Simple Network Management Protocol (SNMP) is an IP application layer protocol that has become the standard for the exchange of management information between network devices. SNMP, which was initially described in RFC 1157, is a simple solution that requires little code to implement and allows vendors to build SNMP agents on their products.
SNMP runs over User Datagram Protocol (UDP) and therefore does not inherently provide for sequencing and acknowledgment of packets, but it still reduces the amount of overhead used for management information.
SNMP Components
SNMP has three network-managed components:
- The managed devices: A managed device is a router or LAN switch or any other device that contains an SNMP agent. Managed devices collect and store management information and make this information available to the NMS. SNMP community strings (passwords) are configured on routers and switches to allow for SNMP management.
- The agent: The agent is the network management software that resides in the managed device. The agent gathers the information and puts it in SNMP format. It responds to the manager’s request for information and generates traps.
- The NMS: The NMS has applications that are used to monitor and configure managed devices. It is also known as the manager. The NMS provides the bulk of the processing resources used for network management. It polls agents on the network and correlates and displays the management information.
Figure 5-3 shows the relationship between these components.
Figure 5-3 SNMP Components
Network Management Design Considerations
Network routers and switches need to be monitored and managed remotely. Network architects must keep in mind several design considerations for NMS systems and solutions.
In-Band Versus Out-of-Band Network Management
A network architect should define VLANs and reserve IP address subnets for network management. These addresses are used to allocate network management IPs for routers, switches, and firewalls. For in-band network management, the IP subnet used is part of the internal routing domain and is trunked like any other VLAN in the network. One common solution is to use a loopback address for network management, separate from the loopback address used for routing. An in-band solution is not segmented from the primary traffic and address bandwidth usage. One possible way to segment the management traffic is to use a dedicated management VRF and assign the management interface of network devices to this VRF.
For an out-of-band (OOB) management solution, a separate network is built for access devices via the OOB or auxiliary ports of devices. Note that OOB network management should have separate credentials (for logging in to devices) and should not be used as a backup to the primary network that is being managed. The OOB management network does not use bandwidth of the primary network; a separate infrastructure has to be built. OOB networks can grant and revoke access privileges and be configured to allow only SSH, NTP, FTP, and SNMP protocols.
Network Management Traffic Prioritization
Although network management traffic may not be considered as critical as voice and video traffic, it does merit some prioritization. In Cisco QoS classification and marking recommendations, network management traffic is given a Layer 3 classification of CS1 PHB (DSCP 16) or Layer 2 CoS of 2.