SNMP in the IPv6 Context



Similar documents
IPv6 Network Management.

SNMP Simple Network Management Protocol

IPv6 network management. Where and when?

Configuring Simple Network Management Protocol (SNMP)

IPv6 network management. 6DEPLOY. IPv6 Deployment and Support

IPv6 network management. 6DEPLOY. IPv6 Deployment and Support

Network Management & Security (CS 330) RMON

IPv6 network management

SNMP Version 3. Finding Feature Information. Information About SNMP Version 3. Security Features in SNMP Version 3

SNMP JManager: An Open Source Didactic Application for Teaching and Learning SNMP v1/2c/3 with Support for IPv4 and IPv6

SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP)

SNMP SECURITY A CLOSER LOOK JEFFERY E. HAMMONDS EAST CAROLINA UNIVERSITY ICTN 6865

Introduction to Simple Network Management Protocol (SNMP)

Network Management & Monitoring Introduction to SNMP

The use of SNMP and other network management tools in UNINETT. Arne Øslebø March 4, 2014

Network Monitoring & Management Introduction to SNMP

L2 / L3 Switches. Simple Network Management Protocol (SNMP) Configuration Guide

Configuration Commands. SNMP System Commands. engineid XRS System Management Guide Page 303 SNMP. Syntax [no] engineid engine-id

New Products and New Features May, 2015

BROCADE VYATTA 5600 vrouter

securitymodel who securityname com2sec secname ipsource community default group groupname model secname v1 v2c usm

Network Management. Jaakko Kotimäki. Department of Computer Science Aalto University, School of Science. 21. maaliskuuta 2016

How To Manage Ipv6 Networks On A Network With Ipvv6 (Ipv6) On A Pc Or Ipv4 (Ip6) (Ip V6) Or Ip V6 ( Ipv5) ( Ip V5

Section 11.1, Simple Network Management Protocol. Section 11.2, Port Data Capture

TUTORIAL SNMP: STATUS AND APPLICATION FOR LAN/MAN MANAGEMENT. Aiko Pras

Management, Logging and Troubleshooting

Synology DiskStation

Comparison of SNMP. Versions 1, 2 and 3

SNMP. Simple Network Management Protocol

Configuring SNMP Monitoring

Remote Management. Vyatta System. REFERENCE GUIDE SSH Telnet Web GUI Access SNMP VYATTA, INC.

Configuring SNMP and using the NetFlow MIB to Monitor NetFlow Data

Simple Network Management Protocol

An Effective Network Mobility Monitoring Technique with Standardized Protocols

Security in Network Management

SNMP....Simple Network Management Protocol...

NAS 271 ASUSTOR NAS MIB Guide

This watermark does not appear in the registered version - SNMP and OpenNMS. Part 1 SNMP.

NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRE

(In)Security in Network Management

Network Management & Monitoring Introduction to SNMP

SNMP and Network Management

SNMP, CMIP based Distributed Heterogeneous Network Management using WBEM Gateway Enabled Integration Approach

Top-Down Network Design

A Summary of Network Traffic Monitoring and Analysis Techniques

How To Understand Network Performance Monitoring And Performance Monitoring Tools

Simulation of an SNMP Agent: Operations, Analysis and Results

Outline of the SNMP Framework

SNMP in Cisco IOS. The minimum you should know

SNMP Network Management Concepts

Use Domain Name System and IP Version 6

INTRODUCTION TO SNMP AND MIB

Chapter 3 LAN Configuration

Configuring SNMP CHAPTER7

What s New in VMware vsphere 5.1 Networking

Monitoring Network Elements

Network Monitoring and Management Recommendations Best Practice Document

CompTIA Exam N CompTIA Network+ certification Version: 5.1 [ Total Questions: 1146 ]

Auditing the LAN with Network Discovery

Monitoring high-speed networks using ntop. Luca Deri

Implementing Existing Management Protocols on Constrained Devices. IETF 81, Quebec,

PIX/ASA 7.x with Syslog Configuration Example

Software Version

OpenScape Voice V7 Volume 3: SNMP Interface and MIB Description. Interface Manual A31003-H8070-T

An Overview of SNMP on the IMG

Cisco Prime Network Analysis Module Software 5.1 for Nexus 1010

F5 Silverline DDoS Protection Onboarding: Technical Note

A Framework for End-to-End Proactive Network Management

Cisco Prime Virtual Network Analysis Module

Tech Note Cisco IOS SNMP Traps Supported and How to Conf

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

Presentation_ID. 2001, Cisco Systems, Inc. All rights reserved.

A Guide to Understanding SNMP

Network Data Monitoring and Analysis. Computer Networks Lecture's Seminar Lecturer:Assoc.Prof.Turgay ĠBRĠKÇĠ Prepared by Çağla TERLĠKCĠOĞULLARI

IPv6 Ready Logo Phase II

Chapter 8 Advanced Configuration

Configuring SNMP Cisco and/or its affiliates. All rights reserved. 1

Smart Network Access System SmartNA 10 Gigabit Aggregating Filtering TAP

Performance Management

SNMP Basics BUPT/QMUL

R07. IV B.Tech. II Semester Regular Examinations, April, NETWORK MANAGEMENT SYSTEMS (Information Technology)

QoS: CBQoS Management Policy-to- Interface Mapping Support Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)

Computer Networks. Introduc)on to Naming, Addressing, and Rou)ng. Week 09. College of Information Science and Engineering Ritsumeikan University

Minimal network traffic is the result of SiteAudit s design. The information below explains why network traffic is minimized.

PANDORA FMS NETWORK DEVICES MONITORING

Operations Manager: Network Monitoring

How will the Migration from IPv4 to IPv6 Impact Voice and Visual Communication?

Transcription:

SNMP in the IPv6 Context Glenn Mansfield Keeni, Kazuhide Koide, Debasish Chakraborty, Norio Shiratori Cyber Solutions Inc. 2003/01/28 Cyber Solutions Inc./Tohoku Univ. 1

Contents Introduction Network Monitoring and Multi-Protocol Issues Status Survey MIB investigation Solution: Development of IPv6 ready SNMP-agent Transport Proxy (SNMP Proxy between IPv4/IPv6) Access Control (Access Control based on IPv6-address) Application: Passive Monitor Agent that Collects IPv6 Traffic Information Visualization Conclusion 2003/01/28 Cyber Solutions Inc./Tohoku Univ. 2

Issues of SNMP in IPv6 Network Ex.) Network Monitoring Environment using SNMP polling IPInOctets viewer manager SNMP/UDP/IP agent 2003/01/28 Cyber Solutions Inc./Tohoku Univ. 3

Issues of SNMP in IPv6 Network P1:Transport issue manager SNMP/IP? agent 2003/01/28 Cyber Solutions Inc./Tohoku Univ. 4

Issues of SNMP in IPv6 Network IPv6InOctets? viewer manager P2:MIB issue 2003/01/28 Cyber Solutions Inc./Tohoku Univ. 5

The Multi-Protocol Issues: MIB definitions & Implementations MIB data structure supports IPv6 Number of IPv6 Packets, Octets Metric of an IPv6 route Today: RFC under construction <draft-ietf-ipv6-rfc2011-update-*.txt><draft-ietf-ipv6-rfc2012-update-*.txt> <draft-ietf-ipv6-rfc2012-update-*.txt><draft-ietf-ipv6-rfc2096-update-*.txt> Transport Definitions & Implementations Multi-protocol in transporting SNMP, proxy, access control IPv4/IPv6, TCP/UDP, SNMPv1/v2/v3 Today: RFC 3291(Textual Conventions for Internet Network Addresses) Implementation: net-snmp5.0.6 2003/01/28 Cyber Solutions Inc./Tohoku Univ. 6

Survey : MIBs using IP Address These MIBs need to update to support IPv6 (Focus on MIBs defined by RFC) MIB-II AppleTalk MIB BGPv3 MIB SNA APPN MIB BGP4-MIB SMDS-if MIB RIPv2-MIB OSPF-MIB MIP-MIB IP-MIB TCP-MIB UDP-MIB MIB name DNS Server MIB DNS Resolver MIB No. of OBJECTS 8 2 8 2 3 4 11 1 4 13 18 3 2 1 IOPA-MIB ATM-MIB TN3270E-MIB IP Tunnel MIB DOCS-IF-MIB VRRP-MIB MIB name IP-FORWARD-MIB IPATM-IPMC-MIB RADIUS-AUTH-CLIENT-MIB RADIUS-AUTH-SERVER-MIB RADIUS-ACC-CLIENT-MIB RADIUS-ACC-SERVER-MIB DOCS-CABLE-DEVICE-MIB DISMAN-EXPRESSION-MIB No. of OBJECTS RMON2-MIB 5 NOTIFICATION-LOG-MIB 1 2003/01/28 Cyber Solutions Inc./Tohoku Univ. 7 DOCS-BPI-MIB 1 6 3 10 1 1 1 1 1 1 4 12 1 4 1

MIBs using IPv6 Address IPv6Address RFC exists - Only MOs in MIB-II MIB-II, Forwarding MIB are under discussion <draft-ietf-ipv6-rfc2011-update-*.txt><draft-ietf-ipv6-rfc2012-update-*.txt> <draft-ietf-ipv6-rfc2012-update-*.txt><draft-ietf-ipv6-rfc2096-update-*.txt> Not sufficient MIB name IPV6-TCP-MIB Managed Object ipv6tcpconnlocaladdress ipv6tcpconnremaddress IPV6-UDP-MIB ipv6udplocaladdress IPV6-MIB ipv6addraddress ipv6routedest ipv6routenexthop ipv6nettomedianetaddress 2003/01/28 Cyber Solutions Inc./Tohoku Univ. 8

Solution : transport issues Development of IPv6 ready SNMP-agent Design of IPv6 ready SNMP-agent RFC 3291 (Textual Conventions for Internet Network Addresses) Deployment based on net-snmp-5.0pre1 Transport implementation Proxy implementation ACL implementation Merged into net-snmp(mainstream) The latest Ver. net-snmp-5.0.6 IPv6 transport is available 2003/01/28 Cyber Solutions Inc./Tohoku Univ. 9

Traffic Pattern of snmpwalk in IPv4/IPv6 [bytes] :IPv4 snmpwalk :IPv6 snmpwalk time[sec] Equipment : FreeBSD4.6(KAME) + net-snmp5.0.6 2003/01/28 Cyber Solutions Inc./Tohoku Univ. 10

Use of SNMP Proxy(IPv4/v6) Managing Equipment Manager IPv4 Network Proxy Agent IPv6 Network Manager Managing Equipment (agent) 2003/01/28 Cyber Solutions Inc./Tohoku Univ. 11

Use of Access control (ACL) in IPv6 IPv6 ready SNMP-agent 2001:200:1a0:ff00::c0a8:76/64 IPv6 Network 2001:200:1a0:ff00::/64 Segment A Allowed Network) 2001:200:1a0:ff00::c0a8:a01/64 IPv6Network 2001:200:1a0:ff01::/64 Segment B Denied Network) # sec.name source community com2sec mynetwork 2001:200:1a0:ff00::/64 RIGHT 2003/01/28 Cyber Solutions Inc./Tohoku Univ. 12

Current status SNMP transport over IPv6 IPv4 IPv6 Transport Proxy Access Control based on IPv6 Address USM Authentication in IPv6 Environment USM Authentication/Privacy in IPv6 Environment VACM in IPv6 Environment Our Implementation 2003/01/28 Cyber Solutions Inc./Tohoku Univ. 13

Application : IPv6 Network Monitoring In many existing IPv6 network: SNMP-functions of Equipments : insufficient Monitoring of IPv6 Network or Traffic by SNMP: Difficult Proposal RMON-type(add-on) passive monitoring agent 2003/01/28 Cyber Solutions Inc./Tohoku Univ. 14

Passive Monitoring Strategy of Network Monitoring Sniffing link using Tapping Kit (Ex. RMON) Merits: Do NOT affect to Network Operation Capability to access details in each packet Capable of getting ANY(IPv4/IPv6) information Also capable of getting Application-layer Information Managing Equipment (Router, Host, Network) Agent Tapping Kit Passive Monitor 2003/01/28 Cyber Solutions Inc./Tohoku Univ. 15

Multi-Protocol Passive Monitor Monitor tapping Feature: Any kind of Info. about packets {Packets, Octets} {IPv4, IPv6} {TCP,UDP,ICMP} {Application wise..} {VLAN1,VLAN2,..} Information provision in MIBs Remote Monitoring Multi-protocol Transport SNMP over IPv4/v6 SNMP v1/v2c/v3 2003/01/28 Cyber Solutions Inc./Tohoku Univ. 16

Designing Probe - Backend Collecting Information of every packets pcap, filtering SNMP agent Probe tapping SNMP agent - Frontend Information Provision in MIB form Programmable MIB Multi-protocol Transport Implementation: pcap + net-snmp + new MIB 2003/01/28 Cyber Solutions Inc./Tohoku Univ. 17

Agent(1-box) 2003/01/28 Cyber Solutions Inc./Tohoku Univ. 18

Agent(Tapping Kit(100baseTX) + PC) 2003/01/28 Cyber Solutions Inc./Tohoku Univ. 19

Tapping Kit(1000base-SX) 2003/01/28 Cyber Solutions Inc./Tohoku Univ. 20

Experiment Environment : JGN-IPv6(IPv6 test-bed) From Nov. 2001 TOHOKU-HOKKAIDO NOC in Tohoku Univ. 6-sites are connected 2003/01/28 Cyber Solutions Inc./Tohoku Univ. 21

Environment : JGN-IPv6 Tohoku-NOC JGN- IPv6 IPv4- cloud CISCO 7206 Summit 24 (3ffe:516:3010::/64) v4router v6router 130.34.38.128/26 3ffe:516:3010:10::/64 agent1 manager agent2 [mirrored traffic] agent3 :Tap Kit 192.168.0.0/24 3ffe:516:3005::/64 Iwamiza wa Sappor o Hachi nohe Iwate Sendai Aizu 2003/01/28 Cyber Solutions Inc./Tohoku Univ. 22

Visualization 2002/Nov./9 JGN Symposium (MPEG traffic, Video Conference) 2003/01/28 Cyber Solutions Inc./Tohoku Univ. 23

Conclusion Status Survey: MIB Investigation Solutions: Transport: Proxy: ACL: Design and Implementation of IPv6 transport SNMP-agent Ready - lpv6 SNMP Proxy Ready - IPv6 Access Control Application: Multi-protocol Passive Monitor Capability to Monitor ANY Network Status: Prototype operation at JGN-IPv6 Tohoku-Hokkaido NOC 2003/01/28 Cyber Solutions Inc./Tohoku Univ. 24

Future Works Implementation of IPv6-ready MIBs Programmable Monitoring Using Light-weight Multi-Protocol Passive Monitor Very Light RMON Easy Use For IPv6 Monitoring 2003/01/28 Cyber Solutions Inc./Tohoku Univ. 25

Appendix A. Definition of SNMP over UDP/IPv4 Definition of TRANSPORT -- SNMPv2 over UDP over IPv4 snmpudpdomain OBJECT-IDENTITY STATUS current DESCRIPTION The SNMPv2 over UDP transport domain. The corresponding transport address is of the type SNMPUDPAddress. ::= { snmpdomains 1} SnmpUDPAddress ::= TEXTUAL-CONVENTION DISPLAY-HINT 1d.1d.1d.1d/2d STATUS current DESCRIPTION Represents a UDP address: octets contents encoding 1-4 IP-address network-byte order 5-6 UDP-port network-byte order SYNTAX OCTET STRING (SIZE(6)) J.Case, K. McCloghrie, M.Rose, S. Waldbusser, RFC1906, Transport Mapping for Version 2 of the Simple Network Management Protocol (SNMPv2) 2003/01/28 Cyber Solutions Inc./Tohoku Univ. 26

Appendix B. Definition of SNMP over UDP/IPv6 Definition of TRANSPORT in IPv6 network transportdomainudpipv6 OBJECT-IDENTITY STATUS current DESCRIPTION "The UDP over IPv6 transport domain. The corresponding transport address is of type TransportAddressIPv6." ::= { transportdomains 2 } TransportAddressIPv6 ::= TEXTUAL-CONVENTION DISPLAY-HINT "0a[2x:2x:2x:2x:2x:2x:2x:2x]0a:2d" STATUS current DESCRIPTION "Represents a UDP/TCP/SCTP over IPv6 transport address: octets contents encoding 1-16 IPv6 address network-byte order 17-18 port number network-byte order This textual convention SHOULD NOT be used directly in object definitions since it restricts addresses to a specific format. However, if it is used, it MAY be used either on its own or in conjunction with TransportAddressType or TransportDomain as a pair." SYNTAX OCTET STRING (SIZE (18)) M. Daniele, J. Schoenwaelder, Textual Conventions for Transport Address, draft-ietf-ops-taddress-mib-02.txt 2003/01/28 Cyber Solutions Inc./Tohoku Univ. 27

Appendix C. snmpd.conf for proxy # proxy to SNMP over IPv6 agent proxy -v1 -c COMMUNITY 2001:200:1a0:ff00::ffff.enterprise.73.15.1.1 proxy -v2c -c COMMUNITY 2001:200:1a0:ff00::ffff.enterprise.73.15.2.1 proxy -v3 -u user -l authnopriv -a MD5 -A AUTHPASS 2001:200:1a0:ff00::ffff.enterprise.73.15.3.1 proxy -v3 -u user -l authpriv -a MD5 -A AUTHPASS -x DES -X PRIVPASS 2001:200:1a0:ff00::ffff.enterprise.73.15.4.1 # proxy to SNMP over IPv4 agent proxy -v1 -c COMMUNITY 192.168.0.254.enterprise.73.14.1.1 proxy -v2c -c COMMUNITY 192.168.0.254.enterprise.73.14.2.1 proxy -v3 -u user -l authnopriv -a MD5 -A AUTHPASS 192.168.0.254.enterprise.73.14.3.1 proxy -v3 -u user -l authpriv -a MD5 -A AUTHPASS -x DES -X PRIVPASS 192.168.0.254.enterprise.73.14.4.1 2003/01/28 Cyber Solutions Inc./Tohoku Univ. 28

Appendix D. Programmable MIB # cpmonitorbe.conf preprocessor CGpMonitor: 22 23 80 161 162 2003/01/28 Cyber Solutions Inc./Tohoku Univ. 29

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information