- SNMP Traps Definition
What is an SNMP trap? An SNMP trap is a type of SNMP protocol data unit (PDU). Unlike other PDU types, with an SNMP trap, an agent can send an unrequested message to the manager to notify about an important event.
-
How do SNMP traps work vs. SNMP?
Simple Network Management Protocol (SNMP) is a widely used protocol in network monitoring. A network monitoring strategy using SNMP consists of four key components:
- A group of one or more administrative machines known as managers.
- Devices monitored or managed using SNMP, known as managed devices. Generally, managed devices are components in an IT network, such as modems, switches, hubs, routers, etc.
- SNMP agent, a software module running on managed devices.
- An SNMP software system running on SNMP manager known as network management system (NMS).
An agent is aware of its managed device’s management information and converts this information into an SNMP-supported form and exposes information in the form of variables.
Usually, a manager requests an agent for information by sending an SNMP-supported request in the form of PDUs to retrieve and change specific variables or to find variables and corresponding values available.
However, an SNMP trap is a special type of PDU, through which an agent sends an unrequested message or notification to the manager about critical events regarding objects in the managed device.
-
Types of SNMP traps
SNMP traps are generally categorized into two types:
- Generic (or Standard) traps
- Enterprise-specific traps
Generic traps: These are six standard traps defined in RFC 1215 of Internet Engineering Task Force: coldStart, warmStart, linkDown, linkUp, authenticationFailure, and egpNeighborLoss.
Enterprise-specific traps: These are custom traps defined to send information about various objects in a managed device. Usually, manufacturers or IT vendors define enterprise-specific traps to enable information sending about specific objects in their devices.
SNMP network management system relies on a management information database (MIB) to understand trap messages. That is, the MIB stores information about various objects in an object identifier (OID) format. The network management system cannot recognize a trap if a relevant OID is not defined in the MIB. Hence, it’s crucial to ensure relevant OID information is available in the MIB when relying on enterprise-specific traps.
If you want to implement your organization’s own traps, you can set up experimental MIBs and define experiment-specific traps.
-
What is SNMP trap management?
For the manager to receive SNMP trap messages, you should first enable SNMP in the managed devices. While many devices support SNMP out of the box, it depends on the IT vendor or the manufacturer from whom you procured the devices. Accordingly, you may need to explicitly enable SNMP once you set up a specific device in your organization’s IT network.
In some cases, an IT vendor might only support one version of the SNMP or the other. For example, SNMPv1 and SNMPv2c use different message formats and protocols from each other. You have to use proxy agents and bilingual network management systems to overcome this incompatibility.
You should consider these scenarios and enable SNMP on managed devices. Then you should configure the device to send SNMP trap messages to the manager and ensure the device is aware of when it should send SNMP trap messages. Only then the agent on the device can send SNMP traps.
Since SNMP is a standard networking protocol, many implement SNMP-support in their devices and rely on SNMP traps for efficient network management. SNMP traps contain valuable information about the objects in managed devices, so your network management system should be able to collect SNMP traps and enable you to analyze them.
Some network monitoring and log analysis tools also support SNMP. Using them, you can set up SNMP trap management and integrate SNMP trap data into your broader network monitoring strategy.
- Benefits of SNMP traps
Consider a scenario in which a manager is responsible for a vast number of devices in your organization’s IT network, and each device monitored under the manager comprises many objects. It can become almost impossible or overwhelming for the manager to request management information for every object in all the devices for discovery and topology changes. Also, sending requests in this way can have a significant impact on the network performance.
An SNMP trap message addresses this by enabling an agent to send an unrequested update about a significant event in a device’s object. This approach saves network resources as well as avoids negatively impacting agent performance.
- Importance of monitoring SNMP traps
SNMP messages depend on User Datagram Protocol (UDP) for network transportation. However, UDP can be unreliable, and unlike TCP, it doesn’t acknowledge packet delivery.
So, if an agent sends a trap about a critical event, it may not reach the network management system. This can lead to a failure in collecting the most up-to-date information and can result in unforeseen issues or costly problem remediation delays in your organization’s IT environment.
However, by using a monitoring tool to process SNMP traps for a large number of network devices in a central location, you can more easily collect, identify, and have alerts sent based on the large number of incoming SNMP trap data received.
What is important difference between request response message and a trap message in SNMP?
(1) Overhead: Request-response has more overhead because each piece of information received by the manager requires two messages: the poll and the re- sponse. Trapping generates only a single message to the sender.
An SNMP trap message is an unsolicited message sent from an agent to the the manager. The objective of this message is to allow the remote devices to alert the manager in case an important event happens. In other words, traps don't need a status request from the master.
Although the original purpose of the Simple Network Management Protocol (SNMP) was to let network administrators remotely manage an Internet system, the design of SNMP lets network administrators manage applications and systems.
An SNMP agent is a process that runs on a system being managed and maintains the MIB database for the system. An SNMP manager is an application that generates requests for MIB information and processes the responses. The manager and agent communicate using the Simple Network Management Protocol.