Geeks speak about network monitoring a lot here at SolarWinds. And, in speaking geekily, we toss around a bunch of acronyms that have become so commonplace, as acronyms, that it's easy to assume that everyone know just what we're all getting so geeky about.


I want to take a step back and review some of the basics, just so we all know that network monitoring, though it can be pretty amazing, certainly doesn't happen by magic. Let's review a few basic concepts.


What so simple about the Simple Network Monitoring Protocol?

Most network monitoring and network management tools use the Simple Network Monitoring Protocol (SNMP) to get network monitoring done. There are other protocols (i.e. ICMP and WMI in particular) but SNMP is the big man on the network. Andy McBride has already told us a bit about SNMP and, specifically, the security of SNMPv3 in a previous post. I'd like to talk a bit more generally about what SNMP does, uh, simply: namely, network monitoring.

SNMP‑enabled network devices, including routers, switches, and PCs, host SNMP agents that maintain a virtual database of system status and performance information that is tied to specific Object Identifiers (OIDs). Each object refers to a specific piece of quantifiable data. This data can come in the form of counter readings, text-mapped numerical values, or strings, and this is the data that you really want, if network monitoring is your game.

Call in the MIB

These object identifiers, this virtual database of OIDs, has been standardized into what we call a Management Information Base (MIB). In other words, the MIB is the formal description of a set of objects that can be managed using SNMP. Each MIB object stores a value such as sysUpTime, bandwidth utilization, or sysContact that can be polled to provide current performance data for any selected device. For example, when polling your network for performance data, your network monitor sends an SNMP GET request to each network device to poll the specified MIB objects. Received responses can then be recorded and presented. SolarWinds Orion network management software, for example, store this information in a database and then publish it in Orion Web Console resources.

How about a simple example?

Think about your network as a classroom of kids. They've all got specific object identifiers with associated pieces of data. OIDs in a classroom would be things like first and last names, the row and column of the seats to which they've each been assigned, and each of their different assessments (i.e. quizzes, tests, and homework) they've been given. Each of these classroom kid-OIDs has a specific value that can be reported or manipulated, as in the determination of a test average or course grade. Your gradebook for this class is then both the MIB, defining all that is worth knowing about your classroom of kids, and a network monitor, recording and computing all that is worth knowing about your classroom of kids.

So, it is pretty simple: most anything worth knowing about any device on your network can either be represented as a single piece of OID-referenced data or be manipulated with other, similar pieces of OID-referenced data, to produce even more useful data. In a future post I'll discuss what you can do with all this simple data you didn't know you had.

For more information about SNMP, see the technical reference, "New to Networking Volume 4 - Introduction to SNMP".