Network engineers deal with a unique set of headaches when managing infrastructure. SNMP is over 30 years old, and most networks still depend on it today. We finally have a strong modern alternative and it is time to move on.
SNMP has been the standard for decades, but its flaws are hard to ignore now. It is clunky, inefficient, and simply does not scale in modern environments.
gNMI (gRPC Network Management Interface) solves these problems. It is cleaner, faster, and gives administrators much better control over what data they pull and how they receive it.
The protocol relies on three main operations:
- Get: Pull data from a device.
- Set: Change a configuration.
- Subscribe: Get automated updates whenever data changes.
Why gNMI beats SNMP
The benefits come down to a few key architectural shifts.
- Model-driven design: gNMI uses YANG to define data. This makes writing automation scripts much easier because you actually know what the data structure looks like without hunting through MIBs.
- Truly bidirectional: You can use gNMI for both telemetry and configuration. This lets you handle everything from provisioning to troubleshooting with one tool.
- Efficiency and scale: gNMI uses a streaming approach. It can handle high traffic volumes across massive networks without killing device performance.
- Modern security: It is built on HTTP/2 and uses TLS to encrypt traffic by default. You get a secure management plane right out of the box.
Here is a quick look at how they stack up:
| Feature | SNMP | gNMI |
|---|---|---|
| Transport | UDP (mostly) | HTTP/2 (TCP) |
| Data Format | ASN.1 (MIBs) | Protocol Buffers (modeled with YANG/OpenConfig) |
| Speed | 30s to 5min intervals | Near real-time streaming |
| Security | Shared secrets (v2) / Complex USM (v3) | Certificate-based Mutual TLS |
Subscriptions: Stop Polling, Start Streaming
The “streaming” aspect is a massive upgrade. Because gNMI uses gRPC, it can hold a persistent connection where the device pushes updates to the client. SNMP has no suitable way to do this[1] . Instead, SNMP forces you into a repetitive request and response loop.
Look at a typical SNMP setup:
The client has to ask for the same data over and over, often getting the exact same answer. I am also sparing you the typical SNMP mess where you have to manually map index numbers to interface names. If an interface is “too fast,” you have to mess with ifHCInOctets values. With SNMP, you have to poll frequently to get resolution on the data.
Now look at a gNMI subscription:
You set the subscription once and the device sends updates only when the value changes. If nothing changes, the device stays quiet. This massive reduction in “chatter” lowers the load on your hardware and your network.
Architecture: How it actually works
Moving to gNMI means rethinking where your data goes. SNMP usually feeds into a monolithic Network Management System (NMS). gNMI typically flows into a Time Series Database (TSDB) like Prometheus or InfluxDB via a telemetry collector that translates the stream into metrics Prometheus can scrape.
The data itself is sent as binary using Protocol Buffers (Protobuf). This makes it incredibly efficient over the wire, but it does mean you cannot just read it in plain text with Wireshark unless you have the right dissectors configured.
A major architectural shift here is Dial-Out telemetry. With traditional Dial-In, your collector connects to every single device. With Dial-Out, the devices are configured to actively push data to a central destination. This simplifies firewall rules and bootstrapping, but it also shifts connection management and scaling complexity onto the devices themselves, especially in very large deployments.
What about NETCONF?
Since we are talking about YANG models, you might wonder why we are not just using NETCONF. Both have their place in modern networks.
NETCONF uses XML and is heavily focused on transactional configuration. It is fantastic when you need to apply a complex, multi-device configuration change and ensure it either fully succeeds or rolls back. However, XML is heavy. For high-speed telemetry and streaming state data, gNMI with its binary Protobuf format is far superior.
The Gotchas
I will admit gNMI is not a perfect solution. Advocacy is useless if we ignore the hurdles.
First, there is a CPU tax. gRPC and TLS encryption require more overhead on the network device than a simple UDP-based SNMP poll. Older hardware might actually struggle with this load.
Second, navigating OpenConfig models can be intimidating at first. While YANG is infinitely better than hunting through ancient MIBs, you still have to understand the “YANG tree” structure to know exactly what paths to subscribe to. The learning curve is definitely steeper.
Better Tooling and Open Standards
Despite the learning curve, the ecosystem is catching up fast. Tools like gNMIc provide a much better user experience than old school commands like snmpget. Plus, gNMI is an open standard. It is not locked to one vendor. Even when using vendor specific data models, they are almost always described in YANG, which makes documentation and automation much more predictable.
gNMI is the logical choice for most modern networks. I even suspect it is a great fit for smaller setups like homelabs, though I will save that for a later post. There is plenty more to dive into, including different subscription types like STREAM or ONCE, but those deserve their own deep dives. Thanks for reading.