Network Management: - SNMP - Software Defined networking

9-1

Christian Tschudin

Departement Mathematik und Informatik, Universität Basel

Internet-Technologien (CS262)

Network Management:

- SNMP

- Software Defined networking

23.4.2014 Network Management 9-2

Chapter 9

Network

Management

A note on the use of these ppt slides:

We’re making these slides freely available to all (faculty, students, readers). They’re in PowerPoint form so you can add, modify, and delete slides (including this one) and slide content to suit your needs. They obviously represent a lot of work on our part. In return for use, we only ask the following:

 _{If you use these slides (e.g., in a class) in substantially unaltered form,}

that you mention their source (after all, we’d like people to use our book!)

 _{If you post any slides in substantially unaltered form on a www site, that}

you note that they are adapted from (or perhaps identical to) our slides, and note our copyright of this material.

Thanks and enjoy! JFK/KWR All material copyright 1996-2010

J.F Kurose and K.W. Ross, All Rights Reserved

Computer

Networking: A Top Down Approach ,

5th _edition.

Network Management

9-3

Chapter 9: Network Management

 introduction to network management

 _motivation

 _{major components}

 Internet network management framework

 _{MIB: management information base}  _{SMI: data definition language}

 _{SNMP: protocol for network management}  _{security and administration}

 presentation services: ASN.1

Network Management

9-4

Chapter 9 outline

 What is network management?

 Internet-standard management framework

 _{Structure of Management Information: SMI}  _{Management Information Base: MIB}

 _{SNMP Protocol Operations and Transport Mappings}  _{Security and Administration}

Network Management

9-5

What is network

management?

 autonomous systems (aka “network”): 100s or

1000s of interacting hardware/software components

 other complex systems requiring monitoring,

control:

 _{jet airplane}

 _{nuclear power plant}  _others?

"Network management includes the deployment, integration and coordination of the hardware, software, and human

elements to monitor, test, poll, configure, analyze, evaluate, and control the network and element resources to meet the real-time, operational performance, and Quality of Service requirements at a reasonable cost."

Network Management

9-6

Infrastructure for network management

Network Management

9-7

Network Management standards

OSI CMIP  Common Management Information Protocol  designed 1980’s: the unifying net management standard  too slowly standardized SNMP: Simple Network Management Protocol  Internet roots (SGMP)  started simple  deployed, adopted rapidly

 growth: size, complexity  currently: SNMP V3  de facto network management standard Network Management 9-8

Chapter 9 outline

 What is network management?

 Internet-standard management framework

 _{Structure of Management Information: SMI}  _{Management Information Base: MIB}

 _{SNMP Protocol Operations and Transport}

Mappings

 _{Security and Administration}

Network Management

9-9

SNMP overview: 4 key parts

 Management information base (MIB):

 _{distributed information store of network}

management data

 Structure of Management Information (SMI):

 _{data definition language for MIB objects}

 SNMP protocol

 _{convey manager<->managed object info,}

commands

 security, administration capabilities

 _{major addition in SNMPv3}

Network Management

9-13

MIB example: UDP module

Object ID Name Type Comments

1.3.6.1.2.1.7.1 UDPInDatagrams Counter32 total # datagrams delivered at this node

1.3.6.1.2.1.7.2 UDPNoPorts Counter32 # underliverable datagrams no app at portl

1.3.6.1.2.1.7.3 UDInErrors Counter32 # undeliverable datagrams all other reasons

1.3.6.1.2.1.7.4 UDPOutDatagrams Counter32 # datagrams sent

1.3.6.1.2.1.7.5 udpTable SEQUENCE one entry for each port

Network Management

9-14

SNMP Naming

question: how to name every possible standard object (protocol, data, more..) in every possible network standard??

answer: ISO Object Identifier tree:

 _{hierarchical naming of all objects}

 _{each branchpoint has name, number}

Network Management

9-16

SNMP protocol

Two ways to convey MIB info, commands:

agent data Managed device managing entity response agent data Managed device managing entity trap msg request

request/response mode trap mode

Network Management

9-17

SNMP protocol: message types

GetRequest

GetNextRequest GetBulkRequest

Mgr-to-agent: “get me data” (instance,next in list, block) Message type Function

InformRequest Mgr-to-Mgr: here’s MIB value

SetRequest _{Mgr-to-agent: set MIB value}

Response Agent-to-mgr: value, response to Request

Network Management

9-19

SNMP security and administration

 encryption: DES-encrypt SNMP message  authentication: compute, send MIC(m,k):

compute hash (MIC) over message (m), secret shared key (k)

 protection against playback: use nonce  view-based access control

 _{SNMP entity maintains database of access}

rights, policies for various users

 _{database itself accessible as managed}

object!

Software Defined

Networking

Jennifer Rexford

COS 461: Computer Networks

Lectures: MW 10-10:50am in Architecture N101

Networks are Hard to Manage

• Operating a network is expensive

– More than half the cost of a network

– Yet, operator error causes most outages

• Buggy software in the equipment

– Routers with 20+ million lines of code

– Cascading failures, vulnerabilities, etc.

• The network is “in the way”

– Especially a problem in data centers

– … and home networks

Rethinking the “Division of Labor”

Traditional Computer Networks

Data plane:

Packet streaming

Forward, filter, buffer, mark,

rate-limit, and measure packets

Traditional Computer Networks

Track topology changes, compute

routes, install forwarding rules

Control plane:

Traditional Computer Networks

Collect measurements and

configure the equipment

Management plane: Human time scale

Death to the Control Plane!

• Simpler management

– No need to “invert” control-plane operations

• Faster pace of innovation

– Less dependence on vendors and standards

• Easier interoperability

– Compatibility only in “wire” protocols

• Simpler, cheaper equipment

Software Defined Networking

(SDN)

Data-Plane: Simple Packet

Handling

• Simple packet-handling rules

– Pattern: match packet header bits

– Actions: drop, forward, modify, send to controller

– Priority: disambiguate overlapping patterns

– Counters: #bytes and #packets

1. src=1.2.*.*, dest=3.4.5.* ➝ drop 2. src = *.*.*.*, dest=3.4.*.* ➝ forward(2)

3. src=10.1.2.3, dest=*.*.*.* ➝ send to controller

1. src=1.2.*.*, dest=3.4.5.* ➝ drop 2. src = *.*.*.*, dest=3.4.*.* ➝ forward(2)

3. src=10.1.2.3, dest=*.*.*.* ➝ send to controller

Unifies Different Kinds of Boxes

• Router

– Match: longest destination IP prefix

– Action: forward out a link • Switch

– Match: destination MAC address

– Action: forward or flood

• Firewall

– Match: IP addresses and TCP/UDP port numbers – Action: permit or deny • NAT

– Match: IP address and port

– Action: rewrite address and port

Controller: Programmability

44

Network OS

Controller Application

Events from switches Topology changes, Traffic statistics, Arriving packets Commands to switches (Un)install rules, Query statistics, Send packets

Example OpenFlow Applications

• Dynamic access control

• Seamless mobility/migration

• Server load balancing

• Network virtualization

• Using multiple wireless access points

• Energy-efficient networking

• Adaptive traffic monitoring

• Denial-of-Service attack detection

E.g.: Dynamic Access Control

• Inspect first packet of a connection

• Consult the access control policy

• Install rules to block or route traffic

E.g.: Seamless Mobility/Migration

E.g.: Server Load Balancing

• Pre-install load-balancing

policy

• Split traffic based on source IP

48

src=0*

src=1*

E.g.: Network Virtualization

49

Partition the space of packet headers

A Helpful Analogy

From Nick McKeown’s talk “Making SDN

Work” at the Open Networking Summit,

Heterogeneous Switches

• Number of packet-handling rules

• Range of matches and actions

• Multi-stage pipeline of packet processing

• Offload some control-plane functionality (?)

55 access control MAC look-up IP look-up

Controller Delay and Overhead

• Controller is much slower the the switch

• Processing packets leads to delay and

overhead

• Need to keep most packets in the “fast path”

Distributed Controller

For scalability and reliability

Partition and replicate state

Testing and Debugging

• OpenFlow makes programming possible

– Network-wide view at controller

– Direct control over data plane

• Plenty of room for bugs

– Still a complex, distributed system

• Need for testing techniques

– Controller applications

– Controller and switches

– Rules installed in the switches