I try to track what is being said about SNMP v3 in the news. That is a interesting thing to do, because compared to other topics, the answer is not much. I was intrigued when I ran across this article on Packet Pushers by Lindsey Hill called SNMPv3 Do It Now.
As I read it I was thinking of course we should be using SNMPv3 but why aren’t we all doing it now? Yes, I do know lots of folks that are using it, but what is holding us back from moving to SNMPv3?
Here are my thoughts (guesses):
- It is really hard to implement.
- It slows down processing of requests.
- My site is secure so I don’t need to use it.
- I have never heard of it.
- My devices don’t consistently support SNMPv3 (some support DES but not AES, or some have MD5 and some not) Some don’t support SNMPv3 at all.
So what should we do about this. Well for 1 through 4, the problem is clearly a mindset problem. There are lots of IT tasks we do every day that are hard, but we still do them. Nearly all networks and devices are so fast today that the extra time to process the request should be negligible especially when using GetBulk for large requests.
In the case of number 3, I would bet your site is not as secure as you think it is. I am not even going to discuss number 4.
So that leaves us with the final problem: the vendors. Well, you are their customers and they should be providing what you need. So if you want SNMPv3 and they won’t provide it, you need to make clear your desires. SNMP v3 has been around for 10 years. No company is likely to ignore a large chorus of requests and still be successful.