Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. AANTS: Web-Based Tools for Cooperative Campus Network Administration Charles Thomas Dave Plonka AANTS Administration Team Division of Info. Tech. (DoIT) Network Services University of Wisconsin - Madison
  2. 2. Past Campus Network: <ul><li>ATM LANE environment with 5 or 6 routers. </li></ul><ul><li>Multiple switch brands, many models. </li></ul><ul><li>Centrally-managed configurations for 50-75 devices. </li></ul>
  3. 3. Past Campus Network: <ul><li>Campus departments administered their own LANs and had their own IT staff. </li></ul><ul><li>Gear purchase, configuration, deployment, and maintenance was handled on a department-by-department basis. </li></ul><ul><li>This led to a hodgepodge of operating procedures and network designs, some incompatible with each other. </li></ul>
  4. 4. Campus XXI Century Network Upgrade <ul><li>Use Cisco equipment as a standard to minimize cross-vendor incompatibilities. </li></ul><ul><li>Increase the backbone speed to 10 Gb/s. </li></ul><ul><li>Offer 1 Gb/s departmental connections. </li></ul><ul><li>Move to a centrally-purchased and centrally-managed network model. </li></ul>
  5. 5. Present Campus Network <ul><li>Nearly 900 Cisco network devices, many models. </li></ul><ul><li>A few Juniper and NetScreen devices. </li></ul><ul><li>41,000+ managed ports. </li></ul><ul><li>The number of managed buildings, devices, and ports is growing every day. </li></ul>
  6. 7. The Challenge <ul><li>Campus LAN admins (Authorized Agents) need to administer the switches and ports which carry their LANs. </li></ul><ul><li>The gear is centrally owned/managed, therefore we cannot allow them direct access (e.g. ssh or telnet) to the switches themselves. </li></ul><ul><li>Need to maintain good relations with AAs and not deprive them of their sense of autonomy (political/practical). </li></ul>
  7. 9. The Goal <ul><li>Give our Authorized Agents comparable (and in many cases improved) network management capabilities. </li></ul><ul><li>Maintain appropriate levels of security, authorization and access control. </li></ul><ul><ul><li>Protect centrally-managed gear. </li></ul></ul><ul><ul><li>Protect AAs from each other. </li></ul></ul>
  8. 10. AANTS: Authorized Agent Network Tool Suite <ul><li>Loosely-coupled set of web-based utilities for network administration. </li></ul><ul><li>Tools are team-developed in-house, optimized toward local networking practices, driven by user need. </li></ul><ul><li>Allow users (campus LAN administrators and network engineers) to manage network devices, change device configurations, troubleshoot, inspect traffic data, coordinate with users, and perform other network management tasks. </li></ul>
  9. 11. Foundation Technologies: <ul><li>NetCMS - Network Device Configuration Management System for tracking router/switch configurations. </li></ul><ul><li>WiscNIC - RIPE whois database of network information. </li></ul><ul><li>Oracle/MySQL - Device config database. </li></ul><ul><li>Cisconf - Cisco tftp config tool. </li></ul><ul><li>GNU Make - Project management. </li></ul><ul><li>FlowScan and MRTG (Multi-Router Traffic Grapher). </li></ul>
  10. 22. LookingGlass <ul><li>Run command-line operations on devices and view results. </li></ul><ul><li>View ethernet switch logs. </li></ul>
  11. 25. NetStats <ul><li>Graph router interface and switch port statistics. </li></ul><ul><li>Several summary graphs displaying different types of traffic statistics at the campus network border. </li></ul><ul><li>Searchable interface to traffic statistics. </li></ul>
  12. 28. NetWatch <ul><li>Locate a host given a MAC or IP address. </li></ul><ul><li>Discover which devices are connected to a specific switch. </li></ul>
  13. 30. EdgeConf <ul><li>Configure device ports. </li></ul><ul><li>Perform multiple port changes as one transaction. </li></ul><ul><li>Label ports with user information </li></ul><ul><li>Work with port subsets. </li></ul><ul><li>Examine switch port configurations and other switch information. </li></ul><ul><li>Users can only change devices/ports for which they are authorized. </li></ul>
  14. 36. VlanFinder <ul><li>Discovers all currently active VLANs. </li></ul><ul><li>User selects one or more VLANs. </li></ul><ul><li>Display devices and ports on which the VLANs are active. </li></ul><ul><li>Display VLAN attributes: </li></ul><ul><ul><li>Configuration of routed VLAN interfaces </li></ul></ul><ul><ul><li>Any trunk allowed VLANs </li></ul></ul><ul><ul><li>VLAN Spanning Tree Protocol priorities </li></ul></ul><ul><li>Device names and ports will be hot-linked (where applicable) to EdgeConf. </li></ul>
  15. 37. VlanFinder <ul><li>Used to identify devices/ports which could potentially be affected by work on a specific VLAN. </li></ul><ul><li>Used to map the current configuration of a VLAN prior to reconfiguration. </li></ul><ul><li>Used to verify the real-world result of network configuration changes (“Did my change do what I wanted?”). </li></ul>
  16. 41. MailByDevice <ul><li>Select one or more network devices. </li></ul><ul><li>Find all VLANs on each device. </li></ul><ul><li>Get all technical and administrative contacts for each VLAN from the WiscNIC database. </li></ul><ul><li>User can compose an email message. </li></ul><ul><li>Message will be mailed to all users. </li></ul><ul><li>Used to alert users when certain devices are going to be affected by NS actions. </li></ul>
  17. 44. CodePusher <ul><li>Push commands, operating code, or configuration code to selected network devices. </li></ul><ul><ul><li>Run command-line directives (e.g. ‘show int’). </li></ul></ul><ul><ul><li>Upgrade system software. </li></ul></ul><ul><ul><li>Modify device configurations. </li></ul></ul><ul><ul><li>Manage ACLs. </li></ul></ul><ul><li>Parallelized for maximum efficiency. </li></ul><ul><li>Can specify a delayed device restart date/time. </li></ul><ul><li>Parses results into log files which can be viewed from the web browser . </li></ul><ul><li>Performs error-checking. </li></ul><ul><li>Reports results via email. </li></ul>
  18. 46. Live Demos
  19. 47. Summary <ul><li>AANTS tools allow our customers to manage their network over the web, regardless of the user’s platform of choice. </li></ul><ul><li>AANTS tool development is driven by user input and real-world needs. </li></ul><ul><li>AANTS is built on a foundation of freely-available software. </li></ul><ul><li>Local networking practices guide AANTS’ growth as a customized system. </li></ul>
  20. 48. Summary (cont.) <ul><li>Day-to-day management tasks are handled more quickly and easily for network services staff. </li></ul><ul><li>Improved Security Management </li></ul><ul><ul><li>Maintain common Access-Control-Lists across network gear. </li></ul></ul><ul><ul><li>Locate and isolate compromised and abusive machines. </li></ul></ul><ul><ul><li>Visually identify bouts of abusive traffic. </li></ul></ul><ul><ul><li>Block traffic involving abusive intra- or extra-campus hosts </li></ul></ul>
  21. 49. Summary (cont.) <ul><li>These tools help us maintain good relations with campus LAN admins by empowering them rather than moving responsibility away from them. </li></ul><ul><li>This cooperative policy makes use of available campus IT talent to help network services staff manage the network. </li></ul>
  22. 50. Contact the AANTS Admin Team [email_address]
  23. 51. Q&A