Lead Image © lightwise, 123RF.com

Lead Image © lightwise, 123RF.com

Monitor your network infrastructure with SNMP

Clear View

Article from ADMIN 26/2015
By
If you don't have the staff to monitor your network in real time, SNMP and a couple of scripts are all it takes to keep track of your device jungle.

Routers, switches, servers, printers – data networks contain many complex components, and if you want to manage them with the least possible organizational and financial overhead, all you need is a Raspberry Pi and the Simple Network Management Protocol (SNMP). The latter can be used to query values such as data throughput and CPU load temperature of the device, or even to reconfigure the system.

SNMP is the successor to the Simple Gateway Management Protocol (SGMP). Its specification was approved by the Internet Engineering Task Force (IETF) in 1990, and it has seen several revisions since then. The current version is version 3. In contrast to its predecessors, SNMPv3 supports encrypted communication and secure authentication; however, many devices you can purchase today still only support SNMPv1 or SNMPv2.

Protocol Brief

SNMP uses UDP port 161 by default. Communications rely on agents and managers; the agents run on the individual devices and wait for queries or instructions from the managers. There are also SNMP traps, which cause the device to push a message to a manager when specific events occur. The message typically reaches the manager on port 162.

SNMP reads values from various network components known as managed objects. A managed object can be the status of a network interface, CPU, or device memory. To establish a standard here, the SNMP Management Information Base (MIB) was developed. The properties of many managed objects are described in the MIB tree structure. The descriptions contain the name, or OID (object identifier), and the permissible data types for an object. The OID can be numeric or humanly readable; for example, iso.org.dod.internet.mgmt and 1.3.6.1.2 refer to the same object, and they can be used as equivalents in queries.

SNMPv1 and SNMPv2 use what are known as "communities" to establish connections that are trusted by managers and agents. To allow this to happen, community names exist for Read-only , Read-write , and Trap . The community names replace passwords; however, because they are transferred in the clear, an attacker can quite easily sniff them.

Various activities can be handled using community names. With the Read-only community string, which most manufacturers default to public, you can only query data from a device. The Read-write community string, which is typically set to private for most devices in the as-delivered state, also lets you make changes to the device. For example, you can set counters or change the router configuration. Finally, the Trap community string is only needed so that managers can accept trap messages from the agents.

The two latter community strings are not often seen on devices for end users. However, SNMPv3, which encrypts the entire communication and forces participants to authenticate at regular intervals, is even less common.

The Scenario

I will be referring in this article to the example of a complex of buildings whose users sporadically complain about slow Internet connections. It should be possible to query some device values with the Net-SNMP tools [1] and log anything suspicious. On this basis, I can collect information about what is happening on the network and make decisions for improving the infrastructure.

Hochlland [2] is an educational institution in Potsdam, Germany, comprising three multistory buildings regularly visited by school classes and education groups. The three buildings share an Internet connection and are connected by wireless and cable links of various quality. WLAN service for guests is currently provided by eight access points (APs), although there are plans to increase this number to 14 when the network is next expanded.

The educational institute pursues a policy of self-organization, which means that the groups use the buildings totally autonomously. Staff is not always on site, so problems with what is typically a stable Internet connection are difficult to understand in retrospect. Many groups arrive and leave on their own – and it can occasionally happen that an access point leaves with them. Additionally, some neighbors have discovered the access credentials of the semi-public house and like to make extensive use of the network. The idea is also to make this kind of access more difficult.

Preparations

To identify problems that occur in good time, I installed a Raspberry Pi as a monitoring system in the building. Its job is to monitor the devices, query additional values in case of selected events, and, if needed, notify staff. The Rasp Pi runs the Darkbasic Raspbian minimal image [3]; I added the Raspberry Pi package sources (Listing 1, lines 1 through 3); updated (lines 4 and 5); installed the required applications (line 6), in particular from the packages snmp and snmp-mibs-downloader ; and performed a firmware update (lines 7-9).

Listing 1

Installing and Updating Packages

01 $ sudo echo "deb http://archive.raspberrypi.org/debian wheezy main" >> \
   /etc/apt/sources.list
02 $ sudo wget http://archive.raspberrypi.org/debian/raspberrypi.gpg.key \
   -O raspberrypi.gpg.key
03 $ sudo apt-key add raspberrypi.gpg.key
04 $ sudo apt-get update
05 $ sudo apt-get upgrade
06 $ sudo apt-get install vim vim-runtime aria2 ntpdate anacron msmtp-mta \
   bsd-mailx raspi-config less screen snmp snmp-mibs-downloader
07 $ sudo curl -L --output /usr/bin/rpi-update \
   https://raw.githubusercontent.com/Hexxeh/rpi-update/master/rpi-update && \
   chmod +x /usr/bin/rpi-update
08 $ sudo rpi-update
09 $ sudo reboot

I enabled SNMP agents on all the access points used here with DD-WRT [4] (Figure 1) or Ubiquiti airOS [5] (Figure 2). The existing WLAN zoo does not lend itself to a standardized solution, and I needed to set static routes on some routers and the Rasp Pi to allow the nanocomputer to reach all the devices. Listing 2 shows how to set routes statically with route. Once everything is working, you can add the corresponding entries below the matching network interface in the /etc/network/interfaces configuration file to avoid losing them when you reboot (Listing 3).

Listing 3

Additions to /etc/network/interfaces

# /etc/network/interfaces
up route add -net 192.168.100.0/24 gw 192.168.2.2 dev eth0
up route add -net 192.168.13.0/24 gw 192.168.2.2 dev eth0

Listing 2

Set Routes

$ sudo route add -net 192.168.100.0/24 gw 192.168.2.2
$ sudo route add -net 192.168.13.0/24 gw 192.168.2.2
Figure 1: The SNMP agent in the free router firmware DD-WRT is quickly enabled and accepts read and write access.
Figure 2: Many commercially available network devices come with an SNMP agent.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Implement your own MIBs with Python
    Measured values and status information can be collected and retrieved, messages received, and configurations changed remotely by SNMP, but if you want to do this for your own hardware or software, you need your own Management Information Base module.
  • Storage monitoring with Grafana
    Create intuitive and meaningful visualizations of storage performance values with a "TIG" stack: Telegraf, InfluxDB, and Grafana.
  • Understanding Autodiscovery

    A lack of information about your infrastructure can result in faulty system configuration and other difficulties. Automatic discovery of all hosts and services would seem to be the best solution – but can it also prove itself in practice?

  • How to query sensors for helpful metrics
    Discover the sensors that already exist on your systems, learn how to query their information, and add them to your metrics dashboard.
  • Improved visibility on the network
    OpenNMS collects and visualizes flows so you can discover which network devices communicate with each other and the volume of data transferred.
comments powered by Disqus