SUMMARY

The purpose of this report is to compare two different network management protocols: The Simple Network Management Protocol (SNMP) and the Common Management Information Protocol (CMIP), giving the reader an introductory knowledge of each.

Both the advantages and disadvantages of each are stated. Possible solutions to some disadvantages are also presented.

It is recommended that SNMP be implemented for network management over CMIP because of the large system resources CMIP requires.

CONCLUSIONS

SNMP consists of a simply composed set of network communication specifications that cover all the basics of network management in a method that poses little stress on an existing network.

CMIP is a very well designed network management system that improves on many of SNMP's weaknesses.

The main problem with CMIP is that in fixing SNMP's problems it has become such a large and complete management system that only the best equipped networks can afford to run it.

INTRODUCTION

In the late 1970's, computer networks had grown from a simple layout of small, separate networks that were not connected to each other to larger networks that were interconnected. These larger networks were called internets and their size grew at an exponential rate. The larger these networks became the more difficult they became to manage (ie. monitor and maintain), and it soon became evident that a network management protocol need be developed.

The first protocol used was the Simple Network Management Protocol (SNMP); it was commonly considered to be a quickly designed "band-aid" solution to internetwork management difficulties while other, larger and better protocols were being designed.

Out of these protocol designs of the 1980's emerged two different network management protocols. The first was SNMPv2, which incorporated many of the features of the original SNMP (which is still in wide use today) as well as a few added features that addressed the original protocol's shortcomings. The second was the Common Management Information Protocol, which was better organized and contained many more features than either SNMP v1 or v2.

The choice between CMIP and SNMPv2 will soon be made by the general public and will be a very costly one; for the average firm spends about 15% of its total information-systems budget on network management. Among the largest 100 American firms this means an average annual expenditure of $1.3 million on network management. (from Stallings)

The criteria that users desire in a network manager have been studied and reported in two surveys. The results of both show that the user's needs include: an excellent network security system, an easy to use interface, a relatively inexpensive implementation, and the reduction of a systems downtime. These are just some of the criteria that will be used in the forthcoming comparison of both network protocols. (Stallings)

An Introduction to SNMP

SNMP was designed in the mid-1980's as an answer to the communication problems between different types of networks. Its initial aim was to be a "band-aid" solution until a better designed and more complete network manager became available. However, no better choice became available and SNMP became the network management protocol of choice.

The way it works is very simple: It exchanges network information through messages (technically known as protocal data units (or PDU's)). From a high-level perspective, the message (PDU) can be looked at as an object that contains variables that have both titles and values.(Stallings)

There are five types of PDU's that SNMP employs to monitor a network: two deal with reading terminal data, two deal with setting terminal data, and one, the trap, is used for monitoring network events such as terminal start-ups or shut-downs.

Therefore, if a user wants to see if a terminal is attached to the network, he would use SNMP to send out a read PDU to that terminal. If the terminal was attached to the network, the user would receive back the PDU, it's value being "yes, the terminal is attached". If the terminal was shut off, the user would receive a packet sent out by the terminal being shut off informing them of the shutdown.. In this instance a trap PDU would have been dispatched.

The Advantages of SNMP

The largest advantage to using SNMP is that its design is simple, hence it is easy to implement on a large network, for it neither takes a long time to set up nor poses a lot of stress on the network. Also, its simple design makes it easy for a user to program variables they would like to have monitored, for in a more low-level perspective each variable consists of the following information:

The net result of this simplicity is a network manager that is easy to implement and not too stressful on an existing network.

Another advantage of SNMP is that it is in very wide use today. This popularity came about when no other network managers appeared to replace the "band-aid" implementation of SNMP. The result of this is that almost all major vendors of internetwork hardware, such as bridges and routers, design their products to support SNMP, making it very easy to implement.

Expandability is another benefit of SNMP. Because of its simple design, it is easy for the protocol to be updated so that it can expand to the needs of users in the future. The ramifications of this will be seen later on.

The Disadvantages to SNMP and how they can be Overcome

SNMP is by no means a perfect network manager. It has its faults, yet because of its clever design most of these faults have workarounds.

The first deficiency with SNMP is that it has some large security gaps that can give network intruders access to the information carried along the network. Intruders could also potentially shut down some terminals.

The solution to this problem is simple. Because of the expandability of SNMP, the latest version of SNMP, called SNMPv2, has added some security mechanisms that help combat the 4 largest security problems: privacy of data (to prevent intruders from gaining access to information carried along the network), authentication (to prevent intruders from sending false data across the network), and access control (which restricts access of particular variables to certain users, thus removing the possibility of a user accidentally crashing the network). (Stallings)

The biggest problem with SNMP though is that it is generally considered to be so simple that the information it deals with is neither detailed nor well-organized enough to deal with the expanding networks of the 1990's. This is mainly due to the quick creation of SNMP, for it was never intended to lead network management into the 1990's.

This large problem has been fixed in a newer release of SNMP, SNMPv2. This new version allows for more in-detail specification of variables, including the use of the table data structure for easier data retrieval. Also included are two new PDU's that are used to manipulate the tabled objects. In fact, so many new features have been added that the formal specifications for SNMP have expanded from 36 pages (with v1) to 416 pages with SNMPv2. (Stallings) Some may argue that with SNMPv2 the protocol lost its simplicity, but the fact is that changes to SNMP were necessary. It was an old system that just could not handle the network-intensive world of the 1990's.

SNMPv2 Update

If you have just finished reading the following you might think that SNMPv2 is the way to go. However, SNMPv2 is only alive in theory. SNMPv2 failed because its creators (Case, McCloghrie, Rose, and Waldbusser) could not agree on several key facets (of which I am not aware). Nonetheless finding an SNMP manager or agent that fully supports the proposed v2 extensions is quite difficult. Many agents support the security extensions, yet do so while offering v1's extensions as well. Personally, I believe v2 failed because v1 was so successful. v1 is everywhere today and to expect to fix all its problems while keeping all of its great features was a goal that could not be accomplished. As for a v3 or a reimplementation of v2 I do not think it will happen for a long time, if ever. v1 has outlived anyone's expectations and because of this has made the role of a successor impossible to fulfill. All of this is MHO, and other editorial opinions would be welcomed.

An Introduction to the Common Management Information Protocol (CMIP)

The CMIP protocol was supposed to be the protocol that replaced SNMP in the late 1980's. Funded by governments and large corporations, many thought that it would become a reality because of its almost unlimited development budget. Unfortunately, problems with its implementation have delayed its widespread availability and it is now only available in limited form from its developers themselves.

CMIP was designed to build on SNMP by making up for SNMP's shortcomings and becoming a bigger, more detailed network manager. Its basic design is similar to SNMP, whereby PDU's are employed as variables to monitor a network. CMIP however contains 11 types of PDU's (compared to SNMP's five).

In CMIP, the variables are seen as very complex and sophisticated data structures, with many attributes. These include :

1) variable attributes: which represent the variables characteristics (its data type, whether it is writable).

2) variable behaviors: what actions of that variable can be triggered.

3) Notifications: the variable generates an event report whenever a specified event occurs (eg. a terminal shutdown would cause a variable notification event.

As a comparison, SNMP only employs variable properties one and three from above.

The Advantages to the CMIP Approach

The biggest feature of the CMIP protocol is that its variables not only relay information to and from the terminal (as in SNMP), but they can also be used to perform tasks that would be impossible under SNMP. For instance, if a terminal on a network cannot reach its fileserver a pred-determined amount of times, then CMIP can notify the appropriate personnel of the event. With SNMP however a user would have to explicitly keep track of how many unsuccessful attempts to reach a fileserver that a terminal has incurred. CMIP thus results in a more efficient network management system, as less work is required by a user to keep updated on the status of their netowork.

Another advantage to the CMIP approach is that it addresses many of the shortcomings of SNMP. For instance, it has built in security management devices that support authorization, access control, and security logs. The result of this is a safer system from the installation of CMIP; no security upgrades are necessary (like SNMP).

The last advantage is that CMIP was funded by not only governments, but also large corporations. One can induce that CMIP not only has a very large development budget, but also that when it becomes a widely available protocol it will have numerous immediate users, namely the governments and corporations that funded it.

The Disadvantages of CMIP and potential solutions to these problems

From the above, one might wonder that if CMIP is so wonderful, why hasn't it been implemented already (for after all, it has been in development for about ten years). The answer to this is CMIP's only significant disadvantage: the CMIP protocol takes more system resources than SNMP by a factor of ten. In other words, very few systems on this planet would by able to handle a full implementation of CMIP without massive network modifications (such as the installation of thousands of dollars of memory and the purchase of new protocol agents). This major disadvantage has no inexpensive workaround, and for this reason many people believe that the CMIP protocol is doomed to fail. The only possible workaround is to decrease the size of the protocol by changing its specifications. Several protocols have been developed to run "on top" of CMIP and thus use less resources but none of these has gathered enough momentum to challenge SNMP.

Another problem with CMIP is that it is very difficult to program; for the variables require so many different variables that only a few skilled programmers would be able to use the variables to their full potential.

In Conclusion

Considering the above information, one can see that both management systems have their advantages and disadvantages. However, the deciding factor between the two systems lies with their implementation, for it is now almost impossible to find a system with the necessary resources to support the CMIP model; even though it is superior to SNMP (v1 and v2) in both design and operation.

Many people believe that a combination of network systems growing to handle CMIP and CMIP shrinking to fit into smaller systems will eventually result in its widespread implementation. However, by the time this day comes SNMP could very well have expanded to become all CMIP offers and more.

It is thus recommened that SNMP be fully adopted.

REFERENCES

Rose, Marshall. The Simple Book. New Jersey: Prentice Hall, 1994.

Stallings, William. SNMP, SNMPv2, and CMIP. Don Mills: Addison-Wesley, 1993.