December 13, 2000, 5:02 PM — In Internet time, anything that happened way back in the 1980s is considered ancient
history. However, while a lot of network technologies from that era are, in fact,
obsolete today, that isn't necessarily the case for network management.
The RFC set that spawned the Simple Network Management Protocol was finalized in
1988. Even the authors -- who included such flamboyant characters as Marshall Rose and
Jeff Case -- didn't anticipate how big a hit SNMP would be. Within a few years, vendors
had implemented an SNMP agent within every network device that could be managed. This
meant that such devices could be interrogated via IP from any SNMP-based management
The overnight success of SNMP was due to four factors:
SNMP was, well, simple, and easy for vendors to implement. The sum total of all
the main RFC documents (numbers 1155, 1157, 1212, and 1213) amounted to only 143 pages.
By contrast, specifications for other protocols can be thousands of pages long. After a
short while, early interoperability issues were eliminated.
SNMP was an IETF standard, and therefore free -- there was no cost to license
An agent implementation consumed minimal resources, so an SNMP-managed router
wouldn't bog down when responding to SNMP management queries.
The protocol was easily extensible, which meant that vendors could tailor some
aspects of the way their products were managed and address new and unique product
SNMP was a tough act to follow. However, the original protocol's lax security
prompted various IETF groups over the years to try to revamp the protocol. So far,
those rewrite attempts -- including the latest, SNMP version 3 -- have ended up as
Many enterprise network managers are dutifully including in their RFPs the
requirement that SNMP versions 2 and 3 be supported in any new network gear their
departments procure. In doing so, however, they unknowingly -- and
unnecessarily -- limit their choices.
The SNMP version 2 effort, while attempting to develop bulletproof security for
SNMP, ended up producing just some minor tweaks to the protocol -- adding a few new
error codes and a more efficient method of retrieving SNMP data. But SNMP v2c, as it is
known, never made it as an IETF standard, and few vendors figured it was worth
overhauling their SNMP agents to add its enhancements. It is nice, and perhaps even
useful, if a managed device supports SNMP v2c; a couple of leading SNMP management
platforms -- including Hewlett-Packard's OpenView -- do support it. But enterprise
network managers are ill-advised to make it mandatory.
Now, after years of effort, there is an SNMP version 3, and it is crawling along on
the IETF's standards track. But you should wait before mandating this in RFPs.