BZUPAGES.COM Network Management Basics • Network management requirements • OSI Management Functional Areas – Network monitoring: performance, fault, accounting – Network control: configuration, security • Standardization in network management • Practical issue: introduction to SNMP
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
BZUPAGES.COM
Network ManagementBasics
• Network management requirements
• OSI Management Functional Areas– Network monitoring: performance, fault, accounting
– Network control: configuration, security
• Standardization in network management
• Practical issue: introduction to SNMP
BZUPAGES.COM
Network ManagementRequirements
Example of approach
• Controlling strategic assets
• Controlling complexity
• Improving service
• Balancing various needs: performance, availability, security, cost
• Reducing downtime
• Controlling costs
BZUPAGES.COM
Network ManagementOSI functional areas
• Fault management– Detect the fault
– Determine exactly where the fault is
– Isolate the rest of the network from the failure so that it can continue to function
– Reconfigure or modify the network in such a way as to minimize the impact
– Repair or replace the failed components
– Tests: connectivity, data integrity, response-time, ….
BZUPAGES.COM
Network ManagementOSI functional areas
• Fault management• Monitoring network and system state.• Responding and reacting to alarms.• Diagnosing fault causes (i.e., fault isolation and root-cause analysis).• Establishing error propagation.• Introducing and checking error recovery measures (i.e., testing and• verification).• Operating trouble ticket systems.• Providing assistance to users (user help desk).
• Self-identification of system components.• Separate testability of components.
BZUPAGES.COM
Network ManagementOSI functional areas
• Fault managementThe following technical capabilities and important aids for fault management
can assist in fault analysis:
• Self-identification of system components.
• Separate testability of components.
• Trace facility (i.e., keeping records of switched message traffic or labeling messages
• for the purpose of traceability or special compatibility reports).
• Error logs.
• Message echoes at all protocol layers (i.e., at transmission links and on an endto-
end basis), such as “heartbeat” or “keep alive” messages that detect failure.
• Retrieval possibilities for memory dumps.
• Start possibilities (which can also be initiated and monitored centrally) for selftest.
BZUPAGES.COM
Network ManagementOSI functional areas
• Fault management• ping and trace route analysis of network reachability.
• Triggering of planned resets and restarts (directed to specific ports, port groups,and components).
• Availability of special test systems (e.g. interface checkers, protocol analyzers, hardware monitors for line supervision).
• Support of filter mechanisms for fault messages or alarms and event
BZUPAGES.COM
Network ManagementOSI functional classification
• Performance management:– What is the level of capacity utilization?
– Is there excessive traffic?
– Has throughput been reduced to unacceptable levels?
– Are there bottlenecks?
– Is response time increasing?
– Indicators: availability, response time, accuracy service throughput, utilization efficiency
BZUPAGES.COM
Network ManagementOSI functional classification
• Performance management:• Vertical QOS mapping (e.g. speech quality)
• Horizontal QOS mapping (e.g. protocols)
• Establishing QoS parameters and metrics.
• Monitoring all resources for performance bottlenecks and threshold crossings.
• Carrying out measurements and trend analysis to predict failure before it occurs.
• Evaluating history logs (i.e., records on system activity, error files).
• Processing measurement data and compiling performance reports.
• Carrying out performance and capacity planning.
• Description of reactions to changes of the QoS parameters mentioned earlier.
BZUPAGES.COM
Network ManagementOSI functional classification
• Configuration and Name Management:– A description of a distributed system
– The process of configuration
– Installation of new hardware/software
– Tracking changes in control configuration
– Who, what and why? - network topology
– User interface of the configurator
– Location of configuration
– Storage of configuration
– Validity of configuration
– The result of a configuration process
BZUPAGES.COM
Network ManagementOSI functional classification
• Configuration and Name Management:– Revert/undo changes
– Change management
– Configuration audit
– Does it do what was intended
– Tools for Configuration Management
BZUPAGES.COM
Network Management OSI functional classification
• Security management• Passive attacks: theft of information (passwords, etc.).
• Active attacks: masquerades (i.e., users pretending to be someone else, or
• repeating, giving priority to or delaying message; (unauthorized access, viruses, Trojan horses, denial-of-service attacks).
• Malfunctioning of resources.
• Faulty or inappropriate behavior and incorrect response operation.
• Security services: generating, distributing, storing of encryption keys for services
• Exception alarm generation, detection of problems
• Backups, data security
• Security logging
BZUPAGES.COM
Network Management OSI functional classification
• Break down of security management tasks• Conducting threat analyses.
• Defining and enforcing security policies.
• Checking identity (authentication based on signatures, certificates).
• Carrying out and enforcing access controls.
• Guaranteeing confidentiality (encryption).
• Ensuring data integrity (message authentication).
• Monitoring systems to prevent threats to security.
• Reporting on security status and violations or attempted violations.
BZUPAGES.COM
Network ManagementOSI functional classification
• Accounting management– Identifying consumers and suppliers of network resources - users
and groups
– Mapping network resources consumption to customer identity
– Billing
BZUPAGES.COM
Organizational Aspects of Management
• Specifying interfaces between domains to enable the exchange of management
• information and the invocation of management actions.
• Planning and establishing a management infrastructure.
• defining procedures for implementing the management processes
• the tool functionality required.
• Establishing an operational and organizational structure for carrying out management.
BZUPAGES.COM
Organizational Aspects of Management
• Organizational structure of a particular company (teams, groups,
• departments, operating areas).
• Geographical conditions (country, location, campus, building).
• Business areas.
• Data processing–related aspects (e.g., LAN/WAN, central/distributed DP)
• Types of resources (hardware, system software, applications software,
data, operating materials, premises, technical infrastructure).
BZUPAGES.COM
Network Management Scenario
BZUPAGES.COM
Management Information
• Manager
• Agent
• Management Agent
• Establishing a Common Terminology Between Manager and Agent– Same meaning of objects and term
BZUPAGES.COM
Management Information
• Management information base– The Managed Device as a Conceptual Data Store
– The MIB is not the same as a database
– One kind of information
– One aspect
– Physical aspect
– Logical aspect
– Manager can manipulate the information in MIB
– Managed object (MO)
– Real resource
BZUPAGES.COM
Management Information
BZUPAGES.COM
Management Information
• Categories of Management Information• State information
– current state of physical and logical resources
– current alarm conditions
– Current CPU load, and utilization of bandwidth and memory.• Physical configuration information
– device type
– physical configuration in terms of cards and available ports
– MAC addresses
– configuration information changes only rarely
– Stored
BZUPAGES.COM
Management Information
• Categories of Management Information• Logical configuration information
– IP addresses
– telephone numbers
– logical interfaces
– can be changed by management applications and administrators
– startup configuration information
– transient configuration information
BZUPAGES.COM
Management Information
• Categories of Management Information• Historical information
– This includes historical snapshots of performance-related state
– It is not the part of MIB
– It is simply “data” that is stored at the device
The Difference Between a MIB and a Database
• Footprint• general-purpose processing capabilities.
• Specific management requirements
• Real effects• Real world resource
• Characteristics of the contained data
BZUPAGES.COM
Management Information
• Categories of Management Information• The Relationship Between MIBs and Management Protocols
– SNMP
– Structure of Management Information (SMI)
– MIB does not depend on any particular management protocol
– HTML
– Protocol is depended on MIB
BZUPAGES.COM
Management Information
BZUPAGES.COM
Management Information
• MIB Definitions• data processing
• data is based on underlying data definitions
• Data type (integer, character etc)
• MIB definition are also referred to as a model
• MIB definition, and model definition are used synonymously
• Equipment vendors publish the definitions of the MIBs that their devices implement
• MIB definitions that vendors publish must be stable and should not be subjected to change lightly.
• Example :TCP connections
BZUPAGES.COM
Management Information
• Of Schema and Metaschema• The underlying “real world” that is being abstracted by the model is
often called the domain
• The schema that underlies the MIB remains constant over time.
• The term metaschema means “a schema of a schema,”
BZUPAGES.COM
SNMP
• Management Information Base (MIB)– Virtual Information Store of MOs– Information are stored at MOs using different approaches– MIB II added a number of useful variables
• Structure of Management Information (SMI)– Framework fot the Definition of SNMP MIBs– Object Information Model for Network Management– Formal Description of the Structure are Given Using a Subset of ASN.1
• Abstract Syntax Notation 1 (ASN.1)– A Standard Object Definition Language– A Standard Way to Encode Objects for Transfer Over a Network
– It’s Large,Complex,and not Especially Efficient
BZUPAGES.COM
Components of SNMP
BZUPAGES.COM
VersionsVersions
•Three major versions SNMPv1, SNMPv2,SNMPv3
•SNMPv1 is the recommended standard
•SNMPv2 has become split into:
•SNMPv2u - SNMPv2 with user-based security
•SNMPv2* - SNMPv2 with user-based security and additional features
•SNMPv2c - SNMPv2 without security
•SNMPv3 – Security and other enhancements
BZUPAGES.COM
The Internet- Standard Management Framework
The Internet- Standard Management Framework
• SNMP is a tool (protocol) that allows for remote and local management of items on the network including servers, workstations, routers, switches and other managed devices.
• Comprised of agents and managers
•Agent - process running on each managed node collecting information about the device it is running on.
•Manager - process running on a management workstation that requests information about devices on the network.
BZUPAGES.COM
SNMP network management consists of four parts:
The Internet- Standard Management Framework (contd.)
The Internet- Standard Management Framework (contd.)
•Structure of Management Information (SMI)•Structure of Management Information (SMI)•Rules specifying the format used to define objects managed on the network that the SNMP protocol accesses
•Management Information Base (MIB)•Management Information Base (MIB)•A map of the hierarchical order of all managed objects and how they are accessed
•SNMP Protocol•SNMP Protocol•Defines format of messages exchanged by management systems and agents.•Specifies the Get, GetNext, Set, and Trap operations
•Security and administration capabilities•The addition of these capabilities represents the major enhancement in SNMPv3 over SNMPv2
BZUPAGES.COM
Ports & UDPPorts & UDP
•SNMP uses User Datagram Protocol (UDP) as the transport mechanism for SNMP messages
•UDP Port 161 - SNMP Messages
•UDP Port 162 - SNMP Trap Messages
•Like FTP, SNMP uses two well-known ports to operate:
Ethernet
Frame
IP Pack
et
UDP Datagram
SNMP Message CRC
BZUPAGES.COM
Four Basic OperationsFour Basic Operations
•Get
•GetNext
•Set
•Trap
Retrieves the value of a MIB variable stored on the agent machine
(integer, string, or address of another MIB variable)
Retrieves the next value of the next lexical MIB variable
Changes the value of a MIB variable
An unsolicited notification sent by an agent to a management application (typically a notification of something unexpected, like an error)
BZUPAGES.COM
Basic operations contd..
Manager Agent
get_request
get_next_request
get_response port 161
port 161
port 161
port 161port 162
get_response
get_responseset_request
trap
BZUPAGES.COM
TrapsTraps•Traps are unrequested event reports that are sent to a management system by an SNMP agent process
•When a trappable event occurs, a trap message is generated by the agent and is sent to a trap destination (a specific, configured network address)
•Many events can be configured to signal a trap, like a network cable fault, failing NIC or Hard Drive, a “General Protection Fault”, or a power supply failure
•Traps can also be throttled -- You can limit the number of traps sent per second from the agent
•Traps have a priority associated with them -- Critical, Major, Minor, Warning, Marginal, Informational, Normal, Unknown
BZUPAGES.COM
Trap ReceiversTrap Receivers•Traps are received by a management application.
•Management applications can handle the trap in a few ways:•Poll the agent that sent the trap for more information about the event, and the status of the rest of the machine.
•Log the reception of the trap.
•Completely ignore the trap.
BZUPAGES.COM
Languages of SNMPLanguages of SNMP
•Structure of Management Information (SMI)
•Abstract Syntax Notation One (ASN.1)
•Basic Encoding Rules (BER)
specifies the format used for defining managed objects that are accessed via the SNMP protocol
used to define the format of SNMP messages and managed objects (MIB modules) using an unambiguous data description format
used to encode the SNMP messages into a format suitable for transmission across a network
BZUPAGES.COM
SNMP MESSAGE ENCODING
• THE DESCRIPTION OF MIBS AND MESSAGE FORMATS IS BASED ON THE ASN.1 SYNTAX
• THE MAPPING FROM AN ABSTRACT SYNTAX UPON A
TRANSFER SYNTAX IS DEFINED BY THE BASIC ENCODING RULES (BER)
MANAGER
UDP
IP
LINK
AGENT
UDP
IP
LINK
MIB
BERBER
ABSTRACT SYNTAX
TRANSFER SYNTAX
BZUPAGES.COM
Basic Message FormatBasic Message Format
Message Length
Message Version
Community String
PDU Header
PDU Body
Message Preamble
SNMP Protocol Data Unit
BZUPAGES.COM
NAME 1 VALUE 1 NAME 2 VALUE 2 ••• ••• NAME n VALUE n
PDU TYPE* ERROR
VARIABLE BINDINGSSTATUSREQUEST
IDERRORINDEX
VERSION COMMUNITY SNMP PDU
variable bindings:
SNMP PDU:
SNMP message:
BZUPAGES.COM
Network Management Some ideas
• Managed objects: functions provided by the network
• Element Management Systems (EMS): managing a specific portion of the network (may manage async lines, multiplexers, routers)
• Managers of Manager Systems (MoM): integrate together information from several EMS
BZUPAGES.COM
Network Management Standards
• Internet approach: Simple Network Management Protocol (SNMP, secure SNMP, SNMP v2)
• OSI approach: CMIP - common management information protocol, CMIS - common management information service (user interface)
We concentrate on SNMP
BZUPAGES.COM
Network Management Proprietary solutions
• The world of Microsoft PC software:Windows NT + several (or hundreds) of PCs with Windows 95 (98??)
• Solution: Microsoft SMS software:full control over workstations (Windows95) from central NT serversoftware configuration, updates, full inventory
• NT world - incorporates SNMP mechanisms
Related Documents
