Chapter 13 Network Management Applications - PowerPoint PPT Presentation

chapter 13 network management applications n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Chapter 13 Network Management Applications PowerPoint Presentation
Download Presentation
Chapter 13 Network Management Applications

play fullscreen
1 / 105
Chapter 13 Network Management Applications
264 Views
Download Presentation
hop
Download Presentation

Chapter 13 Network Management Applications

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Chapter 13Network Management Applications

  2. Network and Systems Management

  3. Management Applications • OSI Model • Configuration • Fault • Performance • Security • Accounting • Reports • Service Level Management • Policy-based management

  4. Configuration Management • Network Provisioning • Inventory Management • Equipment • Facilities • Network Topology • Database Considerations

  5. Network Provisioning • Network Provisioning • Provisioning of network resources • Design • Installation and maintenance • Circuit-switched network • Packet-switched network, configuration for • Protocol • Performance • QoS • ATM networks

  6. Network Topology • Manual • Auto-discovery by NMS using • Broadcast ping • ARP table in devices • Mapping of network • Layout • Layering • Views • Physical • Logical

  7. Network Topology Discovery 163.25.145.0 163.25.146.0 140.112.8.0 140.112.6.0 163.25.146.128 163.25.147.0 140.112.5.0 192.168.12.0 192.168.13.0

  8. Discovery In a Network • What to be discovered in a network ? • Node Discovery • The network devices in each network segment • Network Discovery • The topology of networks of interest • Service Discovery • The network services provided • NetworkTopology Discovery • Network Discovery + Node Discovery

  9. Node Discovery • Node Discovery • Given an IP Address, find the nodes in the same network. • Two Major Approaches: • Use Ping to query the possible IP addresses. • Use SNMP to retrieve the ARP Cache of a known node.

  10. Use ICMP ECHO • Eg: IP address: 163.25.147.12 Subnet mask: 255.255.255.0 • All possible addresses: • 163.25.147.1 ~ 163.25.147.254 • For each of the above addresses, use ICMP ECHO to inquire the address • If a node replies (ICMP ECHO Reply), then it is found. • Broadcast Ping

  11. Use SNMP • Find a node which supports SNMP • The given node, default gateway, or router • Or try a node arbitrarily • Query the ipNetToMediaTable in MIB-II IP group (ARP Cache) ipNetToMediaPhysAddress ipNetToMediaType ipNetToMediaIfIndex ipNetToMediaNetAddress 1 00:80:43:5F:12:9A 163.25.147.10 dynamic(3) 2 00:80:51:F3:11:DE 163.25.147.11 dynamic(3)

  12. Network Discovery • Network Discovery • Find the networks of interest with their interconnections • Key Issue: • Given a network, what are the networks directly connected with it ? • Major Approach • Use SNMP to retrieve the routing table of a router.

  13. Default Router Routing table

  14. Mapping of network

  15. Traditional LAN Configuration Physical Logical

  16. Virtual LAN Configuration Physical Logical

  17. Fault Management • Fault is a failure of a network component • Results in loss of connectivity • Fault management involves: • Fault detection • Polling • Traps: linkDown, egpNeighborLoss • Fault location • Detect all components failed and trace down the tree topology to the source • Fault isolation by network and SNMP tools • Use artificial intelligence / correlation techniques • Restoration of service • Identification of root cause of the problem • Problem resolution

  18. Performance Management • Tools • Protocol analyzers • RMON • MRTG • Performance Metrics • Data Monitoring • Problem Isolation • Performance Statistics

  19. Performance Metrics • Macro-level • Throughput • Response time • Availability • Reliability • Micro-level • Bandwidth • Utilization • Error rate • Peak load • Average load

  20. Traffic Flow MeasurementNetwork Characterization Four levels defined by IETF (RFC 2063)

  21. Network Flow Measurements • Three measurement entities: • Meters gather data and build tables • Meter readers collect data from meters • Managers oversee the operation • Meter MIB (RFC 2064) • NetraMet - an implementation(RFC 2123)

  22. Data Monitoring and Problem Isolation • Data monitoring • Normal behavior • Abnormal behavior (e.g., excessive collisions, high packet loss, etc) • Set up traps (e.g., parameters in alarm group in RMON on object identifier of interest) • Set up alarms for criticality • Manual and automatic clearing of alarms • Problem isolation • Manual mode using network and SNMP tools • Problems in multiple components needs tracking down the topology • Automated mode using correlation technology

  23. Performance Statistics • Traffic statistics • Error statistics • Used in • QoS tracking • Performance tuning • Validation of SLA (Service Level Agreement) • Trend analysis • Facility planning • Functional accounting

  24. Event Correlation Techniques • Basic elements • Detection and filtering of events • Correlation of observed events using AI • Localize the source of the problem • Identify the cause of the problem • Techniques • Rule-based reasoning • Model-based reasoning • Case-based reasoning • Codebook correlation model • State transition graph model • Finite state machine model

  25. Rule-Based Reasoning

  26. Rule-Based Reasoning • Knowledge base contains expert knowledge onproblem symptoms and actions to be taken if  then condition  action • Working memory contains topological and stateinformation of the network; recognizes system going into faulty state • Inference engine in cooperation with knowledge base decides on the action to be taken • Knowledge executes the action

  27. Rule-Based Reasoning • Rule-based paradigm is an iterative process • RBR is “brittle” if no precedence exists • An exponential growth in knowledge base poses problem in scalability • Problem with instability if packet loss < 10% alarm green if packet loss => 10% < 15% alarm yellow if packet loss => 15% alarm red • Solution using fuzzy logic

  28. Configuration for RBR Example

  29. RBR Example

  30. Model-Based Reasoning

  31. Model-Based Reasoning • Object-oriented model • Model is a representation of the component it models • Model has attributes and relations to other models • Relationship between objects reflected in a similar relationship between models

  32. MBR Event Correlator Example: Hub 1 fails Recognized by Hub 1 model Hub 1 model queries router model Router model declares no failure Router model declares failure Hub 1 model declares Failure Hub 1 model declares NO failure

  33. Case-Based Reasoning

  34. Case-Based Reasoning • Unit of knowledge • RBR rule • CBR case • CBR based on the case experienced before; extend to the current situation by adaptation • Three adaptation schemes • Parameterized adaptation • Abstraction / re-specialization adaptation • Critic-based adaptation

  35. CBR Parameterized Adaption

  36. CBR: Abstraction / Re-specialization

  37. CBR: Critic-Based Adaptation • Human expertise introduces a new case

  38. CBR-Based CRITTER

  39. Codebook Correlation Model:Generic Architecture

  40. Codebook Correlation Model • Yemini, et.al. proposed this model • Monitors capture alarm events • Configuration model contains the configuration of the network • Event model represents events and their causalrelationships • Correlator correlates alarm events with event model and determines the problem that caused the events

  41. Codebook Approach • Correlation algorithms based upon coding approach to event correlation • Problem events viewed as messages generated by a system and encoded in sets of alarms • Correlator decodes the problem messages to identify the problems

  42. Two phases of Codebook Approaches • Codebook selection phase: Problems to be monitored identified and the symptoms theygenerate are associated with the problem.This generates codebook (problem-symptom matrix) 2. Correlator compares alarm events with codebook and identifies the problem.

  43. Causality Graph

  44. Labeled Causality Graph • Ps are problems and Ss are symptoms • P1 causes S1 and S2 • Note directed edge from S1 to S2 removed; S2 is caused directly or indirectly (via S1) by P1 • S2 could also be caused by either P2 or P3

  45. Codebook • Codebook is problem-symptom matrix • It is derived from causality graph after removing directed edges of propagation of symptoms • Number of symptoms >= number of problems • 2 rows are adequate to identify uniquely 3 problems

  46. Correlation Matrix • Correlation matrix is a reduced codebook

  47. Correlation Graph

  48. State Transition Model

  49. State Transition Model Example