What is it?

Simple Network Management Protocol (SNMP) is an application layer protocol of TCP/IP protocol cluster.

The term

  1. NMS A network management system. A network management system can be a server or an application program that manages a network device
  2. Agent
  3. MIB
  4. OID

SNMP history

Developed in 1988 and adopted by the Internet Architecture Board (IAB) as a short-term network management solution; Due to the simplicity of SNMP, it has developed vigorously in the Internet era. In 1992, SNMPv2 version was released to enhance the security and function of SNMPv1. Now, there is an SNMPv3 version.


SNMPv1 provides minimal network management functions and uses community name authentication.

!!!!! A community name acts like a password to restrict the NMS from accessing the Agent.Copy the code

If the community name carried by an SNMP packet is not recognized by the NMS/Agent, the packet is discarded.

SNMPV1 is a simple request/response protocol. The network management system issues a request, and the manager returns a response. This behavior is achieved by using one of the four protocol operations. The four operations are

  • The GET. Get one or more object (instance) values from the SNMP agent. If the agent cannot supply all of the values in the request list, it does not supply any.
  • GETNEXT. The NMS uses the GETNEXT operation request agent to fetch the next object value from the list of requests or objects
  • The SET. The NMS sends a command to the SNMP agent through the SET operation to reconfigure the object value
  • The TRAP. The SNMP agent uses TRAP operations to irregularly notify the NMS of specific events. SNMP is an application protocol.


In addition to being compatible with SNMPv1, it also expands the functions of SNMPv1:

  • More types of operations (GetBulk- bulk fetch operations, etc.); . The NMS effectively obtains large pieces of data, such as multiple rows in an object list, through the GET BULK operation. How much data is requested GETBULK returns a reply message containing as much requested data as possible. The INFORM operation enables one NMS to send a TRAP to another NMS and receive a reply. In SNMPV2, if the SNMP agent that replies to GET BULK cannot provide all variable values in the request table, the SNMP agent only provides partial results.
  • Support for more data types (Counter32, etc.)
  • Richer error code is provided to distinguish errors in greater detail.
  • Enhanced. For example, TRAP operation in SNMPV2 not only has the same function as TRAP in SNMPV1, but also adopts a different message format, which is used to replace TRAP in SNMPV1.


SNMPv3 is mainly enhanced in terms of security. It adopts a new model:

  • USM (User-based Security Control Model)
  • VACM (View-based Access Control Model) technology.

USM provides authentication and encryption. VACM determines whether and how users are allowed to access specific MIB objects.

SNMP composition

A complete SNMP system includes management information Base (MIB), management Information Structure (SMI) and SNMP message protocol.

Management information base MIB

Each managed resource is represented as an object. The MIB is a collection of managed objects. It defines a set of properties of the managed object:

  • Object name
  • Object access permissions
  • Object data type

Each SNMP device (Agent) has its own MIB.

The names used for variables in the MIB files are taken from the ISO and ITU-managed Object Identifiers namespace. It is a hierarchical tree structure. As shown in Figure 2, level 1 has three nodes: CCITT, ISO, and ISO-CCITT. Low-level object ids are assigned by the relevant organizations. The identifier of a particular object can be obtained from the path from the root to the object. For common network devices, choose the object under the ISO node. For example, a MIB variable named ipInReceives under a namespace IP node is assigned a numeric value of 3, so the variable’s name is:
Copy the code

The corresponding numeric representation (object identifier OID, which uniquely identifies an MIB object) is:
Copy the code

When MIB variables are used in packets by the network management protocol, a suffix is added to each variable name to serve as an instance of the variable. For example, the number of instances in ipInReceives is

Note that the OID of some managed objects in the MIB needs to be determined dynamically, for example, the IP routing table. To specify the next hop at, we can refer to the following example: ipRouteTable. IpRouteEntry. IpRouteNextHop, the corresponding number is expressed as:

Management Information Structure (SMI)

SMI defines the organization, composition, and identity of information used by the SNMP framework. It also lays the foundation for describing how MIB objects and description protocols exchange information.

Data types defined by SMI:

  1. Simple type

Integer: the Integer is a signed Integer ranging from -2,147,483,648 to 2,147,483,647

Octet STRING: The string is an ordered sequence of 0 to 65535 bytes

OBJECT IDENTIFIER: From the set of OBJECT identifiers assigned according to ASN.1 rules

  1. Simple -constructed type

SEQUENCE is used for lists. This data type is similar to “structure” in most programming languages. A SEQUENCE contains zero or more elements, each of which is another ASN.1 data type

SEQUENCE OF Type is used for tables. This data type is similar to “array” in most programming languages. A table contains zero or more elements, each of which is another ASN.1 data type.

  1. Application type (application-wide)

IpAddress: indicates the IP address in network order. Because it is a 32-bit value, it is defined as 4 bytes;

Counter: A counter is a non-negative integer that increments to a maximum and then returns to zero. The counter defined in SNMPv1 is 32-bit, that is, the maximum value is 4,294,967,295.

Gauge: Is also a non-negative integer. It can increase or decrease, but remains at its maximum value, 232-1. Time ticks: is a unit of time. It represents the time in 0.01 seconds.

SNMP message

The SNMP packet structure is as follows:

Version + community name + PROTOCOL data unit PDUCopy the code

SNMP has five types of packets, so its PDU also has five types.

  1. SNMP five protocol data units

SNMP defines five message types: get-request, get-Response, get-next-request, set-request, and Trap.

(1) Get-request, get-next-request and get-response

The SNMP Manager uses get-Request messages to retrieve information from network devices that have SNMP agents, and the SNMP agent responds with get-Response messages. Get-next-request is used in combination with get-Request to query column elements in a specific table object.


The SNMP management station uses set-request to remotely configure network devices, including device names, device attributes, device deletion, or device attributes.


The SNMP agent uses Trap to send non-request messages to the SNMP management station. Trap messages are generally used to describe the occurrence of an event, such as the interface UP or DOWN or the IP address change.

Get-request, get-next-Request, and set-request messages are sent by the MANAGEMENT station to port 161 on the agent side. The latter two types of Get-response and Trap are sent by the agent process to the management process. Trap messages are sent to port 162 of the management process, and all data is encapsulated through UDP. SNMP workflow is shown in Figure 2:

The following figure shows the SNMP packet formats of the five operations encapsulated in UDP datagrams. An SNMP packet consists of three parts: the common SNMP header, GET /set header, trap header, and variable binding.

(1) There are three fields in the common SNMP header: version. The version field is written to the version number minus 1. For SNMP (SNMPV1), 0 should be written. Community. The community is a string that acts as a plain-text password between the administrative process and the agent process. The 6-character “public” is commonly used. PDU type. According to the PDU type, a number from 0 to 4 is filled in. The corresponding relationship is shown in Table 2.

Table 2 PDU types

PDU Type Name 0 get-request 1 get-next-request 2 get-Response 3 set-request 4 TrapCopy the code

(2) Get /set header

Request ID This is an integer value set by the admin process. The proxy process also returns this request identifier when it sends a GET-response message. The management process can send GET packets to many agents at the same time. These packets are transmitted using UDP and may arrive later. The request identifier is set to enable the administrative process to identify which response message is returned for

Error Status

Fill in a number from 0 to 5 when answered by the agent process

Error Status Name Description 0 noError Everything ok 1 tooBig agent failed to load the answer into an SNMP message 2 noSuchName indicates a non-existent variable 3 badValue A set indicates an invalid value or syntax 4 ReadOnly The admin process attempted to modify a read-only variable 5 genErr some other errorCopy the code

The trap first

Enterprise Object IDENTIFIER of the network device that fills the trap message. This object identifier must be one of the subtrees below the Enterprise node {} on the object naming tree in Figure 3.

Address of the agent

That is, the address of the system where the agent process resides.

The trap types

The formal name for this field is generic-trap, and there are seven types in Table 4.

The trap types The name instructions
0 coldStart The agent is initialized
1 warmStart The agent has been reinitialized
2 linkDown An interface changed from working to faulty. Procedure
3 linkUp An interface changed from faulty to working. Procedure
4 authenticationFailure Description An invalid community packet was received from the SNMP management process
5 egpNeighborLoss An ADJACENT EGP router becomes faulty. Procedure
6 enterpriseSpecific Agent custom events that need to be indicated by “specific code” below

Specific code

The specific code is valid only when the trap type is 6. Otherwise, it is set to 0. It is the manufacturer’s custom event code.

Timestamp indicates the time elapsed from the initiation of the agent process to the occurrence of the event reported by the trap. The unit is 10ms. For example, a timestamp of 1908 indicates that the time occurred 1908ms after the agent was initialized.

Manage the representation of variables

A management variable is the value of a managed object type at a certain point in time. SNMP uses a management variable as an operation object.

The representation of administrative variables is specified as x.y, where

  • X is the object identifer of the managed object
  • . Y is a set of numbers that uniquely determine the value of an object type, 0 in non-phenotypic variables, where it is the index of the table, such as the interface number in an interface table, or the destination network address in a routing table, and so on

Such as: The MIB defines ipAdEntNetMask. Its object Identifier is An instance of ipAdEntNetMask is the subnet mask of a row in the routing table. If the index and destination network address of this row are Is the variable name is: For convenience, the set of numbers that uniquely identify the management variable, the y in x.y, is referred to as an instance in future instructions.

SNMP running process

The AGENT on the managed device receives the serialized packet from the NMS through UDP port 161. After decoding, community name verification, and analysis, the AGENT obtains the node corresponding to the management variable in the MIB tree, obtains the value of the management variable from the corresponding module, and forms a response packet, which is encoded and sent to the NMS. After receiving the response packet, the NMS performs the same process and displays the final result.

  1. Decode Generates packets represented by internal data structures according to asN.1 basic encoding rules.
  2. If the version in the packet is different from the SNMP version supported by the Agent, the Agent discards the packet without further processing.
  3. Fetch the community name from the packet. The community name is filled in by the network management station that sends the request. If the packet does not match the recognized community name, the device discards the packet without further processing and generates a trap packet.
  4. The protocol data unit PDU is proposed from the authenticated ASN.1 object. If the PDU fails, the packet is discarded without further processing. Otherwise, a PDU is generated. The destination address of the packet must be the same as the source address of the received packet.

1.1 GetRequest PDU

If the variable name in the PDU does not exist in the locally maintained MIB tree, the protocol entity receiving the PDU will send a GetResponse message to the sender with only one difference from the source PDU: Set error-status to noSuchName and indicate in error-index where in the LIST of variables the variable was generated.

If the length of the response message generated by the local protocol entity is greater than the local length limit, a GetResponse message will be sent to the sender of this PDU. The PDU is the same as the source PDU except that error-status is set to tooBig and error-index is set to 0.

If the local protocol entity fails to generate a correct response message for other reasons, a GetResponse message will be sent to the sender of this PDU. This PDU is the same as the source PDU except that error-status is set to genErr and error-index is set to the position of the ERROR variable in the variable LIST.

If none of the above conditions occurs, the local protocol entity sends a GetResponse message to the PDU sender, which will contain the dual table of variable names and corresponding values, error-status is noError, error-index is 0, The request-ID field value must be the same as the request-ID of the RECEIVED PDU.

1.2 GetNextRequest PDU

The most important function of GetNextRequest PDU is traversal of the table. This operation is supported by the previously mentioned management variable representation method, so that a set of related variables can be accessed as if they were in a table.

Assume that the NMS wants to obtain information about the routing table whose index is the destination network address. Managed devices maintain the following routing table:

Destination NextHop Metric 5 3 5
Copy the code

The NMS sends a GetNextRequest PDU to the managed device, where the managed object identifier is as follows

GetNextRequest ( ipRouteDest, ipRouteNextHop, ipRouteMetric1 )
Copy the code

The SNMP agent responds to the following GetResponse PDU:

GetResponse ((ipRouteDest. = ""), (ipRouteNextHop. = ""), (ipRouteMetric1. = 3))Copy the code

NMS continues:

GetNextRequest (ipRouteDest., ipRouteNextHop., ipRouteMetric1. the code

Respond to the agent:

GetResponse ((ipRouteDest. = ""), (ipRouteNextHop. = ""), (ipRouteMetric1. = 5))Copy the code

It is worth noting that the agent must be able to determine the next management variable name to ensure that all variables can be fetched only once. NMS continues:

GetNextRequest (ipRouteDest, ipRouteNextHop, ipRouteMetric1. the code

Respond to the agent:

GetResponse ((ipRouteDest. = ""), (ipRouteNextHop. = ""), (ipRouteMetric1. = 5))Copy the code

NMS continue

GetNextRequest (ipRouteDest, ipRouteNextHop, ipRouteMetric1. the code

Because all rows in the routing table are fetched, the Agent returns the next dictionary successor of the routing table object, which is the direct successor of the sequential traversal of the managed object in the MIB tree. This should be nettoMediaIndex, the OBJECT IDENTIFIER of the managed OBJECT. This response notifies the NMS that traversal of the table is complete.

1.3 the method GetResponse PDU

GetResponse PDU is generated by the protocol entity only when getRequest GetNextRequest is received. The NMS shall display the result after receiving this PDU.

1.4 SetRequest PDU

SetRequest PDU is the same as GetRequest except for the PDU type identifier. When the managed variable needs to be written, the protocol entity on the NMS side will generate this PDU. Responses to SetRequest will be handled separately according to:

If it is a request for setting a read-only variable, the protocol entity receiving the PDU generates a GetReponse message with error Status set to noSuchName and error index being the position of the error variable in the list of variables.

If the value of variable duality in the PDU received by the protocol entity on the managed device is inconsistent with the required type and length, the protocol entity that receives the PDU generates a GetReponse message. The error status is set to badValue. The value of error index is the position of the error variable in the list of variables.

If the length of GetReponse packets to be generated exceeds the local limit, the protocol entity that receives the PDU generates a GetReponse packet with error Status set to tooBig and error index set to 0.

If the SET fails due to other reasons, the protocol entity receiving the PDU generates a GetReponse message with error Status SET to genErr and error index SET to the position of the error variable in the variable list.

If none of the above conditions is met, the Agent will set the management variable to the corresponding value in the received PDU, which can often change the running status of the managed device. At the same time, a GetResponse PDU is generated, where error Status is set to noError and error index value is 0.

1.5 the Trap pdus

A Trap PDU has the following forms

OBJECT IDENTIFIER Of the system that generates traps IP address of the system Common type Dual list of timestamp variables of a specific typeCopy the code

A Trap is a message that a managed device proactively sends to the NMS when an emergency occurs. After receiving a Trap PDU, the NMS displays the contents of the dual table of variables. Common trap types include hot or cold start, and link status changes.