Network Management. Introduction

Network Management Introduction Notes taken from many sources, including IEEE Computer Society Online Cisco Course, Mani Subramanian, Chu Sing Yang, Raouf Boutaba, and many more 1

Outline Introduction to Network Management What is Network Management? Challenges on the Network Management SNMP Family Networking Monitoring Tools 2

The Case for Management Typical problem Remote user arrives at regional office and experiences slow or no response from corporate web server Next step Where do you begin? Where is the problem? What is the problem? What is the solution? Without proper knowledgement of network management, these questions are difficult to answer Regional O Corp Network ffices 3

The Case for Management With proper management tools and procedures in place, you may already have the answer Consider some possibilities What configuration changes were made overnight? Have you received a device fault notification indicating the issue? Have you detected a security breach? Has your performance baseline predicted this behavior on an increasingly congested network link? Regional Offices Corp Network 4

Solving Problem Procedure an accurate database of your network s topology, configuration, and performance a solid understanding of the protocols and models used in communication between your management server and the managed devices methods and tools that allow you to interpret and act upon gathered information Predictability Response Times High Availability Security 5

An aside: Network Operations Centre NOC vs NM Typically NOC = Network Operations Center NM = Network Management what is done at/from a NOC so named in most written material, e.g. text books Management can get very broad and fuzzy, very fast. Others at http://royal.pingdom.com/?p=296 NOC aka Network Operations Center Copyright Tim Moors 2014 Image from http://www.research.att.com/areas/visualization/projects_software/photo_global_center.jpg 6

An aside: Why NM/NOC is challenging Complex: Communication networks are complicated and change rapidly. Information hidden to ease design may be needed for debugging. Distributed systems are hard to control: synchronised and consistent state. Fault management systems must work when the rest of the network doesn't. Internet pushes functionality to ends, away from NM reach collection of Autonomous Systems => heterogeneous & many responsible parties Vendor competition: Users want it, vendors don't http://uluru.ee.unsw.edu.au/~tim/courses/tele9752/1.pdf 7

What is Network Management? Network Management the process of overseeing a network and taking corrective action when necessary to ensure performance and availability 8

What is Network Management? Operations Managing operations involves implementing and overseeing procedures for ensuring that a network runs smoothly. It also involves monitoring the network and addressing problems that occur Administration Administrative functions associated with a network include keeping records of the devices on a network and of their use 9

What is Network Management? Maintenance Maintenance tasks associated with network management include repairing and upgrading network components as required, and implementing measures to ensure that network devices run optimally Provisioning Provisioning refers to the assignment of resources such as hardware components to support required services and users. 10

Effective Network Management Reduces Cost loweroperating costs and less spending on unnecessary network equipment. Improves the Reliability and Availability minimizing disruptions through both proactive and reactive measures. Boost Revenue for ISPs attracting more customers 11

Challenges affecting NM? Managing the delivery of a large number of network services, each of which has specific requirements, such as those associated with bandwidth and connections Ensuring that the individual requirements of services are met without compromising overall network performance. Scalable and adaptable Number of users and various services Ongoing reconfiguration and upgrades Monitoring Tools May affect the network performance 12

Network Management Activities Management Station Local Area Network 13

Network Management Activities Management Station Local Area Network 14

Network Monitoring Status Alarms Statistics ON OFF Management Station Local Area Network 15

Network Monitoring Status Alarms Statistics ON OFF Management Station Data collected on the status of devices E.g., to probe link status : operational or not? Local Area Network 16

Network Monitoring Status Alarms Statistics ON OFF Management Station An alarm is sent any time a problem occurs in the network E.g., a network link is down Local Area Network 17

Network Monitoring Status Alarms Statistics ON OFF Management Station Statistics are sent on a regular basis to the management station which collates and stores them, e.g. traffic levels Local Area Network 18

A Standardized Approach World wide Industry Agreement on Single Set of Specifications Include all the Players: Buyers Standards Bodies Implementers Groups Interoperability through: Open Interoperable Interface Protocol-neutral information models Standard Application Programming Interface

Network Management Standards Standard OSI/CMIP SNMP/Internet TMN IEEE Web-based Management Salient Points 1. International standard (ISO/OSI) 2. Management of data communications network - LAN and WAN 3. Deals with all 7 layers 4. Most complete 5. Object oriented 6. Well structured and layered 7. Consumes large resource in implementation 1. Industry standard (IETF) 2. Originally intended for management of Internet components, currently adopted for WAN and telecommunication systems 3. Easy to implement 4. Most widely implemented 1. International standard (ITU-T) 2. Management of telecommunications network 3. Based on OSI network management framework 4. Addresses both network and administrative aspects of management 5. etom industry standard for business processes for implementing TMN using FrameWorx (formerly NGOSS) framework 1. IEEE standards adopted internationally 2. Addresses LAN and MAN management 3. Adopts OSI standards significantly 4. Deals with first two layers of OSI RM 1. Web-Based Enterprise Management (WBEM) 2. Java Management Extension (JMX) 3. XML-Based Network Management 4.CORBA-based Network Management 20 Network Management: Principles and Practice Mani Subramanian 2010

Network management standards For example: OSI CMIP Common Management Information Protocol designed 1980 s: the unifying net management standard too slowly standardized SNMP: Simple Network Management Protocol Internet roots (SGMP) started simple deployed, adopted rapidly growth: size, complexity currently: SNMP V3 de facto network management standard

Network management standards SNMP adopted by IETF (Internet Engineering Task Force) A subsidiary of the IAB (Internet Activities Board) Standardizes TCP/IP networks management Internet IETF Adopted SNMP (Simple Network Management Protocol) Long-term Plan: migrate to OSI (CMIS - CMIP) In practice: upgraded SNMP versions such as SNMPv2 and SNMPv3

OSI Architecture and Model Network Management Organization Model Information Model Communication Model Functional Model Figure 3.1 OSl Network Management Model Organization Network management components Functions of components Relationships Information Structure of management information (SMI) Syntax and semantics Management information base (MIB) Organization of management information Object-oriented Communication Transfer syntax with bidirectional messages Transfer structure (PDU) Functions Application functions (FCAPS) Configure components Monitor components Measure performance Secure information Usage accounting Network Management: Principles and Practice Mani Subramanian 2010 23

SNMP Architecture and Model Network Management Organization Model Information Model Communication Model Functional Model Organization Same as OSI model Information Same as OSI, but scalar Communication Messages less complex than OSI and unidirectional Transfer structure (PDU) Functions (FCAPS) Application functions Fault management Configuration management Account management Performance management Security management Network Management: Principles and Practice Mani Subramanian 2010 24

TMN Architecture Addresses management of telecommunication networks Based on OSI model Superstructure on OSI network Addresses network, service, and business management Network Management: Principles and Practice Mani Subramanian 2010 25

Organizational Model Manager Sends requests to agents Monitors alarms Hosts applications Provides user interface MDB example Manager Agent Gathers information from objects Configures parameters of objects Responds to managers requests Generates alarms and sends them to managers Managed object Network element that is managed Hosts management agent All objects are manageable or unmanaged MDB Management Database Agent process Managed objects Unmanaged objects Figure 3.2 Two-Tier Network Management Organization Model Network Management: Principles and Practice Mani Subramanian 2010 26

Organizational Model Two-Tier Model MDB Manager MDB Management Database Agent process Managed objects Unmanaged objects Figure 3.2 Two-Tier Network Management Organization Model Agent built into network element Example: Managed hub, managed router An agent can manage multiple elements Example: Switched hub, ATM switch MDB is a physical database Unmanaged objects are network elements that are not managed - both physical (unmanaged hub) and logical (passive elements) Network Management: Principles and Practice Mani Subramanian 2010 27

Organizational Model Three-Tier Model MDB Manager MDB Agent / Manager MDB Management Database Agent process Managed objects Figure 3.3 Three-Tier Network Management Organization Model Middle layer plays the dual role Agent to the top-level manager Manager to the managed objects Example of middle level: Remote monitoring agent (RMON) Network Management: Principles and Practice Mani Subramanian 2010 28

Organizational Model Manager of Managers MoM MDB Agent Agent NMS Manager MDB Agent Agent NMS Manager MDB Managed objects Managed objects MoM Manager of Managers MDB Management Database Agent process Agent NMS Agent Manager Figure 3.4 Network Management Organization Model with MoM Agent NMS manages the domain MoM presents integrated view of domains Domain may be geographical, administrative, vendor-specific products, etc. Network Management: Principles and Practice Mani Subramanian 2010 29

Infrastructure for network management managing entity managing entity data network management protocol agent data managed device agent data managed device agent data managed device agent data managed device agent data managed device managed devices contain managed objects whose data is gathered into a Management Information Base (MIB) constructed in accordance to Structure of Management Information (SMI) 30

Implementing a Standardised Network Management Solution Network Management Station NMS Describe each network component and its operations Network Network Internet LAN LAN LAN Mainframe Router Gateway

SNMP SNMP overview: 4 key parts Management information base (MIB): distributed information store of network management data Structure of Management Information (SMI): data definition language for MIB objects SNMP protocol convey manager<->managed object info, commands security, administration capabilities major addition in SNMPv3 (More later)

The Managed Network Network Network Elements Host Node Link Devices

Management Agents NMS Network Unusual Activity Traffic Level Link Down Host Node Link Requests Alarms Management Agents

Device s Components or Objects MIB iproutetable OBJECT-TYPE iproutedest OBJECT-TYPE iprouteentry OBJECT-TYPE Map of Objects Management Agent

INFORMATION MODEL MANAGEMENT INFORMATION BASES (MIBs) 36

MIBs describe the structure of the management data of a device subsystem; they use a hierarchical namespace containing object identifiers (OID) Each OID identifies a variable that can be read or set via SNMP MIBs use the notation defined by Structure of Management Information (SMI), a subset of ASN.1 37

Information Model: Analogy Figure in a book uniquely identified by ISBN, Chapter, and Figure number in that hierarchical order ID: {ISBN, chapter, figure} The three elements above define the syntax Semantics is the meaning of the three entities according to Webster s dictionary The information comprises syntax and semantics about an object Network Management: Principles and Practice Mani Subramanian 2010 38

Structure of Management Information (SMI) Purpose: defines for a managed object syntax, semantics of management data, welldefined, unambiguous Plus additional information such as status structure base data types: straightforward, boring OBJECT-TYPE data type, status, semantics of managed object MODULE-IDENTITY groups related objects into MIB module Basic Data Types INTEGER Integer32 Unsigned32 OCTET STRING OBJECT IDENTIFIED IPaddress Counter32 Counter64 Guage32 Time Ticks Opaque Example sysdescr: { system 1 } Syntax: OCTET STRING Definition: "A textual description of the entity. " Access: read-only Status: mandatory Network Management: Principles and Practice Mani Subramanian 2010 39

Management Information Base (MIB) contains information about objects organized by grouping of related objects defines relationship between objects it is NOT a physical database. It is a virtual database that is compiled into management module MIB iproutetable OBJECT-TYPE iproutedest OBJECT-TYPE iprouteentry OBJECT-TYPE Network Management: Principles and Practice Mani Subramanian 2010 40

Information Base View: An Analogy Fulton County library system has many branches Each branch has a set of books The books in each branch is a different set The information base of the county has the view (catalog) of all books The information base of each branch has the catalog of books that belong to that branch. That is, each branch has its view (catalog) of the information base Let us apply this to MIB view MIB View and Access of an Object A managed object has many attributes its information base There are several operations that can be performed on the objects A user (manager) can view and perform only certain operations on the object by invoking the management agent The view of the object attributes that the agent perceives is the MIB view Theoperation that a user can perform is the MIB access Network Management: Principles and Practice Mani Subramanian 2010 41

Management Information Base (MIB) Application Layer Transport Layer IP Layer Network Access Layer A user (manager) can view and perform only certain operations on the object by invoking the management agent The view of the object attributes that the agent perceives is the MIB view MIB Object Groups The operation that a user can perform is the MIB access Objects The managed objects are stored as groups of objects in the so-called MIB or Management Information Base. A managed object has many attributes its information base 42

Management Data Base (MDB) / Management Information Base (MIB) Distinction between MDB and MIB MDB physical database; e.g., Oracle, Sybase MIB virtual database; schema compiled into management software. An NMS can automatically discover a managed object, such as a hub, when added to the network The NMS can identify the new object as hub only after the MIB schema of the hub is compiled into NMS software. MDB Manager Managed objects MIB MDB Management Database MIB Management Information Base Agent process Figure 3.6 Network Configuration with Data and Information Base Network Management: Principles and Practice Mani Subramanian 2010 43

Managed Objects Managed objects can be Network elements (hardware, system) Hubs, bridges, routers, transmission Software (non-physical) Programs, algorithms Administrative information Contact person, name of group of objects (IP group) Management Information Tree Root Level 1 naming question: how to name every possible standard object (protocol, data, more..) in every possible network standard?? answer: ISO Object Identifier tree: hierarchical naming of all objects each branchpoint has name, number example ISO ISO-ident. Org. US DoD Internet 1.3.6.1.2.1.7.1 udpindatagrams UDP MIB2 management Level 2 Level 3 Figure 3.7 Generic Representation of Management Information Tree Network Management: Principles and Practice Mani Subramanian 2010 44

OSI Management Information Tree iso International Standards Organization itu International Telecommunications Union dod Department of Defense Designation: iso1 org1.3 dod 1.3.6 internet 1.3.6.1 Network Management: Principles and Practice Mani Subramanian 2010 45

Object Type and Instance Type Name Syntax Definition Status Access Instance Object ID Name Type Comments Example of a circle circle is syntax use by app, gives port # Semantics is definition from dictionary A plane figure bounded IP address by a single curved line, every point of which is of equal distance from the center of the figure. 1.3.6.1.2.1.7.1 UDPInDatagrams Counter32 total # datagrams delivered at this node 1.3.6.1.2.1.7.2 UDPNoPorts Counter32 # underliverable datagrams: application at port 1.3.6.1.2.1.7.3 UDPInErrors Counter32 # undeliverable datagrams: other reasons 1.3.6.1.2.1.7.4 UDPOutDatagrams Counter32 # datagrams sent 1.3.6.1.2.1.7.5 udptable SEQUENCE one entry for each port in no all MIB example: UDP module and Network Management: Principles and Practice Mani Subramanian 2010 46

The System Group MIB (1) sys (1) desc object ID up time System time Operating system Version number Management Package ID Manufacturer All system group objects are mandatory 47

The Interfaces Group MIB (1) intf (2) IF desc IF mtu IF out-errors Transmission Unit 0 1 1 0 All interfaces group objects are mandatory 48

Example Object Description: MIB (1) MIB (1) 8 object groups sys(1) intf(2) adr trs(3) IP(4) ICM(5) TCP(6) UDP(7) EGP(8) IF desc IF mtu IF out-errors IF in-errors Object Descriptor Description IF in-errors 1.3.6.1.2.1.2.13 Identifier Syntax Definition Access Status Integer Textual Counts description incoming PDUs of with... rules r w rw r na r ON/OFF w rw na 49

MIBs index (http://en.wikipedia.org/wiki/management_information_base#snmpv1_mib_tables) large number of MIBs defined by both standards organizations like the IETF, private enterprises and others: IETF maintained There are 318 RFCs in the first 5000 RFCs from the IETF that contain MIBs. This list is a mere fraction of the MIBs that have been written: SNMP - SMI: RFC 1155 Defines the Structure of Management Information (SMI) MIB-I: RFC 1156 Historically used with CMOT, not to be used with SNMP SNMPv2-SMI: RFC 2578 Structure of Management Information Version 2 (SMIv2) MIB-II: RFC 1213 Management Information Base for Network Management of TCP/IP-based internets 50

MIBs index (http://en.wikipedia.org/wiki/management_information_base#snmpv1_mib_tables) SNMPv2-MIB: RFC 3418 Management Information Base (MIB) for the Simple Network Management Protocol (SNMP) TCP-MIB: RFC 4022 Management Information Base for the Transmission Control Protocol (TCP) UDP-MIB: RFC 4113 Management Information Base for the User Datagram Protocol (UDP) IP-MIB: RFC 4293 Management Information Base for the Internet Protocol (IP) IF-MIB: RFC 2863 The Interfaces Group MIB ENTITY-MIB: RFC 4133 Entity MIB (Version 3) ENTITY-STATE-MIB: RFC 4268 Entity State MIB ALARM-MIB: RFC 3877 Alarm Management Information Base (MIB) 51

The MIB: A Collection of Object Descriptions Object Desc desc / ID Description Syntax type Definition text. desc Access Object r w rw Desc na Status ON/OFF Syntax desc / ID Description type MIB DefinitionObject text. Desc desc desc / ID Description Access r w rw na Syntax type Status ON/OFF Definition text. desc Object Desc Access r w rw na Syntax Status ON/OFF Object Descriptor Definition Access Syntax Status Definition Access Status Description desc / ID type text. desc r w rw na ON/OFF Description desc / ID type text. desc r w rw na ON/OFF 52

Packet Counter Example Characteristics Example Object type PktCounter Syntax Counter Access Read-only Status Mandatory Description Counts number of packets Figure 3.10(a) Internet Perspective Object class Attributes Operations Behavior Notifications Characteristics Packet Counter Single-valued get, set Example Retrieves or resets values Figure 3.10 (b) OSI Perspective Generates notifications on new value Figure 3.10 Packet Counter As Example of Managed Object Network Management: Principles and Practice Mani Subramanian 2010 53

Internet vs. OSI Managed Object Scalar object in Internet vs. Object-oriented approach in OSI OSI characteristics of operations, behavior, and notification are part of communication model; in Internet: get/set and response/alarm Internet syntax is absorbed as part of OSI attributes Internet access is part of OSI security model Internet status is part of OSI conformance application OSI permits creation and deletion of objects; Internet does not: Enhancement in SNMPv2 Network Management: Principles and Practice Mani Subramanian 2010 54

Summary on MIBs examined how the information in a MIB is constructed in accordance with the rules set out in the SMI - Structure of Management Information - so that all management systems can use it. An MIB contains information about manageable objects in the network element The object descriptor is made of two parts: the object descriptor and the object identifier which is read from the registration tree. The syntax field can have a number of different values: Integer, octet string, null, constructed types or it can be one of a set of defined types There are 8 different object groups and each object that can be described in an MIB belongs to one of these groups. Each network element supports only the groups that apply to it. 55

THE PRESENTATION PROBLEM: ASN.1 56

The presentation problem Q: does perfect memory-to-memory copy solve the communication problem? A: not always! struct { char code; int x; } test; test.x = 256; test.code= a test.code test.x a 00000001 00000011 host 1 format test.code test.x a 00000011 00000001 host 2 format problem: different data format, storage conventions 57

A real-life presentation problem:?????? Groovy!?? grandma 2012 teenager aging 60 s hippie 58

Presentation problem: potential solutions 1. Sender learns receiver s format. Sender translates into receiver s format. Sender sends. real-world analogy? pros and cons? 2. Sender sends. Receiver learns sender s format. Receiver translate into receiverlocal format real-world-analogy pros and cons? 3. Sender translates host-independent format. Sends. Receiver translates to receiver-local format. real-world analogy? pros and cons? 59

Solving the presentation problem 1. Translate local host format to host independent format 2. Transmit data in host independent format 3. Translate host independent format to remote host format presentation service It is pleasing to me! presentation service It is pleasing to me! presentation service Cat s pajamas! Groovy! Awesome, dude!!!!!!!!! grandma aging 60 s hippie 2012 teenager 60

ASN.1: Abstract Syntax Notation 1 ISO standard X.680 used extensively in Internet like eating vegetables, knowing this good for you! defined data types, object constructors like SMI BER: Basic Encoding Rules specify how ASN.1-defined data objects to be transmitted each transmitted object has Type, Length, Value (TLV) encoding 61

TLV Encoding Idea: transmitted data is self identifying T: data type, one of ASN.1-defined types L: length of data in bytes V: value of data, encoded according to ASN.1 standard Tag Value 1 2 3 4 5 6 9 Type Boolean Integer Bitstring Octet string Null Object Identifier Real 62

lastname ::= OCTET STRING weight ::= INTEGER {weight, 259} {lastname, smith } TLV encoding: example module of data type declarations written in ASN.1 Basic Encoding Rules (BER) instances of data type specified in module Value, 259 Length, 2 bytes Type=2, integer Value, 5 octets (chars) Length, 5 bytes Type=4, octet string 3 1 2 2 h t i m s 5 4 transmitted byte stream 63

Abstract Syntax Notation One (ASN.1) ASN.1 is more than a syntax; it s a language Addresses both syntax and semantics Two types of syntax Abstract syntax: set of rules that specify data type and structure for information storage Transfer syntax: set of rules for communicating information between systems Makes application layer protocols independent of lower layer protocols Can generate machine-readable code: Basic Encoding Rules (BER) is used in management modules Network Management: Principles and Practice Mani Subramanian 2010 64

Backus-Nauer Form (BNF) BNF is used for ASN.1 constructs Constructs developed from primitives The example illustrates how numbers are constructed from the primitive <digit> Simple Arithmetic Expression entity (<SAE>) is constructed from the primitives <digit> and <op> Type and Value Assignments <BooleanType> ::= BOOLEAN <BooleanValue> ::= TRUE FALSE ASN.1 module is a group of assignments personname Person-Name::= { first "John", middle T", last } "Smith" Network Management: Principles and Practice Mani Subramanian 2010 Definition: <name> ::= <definition> Rules: <digit> ::= 0 1 2 3 4 5 6 7 8 9 <number> ::= <number> <digit> <number> <op> ::= + - x / <SAE> ::= <number> <SAE> <SAE><op><SAE> Example: 9 is primitive 9 19 is construct of 1 and 9 619 is construct of 6 and 19 Simple Arithmetic Expression <SAE> ::= <number> <SAE><op><number> Example: 26 = 13 x 2 Constructs and primitives 65

Data Type: Example 1 Module name starts with capital letters Data types: Primitives: NULL, GraphicString Constructs Alternatives : CHOICE List maker: SET, SEQUENCE Repetition: SET OF, SEQUENCE OF: Difference between SET and SEQUENCE PersonnelRecord ::= SET { Name, title GraphicString, division CHOICE marketing [0] SEQUENCE {Sector, Country}, research [1] CHOICE {product-based [0] NULL, basic [1] NULL}, production [2] SEQUENCE {Product-line, Country } } etc. Figure 3.13 ASN.1 Data Type Definition: Example 1 Network Management: Principles and Practice Mani Subramanian 2010 66

Data Type: Example 2 Trade-message ::= SEQUENCE {invoice-no INTEGER name GraphicString, details SEQUENCE OF SEQUENCE {part-no INTEGER quantity INTEGER}, charge REAL, authenticator Security-Type} Security-Type ::= SET { } Figure 3.14 ASN.1 Data Type Definition: Example 2 SEQUENCE OF SEQUENCE makes table of rows Network Management: Principles and Practice Mani Subramanian 2010 67

NETWORK MONITORING AND CONTROL (FCAPS) 68

Recall: Network Monitoring and control Status Alarms Statistics ON OFF Management Station Local Area Network

Introduction- Network Monitoring Observes and analyzes the status and behavior of the end systems, intermediate systems and subnetworks that make up the configuration to be managed Performance monitoring Availability Response time Accuracy Throughput Utilization Fault monitoring Identifies faults as quickly as possible Identifies the cause of the fault to take corrective action Fault isolation Accounting monitoring Gathers usage information for each resources 70

Introduction-Network Control concerned with modifying parameters and causes actions to be taken by the end systems, intermediate systems, and subnetworks FCAPS involve both monitoring and control Network monitoring Performance monitoring: Measure and record system behaviour Fault monitoring: Detect, isolate and correct abnormal operation Accounting monitoring: Enable charging for resource use The emphasis in network control Configuration control: Set parameters that govern behaviour Security control: support the application of security policies 71

FCAPS Broadly speaking answers the following questions: What happens when things go wrong? Faults (F) Assumes network already exists - how was it planned, installed, configured for local conditions? Configuration (C) Who pays/paid for it? Accounting (A) Need to monitor performance, e.g. to inform planning, detect faults, etc? Performance (P) How is it secured (e.g. against fraud)? How is security configured? Monitoring to detect security events? Security (S) => (F)(C)(A)(P)(S) 72

Functional Model (FCAPS) OSI Functional Model Configuration Management Fault Management Performance Management Security Management Accounting Management Configuration management Set and change network configuration component parameters Set up alarm thresholds Fault management Detection and isolation of failures in network Trouble ticket administration Performance management Monitor performance of network Security management Authentication Authorization Encryption Accounting management Functional accounting of network usage Network Management: Principles and Practice Mani Subramanian 2010 73

NETWORK MONITORING TOOLS 74

Network Monitoring Tools A key part of network management is monitoring. Using various monitoring tools which obtain and compile information about network activity and performance Example a monitoring tool might help you determine why network performance is slow or why a user has difficulty accessing a server Through proper monitoring and analysis of the results, you can keep track of anetwork'sperformance,and anticipate, recognize, and correct problems before they disrupt network services. 75

Network Monitoring Tools You can use different network monitoring tools for various purposes: to capture and analyze traffic to log information about network events to alert you to specified events to monitor interfaces, such as routers, switches, and servers to alert you about areas where traffic is congested to assist in constructing performance baselines to determine upgrade and forecast needs, and to generate reports for management 76

Network Monitoring Tools Can be classified based on their usage: status monitoring ping & nslookup traffic monitoring Monitor the quality of the network, ping route monitoring Track the routes, traceroute & arp 77

Network Monitoring Tools Can be classified based on their applicability: LAN monitoring Remote Monitoring RMON, pathping, OpManager, Solarwinds QoS monitoring QoS parameters, load balancing Bandwidth monitoring NetFlow analyzer WAN Monitoring Exinda, router monitoring etc 78

Network Monitoring Tools Software based throughput testers to measure network throughput These tools send large data packets from one destination to another, measuring how long it takes to transfer the packets Connectivity Software tools built in tools provided in Windows and UNIX operating system tools you install as add ins to troubleshoot connectivity issues Wireshark and Nagios 79

Network Monitoring Tools Tasks to perform as a Network Admin: identifying inbound and outbound protocols determining whether the protocols acknowledge each other and whether they communicate in a unidirectional or bidirectional fashion identifying open and closed ports checking traffic that passes through the firewall tracing packets on the network, and analyzing bandwidth usage 80

Network Monitoring Tools e.g. restrict traffic based on port, you can implement port filtering 81

SNMP Simple Network Management Protocol collects information from network devices, for diagnostic and maintenance purposes. SNMP is a simple request /response protocol 82

SNMP Consists of two components Agent Software installed on network devices, such as servers, routers, switches, and printers Agents collect information from devices and send it to an SNMP manager Management Systems Central management server Logs the information send by Agents Alert the IT Run a corrective program or script 83

SNMP SNMP versions: SNMPv1 1988 Operates over UDP, Not secure, plain text transactions Get, GetNext, Set and Trap SNMPv2 1993 New commands, GetBulk and Inform SNMPv3 2002 Enhanced security features Authentication, privacy, and access control 84

Overview What is Network Management? Network management standards and models FCAPS in a nutshell Efficient Network Management Network Monitoring Tools SNMP in a nutshell 85

END 86

SUPPLEMENTARY 87

Network Troubleshooting Ask yourself questions like these as you work up or down the stack: Do you have physical connectivity and a link light? Is your interface configured properly? Do your ARP tables show other hosts? Is there a firewall on your local machine? Is there a firewall anywhere between you and the destination? If firewalls are involved, do they pass ICMP ping packets and responses? Can you ping the localhost address (127.0.0.1)? Can you ping other local hosts by IP address? Is DNS working properly? 1 Can you ping other local hosts by hostname? Can you ping hosts on another network? Do high-level services such as web and SSH servers work? Did you really check the firewalls?

Ping: Host Status Ping checks to see if a Host is alive Sends ICMP ECHO_REQUEST packet Some ISPs have blocked ICMP In case the DNS is not working Use numeric IP address with ping n option If you are using ping to check Internet ping google.com (consistent responder) Use CTRL-C to stop ping from running

Ping: Host Status cnt. Specify the size of the packet ping s 1500 cuinfo.cornell.edu (linux) Issues with ping A failed ping means something is wrong with network A successfull ping Means that the machine is powered on Echo request packets handled by IP protocol

Smokeping: Ping stats over time Smokeping open source tool by Tobias Oetiker Keeps track of network latencies Sends several ping packets at regular interval to a host Triggers alarms when things go wrong Source: oss.oetiker.ch/smokeping

Traceroute: Trace IP Packets Traceroute by Van Jacobson Uncovers the sequence of gateways through which an IP packet travels to reach its destination Syntax: traceroute hostname Sends 3 packets with the same TTL number Increases the TTL value for the next gateway Would you get the route if you do reverse trace route?

Traceroute:Trace IP Packets cnt. Example: Switzerland to caida.org, San Diego What is the meaning of * in the above example? Traceroute n disables DNS lookup

Netstat: Get Network Statistics Netstat collects information Computer s network software Interface statistics Routing information Connection tables Linux use ifconfig a instead of netstat -i

Netstat: Get Network Statistics

Netstat: Get Network Statistics netstat with no arguments displays the status of active TCP and UDP ports Netstat r U means up G means gateway H host route UGH route through G

Packet Sniffers Tcpdump by Van Jacobson First industry standard sniffer Tcpdump n Tcpdump v collects more info Tcpdump w stores packets in a file collects only incoming web traffic from one subnet $sudo tcpdump src net 192.168.1.0/24 and dst port 80

Packet Sniffers Wireshark GUI interface Powerfull analysis tool Read & Write trace files

ICSI Netalyzr ICSI Netalyzr by the International Computer Science Institute at Berkeley netalyzr.icsi.berkeley.edu Tests the internet connection Inside Outside

RMON: Remote Monitoring MIB RMON MIB Permits the collection of generic network performance data not tied to any specific device MIB broken up to into nine RMON groups Each group contains different statistics Many Switches & Routers support RMON

NET-SNMP Agent NET-SNMP Implemented in Linux & Unix Source: net-snmp.sourceforge.net Includes Agent Command-line tools Server for receiving traps Library for developing SNMP-aware applications

NET-SNMP Tools

CACTI CACTI Source: cacti.net Could store data in intervals One sample every minute for a day One sample every hour for a day One sample every week for a year

Nagios:Event-Based Service M. Nagios Specialized in real time reporting or error conditions It is modular can be heavily customized Triggers alarms as when webserver goes down You can write your won plug-ins Keeps historical archive of its data Can be used to measure compliance with SLAs

Monitor Package Munin munin.projects.linpro.no Munin is especially popular in the Scandinavian countries. Collectd collectd.org is written in C for performance and portability

Monitoring Tools More monitoring tools http://www.gfi.com/blog/the-top-20-free-networkmonitoring-and-analysis-tools-for-sys-admins/