1 / 78

INFO 331 Computer Networking Technology II

INFO 331 Computer Networking Technology II. Chapter 9 Network Management Glenn Booker. Network Management History. Network management didn’t exist in its current form until the 1980’s

lindsay
Download Presentation

INFO 331 Computer Networking Technology II

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. INFO 331Computer Networking Technology II Chapter 9 Network Management Glenn Booker INFO 331 chapter 9

  2. Network Management History • Network management didn’t exist in its current form until the 1980’s • From the ’40s to ’70s, networks were typically very homogeneous (proprietary-only), so network management tools were specific to that insular environment, if used at all • The advent of the PC and Macintosh made networks get much more heterogeneous, and increased the complexity of network management INFO 331 chapter 9

  3. Network Management • A network typically consists of many unrelated types of equipment, which are all supposed to work together in perfect harmony, in spite of the myriad protocols, operating systems, interfaces, etc. involved • Servers and workstations • Routers, switches, and hubs • Wireless access points and hosts • Firewalls INFO 331 chapter 9

  4. Network Management • In order to manage this mess, there is often a Network Operations Center (NOC) to coordinate maintenance, upgrades, monitoring, optimization (if you have time), repairs, etc. • Akin to a pilot’s cockpit, or the control room for a power station, or the mixing board at a concert INFO 331 chapter 9

  5. Network Management • We need to know • What to monitor • What is worth focusing your attention on? • How to analyze what we see • How to respond to changing conditions (fix problems) • How to proactively manage the system (prevent problems) INFO 331 chapter 9

  6. Typical Problems • Even a simple network can have challenges which help motivate the need for network management • Detect interface card failure at a host or router • The host or router might report the interface failure to the NOC • Better, network monitoring might reveal imminent failure, so the card is replaced before failure INFO 331 chapter 9

  7. Typical Problems • Monitor traffic to guide resource deployment • Traffic patterns or congestion monitoring can show which parts of the network are most used • This could lead to improved usage of servers, simplifying physical layout or improving the speed of high traffic LAN segments, or make good upgrade decisions INFO 331 chapter 9

  8. Typical Problems • Detect rapid routing changes • Routing can become unstable, causing rapid changes in routing tables (route flapping) • The network admin would like to know this is happening before something crashes as a result! • Host is down • Network monitoring could detect a system down before the user notices it INFO 331 chapter 9

  9. Not this SLA! Typical Problems • Monitor SLAs • Service Level Agreements (SLAs) are contracts to guarantee specific services, such as Internet service, in terms of availability, throughput, latency, and other agreed-upon measures • Major ISPs (tier 1) can provide SLAs to major business customers • If you pay for this service, it’s nice to know if they are really providing what you paid for! Image from www.answers.com/topic/symbionese-liberation-army INFO 331 chapter 9

  10. Typical Problems • Intrusion detection • The network admin can look for traffic from odd sources, destined for unusual ports, lots of SYN packets, and other security threats we recently covered • This can lead to refinement of filters & firewalls INFO 331 chapter 9

  11. ISO Network Management • ISO has produced guidance on the types of network management activities • ISO network management (ISO/IEC 10733:1998) • ISO network security (ISO/IEC TR 13335:2004, ISO/IEC 18026:2009 and ISO/IEC 18028-1:2006) • See Global IHS for buying ISO standards INFO 331 chapter 9

  12. ISO Network Management • Cisco overview white paper (free, unlike ISO standards, and summarized herein thru slide 35) • ISO identifies five areas of network management • Fault, configuration, performance, security, and accounting management INFO 331 chapter 9

  13. ISO Network Management • Fault Management • Detect, isolate, notify, and correct faults encountered in the network • Configuration Management • Configuration aspects of network devices such as configuration file management, inventory management, and software management INFO 331 chapter 9

  14. ISO Network Management • Performance Management • Monitor and measure various aspects of performance so that overall performance can be maintained at an acceptable level • Security Management • Provide access to network devices and corporate resources to authorized individuals • Accounting Management • Usage information of network resources INFO 331 chapter 9

  15. Fault Management • This is the main focus of network management for most organizations • Faults are errors or problems in the network • Often a shorter term perspective than performance management • Hence fast detection of problems is critical, often via color-coded graphical network maps INFO 331 chapter 9

  16. Fault Management • Typically want a network management platform to do: • Network discovery and topology mapping • Event handler • Performance data collection and presentation • Management data browsing • Network management platforms include HP OpenView, Aprisma Spectrum, and Sun Solstice INFO 331 chapter 9

  17. Fault Management • Devices can send SNMP traps (RFC 3410) of events which change their status • These events are logged, such as in a Management Information Base (MIB) • Platforms can be geographically located, and communicate with each other to centralize network monitoring • Web interfaces on devices can allow remote management and configuration INFO 331 chapter 9

  18. Fault Management • Equipment vendors often use different management systems • They can communicate using CORBA or CIM standards to exchange management data • Troubleshooting a network often uses TFTP and syslog servers • The trivial FTP (TFTP) server stores configuration files; routers and switches can send system log (syslog) messages to the syslog server INFO 331 chapter 9

  19. Fault Management • Faults can be detected with SNMP trap events, SNMP polling, remote monitoring (RMON, RFC 2819) and syslog messages • Module changing to up or down state • Chassis alarms for hardware failures (fans, memory, voltage levels, temperature, etc.) • Responses can be just notification and logging of the event, or shutdown of that device, e.g. temps can be defined for warning, critical, or shutdown INFO 331 chapter 9

  20. Fault Management • Fault detection can also be done at the protocol or interface levels • Such as a router interface failure • A management station polls the device to determine status or measure something (CPU usage, buffer failure, I/O drops, etc.), and flags it with an RMON alarm when the measure exceeds some threshold value INFO 331 chapter 9

  21. Configuration Management • Configuration management (CM) tracks equipment and software in the network • Can assess which elements are causing trouble, or which vendors are preferred • What if a vendor recalls a certain device? Do you have any of them? Where? • Whose routers or switches are most reliable? • Where do you send a service vendor to replace a dead router? INFO 331 chapter 9

  22. Configuration Management • CM data includes • Make, model, version, serial number of equipment • Software versions and licenses • Physical location of hardware • Site, building, room, rack number, etc. • Contact info for equipment owners and service vendors • Naming conventions are often used to keep names meaningful, not just yoda.drexel.edu INFO 331 chapter 9

  23. Configuration Management • CM also includes file management • Changes to device configuration files should be carefully controlled, so that older versions can be used if the new ones don’t work • A change audit log can help track changes, and who made them • Inventory management is based on the ability to discover what devices exist, and their configuration information INFO 331 chapter 9

  24. Configuration Management • Software management can include the automation of software upgrades across devices • Download new software images, verify compatibility with hardware, back up existing software, then load new software • Large sites may script the process and run during low activity times INFO 331 chapter 9

  25. Performance Management • The same SNMP methods to capture fault data can be used for performance data, such as queue drops, ignored packets, etc. • These can be used to assess SLA compliance • On a larger scale, WAN protocols (frame relay, ATM, ISDN) can also collect performance data INFO 331 chapter 9

  26. Performance Management • Performance management tools include • Concord Network Health • InfoVista VistaView • SAS IT Service Vision • Trinagy TREND • These all collect, store, and analyze data from around one’s enterprise, and typically use web-based interfaces to allow access to it from anywhere INFO 331 chapter 9

  27. Performance Management • Increased network traffic has led to more attention to user and application traffic • RFC 4502 (replacing RFCs 2021 and 3273) defines how RMON can be used to analyze applications and the network layer, not just lower layer (e.g. MAC) protocols • Many other performance monitoring tools exist, e.g. Cisco NetFlow INFO 331 chapter 9

  28. Security Management • Security management covers controlling access to the network and its resources • Can include monitoring user login, refusing access to failed login attempts, as well as either intentional or unintentional sabotage • Security management starts with good policies and procedures • The minimum security settings for routers, switches, and hosts is important to define INFO 331 chapter 9

  29. Security Management • Methods for control of security at the device level (router) include • Access control lists (ACLs) and what they are permitted to do • User ID’s and passwords • Terminal Access Controller Access Control System (TACACS) • TACACS (RFC 1492) is a security protocol between devices and a TACACS server INFO 331 chapter 9

  30. Security Management • A refinement of TACACS is TACACS+, which gives more detailed control over who can access a given device • It separates the Authentication (verify user), Authorization (control remote access to device), and Accounting functions (collect security information for network management) (AAA) INFO 331 chapter 9

  31. Security Management • In Cisco’s world, AAA functions are managed with commands such as • aaa • tacacs-server • set authentication • set authorization • set accounting INFO 331 chapter 9

  32. Security Management • In SNMP, configuration changes can be made to routers and switches just like from a command line • Hence strong SNMP passwords are critical! • SNMP management hosts (‘managing entities’ in Kurose) should have static IP, and sole SNMP rights with network devices (managed devices) according to a specific Access Control List (ACL) INFO 331 chapter 9

  33. Security Management • SNMP can set router security: • Privilege Level = RO (read only) or = RW (read and write); only RW can change router settings • Access Control List (ACL) can be set to only allow specific hosts to request router management info; ACL control over interfaces can help prevent spoofing INFO 331 chapter 9

  34. Security Management • View – controls what router data can be viewed • SNMPv3 provides secure exchange of data • Switches can restrict Telnet and SNMP via an IP Permit List INFO 331 chapter 9

  35. Accounting Management • Accounting management measures utilization of the network so that specific groups or users can be billed correctly for snarfing up resources • Yes, it’s all about money • Data can be collected using various tools, such as NetFlow, IP Accounting, Evident Software • This can also be used to measure how well SLAs are being followed or not INFO 331 chapter 9

  36. Other aspects of net mgmt • So network management is a huge field • We’ll focus on basic infrastructure issues • Omit service management, network administration, provisioning, and sizing networks (see TINA and TMN standards) INFO 331 chapter 9

  37. Network Management Infrastructure • Network management is like the CEO of an organization getting status reports from middle managers, and they get status from first line managers • The CEO has to make decisions about the entire company based on this data • Corrective action may be needed, based on good or bad results obtained • The CEO of General Motors may build new plants, or shut others down INFO 331 chapter 9

  38. Network Management Infrastructure • Network management establishes managers (called managing entities, often located in a NOC) who are allowed (via an ACL) to talk to network devices (managed devices, such as servers or routers) • Each managed device has a network management agent, who collects the desired data • Each managed device has one or more managed objects (such as network cards, memory chips, etc.) INFO 331 chapter 9

  39. Network Management Infrastructure INFO 331 chapter 9

  40. Network Management Infrastructure • Descriptions of all managed objects, and the devices they belong to, are collected in the Management Information Base (MIB) • A MIB is a database of managed object data • Managed devices communicate with managing entities using a network management protocol • Devices don’t generally talk to each other, but managing entities can INFO 331 chapter 9

  41. Network Management Infrastructure • The network management protocol doesn’t manage the network per se – it just provides a means for the network admin to do so INFO 331 chapter 9

  42. Network Management Standards • The architecture just described applies to most any network management approach • Many specific standards have been developed • The OSI CMISE/CMIP standards, used in telecommunications • In the Internet, SNMP (Simple Network Management Protocol, RFCs 3411-3418) • We’ll focus on SNMP INFO 331 chapter 9

  43. SNMP isn’t Simple! • Derived from SGMP (RFC 1028, 1987) • Key goals of network management include • What is being monitored? • What form of control does the network administrator have? • What is the form of data reported and exchanged? • What is the communication protocol for theexchange of data? INFO 331 chapter 9

  44. SNMP • To address these goals, SNMP has four modular parts • Network management objects, called MIB objects • The MIB tracks MIB objects • A MIB object might be a kind of data (datagrams discarded, description of a router, status of an object, routing path to a destination, etc.) • MIB objects can be grouped into MIB modules INFO 331 chapter 9

  45. SNMP • A data definition language, SMI (Structure of Management Information) • SMI defines what an object is, what data types exist, and rules for writing and changing management information • A protocol, SNMP, for the exchange of information and commands between manager-agent and manager-manager (between two managing entities) • Security and administrative capabilities INFO 331 chapter 9

  46. [SMI is part of MIB, so a SMI object is the same as a MIB managed object.] SMI • SMI is defined by RFCs 2578-2580 (1999) • SMI has three levels of structure • Base data types • Managed objects • Managed modules INFO 331 chapter 9

  47. SMI • SMI Base Data Types are an extension on the ASN.1 structure (Abstract Syntax Notation One, ISO/IEC 8824:2008) • There are eleven basic data types (p. 783) • Signed and unsigned (>0) integers, IP addresses, counters, time in 1/100 second counts, etc. • Most important is the OBJECT IDENTIFIER type, which allows definition of an SMI object as some ordered collection of other data types INFO 331 chapter 9

  48. SMI • The OBJECT IDENTIFIER is like a struct in C • Here, it names an Object • To create a managed object, the OBJECT-TYPE construct is used • Over 10,000 object-types have been defined – these are the heart of data that can be collected for network management • Analogy: OBJECT IDENTIFIER defines the class, OBJECT-TYPE instantiates the object INFO 331 chapter 9

  49. SMI Objects • An object-type includes four fields • SYNTAX – is the data type of the object, e.g. ‘Counter32’ • MAX-ACCESS – is whether the object can be read, written, created, e.g. ‘read-only’ • STATUS – is whether the object is current, obsolete, or deprecated, e.g. ‘current’ • DESCRIPTION – gives a definition of the object, which is a long text narrative INFO 331 chapter 9

  50. SMI Modules • The MODULE-IDENTITY construct creates a module from related objects • Fields include when it was last updated, the organization who did so, contact info for them, a description of the module, a revision entry, and description of the revision • The end of the MODULE-IDENTITY gives the ASN.1 code for the type of information in the module (often MIB-2) INFO 331 chapter 9

More Related