Chapter 9

977 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
977
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
41
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Chapter 9

  1. 1. INFO 331 Computer Networking Technology II Chapter 9 Network Management Glenn Booker
  2. 2. Network Management History <ul><li>Network management didn’t exist in its current form until the 1980’s </li></ul><ul><ul><li>From the ’40s to ’70s, networks were typically very homogeneous (proprietary-only), so network management tools were specific to that insular environment, if used at all </li></ul></ul><ul><ul><li>The advent of the PC and Macintosh made networks get much more heterogeneous, and increased the complexity of network management </li></ul></ul>
  3. 3. Network Management <ul><li>A network typically consists of many unrelated types of equipment, which are all supposed to work together in perfect harmony, in spite of the myriad protocols, operating systems, interfaces, etc. involved </li></ul><ul><ul><li>Servers and workstations </li></ul></ul><ul><ul><li>Routers, switches, and hubs </li></ul></ul><ul><ul><li>Wireless access points and hosts </li></ul></ul><ul><ul><li>Firewalls </li></ul></ul>
  4. 4. Network Management <ul><li>In order to manage this mess, there is often a Network Operations Center (NOC) to coordinate maintenance, upgrades, monitoring, optimization (if you have time), repairs, etc. </li></ul><ul><ul><li>Akin to a pilot’s cockpit, or the control room for a power station, or the mixing board at a concert </li></ul></ul>
  5. 5. Network Management <ul><li>We need to know </li></ul><ul><ul><li>What to monitor </li></ul></ul><ul><ul><ul><li>What is worth focusing your attention on? </li></ul></ul></ul><ul><ul><li>How to analyze what we see </li></ul></ul><ul><ul><li>How to respond to changing conditions (fix problems) </li></ul></ul><ul><ul><li>How to proactively manage the system (prevent problems) </li></ul></ul>
  6. 6. Typical Problems <ul><li>Even a simple network can have challenges which help motivate the need for network management </li></ul><ul><li>Detect interface card failure at a host or router </li></ul><ul><ul><li>The host or router might report the interface failure to the NOC </li></ul></ul><ul><ul><li>Better, network monitoring might reveal imminent failure, so the card is replaced before failure </li></ul></ul>
  7. 7. Typical Problems <ul><li>Monitor traffic to guide resource deployment </li></ul><ul><ul><li>Traffic patterns or congestion monitoring can show which parts of the network are most used </li></ul></ul><ul><ul><li>This could lead to improved usage of servers, simplifying physical layout or improving the speed of high traffic LAN segments, or make good upgrade decisions </li></ul></ul>
  8. 8. Typical Problems <ul><li>Detect rapid routing changes </li></ul><ul><ul><li>Routing can become unstable, causing rapid changes in routing tables ( route flapping ) </li></ul></ul><ul><ul><li>The network admin would like to know this is happening before something crashes as a result! </li></ul></ul><ul><li>Host is down </li></ul><ul><ul><li>Network monitoring could detect a system down before the user notices it </li></ul></ul>
  9. 9. Typical Problems <ul><li>Monitor SLAs </li></ul><ul><ul><li>Service Level Agreements (SLAs) are contracts to guarantee specific services, such as Internet service, in terms of availability, throughput, latency, and other agreed-upon measures </li></ul></ul><ul><ul><ul><li>Major ISPs (tier 1) can provide SLAs to major business customers </li></ul></ul></ul><ul><ul><li>If you pay for this service, it’s nice to know if they are really providing what you paid for! </li></ul></ul>Image from www.answers.com/topic/symbionese-liberation-army Not this SLA!
  10. 10. Typical Problems <ul><li>Intrusion detection </li></ul><ul><ul><li>The network admin can look for traffic from odd sources, destined for unusual ports, lots of SYN packets, and other security threats we recently covered </li></ul></ul><ul><ul><li>This can lead to refinement of filters & firewalls </li></ul></ul>
  11. 11. ISO Network Management <ul><li>ISO has produced guidance on the types of network management activities </li></ul><ul><ul><li>ISO network management ( ISO/IEC 10733:1998 ) </li></ul></ul><ul><ul><li>ISO network security ( ISO/IEC TR 13335 , ISO/IEC 18026:2007 and ISO/IEC 18028-1:2006 ) </li></ul></ul><ul><ul><ul><li>See Global IHS for buying ISO standards </li></ul></ul></ul><ul><li>Cisco overview white paper (free, unlike ISO standards, and summarized herein thru slide 32 ) </li></ul>
  12. 12. ISO Network Management <ul><li>ISO identifies five areas of network management: </li></ul><ul><li>Fault Management </li></ul><ul><ul><li>Detect, isolate, notify, and correct faults encountered in the network </li></ul></ul><ul><li>Configuration Management </li></ul><ul><ul><li>Configuration aspects of network devices such as configuration file management, inventory management, and software management </li></ul></ul>
  13. 13. ISO Network Management <ul><li>Performance Management </li></ul><ul><ul><li>Monitor and measure various aspects of performance so that overall performance can be maintained at an acceptable level </li></ul></ul><ul><li>Security Management </li></ul><ul><ul><li>Provide access to network devices and corporate resources to authorized individuals </li></ul></ul><ul><li>Accounting Management </li></ul><ul><ul><li>Usage information of network resources </li></ul></ul>
  14. 14. Fault Management <ul><li>This is the main focus of network management for most organizations </li></ul><ul><li>Faults are errors or problems in the network </li></ul><ul><ul><li>Often a shorter term perspective than performance management </li></ul></ul><ul><li>Hence fast detection of problems is critical, often via color-coded graphical network maps </li></ul>
  15. 15. Fault Management <ul><li>Typically want a network management platform to do: </li></ul><ul><ul><li>Network discovery and topology mapping </li></ul></ul><ul><ul><li>Event handler </li></ul></ul><ul><ul><li>Performance data collection and presentation </li></ul></ul><ul><ul><li>Management data browsing </li></ul></ul><ul><li>Network management platforms include HP OpenView, Aprisma Spectrum, and Sun Solstice </li></ul>
  16. 16. Fault Management <ul><li>Devices can send SNMP traps ( RFC 3410 ) of events which change their status </li></ul><ul><li>These events are logged, such as in a Management Information Base (MIB) </li></ul><ul><li>Platforms can be geographically located, and communicate with each other to centralize network monitoring </li></ul><ul><ul><li>Web interfaces on devices can allow remote management and configuration </li></ul></ul>
  17. 17. Fault Management <ul><li>Equipment vendors often use different management systems </li></ul><ul><ul><li>They can communicate using CORBA or CIM standards to exchange management data </li></ul></ul><ul><li>Troubleshooting a network often uses TFTP and syslog servers </li></ul><ul><ul><li>The trivial FTP (TFTP) server stores configuration files; routers and switches can send system log (syslog) messages to the syslog server </li></ul></ul>
  18. 18. Fault Management <ul><li>Faults can be detected with SNMP trap events, SNMP polling, remote monitoring ( RMON , RFC 2819) and syslog messages </li></ul><ul><ul><li>Module changing to up or down state </li></ul></ul><ul><ul><li>Chassis alarms for hardware failures (fans, memory, voltage levels, temperature, etc.) </li></ul></ul><ul><ul><li>Responses can be just notification and logging of the event, or shutdown of that device, e.g. temps can be defined for warning, critical, or shutdown </li></ul></ul>
  19. 19. Fault Management <ul><li>Fault detection can also be done at the protocol or interface levels </li></ul><ul><ul><li>Such as a router interface failure </li></ul></ul><ul><li>A management station polls the device to determine status or measure something (CPU usage, buffer failure, I/O drops, etc.), and flags it with an RMON alarm when the measure exceeds some threshold value </li></ul>
  20. 20. Configuration Management <ul><li>Configuration management (CM) tracks what equipment and software is in the network </li></ul><ul><li>Can assess which elements are causing trouble, or which vendors are preferred </li></ul><ul><ul><li>What if a vendor recalls a certain device? Do you have any of them? Where? </li></ul></ul><ul><ul><li>Whose routers or switches are most reliable? </li></ul></ul><ul><ul><li>Where do you send a service vendor to replace a dead router? </li></ul></ul>
  21. 21. Configuration Management <ul><li>CM data includes </li></ul><ul><ul><li>Make, model, version, serial number of equipment </li></ul></ul><ul><ul><li>Software versions and licenses </li></ul></ul><ul><ul><li>Physical location of hardware </li></ul></ul><ul><ul><ul><li>Site, building, room, rack number, etc. </li></ul></ul></ul><ul><ul><li>Contact info for equipment owners and service vendors </li></ul></ul><ul><li>Naming conventions are often used to keep names meaningful, not just yoda.drexel.edu </li></ul>
  22. 22. Configuration Management <ul><li>CM also includes file management </li></ul><ul><ul><li>Changes to device configuration files should be carefully controlled, so that older versions can be used if the new ones don’t work </li></ul></ul><ul><ul><li>A change audit log can help track changes, and who made them </li></ul></ul><ul><li>Inventory management is based on the ability to discover what devices exist, and their configuration information </li></ul>
  23. 23. Configuration Management <ul><li>Software management can include the automation of software upgrades across devices </li></ul><ul><ul><li>Download new software images, verify compatibility with hardware, back up existing software, then load new software </li></ul></ul><ul><ul><li>Large sites may script the process and run during low activity times </li></ul></ul>
  24. 24. Performance Management <ul><li>The same SNMP methods to capture fault data can be used for performance data, such as queue drops, ignored packets, etc. </li></ul><ul><ul><li>These can be used to assess SLA compliance </li></ul></ul><ul><li>On a larger scale, WAN protocols (frame relay, ATM, ISDN) can also collect performance data </li></ul>
  25. 25. Performance Management <ul><li>Performance management tools include </li></ul><ul><ul><li>Concord Network Health </li></ul></ul><ul><ul><li>InfoVista VistaView </li></ul></ul><ul><ul><li>SAS IT Service Vision </li></ul></ul><ul><ul><li>Trinagy TREND </li></ul></ul><ul><li>These all collect, store, and analyze data from around one’s enterprise, and typically use web-based interfaces to allow access to it from anywhere </li></ul>
  26. 26. Performance Management <ul><li>Increased network traffic has led to more attention to user and application traffic </li></ul><ul><ul><li>RFC 4502 (replacing RFCs 2021 and 3273) defines how RMON can be used to analyze applications and the network layer, not just lower layer (e.g. MAC) protocols </li></ul></ul><ul><ul><li>Many other performance monitoring tools exist, e.g. Cisco NetFlow </li></ul></ul>
  27. 27. Security Management <ul><li>Security management covers controlling access to the network and its resources </li></ul><ul><ul><li>Can include monitoring user login, refusing access to failed login attempts, as well as either intentional or unintentional sabotage </li></ul></ul><ul><li>Security management starts with good policies and procedures </li></ul><ul><ul><li>The minimum security settings for routers, switches, and hosts is important to define </li></ul></ul>
  28. 28. Security Management <ul><li>Methods for control of security at the device level (router) include </li></ul><ul><ul><li>Access control lists (ACLs) and what they are permitted to do </li></ul></ul><ul><ul><li>User ID’s and passwords </li></ul></ul><ul><ul><li>Terminal Access Controller Access Control System (TACACS) </li></ul></ul><ul><li>TACACS (RFC 1492) is a security protocol between devices and a TACACS server </li></ul>
  29. 29. Security Management <ul><li>A refinement of TACACS is TACACS+, which gives more detailed control over who can access a given device </li></ul><ul><ul><li>It separates the Authentication (verify user), Authorization (control remote access to device), and Accounting functions (collect security information for network management) (AAA) </li></ul></ul><ul><ul><li>In Cisco’s world, commands starting aaa , tacacs-server , set authentication , set authorization , and set accounting manage these functions </li></ul></ul>
  30. 30. Security Management <ul><li>In SNMP, configuration changes can be made to routers and switches just like from a command line </li></ul><ul><ul><li>Hence strong SNMP passwords are critical! </li></ul></ul><ul><ul><li>SNMP management hosts (managing entities in Kurose) should have static IP, and sole SNMP rights with network devices (managed devices) according to a specific Access Control List (ACL) </li></ul></ul>
  31. 31. Security Management <ul><li>SNMP can set router security: </li></ul><ul><ul><li>Privilege Level = RO (read only) or = RW (read and write); only RW can change router settings </li></ul></ul><ul><ul><li>Access Control List (ACL) can be set to only allow specific hosts to request router management info </li></ul></ul><ul><ul><ul><li>ACL control over interfaces can help prevent spoofing </li></ul></ul></ul><ul><ul><li>View – controls what router data can be viewed </li></ul></ul><ul><ul><li>SNMPv3 provides secure exchange of data </li></ul></ul><ul><li>Switches can restrict Telnet and SNMP via an IP Permit List </li></ul>
  32. 32. Accounting Management <ul><li>Accounting management measures utilization of the network so that specific groups or users can be billed correctly for snarfing up resources </li></ul><ul><ul><li>Yes, it’s about money </li></ul></ul><ul><ul><li>Data can be collected using various tools, such as NetFlow, IP Accounting, Evident Software </li></ul></ul><ul><li>This can also be used to measure how well SLAs are being followed or not </li></ul>
  33. 33. Network Management Infrastructure <ul><li>Network management is like the CEO of an organization getting status reports from middle managers, and they get status from first line managers </li></ul><ul><ul><li>The CEO has to make decisions about the entire company based on this data </li></ul></ul><ul><ul><ul><li>Corrective action may be needed, based on good or bad results obtained </li></ul></ul></ul><ul><ul><ul><li>The CEO of General Motors may build new plants, or shut others down </li></ul></ul></ul>
  34. 34. Network Management Infrastructure <ul><li>Network management establishes managers (called managing entities , often located in a NOC) who are allowed (via an ACL) to talk to network devices ( managed devices , such as servers or routers) </li></ul><ul><ul><li>Each managed device has a network management agent , who collects the desired data </li></ul></ul><ul><ul><li>Each managed device has one or more managed objects (such as network cards, memory chips, etc.) </li></ul></ul>
  35. 35. Network Management Infrastructure
  36. 36. Network Management Infrastructure <ul><li>Descriptions of all managed objects, and the devices they belong to, are collected in the Management Information Base (MIB) </li></ul><ul><ul><li>The MIB is a database of managed object data </li></ul></ul><ul><li>Managed devices communicate with managing entities using a network management protocol </li></ul><ul><ul><li>Devices don’t generally talk to each other, but managing entities can </li></ul></ul>
  37. 37. Network Management Infrastructure <ul><li>The network management protocol doesn’t manage the network per se – it just provides a means for the network admin to do so </li></ul>
  38. 38. Network Management Standards <ul><li>The architecture just described applies to most any network management approach </li></ul><ul><li>Many specific standards have been developed </li></ul><ul><ul><li>The OSI CMISE/CMIP standards, used in telecommunications </li></ul></ul><ul><ul><li>In the Internet, SNMP (Simple Network Management Protocol, RFC 3410) </li></ul></ul><ul><ul><ul><li>We’ll focus on the latter </li></ul></ul></ul>
  39. 39. SNMP isn’t Simple! <ul><li>It was derived from SGMP (1987) </li></ul><ul><li>Key goals of network management include </li></ul><ul><ul><li>What is being monitored? </li></ul></ul><ul><ul><li>How much control does the network admin have? </li></ul></ul><ul><ul><li>What is the form of data reported and exchanged? </li></ul></ul><ul><ul><li>What is the communication protocol for exchange of data? </li></ul></ul>
  40. 40. SNMP <ul><li>To address these goals, SNMP has four modular parts </li></ul><ul><ul><li>Network management objects, called MIB objects </li></ul></ul><ul><ul><ul><li>The MIB tracks MIB objects </li></ul></ul></ul><ul><ul><ul><li>A MIB object might be a kind of data (datagrams discarded, description of a router, status of an object, routing path to a destination, etc.) </li></ul></ul></ul><ul><ul><ul><li>MIB objects can be grouped into MIB modules </li></ul></ul></ul>
  41. 41. SNMP <ul><ul><li>A data definition language, SMI (Structure of Management Information) </li></ul></ul><ul><ul><ul><li>SMI defines what an object is, what data types exist, and rules for writing and changing management information </li></ul></ul></ul><ul><ul><li>A protocol, SNMP, for the exchange of information and commands between manager-agent and manager-manager (between two managing entities) </li></ul></ul><ul><ul><li>Security and administrative capabilities </li></ul></ul>
  42. 42. SMI <ul><li>SMI is defined by RFCs 2578, 2579, and 2580 (1999) </li></ul><ul><li>SMI has three levels of structure </li></ul><ul><ul><li>Base data types </li></ul></ul><ul><ul><li>Managed objects </li></ul></ul><ul><ul><li>Managed modules </li></ul></ul>[SMI is part of MIB, so a SMI object is the same as a MIB managed object.]
  43. 43. SMI <ul><li>SMI Base Data Types are an extension on the ASN.1 structure (Abstract Syntax Notation One, ISO X.680:1998) </li></ul><ul><li>There are eleven basic data types (p. 769) </li></ul><ul><ul><li>Signed and unsigned (>0) integers, IP addresses, counters, time in 1/100 second counts, etc. </li></ul></ul><ul><ul><li>Most important is the OBJECT IDENTIFIER type, which allows definition of an SMI object as some ordered collection of other data types </li></ul></ul>
  44. 44. SMI <ul><ul><li>The OBJECT IDENTIFIER is like a struct in C </li></ul></ul><ul><ul><li>Here, it names an Object </li></ul></ul><ul><li>To create a managed object, the OBJECT-TYPE construct is used </li></ul><ul><ul><li>Over 10,000 object-types have been defined – these are the heart of data that can be collected for network management </li></ul></ul><ul><li>[Analogy: OBJECT IDENTIFIER defines the class, OBJECT-TYPE instantiates the object] </li></ul>
  45. 45. SMI Objects <ul><li>An object-type includes four fields </li></ul><ul><ul><li>Syntax – is the data type of the object </li></ul></ul><ul><ul><li>Max-access – is whether the object can be read, written, created, etc. </li></ul></ul><ul><ul><li>Status – is whether the object is current, obsolete, or deprecated </li></ul></ul><ul><ul><li>Description – gives a definition of the object </li></ul></ul>
  46. 46. SMI Modules <ul><li>The MODULE-IDENTITY construct creates a module from related objects </li></ul><ul><ul><li>Fields include when it was last updated, the organization who did so, contact info for them, a description of the module, a revision entry, and description of the revision </li></ul></ul><ul><li>The end of the MODULE-IDENTITY gives the ASN.1 code for the type of information in the module (many are MIB-2) </li></ul>
  47. 47. SMI Modules <ul><li>There are other kinds of modules </li></ul><ul><ul><li>NOTIFICATION-TYPE for making SNMP-Trap and information request messages </li></ul></ul><ul><ul><li>MODULE-COMPLIANCE for defining managed objects that an agent must implement </li></ul></ul><ul><ul><li>AGENT-CAPABILITIES defines what agents can do with respect to object and event notification definitions </li></ul></ul>
  48. 48. MIB <ul><li>The Management Information Base (MIB) stores a current description of the network </li></ul><ul><li>Data is collected from agents in each device about the objects in that device </li></ul><ul><li>There are over 100 standard MIB modules, plus many more vendor-defined </li></ul><ul><li>To identify these modules, the IETF borrowed a convention from ISO – the ASN.1 structure </li></ul>
  49. 49. MIB <ul><li>The ASN.1 object identifier tree structure gives a number (1.3.6.1.2.45) to every object within ISO, ITU-T, or joint ISO/ITU-T control </li></ul><ul><li>We care about stuff under 1.3.6.1.2.1 </li></ul><ul><ul><li>ISO (1) </li></ul></ul><ul><ul><ul><li>ISO identified organization (3) </li></ul></ul></ul><ul><ul><ul><ul><li>US DoD (6) </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Internet (1) </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Management (2) (ran out of indents!) </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>MIB-2 (1) </li></ul></ul></ul></ul></ul>
  50. 50. MIB <ul><li>Under the MIB-2 category, we have 16 choices, including </li></ul><ul><ul><li>System (1) </li></ul></ul><ul><ul><li>Interface (2) </li></ul></ul><ul><ul><li>Address translation (3) </li></ul></ul><ul><ul><li>Lots of protocols (ip, icmp, tcp, udp, etc.) </li></ul></ul><ul><ul><li>Transmission (10) </li></ul></ul><ul><ul><li>SNMP (11) </li></ul></ul><ul><ul><li>RMON (16) </li></ul></ul>Apologies to http://www.sptimes.com/2002/07/08/Xpress/Letdown_aside___MIB_I.shtml
  51. 51. MIB <ul><li>The excerpts in the text are from </li></ul><ul><ul><li>MIB-2 / system (Table 9.2, p. 774) </li></ul></ul><ul><ul><li>MIB-2 / udp (Table 9.3) </li></ul></ul><ul><li>What was the point of all this? </li></ul><ul><ul><li>This gives the organization of all existing MIB modules – e.g. so if you want to know what TCP information is readily available, you can find what has already been predefined </li></ul></ul><ul><ul><li>This keeps you from reinventing the wheel! </li></ul></ul>
  52. 52. MIB <ul><li>For a current list of known MIB modules, see the Internet Official Protocol Standards, RFC 5000 </li></ul><ul><ul><li>Put “-MIB” after a protocol, and search for it </li></ul></ul><ul><ul><ul><li>RSVP-MIB or RMON-MIB or OSPF-MIB, etc. </li></ul></ul></ul><ul><ul><li>Or search for “using SMIv2”, the current version of SMI, to find RFC names which define MIBs </li></ul></ul>
  53. 53. SNMP Protocol Operations <ul><li>The purpose of SNMP is to exchange MIB information between agents and managing entities, or between two managing entities </li></ul><ul><li>Much of SNMP works on request-response mode – the managing entity requests data, and the agent responds with that data </li></ul><ul><li>Problems or exceptions are reported with a trap message – they go just from agent to managing entity </li></ul>
  54. 54. SNMP Message Types <ul><li>SNMP messages are called PDUs (protocol data units) (RFC 3416) </li></ul><ul><li>There are seven types of PDUs (p. 776) </li></ul><ul><ul><li>From manager (managing entity) to agent there are three kinds of GetRequest (to read agent data), plus SetRequest (to set the value of agent data) </li></ul></ul><ul><ul><li>From agent to manager there is the SNMPv2-Trap PDU to report exceptions (RFC 3418) </li></ul></ul>
  55. 55. SNMP Message Types <ul><ul><li>From manager to manager there is an InformRequest message to pass on MIB data </li></ul></ul><ul><ul><li>And finally, most messages are responded to using a … Response message </li></ul></ul><ul><li>We’re not going to dwell on the format of a PDU message – it’s up to 484 octets long </li></ul><ul><li>PDU messages should be sent over UDP, per RFCs 3417 and 4789 </li></ul><ul><ul><li>Also possible to send over AppleTalk, IPX, etc. </li></ul></ul>
  56. 56. SNMP Message Types <ul><ul><li>SNMP listens on port 161 normally; port 162 for trap messages </li></ul></ul><ul><li>Hence the sender needs to determine if a Response was received or not </li></ul><ul><ul><li>RFCs are vague on retransmission policies </li></ul></ul><ul><li>SNMP is described across many RFCs </li></ul><ul><ul><li>The best place to start looking is RFC 3416, which summarizes the SNMP Management Framework </li></ul></ul>
  57. 57. Security and Administration <ul><li>This is a key area of improvement in SNMPv3 over SNMPv2 </li></ul><ul><li>Managing entities run SNMP applications , which typically have </li></ul><ul><ul><li>A command generator (create Get messages) </li></ul></ul><ul><ul><li>A notification receiver (to catch traps) </li></ul></ul><ul><ul><li>A proxy forwarder (forwards requests, notifications, and responses) </li></ul></ul>
  58. 58. Security and Administration <ul><li>Agents have </li></ul><ul><ul><li>A command responder (answers Get messages, and applies Set requests) </li></ul></ul><ul><ul><li>A notification originator (create traps) </li></ul></ul><ul><li>Any kind of PDU is created by the SNMP application, then has a security/message header applied </li></ul><ul><ul><li>An SNMP message consists of (the security/message header) plus (the PDU) </li></ul></ul>
  59. 59. SNMP Message Header <ul><li>The header consists of </li></ul><ul><ul><li>SNMP version number </li></ul></ul><ul><ul><li>A message ID </li></ul></ul><ul><ul><li>Message size info </li></ul></ul><ul><ul><li>If the message is encrypted, then the type of encryption is added, per RFC 3411 </li></ul></ul><ul><li>The SNMP message is passed to the transport protocol (probably UDP) </li></ul>
  60. 60. SNMP Message Header <ul><li>Quote from RFC 3411, “This architecture recognizes three levels of security: </li></ul><ul><ul><li>without authentication and without privacy (noAuthNoPriv) </li></ul></ul><ul><ul><li>with authentication but without privacy (authNoPriv) </li></ul></ul><ul><ul><li>with authentication and with privacy (authPriv)” </li></ul></ul>
  61. 61. SNMP Security <ul><li>Since SNMP can change settings (Set Request message), security is very important </li></ul><ul><li>RFC 3414 describes the user-based security approach </li></ul><ul><ul><li>User name, which has a password, key value, and/or defined access privileges </li></ul></ul><ul><li>Encryption (privacy) is done with DES symmetric encryption in Cipher Block Chaining mode </li></ul>
  62. 62. SNMP Security <ul><li>Authentication uses HMAC (RFC 2104) </li></ul><ul><ul><li>Take the PDU message, m, and a shared secret key, K (can be a different symmetric key than used for encryption) </li></ul></ul><ul><ul><li>Compute a Message Integrity Code (MIC) over the message AND the key K </li></ul></ul><ul><ul><li>Transmit m and MIC(m,K) </li></ul></ul><ul><ul><li>Receiver also computes MIC(m,K) and compares it to what was received </li></ul></ul>
  63. 63. SNMP Security <ul><li>SNMP provides protection against playback attacks by keeping a counter in the receiver </li></ul><ul><li>Acts like a nonce </li></ul><ul><ul><li>Actually tracks time since last reboot of receiver and number of reboots since network management software was loaded – RFC 3414 </li></ul></ul><ul><li>If counter in a received message is close enough to the actual value, treat the message as a nonreplay (new) message </li></ul>
  64. 64. SNMP Security <ul><li>Provides view-based access control (RFC 3415) by mapping which information can be viewed by which users, or set by them </li></ul><ul><ul><li>In contrast with RBAC (role-based) or OBAC (organization-based) access control approaches </li></ul></ul><ul><li>Tracks this info in a Local Configuration Datastore (LCD), parts of which are managed objects (which can be managed via SNMP) </li></ul>
  65. 65. ASN.1 <ul><li>We saw earlier that MIB variables are tied to the ISO standard ASN.1 </li></ul><ul><ul><li>It’s connected to XML and Bluetooth as well, so it’s worth not ignoring </li></ul></ul><ul><li>It’s defined by ITU-T X.680 to X.683 and ISO/IEC 8824 </li></ul><ul><li>Purpose is to describe data exchanged between two communicating applications </li></ul><ul><ul><li>So it’s kind of a middleware for data exchange </li></ul></ul>
  66. 66. ASN.1 <ul><li>Without ASN.1, it would be easy to define dozens of logical approaches for describing the contents of a data file, and storing it </li></ul><ul><ul><li>ASN.1 gets everyone to agree on how to do so </li></ul></ul><ul><li>Part of its need comes from the little-endian vs. big-endian problem </li></ul><ul><ul><li>Little-endian architecture stores the least significant bit of integers first </li></ul></ul><ul><ul><ul><li>Intel and DEC/Compaq Alpha CPUs are little-endian </li></ul></ul></ul>
  67. 67. ASN.1 <ul><li>Big-endian stores the most significant bit first </li></ul><ul><ul><li>Sun and Motorola processors are big-endian </li></ul></ul><ul><li>SMI and ASN.1 offer a presentation service to translate between different machine-specific formats </li></ul><ul><ul><li>This resolves the order in which bytes are sent, so that something sent in ASN.1 format from an Intel chip can be read correctly by a Sun chip </li></ul></ul>
  68. 68. ASN.1 <ul><li>ASN.1 provides its own defined data types, much like SMI (slide 43) </li></ul><ul><ul><li>Are used to create structured data types </li></ul></ul><ul><li>ASN.1 also provides various types of encoding rules </li></ul><ul><ul><li>The Basic Encoding Rules (BER) tell how to send data over the network (as in, byte by byte), using the Type of data, its Length, and Value (TLV) </li></ul></ul><ul><ul><ul><li>Data can be text, audio, video, etc. </li></ul></ul></ul>
  69. 69. ASN.1 <ul><li>Other type of encoding rules include </li></ul><ul><ul><li>Packed Encoding Rules (PER) – for efficient binary encoding </li></ul></ul><ul><ul><li>Distinguished Encoding Rules (DER) – canonical encoding for digital signatures </li></ul></ul><ul><ul><li>XML encoding rules (XER) </li></ul></ul>
  70. 70. Summary <ul><li>So in wrapping up, we’ve covered the ISO outline of network management </li></ul><ul><ul><li>Fault, Configuration, Performance, Security, and Accounting Management </li></ul></ul><ul><li>Seen network management infrastructure elements and how they work in SNMP </li></ul><ul><ul><li>SMI to define data types, objects, and modules </li></ul></ul><ul><ul><li>MIB to collect object data across the network </li></ul></ul><ul><ul><li>ASN.1 communicates across hardware platforms </li></ul></ul>

×