The Basics Of SNMP Trap Messages

What are SNMP "Trap" messages?

SNMP Traps are alert messages sent from a remote SNMP-enabled device to a central collector, the "SNMP manager". A Trap might tell you that a device is overheating, for example. (As you'll recall, SNMP is one possible protocol that devices can use to communicate.) Trap messages are the main form of communication between an SNMP Agent and an SNMP Manager. They are used to inform an SNMP manager when an important event happens at the Agent level. A benefit of using Traps for reporting alarms is that they trigger instantaniously, rather than waiting for a status request from the manager.

What devices send SNMP traps?

SNMP traps are most commonly issued by one of two device types. Newer devices are able to send traps on their own to alert an SNMP trap manager when they experience a problem. For older devices that do not support SNMP, an SNMP RTU may be used to collect alarms from multiple legacy devices, convert them to SNMP traps, and transmit them (most commonly over LAN) back to your SNMP manager.

Are there different SNMP trap types?

Yes. The most important thing to keep in mind is SNMP versions, like v1, v2c, and v3. Each version has different pros and cons, and you need to think about compatibility. SNMPv3 supports encryption for security, while SNMPv1 is very simple to set up. If you have standardized on SNMPv3, for example, you're going to need SNMPv3 devices. Older devices will need to be upgraded. You can also install a translation device to convert between SNMP versions.

What are limitations of SNMP traps?

Unlike other protocols, an SNMP trap provides no proof that the message is received by the SNMP manager. Newer versions of SNMP include a new type of message called an "inform" message. An SNMP inform message is confirmed by the SNMP manager. If SNMP agent does not see confirmation from the SNMP manager that its SNMP inform message has been received, it will resend the inform message.

Because SNMP is asynchronous (messages are sent only when something must be reported), there's also no automatic way to be sure a device is still online. This is a disadvantage compared to polled protocols, where the central master is frequently asking each device for an update.

Because SNMP is one specific protocol it's incompatible with others, like Modbus or DNP3. To solve this problem, you'll need an SNMP conversion device:

Converting other protocols to SNMP

It's not prominent in SNMP textbooks, but real-world engineers know that making multiple protocols work together is part of the job. Here's an example of protocol conversion, as configured in an RTU web interface:

How are alarms encoded in traps?

There are two different methods for encoding alarm data in SNMP traps. One is to use what are known as granular traps". Granular traps each have a unique OID so that you can tell them apart from one another. The SNMP manager getting the SNMP traps from the device will look up the OID in a translation file called a management information base or MIB. Because granular traps use unique numbers to support this lookup method, no actual alarm data needs to be contained within the SNMP trap. This reduces bandwidth consumed by SNMP traps, because they are not sending redundant information through the network.

When granular traps are not used, SNMP traps may be configured to contain alarm data as payloads. In this case, it's very common for all SNMP traps from the device to use a single OID. To understand these types of traps, an SNMP manager needs to analyze the data in each trap. Data is stored within an SNMP trap in a simple key-value pair configuration. Each pair is known as a "variable binding". As an example, a single SNMP trap might contain variable bindings for "site name", "severity", and "alarm description".

SNMP OID tree
Each SNMP trap carries an identifier (called an OID) that determines its placement within the logical "tree" of all SNMP traps.

SNMP RTU example

To make it easier to understand how SNMP traps work, it's useful to look at an example. One SNMP RTU commonly used in networks around the world is the NetGuardian 832A. Helpful software and good build quality are reasons it has been used at many telecommunications, utility, and transit companies.

SNMP OID tree
Dual T/Mon masters and NetGuardian remotes provide regional monitoring ability and forward alarms via SNMP traps to an SNMP manager of managers (MOM), as shown by the red box.

This RTU sends SNMP traps based on many inputs. Typically, the 832A will send traps to your manager when one of its 32 discrete alarm inputs is triggered by a contact closure output from one of your devices. This could indicate anything from a generator failure, to a door open, to a motion sensor.

This 832A can also send SNMP traps based on the current status of its eight analog current or voltage inputs. Since analog inputs are never completely on or off, but rather a value in a range, the firmware and user configuration are used to decide when to send traps. On each of the eight analog inputs of a NetGuardian 832A, you are able to define four thresholds that will trigger the sending of an trap when they are crossed. One very common application for using these thresholds involves the monitoring of temperature at your remote site. Since you have four thresholds available, you'd need to determine what temperature values constituted "way too low", "a little too low", "a little too high", and "way too high". Then, whenever the NetGuardian's analog input detect that temperature has crossed one of these thresholds, you will receive an SNMP trap with the current temperature.

The NetGuardian 832A will also send SNMP traps to you to inform you about its own internal alarms. Although there are over a dozen such alarms, one of the most common is a LAN failure. Right now, you're probably wondering, "How can I receive an SNMP trap from the NetGuardian if its LAN connection has failed?" Unlike similar alarm remotes, this NetGuardian has twin independent LAN connections. If one fails, you can receive alarms on the other to alert you that you're "running on the spare." These and similar system alerts in the form of SNMP traps help protect you against network outages, in much the same way that your car may activate a "maintenance required" or "service engine soon" light.

Download the complete SNMP White Paper now (PDF)

SNMP White Paper

The Fast Track Introduction to SNMP by Marshall DenHartog is a quick, 12-page introduction to SNMP. You'll learn about traps, message formats, the MIB, and other fundamental SNMP concepts.