Is SNMP still used widely as of 2015?
Sadly, SNMP is still in common usage. Later versions of the protocol have addressed numerous issues in SNMPv1, but those have almost entirely been directed at fixing the security model. As a result, SNMP traffic is now comparitively bloaty, but they have not addressed what I consider to be the glaring shortcoming in SNMP - that data stored in the MIB resides outside the monitoring/monitored device exchange.
The separation of the MIB-stored data from that exchange, and the consequent use of numeric OIDs on the wire, made sense in SNMPv1, as it kept most exchanges to a single UDP datagram in each direction. As of v3, it no longer makes any sense, to my mind - but I'm not the IETF.
Sadly, SNMP is still a sort of lowest-common-denominator management protocol, and I'm constantly surprised how many devices I see out there where the easiest way to extract monitoring data from them is good old RO-community-string-in-UDP-based SNMPv1.
Edit (2018): because it's so germane, I quote from Geoff Huston's excellent article in the August 2018 edition of the Internet Protocol Journal:
The Internet converged on using the Simple Network Management Protocol (SNMP) a quarter of a century ago, and despite its security weaknesses, its inefficiency, its incredibly irritating use of Abstract Syntax Notation One (ASN.1), and its use in sustaining some forms of Distributed Denial-of-Service (DDoS) attacks, it still enjoys widespread use.
I work on network monitoring systems, and SNMP is still heavily used and relied on for the for the following reasons:
- The use of UDP as the underlying protocol makes SNMP very efficient. Since most monitoring/management is done within your own data center you don't need to be as concerned with packets getting lost over the public internet and TCPs acknowledgement and flow control are overkill. SNMPv2 addresses some of SNMP original inefficiencies, for example adding support for BULK GET.
- SNMP is universal across networked devices. Almost all networking equipment implements a SNMP agent. Having MIBs ensures there is a global space where information can be added by different vendors in a controlled fashion and thus makes looking up information on what OIDs to query easier and mostly vendor agnostic.
- Finally, there hasn't been a good candidate to drop in as a replacement. SNMP may not be great, but its good and good is good enough. Several network devices now have APIs to get the same and additional information, but as I stated in my second point, the ways of querying these APIs obviously varies across devices and no endpoints are standardized across devices.