whyframeshot - stock.adobe.com

Telemetry vs. SNMP: Which is better for network management?

Now that networks have become more complex, network management has become a challenge of its own. Enterprises can compare telemetry vs. SNMP to see which better suits their needs.

Simple Network Management Protocol, or SNMP, and telemetry are two methods to manage network performance, but they operate with different mechanisms. Network professionals should evaluate those distinctions to decide if one is better for their needs.

This article explains how SNMP and telemetry work and their major differences.

How SNMP works

SNMP has been in use for network management since 1990 and is widely supported by both network devices and monitoring platforms. SNMP collects device performance data through a polling mechanism and returns it to the management platform. Three versions of SNMP are available, with SNMPv3 adding important authentication and encryption features.

SNMP uses a simple protocol that requests data identified by one or more object IDs (OIDs) in a GetRequest, GetNextRequest or GetBulkRequest packet. Response packets return data. The OIDs are structured in a management information base (MIB). Network administrators can use these packets to perform ad hoc data collection as needed.

SNMP traps or syslog communicate synchronous events back to the management system. User Datagram Protocol (UDP) transports the data and requires minimal overhead on the network device and the management system.

Despite SNMP's capabilities, its polling architecture also has a downside. The management system creates and sends data requests to each device and repeats the process a few minutes later. This repetitive process incurs a cost. The MIB organizes data via lexicographical sorting, which differs from how the device stores interface performance data. Because of the differences between these two methods, the device's CPU has to do more processing to handle the polling requests.

A vendor-independent MIB, named MIB-II, provides a general set of operational variables across a wide range of devices. Vendors can augment MIB-II with custom MIBs, and some network management systems take advantage of this additional data source.

How telemetry works

Streaming network telemetry is a mechanism that uses a push model to continuously send high-resolution device operational data to a network management system. It sends data at a higher rate and with less strain on the network devices than other methods, like SNMP or the command-line interface (CLI). Network administrators select data when they configure a periodic cadence, which can happen in quick bursts or through event triggers. Examples of event triggers include a threshold breach, such as high errors, or a status change, such as interface state changes.

Telemetry data is encoded as XML, JSON or Google protocol buffers. Encryption can use either the UDP or TCP transport, frequently in conjunction with Google Remote Procedure Calls (gRPC). GRPC enables a collector to request a data stream dynamically from a network device. It can establish new data streams or poll for data that rarely changes.

Model-driven telemetry, meanwhile, is based on YANG models and simplifies the selection of the data to stream. The OpenConfig working group is creating standardized models applicable to groups of network devices. In addition, Google, through its gRPC Network Management Interface (gNMI) initiative, defined a standard that governs how to use telemetry to retrieve network state data.

Even a moderately sized network can stream a huge volume of data, which requires big data storage and processing mechanisms. Network managers must determine the cadence or event triggers for streaming each type of data so they don't overwhelm the processing capabilities of the network management system in question.

Chart that compares telemetry vs. SNMP.
Compare telemetry vs. SNMP.

Compare telemetry vs. SNMP

Network administrators might prefer to use SNMP when they need to retrieve relatively static data, such as inventory or neighboring devices. However, SNMP's polling mechanism makes it challenging to collect high-volume, high-resolution performance data.

SNMP is useful for networks equipped with significant numbers of older devices that don't support telemetry. It's also good for collecting nonperformance data, such as the following:

  • Routing peers.
  • Bridge domain neighbors.
  • Network Time Protocol peers.
  • Device inventory information, such as serial numbers, modules and slot locations.

Finally, SNMP's use of UDP eliminates the need to allocate large receive buffers, which enables management servers to allocate internal memory more efficiently.

Network administrators might prefer to use streaming telemetry to collect high-resolution performance data, such as high-speed network interface statistics. Telemetry has become more practical as more device and network management vendors better support the methodology.

In addition, newer RPC mechanisms make telemetry more efficient at obtaining data from network devices than SNMP or CLI. For some network administrators, telemetry might be the obvious choice going forward. However, telemetry collectors that rely on TCP connections could use a significant amount of memory for receive buffers, depending on the implementation. Moreover, the large number of YANG models for each vendor can make it difficult to analyze streaming data.

For networks that contain a mix of old and new network devices, a combination of SNMP and telemetry is likely best. A switch to telemetry is possible when all network devices within an organization support it.

Regardless of how network administrators assess the data collection methods of telemetry versus SNMP, network management is essentially a big data problem. The management system must process large volumes of data to identify anomalies and alert the network operations team to problems. The OpenConfig and gNMI initiatives are working to simplify data collection and analysis.

Editor's note: This article was originally published by Terry Slattery and updated by TechTarget editors to improve the reader experience.

Terry Slattery is an independent consultant who specializes in network management and network automation. He founded Netcordia and invented NetMRI, a network analysis appliance that provides visibility into the issues and complexity of modern router- and switch-based IP networks.

Next Steps

How to monitor network traffic in 7 steps

Dig Deeper on Network management and monitoring