Chapter 3 Network Management
Outline What is network management? Network management vocabulary Evolution of network management Network implementation design ISO network management categories Management tools
Workstations A workstation is a client computer that is used to run applications and is connected to a server from which it obtains data shared with other computers.
Servers: Connecting Computer Systems
Network Server Environment
Client/Server Environment
Server Farm
Client-Server Interaction
Service Applications and Protocols
TCP/IP Based Services
What is network management? In the early days, network was small and local Network manager’s job includes Installation: attach PCs, printers, etc. to LAN Configuration: NICs, protocol stack, user app’s shared printers, etc. Testing: Ping was sufficient to “manage” network More devices: bridge, router Job was manageable
What is network management? Above only deals with configuration Ongoing maintenance issues How to optimize performance? How to handle failures and network changes? How to extend network capacity? How to account for network usages? How to solve network security issues?
What is network management? In the past, the network manager might take all the responsibilities Today the task has divided into specialties: Server admin System admin Network admin Security specialist Different certifications for these Cisco, Novell, Microsoft, Sun, (ISC)2, etc.
What is network management? Today, networks are larger and more complicated, so more demands on network manager How to monitor and control the network effectively and timely? Management tools are needed Network-based management tools: use the network to manage the network (remotely) To control Simple Network Management Protocol (SNMP) Management Information Base (MIB) Network Management System (NMS) To monitor Remote Monitor (RMON1)
What is network management? Definition by Saydam (in Journal of Networks and System Management, published in Dec. 1996): Network management includes the deployment, integration and coordination of the hardware, software, and human elements to monitor, test, poll, configure, analyze, evaluate, and control the network and element resources to meet the real-time, operational performance, and Quality of Service requirements at a reasonable cost. In brief: Network management is mostly a combination of local and remote configuration and management with software. Remote network management is accomplished when one computer is used to monitor, access, and control the configuration of other devices on the network.
Evolution of Network Management
Network Management Requirements
Network management vocabulary agent data managing entity data managed devices contain managed objects whose data is gathered into a Management Information Base (MIB) managed device agent data network management protocol managed device agent data agent data managed device managed device
Network management vocabulary Managed Device Devices to be monitored/controlled, e.g., router, switch, hub, bridge, workstation. A managed device may have several managed objects to be managed A software (agent) is installed to provide access to information/parameters (data) about the device, which is called Management Information Base (MIB) Managing Entity Used by the manager/Admin to do network management PC, notebook, terminal, etc., installed with a software called Network Management System (NMS) NMS displays/analyzes data from management agents
Network management vocabulary Network Management Protocol Runs between the managing entity and the managed devices The managing entity can query the status of the managed devices and take actions at the devices via its agents Agents can use the protocol to inform the managing entity of exceptional events E.g., SNMP: Simple Network Management Protocol Managing agents located at managed devices are periodically queried by the managing entity through a network management protocol.
Challenges of Managing Large Networks Network critical to running of business Complexity of network – requiring automated management tools Large number of devices, increased probability of device failure Likelihood of devices from different manufacturers Physical distribution of network assets – requiring management of assets across the network itself
OSI Key Areas of Network Management Fault Management Correcting a work-stopping fault and resuming normal service with the minimum of delay Steps: Determine location of fault Isolate rest of network from failure Reconfigure network to operate efficiently without failed components Rectify fault, reconnect components, reconfigure network again
OSI Key Areas of Network Management Accounting Management Charging cost of providing network to departments or cost centres based on usage statistics Reasons User(s) may overburden network at expense of other users User(s) making inefficient use of network can be targetted by network manager to change procedures are improve performance Network manager can plan for network growth if user activity is known
OSI Key Areas of Network Management Configuration and Name Management Deciding how a device is to be used, choosing appropriate software and settings for the device Concerned with Initialising a network Gracefully shutting down all or part of a network Maintaining, adding, updating relationships between components Status of components during network operation
OSI Key Areas of Network Management Performance Management Identifying deteriorating response or throughput of the network and introducing additional equipment / transmission-capacity to alleviate the problem Performance issues What is the level of capacity utilisation? Is there excessive traffic? Has throughput reduced unacceptably? Are there bottlenecks? Is response time increasing?
OSI Key Areas of Network Management Security Management Monitoring and controlling access to computer networks Concerned with generation, distributing and storing encryption keys, passwords and other access control information Requires use of security logs and audit records
Sub-area of Configuration and Name Management Layer Management Most of the protocols associated with the TCP/IP suite have associated operational parameters, e.g. IP’s TTL parameter and TCP’s retransmission timer As a network expands, such parameters may need to be changed while the network is still operational
Network Management Techniques Connection Monitoring Ping a number of critical IP addresses at intervals Inefficient, and not very informative, should only be used if no alternative Traffic Monitoring Analyse traffic on a network and generate reports MS Network Monitor / Fluke Network Analyzer Works on a single segment at a time More sophisticated tools use SNMP/CIMP to remotely monitor other segments Connection monitoring – MSBPN example; inefficient, primitive, better than nothing Critical IP addresses: Routers, switches, servers… Enhancement: use traceroute, that’ll identify where failures occur, or when alternative paths are being used (could cause longer latency) Extra enhancement: do short file transfers at regular intervals, give you an idea of throughput Traffic monitor – detect failing / overloaded / poorly configured equipment
SNMP (Simple Network Management Protocol) Released by US Department of Defense and TCP/IP developers in 1988 Most widely used and well-known in network software management tools Uses a technique called MIB collection to retrieve network information - i.e polls each device on a network in sequence, asking for status, records that information centrally Devices on the network don’t need to be smart enough to report problems as they occur SNMP’s polling contributes significantly to network traffic Simple Network Management Protocol
CMIP (Common Management Information Protocol) Developed by the ISO, pre-dating SNMP Not implemented as much as SNMP, especially since SNMP became a part of TCP/IP Uses a technique called MIB reporting to gather network information - the central monitoring station waits for devices to report their current status to it May be useful if keeping non-essential network traffic to a minimum is critical Common Management Information Protocol
TMN (Telecommunications Management Network) Developed by ITU-T Specifies management architectures for telecommunications networks (e.g. ISDN, B-ISDN, ATM) Provides a richer framework of architectural concepts than SNMPv3 Underlying protocols may be provided by SNMP or CMIP
Network Monitors / Network Analysers A network monitor uses SNMP or CMIP to keep track of statistical information about a network A network analyser does the same but provides a more sophisticated level of service - for example some network analysers can not only detect and identify problems, they can fix them as well A network analyser may be dedicated hardware, but can just be a specialised software package that runs on a typical PC using a typical network card
Network Troubleshooting Problems will happen on networks Approach the problem logically and methodically Two useful approaches to network troubleshooting: The Process of Elimination Divide and Conquer These approaches apply in areas other than just networking Process of elimination: A limited number of possible causes to a problem. List all the possible causes, check each one and if it’s definitely not the cause of the problem, then eliminate it. May not result in a resolution, e.g. if two factors are combining to cause the problem. Divide and Conquer if the problem domain is very big with many possible causes. Try to eliminate whole groups of causes in one go. See handout for more fully described examples that relate to networking
Network Troubleshooting S/W Tools Ping – network layer connectivity Traceroute – identifying network layer point of failure Telnet – application layer connectivity Netstat – protocol statistics / TCP/IP connections ARP – show / change ARP cache IPConfig – show IP / MAC settings These are basic tools available on any WinNT/2000/95/98 machine, similar tools available on UNIX, lots of other more sophisticated tools available.
Simple Network Management Protocol Application-layer protocol Facilitates the exchange of management information between network devices Part of the TCP/IP protocol suite.
SNMP Basic Components Network Management System (NMS) Managed elements Executes applications that monitor and control managed devices May be a dedicated device Could have more than one NMS on a network Managed elements Devices: switch, router, workstation, printer… Software Elements: protocol… Collect and store management-related information Managed Elements – software elements, hardware elements (devices) Example of Managed Software Element – protocol Management related information, e.g. for IP: read variable such as no. of packets dropped due to TTL parameter expirations, write variable such as actual TTL timeout value. Communicates with NMS – via SNMP commands (seen soon)
SNMP Basic Components… Agents Network management software that resides in a managed device Has local knowledge of management information Translates the information into SNMP form Communicates with Network Management System Master Agent Parses and formats protocol messages Subagent Models objects of interest within a subsystem Interfaces to the subsystem for monitoring and management operations Agent software small compared to NMS software, so NMS may be a dedicated device Master and subagents can merge, just called an agent then
Remote Monitoring RMON is an enhancement to SNMP Allows SNMP to look at entire network, not just individual devices RMON probe collects data from a network segment and relays it back to management console RMON creates new categories of data, i.e. new branches added to MIB tree A number of enhancements to SNMP, most important is RMON May have more than one management console, for redundancy in case of failure RMON doesn’t replace SNMP, still need SNMP Revision to RMON called RMON2
RMON Management console must have RMON functionality, can collect information from both RMON probes and plain SNMP agents
RMON Categories of Data Ethernet Statistics Group – statistics gathered for each segment History Control Group – records sample from the Ethernet Statistics Group of a specified period of time Alarm Group – alerts network admin based on counters exceeding specified thresholds Host Group – counters for each host on segment Host TOPN Group – reports, e.g. top 10 hosts that generate broadcast Only some of the categories listed on the slide, some more in the handout Ethernet Statistics Group – e.g counters for bytes, packets, errors & frame size History Control Group – rolling log that covers a limited period, e.g. sample every 30 minutes, maintain last 25 samples (50 hours total). Alarm Group – Management console can alert admin by sending mails flagging dangerous conditions on the network, preventive troubleshooting
Network Management Model
SNMP and CMIP Standards
Components of the Organization Model The network management station (NMS) is usually a standalone workstation, but it may be implemented over several systems.
Centralized Network Management Architecture
Network management example To get value of MIB variable from mgmt agent Mgmt app (part of NMS) on managing entity passes request to mgmt process Mgmt process calls network mgmt protocol (e.g., SNMP) SNMP constructs Get-Request packet and sent it to the managed device through the network Mgmt agent on managed device receives Get-Request Agent process accesses requested value SNMP constructs Get-Response packet and sent it to managing entity through the network Mgmt process on managing entity receives response Mgmt process passes data to mgmt app
Network Management Overhead There is overhead in terms of CPU cycles to generate and process information/packets May require dedicated Managing Entity Bandwidth usage for sending request and receiving responses A tradeoff between cost and benefit
Additional Network Management Capabilities For efficiency, multiple values can be constructed in a single Get-Response packet Can traverse MIB in logical order Mgmt agent can send unsolicited mssages These are known as traps E.g., if a device goes down Can request info from probes or remote monitors (RMON) Monitoring activity (traffic) on a network segment