To properly manage your network and IT infrastructure, one needs to capture and analyze packets of information sent on the network, called SNMP Traps. These are protocol data units (PDUs) sent by various systems, agents and devices on the network using the SNMP protocol and contain information about events happening to those systems. Very often this information is critical to a network manager and it is crucial that a capable network management system (NMS) is installed and capturing this data in real-time. The key is to make sure the NMS is able to adequately translate and resolve the information contained in the traps. In order to resolve the information and then take the necessary steps of action, be they logging, initiation of notification schedules or automatic execution of scripts, the receiving system must be able to parse the information contained in packet, encoded by the SNMP protocol. There are many layers of information in the trap, called variable bindings (or varbinds), and the management system must be able to accurately identify each one of those varbinds. Each varbind contains a piece of information called an Object Identifier (OID). Each OID is actually comprised by a series of numbers, and each represents a unique object in the universe (e.g. some objects include - 18.104.22.168 (internet), and 22.214.171.124.4.1.9 (cisco systems), etc.).
In order to identify the OIDs, a successful system must employ a comprehensive ASN.1 MIB Database. It also helps to have a quality MIB Compiler built into the system so users can compile and load new ASN.1 MIBs into the system in case the network management system finds an OID that it does not understand. The compiler rips through the text, compiles the objects into fully qualified OIDs, and inserts the information and it’s dependencies into the database for use by the system later. The very best management systems have ways of automatically acquiring MIBs from online libraries and compiling them into the system, and that way the system can have automatic determination and resolution of these SNMP Traps. Of course there are very few of these systems available and they have concrete patents covering this technology (both the acquisition and the online mib libraries). This technology is called MIBAcquire.
It is suggested that if a company is building a management system that they license this valuable technology in order to take advantage of these valuable features. In addition to compiling and acquiring MIBs, a great SNMP trap management system can also have a configuration of trap filters. These “filters” have built-in information that allows the management system to indentify, classify, and organize the information in a pre-determined way. This in fact is almost the best way to deal with these SNMP trap PDUs, as it allows the system to perform at an optimal rate, especially in the midst of a trap flood (i.e. a huge storm of traps being sent across the network). These floods are not altogether uncommon, and the NMS should be able to handle these in a timely and secure way. Some of these systems have thousands of these filter definitions, and they can successfully analyze traps at a dizzying rate using CRC and de-duplication algorithms. Once these traps are received, and the OIDs are identified, the traps can be accurately resolved and then can be finally processed using correlation. The ideal SNMP trap solutions can determine context and then within that context look at the other possibly related events that may be happening as well.
This process, correlation, is critical to determine not only what is going on in your network right now, but also a smart system can also use this information to predict events in the future. It is this ability to determine and predict that makes these systems so valuable and will save a business money (also known as ROI).