Lecture week8

Course Instructor: Parkash Lohana CN506 Network Management Week 08 SPRING 2010 Revision for Mid-Term Exam USMAN INSTITUTE OF TECHNOLOGY Hamdard University

Management Scenarios Customer Network Management Distributed Data Storage Central Graphic Archive Shared document System Help Desk Support Nomadic Systems DNS Management Backup and Archiving System

Management Functions F ault management C onfiguration management A ccounting management P erformance management S ecurity management

Fault Management The facilities that enable the detection, isolation, and correction of abnormal operation of the OSI environment What is “a fault”? An abnormal condition that requires management attention (or action) to repair Indicated by failure to operate correctly or by excessive errors Communication line is cut A crimp in the cable Certain errors may occur occasionally and are not normally considered to be faults

Fault Management When a fault occurs Determine “exactly” where the fault is Isolate the rest of the network from the failure Reconfigure or modify the network to minimize the impact of operation Repair or replace the failed components

User requirements for Fault Management Fast and reliable problem resolution Receive notification and correct the problem immediately Requires rapid and reliable fault detection and diagnostic management Provides fault tolerance Redundant components and alternate communication routes Fault management capability itself should be redundant Keep informed of the network status Reassurance of correct network operation through mechanisms that use tests or analyze dumps, logs, alerts, or statistics Problem tracking and control Ensure the problem is truly resolved and no new problems are introduced Fault management should have minimal effect on network performance

Configuration Management Configuration management is concerned with Initializing a network Gracefully shutting down part or all of the network Maintaining, adding, and updating the relationships among components and the status of components themselves during network operation

Requirements for Configuration Management The network manager needs the capability to Identify initially the components that comprise the network Define and change the connectivity of components Define and modify default attributes, and load the predefined sets of attributes into the specified network components Reconfigure a network for performance evaluation, network upgrade, fault recovery or security checks End users want to inquire about the upcoming status of resources and their attributes before reconfiguration Generate configuration reports Periodic basis Response for a request Only authorized end users can manage and control network operation (software distribution and updating)

Accounting Management The facilities that enable charges to be established for the use of managed objects costs to be identified for the use of those managed objects

Accounting Management Network managers track the use of network resources by end user or end-user class An end user or group of end users may be abusing its access privileges and burdening the network at the expense of other users End users may be making inefficient use of the network, and network manager can assist in changing procedures to improve performance The network manager is easier to plan for network growth if end user activity is known in sufficient detail

Requirements for Accounting Management The network manager can specify The kinds of accounting information to be recorded at various nodes The desired interval between sending the recorded information to higher-level management nodes The algorithms to be used in calculating the charging Generate accounting reports Provide the capability to verify end users’ authorization to access and manipulate the information

Management Functions Performance Management Functional properties are not enough Look at Non-functional properties Performance Metrics Throughput, measured by a number of units of communication performed per unit of time. The unit of communication depends on the layer, type of network, and networking services. Examples: At the link layer, the number of bytes, that are transmitted per second.

Management Functions Performance Metrics (Cont..) At the network layer, the number of packets that are routed per second At the application layer for a web service, the number of web requests that are serviced per second. At the application layer for a voice service, the number of voice calls, or call attempts, that can be processed per hour. Course Instructor: Parkash Lohana

Management Functions Performance Metrics (Cont..) Delay, measured in a unit of time. Examples: At the link layer, the time that it takes for a byte that is transmitted to reach its destination at the other end of line. At the network layer, the time it takes for an IP packet to reach its destination.

Management Functions Performance Metrics (Cont..) At the application layer for a web service, the time that it takes for a request to reach its destination at the host servicing the request after the request has been issued. At the application layer of a voice service, the time it takes to receive a dial tone after you have lifted the receiver. Course Instructor: Parkash Lohana

Management Functions Performance Metrics (Cont..) Quality is in many ways also performance related and can be measured differently, depending on the networking services At the link layer, the number or percentage of seconds during which errors in transmission occurred. At the network layer, the number or percentage of packets dropped

Management Functions Performance Metrics (Cont..) At the application layer for a web services, the number or percentage of web requests that could not be serviced. At the application layer for a voice service, the number or percentage of voice calls that were dropped or abnormally terminated. Course Instructor: Parkash Lohana

Management Functions Performance Management Performance management therefore encompasses all the measures required for ensuring that the quality of service conforms to the service level agreement. It includes: Establishing QoS parameters and metrics Monitoring all resources for performance bottlenecks and threshold crossings. Carrying out measurements and trend analysis to predict failure before it occurs.

Management Functions Performance Management (Cont..) Evaluating history logs (i.e., records on system activity, error files) Processing measurement data and compiling performance reports. Carrying out performance and capacity planning. Monitors, protocol analyzer, statistics packets, report generators, and modeling tools are some of the typical tool functionalities in performance management. Course Instructor: Parkash Lohana

Management Functions Security Management Two aspects needs to be distinguished: Security of Management Management itself is secure Management of Security Manages the security of the network

Management Functions Security Management Security of management Management operations themselves are secure Access to management is restricted to authorized users Example: access to the management interfaces of the devices in the network needs to be secured Access to the management application themselves needs to be secured properly Devices generally authorize on the basis of management application, not on the basis of user of a management application.

Management Functions Security Management Management of Security Managing the security of network itself Online security threats are too common Security threats not so much the network, but devices connected to network – PCs of end users, system that host the websites for corporations Resources of a company that are worth protecting: Information, IT infrastructure, services Security measures that reflect the results of threat analysis or security risk analysis are needed to prevent damage and loss

Management Functions Security Management Management of Security Typical threats are created by: Passive attacks: eavesdropping on information; producing a user profile or theft of information (password, etc.).

Management Functions Security Management Management of Security Typical threats are created by: Active attacks: masquerade (i.e., user pretending to be some one else, or spoofing); manipulating message sequences by changing the sequence, giving priority to or delaying messages; reconfiguration, reprogramming, unauthorized access, viruses, Trojan horses, denial-of-service attacks. Malfunctioning of resources Faulty or inappropriate behavior and incorrect response operation. Course Instructor: Parkash Lohana

Management Functions Security Management Breakdown of Security Management Tasks Security requirements and goals are established on the basis of threat analyses and the values (resources and services) needing protection. The security policies defined ultimately identify the security requirements. Examples are: Passwords have to be changed every three weeks Only second-line managers have access to personnel data All attacks on security have to be recorded and followed up.

Management Functions Security Management Breakdown of Security Management Tasks These policies serve as framework for security services needed and consequently implemented. Security management therefore comprises: Conducting threat analyses Defining and enforcing security policies. Checking identity (authentication based on signature, notarization, or certification)

Management Functions Breakdown of Security Management Tasks Carrying out and enforcing access controls Guaranteeing confidentiality (encryption) Ensuring data integrity (message authentication) Monitoring system to prevent threats to security. Reporting on security status and violation or attempted violations. Course Instructor: Parkash Lohana

OSI Architecture and Model Organization Network management components Functions of components Relationships Information Structure of management information (SMI) Management information base (MIB) Organization of management information Object-oriented Network Management Information Model Organization Model Functional Model Communication Model OSl Network Management Model

SNMP Architecture and Model Organization Same as OSI model Information Same as OSI, but scalar Communication Messages less complex than OSI and unidirectional Transfer structure (PDU) Functions Application functions Operations Administration Security Network Management Information Model Organization Model Functional Model Communication Model OSl Network Management Model

Organizational Model Manager Sends requests to agents Monitors alarms Houses applications Provides user interface Agent Gathers information from objects Configures parameters of objects Responds to managers’ requests Generates alarms and sends them to mangers Managed object Network element that is managed Houses management agent All objects are not managed / manageable

Two-Tier Model Agent built into network element Example: Managed hub, managed router An agent can manage multiple elements Example: Switched hub, ATM switch MDB is a physical database Unmanaged objects are network elements that are not managed - both physical (unmanaged hub) and logical (passive elements) Manager Managed objects Unmanaged objects Two-Tier Network Mangement Organization Model Agent process MDB MDB Management Database

Three-Tier Model Middle layer plays the dual role Agent to the top-level manager Manager to the managed objects Example of middle level: Remote monitoring agent (RMON) Agent / Manager Managed objects Agent process Manager Three-Tier Network Mangement Organization Model MDB MDB MDB Management Database

Manager of Managers Agent NMS manages the domain MoM presents integrated view of domains Domain may be geographical, administrative, vendor-specific products, etc. MoM Agent Agent NMS Manager Managed objects Managed objects Network Mangement Organization Model with MoM Agent process MDB MDB MDB MoM Manager of Managers MDB Management Database Agent Agent NMS Manager

Information Model: Analogy Information model is concerned with the structure and the storage of information A book is identified by an International Standard Book Number (ISBN) Figure in a book uniquely identified by ISBN, Chapter, and Figure number in that hierarchical order ID: {ISBN, chapter, figure} The three elements above define the syntax Semantics is the meaning of the three entities according to Webster’s dictionary The information comprises syntax and semantics about an object

Structure of Management Information (SMI) SMI defines for a managed object Syntax Semantics plus additional information such as status Example sysDescr: { system 1 } Syntax: OCTET STRING Definition: "A textual description of the entity. " Access: read-only Status: mandatory

Management Information Base (MIB) Information base contains information about objects Organized by grouping of related objects Defines relationship between objects It is NOT a physical database. It is a virtual database that is compiled into management module

Information Base View: An Analogy Fulton County library system has many branches Each branch has a set of books The books in each branch is a different set The information base of the county has the view (catalog) of all books The information base of each branch has the catalog of books that belong to that branch. That is, each branch has its view (catalog) of the information base Let us apply this to MIB view

Management Data Base / Information Base Distinction between MDB and MIB MDB physical database; e.g.. Oracle, Sybase MIB virtual database; schema compiled into management software An NMS can automatically discover a managed object, such as a hub, when added to the network The NMS can identify the new object as hub only after the MIB schema of the hub is compiled into NMS software Network Configuration with Data and Information Base

SNMP Model CONCEPT MANAGEMENT COMPONENTS SMI MIB SNMP

Concept A framework for managing devices in an internet using TCP/IP protocol Provides set of fundamental operations for monitoring and maintaining an internet. Application level protocol allows it to monitor devices made by different manufacturers installed on different physical networks

Agent A router or host that runs the SNMP server program Keeps performance information in database Can send a trap to the manager if something unusual occurs.

Manager A host that runs the SNMP client program Has access to the values in the database Management is achieved through simple interaction between manager and agent.

Managers and Agents Management with SNMP is based on three basic ideas: A manager checks an agent by requesting information that reflects the behavior of the agent A manager forces an agent to perform a task by resetting values in the agent database. An agent contribute to the management process by warning the manager of an unusual situation.

Management Components To do management tasks, SNMP uses other two protocols: Structure of Management Information (SMI) Management Information Base (MIB) SNMP, SMI, and MIB

Components of network management on the Internet

SNMP defines the format of packets exchanged between a manager and an agent. It reads and changes the status (values) of objects (variables) in SNMP packets. Role of SNMP

SMI defines the general rules for naming objects, defining object types (including range and length), and showing how to encode objects and values. Role of SMI

SMI defines neither the number of objects an entity should manage, nor names the objects to be managed nor defines the association between the objects and their values. Role of SMI

MIB creates a collection of named objects, their types, and their relationships to each other in an entity to be managed. Role of MIB

We can compare the task of network management to the task of writing a program. 1. Both tasks need rules. In network management this is handled by SMI. 2. Both tasks need variable declarations. In network management this is handled by MIB. 3. Both tasks have actions performed by statements. In network management this is handled by SNMP. An Analogy

SNMP There are two approaches for management system to obtain information from SNMP: Traps Polling

SNMP Traps Traps are unrequested event reports that are sent to a management system by an SNMP agent process. A trap will contain: Network device name Time the event happened Type of event

SNMP Traps When a trappable event occurs, a trap message is generated by the agent and sent to a trap destination (a specific configured network address) Many events can be configured to signal a trap, like a network cable fault, failing NIC or hard drive, a general protection fault, or a power supply failure.

SNMP Traps Traps can also be throttled - you can limit the number of traps sent per second from the agent Traps have a priority associated with them – critical, major, minor, warning, marginal, informational, Normal, unknown

SNMP Traps Resources are required on the network device to generate a trap When lot of events occurs, the network bandwidth may be tied up with traps Threshold can be used to help Because the network device has a limited view, it is possible the management system has already received the information and the trap is redundant

SNMP Polling The network management system periodically queries the network device for information The advantage is the network management system is in control and know the “big picture”

SNMP Polling The disadvantage is the amount of delay from when an event occurs to when it’s noticed Short interval, network bandwidth is wasted Long interval, response to event is too slow

SNMP Traps/Polling When an event occurs, the network device generates simple traps The management system than polls the network device to get the necessary information. The management system also does low frequency polling as a backup to the trap

SNMP SNMP uses both SMI and MIB in internet network management. A manager to retrieve the value of an object defined in an agent. A manager to store a value in an object defined in an agent. An agent to send alarm message about an abnormal situation to the manager.

SMI The Structure of Management Information is a component for network management. Its functions are: To name objects To define the type of data that can be stored in an object. To show how to encode data for transmission over the network.

The Structure of Management Information Managed object need not be just network element Example: “internet” with OBJECT IDENTIEIER 1.3.6.1 Object type, which is a data type, has a name, syntax, and encoding scheme

Name SMI requires that each managed object (such as a router, a variable in a router, a value, etc.) have unique name. To name objects globally, SMI uses an object identifier , which is hierarchical identifier based on a tree structure

Naming Integer.dot representation Name.dot notation iso.org.dod.internet.mgmt.mib-2  > 1.3.6.1.2.1 All objects managed by SNMP are given an object identifier. The object identifier always starts with 1.3.6.1.2.1

All objects managed by SNMP are given an object identifier. The object identifier always starts with 1.3.6.1.2.1 . Name

Internet Subnodes Any object in the internet MIB will start with the prefix 1.3.6.1. There four objects under internet object

SMI Object: A textual name, termed descriptor, for the object type along with its corresponding object identifier defined above Syntax: The abstract syntax for the object type. It can be a choice of SimpleSyntax (integer, octet string, object identifier, Null) or an ApplicationSyntax, and constructor type

Defined or Application Data Type

Data types Structured Type By combining simple and structured data types, can make new structured data types SMI define two structured data types: sequence and Sequence of Sequence. A sequence data type is a combination of simple data types Sequence of . A sequence of data type is a combination of simple data type all of the same type

Constructor or Structured Data Type: SEQUENCE List maker

Constructor or Structured Data Type: SEQUENCE OF

SMI: Managed Objects A managed object has five parameters: Textual name, syntax, definition, access, and status as defined in RFC 1155 Definition: A textual description of the semantics of the object type Access: one of read-only, read-write, write-only, or not-accessible Status: one of mandatory, optional, or obsolete.

Object Identifier The first group defines the node administrator: (1) for ISO (2) for CCITT (3) for the joint ISO-CCITT The second group for the ISO node administrator defines (3) for use by other organizations The third group defines (6) for the use of the U.S Department of Defense (DoD)

CCITT International Telegraph and Telephone Consultative Committee ( CCITT ), (from the French name "Comité Consultatif International Téléphonique et Télégraphique") was created in 1956. It was renamed ITU-T in 1993.

Object Identifier In the fourth group the DoD has not indicated how it will manage its group so the internet community assumed (1) for its own: The fifth group was approved by IAB to be: (1) for the use of OSI directory in the internet (2) for object identification for management purpose (3) for object identification for experimental purpose (4) for object identification for private use.

Encoding Method Basic Encoding Rule (BER)

Example. OCTET STRING “HI”

SNMP MIBS Management Information Base (MIB) is a collection of related managed objects Used to define what information you can get back from the network device There are standards and enterprise specific MIBS

MIB Each agent has its own MIB The objects in the MIB are categorized under ten different groups: System, interface, address, translation, ip, icmp, udp, egp, transmission, and smnp.

Accessing MIB Variables Use the udp group as an example. There are four simple variables in the udp group and one sequence of (table of) records.

Simple variables To access any of the simple variable, id of the groups (1.3.6.1.2.1.7) followed by the id of the variable udpInDatagrams – 1.3.6.1.2.1.7.1 ..

Table So to access the table, we should use the following: udpTable – 1.3.6.1.2.1.7.5 udpEntry - 1.3.6.1.2.1.7.5. 1 udpLocalAddress - 1.3.6.1.2.1.7.5. 1.1 udpLocalPort - 1.3.6.1.2.1.7.5. 1.2

SNMP MIBS Types of MIB Modules Standard: These are standard MIBS currently designed to capture the core aspect of particular technology

SNMP MIBS Types of MIB Modules Experimental: Temporary and if achieves standardization then it is placed in standard module Enterprise-specific: Vendor specific MIBS that provide additional management capabilities for those features that require it

SNMP A group was formed and their efforts were complete in early 1993 There are 12 documents describing SNMPv2 There are three basic commands used with SNMP: Get Set Get next

Types of SNMP packets GetRequest Retrieves the value of a variable or a set of variable GetNextRequest Used to retrieve values of entries in a table GetBulkRequest Retrieve a large amount of data Used instead of multiple GetRequest and GetNextRequest

Types of SNMP packets SetRequest Set(store) a value in a variable Response Response to GetRequest or GetNext Request; contains values or variable requested Trap Sent from an agent to manager to report an event

Types of SNMP packets InformRequest Sent from one manager to another remote manager to get a value of some value from an agents under control of remote manager Report Designed to reports some types of errors between managers (not currently used)

21.5 SNMP SNMP is an application program that allows 1) a manager to retrieve the value of an object defined in an agent; 2) a manager to store a value in an object defined in an agent; and 3) an agent to send an alarm message about an abnormal situation to the manager The topics discussed in this section include: PDUs Format SNMP

Format The format for eight SNMP PDU is shown on next slide. The GetBulkRequest PDU differs from the others in two areas as shown in fig.

Format The field are listed below: PDU type. The field define the type of PDU (see table on next slide) Request ID. This field is a sequence number used by the manager in a request PDU and repeated by the agent in a response. It is used to match a request to a response. Error status. This is an integer that is used only in response PDU to show the type of errors reported by the agent. Table on slide 12 lists the type of errors that can occur.

Format Non-repeaters. This field is used only in GetBulkRequest and replaces the error status field, which is empty in request PDU. Error index. The error index is an offset that tells the manager which variable caused the error. Max-repetition . This filed is also used in GetBulkRequest and replaces the error index field, which is empty in request PDUs. VarBindList. This is a set of variables with corresponding values the manager wants to retrieve or set

21.6 MESSAGES Messages A message in SNMP is made of four elements: version, header, security parameters, and data (which includes the encoded PDU).

Any Questions………………..

Network Management Architecture The network management platform can use various architectures to provide functionality: The three most common are: Centralized Hierarchical Distributed

Centralized Architecture The network management platform reside on a single computer For a full redundancy, the computer system is backed by another system Can allow access and forward events to other consoles on network

Centralized Architecture Used for: All network alerts and events All network information Access all management applications

Centralized Architecture Pros: Single location to view events and alerts Single place to access network management application and information Security is easier to maintain

Centralized Architecture Cons: Single system is not redundant or fault tolerant As network elements are added, may be difficult or expensive to scale system to handle load Having to query all devices from single location

Hierarchical Architecture Uses multiple computer system One system acting as the central server Other systems working as clients Central server requires backup for redundancy

Hierarchical Architecture Key features: Not dependent on a single system Distribution of management network tasks Network monitoring distributed through out network Centralized information storage

Hierarchical Architecture Pros Multiple systems to manage the network Cons Information gathering is more difficult and time consuming The list of managed devices managed by each clients needs to be predetermined and manually configured

Distributed Architecture Combines the centralized and hierarchical architecture Uses multiple peer network management systems Each peer can have a complete database Each peer can perform various tasks and report back to a central system.

Distributed Architecture Contains advantages from central & hierarchical architecture Single location for all network information, alerts & events. Single location to access all management applications Not dependent on a single system Distribution of network management tasks Distribution of network monitoring through out the network

Network Management Applications Goals: Effectively manage a specific set of devices Avoid functionality overlap with the platform Integrate with a platform through the API and menu system Reside on multiple platforms Application do not share information

Network Management Applications Application that exists today Cisco’s ciscoworks 3com’s Transcend

Choosing a network management system Built from two major components: the platform and applications A practical approach follows these steps: Perform device inventory Prioritize the functional areas of network management Survey network management applications Choose the network management platform

Lecture week8

More Related Content

What's hot

Viewers also liked

Similar to Lecture week8

Recently uploaded

Lecture week8