Overview of SNMP, MIB and SMI

This post gives a basic overview of the Simple Network Management Protocol (SNMP) and also an overview of its related protocols MIB (Management Information Base) and SMI (Structure of Management Information).

SNMP is the most widely used and popular protocol for managing, monitoring and controlling of network devices like routers, switches over a public or private network. SNMP is not only a protocol, but a framework for controlling and monitor multiple network devices. SNMP, with two other closely related protocols, namely SMI and MIB, work in unison to achieve this.

Basic Theory of Operation

A wide range of network device parameters like system uptime, interface status, interface packet statistics, routing protocol statistics etc. are treated as different objects by SNMP. These objects are maintained by the server portion of SNMP software, known as SNMP agent, running on network devices like routers and switches. A SNMP client program known as the SNMP manager, runs on a remote machine and queries these objects, through SNMP Get requests, to know the status of the network device. Similarly, the manager can control some of the network device parameters by doing an SNMP Set request which is equivalent to a write operation ( e.g. to reset a router or shutting down an interface of a router). Apart from the manager sending SNMP GET/SET requests to the agent, the agent too can proactively notify the manager of critical/significant events on the network devices through SNMP TRAP messages. Thus, SNMP manages the device by reading and writing values to different SNMP objects, with each object representing a specific network parameter. This is the basic theory of operation of SNMP and is shown in the diagram given below:

Basic SNMP Architecture

Roles of protocols SMI, MIB and SNMP

While SNMP is the basic carrier protocol used on the network, for sending object Get and Set requests, a second protocol named as SMI is used to define the rules/framework for naming the objects, defining the permitted object types and also for specifying the object encoding method for transmission. A third protocol named as MIB, specifies the actual set of objects for different network device protocols/entities (e.g. System MIB, Interface MIB, IP MIB, TCP MIB, UDP MIB etc.). The MIB also specifies the type of each object used within a MIB file (it has to be one of the standard object types defined by SMI) and also the relationship between the different objects belonging to the same network protocol/entity.

The role of these three protocols is summarized in the diagram given below:

Role of SMI, MIB and SNMP protocols

A summarized description of each of these protocols is given below:

SMI

SMI protocol is basically used to standardize the different object attributes like object Identifiers, object type and encoding methods for objects.

• Object Identifiers: Each SNMP object has a unique object identifier. SMI permits object identifiers to be either in name form (e.g. iso.org.dod.internet.mgmt.mib-2) or in number form (e.g. 1.3.6,1,2,1). Note that both forms have a hierarchical structure.
• Object Types : As for object types, SMI defines both standard types like integer, octet string etc. and non-standard network specific types like IP address, Timeticks  etc.
• Object Encoding Method: SMI uses the Basic Encoding Rules (BER) method consisting of type/tag, length and value, to encode objects along with their values, for transmission inside SNMP packets.
• SMI does not specify the list of objects for a specific network protocol/entity nor does it specify the type of objects to be used for a specific network protocol. These aspects are taken care by MIB.

 MIB

MIBs enable representation of device parameters in a standard format.

 MIBs are nothing but the actual set of objects supported by a network device, for controlling and monitoring by the SNMP protocol.

These objects are classified and separately maintained in different MIB files. There would be a separate MIB file maintained by the SNMP agent on the network device, for each protocol/entity that can be managed by SNMP (e.g. System MIB, Chassis MIB, IP MIB, TCP MIB, UDP MIB, ICMP MIB, Interface MIB etc.).

MIBs are organized in a tree like structure and each MIB variable has a unique object ID

Each MIB file define three things, namely

• List of objects supported for a specific protocol/entity
• Type of each object
• Hierarchical relationship between all the objects of a given protocol/entity

For e.g. UDP MIB would contain objects like udpInDatagrams (denoting number of incoming UDP datagrams to the device), udpOutDatagrams (denoting number of outgoing UDP datagrams out of the device) etc. The UDP MIB would also specify the type of these objects (for e.g. udpInDatagrams and udpOutDatagrams could be of type Integer). The UDP MIB could also contain a UDP Table consisting of the set of all current UDP socket connections handled by the device at that instant of time. The entries in this table have a child relationship to the parent UDP table, which means that MIB files maintain a hierarchical relationship between the different objects pertaining to a specific network protocol/entity.

SNMP

• Is an application layer, client-server protocol, specifically designed for Network management/monitoring purposes
• Is MIB based and runs on top of the transport layer protocol UDP
• SNMP mainly supports GET and SET operations on a wide variety of device parameters/MIB objects
• Requires an SNMP agent component to be present in the network device that is to be managed
• A SNMP manager component runs on remote management stations to talk to SNMP agents
• A single manager usually monitors multiple network devices/agents
• Devices can be configured and monitored remotely as long as they have IP connectivity
• Get, Get-Next, Get-Response, Get-Bulk, SET, TRAP, INFORM  are some of the  standard methods supported by SNMP
• Traps enable agents to inform managers about important events like alarm triggering, interface down, routing table changes etc.
• Vendor specific extensions in the form of private MIBs makes SNMP customizable so that any new protocol/feature/parameter of a device can be managed through SNMP
• Recent versions of SNMP support security too, so that SNMP messages are sent in encrypted form using standard encryption techniques over the network.
• While a SNMP agent waits on the reserved UDP port 161 for receiving SNMP requests from SNMP managers, SNMP managers wait on the reserved UDP port 162, for receiving SNMP Trap messages from SNMP agents.

How does Email work?

This post gives a basic overview of the theory of operation of Electronic Mail (Email).

Email basically uses two types of protocols, namely a push protocol and a pull protocol, for enabling end computers/users to send and receive mails. While SMTP (Simple Mail Transfer Protocol) is the primary Mail Transfer Agent (MTA) protocol used for transferring (pushing) mails between end computers and mail servers, Mail Access Agent (MAA) protocols like POP3/IMAP are used for retrieving (pulling) incoming mails from the local mail servers.

In the case of web-based email, HTTP is used as the carrier protocol in the first and last segments of an email, by the sender for sending the mail to the local mail server and by the receiver to retrieve the mail from the receiver’s mail server.

Since email has to be delivered in a reliable manner by the network, all email carrier protocols use TCP as the underlying transport layer protocol.

The diagram given below illustrates the email path and the list of email carrier protocols used when two users named Alice and Bob exchange emails through the internet. While the red arrows show the path taken by mails sent from User Alice to User Bob, the blue arrows show the path taken by mails sent by User Bob to User Alice.

Protocols used in email transfer

As given in the above diagram,

• Sending of emails typically involves at least four computers, namely the sending computer, the sending computer’s local mail server, the receiving computer’s mail server and the receiving computer, with the network being the carrier.
• An email sent by an end user is first transferred to its local mail server, using SMTP (normally) or HTTP (in the case of web based mail alone) as the carrier protocol. The local mail server then transfers the mail to the recipients mail server, again using SMTP as the carrier protocol. The mail is then retrieved from the receiver’s mail server by the receiving computer through a pull protocol like POP3 or IMAP or HTTP (web based email alone). This is clearly illustrated in the above diagram by a red path (for mails sent from Alice to Bob) and by a blue path (for mails sent from Bob to Alice)
• User Agents (UAs): At the end computers (sender and receiver), entities known as UAs help the end user in sending and retrieving emails. Functions of UAs include providing GUI or command based interfaces to compose, forward, redirect and receive mails. The UAs interact with an MTA client protocol to transfer outgoing mails sent by the user to the local mail server and also interact with an MAA client protocol to retrieve the user’s incoming mail from the local mail server. Eudora, Outlook Express, elm, pine etc. are examples of UAs.
• Mail Servers : Since the end user computers cannot be online always, dedicated mail servers do the duty of sending and receiving mails for multiple end users, by remaining always on. Mail servers typically run both the client and the server instances of an MTA protocol like SMTP. While the MTA client instance protocol is used to send mails to remote mail servers, the MTA server instance protocol is used to receive mails from both end computers and from remote mail servers. Apart from this, mail servers run the server instance of a MAA protocol (like POP3/IMAP), to retrieve mails from the inbox of users and send it to the respective user’s computer, when requested through an MAA client instance protocol.
• SMTP is the primary MTA protocol used between mail servers and also between end clients and mail servers, for sending mails.
• SMTP is a
  • Is a simple text-based protocol that enables users to send emails
  • It is a push protocol because it is used to push an email from a sender to the receiver.
  • Is an application layer protocol running on top of TCP. SMTP server typically waits on TCP port number 25.
  • Though it supports sending mails only in ASCII format,  it allows extensions in the form of MIME (Multipurpose Internet Mail Extensions) for carrying a wide variety of data formats including binary, images, audio, video etc.
  • It is a text based, Request – Response, client server protocol, with simple messages like HELO, Mail From, RCTP TO, DATA etc. A sample SMTP session of an email is given in the diagram below:

An example SMTP session

As given in the diagram above, SMTP also supports sending emails to multiple recipients and also to mail aliases.

MAA protocols (POP3/IMAP) : The MAA protocols like POP3/IMAP are used in the last hop of an email for retrieving incoming mails by the end user from his/her local mail server. While both POP3 and IMAP are pull protocols, used for retrieving mails from the local mail server to the receiving computer’s Inbox, IMAP is a more powerful protocol than POP3. IMAP supports additional features like creation and management of multiple folders in the mail server, accessing mails from multiple end points etc.

Role of HTTP in email : Web based emails like yahoo, gmail use HTTP as the underlying protocol for sending outgoing email messages from the end computer to the local mail server and also for retrieving incoming mail messages from the local mail server to the end computer. However, HTTP is not used in the intermediate hops, for transferring emails between mail servers.  Only SMTP is used for transfer of mails between mail servers.