Download
slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
Poglavlje 9 Upravljanje mrežom PowerPoint Presentation
Download Presentation
Poglavlje 9 Upravljanje mrežom

Poglavlje 9 Upravljanje mrežom

147 Views Download Presentation
Download Presentation

Poglavlje 9 Upravljanje mrežom

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Poglavlje 9Upravljanje mrežom Computer Networking: A Top Down Approach Featuring the Internet, 3rd edition. Jim Kurose, Keith RossAddison-Wesley, July 2004. Network Management

  2. Ciljevi: Uvod motivacija glavne komponente Okvir upravljanja mrežama na Internet-u MIB: baza upravljačkih informacija SMI: data definition language SNMP: protokol za mrežni menadžment bezbednost i administracija prezentacioni servisi: ASN.1 Poglavlje 9: upravljanje mrežom Network Management

  3. Šta je mrežni menadžment? Okvir Internet-standardnog menadžmenta Structure of Management Information: SMI Management Information Base: MIB SNMP Protocol Operations and Transport Mappings Bezbednost i administracija Abstract Syntax Notation 1 - ASN.1 Poglavlje 9 kratak pregled Network Management

  4. Šta je mrežni menadžment? • autonomni sistemi (“mreže”): 100 ili 1000 međusobno povezanih hardversko/softverskih komponenti • različiti složeni sistemi zahtevaju monitoring, kontrolu: • avioni • nuklearne centrale • drugi? "Mrežni menadžmentuključuje razvijanje, integraciju i koordinaciju hardvera, softvera i ljudi da bi nadgledali, testirali, ispitivali, konfigurisali, analizirali, razvijali i kontrolisali mrežu i resurse, da bi ispunili u realnom vremenu performanse rada i zahteve kvaliteta servisa sa razumnim troškovima" Network Management

  5. managing entity data data data data data agent agent agent agent Infrastruktura za upravljanje mrežom definicije: managing entity managed devicessadrže managed objectsčije podatke sakupljaju u Management Information Base (MIB) managed device network management protocol managed device managed device managed device Network Management

  6. OSI CMIP Common Management Information Protocol projektovan 1980: unificira net management standard isuviše sporo standardizovan SNMP: Simple Network Management Protocol Internet korene (SGMP) startovan prosto razvijan, prilagođen rapidno veličina, kompleksnost trenutno: SNMP V3 de factostandard za mrežni menadžment Standardi mrežnog menadžmenta Network Management

  7. Šta je mrežni menadžment? Okvir Internet-standardnog menadžmenta Structure of Management Information: SMI Management Information Base: MIB SNMP Protocol Operations and Transport Mappings Bezbednost i administracija ASN.1 Poglavlje 9 kratak pregled Network Management

  8. SNMP pregled: 4 ključna dela • Management information base (MIB): • distribuira informacije skladištenja podataka mrežnog menadžmenta • Structure of Management Information (SMI): • data definition language za MIB objekte • SNMP protokol • prenosi manager<->managed object informacije, komande • security, administration sposobnosti • glavni dodatak u SNMPv3 Network Management

  9. Purpose: syntax, semantics of management data well-defined, unambiguous base data types: straightforward, boring OBJECT-TYPE data type, status, semantics of managed object MODULE-IDENTITY groups related objects into MIB module SMI: data definition languagejezik za definiciju podataka Basic Data Types INTEGER Integer32 Unsigned32 OCTET STRING OBJECT IDENTIFIED IPaddress Counter32 Counter64 Guage32 Time Ticks Opaque Network Management

  10. MODULE SNMP MIB MIB module specified via SMI MODULE-IDENTITY (100 standardized MIBs, more vendor-specific) OBJECT TYPE: OBJECT TYPE: OBJECT TYPE: objects specified via SMI OBJECT-TYPE construct Network Management

  11. OBJECT-TYPE:ipInDelivers MODULE-IDENTITY:ipMIB SMI: Object, module primeri ipMIB MODULE-IDENTITY LAST-UPDATED “941101000Z” ORGANZATION “IETF SNPv2 Working Group” CONTACT-INFO “ Keith McCloghrie ……” DESCRIPTION “The MIB module for managing IP and ICMP implementations, but excluding their management of IP routes.” REVISION “019331000Z” ……… ::= {mib-2 48} ipInDelivers OBJECT TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION “The total number of input datagrams successfully delivered to IP user- protocols (including ICMP)” ::= { ip 9} Network Management

  12. MIB primer: UDP modul Object ID Name Type Comments 1.3.6.1.2.1.7.1 UDPInDatagrams Counter32 total # datagrams delivered at this node 1.3.6.1.2.1.7.2 UDPNoPorts Counter32 # underliverable datagrams no app at portl 1.3.6.1.2.1.7.3 UDInErrors Counter32 # undeliverable datagrams all other reasons 1.3.6.1.2.1.7.4 UDPOutDatagrams Counter32 # datagrams sent 1.3.6.1.2.1.7.5 udpTable SEQUENCE one entry for each port in use by app, gives port # and IP address Network Management

  13. SNMP Naming question:kako dati ime svakom mogućem standardnom objektu (protokol, podaci, ...) u svakom mogućem mrežnom standardu?? answer: ISO - Object Identifier tree - stablo identifikacije objekata: • hijerarhijski naming svih objekata • svaka grana ima ime i broj 1.3.6.1.2.1.7.1 udpInDatagrams UDP MIB2 management ISO ISO-ident. Org. US DoD Internet Network Management

  14. OSI Stablo identifikacije objekata Check out www.alvestrand.no/harald/objectid/top.html Network Management

  15. request managing entity managing entity data data agent agent SNMP protokol Dva načina da se prenesu MIB informacije, komande: trap msg response Managed device Managed device request/response mod trap mod Network Management

  16. SNMP protokol: tipovi poruka Function Message type GetRequest GetNextRequest GetBulkRequest Mgr-to-agent: “get me data” (instance,next in list, block) InformRequest Mgr-to-Mgr: here’s MIB value SetRequest Mgr-to-agent: set MIB value Agent-to-mgr: value, response to Request Response Agent-to-mgr: inform manager of exceptional event Trap Network Management

  17. SNMP protokol: formati poruka Network Management

  18. SNMP bezbednosti administracija • encryption: DES-enkripcija SNMP poruke • authentication: compute, send MIC(m,k): compute hash (MIC) over message (m), secret shared key (k) • protection against playback: use nonce • view-based access control • SNMP entity održava bazu podataka prava pristupa, politike za različite korisnike • samoj bazi podataka je moguće pristupiti kao upravljanom objektu! Network Management

  19. Poglavlje 9 kratak pregled • Šta je mrežni menadžment? • Okvir Internet-standardnog menadžmenta • Structure of Management Information: SMI • Management Information Base: MIB • SNMP Protocol Operations and Transport Mappings • Bezbednost i administracija • Problem prezentacije: ASN.1 Network Management

  20. a 00000011 00000001 a 00000001 00000011 Problem prezentacije Q: da li savršeno memory-to-memory kopiranje rešava “komunikacioni problem”? A: ne uvek! struct { char code; int x; } test; test.x = 256; test.code=‘a’ test.code test.x test.code test.x host 2 format host 1 format problem:različiti formati poruka, konvencije skladištenja Network Management

  21. Problem prezentacije iz realnog života grandma 2004 teenager aging 60’s hippie Network Management

  22. Problem prezentacije: potencijalna rečenja 1. Sender learns receiver’s format. Sender translates into receiver’s format. Sender sends. • real-world analogy? • pros and cons? 2. Sender sends. Receiver learns sender’s format. Receiver translate into receiver-local format • real-world-analogy • pros and cons? 3. Sender translates host-independent format. Sends. Receiver translates to receiver-local format. • real-world analogy? • pros and cons? Network Management

  23. Rešavanje problema prezentacije 1. Translate local-host format to host-independent format 2. Transmit data in host-independent format 3. Translate host-independent format to remote-host format aging 60’s hippie 2004 teenager grandma Network Management

  24. ASN.1: Abstract Syntax Notation 1 • ISO standard X.680 • veoma se koristi na Internet-u • like eating vegetables, knowing this “good for you”! • definisani tipovi podataka, konstruktori objekata • like SMI • BER: Basic Encoding Rules • određuju kako su ASN.1-definisani objekti podataka koji treba da se prenose • svaki objekat koji treba da se prenese ima Type, Length, Value (TLV) encoding Network Management

  25. TLV Encoding Idea: transmitted data is self-identifying • T: data type, one of ASN.1-defined types • L: length of data in bytes • V: value of data, encoded according to ASN.1 standard Tag ValueType Boolean Integer Bitstring Octet string Null Object Identifier Real 1 2 3 4 5 6 9 Network Management

  26. TLV encoding:primer Value, 259 Length, 2 bytes Type=2, integer Value, 5 octets (chars) Length, 5 bytes Type=4, octet string Network Management

  27. mrežni menadžment ekstremno važan: 80% mrežnih “troškova” ASN.1 za opis podataka SNMP protokol kao alat za dopremanje informacija Mrežni menadžment: više umetnost nego nauka šta da se izmeri/nadgleda kako da se odgovori na greške? Upravljanje mrežom: zaključak Network Management