Network Management. Introduction

(1)

Introduction

Notes taken from many sources, including IEEE Computer Society Online Cisco Course, Mani Subramanian, Chu‐Sing Yang, Raouf Boutaba, and many more

1

(2)

Outline

2



Introduction to Network Management



What is Network Management?



Challenges on the Network

Management



SNMP Family

(3)



Typical problem



Remote user arrives at regional

office and experiences slow or no

response from corporate web

server



Next step



Where do you begin?



Where is the problem?



What is the problem?



What is the solution?



Without proper knowledgement

of

network management

,

these questions are difficult to

answer

Corp Network

Regional O

ffices

The Case for Management

(4)



With proper management tools

and procedures in place, you may

already have the answer



Consider some possibilities



What configuration changes were

made overnight?



Have you received a device fault

notification indicating the issue?



Have you detected a security

breach?



Has your performance baseline

predicted this behavior on an

increasingly congested network

link?

Corp Network Regional Offices

The Case for Management

(5)

Solving Problem Procedure



an accurate

database

of your

network’s topology, configuration,

and performance



a solid understanding of the

protocols and models

used in

communication between your

management server and the

managed devices



methods and tools

that allow you

to interpret and act upon gathered

information

5 Response Times High Availability Predictability Security

(6)

An aside: Network Operations

Centre

Image fromhttp://www.research.att.com/areas/visualization/projects_software/photo_global_center.jpg

Others athttp://royal.pingdom.com/?p=296 NOC aka “Network Operations Center”

NOC vs NM



Typically NOC = Network

Operations

Center



NM = Network Management

 what is done at/from a NOC

 so named in most written material,

e.g. text books

 Management can get very broad

and fuzzy, very fast.

(7)

An aside: Why NM/NOC is

challenging



Complex:

Communication networks are complicated and

change rapidly. Information hidden to ease design may be

needed for debugging.



Distributed systems are hard to control

: synchronised and

consistent state. Fault management systems must work

when the rest of the network doesn't.



Internet



pushes functionality to ends, away from NM reach



collection of Autonomous Systems => heterogeneous &

many responsible parties



Vendor competition:

Users want it, vendors don't

7

(8)

What is Network Management?

8



Network Management



_{the process of overseeing a network and}

taking corrective action when necessary to

ensure performance

and availability

(9)

What is Network Management?

9



Operations



_{Managing operations involves implementing and}

overseeing procedures for ensuring that a network

runs

smoothly. It also involves monitoring the

network and

addressing problems that occur



Administration



_{Administrative functions associated with a network}

include keeping records of the devices on a network

and

of their use

(10)

What is Network Management?

10



Maintenance



_{Maintenance tasks associated with network}

management include repairing and upgrading

network components as required, and

implementing

measures to ensure that network

devices run optimally



Provisioning



_{Provisioning refers to the assignment of}

resources – such as hardware components – to

support required services and users.

(11)

Effective Network Management

11



Reduces Cost



lower

operating

costs and less spending on

unnecessary

network equipment.



Improves the Reliability and Availability



_{minimizing disruptions through both proactive and}

reactive measures.



Boost Revenue for ISPs

(12)

Challenges affecting NM?

12



Managing

the delivery of

a large number of network

services, each of

which has specific requirements,

such as those associated with bandwidth and

connections



Ensuring that the individual requirements of

services are met without compromising overall

network

performance.



Scalable and adaptable



Number of users and various services



Ongoing reconfiguration and upgrades



Monitoring Tools

(13)

Network Management Activities

13

(14)

Network Management Activities

14

(15)

Network Monitoring

15

Management Station

_{Local Area Network}

Statistics

Alarms

Status

ON

OFF

(16)

Network Monitoring

16

Management Station

_{Local Area Network}

Statistics

Alarms

Status

ON

OFF

Data collected on the

status of devices

E.g., to probe link status :

operational or not ?

(17)

Network Monitoring

17

Management Station

_{Local Area Network}

Statistics

Alarms

Status

ON

OFF

An alarm is sent any time

a problem occurs in the network

(18)

Network Monitoring

18

Management Station

_{Local Area Network}

Statistics

Alarms

Status

ON

OFF

Statistics are sent on a

regular basis to the management

station which collates and

stores them, e.g. traffic levels

(19)

A Standardized Approach

World

‐

wide

Industry

Agreement

on

Single

Set

of

Specifications



Include “all” the Players:



Buyers



Standards Bodies



Implementers Groups



Interoperability through:



Open Interoperable Interface



Protocol-neutral information models

(20)

Network Management: Principles and Practice © Mani Subramanian 2010

Network Management Standards

Standard Salient Points

OSI/CMIP 1. International standard (ISO/OSI)

2. Management of data communications network - LAN and WAN 3. Deals with all 7 layers

4. Most complete

5. Object oriented

6. Well structured and layered

7. Consumes large resource in implementation

SNMP/Internet 1. Industry standard (IETF)

2. Originally intended for management of Internet components, currently adopted for WAN and telecommunication systems 3. Easy to implement

4.Most widely implemented

TMN 1. International standard (ITU-T)

2. Management of telecommunications network 3. Based on OSI network management framework

4. Addresses both network and administrative aspects of management

5. eTOM industry standard for business processes for implementing TMN using

FrameWorx(formerly NGOSS) framework

IEEE 1. IEEE standards adopted internationally 2. Addresses LAN and MAN management 3. Adopts OSI standards significantly 4. Deals with first two layers of OSI RM

Web-based Management

1. Web-Based Enterprise Management (WBEM) 2. Java Management Extension (JMX)

3. XML-Based Network Management

(21)

Network management standards

SNMP:

Simple

Network

Management Protocol



Internet

roots

(SGMP)



started

simple



deployed,

adopted

rapidly



growth:

size,

complexity



currently:

SNMP

V3



de

facto

network

management

standard

For example:

OSI CMIP



Common

Management

Information Protocol



designed 1980’s: the

unifying net

management

standard



too slowly

standardized

(22)

SNMP

adopted

by

IETF

(Internet

Engineering

Task

Force)

A subsidiary of the IAB (

I

nternet

A

ctivities

B

oard)

Standardizes TCP/IP networks management

Adopted

SNMP

(

S

imple

N

etwork

M

anagement

P

rotocol)

Long-term Plan: migrate to OSI (CMIS - CMIP)

In practice: upgraded SNMP versions such as SNMPv2 and SNMPv3

Internet

IETF

(23)

OSI

Architecture and Model

Network Management: Principles and Practice © Mani Subramanian 2010 Network Management Information Model Organization Model Functional Model Communication Model

Figure 3.1 OSl Network Management Model

Organization

• Network management components • Functions of components

• Relationships

Information

• Structure of management information (SMI) • Syntax and semantics

• Management information base (MIB)

• Organization of management information • Object-oriented

23

Communication

• Transfer syntax with bidirectional messages • Transfer structure (PDU)

Functions

• Application functions (FCAPS) Configure components Monitor components Measure performance Secure information Usage accounting

(24)

SNMP

Architecture and Model

Network Management: Principles and Practice © Mani Subramanian 2010 Network Management Information Model Organization Model Functional Model Communication Model

•

Organization

• Same as OSI model • Information

• Same as OSI, but scalar

24

• Communication

• Messages less complex than OSI and unidirectional

• Transfer structure (PDU) • Functions (FCAPS) • Application functions • Fault management • Configuration management • Account management • Performance management • Security management

(25)

TMN

Architecture

• Addresses management of

telecommunication

networks

• Based on OSI model

• Superstructure on OSI network

• Addresses network, service, and business

management

(26)

Organizational Model

• Manager

• Sends requests to agents • Monitors alarms

• Hosts applications • Provides user interface • Agent

• Gathers information from objects • Configures parameters of objects • Responds to managers’ requests • Generates alarms and sends them to

managers • Managed object

• Network element that is managed • Hosts management agent

• All objects are manageable or unmanaged

26

Manager

Managed objects Unmanaged objects

Figure 3.2 Two-Tier Network Management Organization Model

Agent process

MDB

MDB Management Database

(27)

Manager

Managed objects Unmanaged objects

Figure 3.2 Two-Tier Network Management Organization Model

Agent process

MDB

Two-Tier Model

• Agent built into network element

Example: Managed hub, managed router • An agent can manage multiple elements

Example: Switched hub, ATM switch • MDB is a physical database

• Unmanaged objects are network elements that are not managed - both physical (unmanaged hub) and logical (passive elements)

27

(28)

Agent / Manager

Managed objects

Agent process

Manager

Figure 3.3 Three-Tier Network Management Organization Model MDB

MDB

Three-Tier Model

• Middle layer

plays the

dual role

• Agent to the top-level manager

• Manager to the managed objects

• Example of middle level: Remote monitoring

agent (RMON)

28

(29)

MoM Agent Agent NMS Manager Managed objects Managed objects

Figure 3.4 Network Management Organization Model with MoM Agent process

MDB

MDB MDB

MoM Manager of Managers

MDB Management Database Agent

Manager Agent NMS

Agent

Agent NMS

Manager

Manager of Managers

• Agent NMS manages the domain

• MoM presents integrated view of domains

• Domain may be geographical, administrative,

vendor-specific products, etc.

29

(30)

Infrastructure for network management

30 managed device managed device managed device managed device

managed devices

contain

managed objects

whose

data is gathered into a

Management

Information

Base

(MIB)

constructed in accordance to

Structure of

Management

Information (

SMI

)

managing entity data managing entity agent data agent data agent data agent data network management protocol

(31)

Implementing a Standardised Network Management

Solution

Network

Management Station

NMS _{Describe each network}

component and its operations

Network Internet

LAN LAN LAN

Network

(32)

SNMP overview:

4 key parts



Management

information

base

(MIB):



distributed information store of network management data



Structure

of

Management

Information

(SMI):



data definition language for MIB objects



SNMP

protocol



convey manager<->managed object info, commands



security,

administration

capabilities



major addition in SNMPv3

(More later)

(33)

The Managed Network

Network

Host Node Link

Devices

Network

Elements

(34)

Management Agents

Network

Host Node Link

NMS

Requests

Traffic

Level

Management Agents

Alarms

Link Down

Unusual

Activity

(35)

Device’s Components or

Objects

Management Agent

Map of Objects

MIB

ipRouteTable OBJECT-TYPE ipRouteDest OBJECT-TYPE ipRouteEntry OBJECT-TYPE

(36)

INFORMATION MODEL

MANAGEMENT INFORMATION BASES

(MIBs)

(37)

MIBs

• describe the

structure of the management

data

of a device subsystem;

• they use a

hierarchical namespace

containing

object identifiers (OID)

• Each OID identifies a variable that can be

read or set via SNMP

• MIBs use the notation defined by Structure of

Management Information (

SMI

), a subset of

ASN.1

(38)

Information Model:

Analogy

• Figure in a book uniquely identified by

• ISBN, Chapter, and Figure number in that hierarchical order

• ID: {ISBN, chapter, figure}

• The three elements above define the

syntax

• Semantics

is the meaning of the three entities according to

Webster’s dictionary

• The information comprises syntax and semantics

about an object

(39)

Structure of Management Information (

SMI

)

Example

sysDescr: { system 1 } Syntax: OCTET STRING Definition: "A textual description of the entity. "

Access: read-only Status: mandatory

39

Purpose:

defines for a managed object



syntax

,



semantics

of management data,

well-defined, unambiguous



Plus additional

information

such as

status



structure

base data types:

straightforward, boring

OBJECT-TYPE

data type, status, semantics of managed object

MODULE-IDENTITY

groups related objects into MIB module

Basic Data Types

INTEGER Integer32 Unsigned32 OCTET STRING OBJECT IDENTIFIED IPaddress Counter32 Counter64 Guage32 Time Ticks Opaque

(40)

Management Information Base (

MIB

)

• contains

information about objects

• organized by grouping of related objects

• defines relationship between objects

• it is NOT a physical database. It is a

virtual

database that is compiled into

management module

40

MIB

ipRouteTable OBJECT-TYPE ipRouteDest OBJECT-TYPE ipRouteEntry OBJECT-TYPE

(41)

Information Base View:

An Analogy

• Fulton County library system has many branches • Each branch has a set of books

• The books in each branch is a different set

• The information base of the county has the view (catalog) of all books

• The information base of each branch has the catalog of books that belong to that branch. That is, each branch has its view (catalog) of the information base

• Let us apply this to MIB view

41

MIB View

and Access of an Object

• A managed object has many attributes – its information base

• There are several operations that can be performed on the objects

• A user (manager) can view and perform only certain operations on the object by invoking the management agent

• The view of the object attributes that the agent perceives is the MIB view • The operation that a user can perform is the MIB access

(42)

Management Information Base (MIB)

Objects

MIB

Object Groups

Network Access Layer

IP Layer

Transport Layer Application Layer

The managed objects are stored as groups of objects in the so-called

MIB or Management Information Base.

The operation that a user can

perform is the MIB access A managed object has many attributes – its information base

The viewof the object attributes that the agent perceives is the MIB view

A user (manager) can view and perform

only certain operations on the object by invoking the management agent

(43)

Management Data Base (

MDB

) / Management Information Base (

MIB

)

• Distinction between MDB and MIB

• MDB physical database

; e.g.,

Oracle, Sybase

• MIB virtual database

; schema

compiled into management

software.

• An NMS can automatically discover a

managed object, such as a hub, when

added to the network

• The NMS can identify the new object

as hub only after the MIB schema of the

hub is compiled into NMS software.

Manager

Managed objects

MDB MIB

Agent process MDB Management Database MIB Management Information Base

Figure 3.6 Network Configuration with Data and Information Base

(44)

Managed Objects

•

Managed objects can be

• Network elements (hardware, system) • Hubs, bridges, routers, transmission • Software (non-physical)

• Programs, algorithms •Administrative information

• Contact person, name of group of objects (IP group)

44 Root

Level 1 Level 2 Level 3

Figure 3.7 Generic Representation of Management Information Tree

Management Information Tree

question:

how to name every possible

standard object (protocol, data, more..)

in every possible network standard

??

answer:

ISO Object Identifier tree:

hierarchical naming of all objects

each branchpoint has name, number

1.3.6.1.2.1.7.1 ISO ISO-ident. Org. US DoD Internet udpInDatagrams UDP MIB2 management

example

naming

(45)

OSI

Management Information Tree

• iso International Standards Organization

itu International Telecommunications Union dod Department of Defense

• Designation: • iso 1 • org 1.3 • dod 1.3.6 • internet 1.3.6.1 45

(46)

• Type

• Name

• Syntax

• Definition

• Status

• Access

• Instance

Object Type and Instance

• Example of a circle • “circle” is syntax

• Semantics is definition from dictionary “A plane figure bounded by a single curved line, every point of which is of equal distance from the center of the figure.”

46

Object ID Name Type Comments

1.3.6.1.2.1.7.1 UDPInDatagrams Counter32 total # datagrams delivered at this node

1.3.6.1.2.1.7.2 UDPNoPorts Counter32 # underliverable datagrams: no application at port

1.3.6.1.2.1.7.3 UDPInErrors Counter32 # undeliverable datagrams:

all other reasons

1.3.6.1.2.1.7.4 UDPOutDatagrams Counter32 # datagrams sent 1.3.6.1.2.1.7.5 udpTable SEQUENCE one entry for each port

in use by app, gives port #

and IP address

(47)

The System Group

sys (1)

MIB (1)

desc

object ID

up time

System time

Operating system

Version number

Management

Package ID

Manufacturer

All system group objects are “mandatory”

(48)

The Interfaces Group

intf (2)

MIB (1)

IF desc

IF mtu

IF out-errors

All interfaces group objects are “mandatory”

Transmission

Unit

0

1

0

(49)

Example Object Description: MIB (1)

sys(1)

MIB (1)

Status

Access

Object Descriptor

Syntax

Definition

intf(2) adr trs(3)

IP(4) ICM(5) TCP(6) UDP(7) EGP(8)

IF desc IF mtu IF out-errors

IF in-errors

r w rw na

ON/OFF

r w rw na

r

Textual description of rules

Counts incoming PDUs with...

Integer

Description Identifier

IF in-errors 1.3.6.1.2.1.2.13

49

(50)

MIBs index

(http://en.wikipedia.org/wiki/Management_information_base#SNMPv1_MIB_tables)

• large number of MIBs defined by both standards

organizations like the

IETF

, private enterprises and others:

• IETF maintained

–

There are

318 RFCs

in the first 5000 RFCs from the IETF

that

contain MIBs

. This list is a mere fraction of the MIBs that have

been written:

–

SNMP - SMI

:

RFC 1155

— Defines the Structure of Management

Information (SMI)

–

MIB-I

:

RFC 1156

— Historically used with

CMOT

, not to be used

with

SNMP

–

SNMPv2-SMI

:

RFC 2578

— Structure of Management Information

Version 2 (

SMIv

2)

–

MIB-II

:

RFC 1213

— Management Information Base for Network

Management of

TCP/IP-based internets

(51)

–

SNMPv2-MIB

:

RFC 3418

— Management Information Base (MIB)

for the

Simple Network Management Protocol (SNMP)

–

TCP-MIB

:

RFC 4022

— Management Information Base for the

Transmission Control Protocol (TCP)

–

UDP-MIB

:

RFC 4113

— Management Information Base for the

User Datagram Protocol (UDP)

–

IP-MIB

:

RFC 4293

— Management Information Base for the

Internet Protocol (IP)

–

IF-MIB

:

RFC 2863

— The Interfaces Group MIB

–

ENTITY-MIB

:

RFC 4133

— Entity MIB (Version 3)

–

ENTITY-STATE-MIB

:

RFC 4268

— Entity State MIB

–

ALARM-MIB

:

RFC 3877

— Alarm Management Information Base

(MIB)

–

…

51

MIBs index

(52)

The MIB: A Collection of Object Descriptions

MIB

Status Access Object Desc Syntax Definition ON/OFF type Descriptiondesc / ID text. desc r w rw na Status Access Object Desc Syntax Definition ON/OFF type Descriptiondesc / ID text. desc r w rw na Status Access Object Desc Syntax Definition ON/OFF type Descriptiondesc / ID text. desc r w rw na

Status

Access Object Desc Syntax Definition

ON/OFF

type

Descriptiondesc / ID

text. desc

r w rw na

Status Access Object Descriptor Syntax Definition ON/OFF type Descriptiondesc / ID text. desc r w rw na 52

(53)

Characteristics Example Object type PktCounter

Syntax Counter Access Read-only Status Mandatory

Description Counts number of packets Figure 3.10(a) Internet Perspective

Characteristics Example

Object class Packet Counter Attributes Single-valued Operations get, set

Behavior Retrieves or resets values Notifications Generates notifications on new

value

Figure 3.10 (b) OSI Perspective

Figure 3.10 Packet Counter As Example of Managed Object

Packet Counter Example

Network Management: Principles and Practice

(54)

Internet vs. OSI Managed Object

• Scalar

object in

Internet

vs.

Object-oriented

approach in

OSI

• OSI

characteristics of

operations, behavior, and notification

are part of communication model

; in

Internet

: get/set and

response/alarm

• Internet syntax is absorbed as part of OSI attributes

• Internet access is part of OSI security model

• Internet status is part of OSI conformance application

• OSI permits creation and deletion of objects; Internet does

not: Enhancement in SNMPv2

(55)

Summary on MIBs



examined how the information in a

MIB is constructed in accordance with

the rules set out in the SMI

- Structure of Management Information - so that

all management systems can use it.



An MIB

contains information about manageable objects

in the network

element



The

object descriptor

is made of two parts: the

object descriptor

and the

object identifier

which is read from the

registration tree

.



The

syntax

field can have a number of different values:

Integer, octet string,

null, constructed types

or it can be one of a set of

defined types



There are

8 different object groups

and each object that can be described in

an MIB belongs to one of these groups.



Each network element supports only the groups that apply to it.

(56)

THE PRESENTATION PROBLEM:

ASN.1

(57)

The presentation problem

Q:

does perfect memory-to-memory

copy solve

“

the communication

problem

”

?

A:

not always!

problem:

different data format, storage conventions

struct {

char code;

int x;

} test;

test.x = 256;

test.code=

‘

a

’

a

00000001

00000011

a

00000011

00000001

test.code

test.x

test.code

test.x

host 1 format

host 2 format

(58)

A real-life presentation problem:

aging 60’s

hippie

2012 teenager

grandma

Groovy!

?

58

(59)

Presentation problem:

potential

solutions

1. Sender learns receiver

’

s format. Sender

translates into receiver

’

s format. Sender

sends.

– real-world analogy?

– pros and cons

?

2. Sender sends. Receiver learns sender

’

s

format. Receiver translate into

receiver-local format

– real-world-analogy

– pros and cons?

3. Sender translates host-independent

format. Sends. Receiver translates to

receiver-local format.

– real-world analogy?

(60)

Solving the presentation problem

1. Translate

local

‐

host

format

to

host

‐

independent

format

2. Transmit

data

in

host

‐

independent

format

3. Translate

host

‐

independent

format

to

remote

‐

host

format

2012 teenager aging 60’_s hippie grandma presentation service presentation service presentation service

“Groovy!”

“It is pleasing

to me!”

“It is pleasing

to me!”

“Cat’s pajamas!”

“Awesome, dude!”

!

60

(61)

ASN.1: Abstract Syntax Notation 1

• ISO standard

X.680 –

used extensively in Internet

–

like eating vegetables, knowing this

“

good for you

”

!

• defined data types

, object constructors

–

like SMI

• BER:

Basic Encoding Rules

–

specify how ASN.1-defined data objects to be transmitted

–

each transmitted object has



Type,



Length,

(62)

TLV Encoding

Idea:

transmitted

data

is

self

‐

identifying



T:

data type, one of ASN.1-defined types



L:

length of data in bytes



V:

value of data, encoded according to ASN.1 standard

1

2

3

4

5

6

9 Boolean

Integer

Bitstring

Octet string

Null

Object Identifier

Real

Tag Value Type

(63)

TLV encoding:

example

Length, 5 bytes

T

ype=4, octet string

Length, 2 bytes

Type=2, integer

lastname ::= OCTET STRING weight ::= INTEGER

{weight, 259} {lastname, “smith”}

module of data type declarations written in ASN.1

instances of data type specified in module

Basic Encoding Rules (BER) 3 1 2 2 h t i m s 5 4

transmitted

byte

stream

V

alue, 5 octets (chars)

V

alue, 259

(64)

Abstract Syntax Notation One (ASN.1)

• ASN.1 is more than a syntax; it’s a language

• Addresses both syntax and semantics

• Two types of syntax

• Abstract syntax

: set of rules that specify data type and

structure for information storage

• Transfer syntax

: set of rules for communicating

information between systems

• Makes application layer protocols independent of lower

layer protocols

• Can generate machine-readable code: Basic Encoding

Rules (BER) is used in management modules

(65)

Backus-Nauer Form (BNF)

Definition:

Rules:

<digit> ::= 0|1|2|3|4|5|6|7|8|9

<number> ::= <number> | <digit> <number> <op> ::= +|-|x|/ <SAE> ::= <number>|<SAE>|<SAE><op><SAE> Example: • 9 is primitive 9 • 19 is constructof 1 and 9 • 619 is constructof 6 and 19

• BNF is used for ASN.1 constructs

• Constructs developed from primitives • The example illustrates how numbers are

constructed from the primitive <digit> • Simple Arithmetic Expression entity

(<SAE>) is constructed from the primitives <digit> and <op>

65

Simple Arithmetic Expression

Example: 26 = 13 x 2

Constructs and primitives Type and Value

• Assignments

• <BooleanType> ::= BOOLEAN • <BooleanValue> ::= TRUE | FALSE • ASN.1 module is a group of assignments person-name Person-Name::= { first "John", middle “T", last "Smith" }

(66)

Data Type: Example 1

• Module name starts with capital letters • Data types:

• Primitives: NULL, GraphicString • Constructs

• Alternatives : CHOICE

• List maker: SET, SEQUENCE

• Repetition: SET OF, SEQUENCE OF: • Difference between SET and SEQUENCE

PersonnelRecord ::= SET { Name, title GraphicString, division CHOICE marketing [0] SEQUENCE {Sector, Country}, research [1] CHOICE {product-based [0] NULL, basic [1] NULL}, production [2] SEQUENCE {Product-line, Country } } etc.

Figure 3.13 ASN.1 Data Type Definition: Example 1

(67)

Data Type: Example 2

• SEQUENCE OF SEQUENCE makes table of rows

Trade-message ::= SEQUENCE {invoice-no INTEGER name GraphicString, details SEQUENCE OF SEQUENCE {part-no INTEGER quantity INTEGER}, charge REAL, authenticator Security-Type} Security-Type ::= SET { … … … }

Figure 3.14 ASN.1 Data Type Definition: Example 2

(68)

NETWORK MONITORING AND

CONTROL (FCAPS)

(69)

Recall: Network Monitoring and

control

Management Station

_{Local Area Network}

Statistics

Alarms

Status

ON

OFF

(70)

Introduction-

Network Monitoring



Observes and analyzes

the status and behavior

of the end systems, intermediate systems and

subnetworks that make up the configuration to be

managed



Performance monitoring



Availability



Response time



Accuracy



Throughput



Utilization



Fault monitoring



Identifies faults as quickly as possible



Identifies the cause of the fault to take corrective action



Fault isolation



Accounting monitoring



Gathers usage information for each resources

(71)

Introduction

-

Network Control



concerned with

modifying parameters

and

causes actions

to be taken by the end

systems, intermediate systems, and

subnetworks



FCAPS involve both monitoring and control



Network

monitoring



Performance monitoring

: Measure and record system behaviour



Fault monitoring

: Detect, isolate and correct abnormal operation



Accounting monitoring

: Enable charging for resource use



The emphasis in network

control



Configuration control

: Set parameters that govern behaviour



Security control

: support the application of security policies

(72)

FCAPS

• Broadly speaking answers the following

questions:

• What happens when things go wrong? Faults (

F

)

• Assumes network already exists - how was it planned,

installed, configured for local conditions? Configuration (

C

)

• Who pays/paid for it? Accounting (

A

)

• Need to monitor performance, e.g. to inform planning, detect

faults, etc? Performance (

P

)

• How is it secured (e.g. against fraud)? How is security

configured? Monitoring to detect security events? Security (

S

)

(73)

Functional Model (FCAPS)

OSI Functional Model Fault Management Configuration Management Performance Management Security Management Accounting Management

• Configuration management

• Set and change network configuration component parameters • Set up alarm thresholds

• Fault management

• Detection and isolation of failures in network • Trouble ticket administration

• Performance management

• Monitor performance of network

• Security management

• Authentication • Authorization • Encryption

• Accounting management

• Functional accounting of network usage

(74)

NETWORK MONITORING TOOLS

(75)

Network Monitoring Tools

75



A key part of network management is

monitoring

.



_{Using various monitoring}

_tools



which obtain and compile information about network activity

and

performance



Example



_{a monitoring tool might help you determine why}

_network

performance is slow or why a user has difficulty

accessing a

server



Through proper monitoring and analysis of the results,

you

can

keep track of

a network's performance

, and

anticipate, recognize, and correct problems before they

disrupt network services.

(76)

Network Monitoring Tools

76



You can use different network monitoring tools for

various purposes

:



_to

_capture

_and

_analyze

_traffic



_to

_log

_{information about network events}



_to

_alert

_{you to specified events}



_to

_monitor

_{interfaces, such as routers, switches, and}

servers



_to

_alert

_{you about areas where traffic is congested}



_{to assist in constructing}

_performance

_baselines



_{to determine upgrade and}

_forecast

_{needs, and}

(77)

Network Monitoring Tools

77



_{Can be classified based on their}

usage

:



_{status monitoring}



ping & nslookup



_{traffic monitoring}



Monitor the quality of the network,

ping



_{route monitoring}

(78)

Network Monitoring Tools

78



Can be classified based on their

applicability:



_{LAN monitoring}



Remote Monitoring

‐

RMON, pathping, OpManager,

Solarwinds



_{QoS monitoring}



QoS parameters, load balancing



_{Bandwidth monitoring}



NetFlow

analyzer



_{WAN Monitoring}

(79)

Network Monitoring Tools

79



Software

‐

based throughput testers to

measure

network throughput



_{These tools send large data packets from one}

destination

to another, measuring how long it

takes to transfer the packets



Connectivity

Software tools



built

‐

in tools provided in Windows and

UNIX operating

system



tools you install as add

‐

ins – to

troubleshoot connectivity

issues

(80)

Network Monitoring Tools



Tasks

to perform as a

Network Admin

:



_{identifying inbound and outbound protocols}



_{determining whether the protocols acknowledge each}

_other

and whether they communicate in a unidirectional or

bidirectional fashion



_{identifying open and closed ports}



_{checking traffic that passes through the firewall}



tracing packets on the network, and



_analyzing

_{bandwidth usage}

(81)



e.g.

restrict traffic based on port, you can implement

port filtering

Network Monitoring Tools

(82)

SNMP

82



Simple Network Management Protocol



_{collects information from network devices,}

_for

_diagnostic

and maintenance purposes.

SNMP

is a simple request

(83)

SNMP

83



Consists of two components



_Agent

_Software



installed on network devices, such as

servers, routers,

switches, and printers



Agents collect information from devices

and send it to an

SNMP

manager



_Management

_Systems



Central management server



Logs the information send by Agents



Alert the IT

(84)

SNMP

84



SNMP versions:



SNMPv1



1988



Operates over UDP,



Not secure, plain text transactions



Get, GetNext, Set and Trap



SNMPv2



1993



New commands, GetBulk and Inform



SNMPv3



2002



Enhanced security features

(85)

Overview

85



_{What is Network Management?}



_Network

_management

_standards

and

models



_FCAPS

_in

_a

_nutshell



_{Efficient Network Management}



_{Network Monitoring Tools}

(86)

END

(87)

SUPPLEMENTARY

(88)

Network Troubleshooting

• Ask yourself questions like these as you work up or down the stack:

• • Do you have physical connectivity and a link light?

• • Is your interface configured properly?

• • Do your ARP tables show other hosts?

• • Is there a firewall on your local machine?

• • Is there a firewall anywhere between you and the destination?

• • If firewalls are involved, do they pass ICMP ping packets and

responses?

• • Can you ping the localhost address (127.0.0.1)?

• • Can you ping other local hosts by IP address?

• • Is DNS working properly?

1

• • Can you ping other local hosts by hostname?

• • Can you ping hosts on another network?

• • Do high-level services such as web and SSH servers work?

(89)

Ping: Host Status

• Ping checks to see if a Host is alive

–

Sends ICMP ECHO_REQUEST packet

–

Some ISPs have blocked ICMP

–

In case the DNS is not working

• Use numeric IP address with

ping –n

option

–

If you are using ping to check Internet

• ping google.com (consistent responder)

(90)

Ping: Host Status cnt.

• Specify the size of the packet

–

ping –s 1500 cuinfo.cornell.edu (linux)

• Issues with ping

–

A failed ping

• means something is wrong with network

–

A successfull ping

• Means that the machine is powered on

(91)

Smokeping: Ping stats over time

• Smokeping open source tool by Tobias Oetiker

–

Keeps track of network latencies

–

Sends several ping packets at regular interval to a host

–

Triggers alarms when things go wrong

(92)

Traceroute: Trace IP Packets

• Traceroute by Van Jacobson

–

Uncovers the sequence of gateways through which an IP

packet travels to reach its destination

–

Syntax: traceroute hostname

–

Sends 3 packets with the same TTL number

–

Increases the TTL value for the next gateway

(93)

Traceroute:Trace IP Packets cnt.

–

Example: Switzerland to caida.org, San Diego

–

What is the meaning of * in the above example?

(94)

Netstat: Get Network Statistics

• Netstat collects information

–

Computer’s network software

–

Interface statistics

–

Routing information

–

Connection tables

• Linux

(95)

(96)

Netstat: Get Network Statistics

• netstat with no arguments displays the status of active

TCP and UDP ports

• Netstat –r

–

U means up

–

G means gateway

–

H host route

(97)

Packet Sniffers

• Tcpdump by Van Jacobson

–

First industry standard sniffer

–

Tcpdump –n

–

Tcpdump –v collects more info

–

Tcpdump –w stores packets in a file

–

collects only incoming web traffic from one subnet

(98)

Packet Sniffers

• Wireshark

–

GUI interface

–

Powerfull analysis tool

–

Read & Write

(99)

ICSI Netalyzr

• ICSI Netalyzr

–

by the International Computer Science Institute at

Berkeley

• netalyzr.icsi.berkeley.edu

–

Tests

• the internet connection

– Inside

– Outside

(100)

RMON: Remote Monitoring MIB

• RMON MIB

–

Permits the collection of generic network

performance data not tied to any specific device

–

MIB broken up to into nine RMON groups

• Each group contains different statistics

(101)

NET-SNMP Agent

• NET-SNMP

–

Implemented in Linux & Unix

–

Source: net-snmp.sourceforge.net

• Includes

– Agent

– Command-line tools

– Server for receiving traps

(102)

(103)

CACTI

• CACTI

–

Source: cacti.net

–

Could store data in intervals

• One sample every minute for a day

• One sample every hour for a day

• One sample every week for a year

(104)

Nagios:Event-Based Service M.

• Nagios

–

Specialized in real time reporting or error conditions

–

It is modular can be heavily customized

–

Triggers alarms as when webserver goes down

–

You can write your won plug-ins

–

Keeps historical archive of its data

(105)

Monitor Package

• Munin

–

munin.projects.linpro.no

–

Munin is especially popular in the Scandinavian countries.

• Collectd

–

collectd.org

(106)