Similar to SNMP, NetFlow works in a push mode, sending flow records from a cache to a flow collector. The device then replies to NMS with the SNMP get-responses, carrying the OIDs with their measured values. In the pull mode, an NMS periodically sends SNMP get-requests to a managed device, requesting the SNMP agent that is running on a managed device to sent OID values. In the push mode, a managed device sends traps to an NMS upon a certain event, for instance when values exceed the defined limits (alarms). SNMP operates in both push and pull mode. Now let’s talk about the differences and similarities between SNMP and NetFlow in more details. This mechanism is similar to SNMP traps that are sent to NMS once an alarm is raised. However, if a NetFlow enabled device does not receive IP traffic, flows are not created in the cache thus they are not exported to a collector. Flow records are then exported from exporters to one or more NetFlow collectors. If any of the parameters do not match, a new flow is created in the cache. The other packets matching the same parameters are aggregated to this flow and the bytes counter for the flow increases. NetFlow enabled device examines each packet and the first unique packet creates a flow as an entry in NetFlow cache. In contrast to SNMP, NetFlow was designed with network traffic monitoring in mind. This enables SNMP to monitor almost any object, such as a printer’s toner status, room temperature or in a case of a network device, incoming and outgoing traffic, the rate of package loss and a lot more.
The MIB contains a set of defined OIDs ensuring that the managed devices and NMS can communicate together.
It is achieved by the same Management Information Base (MIB) file loaded in managed devices and the Network Management Station (NMS).
SNMP is designated to monitor a large number of different objects (object identifiers or OIDs) as long as managed entities and a management station speak the same language. Simple Network Management Protocol (SNMP) is a well-known standardized application layer protocol, originally developed for network management but mostly used for network monitoring.
0 kommentar(er)
