Learning outcomes

Dr Alejandra Flores-Mosri

Network Monitoring

Internet Management & Security 06

Learning outcomes

At the end of this session, you should be able to:

– Explain the uses of network monitoring– Explain the operation of SNMP– Differentiate between SNMP and RMON– Explain the construction of MIBs– Construct a simple network monitoring strategy

using SNMP commands and MIBs– Distinguish the advantages and disadvantages

of network monitoring


Network Monitoring


Introduction

Network monitoring and management is used to ensure that:

• Resources are operating optimally

• As many faults as possible are prevented

• Faults are identified and fixed timely


Network Monitoring


Introduction

SNMP in TCP/IPRemember this?


Network Monitoring


Introduction

SNMP in TCP/IPand this?


Network Monitoring


Network Management Protocols

• SNMP is an application layer protocol that facilitates the exchange of management information between network devices.

• It is part of the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite.

• SNMP enables network administrators to manage network performance, find and solve network problems, and plan for network growth.


Network Monitoring


Introduction

SNMP-managed network consists of three key components: managed devices, agents, and network-management systems (NMSs).


Network Monitoring


Introduction

More accurately…with flow


Network Monitoring


Resources & Elements

NMS

NMS

NMA

NMA

NMA

NMA

NMA

NMA NMA

NMA

NMA

NMA

NMA

NMS Network Management System (Station)NMA Network Management AgentNMP Network Management Protocol

Resources: any device attached tothe network.


Network Monitoring


SNMP v1

SNMP – Basic Commands

Managed devices are controlled using 4 basic commands and traversal operation:

• read - command is used by an NMS to monitor managed devices. The NMS examines different variables that are maintained by managed devices.

• write - command is used by an NMS to control managed devices. The NMS changes the values of variables stored within managed devices.

• Trap - command is used by managed devices to asynchronously report events to the NMS. When certain types of events occur, a managed device sends a trap to the NMS.


Network Monitoring


SNMP v1

SNMP – Basic Commands

Traversal operations are used by the NMS to determine which variables a managed device supports and to sequentially gather information in variable tables, such as a routing table.


Network Monitoring


SNMP v1

SNMP – Simple Network Management Protocol

Basic operation:• Polls – NMS query NMAs in devices about

specific status and NMAs respond to NMS• Traps – NMAs in devices inform NMS of

changes in status (need to be configured)

Polls and traps can occur simultaneously


Network Monitoring


Network Management Protocols

• Network Management Protocols determine how the NMS and the NMAs will work and the information they provide and collect:

– SNMP v1– SNMP v2– SNMP v3 (not really an NMP)

– RMONv1– RMONv2


Network Monitoring


Structure of Management Information and MIBs

• The Structure of Management Information (SMI) is the way in which an NMS organises collected information.

• A Management Information Base (MIB) is the way in which an NMA organises the monitored information:– is a collection of information that is organized

hierarchically.– MIBs are accessed using a network-

management protocol such as SNMP..


Network Monitoring


Structure of Management Information and MIBs

• SMI defines the managed objects and MIB is a managed object.

• Managed objects are comprised of one or more object instances, which are essentially variables.

• Two types of managed objects exist: scalar and tabular:– Scalar objects define a single object instance. – Tabular objects define multiple related object

instances that are grouped in MIB tables.


Network Monitoring


MIB-II

Standard MIBs are defined by the MIB-II RFC (rfc 1213) and address general TCP/IP management information

– Interface speeds– Maximum Transfer Unit (MTU)– Octets sent– Octets received

(MIB was the original standard but was absorbed by MIB-II)


Network Monitoring


SMI object tree


Network Monitoring


Other standard MIBs

Other standard MIBs have been defined by the standard groups for several purposes:– ATM MIB (RFC 2515)– Frame Relay DTE Interface type MIB (RFC

2115)– Mail Monitoring MIB (RFC 2249)– DNS Server MIB (RFC 1611)

Network managers are also able to design ad hoc MIBs for their network devices.


Network Monitoring


SNMP main characteristics

• Uses UDP as a transport protocol (port 162 for polls and 161 for traps)

• Security by using community names:– Read-only– Read-write– Trap

• SNMPv1 basic version

• SNMPv2 enhances SNMPv1

• SNMPv3 adds security to SNMPv2


Network Monitoring


SNMP commands

SNMPv1 PDU

SNMPv2 PDU Direction Description

GetRequest GetRequest NMS NMA Request value for each listed object

GetRequest GetRequest NMS NMA Request next value for each listed object

------ GetBulkRequest NMS NMA Request multiple values

SetRequest SetRequest NMS NMA Set value for each listed object

------ InformRequest NMS NMS Transmit unsolicited information

GetResponse Response NMA NMS

NMS NMS

Respond to manager request

------ Report (implemented in SNMPv3)

NMS NMS Problems with processing SNMP messages

Notification NMA NMS As trap but with same format as get & set

Trap SNMPv2-Trap NMA NMS Transmit unsolicited information


Network Monitoring


Remote Monitoring (RMON)

• RMONv1– Monitors that watch traffic on network segments

in LANs or WANs– Also uses MIBs in order to organise information– Some vendors include the probing (polling)

facility

• RMONv2– Enhances RMONv1 by providing network and

application level statistical gathering (like passive network measurement)


Network Monitoring


Remote Monitoring (RMON)

• An RMON Probe Can Send Statistical Information to an RMON Console


Network Monitoring


Advantages & Disadvantages

Advantages• Network monitoring allows a centralised vision of

all of the devices in the network• Allows flexibility and mobility to network managers

Disadvantages• Introduces administration traffic into the network

(roughly 5% of all traffic is control traffic)• Needs careful planning on traps and polls in order

to maintain the balance between management and bandwidth utilisation.


Network Monitoring


Conclusions

• Network monitoring facilitates the task of managing several devices at a time

• The network monitoring centres need to be manned at all times for large networks and the network manager needs to be on call at all times for smaller networks

• SNMP provides a set of simple commands that collect a wide range of information about devices through MIBs

• RMON is similar to passive traffic measurement and allows minimal probing of devices


Network Monitoring


Resources

• SNMPv1 - RFC 1157

• SNMPv2 - RFC 1905, 1906, 1907

• SNMPv3 - RFC 2571, 2573, 2574, 2575

• RMONv2 - RFC 2021

• RFCs can be found at: http://www.ietf.org/rfc.html

• D. R. Mauro, Essential SNMP, O’Reilly. 2001• CISCO Internetworking Technology Handbook :

http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/

Learning outcomes

Documents