Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why is SNMP usually run over UDP and not TCP/IP?

Tags:

udp

snmp

This morning, there were big problems at work because an SNMP trap didn't "go through" because SNMP is run over UDP. I remember from the networking class in college that UDP isn't guaranteed delivery like TCP/IP. And Wikipedia says that SNMP can be run over TCP/IP, but UDP is more common.

I get that some of the advantages of UDP over TCP/IP are speed, broadcasting, and multicasting. But it seems to me that guaranteed delivery is more important for network monitoring than broadcasting ability. Particularly when there are serious high-security needs. One of my coworkers told me that UDP packets are the first to be dropped when traffic gets heavy. That is yet another reason to prefer TCP/IP over UDP for network monitoring (IMO).

So why does SNMP use UDP? I can't figure it out and can't find a good reason on Google either.

like image 253
EC0 Avatar asked Aug 25 '10 12:08

EC0


People also ask

Why SNMP uses UDP instead of TCP?

SNMP uses UDP as its transport protocol because it has no need for the overhead of TCP. "Reliability" is not required because each request generates a response. If the SNMP application does not receive a response, it simply re-issues the request.

Does SNMP run over TCP or UDP?

Typically, the SNMP protocol is implemented using the User Datagram Protocol (UDP). UDP is a connectionless protocol that works like the Transmission Control Protocol (TCP) but assumes that error-checking and recovery services are not required.

Can SNMP be implemented over TCP?

There are two types of protocols used in the Transport Layer (a sub-division of the IP layer): Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). SNMP can be implemented over both protocols via LAN. While SNMP over TCP port is possible, SNMP packets are typically sent over UDP.

Is SNMP TCP IP?

SNMP is a set of Internet Engineering Task Force (IETF) standards for network management, including a protocol, a database structure specification, a set of data objects, and controls for using the protocol. The SNMP protocol is based on the TCP/IP protocol.


1 Answers

UDP is actually expected to work better than TCP in lossy networks (or congested networks). TCP is far better at transferring large quantities of data, but when the network fails it's more likely that UDP will get through. (in fact, I recently did a study testing this and it found that SNMP over UDP succeeded far better than SNMP over TCP in lossy networks when the UDP timeout was set properly). Generally, TCP starts behaving poorly at about 5% packet loss and becomes completely useless at 33% (ish) and UDP will still succeed (eventually).

So the right thing to do, as always, is pick the right tool for the right job. If you're doing routine monitoring of lots of data, you might consider TCP. But be prepared to fall back to UDP for fixing problems. Most stacks these days can actually use both TCP and UDP.

As for sending TRAPs, yes TRAPs are unreliable because they're not acknowledged. However, SNMP INFORMs are an acknowledged version of a SNMP TRAP. Thus if you want to know that the notification receiver got the message, please use INFORMs. Note that TCP does not solve this problem as it only provides layer 3 level notification that the message was received. There is no assurance that the notification receiver actually got it. SNMP INFORMs do application level acknowledgement and are much more trustworthy than assuming a TCP ack indicates they got it.

like image 138
Wes Hardaker Avatar answered Oct 16 '22 21:10

Wes Hardaker