SNMP

Given an example OID, 1.3.6.1.2.1.1.1.0, each number has the following meaning:

  • 1 = iso

  • 3 = org

  • 6 = dod

  • 1 = internet

  • 2 = IETF Management

  • 1.1 = SNMP MIB-2 System

  • 0 = sysDescr

From the decoded values, it can be determined that this OID is from the IETF standard MIB (more on MIBs later in the article), and it provides a system description of some sort. Let's look at a real-world example from a CentOS 6 box:


1.3.6.1.2.1.1.1.0 = STRING: "Linux foo.example.lan
 ↪2.6.32-573.1.1.v6.i686 #1 SMP Fri Aug 21 14:37:07 MDT 2015 i686"

From this description, you can determine that the system this agent is running on is running Linux, 2.6.32, and is 32-bit.

Nearly every OID starts with "1.3.6.1", and the reason for this should be obvious. The modern public internet originally was created by the United States Department of Defense, and at one time, TCP/IP was called the "DOD Model". Since these values are in every OID, they aren't all that useful for identifying what that OID does, and they generally can be ignored.

After 1.3.6.1, there are more types of OID. If the MIB continues with 1.2, as with the example above, the description of the OID can be found in the standard IETF MIB. If it continues with 1.4, the MIB is "private", and you will need to get the MIB from your hardware vendor. Despite being called "private", these MIBs are almost always available.

What Types of OIDs Are There and How Is Each Used?

There are many different types of OIDs so that SNMP can provide an extensive and extensible variety of information. The example from the previous section, 1.3.6.1.2.1.1.1.0, is a STRING. You can tell because SNMP tells you the type of OID when you retrieve it:


1.3.6.1.2.1.1.1.0 = STRING: "Linux foo.example.lan
 ↪2.6.32-573.1.1.v6.i686 #1 SMP Fri Aug 21 14:37:07 MDT 2015 i686"

Other types of OIDs exist, and each has a use. The following is a list of common types of SNMP OID:

  • Integer/Integer32: signed 32-bit integer—these are commonly used for storing values, such as the amount of available memory and the amount of free memory.

  • Uinteger32: unsigned 32-bit integer (fairly rare).

  • Octet String: this is a short (255-character) length of binary or text data.

  • IP Address: this returns an IP address.

  • Counter32: this returns a 32-bit counter that counts up, then wraps around to 0 when it reaches 32 bits in length minus 1 (4294967295). This is important, because gigabit Ethernet can send far more than that many bits in five minutes, which is a common NMS polling period.

  • Counter64: this has a maximum value of 64 bits – 1, which allows for higher speed Ethernet traffic counting and counting of other large numbers.

  • Object Identifier: this returns a different OID and functions like a GOTO, if that data is in another MIB.

  • Bit String: this is the type of string above, and it returns text information.

  • Gauge32: this goes up and down, but it never exceeds a maximum value.

  • TimeTicks: represents an unsigned integer of time since another time (often used for uptime).

______________________

Andrew Kirch has more than ten years of experience working as a systems/network administrator, with specializations including DevOps, SNMP and NMS.