Network critical to running of business Complexity of network requiring automated management tools
Large number of devices, increased probability of device failure Likelihood of devices from different manufacturers
Physical distribution of network assets requiring management of assets across the network itself
Fault Management
Correcting a work-stopping fault and resuming normal service with the minimum of delay Determine location of fault Isolate rest of network from failure Reconfigure network to operate efficiently without failed components Rectify fault, reconnect components, reconfigure network again
Steps:
Accounting Management
Charging cost of providing network to departments or cost centres based on usage statistics User(s) may overburden network at expense of other users User(s) making inefficient use of network can be targetted by network manager to change procedures are improve performance Network manager can plan for network growth if user activity is known
Reasons
Deciding how a device is to be used, choosing appropriate software and settings for the device Initialising a network Gracefully shutting down all or part of a network Maintaining, adding, updating relationships between components Status of components during network operation
Concerned with
Performance Management
Identifying deteriorating response or throughput of the network and introducing additional equipment / transmission-capacity to alleviate the problem What is the level of capacity utilisation? Is there excessive traffic? Has throughput reduced unacceptably? Are there bottlenecks? Is response time increasing?
Performance issues
Security Management
Monitoring and controlling access to computer networks Concerned with generation, distributing and storing encryption keys, passwords and other access control information Requires use of security logs and audit records
Layer Management
Most of the protocols associated with the TCP/IP suite have associated operational parameters, e.g. IPs TTL parameter and TCPs retransmission timer As a network expands, such parameters may need to be changed while the network is still operational
Connection Monitoring
Ping a number of critical IP addresses at intervals Inefficient, and not very informative, should only be used if no alternative Analyse traffic on a network and generate reports MS Network Monitor / Fluke Network Analyzer Works on a single segment at a time More sophisticated tools use SNMP/CIMP to remotely monitor other segments
Traffic Monitoring
Released by US Department of Defense and TCP/IP developers in 1988 Most widely used and well-known in network software management tools Uses a technique called MIB collection to retrieve network information - i.e polls each device on a network in sequence, asking for status, records that information centrally
Devices on the network dont need to be smart enough to report problems as they occur
SNMPs polling contributes significantly to network traffic
Developed by the ISO, pre-dating SNMP Not implemented as much as SNMP, especially since SNMP became a part of TCP/IP Uses a technique called MIB reporting to gather network information - the central monitoring station waits for devices to report their current status to it May be useful if keeping non-essential network traffic to a minimum is critical
Developed by ITU-T Specifies management architectures for telecommunications networks (e.g. ISDN, B-ISDN, ATM) Provides a richer framework of architectural concepts than SNMPv3 Underlying protocols may be provided by SNMP or CMIP
A network monitor uses SNMP or CMIP to keep track of statistical information about a network
A network analyser does the same but provides a more sophisticated level of service - for example some network analysers can not only detect and identify problems, they can fix them as well A network analyser may be dedicated hardware, but can just be a specialised software package that runs on a typical PC using a typical network card
Network Troubleshooting
Problems will happen on networks Approach the problem logically and methodically Two useful approaches to network troubleshooting:
Executes applications that monitor and control managed devices May be a dedicated device Could have more than one NMS on a network Devices: switch, router, workstation, printer Software Elements: protocol Collect and store management-related information
Managed elements
Agents
Network management software that resides in a managed device Has local knowledge of management information Translates the information into SNMP form Communicates with Network Management System Master Agent
Parses and formats protocol messages Models objects of interest within a subsystem Interfaces to the subsystem for monitoring and management operations
Subagent
SNMP Standards
SNMPv1 original standard defined by RFCs 1155, 1157, 1212 and 1213
Widely used
Not widely adopted due to serious disagreements about security framework Fragmented into v2c, v2p and v2u Standardised as of 2004 Implementations often support v1, v2c and v3
SNMPv3 Framework
Structure of Management Information (SMI)
SNMP SMI
SMI defines rules for describing management information using ASN.1 SMI specifies:
ASN.1 data types SMI-specific data types MIB table Information modules (added in SNMPv2)
SNMP MIB
Management Information Base Database of information, organised hierarchically Accessed via SNMP protocol Contains managed objects, each identified by an object identifier Managed object:
Some characteristic of a managed device Comprised of one or more object instances May be scalar or tabular
SNMP Security
A password (community string) is required between NMS and agent, but this is not encrypted for transmission v2p party-based security v2u user-based security v2c back to community strings
SNMPv3 allows a number of different security methods to be incorporated into its architecture, including:
Scoped PDU
GetBulk:
Get Retrieve the value of a scalar SNMP variable GetNext Retrieve the next value in a tabular SNMP variable Set Change the value of an SNMP variable Trap Used by agent to report an event to an NMS GetBulk (added in SNMPv2) Retrieve whole table in one operation Inform (added in SNMPv2 Used by one NMS to report an event to another NMS
Remote Monitoring
RMON is an enhancement to SNMP Allows SNMP to look at entire network, not just individual devices RMON probe collects data from a network segment and relays it back to management console RMON creates new categories of data, i.e. new branches added to MIB tree
RMON
Ethernet Statistics Group statistics gathered for each segment History Control Group records sample from the Ethernet Statistics Group of a specified period of time Alarm Group alerts network admin based on counters exceeding specified thresholds Host Group counters for each host on segment Host TOPN Group reports, e.g. top 10 hosts that generate broadcast