WEBVTT 0:00:02.940000 --> 0:00:07.320000 Hello and welcome to this video titled Introduction to SNMP. 0:00:07.320000 --> 0:00:11.500000 In this video I'm going to talk about the fundamentals of network management 0:00:11.500000 --> 0:00:16.920000 and how SNMP falls into that category and give you a real high level overview 0:00:16.920000 --> 0:00:22.160000 of SNMP. So let's talk about network management. 0:00:22.160000 --> 0:00:26.000000 If you're new to the world of network engineering or network operations 0:00:26.000000 --> 0:00:30.500000 you may have no idea of what network management is, why it's important, 0:00:30.500000 --> 0:00:31.560000 or how it's done. 0:00:31.560000 --> 0:00:34.880000 So let's just real quickly cover those baselines right here. 0:00:34.880000 --> 0:00:39.500000 So companies that have, that are mid to large size company as this says, 0:00:39.500000 --> 0:00:42.740000 could be composed of hundreds of different network devices. 0:00:42.740000 --> 0:00:46.720000 You could have dozens of switches, dozens of routers, firewalls scattered 0:00:46.720000 --> 0:00:49.620000 all over here. And that's just your networking devices. 0:00:49.620000 --> 0:00:52.860000 That's not to mention other things that might need to be monitored like 0:00:52.860000 --> 0:00:56.600000 printers and end systems like hosts and servers. 0:00:56.600000 --> 0:01:00.180000 And all of these devices that you have in your network you want to monitor 0:01:00.180000 --> 0:01:03.740000 them. Now what types of things are you looking for when you're monitoring 0:01:03.740000 --> 0:01:07.640000 these devices? A lot of things you're looking for environmental conditions. 0:01:07.640000 --> 0:01:11.140000 You want to know is a router switch starting to get too hot. 0:01:11.140000 --> 0:01:15.200000 There's actually messages that router switch can give you if environmentally 0:01:15.200000 --> 0:01:18.280000 it's getting too hot because the air conditioning has gone out in the 0:01:18.280000 --> 0:01:20.720000 lab. You want to know about that type of thing. 0:01:20.720000 --> 0:01:25.880000 Capacity warnings is our CPU on a particular device reaching 95 or 99 0:01:25.880000 --> 0:01:28.940000 % and that thing is about to crash and die. 0:01:28.940000 --> 0:01:32.800000 It'd be nice to know about that ahead of time through monitoring. 0:01:32.800000 --> 0:01:36.040000 Capacity forecasting and planning. 0:01:36.040000 --> 0:01:40.600000 It's good to know how our various interfaces are doing on our routers 0:01:40.600000 --> 0:01:45.340000 and switches. Are they operating consistently at around 10 to 20% of their 0:01:45.340000 --> 0:01:47.880000 maximum bandwidth threshold? 0:01:47.880000 --> 0:01:52.060000 Or are they operating more at like 85 or 90% which gives us a clue, oh, 0:01:52.060000 --> 0:01:55.180000 we should probably upgrade those modules or interfaces to something faster 0:01:55.180000 --> 0:01:59.260000 because we're going to start having some congestion problems. 0:01:59.260000 --> 0:02:00.640000 And infrastructure changes. 0:02:00.640000 --> 0:02:03.780000 Certainly as a network engineer or network operator you want to be aware 0:02:03.780000 --> 0:02:08.640000 of when an entire device crashes or when a link goes down or when a link 0:02:08.640000 --> 0:02:13.740000 flaps. So those are just various reasons and there's a lot more why network 0:02:13.740000 --> 0:02:18.400000 monitoring and network management is critical as a piece of operating 0:02:18.400000 --> 0:02:19.600000 a computer network. 0:02:19.600000 --> 0:02:24.320000 So there are network management protocols that streamline the process 0:02:24.320000 --> 0:02:29.160000 of gathering all this information and displaying it in a way that's human 0:02:29.160000 --> 0:02:31.020000 friendly and human readable. 0:02:31.020000 --> 0:02:38.320000 Now, there's three really common network management protocols, SNMP, NetFlow 0:02:38.320000 --> 0:02:41.800000 and system message logging or syslog. 0:02:41.800000 --> 0:02:45.380000 So in this section I'm just going to be talking about SNMP. 0:02:45.380000 --> 0:02:47.620000 So what is SNMP? 0:02:47.620000 --> 0:02:49.080000 Well, let's start with the acronym. 0:02:49.080000 --> 0:02:52.500000 Anytime you hear a new acronym the very first thing you should ask yourself 0:02:52.500000 --> 0:02:55.240000 is what does that acronym mean? 0:02:55.240000 --> 0:02:59.780000 SNMP stands for the simple network management protocol. 0:02:59.780000 --> 0:03:03.760000 So this resides at the application layer of the OSI model. 0:03:03.760000 --> 0:03:06.860000 So if you're familiar with the OSI model this resides way up there at 0:03:06.860000 --> 0:03:15.340000 layer seven. And it was first conceptualized in 1988 in RFC 1065. 0:03:15.340000 --> 0:03:20.220000 So if you actually open up that really old RFC that was the first time 0:03:20.220000 --> 0:03:24.380000 there was a proposal that said, hey, we recognize that there's a lot of 0:03:24.380000 --> 0:03:28.680000 different manufacturers out there of networking devices. 0:03:28.680000 --> 0:03:32.400000 Dozens of network people who create routers and switches and firewalls 0:03:32.400000 --> 0:03:38.560000 and everything. And we should create, there should be some way of creating 0:03:38.560000 --> 0:03:42.980000 a database that identifies commonalities on all these things. 0:03:42.980000 --> 0:03:45.900000 For example, all these things have interfaces. 0:03:45.900000 --> 0:03:48.300000 Well, what exactly is an interface? 0:03:48.300000 --> 0:03:51.460000 Let's have a common definition of what an interface is. 0:03:51.460000 --> 0:03:54.040000 All these things have buffers and CPUs. 0:03:54.040000 --> 0:03:58.720000 So if we can identify the common elements of all these devices, then we 0:03:58.720000 --> 0:04:03.040000 could come up with a protocol that could query these devices for those 0:04:03.040000 --> 0:04:07.740000 elements and get information back about how those common elements are 0:04:07.740000 --> 0:04:13.020000 doing. And that's sort of the conceptual idea behind RFC 1065. 0:04:13.020000 --> 0:04:19.340000 Now SNMP as a protocol is carried by the user data gram protocol UDP and 0:04:19.340000 --> 0:04:23.040000 it's carried on ports 161 and 162. 0:04:23.040000 --> 0:04:26.780000 Most of the time if you do wire shark sniffer captures of it, you'll see 0:04:26.780000 --> 0:04:31.080000 that port 161 is more predominant than 162. 0:04:31.080000 --> 0:04:35.200000 But it's technically reserved for both UDP port numbers. 0:04:35.200000 --> 0:04:38.340000 And there are three versions of SNMP. 0:04:38.340000 --> 0:04:42.840000 Clearly SNMP version one is the first one that came out, not used as much 0:04:42.840000 --> 0:04:48.500000 anymore. Currently, most people have standardized on SNMP version 2C, 0:04:48.500000 --> 0:04:52.340000 but there is another version of SNMP that came out quite a while ago. 0:04:52.340000 --> 0:04:57.500000 Just hasn't gained quite as much traction yet, which is SNMP version 3. 0:04:57.500000 --> 0:05:01.000000 And I'll talk in subsequent videos about what the differences are between 0:05:01.000000 --> 0:05:02.520000 all three of these. 0:05:02.520000 --> 0:05:05.080000 But that is our high-level overview of SNMP. 0:05:05.080000 --> 0:05:12.680000 It is a management protocol for a device such as a server to send another 0:05:12.680000 --> 0:05:16.780000 device like a router or a switch or a firewall, a message saying, hey, 0:05:16.780000 --> 0:05:19.520000 give me information about yourself. 0:05:19.520000 --> 0:05:22.320000 Give me information about your interface statistics. 0:05:22.320000 --> 0:05:24.560000 Give me information about your CPU. 0:05:24.560000 --> 0:05:26.800000 Give me information about your routing table. 0:05:26.800000 --> 0:05:30.960000 And then an SNMP message can come back containing that information. 0:05:30.960000 --> 0:05:35.020000 And then depending on the complexity of the SNMP server, it could be completely 0:05:35.020000 --> 0:05:39.180000 command line driven where everything is just in textual form. 0:05:39.180000 --> 0:05:42.500000 But most of the time when people are using SNMP, they actually got and 0:05:42.500000 --> 0:05:47.340000 purchase full-blown SNMP server applications for quite a bit of money 0:05:47.340000 --> 0:05:52.460000 that then display everything graphically with bar charts and graphs and 0:05:52.460000 --> 0:05:55.900000 pie charts and things of that nature so they can get a really good visualization 0:05:55.900000 --> 0:06:01.100000 of what their network is doing based on these SNMP interactions between 0:06:01.100000 --> 0:06:04.900000 their server and the various devices that they're monitoring or interacting 0:06:04.900000 --> 0:06:10.260000 with. So that concludes this overview of the Simple Network Management