Keeping Tabs on Your Network

1
Keeping Tabs on Your Network

• First, a Horror Story
• Types of Management Tools
• What is SNMP?
• Dartmouths Net Management
• InterMapper demo
• Questions

• Rich Brown
• Dartware, LLC
• 20 May 2005

2
A Horror Story

• What happened
• How could it have been prevented?

3
What is Network Management?

• A set of tools that
• Help you know whats happening in your net
• Help you administer your network
• Make you look good with your customers...
• By actually doing a good job

4
Network Management System
E-mail, Pagers Sounds Web Pages/ Remote
Views Strip Charts Diagram of the
network Log Files
Servers Routers Switches Wireless
gear Environmental Sensors Power Systems
Monitoring System
5
Types of Management Tools

• Fault Management
• Configuration Management
• Security Management
• Performance Management
• Accounting Management
• Asset Management
• Planning Management
• Content Management

6
What is SNMP?

• SNMP is a protocol (set of rules) for conveying
  management or status information from devices
  such as servers, workstations, routers, switches,
  radios and other gear to a management station.
• Two ways to get data from a device
• Management station pulls data from a device
  being tested (the SNMP Agent)
• Agent pushes a trap to the management station
• The data values are defined by a MIB

7
Whats a MIB?

• Management Information Base
• MIB defines the kinds of data a device tracks
• MIBs for various devices
• Router or Switch traffic (packet byte counts)
  error counts (receive, transmit, discards, etc)
• Web Server MIB shows pages served, 404s, 401s,
  etc.
• Mail Server MIB shows messages processed, queue
  lengths
• Environmental sensors temperatures, switch
  closures, water on floor, door alarm, others
• Typical Radio MIB RSL, BER, number of
  subscribers, bandwidth, inside/outside
  temperature, etc.

8
Whats an OID?

• Object Identifier
• The name of the variable
• Always starts with 1.3.6.1
• 1.3.6.1.2.1 for standardized MIBs
• 1.3.6.1.4.1 for vendor specific MIBs

9
Four Basic SNMP Operations

• Get
• Retrieves the value of a MIB variable stored on
  the agent machine (gauge, counter, string, or
  address of another MIB variable)
• GetNext
• Retrieves the value of the next MIB variable
• Set
• Changes the value of a MIB variable
• Trap
• An unsolicited notification sent by an agent to a
  management application (typically a notification
  of something unexpected, like an error)

10
Traps

• Traps are unsolicited reports that are sent to a
  management system by an SNMP agent process
• When an interesting event occurs, an agent
  generates a trap message and sends it to a
  designated network address
• Many events can be configured to signal a trap,
  like a network cable fault, failing NNIC of hard
  drive, a general protection fault, or a power
  supply failure

11
Ports UDP

• SNMP uses User Datagram Protocol (UDP) as the
  transport mechanism for SNMP messages
• Like FTP, SNMP uses two well-known ports to
  operate
• UDP Port 161 SNMP Get/Set Messages
• UDP Port 162 SNMP Trap Messages

12
Advantages of using SNMP

• Standardized
• Widely supported by many vendors
• Distributed management access
• Lightweight protocol

13
SNMP Management Solutions

• Open Source
• Nagios, Big Brother, MRTG, perl scripts
• Commercial SMB
• InterMapper, WhatsUp Gold, IPMonitor
• Commercial Enterprise
• OpenView, Tivoli, Unicenter, BMC Patrol

14
Dartmouths Net Management

• A variety of tools...
• InterMapper
• Aruba wireless monitoring tools
• Spam filtering
• NAT for entire campus

15
InterMapper Demo

• InterMapper is a fault management tool
• Monitors network equipment and servers 24x7 to
  alert the manager about troubles
• Some performance management tools
• Get a demo from http//www.intermapper.com

16
Questions

• Ask now, or e-mail me
• Rich.Brown_at_dartware.com

17
Thanks!
18
Bonus Slides

• These slides didnt fit into the presentation,
  but we kept them for your information...

19
Why is it Important?

• To give Good Service and be professional
• A management system helps you to
• Know about problems before the phone rings
• Know how your networks configureddocumentation
• Know how your network is operating
• Know about network limits before you hit the wall
• You can start small
• Fault and Performance Management are critical
• Implement other tools as your network grows

20
Types of Network Management

• Fault Management Reactive and proactive network
  fault management
• Performance Management Number of packets
  dropped, timeouts, collisions, CRC errors,
  response times
• Configuration Management Inventory,
  configuration, provisioning
• Planning Management Analysis of trends to help
  justify a network upgrade or a bandwidth increase
• Security Management SNMP doesn't provide much
  here
• Accounting Management Cost management and
  chargeback assessment
• Asset Management Statistics of equipment,
  facility and administration personnel

21
Benefits of using SNMP

• Vendor Neutral Tools for Monitoring
• Universal Support
• Monitor lots of interesting information

22
Client Pull Server Push

• SNMP is a client pull model
• The management system (client) pulls data from
  the agent (server)
• SNMP also provides server push model
• The agent (server) pushes out a trap message to
  a (client) management system

23
Fault Management

• Discover that a problem exists
• Notify the responsible parties
• Isolate the problem show what is working
• Possibly fix the problem

24
Configuration Management

• Configure critical devices consistently
• e.g. Routers and Servers
• Take inventory of important software on
  workstations
• Update computers automatically

25
Security Management

• Controlling access to information on the network
• Setting up accounts testing passwords
• Firewalls Intrusion Detection Systems

26
Performance Management

• Collecting and analyzing data about use
• Setting thresholds for alarms
• Simulating alternatives to find maximum
  performance
• Study trends and make predictions

27
Accounting Management

• Tracking individual or group use of network
  resources
• Billing for use
• Controlling use of network

28
Stand-alone vs. Platform

• Stand-alone programs solve specific problems can
  be well-targeted and inexpensive usually are
  easy to set up but often duplicate notification,
  logging, databases, etc.
• Platforms provide base services plus plug-in
  modules unified notifications, logging,
  databases but can be very expensive to buy and
  hard to set up

29
Which ones do I need?

• Everyone needs security management tools at
  least a firewall and access control
• This will become true at your home when you get
  cable modem or DSL service
• Fault management tools give timely warnings
• For the other tools, it depends