Network Management
The University of New Mexico
Network management is the process of controlling a complex data network to maximize its efficiency and productivity The overall goal of network management is to help with the complexity of a data network and to ensure that data can go across it with maximum efficiency and transparency to the users
Copyright 1997, The University of New Mexico
H-1
�Network Management
The University of New Mexico
The International Organization for Standardization (ISO) Network Management Forum divided network management into five functional areas:
Fault Management Configuration Management Security Management Performance Management Accounting Management
Copyright 1997, The University of New Mexico
H-2
�Fault Management
The University of New Mexico
Is the process of locating problems, or faults, on the data network It involves the following steps:
Discover the problem Isolate the problem Fix the problem (if possible)
Copyright 1997, The University of New Mexico
H-3
�Configuration Management
The University of New Mexico
The configuration of certain network devices controls the behavior of the data network Configuration management is the process of finding and setting up (configuring) these critical devices
Copyright 1997, The University of New Mexico
H-4
�Security Management
The University of New Mexico
Is the process of controlling access to information on the data network Provides a way to monitor access points and records information on a periodic basis Provides audit trails and sounds alarms for security breaches
Copyright 1997, The University of New Mexico
H-5
�Performance Management
The University of New Mexico
Involves measuring the performance of the network hardware, software, and media Examples of measured activities are:
Overall throughput Percentage utilization Error rates Response time
Copyright 1997, The University of New Mexico
H-6
�Accounting Management
The University of New Mexico
Involves tracking individuals utilization and grouping of network resources to ensure that users have sufficient resources Involves granting or removing permission for access to the network
Copyright 1997, The University of New Mexico
H-7
�Network Management Protocols
The University of New Mexico
A simple protocol defines common data formats and parameters and allows for easy retrieval of information A complex protocol adds some change capability and security An advanced protocol remotely executes network management tasks, is independent of the network protocol layer
Copyright 1997, The University of New Mexico H-8
�Network Management Protocols
The University of New Mexico
So where is technology today?
The most common protocols are:
SNMP (Simple Network Management Protocol) SNMPv2 (SNMP version 2) CMIS/CMIP (Common Management Information Services/Common Management Information Protocol)
Copyright 1997, The University of New Mexico
H-9
�Network Management Protocols
The University of New Mexico
SNMP is beyond the simple protocol with adequate monitoring capabilities and some change capabilities SNMPv2 greatly enhances the SNMP feature set CMIS/CMIP approaches the advanced tool, but implementation issues have limited its use
Copyright 1997, The University of New Mexico
H-10
�SNMP
The University of New Mexico
At the end of the 80s, a solution was chosen called the Internet-standard Network Management Framework. This was a set of three documents defining:
A set of rules for describing management information An initial set of managed objects A protocol used to exchange management information
Copyright 1997, The University of New Mexico
H-11
�SNMP
The University of New Mexico
The SNMP protocol was a mere 36 pages within these documents The framework could be extended by defining new managed objects, but changes to the description rules or the protocol werent allowed. Today, there are literally hundreds of SNMPcapable products and thousands of managed object definitions.
Copyright 1997, The University of New Mexico H-12
�SNMP
The University of New Mexico
The work on SNMP security was completed in early 1992 The security features introduced authentication, authorization, and privacy Unfortunately, this required a changed in the SNMP protocol which became SNMPv2
Copyright 1997, The University of New Mexico
H-13
�SNMP
The University of New Mexico
A group was formed and their efforts were complete in early 1993 There are 12 documents describing SNMPv2 There are 3 basic commands that are used with SNMP:
Get Set Get Next
Copyright 1997, The University of New Mexico H-14
�SNMP
The University of New Mexico
Authorization and authentication relies on a SNMP community string The community string(s) can be read-only or readwrite The default community strings are:
public (read-only) private (read-write)
Community strings are case sensitive
Copyright 1997, The University of New Mexico H-15
�SNMP
The University of New Mexico
There are two approaches for the management system to obtain information from SNMP
Traps Polling
Copyright 1997, The University of New Mexico
H-16
�SNMP Traps
The University of New Mexico
When an event happens on a network device a trap is sent to the network management system A trap will contain:
Network device name Time the event happened Type of event
Copyright 1997, The University of New Mexico
H-17
�SNMP Traps
The University of New Mexico
Resources are required on the network device to generate a trap When a lot of events occur,the network bandwidth may be tied up with traps
Thresholds can be used to help
Because the network device has a limited view, it is possible the management system has already received the information and the trap is redundant
H-18
Copyright 1997, The University of New Mexico
�SNMP Polling
The University of New Mexico
The network management system periodically queries the network device for information The advantage is the network management system is in control and knows the big picture The disadvantage is the amount of delay from when an event occurs to when its noticed
Short interval, network bandwidth is wasted Long interval, response to events is too slow
Copyright 1997, The University of New Mexico H-19
�SNMP Traps/Polling
The University of New Mexico
When an event occurs, the network device generates a simple trap The management system then polls the network device to get the necessary information The management system also does low frequency polling as a backup to the trap
Copyright 1997, The University of New Mexico
H-20
�SNMP MIBS
The University of New Mexico
Management Information Base (MIB) is a collection of related managed objects Used to define what information you can get back from the network device There are standard and enterprise specific MIBS
Copyright 1997, The University of New Mexico
H-21
�SNMP MIBS
The University of New Mexico
Types of MIB Modules
Standard: These are the standard MIBS currently designed to capture the core aspects of the particular technology Experimental: Temporary and if achieves standardization then it is placed in the standard module Enterprise-specific: Vendor specific MIBS that provide additional management capabilities for those features that require it
H-22
Copyright 1997, The University of New Mexico
�SNMP MIB Tools
The University of New Mexico
A MIB compiler A MIB browser A MIB alias tool A MIB query tool
Copyright 1997, The University of New Mexico
H-23
�CIMS/CIMP
The University of New Mexico
The OSI framework is an object-oriented paradigm
Objects have attributes, generate events, and perform actions Objects are scoped by numerous hierarchies for the purpose of inheritance or containment
Although the OSI model sounds neat, it is much more complicated and is not very common
Copyright 1997, The University of New Mexico
H-24
�Network Management Protocols
The University of New Mexico
These protocols do not state how to accomplish the goals of network management They give methods to monitor and configure network devices The challenge to analyze the information in an effective manner rests with software engineers who write network management applications
Copyright 1997, The University of New Mexico
H-25
�Network Management Platform
The University of New Mexico
Historically, network management revolved around multiple systems, each managing one specific set of components on the data network Restrictions of money, physical space, and technical expertise led to the desire to have the components managed by a single system that would show their interconnections on a network map
Copyright 1997, The University of New Mexico H-26
�Network Management Platform
The University of New Mexico
A network management platform is a software package that provides the basic functionality of network management for different network components The goal for the platform is to provide generic functionality for managing a variety of network devices
Copyright 1997, The University of New Mexico
H-27
�Network Management Platform
The University of New Mexico
Basic features for any platform to include are:
Graphical User Interface (GUI) Network Map Database Management System (DBMS) Standard Method to Query Devices Customizable Menu System Event Log
Copyright 1997, The University of New Mexico
H-28
�Network Management Platform
The University of New Mexico
Additional features for a platform include:
Graphing Tools Application Programming Interface (API) System Security
Copyright 1997, The University of New Mexico
H-29
�Network Management Platform
The University of New Mexico
Management Platforms that exist today
Suns SunNet Manager HPs OpenView IBMs Netview for AIX Cabletrons Spectrum
Copyright 1997, The University of New Mexico
H-30
�The University of New Mexico
Network Management Architectures
The Network Management Platform can use various architectures to provide functionality The 3 most common are:
Centralized Hierarchical Distributed
Copyright 1997, The University of New Mexico
H-31
�Centralized Architecture
The University of New Mexico
The Network Management Platform resides on a single computer system For full redundancy, the computer system is backed up by another system Can allow access and forward events to other consoles on network
Copyright 1997, The University of New Mexico
H-32
�Centralized Architecture
The University of New Mexico
Used for:
All network alerts & events All network information Access all management applications
Copyright 1997, The University of New Mexico
H-33
�Centralized Architecture
The University of New Mexico
Pros:
Single location to view events & alerts Single place to access network management applications and information Security is easier to maintain
Copyright 1997, The University of New Mexico
H-34
�Centralized Architecture
The University of New Mexico
Cons:
Single system is not redundant or fault tolerant As network elements are added, may be difficult or expensive to scale system to handle load Having to query all devices from a single location
Copyright 1997, The University of New Mexico
H-35
�Hierarchical Architecture
The University of New Mexico
Uses multiple computer systems
One system acting as the central server Other systems working as clients
Central server requires backups for redundancy
Copyright 1997, The University of New Mexico
H-36
�Hierarchical Architecture
The University of New Mexico
Key features:
Not dependent on a single system Distribution of network management tasks Network monitoring distributed throughout network Centralized information storage
Copyright 1997, The University of New Mexico
H-37
�Hierarchical Architecture
The University of New Mexico
Pros:
Multiple systems to manage the network
Cons:
Information gathering is more difficult and time consuming The list of managed devices managed by each client needs to be predetermined and manually configured
Copyright 1997, The University of New Mexico
H-38
�Distributed Architecture
The University of New Mexico
Combines the centralized and hierarchical architectures Uses multiple peer network management systems
Each peer can have a complete database Each peer can perform various tasks and report back to a central system
Copyright 1997, The University of New Mexico
H-39
�Distributed Architecture
The University of New Mexico
Contains advantages from central & hierarchical architectures
Single location for all network information, alerts & events Single location to access all management applications Not dependent on a single system Distribution of network management tasks Distribution of network monitoring throughout the network
Copyright 1997, The University of New Mexico H-40
�The University of New Mexico
Network Management Applications
Goals
Effectively manage a specific set of devices Avoid functionality overlap with the platform Integrate with a platform through the API and menu system Reside on multiple platforms
Applications do not share information
Copyright 1997, The University of New Mexico
H-41
�The University of New Mexico
Network Management Applications
Applications that exist today
BayNetworks Optivity Ciscos CiscoWorks 3Coms Transcend
Copyright 1997, The University of New Mexico
H-42
�The University of New Mexico
Choosing a Network Management System
Built from two major components: the Platform and Applications A practical approach follows these steps:
Perform device inventory Prioritize the functional areas of network management Survey network management applications Choose the network management platform
Copyright 1997, The University of New Mexico
H-43
�Other Topics
The University of New Mexico
Sniffers RMON Network Statistics
Copyright 1997, The University of New Mexico
H-44
�RMON
The University of New Mexico
Remote monitoring MIB
Agents Probes
There are 9 groups of RMON
Statistics, History, Alarm, Host, HostTopN, Matrix, Filter, Packet Capture, and Event
Standardized to only operate on Ethernet segments
Copyright 1997, The University of New Mexico
H-45
�RMON Goals
The University of New Mexico
Offline operation Preemptive monitoring Problem detection and reporting Value-added data Multiple managers
Copyright 1997, The University of New Mexico
H-46
�RMON Statistics Group
The University of New Mexico
Contains objects that are measured for each Ethernet interface on the device Provides data for multiple segments simultaneously Used for fault, configuration, and performance management
Copyright 1997, The University of New Mexico
H-47
�RMON History Group
The University of New Mexico
Enables periodic statistical samples and stores them at the probe for later retrieval and analysis Configurable as to what to monitor and how often to take the snapshot Useful for accomplishing performance management
Copyright 1997, The University of New Mexico
H-48
�RMON Alarm Group
The University of New Mexico
Useful for accomplishing performance management Defines thresholds for a MIB object over a duration of time
Copyright 1997, The University of New Mexico
H-49
�RMON Host Group
The University of New Mexico
Contains objects associated with each host known on the network segment where the probe is located Discovers hosts by keeping track of source and destination addresses Useful for configuration, performance, and accounting management
Copyright 1997, The University of New Mexico
H-50
�RMON HostTopN
The University of New Mexico
Uses objects in the Host Group to prepare reports on a set of hosts over a given period of time Reports are based on a base statistic specified by the network management system
Copyright 1997, The University of New Mexico
H-51
�RMON Matrix Group
The University of New Mexico
Contains tables of objects that keep statistics on the number of packets, bytes, and errors sent between two addresses Help determine traffic patters on a segment Useful for performance, security, and accounting management
Copyright 1997, The University of New Mexico
H-52
�RMON Filter Group
The University of New Mexico
Used to configure the probe to look for specific packets on the segment Useful in fault and security management RMON Packet Capture Group
Used to set up a buffering scheme for packets from the filter group
Copyright 1997, The University of New Mexico
H-53
�RMON Event Group
The University of New Mexico
Allows you to define events for the probe Can create a log entry or send a SMTP trap Helps eliminate the need for the network management system to periodically poll network devices to discover faults Useful for fault, performance, and security management
Copyright 1997, The University of New Mexico
H-54
�RMON
The University of New Mexico
RMON is not enough RMON 2 is a different standard than RMON 1 - it is not a superset
Shows how traffic flows on a network Shows what applications are being used
RMON probes should be used for segment visibility RMON 2 probes should be used on backbones
Copyright 1997, The University of New Mexico H-55
�Network Statistics
The University of New Mexico
Baseline Trouble shooting Capacity planning for the future Reports
Copyright 1997, The University of New Mexico
H-56
