Network Management: SNMP, RMON

1
Network Management SNMP, RMON

• Slides developed by Ken Vastola and Shivkumar
  Kalyanaraman (RPI) based in part upon slides of
  Prof. Raj Jain (OSU), S.Deering (Cisco), C.
  Huitema (Microsoft)

2
What is Network Management?

• What to do when networks don't operate as
  intended?
• Goal Identify and solve network problems not
  handled by normal network functions such as
  routing, congestion control, MAC protocol, ...
• Examples of network management problems include
• Faults
• Failures
• Performance problems
• Configuration changes
• Security violations

3
Why is Network Management Hard?

• Very large networks
• Heterogeneous, multivendor networks
• Multidomain, multiauthority
• Massive amounts of data ...
• At every device.
• At every layer.
• At multiple time scales.
• Focuses on unusual events
• Catch-all category

4
Network Management

• Management Initialization, Monitoring, Control
• Architecture Manager, Agents, and Management
  Information Base (MIB)
• Gives management-plane a new interface to the
  network distinct from data-plane and control-plane

Network
Management
Station
Network
Agent
Agent
MIB
MIB
MIB
Agent
5
Simple Network Management Protocol (SNMP)

• Introduced in RFC 1157 by M. Schoffstall, et al.
• Updated to SNMPv2 in 1993
• Components
• Managed nodes, each running an SNMP Agent
• One (or more) management stations running an SNMP
  Manager
• Managed Objects (variables) Structured
  collection of all Managed Objects is called the
  Management Information Base (MIB)
• A Manager--Agent communication protocol

6
Management Information Base (MIB)

• MIB variables are represented using Abstract
  Syntax Notation One (ASN.1), an object
  description language.
• Most MIB variables are vendor neutral
• More and more proprietary MIBs.
• A MIB is organized as a directory tree with MIB
  variables at the leaves.
• A MIB for SNMPv2 is called a MIB II.

7
Management Information Base (MIB)

• Specifies what variables the agents maintain
• Only a limited number of data types are used to
  define these variables
• MIBs follow a fixed naming and structuring
  convention called Structure of Management
  Information (SMI). See next slide.

8
MIB Directory Tree
ccitt(0)
iso (1)
joint-iso-ccitt (2)
standard (0)
org (3)
dod (6)
iso9314 (9314)
Internet SMI is this subtree
internet (1)
fddiMIB (1)
private (4)
directory (1)
mgmt(2)
experimental (3)
mib (1)
fddi (8)
fddimib (73)
system (1)
interfaces (2)
transmission(10)
fddi (15)
9
Example MIB Variables in Interface Group

• ifIndex id number of interface.
• ifDescr Manufacturer, product, version, ...
• ifType ethernetcsmacd or iso88023csmacd or
  fddi or slip or basicISDN or ...
• ifPhysAddress Address below IP layer.
• ifInOctect Total number of bytes received.
• ifOutOctect Total number of bytes transmitted.
• ifInUcastPkts packets delivered to next
  higher layer.
• ifInDiscards packets discarded (e.g. due to
  no buffer space).
• ifOutQLen Length of outbound packet queue.

10
Other Example MIB Variables
Variable
Category
Meaning
sysUpTime
sys
Time since last reboot
ifNumber
IF
of Interfaces
ifMTU
IF
MTU
ipDefaultTTL
ip
Default TTL
ipInReceives
ip
of datagrams received
ipForwDatagrams
ip
of datagrams forwarded
icmpInEchos
icmp
of Echo requests received
tcpRtoMin
tcp
Min retrans time
tcpMaxConn
tcp
Max connections allowed
11
SNMP Communication

• A simple data base query language
• Communication via a UDP socket
• Communication primitives
• GET Get values of one or more variables
• SET Set values of one or more variables
• INFORM Manager to Manager communication
• TRAP Problem report by Agent to Manager(s)
• Manager and Agent use UDP port 161 for GET, SET,
  and INFORM
• Agent sends TRAP to port 162 on mgmt station

12
SNMP Properties

• Stateless gt one management station can handle
  hundreds of agents
• Simple Works as an application protocol running
  over UDP
• Agent and manager apps work on top of SNMP
• Proxy-SNMP can be used to manage a variety of
  devices (serial lines, bridges, modems etc).
• Proxy (similar to bridge) is needed because these
  devices may not run UDP/IP
• For each new device define a new MIB.

13
RMON

• Remote Network Monitoring
• Defines remote monitoring MIB that supplements
  MIB-II and is a step towards internetwork
  management
• Extends SNMP functionality though it is simply a
  specification of a MIB
• Problem w/ MIB-II
• Can obtain info that is purely local to
  individual devices
• Cannot easily learn about LAN traffic as a whole
  (e.g. like LANanalyzers or remote monitors)

14
RMON Continued

• Functionality added Promiscuously count, filter
  and store packets
• System that implements RMON MIB is called an RMON
  probe (or less frequently, an RMON agent)
• No changes to SNMP protocol
• Enhance the manager and agents only
• RMON MIB organization
• Control table read-write. Configures what
  parameters should be logged and how often
• Data table read-only (statistics etc logged)
• Other issues shared probes, ownership of tables,
  concurrent table access ...

15
Research Problems

• Current network management is really network
  monitoring with human system administrator called
  to solve the problem.
• How do we analyze data and extract useful
  information? (Diagnosis)
• How do we automate the response to a diagnosis?
  (Cure)

16
Summary

• Network Management
• Initialization, Monitoring, and Control
• SNMP Only 5 commands (simple polled transfer of
  management information)
• MIB Labeling of management info using ASN.1
  encoding
• Standard MIBs defined for each object
• RMON extends management functionality through
  definition of a new MIB (no protocol changes)