless transfer protocol at the IP Layer. UDP sends messages without verifying a connection to the recipient. Through UDP, agents and managers can communicate with a range of messages. There are five main messages that SNMP uses to communicate:

  • Get – Manager uses this message to query values from the MIB of an SNMP agent.
  • GetNext – Manager uses this message to retrieve the value of the next OID in the tree. It is often used to walk through a range of OIDs.
  • GetResponse – Agent uses this message to respond to a Get, GetNext, or Set request from the Manager.
  • Set – Manager uses this message to command an agent to change the value of a managed object.
  • Trap – Agent uses this message to report performance events.

These are just some of the messages that the agent and the manager use to communicate. It is important to note that a trap is the only type of message that can be initiated by the agent. Trap messages act as notifications that tell the SNMP when something important takes place, such as a device overheating.

While UDP doesn’t guarantee that messages will be delivered, it does have the advantage of reducing the number of system resources needed to carry messages back and forth.

It is important to note that within SNMP messages, the SNMP protocol uses the same OID for objects in the MIB to enable the recipient to distinguish between object variables.

Layered Communication 

The communication model used by SNMP can be classified as layered, which means SNMP messages aren’t sent in isolation but are wrapped up in some other protocols first as the packet gets assembled. An SNMP message is wrapped by UDP, which is then wrapped by the Internet Protocol (IP).

SNMP Manager to SNMP Agent Request: Protocol Layers Guide 

  • Layer 1 – Application Layer: Uses SNMP protocol, produces a Get message to poll an agent for a specific OID. 
  • Layer 2 – Transport Layer: Uses UDP protocol, identifies the manager port destination for the agent’s response, and the port the agent should listen at.
  • Layer 3 – Internet Layer – Uses IP protocol, adds media access addresses, and IP addresses of the SNMP manager and agent.
  • Layer 4 – Network interface Layer – 10BaseT, Verifies access media, and transfers the packet to the agent.

The path taken to traverse the layers depends on whether the message is being sent to the manager or the agent. When an SNMP manager wants to poll an agent, it prepares a GET request for a specific OID. The message is then passed to the UDP Layer which adds a data block. This details the port on the manager where the response should be sent to by the agent. It also tells the agent what port to listen at.

The packet is passed to the IP Layer where the IP and media access addresses of the manager and agent are added. The packet is then passed to the Network Interface Layer, which verifies the access media data and sends the packet over to the agent.

SNMP Agent to SNMP Manager Response: Protocol Layers Guide 

  • Layer 4 – Network Interface Layer: Uses 10BaseT protocol, takes query from media.
  • Layer 3 – Internet Layer: Uses IP protocol, verifies media access and IP addresses.
  • Layer 2 – Transport Layer: Uses UDP protocol, checks target port for joined applications. If the application is listening, it then passes the packet on to the Application Layer.
  • Layer 1 – Application Layer: Uses SNMP protocol, if the SNMP agent is listening, and the GET request is processed.

Once the packet traverses the network and reaches the agent, the agent then flips the process on its head and runs through the four layers in the opposite direction (starting with the Network Interface Layer rather than the Application Layer). The Network Interface Layer pulls the query from the media and then hands it over to the IP Layer.

At the IP Layer, the Media Access and IP addresses entered are verified before the UDP Layer checks the target port for joined applications before passing the packet to the Application Layer (only if the application is listening at the target port!). Once the packet is passed to the Application Layer the GET request is then processed by the agent.

SNMP in Action: A Network Monitoring Software Example

SolarWinds Network Performance Monitor

SolarWinds Network Performance monitor

When we talk about data being pulled from the MIB and sent to the SNMP manager, users encounter this information through an SNMP monitoring tool. SNMP monitoring software you can use to pull MIB data from SNMP-enabled devices includes platforms like SolarWinds Network Performance Monitor.

Platforms like SolarWinds Network Performance Monitor have a MIB database that takes OIDs from devices throughout the network and stores the data centrally. Having performance data stored in a central location makes it easier to monitor multiple devices in one place.

SNMP monitoring tools also provide you a variety of formats like dashboards, charts, and reports you can use to make sense of performance data. More useful still, you can use the software to listen for SNMP traps and configure SNMP trap rules to respond with automated actions. Many vendors offer similar features, which is why SNMP monitoring still remains common today.

You can get familiar with the software on a 30-day free trial.

SNMP Architecture – A Network Monitoring Essential 

Although SNMP isn’t perfect, it remains one of the most widely used network monitoring protocols today. Being able to load up a network monitoring platform and view network performance in real-time is only possible because of protocols like SNMP.

The basic SNMP architecture and client-server model ensures that you have all the information you need to catch performance and security events (depending on the capabilities of the monitoring software you use). Picking the right SNMP monitoring software will give you the best ability to monitor your network with SNMP.

Leave a Reply