DAV C03©LAM 2005

1

Network Management

Text Book:

Computer Networking: A Top Down Approach Featuring the Internet3rd edition, by Jim Kurose and Keith Ross, Addison-Wesley

these slides are based on USP Network Management slides from Schweitzer, Gabos, Redigolo and Carvalho and some were based on Kurose and Ross

DAV C03©LAM 2005

2

Network Management

• What is network management?• but first what is management?

(from an engineer point of view, of course!)

DAV C03©LAM 2005

3

Illustrating Network Management*

S3 S4

S1

S2

Internet

H2

H3

H4

H1

X

hmmm.... failed!

network load

is ok here!interface is

overloaded!

*a first approach!

DAV C03©LAM 2005

4

What is Network Management ?

"Network management includes the deployment, integration

and coordination of the hardware, software, and human

elements to monitor, test, poll, configure, analyze, evaluate,

and control the network and element resources to meet the

real-time, operational performance, and QoS requirements

at a reasonable cost"

DAV C03©LAM 2005

5

Network Management Goals

• Optimal performance from all enterprise resources

• Set standards and action plans• guarantee the quality level of services provided

DAV C03©LAM 2005

6

The Management Pyramid

FR

Network ElementsNetwork Elements

Network Elements Network Elements

ManagementManagement

Network ManagementNetwork Management

Service ManagementService Management

Business ManagementBusiness Management

802.3

PDH

802.11

SDH

ATM

DAV C03©LAM 2005

7

Network Management

• WHY is Network Management needed after all?• log network events

• knowledge of the network topology/configuration parameters

• changing network configuration parameters

• monitor the network security

• verify the demand for network resources

• define thresholds for alarm triggers

• detect, diagnose and prevent faults

• monitor and control the network performance

DAV C03©LAM 2005

8

Network Management “standard”/best

practice

• Network Management Network OAM&P

• Operations

• Administration

• Maintenance

• Provisioning

DAV C03©LAM 2005

9

Network Management

Network Management

Provisioning Operations Maintenance

Planning

Network Layout

Fault Management / Net. Recovery Fault ManagementConfiguration ManagementPerformance ManagementSecurity ManagementAccounting ManagementReport ManagementInventory ManagementData Analysis and Routing

Trouble Tickets

Management

Deployment

Repairs

Maintenance

Tests

DAV C03©LAM 2005

10

Management Functional Areas

• FCAPS – ISO telecom net mgmt model/framework

• Fault Management

• Configuration Management

• Accounting Management

• Performance Management

• Security Management

DAV C03©LAM 2005

11

Fault Management

• guarantee the continuous network operation

• detect, identify, isolate and log problems

• run network diagnose tests, investigate fault reasons and start

fixing it

• acknowledge and log the arrival of event reports

DAV C03©LAM 2005

12

Configuration Management

• manage the system life cycle and its configuration

• identify hardware and software components from the systemand define an appropriate level of control for each one

• monitor each component and document all significant changes

keep a history of the status of each network component

• change the system’s configuration in order to alleviate networkcongestions, isolate faults or to conform with new demandsfrom network users

DAV C03©LAM 2005

13

Accounting Management

• control the usage of network resources

• define costs and fees for usage of network resources

inform the resulting costs to the network user

• define and/or authorize limits for bandwidth consumption

DAV C03©LAM 2005

14

Performance Management

• monitor and control the daily network operation

transmission rates

devices and active services status

traffic flow

network delay, etc

• pinpoint overloaded links and identify risk situations

• keep an history of the network conditions for late

analysis

DAV C03©LAM 2005

15

Security Management

• manage the mechanisms and procedures that provide security

to the network resources

• keep and handle the security logs

• maintenance of the security policy

DAV C03©LAM 2005

16

SLA

• Service Level Agreement• specific performance metrics

• acceptable levels of network provider performance

according to the those metrics, e.g.:

service availability

latency

throughput

outage notification

DAV C03©LAM 2005

17

General Network Management System

• Managed devices (and managed objects)

• Information databases (aka MIB)

• Management entities

Agents running on every managed device

Managers running on a NOC

• Protocol for (management) information exchange

• API (Application Programming Interface)

• User interface

DAV C03©LAM 2005

18

Network Management Operation

• Network managing entity (manager) collect information from the network managed entities (agents)

network managed entities include: routers, host, servers, etc.

• MIB (Management Information Base)define the entries (objects) that are kept by a network managed entity

DAV C03©LAM 2005

19

Open Architectures for Management

• OSI architecture (ISO)

Open System Interconnection

• SNMP (IETF) architecture

Simple Network Management Protocol

• TMN architecture (ITU-T)

Telecommunication Management Network

• Web Management architectures

DAV C03©LAM 2005

20

OSI Management Model

• The OSI management model defines

management infrastructure

management components

the presentation of management information

services and protocols for exchanging management info.

DAV C03©LAM 2005

21

OSI Management Environment

• Components

MANAGER MANAGER MANAGERCMIP CMIP

AGENT

AGENT AGENT

AGENT

CMIP

CMIP CMIP

CMIP

managed

objects

managed

objectsmanaged

objects

managed

objects

CMIP = Common Management Information Protocol

DAV C03©LAM 2005

22

OSI Management Infrastructure

• Systems Management support function on every layer

MIB - Management Information Base SMAE - System Management Application Entity

CMIP - Common Management Information Protocol LME - Layer Management Entity

CMIP

Manager Agent

SMAELMELMELMELMELMELMELME

SMAELMELMELMELMELMELMELME

APPLICATIONPRESENT.SESSION

NETWORKDATA LINK

PHY

TRANSPORT

MIBAPPLICATIONPRESENT.SESSION

NETWORKDATA LINK

PHY

TRANSPORT

MIB

DAV C03©LAM 2005

23

OSI Management Infrastructure

• Layered Management

management of resources related with a single layer

the layered management protocol is independent from management protocols from

other layers

• Layered Operations

restricted to a single communication instance in one layer

nth layerlayer nth

management protocolnth layer

DAV C03©LAM 2005

24

IETF Network Management

Framework

related to section 8.3 from the textbook (but a far more deep approach here!!!)slides from Schweitzer, Gabos, Redigolo and Carvalho

Computer Networking: A Top Down Approach Featuring the Internet2nd edition, by Jim Kurose and Keith Ross, Addison-Wesley, 2002

DAV C03©LAM 2005

25

SNMP Overview

• SNMP (Simple Network Management Protocol)• designed for managing Internet nodes.

• Internet-Standard Management

any network running TCP/IP can be managed with SNMP

• SNMP was a quickly designed and deployed

network management was clearly needed

OSI management was not completed – SNMP was an intermediary step

• SNMP is the de facto network management standard

new versions were released: SNMPv2 and SNMPv3 (1999)

DAV C03©LAM 2005

26

SNMP Architecture

• Managing stations - managers• run a management application that monitor and control the net.

• Managed hosts - agents• devices that hosts management agents

receive requests from managers and reply them

execute commands received from managers

give information about objects

• SNMP protocol• communication protocol for transporting management information

between a manager and an agent

DAV C03©LAM 2005

27

Network Management System (NMS)

SNMPManager

SNMPAgent

SNMPAgent

NetworkDevice

SNMPAgent

NetworkDevice

SNMPManager

SNMPAgent

behaving as a manager and as an agent

SNMP SNMP

SNMP

DAV C03©LAM 2005

28

SNMP Architecture Elements

• Management Information Base (MIB):• distributed information store of network management data

• definitions of network management objects

• Structure of Management Information (SMI):• data definition language for MIB objects (e.g. data types)

• SNMP protocol• data communication protocol between agents and managers

• exchanged messages / commands

DAV C03©LAM 2005

29

SNMP Protocol

• Management information can be obtained in two-ways:

agent data

Managed device

manager

response

agent data

Managed device

manager

trap msgrequest

request/response mode trap mode

DAV C03©LAM 2005

30

SNMP (SNMPv1)

• 5 SNMPv1 messages were defined:• get-request manager agent

• get-next-request manager agent

• set-request manager agent

• response agent manager

• trap agent manager

DAV C03©LAM 2005

31

SNMP Message

• SNMP message Header + PDU

• Header• Version Number

• Community Name

weak form of authentication

HEADER SNMP PDU

Version

NumberCommunity Name

DAV C03©LAM 2005

32

SNMP PDU (protocol data unit)

• SNMP Get/Set/Response Messages

• SNMP Trap Messages

ObjectsPDU

Type

Request

ID

Error

Status

Error

Index

PDU

TypeEnterprise

Agent

Address

Trap

TypeObjects

Specific

Trap CodeTimestamp

Get/Set/Response header

Trap header Trap info

objects to get/set

response

PDU only

DAV C03©LAM 2005

33

SNMPv2

• SNMPv1 vs. OSI• CMOT (CMIP running over TCP/IP)

• SNMP as CMIP (mgr to mgr)

• SNMP was the de-facto standard• SNMP modules included in systems and network devices

• but SNMPv1 needed to be improvedSNMPv2 was designed (1993)

DAV C03©LAM 2005

34

SNMPv2

• Manager-to-Manager messages were included

• SMI (Structure of Management Information) was included

• Agreements for textual descriptions

• SNMP conformity aspects

• Inheritance Tables MIB Inheritance

• Port Mapping for transport protocol

UDP (RFC1906)port 161

port 162 (trap messages)UDP

SNMP

DAV C03©LAM 2005

35

SNMPv2 Messages

GetRequestGetNextRequestGetBulkRequest

Manager to Agent:“get me data” (instance,next in list, block)

Message type Function

InformRequest Manager-to-Manager:here’s MIB value

SetRequest Manager to Agent:set MIB value

Response Agent to Manager:value, response to Request

Trap Agent to Manager:inform manager of exceptional event

DAV C03©LAM 2005

36

Management in a SNMP Network

PHY Medium

SNMP Manager SNMP Agent

ManagerDatabase

PHYDLIP

UDPSNMP

Get

Req

uest

Get

Nex

tReq

u est

Set

Req

uest

Res

p ons

e

Tra

p

SNMP Manager App

Get

Req

uest

Get

Nex

tReq

u est

Set

Req

uest

Res

p ons

e

Tra

p

SNMP Agent App

PHYDLIP

UDPSNMP

AgentDatabase

SNMPMessages

DAV C03©LAM 2005

37

Going beyond SNMPv2: SNMPv3

• SNMPv1 and SNMPv2 no security at all!

• SNMPv3 was designed to improve security (1999)• security infrastructure for all 3 SNMP versions

• + modularity for documentation and architecture (“views”)

• + coexistence of all 3 protocols in a single managing entity

• + explicitly definition of services and application primitives• several messages types were formalized

• command generators/responder, notification originator/receiver,proxy forwarder

DAV C03©LAM 2005

38

SNMPv3

• Data Encryption DES

• Authentication HMAC• keyed-hash function of the encrypted message

• Protection against Replay attacks• nonce / “cookie”

• View-based Access Control Model (VACM)• RFC2575 database of access rights & policies for users

Local Configuration Datastore (LCD)

database is a managed object itself

DAV C03©LAM 2005

39

Some SNMPv3 standards

• Some SNMPv3 RFC:• RFC 2271 – SNMP management frameworks architecture

• RFC 2272 – message processing and dispatching

• RFC 2273 – SNMPv3 applications

• RFC 2274 – user based security model

UserID and Password

• RFC 2275 – access control

DAV C03©LAM 2005

40

Management Information Base (MIB)

• Every agent has a local database• keep the current status of the device parameters MIB

• manager monitors agents through the information stored in MIB

• MIB stores data objects

• IETF MIB standards:• RFC1212 MIB-I specification

• RFC1213 MIB-II specification

• both MIB-I and MIB-II can be implemented in SNMPv1

DAV C03©LAM 2005

41

Network Management System (NMS)

SNMPManager

SNMPAgent

SNMPAgent

NetworkDevice

SNMPAgent

NetworkDevice

SNMPManager

SNMPAgent

behaving as a manager and as an agent

SNMP SNMP

SNMP

MIB MIB

MIBMIB

objects defined with SMI OBJECT-TYPE

DAV C03©LAM 2005

42

SNMP Naming

• HOW TO name and identify objects?• every possible standard object in every possible network standard

IETF adopted the ISO Object Identifier tree:• hierarchical naming of all objects

• each branch point has name & number

DAV C03©LAM 2005

43

www.alves

tran

d.no

/harald/ob

jectid/to

p.html

OSI Object Identifier Tree

DAV C03©LAM 2005

44

OSI Object Identifier

1.3.6.1.2.1.7.1

ISOISO-ident. Org.

US DoDInternet

udpInDatagramsUDPMIB2management

1.3.6.1.4.1.20067

ISOISO-ident. Org.

US DoDInternet

Karlstad Universityenterprises anduniversities codesprivate

http://www.iana.org/assignments/enterprise-numbers

DAV C03©LAM 2005

45

MIB-I and MIB-II

• MIB-Iname (OBJECT DESCRIPTOR), syntax (ASN.1) and encoding (BER)

• MIB-IImib-2 OBJECT IDENTIFIER ::= {mgmt 1}

– extra attribute for the status of the managed object

– System, interfaces, ip, tcp, udp, etc

DAV C03©LAM 2005

46

SMI

• Structure of Management Information• language to define management information residing in a

managed network entity

• well-defined and unambiguous syntax and semantics of data

• RFC2578 defines 11 basic data types:

INTEGERInteger32Unsigned32OCTET STRINGOBJECT IDENTIFIER

IPaddressCounter32Counter64Guage32Time TicksOpaque

ASN.1ASN.1

ASN.1

ASN.1

DAV C03©LAM 2005

47

SMI

• OBJECT-TYPE• RFC2570 - specify data type, status and semantics

SYNTAX – data typeMAX-ACCESS – R/W/C STATUS – object definition (current/obsolete/deprecated)DESCRIPTION – textual definition of the object

OBJECT-TYPE

ipForwarding OBJECT-TYPE

SYNTAX INTEGER { forwarding(1), -- acting as a router

notForwarding(2) -- NOT acting as a router }

MAX-ACCESS read-write

STATUS current

DESCRIPTION "The indication of whether this entity is acting as an

IP router in respect to the forwarding of… "

::= { ip 1 }

DAV C03©LAM 2005

48

SMI

• MODULE-IDENTITY• related MIB objects can be grouped together in a MIB module

• MIB modules are specified via SMI

RFC2011 MIB modules that defines managed objects for IP and ICMP

RFC2012 MIB module for TCP

RFC2013 MIB module for UDP

RFC2021 MIB module for RMON (remote monitoring)

• contains:

OBJECT-TYPE definitions of the managed objects

clauses to document contact information, date of last update, revision

history, textual description of the module.

DAV C03©LAM 2005

49

SMI

tcpMIB MODULE-IDENTITY

LAST-UPDATED "9411010000Z"

ORGANIZATION "IETF SNMPv2 Working Group“

CONTACT-INFO "

Keith McCloghrie

Postal: Cisco Systems, Inc.

170 West Tasman Drive

San Jose, CA 95134-1706

US

Phone: +1 408 526 5260

Email: kzm@cisco.com“

DESCRIPTION "The MIB module for managing TCP implementations.“

REVISION "9103310000Z“

DESCRIPTION "The initial revision of this MIB module was part of MIB- II.“

::= { mib-2 49 }

DAV C03©LAM 2005

50

MIB and SMI

OBJECT TYPE:

OBJECT TYPE:OBJECT TYPE:

objects specified via SMI

OBJECT-TYPE construct

SMI

MODULE-IDENTITY

MODULE

DAV C03©LAM 2005

51

MIB example: UDP module

Object ID Name Type Comments

1.3.6.1.2.1.7.1 udpInDatagrams Counter32 total # datagrams delivered at this node

1.3.6.1.2.1.7.2 udpNoPorts Counter32 # underliverable datagrams - no app at port

1.3.6.1.2.1.7.3 udpInErrors Counter32 # undeliverable datagrams all other reasons

1.3.6.1.2.1.7.4 udpOutDatagrams Counter32 # datagrams sent

1.3.6.1.2.1.7.5 udpTable SEQUENCE one entry for each port in use by app, gives port

# and IP address

::= { udp 3 }

::= { udp 1 }

::= { udp 2 }

::= { udp 4 }

::= { udp 5}

DAV C03©LAM 2005

52

SNMP Management: RMON

• SNMP success

increasing # of managed entities & components

• SNMPv1 introduced the remote network management

controlled from a NOC – Network Operation Center

• Remote monitoring

probes placed in several network segments

DAV C03©LAM 2005

53

RMON

• Remote Network Monitoring– added to SNMP expands the SNMP scope

– specifies a remote monitoring MIB included in MIB II

– each RMON device monitor a network segment and analyzes it.

S2 S4

S1

H2

H1

DAV C03©LAM 2005

54

Why RMON?

• network management traffic is reduced

• # of active agents needed in a network is reduced

• network segments can be monitored continuously

better statistical results better network control

• faults can be quickly diagnosed and logged

Productivity is increased

DAV C03©LAM 2005

55

ASN.1Abstract Syntax Notation 1

related to section 9.4 from the textbook

Computer Networking: A Top Down Approach Featuring the Internet2nd edition, by Jim Kurose and Keith Ross, Addison-Wesley, 2002

DAV C03©LAM 2005

56

The Presentation Problem

• in a computer network it is usual to have several different:

computer architectures

OS, compilers, etc…

• so… how are data exchanged between different systems?

maybe perfect memory-to-memory copy?

DAV C03©LAM 2005

57

Perfect Memory-to-Memory Copystruct {

char c;int i;

} test;

test.c

test.i

Big Endian

SUN SPARC, Motorola

a

0000 0001

0000 0011

memoryaddressing

Little Endian

INTELDEC/Compaq Alpha

a

0000 0011

0000 0001

memoryaddressing

test.c = ‘a’;test.i = 259;

DAV C03©LAM 2005

58

Perfect Memory-to-Memory Copy

• another example: Intel 80x86 (32bit word) memory dump

char c1 = 1char c2 = 2short s = 255 //0x00FFlong l = 0x44332211

memoryaddressing

1

11

2

22

FF

33

00

44

DAV C03©LAM 2005

59

A Real Life Analogy

Computer Networking: A Top Down Approach Featuring the Internet

2nd edition, by Jim Kurose and Keith Ross, Addison-Wesley, 2002

DAV C03©LAM 2005

60

Some Potential Solutions

1st option sender learns receiver’s format

sender translates into receiver’s format

sender sends

2nd option sender sends

receiver learns sender’s format

receiver translate into receiver-local format

3rd option sender translates host-independent format

sends

receiver translates to receiver-local format

DAV C03©LAM 2005

61

Solving the presentation problem

1st step translate local-host format to host-independent format

2nd step transmit data in host-independent format

3rd step translate host-independent format to remote-host format

aging 60’s hippie today’s

teenagergrandmother

DAV C03©LAM 2005

62

ASN.1

• Abstract Syntax Notation 1• presentation service data definition language

defines data types and object constructors

• ISO standard X.680

• used extensively in Internet

• Basic Encoding Rules (BER)• specify how ASN.1-defined data objects are transmitted

• each transmitted object has Type, Length, Value (TLV) encoding

DAV C03©LAM 2005

63

TLV Encoding

• Transmitted data identify itself• T data type, one of ASN.1-defined types

• L length of data in bytes

• V value of data, encoded according to ASN.1 standard

1234569

BooleanIntegerBitstringOctet stringNullObject IdentifierReal

Tag Type

DAV C03©LAM 2005

64

TLV

encoding

Value = 5 octets (chars)Length = 5 bytesType = 4 octet string

Value = 259Length = 2 bytesType = 2 integer

DAV C03©LAM 2005

65

Network Management Systems

slides from Schweitzer, Gabos, Redigolo and Carvalho

DAV C03©LAM 2005

66

Management Products

• 2 flavors of network management products:

standalone management applications

management platforms

DAV C03©LAM 2005

67

Standalone Applications

• usually designed to run on windows platforms

• no interoperability with management tools from other vendors

• main tasks

device testing

protocol analyzers

Internet tools

• GUI for one vendor only

some tasks can be executed using a GUI

i.e. enabling/disabling ports

DAV C03©LAM 2005

68

Standalone Applications

• devices from other vendors can be managed sometimes

if possible no graphic interface

MIB are manipulated directly

some standalone management applications:

3Com Transcend

Cisco CiscoWorks

IBM Nways

Novell ZENWorks

DAV C03©LAM 2005

69

Management Platforms

•• management all the management all the way from backbone way from backbone to desktopto desktop

•• scalable solutionsscalable solutions

•• propro--active active management toolsmanagement tools

managementplatforms

modules for the

management platform

Agents

NOVELL

ManagementApplications

source: 3Com

DAV C03©LAM 2005

70

Management Platforms

• usually for Unix/Windows NT platforms

• goal is to provide both network and systems management

• on top of the manag. platform are added additional modules

manag. platforms usually have an API to integrate these modules

framework

software for specific devices or functionalities that can aggregate new

features to the system

DAV C03©LAM 2005

71

Management Platforms

• GUI management for several vendors

embedded modules already include private MIB

enabling/disabling ports can be executed graphically, for instance

• some management platforms

Sun Solstice Site Manager / Enterprise Manager

IBM/Tivoli - Tivoli Framework / Netview

Computer Associates - Unicenter TNG

Enterasys Spectrum

HP OpenView

DAV C03©LAM 2005

72

Management Platforms

• some modules for management platforms

3Com Transcend for Solstice Site Manager

CiscoWorks for HP OpenView

IBM Nways for Tivoli NetView

APC PowerChute for MS-SMS

McAffee VirusScan for Novell ManageWise

DAV C03©LAM 2005

73

Web Management

• Traditional management platforms are inconvenient

centralized management architecture

managing station (manager) needs a high processing power

platform dependence (private MIB)

interaction between management platforms was practically null

cost

DAV C03©LAM 2005

74

Web Management

• Webdistributed infrastructure

known navigation paradigm browsing

platform independent GUI Java, HTML

• Initial idea:

“Management should be executed through a browserfrom any machine connected to the Internet”

disassociate the management GUI from the management tools

DAV C03©LAM 2005

75

Web Management

• Other ideasto use existing web protocols

SSL

HTTP password authentication

Digital Certificates

ACL Access Control Lists

to integrate

different management tools

different web sites (vendor web sites)

XML, Web Services

DAV C03©LAM 2005

76

Open Source NMS

• Nagios – www.nagios.org

• OpenNMS – www.opennms.org

• ZenOSS – www.zenoss.org

DAV C03©LAM 2005

77

Nagios

DAV C03©LAM 2005

78

DAV C03©LAM 2005

79

DAV C03©LAM 2005

80

Management Platform Model

slides from Schweitzer, Gabos, Redigolo and Carvalho

DAV C03©LAM 2005

81

Features

• network topology discovery

• define a network map

• identification of faults

• terminal emulation

• automatic intervention

• on-line help

• reporting

• MIB management

DAV C03©LAM 2005

82

Network Topology Discovery

• identify resources of the corporative network

• create a database with objects that will be managed

• manual register of non-identified resources

DAV C03©LAM 2005

83

Define a network map

• Objects representing the resources to be managed

• for fast fault identification using alarm, colors

• alarm notification

• network map is automatic created

• several views of the managed network

• great number of managed resources

• implementation of differentiated security levels

• operation distributed geographically

DAV C03©LAM 2005

84

Identification of Faults

• information about managed resources

• event handling• requested information

• non-requested information traps

• fault isolation• prevent a fault to be propagated within the network

• saving time for fixing / correcting faults

• alarm notification• through different communication media

web server, pagers, cellular phones, fax or email

DAV C03©LAM 2005

85

Other Features

• Terminal emulation

• command line access for managed devices

configuration overview and configuration changes

TELNET (TCP/IP)

• Automatic intervention

• pro-active management

• management system can fix / correct network parameters

port reconfiguration

DAV C03©LAM 2005

86

Other Features

• On-line Help

• platform features & tools

• walkthrough for network problems and action that should be taken

• Reporting

• network events reporting

• MIB management

• different vendors have different MIB standards

• managing using a private MIB

DAV C03©LAM 2005

87

Acknowledgments

many thanks to:

Christiane Schweitzer, Denis Gabos, Fernando Redigolo and Tereza Carvalho from the Network and Computer Architecture Laboratory (LARC) from the Department of Computer Engineering -

Escola Politécnica - University of Sao Paulo (USP) - Brazil.

contact them at { chrism, dgabos, fernando, carvalho } @ larc.usp.br