Dr Alejandra Flores-Mosri Network Monitoring Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: – Explain the uses of network monitoring – Explain the operation of SNMP – Differentiate between SNMP and RMON – Explain the construction of MIBs – Construct a simple network monitoring strategy using SNMP commands and MIBs – Distinguish the advantages and disadvantages of network monitoring
Learning outcomes. At the end of this session, you should be able to: Explain the uses of network monitoring Explain the operation of SNMP Differentiate between SNMP and RMON Explain the construction of MIBs Construct a simple network monitoring strategy using SNMP commands and MIBs - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Dr Alejandra Flores-Mosri
Network Monitoring
Internet Management & Security 06
Learning outcomes
At the end of this session, you should be able to:
– Explain the uses of network monitoring– Explain the operation of SNMP– Differentiate between SNMP and RMON– Explain the construction of MIBs– Construct a simple network monitoring strategy
using SNMP commands and MIBs– Distinguish the advantages and disadvantages
of network monitoring
Dr Alejandra Flores-Mosri
Network Monitoring
Internet Management & Security 06
Introduction
Network monitoring and management is used to ensure that:
• Resources are operating optimally
• As many faults as possible are prevented
• Faults are identified and fixed timely
Dr Alejandra Flores-Mosri
Network Monitoring
Internet Management & Security 06
Introduction
SNMP in TCP/IPRemember this?
Dr Alejandra Flores-Mosri
Network Monitoring
Internet Management & Security 06
Introduction
SNMP in TCP/IPand this?
Dr Alejandra Flores-Mosri
Network Monitoring
Internet Management & Security 06
Network Management Protocols
• SNMP is an application layer protocol that facilitates the exchange of management information between network devices.
• It is part of the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite.
• SNMP enables network administrators to manage network performance, find and solve network problems, and plan for network growth.
Dr Alejandra Flores-Mosri
Network Monitoring
Internet Management & Security 06
Introduction
SNMP-managed network consists of three key components: managed devices, agents, and network-management systems (NMSs).
Managed devices are controlled using 4 basic commands and traversal operation:
• read - command is used by an NMS to monitor managed devices. The NMS examines different variables that are maintained by managed devices.
• write - command is used by an NMS to control managed devices. The NMS changes the values of variables stored within managed devices.
• Trap - command is used by managed devices to asynchronously report events to the NMS. When certain types of events occur, a managed device sends a trap to the NMS.
Dr Alejandra Flores-Mosri
Network Monitoring
Internet Management & Security 06
SNMP v1
SNMP – Basic Commands
Traversal operations are used by the NMS to determine which variables a managed device supports and to sequentially gather information in variable tables, such as a routing table.
Dr Alejandra Flores-Mosri
Network Monitoring
Internet Management & Security 06
SNMP v1
SNMP – Simple Network Management Protocol
Basic operation:• Polls – NMS query NMAs in devices about
specific status and NMAs respond to NMS• Traps – NMAs in devices inform NMS of
changes in status (need to be configured)
Polls and traps can occur simultaneously
Dr Alejandra Flores-Mosri
Network Monitoring
Internet Management & Security 06
Network Management Protocols
• Network Management Protocols determine how the NMS and the NMAs will work and the information they provide and collect:
– SNMP v1– SNMP v2– SNMP v3 (not really an NMP)
– RMONv1– RMONv2
Dr Alejandra Flores-Mosri
Network Monitoring
Internet Management & Security 06
Structure of Management Information and MIBs
• The Structure of Management Information (SMI) is the way in which an NMS organises collected information.
• A Management Information Base (MIB) is the way in which an NMA organises the monitored information:– is a collection of information that is organized
hierarchically.– MIBs are accessed using a network-
management protocol such as SNMP..
Dr Alejandra Flores-Mosri
Network Monitoring
Internet Management & Security 06
Structure of Management Information and MIBs
• SMI defines the managed objects and MIB is a managed object.
• Managed objects are comprised of one or more object instances, which are essentially variables.
• Two types of managed objects exist: scalar and tabular:– Scalar objects define a single object instance. – Tabular objects define multiple related object
instances that are grouped in MIB tables.
Dr Alejandra Flores-Mosri
Network Monitoring
Internet Management & Security 06
MIB-II
Standard MIBs are defined by the MIB-II RFC (rfc 1213) and address general TCP/IP management information
– Interface speeds– Maximum Transfer Unit (MTU)– Octets sent– Octets received
(MIB was the original standard but was absorbed by MIB-II)
Dr Alejandra Flores-Mosri
Network Monitoring
Internet Management & Security 06
SMI object tree
Dr Alejandra Flores-Mosri
Network Monitoring
Internet Management & Security 06
Other standard MIBs
Other standard MIBs have been defined by the standard groups for several purposes:– ATM MIB (RFC 2515)– Frame Relay DTE Interface type MIB (RFC
2115)– Mail Monitoring MIB (RFC 2249)– DNS Server MIB (RFC 1611)
Network managers are also able to design ad hoc MIBs for their network devices.
Dr Alejandra Flores-Mosri
Network Monitoring
Internet Management & Security 06
SNMP main characteristics
• Uses UDP as a transport protocol (port 162 for polls and 161 for traps)
• Security by using community names:– Read-only– Read-write– Trap
• SNMPv1 basic version
• SNMPv2 enhances SNMPv1
• SNMPv3 adds security to SNMPv2
Dr Alejandra Flores-Mosri
Network Monitoring
Internet Management & Security 06
SNMP commands
SNMPv1 PDU
SNMPv2 PDU Direction Description
GetRequest GetRequest NMS NMA Request value for each listed object
GetRequest GetRequest NMS NMA Request next value for each listed object
• An RMON Probe Can Send Statistical Information to an RMON Console
Dr Alejandra Flores-Mosri
Network Monitoring
Internet Management & Security 06
Advantages & Disadvantages
Advantages• Network monitoring allows a centralised vision of
all of the devices in the network• Allows flexibility and mobility to network managers
Disadvantages• Introduces administration traffic into the network
(roughly 5% of all traffic is control traffic)• Needs careful planning on traps and polls in order
to maintain the balance between management and bandwidth utilisation.
Dr Alejandra Flores-Mosri
Network Monitoring
Internet Management & Security 06
Conclusions
• Network monitoring facilitates the task of managing several devices at a time
• The network monitoring centres need to be manned at all times for large networks and the network manager needs to be on call at all times for smaller networks
• SNMP provides a set of simple commands that collect a wide range of information about devices through MIBs
• RMON is similar to passive traffic measurement and allows minimal probing of devices
Dr Alejandra Flores-Mosri
Network Monitoring
Internet Management & Security 06
Resources
• SNMPv1 - RFC 1157
• SNMPv2 - RFC 1905, 1906, 1907
• SNMPv3 - RFC 2571, 2573, 2574, 2575
• RMONv2 - RFC 2021
• RFCs can be found at: http://www.ietf.org/rfc.html
• D. R. Mauro, Essential SNMP, O’Reilly. 2001• CISCO Internetworking Technology Handbook :