Network Management

1
Network Management

• Jacques Labetoulle
• Professor at Institut Eurécom

2
Overview

• 1st part Introduction
• Definition
• Architectures and functions
• Network Planning
• 2nd part standards
• Introduction to Object Oriented Approach
• OSI standards
• Internet standards
• Comparison
• The TMN
• 3rt part platforms and products
• 4th part Perspectives
• CORBA and network management
• Other approaches (Web, agents, ...)

3
Introduction

• Definition and motivations
• Support architecture
• Management domains
• Network planning

4
Network Management

• Definition
• It is the set of all techniques to implement in
  order to master the technical, financial,
  organizational aspects of a private network as
  well as the access and information security.
• Some key words
• - technical area quality of service
• continuity of service
• - financial area truth of the prices
• - organizational area control of the structure
  and evolutions
• - security area
  confidentiality
• access control

5
The network in the enterprise

• Strategically important
• finance (air plane reservations )
• security (bank transfers)
• service (bank notes distributors )
• competition (stock management)
• Service obligations
• continuity of service
• quality of service
• adaptability (on demand evolutions)
• cost control

6
Complexity of networks

• Network evolutions
• centralized networks ---gt distributed
  networks
• homogeneous networks ---gt heterogeneous
  networks
• separated networks ---gt integrated networks
• Evolution of network utilization
• generalization to all kind of personal
• opening to external clients or people
• multiplicity of services

7
Networks elements in a corporatenetwork

• Multiplicity of kinds of equipment
• communication controllers
• end of line equipment
• multiplexers
• PABX
• LAN
• interconnection equipment
• interconnection networks
• packet switches
• computer manufacturers architectures
• public networks and services
• Multiplicity of providers
• Rapid technological evolutions

8
Why to manage a network?

• Economical reasons
• excessive global costs (gt 1 of cash flow)
• increase of network budget (20 per year)
• tractability of prices
• (multiplicity of services and evolutions)
• Complexity increase
• offers from operators
• generalization of local area networks
• sophistication of equipment
• Pressure from the users
• Internetworking with other networks

9
Management areas

Integrated networks
Computer networks
Data
LAN
ATM
Voice
Functional domain
Alcatel
Bull
Faults
Accounting
Security
IBM
Configuration
Performance
TRT

Matra
SAT



manufacturers

10
Network Management today

• 1- It exists
• 2- It is not satisfactory
• No coherent offer
• from network operators
• from manufacturers
• from service providers
• Non-adapted standardization

11
Network Management today

• Diversity of solutions a large variety of
  proprietary systems characterized by
• limitation of management domains --gt partial
  visions
• very different ergonomics --gt problems of
  qualification of people
• functional limitations --gt partial control of
  networks
• (faults, performance)
• communication difficulties --gt partial and
  local visions
• multiplicity of work
  stations
• A few intelligence in systems --gt necessity of
  highly qualified persons

12
Network Management tomorrow

• Universal workstations
• high ergonomics
• remote management
• multiples visions
• adaptation of functions to needs
• help systems
• automation
• possibilities for evolution and adaptations
• An adapted standardization
• Integration of new techniques

13
Users point of view

• Coverage of the solution and integration
• the whole enterprise (and not only the
  headquarters)
• integration network, systems, applications,
  services
• integration all kinds of elements (voice, data,
  ...)
• To day advance
• very variable
• Partners
• manufacturers, software editors
• Difficulties (by order of importance)
• training,
• performance of the offer,
• interoperability
• ... cost

14
Introduction

• Definition and motivations
• Support architecture
• Management domains
• Network planning

15
Principles for an architecture

• A logical architecture
• definition of elements
• A physical architecture
• how to connect elements
• A set of functions
• definition of usage
• A methodology
• conception, evolution of the management system

16
Architecture

Other
management
systems


(PNO)
EMS
EMS
EMS
17
Architecture the EMS's

• Close vision of a sub-area
• Proprietary interfaces with equipment (now)
• Normalized interfaces with the integrator
• Independence from manufacturers and equipment
• Possibility of "migration" of functions between
  Integrator and EMS's

18
Architecture the work stations

• High quality ergonomic
• Specialization of operators
• - access security
• - control of different visions
• Direct access to information

19
Architecture The integrator system

• A set of functions
• - for universal needs
• - easy adaptations
• flexibility (centralization/distribution)
• Basic components
• - exchange procedures
• - man/machine interface management
• - information system
• - functions
• - intelligent systems

20
Architecture The integrator system

• A sufficient vision of problems
• - notion of "view" of sub-networks
• Reasonable performance
• - installation dimensioning
• - portability on a set of machines

21
Introduction

• Definition and motivations
• support Architecture
• Management domains
• Network planning

22
Classification of functionsreal time / differed
time activities

• Real time activities
• - behavior supervision
• - detection of incidents, fault diagnostic
• - launching of rerouting procedures ,
  maintenance, etc.
• - access control to services and resources
• Differed time activities
• - network configuration management
• - access and security rights management
• - financial management cost affectation , bill
  verification
• - edition of statistics and dash boards
• - planning, simulation

23
Classification of functionsareas breakdown

• 5 areas defined by OSI
• - Configuration management
• - fault management
• - Performance management
• - accounting
• - Security management

24
configuration management

• Management of the Information base (MIB)
• - Inventory of network elements
• - Management of names of managed elements
• - add, delete, change of network components
• - Initialization and modification of parameters,
  states, ...
• - Modification, creation, suppression of
  relations between managed elements
• Network visualization
• - Global visualization
• - Geographical Zooms
• - Sub-networks visualization
• - On demand display of managed elements
  characteristics

25
Configuration management(continued)

• Reconfiguration
• - Activation of stand by configurations
• - resources re-affectations
• - Remote software loading
• - Edition of operational state modifications
• - History of reconfigurations
• Creation of directories
• - Directory of offered services
• - Directory of users
• - Directory of furnishers

26
Fault management

• Fault detection
• - Creation of misbehavior reports
• - Management of counters and alarm thresholds
• - Event filtering (elimination of redundant
  information)
• - disfonctionnement display
• Fault localization
• - Analysis of alarm reports
• - Launching of measurements and tests
• gt Computer assisted diagnosis
• Initialization of corrective actions
• - Resource re-affectations
• - Re-routings
• - Traffic limitations gt Decision support
  system
• - calling to maintenance

27
Fault management (continued)

• Equipment recovering
• - Launching of behavior tests
• - Backup systems management
• Recording of fault histories
• ("trouble tickets")
• Establishment of statistics
• - breakdown probabilities
• - duration of incidents
• - Duration of repairing
• Interface with users
• - signaling of incidents by users
• - information to users

28
Accounting

• Resource usage measurement
• - Recording
• - Creation and management of record files
• Control of quotas by user
• - establishment of current consumption
• - Verification of consumption authorizations
• Follow up and control of expenses
• - recording of up to date tariffs (from
  operators)
• - management of taxation tickets
• - real time evaluation of current consumption
• - bill control
• - follow up of equipment costs
• (investments, deadening, maintenance)
• - follow up of exploitation costs

29
Accounting (continued)

• Financial management
• - cost splitting
• (by service, by user, by application)
• - Analysis and prevision of expenses
• - Study of scenarios for cost minimization
• Internal billing
• - Management of users
• - Management of tariffs
• - Creation of taxation tickets and bills
• - Bill control
• - Recording of historic

30
Security management

• Security of Network Management
• - Management of access rights to working
  stations
• - Management of operator "views"
• - Access control to management information
• Access control to the managed network
• - Functions dedicated to the mechanisms
• definition of usage conditions
• activation/deactivation of mechanisms
• modification of parameters
• management of authorization lists
• (to machines, services, network elements)

31
Security management (continued)

• - Tracking of access (identity, time,
  destination)
• - Detection of fraudulent access attempts
• recording
• statistics
• setting of alarms
• Information Security
• - Management of protection mechanisms
• - Management of encryption and decryption keys
• - fault detection
• - Detection of fraudulent attempts

32
Performance management (Real time)

• Recording of performance measurements
• - Definition of measurement conditions criteria
• - Management of information collecting and
  filtering
• - Establishment of statistics
• - Launching of on demand measurements
• - Management of information files
• Monitoring of network behavior
• - Visualization resource utilization
• - Signaling of threshold overpass

33
Performance management Real time (continued)

• Performance measurement analysis
• - Network behavior
• load repartition
• throughputs
• response times
• availability
• - Analysis of probable reasons of threshold
  overpass
• correlation with equipment faults
• indicators comparison and correlation
• gt computer aided system

34
Performance managementReal time (continued)

• Corrective and preventive actions
• - Resource re-affectation
• modification of configuration parameters
• traffic routing optimization
• - Traffic Limitations
• filtering, priorities
• - Choice of action mode gt computer aided
  system
• Follow up of actions results
• - Recording of historic
• - Analysis of action efficiency, definition of
  rules

35
Performance managementDiffered time

• Information analysis
• - Establishment of statistics and historic
• - Establishment of quality of service indicators
• - Edition of reports (periodically or on demand)
• - Edition of dash boards
• Provisional analysis
• - Elaboration of traffic matrices
• - Evaluation of performance
• detection of saturation risks
• simulation of scenarios
• gt improvement of the QoS
• balancing of resource utilization
• - Network planning et dimensioning
• - Follow up of corrective management

36
Other management areas

• Planning (see later)
• Park management (inventories, catalogue,
  installations, ...)
• Cabling management
• License management
• Host management (users, disks, versions, ...)

37
Introduction

• Definition and motivations
• support Architecture
• Management domains
• Network planning

38
Time scales

• Scale operations actions
• minutes supervision observation of network
• real time management problem detection
• corrective actions
• hours day to day maintenance
• days management statistics (performance,
  traffic)
• configuration programmed operations
• security installations

39
Time scales

• weeks operation management purchases
• months financial management billing
• corrective management re-dimension
• modifications (routings, ...)
• year short term topological evolutions
• planning dimensioning, routings, ...
• choice of support services annual
  budgets
• gt 1 year Strategic or strategic decisions
• long term planning choice of target
  structures evolution towards these
  structures
• evolution plans

40
Important steps

• Evaluation of traffic needs
• Choice of a target structure
• Choice of support services
• Dimensioning and optimization
• Verification

41
Traffic needs

• Problem find an adequate traffic representation
  
• telephony volumes easy to measure
• notion of heavy load hour (per site, per link,
  ...)
• traffic measure the Erlang
• data measure unit packets, transferred
  octets, bandwidth needs
• Often global measures (heavy load hour,
  possibility of differed
  transfers, ...)
• Do not forget protocols overheads!

42
Traffic needs

• Empirical rules heavy load hours
• 20 of the daily traffic on 8 hours
• or 16 for 12 hours or 14 for 24 hours
• heavy load hour traffic 2,5 times the
  mean hourly traffic
• mean traffic at heavy hours V/3600 (in
  bit/s or messages/s)
• Other method calculate the traffics per hour
  (no heavy hour traffic problem)

43
Evaluation of traffic needs

• 1- Extrapolation of traffic matrices
• organize measurement campaigns (per week, month,
  year, ...)
• calculate representatives values, per period
• global volumes
• heavy hour volumes
• utilize mathematical techniques for chronological
  series extrapolation (linear regressions, Kalman
  filtering, ...)
• correct, taking into consideration the impact of
  new services
• Can use directly network management measures and
  techniques.

44
Evaluation of traffic needs

• 2- Direct analysis of flows
• analysis of the structure of the enterprise
  (types of entities, organization levels, ...)
• analysis of the relations and applications used
• evaluate elementary flows and integrate them
• how to proceed inquiries
• necessity of a validation (by direct measurement
  of existing flows)

45
Choice of a target structure

• Problem
• Determine main orientations (strategic choices)
• meshed or star network
• where to implement transit centers
• choice of structures from the market
  (manufacturer networks, private network, based on
  PNOs networks and services , security aspects ,
  redundancy, ...)
• fundamental technological choices kind of LAN,
  migration towards ATM
• Remark mixing of technical and political
  problems

46
Choice of a target structure

• Problem determination of the basis of the
  solution
• Start from the needs, characterized by
• traffic volumes and characterization (sporadic,
  interactive, big transfers, ...)
• constraints costs, performance, security
• offers technical constraints , tariffs,
  performance, easy of use, ...
• Method a lot of logic and common sense
• take into account scales economy
• integrate traffics leads to economies
• use of elementary rules
• regular traffics gt dedicated networks
• sporadic traffics gt switched networks
• variable traffics gt virtual private networks
• look carefully at pricing principles

47
Dimensioning and optimization

• Basic techniques
• 1- Inversion of performance evaluation formulas
• telephone networks
• B(A,N) Erl (A,N) AN/N! /
  (1AA2/2 .... AN/N!)
• data links (Kleinrocks independence assumption)
  
• W 1/(Ci - Di)
• In fact, dimensioning is often made by using a
  maximum utilization factor (60 or 70 of
  capacity).

48
Dimensioning and optimization (follow up)

• 2- Economical optimization
• formalize the problem as an objective function
  minimization problem (the cost), subject to
  constraints (arcs and nodes capacity,
  performance, ...)
• elementary costs may depend on non trivial
  functions (step functions)
• To solve the problem OR techniques (linear or
  integer numbers programming, ...., simulated
  annealing).
• in general, problems are NP-complete and can
  be solved only by heuristics
• Results of this step a dimensioned network, the
  routings, installation and exploitation costs
  (monthly costs, maintenance costs, ...)

49
Dimensioning and optimization Example of a
formalization problem

• Min C ? Cj ej ? Ci,j ei,j ? CRj ej
• installation of a concentrator in j cost of
  the link between i and j cost of the link from
  the concentrator j to the central node.
• ei 1 if a concentrator in j, 0 if not
• ei,j 1 if site i is linked to site j
  (concentrators location) ,
• 0 if not
• With the constraints
• ?i ei,j capa capacity of the concentrator
• ?j ei,j 1 only 1 link between two sites
• ?j ei,j ej 1 each link towards a site with a
  concentrator

50
Verification of the solution

• The solution needs to be validated
• simplifies assumptions (performance)
• necessity to validate for each time slot
• How to proceed
• analytical methods (queuing theory)
• event driven simulation (also useful to analyze
  evolutions of the networks)

51
Standards

• The object oriented approach
• The OSI standards
• SNMP

52
Encapsulation

53
Classes

• Two components
• static component the data, composed of fields.
  They characterize the state of the objects during
  execution.
• dynamical component procedures called methods.
  They represent the common behavior of the objects
  belonging to the same class. The methods
  manipulate the fields et characterize the actions
  done by the objects.

54
Example of a class

• Class Article
• Fields reference designation priceHT
  (excluding VAT) quantity
• Methods PriceTTC () return (1.186
  priceHT) transportPrice () return (0.05
  priceHT) retire (q) quantity lt----
  quantity - q add (q) quantity lt----
  quantity q

55
Instantiation

• The class describes the object
• It is used as a model to build instances
• The list of the fields is hold by the class
• Instances have values
• Methods are not duplicated

56
Example of instantiation

57
Inheritance

• Gathering of common characteristics to several
  classes
• Classes are specialized by defining sub-classes
• A sub-class shares variables and methods of its
  super-class
• It inherit the properties of its super-class
• Two techniques can be used
• enrichment new variables and/or new methods are
  added
• substitution a method is redefined

58
Example of inheritance

• Classclothes
• SuperclassArticle
• Instance variablessizecolor
• Methods

• ClasseArticleDeLuxe
• SuperclassArticle
• Instance variable
• MethodspriceTTC () return (1.25priceHT)

59
Inheritance graph

• The inheritance relation links a class to its
  super-class
• The graphical representation of this relation
  builds the inheritance graph
• The inheritance relation is transitive
• The word superclass designates any class from
  which a class inherits
• The structuring with classes brings an important
  modularity
• Most of OO languages behave predefined libraries
  of classes
• For example in Smalltalk-80 LinkedList, Form
  (graphical objects), Process, Semaphore, ...

60
Inheritance graph

Shirt
Téléviseur
FreshCaviar
Aspirator

typetube
origin
noiceLevel
shape
screenwidth

weight
throughput
pocketNr
61
Inheritance graph

• Simple inheritance
• The inheritance graph is a tree
• It determines a total order
• Multiple inheritance
• A class can have several direct superclasses
• Not a tree, but an oriented graph
• Some classes can be created to be used as
  "inheritance reservoir". They are not
  instantiated. In some languages, they are called
  abstract classes.
• Advantages improve modularity and avoid
  duplications

62
Multiple inheritance
Périssable
température
prixtransport
Vêtement
Articledeluxe
coloris
prixTTC
taille
Caviarfrais

provenance
poids
63
Relation is a
Article

référence
désignation
prixHT
quantité
prixTTC
retirer
ajouter
Périssable
température
prixtransport
Articledeluxe
prixTTC
Caviarfrais

provenance
poids
64
Which method to apply?

• Simple inheritance
• The inheritance graph reduces to an ordered list.
• The method is found by looking at this list from
  the bottom.
• Example
• Method priceTTC for the class TV
• Inheritance tree of the class
• TV, Article DeLuxe, Article, Object
• The selected method is taken in ArticleDeLuxe

65
Which method to apply?

• multiple inheritance
• The inheritance graph of a class is a graph.
• So there may be a conflict!

66
Message transmission

• An object cannot directly react on one another.
• It only can activate a method of the target
  object.
• To do that, he sends a message
• Sending of messages is the only communication
  mean between objects.
• The reception of a message leads to the research
  of the method to apply in the environment of the
  object.
• When the method delivers a result, this one is
  returned to the sender (transmission with return).

67
Main OO languages

• Smalltalk-80
• Objective-C LISP and object oriented derivations
• (Le-Lisp, Flavors, Ceyx, ObjVLISP,...)
• SIMULA
• C
• Eiffel
• ADA
• and JAVA!

68
Notion of view

69
Object in NM

70
Object in NM
Object
Interface

Old appli
New element
New characteristics
new appli
71
Object in NM

• OSI protocol (CMIP)
• classical object specific characteristics
• Internet protocol (SNMP)
• no inheritance
• only simple variables
• Other approaches
• IDL CORBA
• Java

72
Standards

• The object oriented approach
• The OSI standards
• SNMP

73
StandardizationThe ISO model

• General framework
• - included in Part 4 of the general ISO
  reference model
• - specify the procedures for managing an
  heterogeneous network
• - define the architectural framework
• Objectives
• "plan, coordinate, organize, control and
  supervise the resources used in the
  communications in agreement with the ISO model
  and report on their utilization"

74
OSI standards
75
Three models

• Organisational model
• Information model or MIB
• Functional model

76
The organizational model

• Define the framework to distribute the management
• uses the concepts of "management system" and
  "managed system or agent"
• The DMAP (Distributed management application
  process) is the application which controls and
  supervises the managed objects .
• The Agent Process allows the local management
  .

77
Organisation scheme
Managed System
Management System
Manage- ment process
Agent process
Functions
D
CMIP
Managed objects
78
Management of objects
Managed object
Operation activated by orders sent to the
class ( instance creation ) or to the object
(method activation ) Notification activated by
the class or the object which send messages
(state changes, thresholds overpass
79
Three models

• The Information model or MIB (Management
  Information Base)
• document ISO 10165-1
• it is a management information base , which
  must contain ,
• in a structured manner, the set of all the
  managed objects, and
• the information allowing their identification .
• the managed objects all the resources used
  in an ISO communication.
• They are all defined with their attributes,
  methods, the messages they
• emit, the operations they can execute.
• the management information tree (MIT)
  represents the hierarchy of objects

80
Three models

• The functional model
• the ISO management is decomposed in 5 tasks
• - fault management
• - configuration management
• - accounting
• - performance management
• - security management

81
Three management levels

• The system-management level
• relies on information exchanges from all the
  protocol layers (ISO model)
• The layer-management level
• - the management is restricted to a given
  layer (it relies on the services offered by lower
  layers)
• - example the Network Connection Management
  Subsystem (NCMS) which specifies a connection
  management sub-protocol (ISO 8073/AD1)
• The layer operations level
• the management is realized by information
  exchanges within the layer protocol

82
The information model

• An object oriented approach
• a description language
• an exchange language
• Principles
• naming
• registration
• Libraries

83
The information model

• Objective to allow the definition of managed
  objects in a standard way.
• - coherence of definitions
• - coherence with the management environment
• (CMIP and functions)
• - work repartition

84
The information model

• The model defines
• - what is an object
• - of what it is composed
• - what it can do
• - what can be done on it
• - how it is named in the protocol
• - how it is linked to other objects

85
The information model Description of objects

• - the attributes
• - the methods
• - the relations
• - the conditional packages
• - the containment tree
• - the allomorphism

86
Description tool

• GDMO templates
• MANAGED OBJECT CLASS definition of a class
• PACKAGE
• PARAMETER
• NAME BINDING
• ATTRIBUTE
• GROUP-ATTRIBUTE
• BEHAVIOUR
• ACTION
• NOTIFICATION

87
Template "MANAGED OBJECT CLASS"

• ltclass-labelgt MANAGED OBJECT CLASS
• DERIVED FROM ltclass-labelgt,ltclass-labelgt
• CHARACTERIZED BY ltpackage-labelgt,ltpackage-label
  gt
• CONDITIONAL PACKAGES ltpackage-labelgtPRESENT IF
• ltcondition-definitiongt
• ,ltpackage-labelgtPRESENTIFltcondition-definitiongt
  
• PARAMETERS ltparameter-labelgt,ltparameter-labelgt
  
• REGISTRETED AS object-identifier

88
Example of a class

• exampleObjectClass MANAGED OBJECT CLASS
• DERIVED FROM "Rec. X.721 ISO/IEC 10165-2
  1992" top
• CHARACTERIZED BY
• examplePackage2 CONDITIONAL PACKAGE
• examplePackage1 PACKAGE
• ACTIONS qOSResetAction
• NOTIFICATION communicationError
• REGISTRED AS joint-iso-ccitt ms(9) smi(3)
  part4(4)package(4)examplepack1(0)
• PRESENT IF !conformance class 2 of underlying
  ressource implemented as descriptor in ISO/IEC
  xxxx!
• REGISTRED AS joint-iso-ccitt ms(9) smi(3)
  part4(4)managedObjectClass(3)exampleclass(0)

89
The information model Description of objects

• Definition of information
• - List of generic objects
• - TOP
• - DISCRIMINATOR
• - ...
• - List of object classes specific to some
  functions
• - SUMMURIZATION REQUEST OBJECT
• - ...
• - List of attributes types
• - COUNTERS
• - THRESHOLDS
• - ...
• - List of operations, notifications, ...

90
Description tool

• ASN.1 (Abstract Syntax Notation 1)
• It is a language defined by its grammar (cf ISO
  8824)
• A grammar is a set of production rules
• The role of ASN.1
• 1 Description of data structures
• 2 Allow transmission of these structures through
  the ISO stack
• Utilization mode
• 1 describe objects in ASN.1 (following the
  formalism of GDMO templates)
• 2 use a "compiler" towards the development
  language (C, ADA, Pascal, ...) to generate
• adapted data structures
• encoding rules to the transfer syntax
• Thus, encoded ASN.1 will be transferred through
  the network.

91
The use of ASN.1

Encoding/decoding rules
92
Naming

• The containment tree
• defines notions of contained and containing
  classes
• defines constraints for the naming process
• Naming tree
• respects constraints of the registration tree
• defines a global name for each object
• the Global Distinguished Name (GDN)
• allows the use of local names
• Distinguished Name

93
Four trees

• Inheritance tree properties of classes
• Containment tree containment constraints for the
  naming process (defined within classes)
• Naming tree for identification of objects (or
  instances)
• Registration tree to reference classes (or
  constituents of classes, e.g. templates)

94
The inheritance tree
95
The containment tree
96
The naming tree
Name of objects "networkA, LAN1,
stationX" "networkA, LAN2, stationX"
97
The registration tree
98
Important remarks
All object classes must be registered by a
competent authority. The conformity will be
verified using the MOCS (Management Objects
Conformance Statements) The standardization
process does nor provide any help for the
conception of the object model. A set of generic
object libraries are provided. These objects need
to be extended (by the inheritance process).
99
The object TOP

• top MANAGED OBJECT CLASS
• CHARACTERIZED BY topPackage PACKAGE
• BEHAVIOUR topBehaviour
• ObjectClass GET,
• nameBinding GET
• CONDITIONAL PACKAGES packagesPAckage PACKAGE
• ATTRIBUTES packages GET
• REGISTERED AS smi2Package 16
• PRESENT IF "any REGISTERED package, other than
  this package has been instancied",
• allamorphicPackage PACKAGE
• ATTRIBUTES allomorphs GET
• REGISTERED AS Smi2Package 17
• PRESENT IF "if an object supports
  allomorphism"
• REGISTERED AS smi2MObjectClass 14
• topBehaviour BEHAVIOUR DEFINED AS "This is the
  top level of managed object class hierarchy and
  every other managed objet class is a
  specialization of either this generic class (top)
  or a specialization of a subclass of top..."

100
Example system object

• system MANAGED OBJECT CLASS
• DERIVED FROM top
• CHARACTERIZED BY
• systemPackage PACKAGE
• ATTRIBUTES systemId GET,
• systemTitle GET,
• operationalState GET,
• usageState GET,
• administrativeState GET-REPLACE
• CONDITIONAL PACKAGES
• administrativeStatePackage PACKAGE
• ATTRIBUTES administratoveState GET-REPLACE
• REGISTERED AS smi2Package14
• PRESENT IF "an instance supports it",
• ....

101
The functional model

• Definition of 5 management domains
• Definition of SMFs
• System Management Functions

102
SMF System Management Functions

• Objective
• Specification of management interfaces, based on
  the manager/agent model.
• Means
• Two aspects are necessary
• - the object model (managed resources , their
  properties, relations, operations)
• - the accesses to the objects (access control ,
  selections, coordination of elementary operation
  , timing...)
• Definition
• A SMF is a standard which describes object
  classes or properties of objets that can be used
  to perform management functions. It standardizes
  the protocol aspects of these services.

103
SMF System Management Functions (continued)

• Content three aspects
• - semantics of the properties and/or support
  objects
• example alarm types
• objects Log, LogRecord
• - description of the access services to these
  basic properties (procedures)
• example mapping on the services of CMISE
• - syntax to support these definitions (GDMO
  templates and ASN.1 production rules )
• Relations between SMF's
• A SMF can use the services defined in other
  SMF's

104
SMF System Management Functions (continued)

• Functional units
• - A SMFU defines a set of properties (management
  services) that objects of a system can offer to a
  manager using an association. They can be
  negotiated when initializing the association.
• - Example
• The object management defines two SMFU's
• - operations services
• - notification services
• The log management defines one SMFU
• The states management does not defines a SMFU
  (cannot be negotiated )
• Remark
• - A SMF is not a function in itself. The
  services described by a SMF are introduced to be
  integrated in a management interface. They can be
  used by objects from different classes.

105
SFMs principle

106
SFMs principle
Object
Management interface (CMISE)
SMF Interface (enriched)
object
107
List of the SMF

• Object Managt Function IS Workload Monitoring
  Function DIS
• State Managt Function IS Test Management
  Function DIS
• Attributes for Relationships IS Summarization
  Function CD
• Alarm reporting IS Confidence and Diagnostic
  Test CD
• Event Report Function IS Time Management WD
• Log Control Function IS OSI software
  Management WD
• Security Alarm Reporting Funct. IS
• Security Audit trail Function DIS
• Objects and Attributes for Access CD
• Accounting Meter Function CD
• Scheduling Function WD
• Response Time Monitoring

108
Fault management
Accounting management
Configuration management
Performance management
Security management
Object Management
State Management
Relationship Management
Alarm reporting
Event-report management
Log control
Security-alarm reporting
Security audit trail
Access control
Accounting meter
Workload monitoring
Test management
Summarization
Specific Management Functions
Event Report
Get
Set
Action
Cancel-Get
Create
Delete
109
State Management Function

• Attributes
• - Management attributes
• Operational state In service
• Out of service
• Utilization state Free (non used)
• Active (usable)
• Occupied (not usable any more)
• Unknown (from the object)
• Administrative state Blocked (by the
  manager)
• Unblocked ( " )
• Becoming free
• - Maintenance attributes (STATUS)
• Repair status (in repair, alarm..)
• Installation status (being installed)
• Availability status (in test, out of service,
  out of tension...)
• Control status (reserved, suspended...)

110
State Management Function (continued)

• Notifications
• - State Change notification
• with parameters
• state change info (state attribute)
• additional state change info
• Object
• - state change record
• Specialization of the class "Event Log Record"
  with notification parameters (above)
• Offered services
• - State Change Reporting Service M-EVENT-REPORT
• - State attribute read PT-GET
• - State Attribute Modify PT-GET

111
CMISE/CMIP

• CMISE services
• Interactions with object interfaces
• (read, write, creation, instances destruction,
  ...)
• Utilization of naming principles
• Multiple object selection
• Multiples actions (atomicity)

112
CMISE(Common management InformationService
Element)

• CMISE services
• They are classified in two categories
• the operation services invocation of requests
  sent to an agent (concerning objects managed by
  this agent),
• a notification service transmission by an
  agent of a report containing a notification
  emitted by an object.

113
CMISE services (continued)

• Operation/notification Service Mode
• Get attribute value M-GET confirmed
• M-CANCEL-GET confirmed
• Replace attribute value
• Replace with default value
• Add member M-SET conf/non-conf
• Remove member
• Create M-CREATE confirmed
• Delete M-DELETE confirmed
• Action M-ACTION conf/non-conf
• Notification M-EVENT-REPORT conf/non-conf

114
(Common management InformationService Element)

• CMISE services M-CREATE
• Specific parameters
• - superior object instance
• - reference object instance
• Service
• - naming ie definition of the GDN (Global
  Distinguished Name)
• --gt choice of the superior in the naming
• choice of the RDN (Relative Distinguished
  Name)

115
Example M_CREATE

• - M-CREATE uses 3 specific parameters
• - MOC (Managed object Class) - its class
• - MOI (Managed Object Instance) - its GDN
• - SOI (Superior Object Instance) - the GDN of
  the superior
• - The manager has three options it can send
• - MOC and MOI
• - MOC and SOI
• - MOC
• - In any case, the agent will return MOC and MOI
• - Valorization of attributes
• The values given to attributes have higher
  priorities than the default values of the class
  or the values of a referenced object.

116
Multiple object selection

-1
-2
-3
Filtering (attributes values)
Scoping
117
CMIP

• ISO layer 7 protocol
• Supports remote CMISE operations
• Is integrated in an association (cf ACSE)
• negotiation of the association (partners,
  functional units , ...)
• closure of the association
• Is built on ROSE services
• (remote operation invocation)

118
Implementations

• Normaly on ISO stack (layers 1 to 6)
• Possible on TCP stack (CMOT)
• Possibly on LLC (with adaptations), and CMOL or
  LMMP

119
Standards

• The object oriented approach
• The OSI standards
• SNMP

120
Network Management within Internet

• An organizational scheme
• An information system
• A protocol
• But
• no functional aspect
• no object oriented approach
• simplified mechanisms (naming, ...)

121
The model

• Three components in the network management model
  
• several managed nodes. One agent in each one.
• one or several Network Management Stations (or
  NMS)
• a protocol for the exchange of management
  information
• The "Internet-standard Network Management
  Framework" describes the basic principles of the
  Internet network management

122
The managed nodes

• three types are possible
• host system (work station , server, printer...)
• gateway
• transmission medium (bridge, multiplexer...)
• Architecture

MANAGEMENT PROTOCOL
"USEFUL"

Instrumen- tation
PROTOCOLS
Network
123
The management stations

• They are host systems containing
• - the network management protocol
• - the management applications
• Remark a management station takes care of
  several nodes, but a node may be managed by
  several management stations.
• The model is thus of the type Manager - Agent
  (client-server)

124
The management protocol

• Each node is maintaining a set of "variables".
  Reading these variables allows to supervise the
  network. Writing these variables allows the
  control of the mechanisms.
• Besides the reading and writing operations , two
  additional mechanisms are provided
• the transversal operation to learn about
  implemented parameters
• the trap operation, for fault signaling
• It is possible to manage a node not implementing
  the Internet stacks using a "Proxy"

125
The information system

• Data description
• A sub-set of ASN.1 is used by the "management
  framework"
• In particular, only 4 kinds of data types can be
  used
• - INTEGER a data type that can only take
  integer values
• example
• Status
• INTEGER up(1), down(2), testing(3)
• myStatus Status up -- or 1
• - OCTET STRING a series of de 0 or more octets
  (values from 0 to 255).
• - OBJECT IDENTIFIER a type to reference a
  registered object (by a competent authority). It
  is a series of numbers, referencing the
  registration tree.
• - NULL

126
Definition of managed objects

• OBJECT-TYPE MACRO BEGIN
• TYPE NOTATION "SYNTAX" type (ObjectSyntax)
• "ACCESS" Access
• "STATUS" Status
• Access "read-only"
• "read-write"
• "write-only"
• "not-accessible"
• Status "mandatory"
• "optional"
• "obsolete"
• "deprecated"
• Description value (description
  DisplayString)
• VALUE NOTATION value (VALUE ObjectName)
• END

127
Definition of managed objects

• Example
• sysDescr OBJECT-TYPE
• SYNTAX OCTET STRING
• ACCESS read-only
• STATUS mandadory
• system 1

128
The information system

• 2 types of structured data
• list
• ltlistgt SEQUENCE lttype1gt, . . ., lttypeNgt
• where lttypegt are simple types
• table
• lttablegt SEQUENCE OF ltlistgt
• Only 2 dimensions tables are authorized.

129
Registration
Objects must be registered. Internet prefix
internet OBJECT IDENTIFIER iso(1)
org(3) dod(6) 1 or 1.3.6.1

130
The SNMP MIB

• MIB-1 (first version)
• MIB-2
• group nb comment
• system 7 nodes
• interfaces 23 network interfaces
• at 3 IP address translation
• ip 38 Internet Protocol
• icmp 26 Internet Control Message Protocol
• tcp 19 Transmission Control Protocol
• udp 7 User Datagram Protocol
• egp 18 Exterior Gateway Protocol
• transmission 0 transmission
• snmp 30 SNMP itself
• total 171

131
Example the System group

• system OBJECT IDENTIFIER mib 1
• sysDesc description of the equipment
• sysObjextID agent identity
• sysUpTime duration since last start
• sysContact contact person
• sysName equipment identification
• sysLocation location
• sysServices offered services
• Example sysDescr "4BSD/ISODE SNMP"
• SysObjectId 1.3.6.1.4.1.4.1.2.1
• SysUpTime 45366736 (5 days, 6h,1mn,7.36sec)
• SysContact "M. Dupont lt_at_ IPgt"
• SysName wp.psi.com
• SysLocation "building A"
• SysServices 48 (transport, application)

132
MIB structure and addressing

• system 1.3.6.1.2.1.1
• interfaces 1.3.6.1.2.1.2
• at 1.3.6.1.2.1.3
• ip 1.3.6.1.2.1.4
• icmp 1.3.6.1.2.1.5
• tcp 1.3.6.1.2.1.6
• udp 1.3.6.1.2.1.7
• egp 1.3.6.1.2.1.8
• cmot 1.3.6.1.2.1.9
• transmission 1.3.6.1.2.1.10
• snmp 1.3.6.1.2.1.11

133
MIB II - interface group

• ifAdminStatus administrative state
  (up/down/test)
• ifOperStatus operationnal state (idem)
• ifLastChange date of last operationnal change
• ifDescr interfaces name
• ifType type
• ifMtu maxi Nr of datagramme
• ifIndex a unique value for each interface
• idfSpeed throughput
• ifInDiscard nr of rejected packets in input
• ifOutDiscard id in output
• ifInErrors nr of packets in error in imput
• ifOuterrors id in output
• ifInOctets nr of octets received
• ifOutOctets nr of octets sent
• ...
• ifInUnknownProtos nr of received packets with
  unknown protocol
• ifOutQlen nr of packets in the output queue

134
MIB II - IP group

• ipRouteTable IP routing table
• ipNetToMediaTable address translation table
• ipForwarding if the equipment can forward
• ipAddrTable IP adresse
• ipInReceives nr of datagrammes (input)
• ipInHdrErrors nr of packets with header error
• ipInAddrErrors nr of packets with address error
• ipForwDatagrammes nr of forwarded datagrammes
• ipInUnknownProtos nr of input datag. with
  protocol error
• ipInDiscards nr of discarded datagrammes (input)
• ipInDelivers nr of datagrammes (input)
• ipOutRequests nr of datagrammes (output)
• ipOutDiscards nr of rejected datagrammes
  (output)
• ...
• ipFragFails nr of failed fragmentations
• ipFragCreates nr of generated fragments

135
Protocol mechanisms

• Authentication
• Authorization (access policy)
• Objets identification
• Internal mechanisms

136
Authentication

• A SNMP message contains two parts
• - a community name. It must be known from
  receiving entity to validate the message.
• - data, with an operation and operands
• Each community name
• is verified for each message
• is correlated with rights (read - write)
• sees a sub-set of the MIB

137
Authorisation

• Each community defines an access mode that can
  be read-only or read-write for all the objects
  belonging to the community (the view).
• The intersection of the access mode and
  object's characteristics determines the
  authorization
• access mode read-only read-write write-only
  not-accessible
• read-only 3 3 1 1
• read-write 3 2 4 1
• where classes are defined as follows
• 1 no right 3 get, get-next, trap
• 2 get, get-next, set, trap 4 get, get-next, set,
  trap
• used by specific implementations

138
Object's identification

• Each object is identified by its OID, followed by
  a suffix
• 0 for a simple variable (not in a table)
• a not null value if not
• Variables inside an agent can be classified
  (lexicographical order),
• The naming mechanism is not explicit
• variable - the agent (IP address , port Nr )
• - OID
• - suffix

139
SNMP behaviour

• SNMP is an asynchronous request/answer protocol .
• Four kinds of interactions are possible
• 1- the manager sends a get-request the agent
  answers by a get-response.
• 2- the manager sends a get-next-request the
  agent answers by a get-response.
• 3- the manager sends a set-request the agent
  answers by a get-response
• 4- the agent sends a trap message.

140
SNMP behaviour

• Each SNMP message (except traps) contains
• - a request identifier
• - a list of variable bindings (names and values)
• - a field for error types (tooBig, noSuchName,
  badValue, readOnly, genErr)
• - an error index (number of the faulty
  variable).

SNMP
error
error
Community
Request
variable
PDU type
Version
status
Name
-id
binding
Number
index
name1 value1 name2 value2 .......
namen valuen
Variable Binding
141
The get-next operation

• This operation has been designed to allow to
  receive as answer the value of the object
  immediately following the object named in the
  request (referrin