Agenda - PowerPoint PPT Presentation

1 / 61
About This Presentation
Title:

Agenda

Description:

Options for extra credit for grades below 70 ... produce carious reports. Security Management. The Security Management process includes the ... – PowerPoint PPT presentation

Number of Views:71
Avg rating:3.0/5.0
Slides: 62
Provided by: MAZZ6
Category:
Tags: agenda | carious

less

Transcript and Presenter's Notes

Title: Agenda


1
Agenda
1. Quiz 2. Homework 3. Test Review 4.
Network Management Paper 5. CMIS 6. RMON
7. Network Management Tools
2
Homework
9-4, 10-1, 10-2, 10-3, 10-4 10-5.
3
Mid Term Examination
Average score As
(all varieties) 89 or higher
Bs (all varieties) 70 or higher Options
for extra credit for grades below 70 a. Retest
Midterm grade will be average of 2 tests b.
Short Research Paper 4-7 pages if mid term
grade was 60 - 69 7-10 pages if mid term grade
was 50 - 59 13-16 pages if mid term
grade was below 50
4
Question 1
What are the principal things that ping and
trace route show you? Ping shows you the time
to a location and the packet loss. (Its
actually used most often just to make sure a
device is connected to the network.) Trace route
shows you the number of hops required to get to a
location.
5
Question 2
If a QPSK signal is sent over a 3 KHz channel
where the signal-to- noise ratio is 30 dB, what
is the maximum achievable data rate?
Nyquist Max Data Rate 2 H log2 V
Shannon Max Data Rate CBW log2 (1 S/N)
6
Question 3
A database operates on a 10 Mbps line. The
average input has 1,000 bytes of questions. The
average output has 1 Million bytes of answers.
Database processing time averages 9 seconds.
What is the total response time if you assume 8
bits per byte? If the 10 Mbps is part of a SONET
MAN, what determines if there is a
congestion problem?
7
Question 4
The OSI network management architecture model has
four models. Name them and give their principal
functions.
8
Network Management

Network Management
Information Model
Organizational Model
Communication Model
Functional Model
9
Network Management
  • Organizational Model
  • Describes components of a network management
    system
  • Focuses on functions and infrastructure
  • Objects are network elements such as hubs,
    bridges, routers, etc.
  • Managed elements have a process running them
    called an agent
  • Manager queries the agent, gets information,
    processes it and
  • stores it in the MIB


MIB
Manager
Note This is a simplified hierarchical set up
agent
agent
Managed Objects
Unmanaged Objects
10
Network Management
  • Information Model
  • Deals with structure organization of
    management information
  • Specifies the structure of management
    information (SMI)
  • Specifies the management information base (MIB)
  • SMI defines the syntax and semantics of
    information stored
  • MIB is used by the agent and management process
    to store info
  • MDB is the real database with measured or
    administratively
  • configured data on the elements in the network


MIB
Manager
MDB
agent
agent
Managed Objects
Unmanaged Objects
11
Network Management
  • Communication Model
  • Has three components
  • Management information processes that function in
    the
  • application layer
  • Layer management between the layers
  • Transport protocol is medium of exchange
  • Application protocol is the message format
  • Actual message
  • Layer operation within layers


12
Network Management
  • Functional Model
  • Network Management is the process of controlling
  • a complex data network to maximize its
  • efficiency and productivity. It should include
  • Fault Management
  • Configuration Management
  • Security Management
  • Accounting Management
  • Performance Management

13
Fault Management
  • Detection and isolation of the problem causing
  • failure in a network. Fault management can
  • monitor the physical or other layers
  • be self healing
  • trouble ticket based
  • a nightmare

14
Configuration Management
  • Configuration Management consists of the
  • following steps
  • 1. Gather information about current network.
  • 2. Use that data to modify the configuration
  • of the network device.
  • 3. Store the data, maintain an up-to-date
  • inventory of all network components and
  • produce carious reports.

15
Security Management
  • The Security Management process includes the
  • following steps
  • Identify the sensitive information.
  • Find the access points.
  • Secure the access points.
  • Maintain the secure access points.

16
Accounting Management
  • Should track server utilization
  • Is a delicate balance
  • Involves internal and external issues
  • Is the most political of the management
  • issues

17
Performance Management
  • Measuring Performance-Including but not limited
  • to
  • Throughput
  • Response time
  • Percent utilization
  • Error rates
  • Availability

18
Question 5

What are the principal advantages of SNMPv2 over
SNMP and the principal advantages of SNMPv3 over
SNMPv2?
19
SNMPv2
SNMP DRAWBACKS 1. Officially
standardized only for use on IP networks 2.
Inefficient for large table retrievals 3. Uses
cleartext strings for security, leaving it
relatively unsecure 4. Standards are always
necessary but never sufficient SNMPv2 FEATURES
INCLUDE 1. Additions to the SMI 2. New Message
types 3. Standardized multiprotocol support 4.
Enhanced security 5. New MIB objects 6.
Backward compatibility
20
SNMPv3 Advantages
  • SNMPv3 has markedly improved security
  • SNMPv3 has improved modularity and flexibility
  • RFC 2273 defines three MIBs to support SNMPv3
    applications
  • The Management Target MIB
  • The Notification MIB
  • The Proxy MIB

21
Question 6
  • What three questions are implicit in the
    question, Can remote
  • site management be established?
  • How much can we spend?
  • Initially
  • On a continuing basis
  •  
  • What equipment and people will be made available?
  • For installations
  • For continuing management
  • For maintenance and repair
  •  
  • How much time do we have to deliver?

22
Question 7
Explain succinctly the difference between the
database of a network Management system and its
MIB. How do you implement each in a network
management system? The database is physical,
containing network objects and values. It
is Implemented with any open or proprietary
database software. The MIB is virtual. It is a
structure that is used by managers and agents to
exchange information about network objects. It
has a hierarchical Structure and the schema is
compiled into the management and and agent
management software.
23
Question 8
What are the four subsystems in the SNMPv3
engine
24
SNMP entity (RFC 2271)
Application(s)
Command Generator
Notification Receiver
Proxy Forwarder
Command Responder
Other
Notification Originator
SNMP Engine (identified by SNMPEngineID)
Dispatcher
Message Processing subsystem
Security subsystem
Access control subsystem
25
SNMP (architecture)
  • Dispatcher subsystem
  • One dispatcher in an SNMP engine
  • transport mapper delivers messages over the
    transport protocol.
  • Handles multiple version messages
  • - Determines version of a message and interacts
    with corresponding module
  • Interfaces with application modules, network, and
    message processing models
  • Three components for three functions
  • Transport mapper delivers messages over the
    transport protocol
  • Message Dispatcher routes messages between
    network and appropriate module of MPS
  • PDU dispatcher handles messages between
    application and MSP

26
SNMP (architecture cont.)
Message Processing Subsystem
  • Contains one or more Message Processing Models
  • Interacts with dispatcher to handle
    version-specific SNMP messages
  • One MPS for each SNMP version
  • SNMP version identified in the header

Security and Access Control Subsystem
  • Security at the message level
  • Authentication
  • Privacy of message via secure communication
  • Flexible access control
  • Who can access
  • What can be accessed
  • Flexible MIB views

27
Question 9
  • You manage a communications network that has
    identical satellite terminals connecting the
    office in Paris with the corporate database in
    Washington D.C. The following parameters apply
    C/N 70 dB, M 5 dB, L 203 dB, G 63.4 dB
  • T 100K. What is your satellite power
    requirement in dBw for the Washington D.C.
    receive side?
  • EIRP 10 log R Eb/No L M K G/T

28
Question 10
What are the three SNMPv2 management information
bases?
29
SNMPv2 MIBs
  • SNMP uses three management information bases
  • SNMPv2 MIB
  • Manager-to-manager MIB
  • Party MIB

30
SNMPv2 MIBs
SNMPv2 MIB GROUPS Name Provides
Objects To SNMPv2 Statistics Group Give stats
about manager or agent, mostly msgs that
could not be processed SNMPv1 Statistics
Group Give stats about manager or agent
that communicates with SNMPv1 Purpose O
bject Resource Group Provide information that
defines which objects an agent can define
dynamically Traps Group Provides information
about each of the traps an agent can
send Set Group Provides a single object that
allows multiple managers to send SNMP
Set messages to a single agent (set serial )
31
SNMPv2 MIBs
MANAGER-TO-MANAGER MIB
GROUPS Name PURPOSE The Alarm Group The
objects in this group allow you to define
two thresholds over a duration of time The
Event Group The objects in this group allow you
to define events. It has two
tables, one to specify the type of
notification the probe should
invoke when the event triggers and the
second to log the event.
32
SNMPv2 MIBs
PARTY MIB
Name PURPOSE The Party Database
Group Information which is stored on
the device about all known local
and remote parties. The Contexts Database
Group Deal with privileges The
Access Privileges Database Group
between manager
and
agent, e.g., local MIB View Database Group
and remote contexts,

access control
policies, defined MIB views, etc.
33
Discussion
Network Management Paper
34
Deliverables
1. Proposal Part I a. System Analysis b.
Requirements Specification c. Protocol(s)
Assessment (with recommendations on
appropriate network management structure) 2.
Proposal Part II a. Proposed System Design b.
Knowledge (network functional) Management Plan
35
New Network Management Tools General Issues
  • Individual tools choose specific devices to get
    specific
  • statistics
  • They dont try to tackle all tasks
  • They dont always perform exception reporting
  • They dont usually perform configuration
    management
  • They usually dont do applications monitoring
    (but they
  • should)
  • They provide reports that meet specific needs of
    the users
  • They sort reports based on criteria you
    develop/choose
  • You shouldnt compare costs until you know what
    you
  • want and what you need


36
Network Management Tools General Qualities
Tool Good Thing Bad Thing How
Collects Data NextPoint S3 Accuracy Remote
SNMP MIB2 Admin RMON 2 Cisco
Disc VitalNet Fast Flexible Accuracy RM
ON Network Health Maturity No Alarms RMON
2 Reliability NetMetrix/UX Reporting Not
User SNMP MIB2 Friendly RMON 2

37
New Network Management Tools Functionality
Tool Database Operating
Sys Real Time Reports NextPoint S3 Oracle
NT 4 SP 5 No
Access VitalNet Sybase
NT 4 SP 5 No MS SQL Network
Health Ingres NT 4 SP 4/5 No
HP/UX 10.54 Solaris 2.X
NetMetrix/UX Proprietary NT Net
Perfmnce Yes flat file HP/UX
10.20/11 Solaris 2.5/6

38
New Network Management Tools Net Comp Evaluation
Services Wt. NextPt. S3 VitalNet
NetHealth NetMetrix 2.5 7.0
4.5 6.02 Net Performance Info
30 5 5 4
4 Reliability 30 4
3 5 4
Administration 20 4
4 4
4 Ease of Use 10 4
5 3 2
Price 10 2 3
3 4 Total Score
4.25 4.20 4.05 3.7
B
B B B Companies
NextPoint NextPoint Networks (Now P/O Check
Point Technologies) VitaNet Lucent
Technologies Network Health Concord
Communications NetMatrix/UX Agilent
(Hewlett Packard subsidiary)
Note Scores
weighted 0-5

39
Management In The OSI Stack

Mgt Appl Process CMISE
ACSE ROSE Presentation Session Transport Ne
twork Data Link Physical
40
Common Management Information Services (CMIS)
  • Foundation
  • Each CMIS service is a single operation that a
  • network management operation can perform.
  • Any application that performs systems manage-
  • ment is a CMISE-service-user.
  • The existence of defined services between peer
    open
  • systems is an important difference between CMIS
  • and SNMP.
  • CMIS has defined three classes of service
  • Management Association
  • Management Notification
  • Management Operation

41
Common Management Information Services (CMIS)
  • Management Association
  • M-INITIALIZE institutes an association
  • M-TERMINATE terminates an association
  • M-ABORT is used for abnormal termination
  • Management Notification
  • M-EVENT-REPORT services are CMIS traps (although
  • less structured)

42
Common Management Information Services (CMIS)
  • Management Operation
  • M-GET is like Get-Request
  • M-CANCEL-GET cancels M-GET
  • M-SET is like Set-Request allowing modification
    of info
  • M-ACTION is like Set-Request invoking new action,
    like
  • delegating fault management
  • M-CREATE creates another instance of a managed
    object
  • M-DELETE deletes an instance of a managed object

43
CMIS/Common Management Information Protocol (CMIP)
  • Foundation
  • Is the protocol that accepts operations and
  • initiates instructions
  • Uses ROSE to send messages across the network
  • Problems (because its so powerful)
  • Requires large amounts of overhead
  • Is difficult to implement

44
Common Mgt. Information Services over TCP/IP
(CMOT)

Mgt Appl Process CMISE
Tough, really tough!
ACSE ROSE Lightweight Presentation
Protocol (LPP) Session TCP UDP
IP Data Link Physical
ACSE (Association Control Service Element)
handles association establishment
release. ROSE (Remote Operations Service
Element) is the application protocol used to
access remote systems. LPP is effectively an
abbreviated Presentation Layer.
45
RMON
  • Remote Monitoring (RMON) is a standard
    monitoring
  • specification that enables various network
    monitors and
  • console systems to exchange network-monitoring
    data.
  • It provides network administrators with more
    freedom in
  • selecting network-monitoring probes and
    consoles.
  • It provides network administrators with
    comprehensive
  • network-fault diagnosis, planning, and
    performance-tuning
  • information.
  • It allows you to set up automatic histories,
    which the RMON
  • agent collects over a period of time, providing
    trending data
  • on such basic statistics as utilization,
    collisions, and so forth.

46
RMON (cont.)
  • Defines a remote network monitoring MIB.
  • Is an addition to the basic set of SNMP
    standards.
  • Provides a common platform from which to monitor
  • multi-vendor networks.
  • Why RMON?
  • With MIB-II the network manager can obtain
    information
  • that is purely local to the individual
    devices.
  • Information pertaining to traffic on the LAN as
    a whole?
  • Collision domain concept

47
Features of RMON
  • Is primarily a definition of a MIB.
  • Is used to passively monitor data transmitted
    over LAN segments.
  • Provides interoperability between SNMP-based
    management consoles and remote monitors.

48
RMON Goals
  • Off-line operation
  • RMON MIB allows a probe to be configured to
    perform diagnostics even in the absence of
    communication with the management station.
  • Proactive monitoring
  • A monitor can continuously run diagnostics and
    log network performance. In the event of a
    failure, the monitor can supply this information
    to the management station.

49
RMON Goals (cont.)
  • Problem detection and reporting
  • The monitor can be configured to recognize error
    conditions, continuously check for them and
    notify the management station in the event of
    one.
  • Value added data
  • A remote monitoring device can add value to the
    data it collects by highlighting those hosts that
    generate the most traffic or errors.
  • Multiple Managers-
  • An organization can have multiple management
    stations for different units. The monitor can be
    configured to deal with more than one management
    station concurrently.

50
RMON2
  • RMON2 is an extension to RMON.
  • The main added feature is providing RMON analysis
    up to the application layer. It decodes packets
    at layer 3 through 7 of the OSI model.
  • The two major capabilities as a result are as
    follows
  • An RMON probe can monitor traffic on the basis of
    network-layer protocols and addresses, including
    the Internet Protocol (IP). This enables the
    probe to look beyond the LAN segments to which it
    is attached and to see traffic coming onto the
    LAN via routers.
  • Because an RMON probe can decode and monitor
    application level traffic, such as email, file
    transfer, and World Wide Web protocols, the probe
    can record traffic to and from hosts for
    particular applications.

51
RMON2 (cont.)
  • RMON2 probe is not limited to monitoring and
    decoding network
  • -layer traffic.
  • RMON2 probe is capable of reading the enclosed
    higher level
  • headers such as TCP, which allows the network
    managers to
  • monitor traffic in greater detail.
  • With RMON2 , a network management application
    can be
  • implemented that will generate charts and
    graphs depicting traffic
  • percentage by protocols or by applications.

52
RMON2 MIB
The RMON2 MIB adds a number of groups to the
original RMON MIB. These groups are as
follows Protocol Directory (protocolDir) a
master directory of all of the protocols that
the probe can interpret. Protocol Distribution
(protocolDist) aggregate statistics on the
amount of traffic generated by each protocol, per
LAN segment. Address Map (addressmap) matches
each network address to a specific MAC address
and port on an attached device and the
physical address on this subnetwork. Network-Laye
r host (nlhost) statistics on the amount of
traffic into and out of hosts on the basis of the
network-layer address.
53
RMON2 MIB (cont.)
Network-Layer Matrix(nkMatrix) statistics on the
amount of traffic between pairs of hosts on the
basis of network-layer address. Application-Layer
Host (alHost) statistics on the amount of
traffic into and out of hosts on the basis of
application-level address. Application-Layer
Matrix (alMatrix) statistics on the amount of
traffic between pairs of hosts on the basis of
application-level address. User History
collection (usrHistory) periodically samples
user-specified variables and logs that data based
on user-defined parameters. Probe configuration
(probeConfig) defines standard configuration
parameters for RMON probes.
54
Structure of Management Information (SMI)
  • SMI defines the general framework for defining
    SNMP MIBs.
  • It describes how the managed objects (MOs) can
    be defined in the MIB, data types and values MOs
    can have and how MOs are named.
  • The SNMPv2 SMI provides for more elaborate
    specification and
  • documentation of managed objects and MIBs.
  • The new SMI enhancements provides a systematic
    and more powerful technique for row creation and
    deletion.
  • The SNMPv2 SMI also includes new macros for
    defining object groups, traps, compliance
    characteristics, and capability characteristics.

55
SMI (cont.)
The SMI is divided into three parts 1. module
definitions Module definitions are used when
describing information modules. An ASN.1 macro,
MODULE-IDENTITY, is used to concisely convey the
semantics of an information module. 2. object
definitions Object definitions are used when
describing managed objects. An ASN.1 macro,
OBJECT-TYPE, is used to concisely convey the
syntax and semantics of a managed object. 3.
notification definitions Notification
definitions are used when describing unsolicited
transmissions of management information. An ASN.1
macro, NOTIFICATION-TYPE, is used to concisely
convey the syntax and semantics of a
notification.
56
SMIv3
  • An evolution of SMIv2
  • - the rules for writing MIBs (for the last
    7years)
  • Charter of IETFs SMIng WG
  • - programming language like data model
  • - aggregated data structures with containment
    hierarchy
  • - backward compatible with SMIv2
  • WG received two proposals.
  • First proposal
  • - SMIng from NMRG (Internet Research Group)
  • - object-oriented language, with mappings to
    SMIv2
  • (and COPS-PR)

57
SMIv3 (cont.)
  • Second proposal
  • - SMI-DS from Andy Bierman (Cisco)
  • - a smaller deviation from SMIv2
  • - formal definition of aggregate types array,
    union, struct.
  • - OID extended to allow access to component
    data items.
  • In the beginning WG agreed to pursue a merging
    of the two
  • proposals.
  • None of the two proposals found enough consensus
  • and the merger did not succeed, so the Working
    Group
  • was closed down in April 2003.
  • WG is still considering other enhancements.

58
RMON on ATM
  • The ATM RMON feature allows you to monitor
    network traffic for
  • fault monitoring or
  • capacity planning.
  • The ATM RMON provides high-level per-host and
    per-conversation statistics in a standards-track
    MIB.
  • The ATM-RMON counter uses the per-VC counters
    already maintained in the hardware and polled by
    the software.
  • The ATM RMON agent can report cell traffic
    statistics by monitoring connection management
    activity. At connection setup and release time,
    some ATM-RMON bookkeeping code is executed. The
    amount of information varies, depending on the
    ATM RMON configuration.

59
RMON on ATM (cont.)
  • The ATM-RMON bookkeeping capability
    significantly reduces the processing requirements
    for ATM-RMON, and allows collecting statistics on
    many or all the of ATM switch router ports at
    once.
  • The ATM-RMON agent uses the 64-bit version of
    each cell counter, if 64-bit counter support is
    present in the SNMP master-agent library.

60
Conclusion
  • SNMPv3 is not that hard.
  • It beats the pants off SNMPv1 for security .
  • So get your network moved over to SNMPv3.
  • You will sleep much better.
  • One Caveat
  • As part of your deployment process, be sure to
    test the security of SNMPv3.
  • Do not rely on the implementations from your
    suppliers to be correct.
  • Suppliers often miss the mark.
  • Test for false positives - SNMPv3 agents or
    managers that accept invalid authentication
    and/or privacy keys.
  • The SNMP tester should be sure to use a valid
    key with extraneous characters appended or
    prepended.

61
Network monitors
  • Devices that have been employed to study the
    traffic on the network as a whole. Also called
    probes or network analyzers.
  • Operate typically in promiscuous mode.
  • Produce summary information, including error and
    performance statistics.
  • Monitor may also store packets for later
    analysis.
  • Filters may be used.
  • Can be a stand-alone device dedicated to
    capturing and analyzing traffic.
  • Can be a device with other duties, such as a
    workstation, a server or a router that captures
    and analyzes traffic.
  • Needs to communicate with a central network
    management station.
Write a Comment
User Comments (0)
About PowerShow.com