Support

Support for business applications

Kaspersky SD-WAN

Monitoring solution components

SNMP protocol

Kaspersky SD-WAN
Online Help
FAQ Forum Contact support Recovery tools

SNMP protocol

April 9, 2024

ID 256976

Get as PDF

You can use SNMP to collect monitoring data for equipment that does not support installing Zabbix agents. In this case, instead of the Zabbix agent, a special software entity called an SNMP agent is installed. It continuously monitors the equipment, gathering basic information about status, performance indicators, and configuration. The gathered information is then transferred to the SNMP manager, which is a centralized system that processes the received monitoring data. In Kaspersky SD-WAN, the Zabbix proxy server acts as the SNMP manager.

The SNMP protocol operates at the TCP/IP application layer (the seventh layer of the OSI model). The SNMP manager and SNMP agents exchange requests and notifications. In both cases these are standard messages. The difference lies in the direction in which the message is sent, as well as its function.

When the SNMP manager sends a message to the SNMP agent, it is used to obtain monitoring data and is called a request. By default, SNMP agents receive requests from the SNMP manager on port 161. However, the manager can send requests through any available port. The response arrives on the same port from which the request was sent.

On the other hand, if the SNMP agent sends a message to the SNMP manager, it is used to provide monitoring data and is called a notification. By default, the SNMP manager receives notifications from SNMP agents on port 162. However, agents can send notifications through any available port. Two types of notifications exist:

  • Traps are notifications with information about certain events that the SNMP agent sends without a prior request from the SNMP manager. When a specified event occurs, such as a shutdown of equipment or one of its network interfaces, the SNMP agent generates a trap and sends it to the SNMP manager as a UPD message. Traps let the equipment automatically inform the SNMP manager about important events without waiting for a request.
  • Inform requests are notifications similar to traps, which differ in that they require additional confirmation from the SNMP manager. When the SNMP agent sends an inform request to the SNMP manager, the agent waits to receive an acknowledgment. If the SNMP manager successfully receives and processes the inform request, it sends an acknowledgment message to the SNMP agent. The acknowledgement mechanism allows you to ensure the reliability of delivery of notifications.

When using the TLS or DTLS protocol, traps arrive on port 10162 of the SNMP manager, and information requests arrive on port 10161.

In the case of SNMP, all basic protocol data units (PDUs) have the same structure (see figure below). The IP header and UDP header are used for encapsulation and are not actually part of the protocol data unit.

The diagram shows the 7 parts of the protocol data unit: IP and UDP headers, version, password (community), PDU type, request ID, error status and index, and associated variables.

SNMP Protocol Data Unit diagram

In this section

Configuring the connection of the SNMP manager to SNMP agents

Creating a trap

Editing a trap

Deleting a trap

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.