Dr Alejandra Flores-Mosri Network Monitoring Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Explain the uses of network monitoring –Explain the operation of SNMP –Differentiate between SNMP and RMON –Explain the construction of MIBs –Construct a simple network monitoring strategy using SNMP commands and MIBs –Distinguish the advantages and disadvantages of network monitoring

Dr Alejandra Flores-Mosri Network Monitoring Internet Management & Security 06 Introduction Network monitoring and management is used to ensure that: Resources are operating optimally As many faults as possible are prevented Faults are identified and fixed timely

Dr Alejandra Flores-Mosri Network Monitoring Internet Management & Security 06 Introduction SNMP in TCP/IP Remember this?

Dr Alejandra Flores-Mosri Network Monitoring Internet Management & Security 06 Introduction SNMP in TCP/IP and this?

Dr Alejandra Flores-Mosri Network Monitoring Internet Management & Security 06 Network Management Protocols SNMP is an application layer protocol that facilitates the exchange of management information between network devices. It is part of the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite. SNMP enables network administrators to manage network performance, find and solve network problems, and plan for network growth.

Dr Alejandra Flores-Mosri Network Monitoring Internet Management & Security 06 Introduction SNMP-managed network consists of three key components: managed devices, agents, and network-management systems (NMSs).

Dr Alejandra Flores-Mosri Network Monitoring Internet Management & Security 06 Introduction More accurately…with flow

Dr Alejandra Flores-Mosri Network Monitoring Internet Management & Security 06 Resources & Elements NMS NMA NMS Network Management System (Station) NMA Network Management Agent NMP Network Management Protocol Resources: any device attached to the network.

Dr Alejandra Flores-Mosri Network Monitoring Internet Management & Security 06 SNMP v1 SNMP – Basic Commands Managed devices are controlled using 4 basic commands and traversal operation: read - command is used by an NMS to monitor managed devices. The NMS examines different variables that are maintained by managed devices. write - command is used by an NMS to control managed devices. The NMS changes the values of variables stored within managed devices. Trap - command is used by managed devices to asynchronously report events to the NMS. When certain types of events occur, a managed device sends a trap to the NMS.

Dr Alejandra Flores-Mosri Network Monitoring Internet Management & Security 06 SNMP v1 SNMP – Basic Commands Traversal operations are used by the NMS to determine which variables a managed device supports and to sequentially gather information in variable tables, such as a routing table.

Dr Alejandra Flores-Mosri Network Monitoring Internet Management & Security 06 SNMP v1 SNMP – Simple Network Management Protocol Basic operation: Polls – NMS query NMAs in devices about specific status and NMAs respond to NMS Traps – NMAs in devices inform NMS of changes in status (need to be configured) Polls and traps can occur simultaneously

Dr Alejandra Flores-Mosri Network Monitoring Internet Management & Security 06 Network Management Protocols Network Management Protocols determine how the NMS and the NMAs will work and the information they provide and collect: –SNMP v1 –SNMP v2 –SNMP v3 (not really an NMP) –RMONv1 –RMONv2

Dr Alejandra Flores-Mosri Network Monitoring Internet Management & Security 06 Structure of Management Information and MIBs The Structure of Management Information (SMI) is the way in which an NMS organises collected information. A Management Information Base (MIB) is the way in which an NMA organises the monitored information: –is a collection of information that is organized hierarchically. –MIBs are accessed using a network- management protocol such as SNMP..

Dr Alejandra Flores-Mosri Network Monitoring Internet Management & Security 06 Structure of Management Information and MIBs SMI defines the managed objects and MIB is a managed object. Managed objects are comprised of one or more object instances, which are essentially variables. Two types of managed objects exist: scalar and tabular: –Scalar objects define a single object instance. –Tabular objects define multiple related object instances that are grouped in MIB tables.

Dr Alejandra Flores-Mosri Network Monitoring Internet Management & Security 06 MIB-II Standard MIBs are defined by the MIB-II RFC (rfc 1213) and address general TCP/IP management information –Interface speeds –Maximum Transfer Unit (MTU) –Octets sent –Octets received (MIB was the original standard but was absorbed by MIB-II)

Dr Alejandra Flores-Mosri Network Monitoring Internet Management & Security 06 SMI object tree

Dr Alejandra Flores-Mosri Network Monitoring Internet Management & Security 06 Other standard MIBs Other standard MIBs have been defined by the standard groups for several purposes: –ATM MIB (RFC 2515) –Frame Relay DTE Interface type MIB (RFC 2115) –Mail Monitoring MIB (RFC 2249) –DNS Server MIB (RFC 1611) Network managers are also able to design ad hoc MIBs for their network devices.

Dr Alejandra Flores-Mosri Network Monitoring Internet Management & Security 06 SNMP main characteristics Uses UDP as a transport protocol (port 162 for polls and 161 for traps) Security by using community names: –Read-only –Read-write –Trap SNMPv1 basic version SNMPv2 enhances SNMPv1 SNMPv3 adds security to SNMPv2

Dr Alejandra Flores-Mosri Network Monitoring Internet Management & Security 06 SNMP commands SNMPv1 PDU SNMPv2 PDUDirectionDescription GetRequest NMS  NMARequest value for each listed object GetRequest NMS  NMARequest next value for each listed object GetBulkRequestNMS  NMARequest multiple values SetRequest NMS  NMASet value for each listed object InformRequestNMS  NMSTransmit unsolicited information GetResponseResponseNMA  NMS NMS  NMS Respond to manager request Report (implemented in SNMPv3) NMS  NMSProblems with processing SNMP messages NotificationNMA  NMSAs trap but with same format as get & set TrapSNMPv2-TrapNMA  NMSTransmit unsolicited information

Dr Alejandra Flores-Mosri Network Monitoring Internet Management & Security 06 Remote Monitoring (RMON) RMONv1 –Monitors that watch traffic on network segments in LANs or WANs –Also uses MIBs in order to organise information –Some vendors include the probing (polling) facility RMONv2 –Enhances RMONv1 by providing network and application level statistical gathering (like passive network measurement)

Dr Alejandra Flores-Mosri Network Monitoring Internet Management & Security 06 Remote Monitoring (RMON) An RMON Probe Can Send Statistical Information to an RMON Console

Dr Alejandra Flores-Mosri Network Monitoring Internet Management & Security 06 Advantages & Disadvantages Advantages Network monitoring allows a centralised vision of all of the devices in the network Allows flexibility and mobility to network managers Disadvantages Introduces administration traffic into the network (roughly 5% of all traffic is control traffic) Needs careful planning on traps and polls in order to maintain the balance between management and bandwidth utilisation.

Dr Alejandra Flores-Mosri Network Monitoring Internet Management & Security 06 Conclusions Network monitoring facilitates the task of managing several devices at a time The network monitoring centres need to be manned at all times for large networks and the network manager needs to be on call at all times for smaller networks SNMP provides a set of simple commands that collect a wide range of information about devices through MIBs RMON is similar to passive traffic measurement and allows minimal probing of devices

Dr Alejandra Flores-Mosri Network Monitoring Internet Management & Security 06 Resources SNMPv1 - RFC 1157 SNMPv2 - RFC 1905, 1906, 1907 SNMPv3 - RFC 2571, 2573, 2574, 2575 RMONv2 - RFC 2021 RFCs can be found at: D. R. Mauro, Essential SNMP, O’Reilly CISCO Internetworking Technology Handbook :