Network Management

1
Network Management
6th CEENet Workshop on Network Technology Budapest
, August 18-28, 2000

• Nevenko Bartolincic
• e-mail Nevenko.Bartolincic_at_CARNet.hr

2
Agenda

• Overview of Network Management
• Internet management model
• SNMP framework
• RMON
• Tools
• Literature

3
Definition of Network Management

• Network
• Collection of computers, printers, routers,
  switches, and other devices that are able to
  communicate with each other over some
  transmission medium.
• Management
• Management involves the planning, organizing,
  monitoring, accounting, and controlling of
  activities and resources.

4
Management Perspectives

• Network management is multidimensional problem.
• It may be viewed from several perspectives
• managed objects
• personnel
• function
• administrative boundaries
• protocol family
• geographic consideration

5
Definition of Network Management

• Network management is service which is added in
  network to make easier management and monitoring
  of network and network elements in the following
  area
• Fault management
• Configuration management
• Security management
• Performance management
• Accounting management

6
Network Management Process

• Build history
• Baseline
• Trend analysis
• Capacity planning
• Procurement
• Topology design

• Define thresholds
• Monitor exceptions
• Notify
• Correlate
• Isolate problems
• Troubleshoot
• Bypass/resolve
• Validate and report

• Installation and configuration
• Address management
• Adds, moves, changes
• Security
• Accounting/billing
• Assets/inventory
• User management
• Data management

7
Overview of Network Management
ISO Network management forum

• Functional areas of network management
• Fault management
• Configuration management
• Security management
• Performance management
• Accounting management

8
Network managementfunctional areas
ISO Network management forum

• 1. Fault management
• Process of locating problems, or faults, on the
  data network.
• Steps
• 1. Discover the problem
• 2. Isolate the problem
• 3. Problem bypass and recovery
• 4. Fix the problem
• 5. Problem tracking and control

9
Fault management (cont.)

• Gathering Information to Identify a Problem
• logging critical network events
• occasional polling of network devices
• Alarm Correlation
• Levels of Activity
• Inactive (no monitoring, no reaction)
• Reactive (no monitoring, reaction)
• Interactive (monitoring, interactively
  troubleshoot)
• Proactive (monitoring, automatic restoral
  process)
• Help Desk Integration
• Trouble Ticket integration

10
Fault management (cont.)
11
Network managementfunctional areas (cont.)

• 2. Configuration management
• Process of obtaining data from the network and
  using that data to manage the setup of all
  network devices. The most important part of
  network management.
• planning
• distributing
• installing
• tracking
• It is important to keep up-to date inventory!!!

12
Network managementfunctional areas (cont.)

• 3. Security management
• Process of controlling access to information on
  the data network.
• identify the sensitive information to be
  protected
• finding the access points
• securing the access points
• maintaining the secure access points
• Security management should not be confused with
  application security, operating system security
  or physical security, but without them security
  management is useless.

13
Network managementfunctional areas (cont.)

• 4. Performance management
• Involves measuring of performance of network
  hardware, software, and media.
• Examples
• overall throughput
• percentage utilization
• error rates
• response time
• Steps
• 1. collect data
• 2. analyze relevant data
• 3. set thresholds
• 4. simulate the network

14
Network managementfunctional areas (cont.)

• 5. Accounting management
• Involves tracking each individual and group
  users utilization of network resources to better
  ensure that users have sufficient resources.
• identifying consumers and suppliers of network
  resources - users and groups
• mapping network resources consumption to customer
  identity
• billing

15
Network managementfunctional areas (cont.)
Actual Performance Error Rates
Indicator Thresholds Response time Utilization
Performance Management
Fault Management
Actual Status
Conf. Details
Security Thresholds
Performance Indicator Status
Chargeback Policy
Configuration Management
Conf. Details
Chargeback Policy
Conf. Details
Resource Utilisation
Thresholds Variations
Surveillance Status
Conf. Details
Accounting Management
Security Management
SW version updates
New Conf.
Existing Conf.
Conf. Details
Administration Management
Design Planning
16
Internet Management Model
17
Evolution of Network Management
SNMPv3
RFC 1098
RFCs 2271-2275
SNMP
RMON2
RMON
RFCs 2021,2074
SGMP
RFCs 12711757 and 1513
1998
1997
1994
1989
1987
18
Internet management model
Elements being managed
Management information
Management protocol
Other hosts
Managers Host
19
Internet management model

• Internet management model includes
• managed elements (usually many)
• management stations (one or many)
• management protocol
• management information

20
Managed Element
Agent
Instrumentation
Useful part
Network
21
Management station

• execute management application
• monitor and control managed elements
• may be fancy or useful (character based, windowed
  or scripted)

22
Network management architectures
Centralized
Queries
Queries
Queries
23
Network management architectures
Hierarchical
local query
local query
DBMS
24
Management protocol (SNMP)

• The protocol between manager and element
• Defines only five types of messages
• 1. fetch the value of one or more variables the
  get-request operator
• 2. fetch the next variable after one or more
  specified variables the get-next operator
• 3. set the values of one or more variables the
  set-request operator
• 4. return the value of one or more variables the
  get-response operator
• 5. notify the manager when something happens on
  the agent the trap operator

25
SNMP operators
SNMP manager
SNMP agent
get-request
UDP port 161
get-response
get-next-request
UDP port 161
get-response
trap
UDP port 162
26
Format of SNMP messages
IP datagram
UDP datagram
SNMP message
common SNMP header
get / set header
get / set header
IP header
UDP header
version (0)
community
PDU type (0- 3)
request ID
error status (0 - 5)
error index
name
value
name
value
...
PDU type (4)
enterprise
agent addr
trap type (0 - 6)
specific code
time stamp
name
value
...
trap header
interesting variables
27
Management information

• Management Information Base (MIB)
• specifies what variables the network elements
  maintain
• Structure of Management information (SMI)
• describes the syntax and type of information
  available in the MIB for the management of
  network elements
• defines rules for naming and creating types of
  information (using subset of ASN.1)

28
Structure of Management Information
29
Object Identifiers
root
joint ISO/CCITT 2
ISO 1
CCITT 0
org 3
1.3.6.1
DoD 6
experi- mentall 3
system (1)
interface (2)
at (3)
1.3.6.1.2.1
ip (4)
icmp (5)
...
30
Management information base (MIB)

• Standard (1.3.6.1.2...)
• MIB-2
• upsMIB
• atmMIB
• rdbsmsMIB
• RMON
• Experimental (1.3.6.1.3...)
• Private (1.3.6.1.4...)
• http//www.cisco.com/public/mibs

31
Organization of tabular MIB variables
b2
c1
c2
a1
b1
a2
MIB object
MIB variable
32
Instance Identifiers

• MIB variable instance MIB object ID Instance
  Identifiers

• for scalar objects Instance Identifiers 0

• eg. upsOutputStatus.0

33
RMON
34
RMON Overview

• RMON Remote MONitoring
• Distributedcost effective instrumentation for
  network monitoring
• Gathers statistics by analyzing every frame on a
  LAN segment/switch port
• Uses SNMP for network transport

35
RMON Goals

• Offline operation
• Preemptive monitoring
• Problem detection and reporting
• Value-added data
• Multiple managers

36
RMON Probe
RMON probe
Hub
NMS
RMON probe
RMON probe
Bridge
37
RMON Standards and Groups
Root
10
Token Ring
ISO
9
Organizations
Events
8
Packet Capture
DOD
7
Filters
Internet
Private
6
Management
Traffic Matrix
MIB I and II
5
Host TopN
4
RMON
Hosts
3
Alarms
2
MIB I
History
1
MIB II
Statistics
38
RMON Groups (RFC 1757)
1. Statistics group Maintains utilization and
error statistics for the subnetwork/segment
being monitored (Examples Bandwidth
utilization, broadcast, multicast,
CRC/alignment, fragments etc) 2. History group
Holds periodic statistical samples from the
statistics group and stores them for later
retrieval (Examples Utilization, error count,
packet count) 3. Alarm group Allows the
administrator to set a sampling interval and
threshold for any item recorded by the agent
(Examples Absolute or relative values, rising
or falling thresholds)
39
RMON Groups (RFC 1757) (Cont.)
4. Host group Defines the measurement of various
types of traffic to and from hosts attached to
the network (Examples Packet send/receive,
bytes sent/received, errors, broadcast,
multicast, packets sent) 5. Host TopN
group Provides a report of TopN hosts based on
host group statistics 6. Traffic matrix
group Stores errors and utilization statistics
for pairs of communicating nodes of the network
(Examples Error, bytes, packets, errors
exchanged)
40
RMON Groups (RFC 1757) (Cont.)
7. Filter group A filter engine that generates a
packet stream fromframes that match the pattern
specified by the user 8. Packet capture
group Defines how packets that match filter
criteria are buffered internally 9. Event
group Allows the logging of events (generated
traps) to the manager, together with time and
date. (Examples Generate customized reports
based upon the type of alarm. Event can be
printed, logged, or both)
41
RMON Groups (RFC 1513)

• Token Ring group
• Ring station - provides detailed statistics on
  individual stations
• Ring station order - an ordered list of stations
  currently on the ring
• Ring station configuration - configuration and
  insertion/removal data on each station
• Source routing - statistics on source routing
  such as hop counts, etc.
• Statistics
• MAC - Token Ring MAC level statistics and errors
• Promiscuous - Non-MAC frame statistics
• History
• MAC - history of MAC statistics
• Promiscuous - history of promiscuous statistics

42
Scope of RMON Standards
43
Scope of RMON Standards
SQL
Layers 47 Transport and Application Protocols
RMON2
E-Mail
WWW
Lotus Notes
S2
Layer 3 Packets Network Addresses
C1
RMON2
S1
C2
S3
Layer 2 Frames MAC Addresses
C1
Other Nets
RMON
S1
1
Layer 1 Physical Layer
2
3
44
RMON2 Groups

• Protocol directory
• Table of protocols for which agent will monitor
  and maintain statistics
• Protocol distribution
• Table of statistics for each protocol in
  directory
• Network layer host
• Statistics for each network layer address on
  segment, ring, or port
• Network layer matrix
• Traffic statistics for pairs of network layer
  address
• Application layer host
• Statistics by application layer protocol for each
  network address on segment
• Application layer matrix
• Traffic statistics by application layer protocol
  for pairs of network layer address

45
RMON2 Groups

• User definable history
• Allows sampling of any MIB object
• Address mapping
• List of MAC to network layer address bindings
• Configuration group
• Provides list of agent capabilities and
  configuration

46
Tools
47
Tools

• Good start
• http//www.caida.org
• Ad hoc tools
• ping, netstat, traceroute,nslookup, dig,
  tcpdump, arp
• SNMP tools
• Scotty - Tcl Extensions for Network Management
  Application
• http//wwwhome.cs.utwente.nl/schoenw/scotty/
• MRTG - The multi router traffic grapher
• http//ee-staff.ethz.ch/oetiker/webtools/mrtg/mr
  tg.html
• http//ee-staff.ethz.ch/oetiker/webtools/rrdtool
  /
• Service monitoring daemon
• http//www.kernel.org/software/mon/
• GETIF (Win 95/98/NT)
• http//www.geocities.com/SiliconValley/Hills/8260
  /

48
Tools (cont.)

• SNMP Agents
• Linux CMU SNMP Project
• http//www.gaertner.de/snmp/
• SnmpD - a TCL based Scotty daemon
• http//geekcorp.com/snmpd/

49
Literature

• FAQ
• ftp//rtfm.mit.edu/pub/usenet-by-hierarchy/comp/pr
  otocols/snmp
• Books
• Allan Leinward, Karen Fang Conroy
• Network Management, A Practical Perspective
• Marshall T. Rose
• The Simple Book An Introduction to Internet
  Management
• Dave Zeltserman, Gerard Puoplo
• Building Network Management Tools With Tcl/Tk
• David Perkins, Evan McGinnis
• Understanding SNMP MIBs
• W. Richard Stewens
• TCP/IP Illustrated, Volume1, The Protocols
• Publications
• The Simple Times
• http//www.simple-times.org

50
On-Line Literature

• News groups
• comp.dcom.net-management
• info.snmp
• comp.protocols.snmp
• Sites
• Network Management server (NMS)
  http//netman.cit.buffalo.edu/index.html
• The Simple Web
• http//wwwsnmp.cs.utwente.nl/
• Linux SNMP Network Management Tools
• http//linas.org/linux/NMS.html
• The Linux Network Management Pages
• http//www.btc.gatech.edu/net/management/linux/
• Scotty - Tcl Extensions for Network Management
  Applications
• http//wwwhome.cs.utwente.nl/schoenw/scotty/

51
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?