1 / 29

Chapter 8 Network Management

8: Network Management. 2. Chapter 8: Network Management. Chapter goals: introduction to network managementmotivationmajor componentsInternet network management frameworkMIB: management information baseSMI: data definition languageSNMP: protocol for network managementsecurity and administrati

kipling
Download Presentation

Chapter 8 Network Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. 8: Network Management 1 Chapter 8 – Network Management As we have learned thus far, computer networks are complex systems of numerous hardware and software components. As such, they are subject to operational problems involving outage, malfunction, mis-configuration, poor performance, and other issues. In this final chapter, we will briefly look at the architecture, protocols and tools available to identify and solve these problems.

    2. 8: Network Management 2 Chapter 8: Network Management Chapter goals: introduction to network management motivation major components Internet network management framework MIB: management information base SMI: data definition language SNMP: protocol for network management security and administration presentation services: ASN.1 firewalls

    3. 8: Network Management 3 Network management motivation networks are complex autonomous systems Consisting of 100s (or 1000s) of interacting hardware and software components

    4. 8: Network Management 4 Motivation for network management – “stuff happens”

    5. 8: Network Management 5 Network management: 4 key goals Monitor… see what’s happening host interfaces, traffic levels, service levels, security, performance, routing table changes, etc. Analyze… determine what it means Reactively control… take action based on what is happening Proactively manage… take action based on what current trends tell you to will happen

    6. 8: Network Management 6 Infrastructure for network management

    7. 8: Network Management 7 A typical Network Management Systems

    8. 8: Network Management 8 Network Management standards OSI CMIP Common Management Information Protocol designed 1980’s: the unifying net management standard too slowly standardized SNMP: Simple Network Management Protocol Internet roots (SGMP… ISMF) started simple deployed, adopted rapidly growth: size, complexity currently: SNMP V3 (released April 1999) de facto network management standard

    9. 8: Network Management 9 SNMP overview: 4 key parts of the Internet network management framework Management information base (MIB): distributed information store of network management data (MIB objects) Structure of Management Information (SMI): data definition language for MIB objects SNMP protocol convey manager<->managed object info, commands Security & administration capabilities major addition in SNMPv3

    10. 8: Network Management 10 SMI: data definition language (RFC 2578) Purpose: syntax, semantics of management data well-defined, unambiguous base data types: straightforward, boring OBJECT-TYPE data type, status, semantics of managed object MODULE-IDENTITY groups related objects into MIB module

    11. 8: Network Management 11 SNMP MIB

    12. 8: Network Management 12 SMI: Object, module examples OBJECT-TYPE: ipInDelivers MODULE-IDENTITY: ipMIB

    13. 8: Network Management 13 SNMP Naming (OBJECT IDENTIFIER) question: how to name every possible standard object (protocol, data, more..) in every possible network standard?? answer: ISO Object Identifier tree: hierarchical naming of all objects each branchpoint has name, number

    14. 8: Network Management 14 ISO Object Identifier Tree

    15. 8: Network Management 15 MIB example: UDP module

    16. 8: Network Management 16 SNMP protocol Two ways to convey MIB info, commands:

    17. 8: Network Management 17 SNMP protocol: message types

    18. 8: Network Management 18 SNMP protocol: message formats

    19. 8: Network Management 19 SNMP security and administration encryption: DES-encrypt SNMP message authentication: compute, send MIC(m,k): compute hash (MIC) over message (m), secret shared key (k) protection against playback: use nonce view-based access control SNMP entity maintains database of access rights, policies for various users database itself accessible as managed object!

    20. 8: Network Management 20 The presentation problem Q: does perfect memory-to-memory copy solve “the communication problem”? A: not always!

    21. 8: Network Management 21 Solving the presentation problem 1. Translate local-host format to host-independent format 2. Transmit data in host-independent format 3. Translate host-independent format to remote-host format

    22. 8: Network Management 22 ASN.1: Abstract Syntax Notation 1 “The language of standards writers.” ISO standard X.680 used extensively in Internet defined data types, object constructors like SMI BER: Basic Encoding Rules (ITU-T X.209, X.690) specify how ASN.1-defined data objects to be transmitted each transmitted object has Type, Length, Value (TLV) encoding

    23. 8: Network Management 23 ASN.1: Abstract Syntax Notation 1 Encoding Rules BER - for management of the Internet, exchange of electronic mail, control of telephone/computer interactions DER - specialized form of BER that is used in security-conscious applications CER – another specialized form of BER that is meant for use with huge messages PER - recent version with more efficient algorithms that result in faster and more compact encodings; used in applications that are bandwidth or CPU starved, such as air traffic control and audio-visual telecommunications

    24. 8: Network Management 24 TLV Encoding Idea: transmitted data is self-identifying T: data type, one of ASN.1-defined types L: length of data in bytes V: value of data, encoded according to ASN.1 standard

    25. 8: Network Management 25 TLV encoding: example

    26. 8: Network Management 26 TLV encoding - another example:

    27. 8: Network Management 27 Firewalls Two firewall types: packet filter application gateway

    28. 8: Network Management 28 Packet Filtering Internal network is typically connected to Internet through a router. Router manufacturer provides options for filtering packets, based on (for example): source IP address destination IP address TCP/UDP source and destination port numbers ICMP message type TCP SYN and ACK bits Example 1: block incoming and outgoing datagrams with IP protocol field = 17 and with either source or destination port = 23. All incoming and outgoing UDP flows and telnet connections are blocked. Example 2: Block inbound TCP segments with ACK bit=0. Prevents external clients from making TCP connections with internal clients, but allows internal clients to connect to outside.

    29. 8: Network Management 29 Application gateways Filters packets on application data as well as on IP/TCP/UDP fields. Example: allow select internal users to telnet outside.

    30. 8: Network Management 30 Limitations of firewalls and gateways IP spoofing: router can’t know if data “really” comes from claimed source If multiple app’s. need special treatment, each has own app. gateway. Client software must know how to contact gateway. e.g., must set IP address of proxy in Web browser Filters often use all or nothing policy for UDP. Tradeoff: degree of communication with outside world, level of security Many highly protected sites still suffer from attacks.

More Related