Net man - 1 Copyright © 2000 Scott Bradner Network Management Who's the boss? You or the network?

Slides:



Advertisements
Similar presentations
MCT620 – Distributed Systems
Advertisements

Computer Networks TCP/IP Protocol Suite.
1 UNIT I (Contd..) High-Speed LANs. 2 Introduction Fast Ethernet and Gigabit Ethernet Fast Ethernet and Gigabit Ethernet Fibre Channel Fibre Channel High-speed.
Zhongxing Telecom Pakistan (Pvt.) Ltd
Network Layer: Address Mapping, Error Reporting, and Multicasting
1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 4 Computing Platforms.
Processes and Operating Systems
A Brief Introduction to Internet Network Management and SNMP Geoff Huston NTW Track 4.
A Brief Introduction to Internet Network Management Geoff Huston
1 Hyades Command Routing Message flow and data translation.
1 Chapter 12 File Management Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
1 Click here to End Presentation Software: Installation and Updates Internet Download CD release NACIS Updates.
© Tally Solutions Pvt. Ltd. All Rights Reserved Shoper 9 License Management December 09.
Protocol layers and Wireshark Rahul Hiran TDTS11:Computer Networks and Internet Protocols 1 Note: T he slides are adapted and modified based on slides.
Break Time Remaining 10:00.
Local Area Networks - Internetworking
PP Test Review Sections 6-1 to 6-6
What is access control list (ACL)?
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 2 The OSI Model and the TCP/IP.
EIS Bridge Tool and Staging Tables September 1, 2009 Instructor: Way Poteat Slide: 1.
Chapter 20 Network Layer: Internet Protocol
Sample Service Screenshots Enterprise Cloud Service 11.3.
Copyright © 2012, Elsevier Inc. All rights Reserved. 1 Chapter 7 Modeling Structure with Blocks.
Nov-03 ©Cisco Systems CCNA Semester 1 Version 3 Comp11 Mod11 – St. Lawrence College – Cornwall Campus, ON, Canada – Clark slide 1 Cisco Systems CCNA Version.
1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.1 Module 10 Routing Fundamentals and Subnets.
1 How Do I Order From.decimal? Rev 05/04/09 This instructional training document may be updated at anytime. Please visit and check the.
: 3 00.
5 minutes.
© Ericsson Interception Management Systems, 2000 CELLNET Drop Administering IMS Database Module Objectives To add a network elements to the database.
Clock will move after 1 minute
1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.1 Module 9 TCP/IP Protocol Suite and IP Addressing.
The DDS Benchmarking Environment James Edmondson Vanderbilt University Nashville, TN.
Chapter 6 SNMPv2 6-1 Network Management: Principles and Practice
Communication and Functional Models
Organization and Information Models
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 13 Slide 1 Application architectures.
1 1/15/ :37 Chapter 14Network Management1 Rivier College CS575: Advanced LANs Chapter 14: Network Management.
Select a time to count down from the clock above
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 24 Network Management: SNMP.
1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.
TCP/IP Protocol Suite 1 Chapter 21 Upon completion you will be able to: Network Management: SNMP Understand the SNMP manager and the SNMP agent Understand.
CSEE W4140 Networking Laboratory Lecture 11: SNMP Jong Yul Kim
CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.
COMP4690, by Dr Xiaowen Chu, HKBU
SNMP Simple Network Management Protocol
Guide to TCP/IP, Third Edition Chapter 11: Monitoring and Managing IP Networks.
Ch. 31 Q and A IS 333 Spring 2015 Victor Norman. SNMP, MIBs, and ASN.1 SNMP defines the protocol used to send requests and get responses. MIBs are like.
Chapter 6 Overview Simple Network Management Protocol
McGraw-Hill The McGraw-Hill Companies, Inc., 2000 SNMP Simple Network Management Protocol.
SNMP In Depth. SNMP u Simple Network Management Protocol –The most popular network management protocol –Hosts, firewalls, routers, switches…UPS, power.
Experiences in Analyzing Network Traffic Shou-Chuan Lai National Tsing Hua University Computer and Communication Center Nov. 20, 2003.
SNMP: Simple Network Management Protocol
Network Protocols UNIT IV – NETWORK MANAGEMENT FUNDAMENTALS.
SNMP ( Simple Network Management Protocol ) based Network Management.
Hands-on Networking Fundamentals
9/15/2015© 2008 Raymond P. Jefferis IIILect Application Layer.
ECE Prof. John A. Copeland Office: Klaus or call.
BAI513 - PROTOCOLS SNMP BAIST – Network Management.
SNMP Simple Network Management Protocol. SNMP and UDP Uses UDP as transport protocol Connectionless Connectionless Port 161 for sending and receiving.
Lec 3: Infrastructure of Network Management Part2 Organized by: Nada Alhirabi NET 311.
SNMP n Where did it come from ? –Internet Engineering Task Force »Network Management Area –SNMP V1 –MIB definitions –SNMPV2.
1 Network Management: SNMP The roots of education are bitter, but the fruit is sweet. - Aristotle.
Network Management  introduction  Internet SNMP: Simple Network Management Protocol  required reading: section 7.3 in text.
NOC Services and Applications1 Sunday Folayan. NOC Services and Applications2 What is Network Management? “In order to operate a reliable service, the.
Ch. 31 Q and A IS 333 Spring 2016 Victor Norman. SNMP, MIBs, and ASN.1 SNMP defines the protocol used to send requests and get responses. MIBs are like.
Chapter 27 Network Management Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
or call for office visit, or call Kathy Cheek,
SNMP (Simple Network Management Protocol) based Network Management
A Brief Introduction to Internet Network Management
Presentation transcript:

net man - 1 Copyright © 2000 Scott Bradner Network Management Who's the boss? You or the network?

net man - 2 Copyright © 2000 Scott Bradner Parts of Network Management network management is not just keeping bits moving OSI network management components fault management performance management security management configuration and name management accounting management add policy-based management reporting

net man - 3 Copyright © 2000 Scott Bradner Fault Management detect network problems transient/persistent failure/overload detect server problems isolating problems reporting mechanism link to help desk notify on-call personnel setup & control alarm procedures repair/recovery procedures ticket system

net man - 4 Copyright © 2000 Scott Bradner Fault Management - Ticket System system provides for: short term memory & communication scheduling and work assignment referrals and dispatching oversight statistical analysis long term accountability

net man - 5 Copyright © 2000 Scott Bradner Fault Management - Ticket Usage create a ticket on ALL calls create a ticket on ALL problems create a ticket for ALL scheduled events copy of ticket mailed to reporter and mailing list(s) all milestones in resolution of problem create a new ticket entry with reference to original

net man - 6 Copyright © 2000 Scott Bradner Fault Management - Ticket Example From Fri Dec 14 13:12: Received: from nic.near.net by nic.near.net id aa22499; 14 Dec Date: Fri, 14 Dec 90 13:01:42 EST From: Subject: NEARnet Ticket #1582 To: Status: R Ticket Number: 1582 Ticket Status: open Ticket Type: unplanned Ticket Source: Ticket Scope: host Site/Line: mit Ticket Owner: perfetti Problem Fixer: Ticket Opened: 12/14/90 12:56 Problem Started: 12/14/90 11:20 Problem Description: User is experiencing difficulty in reaching a host located at Rutgers. The host in question is quartz.rutgers.edu ( ). This problem is being investigated. For a complete history of this ticket, do "finger ticket-

net man - 7 Copyright © 2000 Scott Bradner Performance Management evaluate the behavior of network elements information used in planning interface stats throughput error rates software stats usage queues system load disk space availability per cent response time

net man - 8 Copyright © 2000 Scott Bradner Security Management security required to operate network and protect managed objects security services Kerberos PGP key server secure time security tools cops - host configuration checker ( distribute security information bug reports bug fixes intruder alerts

net man - 9 Copyright © 2000 Scott Bradner Security Management, cont. reporting procedure for security events e.g. break-ins control internal and external gateways control firewalls (external and internal) security logs privacy issues can be a conflict

net man - 10 Copyright © 2000 Scott Bradner Configuration and Name Management network state information network topology operation status of network elements including resources network element configuration control network elements start/stop modification of network attributes addition of new features configuration modification allocation and addition of network resources reconfiguration if dictated by link outages

net man - 11 Copyright © 2000 Scott Bradner Config. Mgmt. - Network State Info. e.g. SNMP driven display nnhvd husc6 harvard geo oitgw1 mghgw sphgw1 wjhgw1 wjh12 generali talcott harvisr huelings pitirium nngw lmagw1 dfchtch

net man - 12 Copyright © 2000 Scott Bradner SNMP Simple Network Management Protocol mostly a query - response system little network traffic initiated by agent currently only a primitive security system SNMPv2 was to have real security but working group fragmented, SNMPv3 now ready uses database defined in MIB can have "enterprise" extensions to MIB SMI defines structure of MIB SMI defines data structure using ASN.1

net man - 13 Copyright © 2000 Scott Bradner ASN.1 ISO standard specification of Abstract Syntax Notation One (ASN.1) defines a language used to describe data types specification of Basic Encoding Rules for Abstract Notation One (ASN.1) defines a method for unambiguous transmission of data machine architecture independent. operating system independent. network protocol independent.

net man - 14 Copyright © 2000 Scott Bradner tag asn.1 data type length length in octets value value of data element format dependent on type ANS.1 Data Encoding (TLV) taglengthvalue

net man - 15 Copyright © 2000 Scott Bradner ANS.1 Data encoding, length data element length field if element length <= 126 octets actual tag value is in length octet with high bit = 0 (value 127 is reserved) if element length > 127 octets length made up of chunks of 7 bits per octet high bit in all but the last octet = 1 high bit in the last octet = 0 taglengthvalue length0

net man - 16 Copyright © 2000 Scott Bradner ASN.1, Object Identifier OBJECT IDENTIFIER sequence of integers that describe a pathway taken in traversing a tree of options, must be unique e.g or iso org dod internet mgmt mib system sysDescr the base of the tree is defined by ISO, sections are defined by other authorities

net man - 17 Copyright © 2000 Scott Bradner SNMP, MIBII iso joint citt sysDescr sysObjec tID sysUpTime sysContact sysName sysLocation sysServices system interfaces at ip icmp tcp udp egp transmission snmp mib-2mgmt internet directory experimental privateenterprises dod memb reg std org reserved Proteon IBM CMU UNIX

net man - 18 Copyright © 2000 Scott Bradner SNMP, cont. defines three query messages to get information from an agent being monitored defines a set message to be used in managing an agent defines a response message for an agent to use in responding to a query or set message defines a set of trap messages by which an agent can send notification of a status change to a management station defines an inform message for reliable communications

net man - 19 Copyright © 2000 Scott Bradner SNMP: Query Messages GetRequest request to an agent to return the current value of a specific MIB variable can take more than one variable in one request. GetNextRequest request to an agent to return the "next" MIB variable used to walk the tree in an agent GetBulkRequest request to an agent to return large blocks of data

net man - 20 Copyright © 2000 Scott Bradner SNMP: Set Message SetRequest request to an agent to change the values of one or more MIB variables to specific new values. if there is an error in the SetRequest and one or more variables cannot be set, none will be set error conditions 1/ one or more objects not available for set operation, given access controls 2/ contents of value field does not correspond to definition 3/ size of response message would be larger than local limitations 4/ some other reason a value cannot be altered

net man - 21 Copyright © 2000 Scott Bradner SNMP: Response Message Response message from an agent to a NMS in response to a GetRequest, a GetNextRequest or a SetRequest used to return requested values or to indicate success or failure of set request includes an error status and an error index

net man - 22 Copyright © 2000 Scott Bradner SNMP: Trap Message trap message: message from an agent to a NMS in response to a status change or event in the agent trap conditions: coldStart warmStart linkDown linkUp authenticationFailure egpNeighborLoss enterpriseSpecific

net man - 23 Copyright © 2000 Scott Bradner SNMP: InformRequest like a reliable trap designed to be used between network management stations expanding to other uses resent until acknowledged

net man - 24 Copyright © 2000 Scott Bradner SNMP: Communities provides trivial security like a password community name sent in clear over net with each message some agents have more than one community for different access modes these are know as "views" some agents can link access to community name and IP address of NMS

net man - 25 Copyright © 2000 Scott Bradner SNMPv3 add security to SNMPv2 secure SET support protect against modification of information masquerade message stream modification disclosure does not deal with denial of service traffic analysis

net man - 26 Copyright © 2000 Scott Bradner SNMPv3, contd. three levels of security no authentication, no privacy authentication, no privacy authentication & privacy can support more than one security model user-based security model defined security based on name of a user new message format to add security information overview in RFC 2261

net man - 27 Copyright © 2000 Scott Bradner Accounting Management what do you account for? if you count packets sent it can inhibit anonymous ftp & web sites QoS differences in the future want to charge "user" of service application dependent determination of "user"

net man - 28 Copyright © 2000 Scott Bradner Accounting, Cont. could do settlements based in routing information try to minimize size of routing tables telco model everyone shares in revenue call an 800 number from a pay phone 800 destinations pays pay phone owner receive a long distance call to your own switch you get fee for local delivery

net man - 29 Copyright © 2000 Scott Bradner getoctets simple traffic stats collector cron-driven shell procedure get-octets router1 router2 router3... figures out interface list for each router then gets ifInOctets, ifOutOctets, ifInUcastPkts, ifOutUcastPkts ifInNUcastPkts, ifOutNUcastPkts, system.sysUpTime ftp://conrad.harvard.edu/pub/SNMPoll/octets.tar needs cmu snmp package

net man - 30 Copyright © 2000 Scott Bradner getoctets, contd. makes separate stats file for each interface example filename: WJHgw1 example data 1997,06,23,160,09,1,00,02,37,EDT, , , , ,10,628226, ,06,23,160,09,1,00,22,37,EDT, , , , ,10,628281, ,06,23,160,09,1,00,42,36,EDT, , , , ,10,628342, processing a bit hard must deal with counter wrap & router reboots sample period must be < 59 min for an Ethernet link utilization calculation complex must include link encapsulation etc

net man - 31 Copyright © 2000 Scott Bradner getoctets, processing UpDate routine bug in 32 bit versions of perl (gives bad results) example output week millions of bits per second millions of octets ending peak in peak out 95% in 95% out in out total

net man - 32 Copyright © 2000 Scott Bradner Policy Based Management want to manage the network not just network elements define policy rules to tell network what to do e.g. network operations center gets access to all routers e.g. accounting department gets priority last 3 days of month e.g. max of 10% video on any link policy rule gets translated into changes in configurations of devices

net man - 33 Copyright © 2000 Scott Bradner Parts of a Policy-Based System conceptual parts policy management tool used to create policy rules policy repository store policy rules policy consumer pushes policy rules (or translations) to policy target policy target functional element effected by policy rule

net man - 34 Copyright © 2000 Scott Bradner Example Policy System policy management stations policy repository policy consumers policy targets

net man - 35 Copyright © 2000 Scott Bradner Policy Sequence rule defined check for static conflicts put in repository ( could use LDAP ) retrieved by policy consumers ( could use LDAP ) processed to create configuration for policy target can use conceptual rather than actual interfaces e.g. backbone interface, customer interface can have time component pushed to policy targets using COPS or SNMP

net man - 36 Copyright © 2000 Scott Bradner Policy Sequence, contd. policy target installs configuration may have to translate conceptual to physical interfaces e.g. customer interface -> interfaces 1, 3 & 8 e.g. backbone interface -> interfaces 2 & 7

net man - 37 Copyright © 2000 Scott Bradner Management for Real A few basic tools echo request ping on IP function in many protocols - IP, OSI, AppleTalk, XNS checks path & basic node function can return round trip time normally not higher node function newdev> ping noc.barrnet.net PING noc.barrnet.net ( ): 56 data bytes 64 bytes from : icmp_seq=0. time=83. ms 64 bytes from : icmp_seq=1. time=83. ms 64 bytes from : icmp_seq=2. time=83. ms ^C ----noc.barrnet.net PING Statistics packets transmitted, 3 packets received, 0% packet loss round-trip (ms) min/avg/max = 83/83/83

net man - 38 Copyright © 2000 Scott Bradner Management for Real, Cont. traceroute - finds path to node with delays function only in some protocols must have error returned on TTL exceeded golem> traceroute gatekeeper.dec.com traceroute to gatekeeper.dec.com ( ), 30 hops max, 38 byte packets ( ) 0 ms 0 ms 17 ms 2 ipl-node17.camb.ma.cable.psi.net ( ) 17 ms 0 ms 17 ms ( ) 0 ms 17 ms 17 ms 4 leaf.net121.psi.net ( ) 50 ms 50 ms 33 ms ( ) 101 ms 117 ms 133 ms 6 San-Jose5.CA.ALTER.NET ( ) 133 ms 283 ms 251 ms 7 Palo-Alto1.CA.ALTER.NET ( ) 133 ms 133 ms 100 ms 8 Palo-Alto3.CA.ALTER.NET ( ) 117 ms 100 ms 133 ms 9 border-gwl.pa-x.dec.com ( ) 117 ms 117 ms 100 ms 10 gatekeeper.dec.com ( ) 133 ms 117 ms 133 ms file: pub/net/jacobson/traceroute.tar.Z

net man - 39 Copyright © 2000 Scott Bradner Management for Real, Cont. network monitors/analyzers local systems take unit to problem don't depend on working network wide range of cost & function remote systems leave unit on problem or key network remote control & viewing of information SNMP standard from IETF RMON working group privacy & security issues

net man - 40 Copyright © 2000 Scott Bradner Management for Real, Cont. management agents SNMP agents in all "gateway" devices SNMP agents in all servers need something that knows what it is looking at it not all SNMP variables are the same

net man - 41 Copyright © 2000 Scott Bradner Monitoring simple monitoring tools do 95% of task e.g. ftp://conrad.harvard.edu/pub/SNMPoll monitor should be both poll & trap based for best reliability but just polling will do better than just traps and will work fine other than response latency simple, terse, messages on problems

net man - 42 Copyright © 2000 Scott Bradner Example SNMPoll Error Messages interface Date: Mon, 16 Jun 97 09:11 EDT From: To: Subject: FMD_175_No_Harva down FMD_175_No_Harva down : Hamgw Eth 5 down at 09:11:03 router Date: Fri, 13 Jun 97 17:17 EDT From: To: Subject: MEEIgw1 not responding MEEIgw1 not responding : No Response from at 17:17:37

net man - 43 Copyright © 2000 Scott Bradner SNMPoll command to cause auto configuration needs config.seed retries if failed poll of router reduce false error messages understands hierarchy tries next step back up hierarchy if failed poll query for many interfaces in same get_request minimize network traffic and router load

net man - 44 Copyright © 2000 Scott Bradner Things to Look For dup protocol addresses very bad in AppleTalk and IPX network/link load router/bridge CPU load errors drops!! interface resets collisions (if CSMA/CD network)

net man - 45 Copyright © 2000 Scott Bradner Things to Do (Defensive) filter

net man - 46 Copyright © 2000 Scott Bradner Route Filtering NAP MCI SPRINT PSI BBN Planet MIT dial-up provider in FL MIT

net man - 47 Copyright © 2000 Scott Bradner Problems we are early in the Internet management game there is still a lot to learn little AI not NETVIEW prices still high for functionality still gurus data networks are not "plug and play" with large scale nefarious people

net man - 48 Copyright © 2000 Scott Bradner More Problems not so good at providing simple, easy to understand, warning to non-gurus mostly managing elements policy-based management should help but still monitoring elements - no big picture needs to be usable by normal people needs to say when users will complain

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.