1 CS 565 Network Management Dr. Qingsong Zhang Northwestern Polytechnic University 2 Class Notice: 13 weeks. Every Wed. 6:00 pm Text book: SNMP, SNMPv2, SNMPv3, and RMON 1 and 2. You are required to attend all the classes. CS470, CS503 prerequisite. Northwestern Polytechnic University 3 Why manage? Enterprise networks are becoming increasingly distributed and complex environments due to a number of factors: The rapidly increasing number of network nodes exponentially increases network complexity; IS managers must be masters of more domains, as their remit includes managing network traffic across expensive WAN pipes, as well as LANs, VLANs and VPNs; Increasing use of delay-sensitive, bandwidth intensive applications such as video-conferencing, adds a new dimension to network management; Northwestern Polytechnic University 4 Why manage? Networks are now mission critical for the vast majority of enterprises; The efficiencies of the network are more visible to customers and clients than ever before with the advent of e-commerce. QoS: Bandwidth, delay, recovery. So, Why management? More complex network. Downtime costs real money. QoS: Bandwidth, delay, recovery. Northwestern Polytechnic University 5 Course Goals Rapid development in computer and data networking technology. Explosion in the variety of equipment and networks offered by vendors. Fundamental to the operation of such tools and applications in a multivendor environment are standardized techniques for representing and exchanging information relating to network management. Northwestern Polytechnic University 6 Course Goals, Cont. Network management is one of the keywords when it comes to build large and heterogeneous networks. Despite they use the word quite often, only few people know exactly what it really means. And still fewer people even designed and implemented a management system or a management concept for a real network. 2 Northwestern Polytechnic University 7 Course Goals, Cont. A network can be managed on several different levels: The lowest level is network maintenance. The next level is called configuration management. Northwestern Polytechnic University 8 Network Management This is where decisions are made involving the planning of the physical and logical construction of the network. The configuration is defined by the device connected to the network, how they are connected, and what is used to connect them. Configuration decisions include how to segment the routers, what kind of system management software to use on the hosts, whether to provide fixed IP address or use a DHCP server, and how we convince the people in finance that we need T1 service for our internet connection. Northwestern Polytechnic University 9 Network Management Anger one of these people, and theyll configure the router on your segment to swallow all packets originating from your workstation--and they claim for days that they are working on the problem. Next higher level is the network administrators. A netadmin is either chasing or being chased Northwestern Polytechnic University 10 Network Management The highest level is the network users themselves the most helpless managers of any network. The real network manager just want to keep the users from accidentally (or purposely) screwing up the network. Northwestern Polytechnic University 11 Course Goals, Cont. Give you a solid fundament of network management theory that enables you to find a quick entrance to any aspect of network management practice, for example development of management systems, research issues and finding management concepts for existing or new networks. How to Manage? Manage by hand Still usual in many small and medium sized LANs. Admin can only react when a fault occurs. Difficult to handle when network grows. Demand for a skilled operator on every location. Slow and expensive when network becomes larger and/or more complex Northwestern Polytechnic University 12 3 Centralized Management Less personnel Faster reaction No need to go "on location" Effect on the rest of the network can be monitored No isolated view on one device only Most interesting in WANs Northwestern Polytechnic University 13 Centralized Management Two Options: Connecting a pool of central console to each device Still done in mainframe environments and in very critical areas Often in conjunction with a switch matrix Expensive Very bad flexibility, bas scalability But still works when the network down! Northwestern Polytechnic University 14 Centralized Management Each device presents a management entity that is accessible from the network Obviously, the second alternative is primarily used today, but the first is still an option Example: extra remote console via a terminal server for important backbone systems First systems of this kind were just as proprietary as the consoles Example: DEC LAT printer infrastructure Still one central console for each class of devices Creates "management islands" In some areas this is still a major problem Northwestern Polytechnic University 15 Northwestern Polytechnic University 16 Course Goals, Cont. Give you a solid fundament of network management theory that enables you to find a quick entrance to any aspect of network management practice, for example development of management systems, research issues and finding management concepts for existing or new networks. Northwestern Polytechnic University 17 Description Review several protocols which are important for network management. Provide a comprehensive introduction to SNMP based protocols, the construction of the management information base (MIB). Use RMON probes to monitor the network. Emphasis on understanding how to retrieve data elements and how to interpret the effect of values retrieved. Text book SNMP, SNMPv2, SNMPV3 and RMON 1 and 2, By William Stallings Northwestern Polytechnic University 18 CS 565 Network Management Dr. Qingsong Zhang 1. Network Management Fundamentals 4 Northwestern Polytechnic University 19 Network Management Fundamentals Motivation History What exactly is network management Discussion of several definitions Roles of network management Future developments Northwestern Polytechnic University 20 Motivation The network and its associated resources and distributed applications become indispensable to the organization. More things can go wrong, disabling the network or a portion of the network or degrading performance to an unacceptable level. Northwestern Polytechnic University 21 Motivation Professional Support corporate planning and to provide professional leadership in the technical area Financial Is not an expense or cost center Technical Provide additional services or add new users Security Provide services only to authorized users Northwestern Polytechnic University 22 OSI Functional Areas Configuration management Configuration and monitoring of resources for normal operation Fault management Detection, localization and repair of faults Performance management Performance measurements and comparison with expected values Northwestern Polytechnic University 23 OSI Functional Areas Performance management (cont.) Detect approaching problems and configuration mistakes Network simulation (!) Security management Provision and configuration of security services in the network For example TACACS (+) for device access Northwestern Polytechnic University 24 OSI Functional Areas Accounting Logging and export of data for billing Supervision of service access Most important in carrier networks But will become a subject in corporate networks also (for Qos issues) A real challenge: it's not easy Most companies have to throw quite a lot of money into this to get it working Example: 75% of EWSD software is accounting 5 Northwestern Polytechnic University 25 History until 1970 management by hand with local operators use of local consoles and service switches and LEDs 1970-1980 first centralized management systems proprietary Northwestern Polytechnic University 26 History 1981-1989 development of first international network management standards from 1987 first standard-conformant products example: SunNetManager (with many proprietary additions) coexistence with proprietary products Northwestern Polytechnic University 27 History 1989-today further development of standards especially for interworking of management products and distributed management slow progress development of management frameworks that are based on existing standards ITU TMN, OSF/DME (R.I.P.), OMNIPoint (small) improvements of interoperability between different manufacturers Northwestern Polytechnic University 28 History Roots in the mainframe and minicomputer era with computer manufacturers and third-party software developers producing proprietary products in 1960s. Interoperability problem resulted in the development of a series of standards. (SNMP, RMON, MIB,) Northwestern Polytechnic University 29 What is Network Management? Access (within organizational policy restrictions) to any of the network resources at any time. In other words, a user with the correct authorization should be able to make use of any of the organization (or Internets) network resources at any time of the day or night efficiently. Northwestern Polytechnic University 30 Definition Network management is the process of using hardware and software by trained personnel to monitor the status of network equipment and transmission facilities; question end users, vendors and communication carrier personnel; and implement or recommend actions to alleviate outage and/or improve communication performance, as well as conduct administrative tasks associated with the operation of a network. 6 Northwestern Polytechnic University 31 Role of Network Management Critical in the business world. Indispensable. A network that always works becomes increasingly important for more and more companies and institutions downtime costs real money new multimedia applications put higher demands on the infrastructure QoS: bandwidth, delay, recovery Northwestern Polytechnic University 32 Future Development Use of automated network management tools. Tune the performance by itself. Improve the security. Web based management system. Coexistence of different management standards and frameworks TMN will become more important Combinations of different (distributed) management systems in one network under a common GUI Java-based CORBA export functions (statistics, billing, event monitoring, etc.) Northwestern Polytechnic University 33 CS 565 Network Management Dr. Qingsong Zhang 2. Overview of Network Management Standards Northwestern Polytechnic University 34 Overview of Network Management Standards How todays standards were developed? Comparison: OSIMAN, SNMP, TMN Other standards and developments Basics - What are in common? Northwestern Polytechnic University 35 Standard Several trends in the areas of data processing and communications are becoming more pronounced. This evolution has created serious problems for network managers, it has also resulted in the realization of the necessity for network management standards. Northwestern Polytechnic University 36 Standards develop history Beginning stages: 1980s SGMP - RFC1028 - to manage routers HEMS - RFC1021, 1022, 1023 and 1024 CMIP RFC1065, RFC1066, RFC1067, RFC1095 7 Northwestern Polytechnic University 37 Standards develop history Growth and Progress: Early 1990s RMON UDP, OSI, IETF SNMP began its integration into various networks. Northwestern Polytechnic University 38 Standards develop history Moving toward the future: Mid- to Late 1990s SNMPv2c: community-based. SNMPv2u: user-based security. SNMPv3: concurrent security and scalability standardization. RMON2: introduce the Meter MIB for traffic- flow measurement. RSVP: Resource Reservation Protocol Northwestern Polytechnic University 39 Standards develop history Moving toward the future: Mid- to Late 1990s AgentX: SNMP agent extensibility Protocol Master agents and subagents. IPv6 MIB for TCP, UDP and ICMP. MIB modules for ATM, DS1, E1, DS2, E2 Northwestern Polytechnic University 40 Northwestern Polytechnic University 41 Northwestern Polytechnic University 42 Comparison: OSIMAN, SNMP, TMN Parent and superset of SNMP Huge and complex High development overhead and resource usage Inconvenient for small, simple devices Designed (and used) for medium and large networks Network elements talk with management system OSIMAN: 8 Northwestern Polytechnic University 43 Comparison: OSIMAN, SNMP, TMN Simple and easy to use Very good for small devices Subset of OSIMAN Has serveral shortcomings that some-times make life hard (esp. In larger networks) Lack of proper security Inconvenient notification mechanism, etc. Based on device polling SNMP: Northwestern Polytechnic University 44 Comparison: OSIMAN, SNMP, TMN Huge framework that is based on OSIMAN but can also utilize SNMP Designed for large carrier networks Management information is separated from user data Use of own network or protocol overhead Integrates higher levels of management Service views, billing, etc. The TMN: Northwestern Polytechnic University 45 Typical Use of Standards LANs and end systems practically SNMP only WANs IP devices (routers, etc.) SNMP only ATM and FrameRelay switches SNMP in smaller systems and networks OSIMAN for larger systems integration into TMN in progress Northwestern Polytechnic University 46 Typical Use of Standards WANs (continued) carrier infrastructures (SDH, PDH, line switches, WDM, microwave systems, etc.) some SNMP for smallest systems when not installed in a carrier network examples: HDSL modems, Laserlink devices bulk is OSIMAN-based TMN and beware: most TMN systems support SNMP Northwestern Polytechnic University 47 Northwestern Polytechnic University 48 IEEE Management IEEE developed the first management standard in 1982/83 for LANs only Layer 2 protocol not useable across routers primarily used for IBM LANs large Token Rings with bridges died in the middle of the 80s 9 Northwestern Polytechnic University 49 Common Concepts OSIMAN and SNMP basically share the same terminology and mechanisms see history management frameworks are divided into two parts information model communication model Northwestern Polytechnic University 50 Information Model Basics What do we want to manage? network resources How do we want to manage them? by a computer application So we need a model of the network resources that is suitable for a computer application. Northwestern Polytechnic University 51 Information Model Basics What is interesting? resource type (class) e.g. network interface things that are special about this resource e.g. Ethernet or Token Ring current parameters in use current state last state performance data Northwestern Polytechnic University 52 Information Level router or printer is difficult to represent we have to go down to basic data types Integer, Character String, etc. network address, byte counter a surrounding structure is needed to which element does this information belong? (lots of detail information) relationship to other data Northwestern Polytechnic University 53 Management Information Tree as usual, we choose a tree structure Management Information Tree (MIT) MIT follows the hierarchies in the network an in the network elements example: network -> subnet -> computer -> interfaces -> ethernet interface 1 -> bytesOut (an Integer) Northwestern Polytechnic University 54 MIT: Small Example Network Subnet 1 BytesIn BytesOut Ethernet 1 Status Ethernet 2 Computer 2 Computer 3 Subnet 2 Subnet 3 Computer 1 10 Northwestern Polytechnic University 55 Management Information Tree MIT models a whole network MIT data represents network state at the moment of the MITs creation MIT subtree in each network element is called Management Information Base (MIB) MIBs can be divided into functional parts that are called MIBs also full MIT is created by the management application Northwestern Polytechnic University 56 Communication Model Basics management application needs access to MIB data we need a way to address data in the MIB path through the tree structure we need a service and a protocol to transport management data so we also need a transport encoding and we need two instances that communicate Manager and Agent Northwestern Polytechnic University 57 Communication Model Basics Management Applications Manager Agent Resources MIT/MIB Manager on the side of the management application Agent on the side of the MIB (in the network element) Northwestern Polytechnic University 58 Properties of a Manager Interface between the management applications and the network elements coordinates management applications accesses agents to receive management information is informed by the agents if something has happened (good or bad) usually one manager per network Northwestern Polytechnic University 59 Properties of an Agent Answers requests of managers Informs managers (notifications, alarms) Access to resources Translation of a resource state into the information model (transfer encoding) Change of resource state and configuration by request of a manager Usually a piece of software that runs on each network element Northwestern Polytechnic University 60 Transfer Encoding Managers and agents (should) not need to run on the same platform So we have to use a platform-independent encoding Choice: ASN.1 Abstract syntax notation one (X.680 ff.) Data is transferred together with syntax information Allows usual data types and simple data structures (but can get quite complex) 11 Northwestern Polytechnic University 61 Transfer Encoding So we can transfer syntax and values But we still cannot transfer semantics The information in a MIB cannot change its semantics during run-time A formal mechanism to describe the semantics of management information is still missing The are some suggestions Research subject Northwestern Polytechnic University 62 Transfer Encoding Semantics are described informally by texts in the ASN.1 MIB definitions Interpreted and implemented by humans Can be interpreted differently or simply be misunderstood Descriptions can get quite long Northwestern Polytechnic University 63 CS 565 Network Management Dr. Qingsong Zhang 3. OSI Management Northwestern Polytechnic University 64 The OSI Standard Framework Basic standard is ISO 7498-4 / ITU-T X.700 OSI basic reference model part 4: management framework Describes whole framework OSI functional areas (see chapter 1) ISO 10040 / ITU-t x.701 management overview Gives some additional information and clarifications Northwestern Polytechnic University 65 OSI Information Model ISO/ITU-Standard Structure of Management Information (SMI) ISO 10165 / ITU-T X.720 and X.721 Object-oriented model Managed Objects (MOs) each MO is an instance of a MO class all usual OO mechanisms supported (multiple) inheritance, polymorphism, etc. Northwestern Polytechnic University 66 OSI Management Objects each class consists of the following: attributes (the management information) at least one accessed by the manager and monitored by the agent simple data types (Integer, Real, Boolean, and Octet String; only constructor is SET OF) access rights can be defined a list of search functions that are allowed can be given (see below) semantics description by simple text 12 Northwestern Polytechnic University 67 OSI Managed Objects class contents (continued) functions parameters (attributes and simple types) called by the manager notifications sent out to the manager(s) by the agent have attributes as parameters can be coupled with filter functions set by the manager for example to mask out certain alarms Northwestern Polytechnic University 68 OSI Management Objects class definition (in ASN.1) use of class templates inheritance from super classes (only) addition of attributes, functions and notifications grouping of attributes, functions and notifications into packages only a whole package can be marked as optional Northwestern Polytechnic University 69 OSI Management Objects Class definition and additional rules and suggestions are described in another standard Guidelines for the Definition of Managed Objects (GDMO) usually this term is used instead of SMI ISO 10165-4 / ITU-T X.722 integral part of the SMI Northwestern Polytechnic University 70 OSI Management Objects Class registration Two hierarchies Hierarchy one: the inheritance tree Represents inheritance structure Hierarchy two: the ISO registration tree Defined in ASN.1 Each class has an object ID (OID) in the ISO/ITU management classes subtree Northwestern Polytechnic University 71 Class Hierarchies Top Class 1 Class 2 Subclass 1 Subclass 2 Subclass 2.1 Subclass 2.2 Root ISO ITU ISO/ITU Mgmt Classes Top Class 2 Subcl. 2.1 Registration as OID Inheritance Hierarchy Northwestern Polytechnic University 72 The OSI Containment Tree Mos are instances of MO classes Multiple instances can exist anywhere in the MIT MIT is called "Containment Tree" in this case So we need an additional mechanism to address a MO Path through the tree of MOs Each MO has to have a name that is unique on the same level of a subtree One attribute is selected for naming The "Relative Distinguished Name" (RDN) 13 Northwestern Polytechnic University 73 The OSI Containment Tree The "distinguished Name" (DN) is the path through the Containment Tree of a network element Consists of a concatenation of all RDNs along the path beginning from the root Similar to a absolute path name in UNIX Used to address an object This is quite similar to X.500 The ITU distributed directory service Northwestern Polytechnic University 74 OSI Containment Tree Example DN: Name="npu1" Type="Ethernet" ID="0" Name="ByteOut" Syst em Name=" npu1" I nt er f ac e Type=" Loopback " I nt er f ac e Type=" Et her net " Et her net I D=" 0" Et her net I D=" 1" Count er Name=" Byt eI n" Count er Name=" Byt eOut " Northwestern Polytechnic University 75 OSI communication Model Common Management Information Service (CMIS) ISO 9595 / ITU-T X.710 Uses the Common Management Information Protocol (CMIP) ISO 9596 / ITU-T X.711 and X.712 Based on ACSE and ROSE ACSE for access control Every management operation is basically a remote procedure call using ROSE Northwestern Polytechnic University 76 OSI CMIS Defines 8 basic operations: M-GET Manager requests attribute values Agent answers with a M-RESPONSE M-CANCEL-GET Manager cancels a GET-request M-SET Manager changes attribute values M-ACTION Manager calls a function of a MO Northwestern Polytechnic University 77 The OSI CMIS Basic operations (continued) M-CREATE Manager dynamically creates a MO i.e. the MIB changes during run-time M-DELETE Manager deletes a MO M-EVENT-REPORT Agents sends a notification of a MO Notification must have passed the filter function Northwestern Polytechnic University 78 CMIS Filter Functions Manager can use a "search function" No need to specify the DN of a certain MO Each request can be sent out with a filter function Evaluated by the agent Filters out attribute values Every attribute for which the search function is allowed and the filter matches is sent back Manager can cancel a running request M-CANCEL-GET 14 Northwestern Polytechnic University 79 CMIS Filter Functions Filter can be focused on a subtree Scoping Filters can be concatenated with logical operations Agent can reject a filter that is too complicated for him to handle Everything very similar to X.500 But no support for distributed MIBs Northwestern Polytechnic University 80 Systems Management Functions High-level functions for management operation Based on the basic functions Usually management applications use the SMFs and do not directly access the CMIS Defined in ISO 10164 (part 1-14) and ITU-T X.730-X.742 Some additional function by ISO only Northwestern Polytechnic University 81 Systems Management Functions Management Application Management Application Management Application Accounting Meter Workload Monitoring Test Management Summarization Log Control Security Alarm Report Security Audit Trail Access Control Object Management State Management Relationship Management Alarm Reporting Event Report Management Event Report Get Set Action Create Delete Cancel-Get C M I S S y s t e m M a n a g e m e n t F u n c t io n s Northwestern Polytechnic University 82 OSIMAN Operation Agents talk to manager Only some availability polling During normal operation Network elements report events immediately Very convenient for large networks No careful selection of MOs How many MOs can I poll how often before I completely flood my network with management information? But we need quite powerful NEs Northwestern Polytechnic University 83 OSI Management Functional Areas Fault/Problem Management Detection, localisation, and repair of the fault Configuration/Name Management configuration and monitoring of resources for normal operation Performance/Growth Management performance measurements and comparison with expected values detect approaching problems and configuration mistakes network simulation (!) Northwestern Polytechnic University 84 OSI Management Functional Areas Accounting/Cost Management logging and export of data for billing supervision of service access most important in carrier networks but will become a subject in corporate networks also (for QoS issues) a real challenge: its not easy most companies have to throw quite a lot of money into this to get it working example: 75% of EWSD software is accounting 15 Northwestern Polytechnic University 85 OSI Management Functional Areas Security/Access Management provision and configuration of security services in the network for example TACACS(+) for device access Northwestern Polytechnic University 86 Fault/Problem Management Determine exactly where the fault is. Isolate the rest of the network from the failure. Reconfigure or modify the network. Repair or replace the failed components. Process: Note: The fault management capability itself should be redundant to increase network reliability. Northwestern Polytechnic University 87 Accounting/Cost Management Establish charges for the utilization of network resources. Track the use of network resources by user or end user class. Specify the kinds of accounting information to be recorded at various nodes, desired interval of sending the information to higher-level nodes, and the algorithms to be used in calculating the charging. Northwestern Polytechnic University 88 Configuration/Name Management Involves the process of keeping track of the various parameters of devices and facilities that make up a network. sets, resets, or simply reads and displays the parameters. Displays geographical representation of the network. Determines alternatives and implement changes of line facilities, the structure of the network, with the database of parameter settings. Northwestern Polytechnic University 89 Performance/Growth Management Performance management comprises two broad functional categories: Monitoring: track activities on the network Controlling: adjust the network Issues: What is the level of capacity utilization? Is there excessive traffic? Has throughput been reduced to unacceptable levels? Are there bottlenecks? Is response time increasing? Northwestern Polytechnic University 90 Security/Access Management Ensure that only authorized personal can use the network. Authentication of users. Encryption of data links. Management and distribution of encryption keys. Maintenance and examination of security logs. Performance of audits and traces. Virus prevention measures, disaster recovery method and procedures of testing/distributing the pub-domain software. 16 Northwestern Polytechnic University 91 Other Network Management Functions Planning/Support Management Enable network managers and administrators to provide support for current users, as well as plans for the future. Trend Analysis: Provides information necessary for determining utilization trends on both local and wide area networks Planning management process Northwestern Polytechnic University 92 Summary Network status monitoring Network Routing Parameter database Configuration control Facility control Configuration/ Change Management Event notification Logging Ticketing Tracking Isolation Resolution Fault/ Problem Management Monitoring Statistical analysis Database generation and analysis Reporting Tuning Performance/ Growth Management Authentication of users Maintaining security Encryption Key Distribution Audits Traces Security/ Access Management Issue orders Recording Reconciliation of cost algorithms Assignment of costs Accounting Cost Management Equipment records Facility records Personnel records Training Asset Management Data collection Requirements analysis Trend analysis Modeling Design Optimization Implementation Planning Support Management Network Management Functional Areas and Tasks Northwestern Polytechnic University 93 Network Management Systems Collection of tools for network monitoring and control. Designed to view the entire network as a unified architecture, with address and labels assigned to each point and the specific attributes of each element and link known to the system. Northwestern Polytechnic University 94 Network Management Configuration Network control host (manager) NMA NME Appl Comm OS NME Appl NME Appl Comm Comm OS OS NME Comm OS Workstation (agent) Server (agent) Router (agent) NMA = Network Management Application NME = Network Management Entity APPl = Application Comm = communication software OS = operating system Elements of a network management system Northwestern Polytechnic University 95 Network Management Software Architecture Presentation of network management information to users Network management application Network management application application element Network management data transport service MIB access module Communications protocol stack application element application element Managed networks Management information base Unified user interface User Presentation Network Management Communication Database Northwestern Polytechnic University 96 Network Management Software Architecture Presentation of network management information to users Network management application Network management application application element Network management data transport service MIB access module Communications protocol stack application element application element Managed networks Management information base Unified user interface User Presentation Network Management Communication Database 17 Northwestern Polytechnic University 97 Distributed Network Management Management server Management application MIB Management server Management application MIB Element manager Element manager Network Network Management clients Network resources with management agents Management clients Management clients Management clients Management clients Northwestern Polytechnic University 98 Proxies Management application Proxy manager Server stub Client proxy stub Protocol stack Server proxy stub Proprietary management interface Client stub Protocol stack Protocol stack Protocol stack Standard operations and event reports Proprietary operations and event reports Northwestern Polytechnic University 99 Network Management Network Monitoring Architecture Performance Fault Accounting Network Control Configuration Security Northwestern Polytechnic University 100 Network Monitoring Consists of three major design areas: Access to monitored information: how to define monitoring information, and how to get that information from a resource to a manager. Design of monitoring mechanisms: how best to obtain information from resources. Application of monitored information: how the monitored information is used in various management functional areas. Northwestern Polytechnic University 101 Architecture Information Static Dynamic Statistical Configuration Application Manager Agent Object Polling and event reporting Northwestern Polytechnic University 102 Architecture Organization of MIB Statistical database Dynamic database Static database Call_blocked Packet_Loss Time_Delay Throughput State_Variable Event_Variable Switch_Server Buffer Source Station_Info Server Switch_Buffer Switch_Source Status_Sensor Derived_Status_Sensor Event_Sensor Configuration Database Sensor Database 18 Northwestern Polytechnic University 103 Network-Monitoring Configurations Monitoring application Manager function Agent function Managed objects Monitoring agent Agent function Agent function Managed objects Managed objects Monitoring application Manager function . . . (a) Manager-agent model (b) Amodel for summarization Northwestern Polytechnic University 104 Polling and Event Reporting Polling: Manager queries any authorized agents and requests the values of various information elements. Reporting: Manager, as a listener, waits for incoming information. A network-monitoring system will typically employ both methods. Northwestern Polytechnic University 105 Polling and Event Reporting Telecommunications Management Systems (TMN) have traditionally placed a very high reliance on event reporting. SNMP approach puts very little reliance on event reporting. OSI system management (OSIMAN) tends to fall somewhere between these extremes. Northwestern Polytechnic University 106 Performance Monitoring Indicators One of the difficulties facing the network manager is in the selection and use of the appropriate indicators that measure the networks performance. Service-oriented measures Specified service levels are maintained to the satisfaction of the users. Efficient-oriented measures Meeting these requirements at minimum cost. Northwestern Polytechnic University 107 Performance indicators Service-oriented Availability The percentage of time that a network system, a component, or an application is available for a user. Response time How long it takes for a response to appear at a users terminal after a user action calls for it. Accuracy The percentage of time that no errors occur in the transmission and delivery of information Efficiency-oriented Throughput The rate at which application-oriented events (e.g. transaction messages, file transfers) occur. Utilization The percentage of the theoretical capacity of a resource (e.g. multiplexer, transmission line, switch) that is being used. Northwestern Polytechnic University 108 Indicators Availability The percentage of time that a network system, component, or application is available. MTBF MTBF + MTTR A = A the availability MTBF the mean time between failures MTTR the mean time to repair 19 Northwestern Polytechnic University 109 Configuration effects on the availability A A A A (a) Serial (b) Parallel (A 2 ) (2A-A 2 ) The availability of a system depends on the availability of its individual components plus the system organization. Northwestern Polytechnic University 110 Response Time Is the time it takes a system to a given input. Ideally, one would like the response time to be short, which possibly imposes greater cost. Computer processing power Competing requirements The value of a given level of response time must be assessed versus the cost of achieving that response time. Northwestern Polytechnic University 111 Element of Response Time Workstation Network interface (e.g. bridge) Server TO TI WI SI SO WO CPU RT = response time TI = inbound terminal delay WI = inbound queuing time SI = inbound service time CPU = CPU processor delay WO = outbound queuing time SO = outbound service time TO = outbound terminal delay RT = TI + WI + SI + CPU + WO + SO + TO Northwestern Polytechnic University 112 Accuracy, Throughput and Utilization Accuracy: Indication of faulty line, noise and interference. Throughput: Projected demand and likely performance trouble spots. Utilization: the percentage of time that a resource is in use over a given period of time. Northwestern Polytechnic University 113 Performance-Monitoring Function Three components Performance measurement Performance analysis Synthetic traffic generation Typical Performance Measurement Reports (detailed on P. 39 of text book) Host communication matrix Group communication matrix Packet type histogram Data packet size histogram Throughput-utilization distribution Packet interarrival time histogram Channel acquisition delay histogram Communication delay histogram Collision count histogram Transmission count histogram Northwestern Polytechnic University 114 Statistical Versus Exhaustive Measurement When an agent in a node or an external monitor is monitoring a heavy load, it may not be pratical to collect exhaustive data. The alternative is to treat each parameter as a random variable and sample the traffic stream in order to estimate the value of the random variable. 20 Northwestern Polytechnic University 115 Fault Monitoring The objective is to identify faults as quickly as possible after they occur and to identify the cause of the fault so that remedial action may be taken. Problems of Fault Monitoring: Unobservalbe faults Partially observable faults Uncertainty in observation Multiple potential causes Too many related observtions Interference between diagnosis and local recovery procedures Absence of automated testing tools Northwestern Polytechnic University 116 Fault-Monitoring Functions To detect and report faults. To report errors independently to one or more managers. To anticipate faults. To isolate and diagnose the fault. Northwestern Polytechnic University 117 Accounting Monitor To track users usage of network resources. To gather and maintain following accounting data: User identification Receiver Number of packets Security level Time stamps Network status codes Resources used: Northwestern Polytechnic University 118 Summary The purpose of network monitoring is to gather information about the status and behavior of network elements. Information to be gathered: Static - configuration Dynamic - events in the network Statistical - summarization from dynamic info. Northwestern Polytechnic University 119 Summary Information may be collected actively, by means of polling by the management station, or passively, by means of event reporting by the agents. The most important categories of management information are Availability Response time Accuracy Throughput Utilization Northwestern Polytechnic University 120 Network Control To modify parameters, or configurations. Mainly cover the last two major function areas of network management: Configuration management Security management 21 Northwestern Polytechnic University 121 Configuration Control Covers initialization, maintenance and shutdown of individual components and logical subsystems within the total configuration of computer and communications resources of an installation. Responsible for monitoring the configuration and making changes in response to user commands or other network management functions. Northwestern Polytechnic University 122 Functions of Configuration Management Define configuration information Set and modify attribute values Define and modify relationships Initialize and terminate network operations Distribute software Examine values and relationships Report on configuration status Configuration-Control Configuration-Monitor Northwestern Polytechnic University 123 Define Configuration Information Describes the nature and status of resources of managed network. Includes Resources Physical (end systems, routers, bridges and communications media and service) Logical (timers, counters and virtual circuits) Attributes Name, address, ID, states, operational characteristics, software version number, etc.) Northwestern Polytechnic University 124 Set and Modify Attribute Vaules Must be authorized. Some attributes can not by modified remotely. Categories Database update only Database update + resource modification Database update + action Northwestern Polytechnic University 125 Define and Modify relationships Describes an association, connection or condition that exists between network resources or network components. Should allow on-line modification of resources without taking all or part of the network down. Northwestern Polytechnic University 126 Initialize and Terminate Network Operations Should include mechanisms to enable users to initialize and close down network or subnetwork operation. Verification resources Notification users Validation Retrieval of status information before the termination. 22 Northwestern Polytechnic University 127 Distribute Software Synchronize the software on both end systems and intermediate systems. Encompass tables and other data that drive the behavior of a node. Provide mechanisms to examine, update and manage different version of software and routing information. Northwestern Polytechnic University 128 Security Control Computer Security Network Security The security management deals with the provision of both computer and network security for the managed resources, including management itself. Northwestern Polytechnic University 129 Security Threats Security requirements: Secrecy Integrity Availability Types of threats Interruption Interception Modification Fabrication Northwestern Polytechnic University 130 Computer System Assets Security Threats and Assets Hardware Software Data Communication Lines modification interception (capture, analysis) masquerade interruption (loss) interruption (theft, denial of service) interruption (deletion) interception modification modification interception (capture, analysis) masquerade interruption (loss) Northwestern Polytechnic University 131 Threats to Networks Passive threats Interception (secrecy) Release of message contents Traffic analysis Active threats Interruption (availability) Modification (integrity) Fabrication (integrity) Northwestern Polytechnic University 132 Threats to the Network Management System User masquerade Network manager masquerade Interference with manager-agent interchange 23 Northwestern Polytechnic University 133 Security Management Functions Maintain Security Information Secure the information change between managers and agents. Control Resource-Access Service Access control involves authentication and authorization services and decision to grant or refuse access to the resources. Control the Encryption Process encrypt any exchanges between managers and agents, also design encryption algorithms and provide key distribution. Northwestern Polytechnic University 134 Summary Network control is concerned with altering parameters of various components of the configuration and causing predefined actions to be preformed by these components. The responsibility of the network management system is to coordinate and control the security mechanisms built into the configuration of networks and systems under its management control.