Challenges of Managing Large Networks

Network critical to running of business Complexity of network requiring automated management tools

Large number of devices, increased probability of device failure Likelihood of devices from different manufacturers

Physical distribution of network assets requiring management of assets across the network itself

OSI Key Areas of Network Management

Fault Management

Correcting a work-stopping fault and resuming normal service with the minimum of delay Determine location of fault Isolate rest of network from failure Reconfigure network to operate efficiently without failed components Rectify fault, reconnect components, reconfigure network again

Steps:

OSI Key Areas of Network Management

Accounting Management

Charging cost of providing network to departments or cost centres based on usage statistics User(s) may overburden network at expense of other users User(s) making inefficient use of network can be targetted by network manager to change procedures are improve performance Network manager can plan for network growth if user activity is known

Reasons

OSI Key Areas of Network Management

Configuration and Name Management

Deciding how a device is to be used, choosing appropriate software and settings for the device Initialising a network Gracefully shutting down all or part of a network Maintaining, adding, updating relationships between components Status of components during network operation

Concerned with

OSI Key Areas of Network Management

Performance Management

Identifying deteriorating response or throughput of the network and introducing additional equipment / transmission-capacity to alleviate the problem What is the level of capacity utilisation? Is there excessive traffic? Has throughput reduced unacceptably? Are there bottlenecks? Is response time increasing?

Performance issues

OSI Key Areas of Network Management

Security Management
Monitoring and controlling access to computer networks Concerned with generation, distributing and storing encryption keys, passwords and other access control information Requires use of security logs and audit records

Sub-area of Configuration and Name Management

Layer Management
Most of the protocols associated with the TCP/IP suite have associated operational parameters, e.g. IPs TTL parameter and TCPs retransmission timer As a network expands, such parameters may need to be changed while the network is still operational

Network Management Techniques

Connection Monitoring

Ping a number of critical IP addresses at intervals Inefficient, and not very informative, should only be used if no alternative Analyse traffic on a network and generate reports MS Network Monitor / Fluke Network Analyzer Works on a single segment at a time More sophisticated tools use SNMP/CIMP to remotely monitor other segments

Traffic Monitoring

SNMP (Simple Network Management Protocol)

Released by US Department of Defense and TCP/IP developers in 1988 Most widely used and well-known in network software management tools Uses a technique called MIB collection to retrieve network information - i.e polls each device on a network in sequence, asking for status, records that information centrally

Devices on the network dont need to be smart enough to report problems as they occur
SNMPs polling contributes significantly to network traffic

CMIP (Common Management Information Protocol)

Developed by the ISO, pre-dating SNMP Not implemented as much as SNMP, especially since SNMP became a part of TCP/IP Uses a technique called MIB reporting to gather network information - the central monitoring station waits for devices to report their current status to it May be useful if keeping non-essential network traffic to a minimum is critical

TMN (Telecommunications Management Network)

Developed by ITU-T Specifies management architectures for telecommunications networks (e.g. ISDN, B-ISDN, ATM) Provides a richer framework of architectural concepts than SNMPv3 Underlying protocols may be provided by SNMP or CMIP

Network Monitors / Network Analysers

A network monitor uses SNMP or CMIP to keep track of statistical information about a network

A network analyser does the same but provides a more sophisticated level of service - for example some network analysers can not only detect and identify problems, they can fix them as well A network analyser may be dedicated hardware, but can just be a specialised software package that runs on a typical PC using a typical network card

Network Troubleshooting
Problems will happen on networks Approach the problem logically and methodically Two useful approaches to network troubleshooting:

The Process of Elimination Divide and Conquer

Network Troubleshooting S/W Tools

Ping network layer connectivity Traceroute identifying network layer point of failure Telnet application layer connectivity Netstat protocol statistics / TCP/IP connections ARP show / change ARP cache IPConfig show IP / MAC settings

Simple Network Management Protocol

Application-layer protocol Facilitates the exchange of management information between network devices Part of the TCP/IP protocol suite.

SNMP Basic Components

Network Management System (NMS)

Executes applications that monitor and control managed devices May be a dedicated device Could have more than one NMS on a network Devices: switch, router, workstation, printer Software Elements: protocol Collect and store management-related information

Managed elements

SNMP Basic Components

Agents

Network management software that resides in a managed device Has local knowledge of management information Translates the information into SNMP form Communicates with Network Management System Master Agent

Parses and formats protocol messages Models objects of interest within a subsystem Interfaces to the subsystem for monitoring and management operations

Subagent

SNMP Standards

SNMPv1 original standard defined by RFCs 1155, 1157, 1212 and 1213

Widely used

SNMPv2 core defined by RFCs 2578-2580, 2819; 1907, 2572

Not widely adopted due to serious disagreements about security framework Fragmented into v2c, v2p and v2u Standardised as of 2004 Implementations often support v1, v2c and v3

SNMPv3 current standard defined by RFCs 3411-3418

SNMPv3 Framework
Structure of Management Information (SMI)

Management Information Bases (MIBs)

Simple Network Management Protocol (SNMP)

SNMP Security and Administration

Internet Standard Management Framework (SNMP Framework)

SNMP SMI
SMI defines rules for describing management information using ASN.1 SMI specifies:

ASN.1 data types SMI-specific data types MIB table Information modules (added in SNMPv2)

SNMP Data Representation

In order to allow communication between very different devices, SNMP uses an platform-independent format Data types of each managed object defined using a subset of ASN.1 Before communication, values are converted into standard syntax using ASN.1 Basic Encoding Rules (BER)

SNMP MIB

Management Information Base Database of information, organised hierarchically Accessed via SNMP protocol Contains managed objects, each identified by an object identifier Managed object:

Some characteristic of a managed device Comprised of one or more object instances May be scalar or tabular

SNMP MIB Tree Example

SNMP MIB Tree Example

SNMP Security

SNMPv1 lacks authentication capabilities

A password (community string) is required between NMS and agent, but this is not encrypted for transmission v2p party-based security v2u user-based security v2c back to community strings

SNMPv2 security fragmented into:

SNMPv3 allows a number of different security methods to be incorporated into its architecture, including:

user-based security as defined in SNMPv2u a new view-based access control model

SNMPv3 Message Format

Message Header

Scoped PDU

Message header has fields:

Version Number - 3 for SNMPv3 Message Identifier - matches responses to requests Maximum Message Size - that sender can receive Message Flags - controls processing of message Message Security Model - identifying which security model was used for message Message Security Parameters - appropriate to chosen security model Scoped PDU has fields: Context Engine ID identifies application to process PDU Context Name object identifier specifying context of PDU PDU variable formats, see next slide

SNMPv2 PDU Formats

Get, GetNext, Inform, Response, Set, Trap:

GetBulk:

SNMP Protocol Operations

Get Retrieve the value of a scalar SNMP variable GetNext Retrieve the next value in a tabular SNMP variable Set Change the value of an SNMP variable Trap Used by agent to report an event to an NMS GetBulk (added in SNMPv2) Retrieve whole table in one operation Inform (added in SNMPv2 Used by one NMS to report an event to another NMS

Remote Monitoring
RMON is an enhancement to SNMP Allows SNMP to look at entire network, not just individual devices RMON probe collects data from a network segment and relays it back to management console RMON creates new categories of data, i.e. new branches added to MIB tree

RMON

RMON Categories of Data

Ethernet Statistics Group statistics gathered for each segment History Control Group records sample from the Ethernet Statistics Group of a specified period of time Alarm Group alerts network admin based on counters exceeding specified thresholds Host Group counters for each host on segment Host TOPN Group reports, e.g. top 10 hosts that generate broadcast