Operations Manager: Network Monitoring Phil Bracher Chris Maiden
Agenda
Network Monitoring Overview
Network Monitoring Features Out of the box discovery, monitoring, dashboards & reporting. Server to network dependency discovery. Multi-vendor supporter 80 vendors-2000 devices certified Multi protocol support SNMPv1/v2c/v3 IPv4 and IPv6
Support Device Types (SNMP) Bridges Firewalls Load Balancers Routers Hosts Switches Hubs 5
SNMP Overview
Main Concepts SNMP Components SNMP Communications MIB tree structure How are OID s formed?
SNMP Components Managed Devices SNMP Agents Network Management System (NMS) SNMP V1, SNMP V2c, SNMP V3
SNMP V1 and V2c Message Format
SNMP V1 and V2c Message Format Version Number (SNMPv2c) Community String PDU Control Files PDU
SNMP V3 Concepts Authentication - Determines the message is from a valid source by using RunAs Accounts. Encryption - Prevents network sniffing utilities from being able to see the contents of the packets. Message integrity- Ensures that a packet has not been tampered with while in-transit Level noauthnopriv authnopriv authpriv Definition Without authentication and without privacy With authentication, but without privacy With authentication and with privacy
SNMP V3 Message Format msgversion Scope of Authentication msgid msgmaxsize msgflags msgsecuritymodel msgglobaldata Or HeaderData User Security Model Security Parameters AuthoritativeEngineId AuthoritativeEngineBoots msgsecurityparameters Defined and used by Security Model AuthoritativeEngineTime UserName contextengineid AuthenticationParameters Scope of Encryption contextname PrivacyParameters msgdata or Scoped PDU PDU
SNMP v3 Why Unreadable? SNMP Version Unreadable Community String Unreadable PDU
MIB and OID MIB: Management Information Base. It is a collection of information organized hierarchically OID: Object Identifiers that uniquely identify managed objects in a MIB hierarchy.
OID Tree
How are OID s formed? Assigned in hierarchical fashion Each number identifies a node in the MIB tree IETF (Internet Engineering Task Force) 1.3.6.1 - Internet Community (IANA) Directory (1.3.6.1.1) Mgmt (1.3.6.1.2) Experimental (1.3.6.1.3) Private (1.3.6.1.4)
Network Discovery
What s Discovered? Connectivity: server to switch, switch to switch VLAN membership HSRP groups Stitching of switch ports to server NICs Key components of a device: ports/interfaces, processor, memory
Discovery Methods Explicit discovery Customer knows the network devices. Manual process add ip address or import list Recursive Discovery Network topology unknown Discovered based on a set of seed devices Grabs ARP and IP tables and crawls network
Discovery Stages Initial Probing Sends an initial ICMP and/or SNMP request to identify the system. Processing Get components, IP addresses, VLAN memberships, resources, IP networks, netmasks, and neighboring devices. Topology is created Post Processing Creates Layer 2 (Physical MAC Address) and Layer 3 (Logical IPv4 and IPv6) connectivity between the devices in the topology. Port Stitching
Initial Probing Stage ICMP Ping and/or SNMP Get (v2 by default) ICMP ping first SNMP Get request If no response device added to pending If SNMPv2c fails -> SNMPv1
SNMP GetRequest The OID s are registered under the 1.3.6.1.2.1.1 namespace, which define common MIB variables Version of SNMP being used Community String Type of SNMP request Request for sysdescr object If this fails it goes to pending mgmt - if success goes to queue to get processed. Request for sysobjectid Request for syscontact Request for sysname Request for syslocation
SNMP Get Response sysdescr sysobjectid (Catalyst 4506) syscontact sysname syslocation
Processing Stage Matches sysobjectid = OID in oid2type config files found C:\Program Files\System Center Operations Manager 2012\Server\NetworkMonitoring\conf\ Gets details on components, IP addresses, VLAN memberships, resources, IP networks, netmasks, and neighboring devices. Identify device type (Switch, Router, Hub, etc.), vendor, model, certification level What discovery probes to use, what classes to use to monitor Levels of Certification Certified - has been successfully tested using standard and proprietary MIBs supplied by the vendor. Generic - The OID is unknown, only the availability of the device will be monitored.
Post Processing Stage Creates Layer 2 and Layer 3 connectivity between the devices in the topology. "Port Stitching" - Mapping IP and MAC access points retrieved from the ARP cache to the appropriate devices. Removes MAC access points that do not belong to devices in the topology A MAC Access Point is the interface to which a device on an IP network connects Creates network connections to represent WAN, or logical connections Creates connections based on discovery protocols
Demo - Discovery
Discovery Events 12002 Full Discovery started for 1 request(s) 12121 Topology cleared successfully 12127 Proceeding to discover seed: <IP Address> 12003 Probing <IP Address> 12004 Probing completed for <IP Address> 12005 PostProcessing started 12007 PostProcessing completed 12014 No devices found in filtered list after discovery 12008 Discovery completed 12023 Start processing connections to computers 12024 Finished processing connections to computers 12021 <IP Address> discovered successfully
Network Device Monitoring
General Information Support Resource Pools for High Availability Monitoring. Network devices discovered as base class: System.NetworkManagement.Node Only certain ports will be monitored by default Ports connecting two network devices to each other Ports to which a managed server is connected
Basic Resource Pool Best Practices Perfect Failure 2 MS s + Observer or 3 MS s (no observer) Pools use Default observer: Disable for > 2 MS s For large implementations consider setting default pools to manual HKLM\SYSTEM\CurrentControlSet\Services\HealthService\Parameters\Poo Manager\ DWORD PoolLeaseRequestPeriodSeconds DWORD PoolNetworkLatencySeconds
Demo Setting AMSRP to Manual
Monitors and Rules: All Devices Monitor Name ICMP Ping Description Uses ICMP to determine whether the monitored network device is available SNMP Ping Uses SNMP to determine whether the monitored network device is available Rule Name Internal Network Management Node Discovery data collector Enabled by default Yes Description Internal rule for collecting discovery data on nodes for network management discovery ICMP Ping Response Time Yes Collects the time it takes a network device to respond to an ICMP Ping Trap Received (warm start) Yes Creates event for SNMP warm start trap when received from network device Internal Network Management Discovery Trap rediscovery No Internal rule to initiate discovery via trap requests Trap received (cold start) Yes Creates an event for the SNMP ColdStart trap when received from a network device
What s Monitored: Certified Devices Port/Interface Up/Down (operational & admin status) Volumes of inbound/outbound traffic % Utilization Discards, Drops, Errors Processor % Utilization Memory In depth memory counters (Cisco Only) Free memory
What s Monitored: Certified Devices. Connection Health Based on looking at both ends of a connection VLAN Health Based on health state of switches in VLAN HSRP Group Based on health state of individual HSRP end points
Certified Device Monitoring Example Monitor Name Target Description Free Memory (Cisco) Memory (Cisco) Monitors the level of free memory on this device Memory Pool Fragmentation (Cisco) Memory (Cisco) Monitors the level of memory fragmentation in the memory pool Processor Utilization (Cisco) Processor (Cisco) Monitors the level of processor utilization on this device Rule Name Target Description Memory (Cisco) Largest Free Buffer Percentage (Cisco) Collects the size of the largest number of contiguous bytes from the memory pool that are currently unused, expressed as a percentage of the free memory in the memory pool. Memory Pool Free Memory Percentage (Cisco) Memory (Cisco) Collects the percentage of free memory remaining on the device remaining on the device Processor Utilization (Cisco) Processor (Cisco) Collects the current processor utilization
Monitor properties
Visualization (Dashboards) Network Summary Network Node Network Interface Vicinity
Reporting Memory Utilization Processor Utilization Port Traffic Volume Port Error Analysis Port Packet Analysis
Network Summary Dashboard
Network Node Dashboard
DEMO Dashboards/Reports
Common Issues
Common Issues you may encounter Duplicate device entries: Bug 461671. Fix in next UR. Delete duplicate device. Ensure the discovery for that particular device hasn t been removed. Discovery of V2 device cannot receive V1 traps. Configure device to send V2 traps or create trap rule/monitor, export, then modify the MP SNMP suffix on load balancing device Virtual community suffix
Troubleshooting What do I do now?
Please don t forget your evaluations Email: philbr@microsoft.com christm@microsoft.com Need more information on DMVMUG Visit www.dmvmug.com QUESTIONS?