Agenda

1
Agenda
1. Quiz 2. Homework 3. Test Review 4.
Network Management Paper 5. CMIS 6. RMON
7. Network Management Tools
2
Homework
9-4, 10-1, 10-2, 10-3, 10-4 10-5.
3
Mid Term Examination
Average score As
(all varieties) 89 or higher
Bs (all varieties) 70 or higher Options
for extra credit for grades below 70 a. Retest
Midterm grade will be average of 2 tests b.
Short Research Paper 4-7 pages if mid term
grade was 60 - 69 7-10 pages if mid term grade
was 50 - 59 13-16 pages if mid term
grade was below 50
4
Question 1
What are the principal things that ping and
trace route show you? Ping shows you the time
to a location and the packet loss. (Its
actually used most often just to make sure a
device is connected to the network.) Trace route
shows you the number of hops required to get to a
location.
5
Question 2
If a QPSK signal is sent over a 3 KHz channel
where the signal-to- noise ratio is 30 dB, what
is the maximum achievable data rate?
Nyquist Max Data Rate 2 H log2 V
Shannon Max Data Rate CBW log2 (1 S/N)
6
Question 3
A database operates on a 10 Mbps line. The
average input has 1,000 bytes of questions. The
average output has 1 Million bytes of answers.
Database processing time averages 9 seconds.
What is the total response time if you assume 8
bits per byte? If the 10 Mbps is part of a SONET
MAN, what determines if there is a
congestion problem?
7
Question 4
The OSI network management architecture model has
four models. Name them and give their principal
functions.
8
Network Management

Network Management
Information Model
Organizational Model
Communication Model
Functional Model
9
Network Management

• Organizational Model
• Describes components of a network management
  system
• Focuses on functions and infrastructure
• Objects are network elements such as hubs,
  bridges, routers, etc.
• Managed elements have a process running them
  called an agent
• Manager queries the agent, gets information,
  processes it and
• stores it in the MIB

MIB
Manager
Note This is a simplified hierarchical set up
agent
agent
Managed Objects
Unmanaged Objects
10
Network Management

• Information Model
• Deals with structure organization of
  management information
• Specifies the structure of management
  information (SMI)
• Specifies the management information base (MIB)
• SMI defines the syntax and semantics of
  information stored
• MIB is used by the agent and management process
  to store info
• MDB is the real database with measured or
  administratively
• configured data on the elements in the network

MIB
Manager
MDB
agent
agent
Managed Objects
Unmanaged Objects
11
Network Management

• Communication Model
• Has three components
• Management information processes that function in
  the
• application layer
• Layer management between the layers
• Transport protocol is medium of exchange
• Application protocol is the message format
• Actual message
• Layer operation within layers

12
Network Management

• Functional Model
• Network Management is the process of controlling
• a complex data network to maximize its
• efficiency and productivity. It should include
• Fault Management
• Configuration Management
• Security Management
• Accounting Management
• Performance Management

13
Fault Management

• Detection and isolation of the problem causing
• failure in a network. Fault management can
• monitor the physical or other layers
• be self healing
• trouble ticket based
• a nightmare

14
Configuration Management

• Configuration Management consists of the
• following steps
• 1. Gather information about current network.
• 2. Use that data to modify the configuration
• of the network device.
• 3. Store the data, maintain an up-to-date
• inventory of all network components and
• produce carious reports.

15
Security Management

• The Security Management process includes the
• following steps
• Identify the sensitive information.
• Find the access points.
• Secure the access points.
• Maintain the secure access points.

16
Accounting Management

• Should track server utilization
• Is a delicate balance
• Involves internal and external issues
• Is the most political of the management
• issues

17
Performance Management

• Measuring Performance-Including but not limited
• to
• Throughput
• Response time
• Percent utilization
• Error rates
• Availability

18
Question 5

What are the principal advantages of SNMPv2 over
SNMP and the principal advantages of SNMPv3 over
SNMPv2?
19
SNMPv2
SNMP DRAWBACKS 1. Officially
standardized only for use on IP networks 2.
Inefficient for large table retrievals 3. Uses
cleartext strings for security, leaving it
relatively unsecure 4. Standards are always
necessary but never sufficient SNMPv2 FEATURES
INCLUDE 1. Additions to the SMI 2. New Message
types 3. Standardized multiprotocol support 4.
Enhanced security 5. New MIB objects 6.
Backward compatibility
20
SNMPv3 Advantages

• SNMPv3 has markedly improved security
• SNMPv3 has improved modularity and flexibility
• RFC 2273 defines three MIBs to support SNMPv3
  applications
• The Management Target MIB
• The Notification MIB
• The Proxy MIB

21
Question 6

• What three questions are implicit in the
  question, Can remote
• site management be established?
• How much can we spend?
• Initially
• On a continuing basis
•  
• What equipment and people will be made available?
• For installations
• For continuing management
• For maintenance and repair
•  
• How much time do we have to deliver?

22
Question 7
Explain succinctly the difference between the
database of a network Management system and its
MIB. How do you implement each in a network
management system? The database is physical,
containing network objects and values. It
is Implemented with any open or proprietary
database software. The MIB is virtual. It is a
structure that is used by managers and agents to
exchange information about network objects. It
has a hierarchical Structure and the schema is
compiled into the management and and agent
management software.
23
Question 8
What are the four subsystems in the SNMPv3
engine
24
SNMP entity (RFC 2271)
Application(s)
Command Generator
Notification Receiver
Proxy Forwarder
Command Responder
Other
Notification Originator
SNMP Engine (identified by SNMPEngineID)
Dispatcher
Message Processing subsystem
Security subsystem
Access control subsystem
25
SNMP (architecture)

• Dispatcher subsystem
• One dispatcher in an SNMP engine
• transport mapper delivers messages over the
  transport protocol.
• Handles multiple version messages
• - Determines version of a message and interacts
  with corresponding module
• Interfaces with application modules, network, and
  message processing models
• Three components for three functions
• Transport mapper delivers messages over the
  transport protocol
• Message Dispatcher routes messages between
  network and appropriate module of MPS
• PDU dispatcher handles messages between
  application and MSP

26
SNMP (architecture cont.)
Message Processing Subsystem

• Contains one or more Message Processing Models
• Interacts with dispatcher to handle
  version-specific SNMP messages
• One MPS for each SNMP version
• SNMP version identified in the header

Security and Access Control Subsystem

• Security at the message level
• Authentication
• Privacy of message via secure communication
• Flexible access control
• Who can access
• What can be accessed
• Flexible MIB views

27
Question 9

• You manage a communications network that has
  identical satellite terminals connecting the
  office in Paris with the corporate database in
  Washington D.C. The following parameters apply
  C/N 70 dB, M 5 dB, L 203 dB, G 63.4 dB
• T 100K. What is your satellite power
  requirement in dBw for the Washington D.C.
  receive side?
• EIRP 10 log R Eb/No L M K G/T

28
Question 10
What are the three SNMPv2 management information
bases?
29
SNMPv2 MIBs

• SNMP uses three management information bases
• SNMPv2 MIB
• Manager-to-manager MIB
• Party MIB

30
SNMPv2 MIBs
SNMPv2 MIB GROUPS Name Provides
Objects To SNMPv2 Statistics Group Give stats
about manager or agent, mostly msgs that
could not be processed SNMPv1 Statistics
Group Give stats about manager or agent
that communicates with SNMPv1 Purpose O
bject Resource Group Provide information that
defines which objects an agent can define
dynamically Traps Group Provides information
about each of the traps an agent can
send Set Group Provides a single object that
allows multiple managers to send SNMP
Set messages to a single agent (set serial )
31
SNMPv2 MIBs
MANAGER-TO-MANAGER MIB
GROUPS Name PURPOSE The Alarm Group The
objects in this group allow you to define
two thresholds over a duration of time The
Event Group The objects in this group allow you
to define events. It has two
tables, one to specify the type of
notification the probe should
invoke when the event triggers and the
second to log the event.
32
SNMPv2 MIBs
PARTY MIB
Name PURPOSE The Party Database
Group Information which is stored on
the device about all known local
and remote parties. The Contexts Database
Group Deal with privileges The
Access Privileges Database Group
between manager
and
agent, e.g., local MIB View Database Group
and remote contexts,

access control
policies, defined MIB views, etc.
33
Discussion
Network Management Paper
34
Deliverables
1. Proposal Part I a. System Analysis b.
Requirements Specification c. Protocol(s)
Assessment (with recommendations on
appropriate network management structure) 2.
Proposal Part II a. Proposed System Design b.
Knowledge (network functional) Management Plan
35
New Network Management Tools General Issues

• Individual tools choose specific devices to get
  specific
• statistics
• They dont try to tackle all tasks
• They dont always perform exception reporting
• They dont usually perform configuration
  management
• They usually dont do applications monitoring
  (but they
• should)
• They provide reports that meet specific needs of
  the users
• They sort reports based on criteria you
  develop/choose
• You shouldnt compare costs until you know what
  you
• want and what you need

36
Network Management Tools General Qualities
Tool Good Thing Bad Thing How
Collects Data NextPoint S3 Accuracy Remote
SNMP MIB2 Admin RMON 2 Cisco
Disc VitalNet Fast Flexible Accuracy RM
ON Network Health Maturity No Alarms RMON
2 Reliability NetMetrix/UX Reporting Not
User SNMP MIB2 Friendly RMON 2

37
New Network Management Tools Functionality
Tool Database Operating
Sys Real Time Reports NextPoint S3 Oracle
NT 4 SP 5 No
Access VitalNet Sybase
NT 4 SP 5 No MS SQL Network
Health Ingres NT 4 SP 4/5 No
HP/UX 10.54 Solaris 2.X
NetMetrix/UX Proprietary NT Net
Perfmnce Yes flat file HP/UX
10.20/11 Solaris 2.5/6

38
New Network Management Tools Net Comp Evaluation
Services Wt. NextPt. S3 VitalNet
NetHealth NetMetrix 2.5 7.0
4.5 6.02 Net Performance Info
30 5 5 4
4 Reliability 30 4
3 5 4
Administration 20 4
4 4
4 Ease of Use 10 4
5 3 2
Price 10 2 3
3 4 Total Score
4.25 4.20 4.05 3.7
B
B B B Companies
NextPoint NextPoint Networks (Now P/O Check
Point Technologies) VitaNet Lucent
Technologies Network Health Concord
Communications NetMatrix/UX Agilent
(Hewlett Packard subsidiary)
Note Scores
weighted 0-5

39
Management In The OSI Stack

Mgt Appl Process CMISE
ACSE ROSE Presentation Session Transport Ne
twork Data Link Physical
40
Common Management Information Services (CMIS)

• Foundation
• Each CMIS service is a single operation that a
• network management operation can perform.
• Any application that performs systems manage-
• ment is a CMISE-service-user.
• The existence of defined services between peer
  open
• systems is an important difference between CMIS
• and SNMP.
• CMIS has defined three classes of service
• Management Association
• Management Notification
• Management Operation

41
Common Management Information Services (CMIS)

• Management Association
• M-INITIALIZE institutes an association
• M-TERMINATE terminates an association
• M-ABORT is used for abnormal termination
• Management Notification
• M-EVENT-REPORT services are CMIS traps (although
• less structured)

42
Common Management Information Services (CMIS)

• Management Operation
• M-GET is like Get-Request
• M-CANCEL-GET cancels M-GET
• M-SET is like Set-Request allowing modification
  of info
• M-ACTION is like Set-Request invoking new action,
  like
• delegating fault management
• M-CREATE creates another instance of a managed
  object
• M-DELETE deletes an instance of a managed object

43
CMIS/Common Management Information Protocol (CMIP)

• Foundation
• Is the protocol that accepts operations and
• initiates instructions
• Uses ROSE to send messages across the network
• Problems (because its so powerful)
• Requires large amounts of overhead
• Is difficult to implement

44
Common Mgt. Information Services over TCP/IP
(CMOT)

Mgt Appl Process CMISE
Tough, really tough!
ACSE ROSE Lightweight Presentation
Protocol (LPP) Session TCP UDP
IP Data Link Physical
ACSE (Association Control Service Element)
handles association establishment
release. ROSE (Remote Operations Service
Element) is the application protocol used to
access remote systems. LPP is effectively an
abbreviated Presentation Layer.
45
RMON

• Remote Monitoring (RMON) is a standard
  monitoring
• specification that enables various network
  monitors and
• console systems to exchange network-monitoring
  data.
• It provides network administrators with more
  freedom in
• selecting network-monitoring probes and
  consoles.
• It provides network administrators with
  comprehensive
• network-fault diagnosis, planning, and
  performance-tuning
• information.
• It allows you to set up automatic histories,
  which the RMON
• agent collects over a period of time, providing
  trending data
• on such basic statistics as utilization,
  collisions, and so forth.

46
RMON (cont.)

• Defines a remote network monitoring MIB.
• Is an addition to the basic set of SNMP
  standards.
• Provides a common platform from which to monitor
  
• multi-vendor networks.
• Why RMON?
• With MIB-II the network manager can obtain
  information
• that is purely local to the individual
  devices.
• Information pertaining to traffic on the LAN as
  a whole?
• Collision domain concept

47
Features of RMON

• Is primarily a definition of a MIB.
• Is used to passively monitor data transmitted
  over LAN segments.
• Provides interoperability between SNMP-based
  management consoles and remote monitors.

48
RMON Goals

• Off-line operation
• RMON MIB allows a probe to be configured to
  perform diagnostics even in the absence of
  communication with the management station.
• Proactive monitoring
• A monitor can continuously run diagnostics and
  log network performance. In the event of a
  failure, the monitor can supply this information
  to the management station.

49
RMON Goals (cont.)

• Problem detection and reporting
• The monitor can be configured to recognize error
  conditions, continuously check for them and
  notify the management station in the event of
  one.
• Value added data
• A remote monitoring device can add value to the
  data it collects by highlighting those hosts that
  generate the most traffic or errors.
• Multiple Managers-
• An organization can have multiple management
  stations for different units. The monitor can be
  configured to deal with more than one management
  station concurrently.

50
RMON2

• RMON2 is an extension to RMON.
• The main added feature is providing RMON analysis
  up to the application layer. It decodes packets
  at layer 3 through 7 of the OSI model.
• The two major capabilities as a result are as
  follows
• An RMON probe can monitor traffic on the basis of
  network-layer protocols and addresses, including
  the Internet Protocol (IP). This enables the
  probe to look beyond the LAN segments to which it
  is attached and to see traffic coming onto the
  LAN via routers.
• Because an RMON probe can decode and monitor
  application level traffic, such as email, file
  transfer, and World Wide Web protocols, the probe
  can record traffic to and from hosts for
  particular applications.

51
RMON2 (cont.)

• RMON2 probe is not limited to monitoring and
  decoding network
• -layer traffic.
• RMON2 probe is capable of reading the enclosed
  higher level
• headers such as TCP, which allows the network
  managers to
• monitor traffic in greater detail.
• With RMON2 , a network management application
  can be
• implemented that will generate charts and
  graphs depicting traffic
• percentage by protocols or by applications.

52
RMON2 MIB
The RMON2 MIB adds a number of groups to the
original RMON MIB. These groups are as
follows Protocol Directory (protocolDir) a
master directory of all of the protocols that
the probe can interpret. Protocol Distribution
(protocolDist) aggregate statistics on the
amount of traffic generated by each protocol, per
LAN segment. Address Map (addressmap) matches
each network address to a specific MAC address
and port on an attached device and the
physical address on this subnetwork. Network-Laye
r host (nlhost) statistics on the amount of
traffic into and out of hosts on the basis of the
network-layer address.
53
RMON2 MIB (cont.)
Network-Layer Matrix(nkMatrix) statistics on the
amount of traffic between pairs of hosts on the
basis of network-layer address. Application-Layer
Host (alHost) statistics on the amount of
traffic into and out of hosts on the basis of
application-level address. Application-Layer
Matrix (alMatrix) statistics on the amount of
traffic between pairs of hosts on the basis of
application-level address. User History
collection (usrHistory) periodically samples
user-specified variables and logs that data based
on user-defined parameters. Probe configuration
(probeConfig) defines standard configuration
parameters for RMON probes.
54
Structure of Management Information (SMI)

• SMI defines the general framework for defining
  SNMP MIBs.
• It describes how the managed objects (MOs) can
  be defined in the MIB, data types and values MOs
  can have and how MOs are named.
• The SNMPv2 SMI provides for more elaborate
  specification and
• documentation of managed objects and MIBs.
• The new SMI enhancements provides a systematic
  and more powerful technique for row creation and
  deletion.
• The SNMPv2 SMI also includes new macros for
  defining object groups, traps, compliance
  characteristics, and capability characteristics.

55
SMI (cont.)
The SMI is divided into three parts 1. module
definitions Module definitions are used when
describing information modules. An ASN.1 macro,
MODULE-IDENTITY, is used to concisely convey the
semantics of an information module. 2. object
definitions Object definitions are used when
describing managed objects. An ASN.1 macro,
OBJECT-TYPE, is used to concisely convey the
syntax and semantics of a managed object. 3.
notification definitions Notification
definitions are used when describing unsolicited
transmissions of management information. An ASN.1
macro, NOTIFICATION-TYPE, is used to concisely
convey the syntax and semantics of a
notification.
56
SMIv3

• An evolution of SMIv2
• - the rules for writing MIBs (for the last
  7years)
• Charter of IETFs SMIng WG
• - programming language like data model
• - aggregated data structures with containment
  hierarchy
• - backward compatible with SMIv2
• WG received two proposals.
• First proposal
• - SMIng from NMRG (Internet Research Group)
• - object-oriented language, with mappings to
  SMIv2
• (and COPS-PR)

57
SMIv3 (cont.)

• Second proposal
• - SMI-DS from Andy Bierman (Cisco)
• - a smaller deviation from SMIv2
• - formal definition of aggregate types array,
  union, struct.
• - OID extended to allow access to component
  data items.
• In the beginning WG agreed to pursue a merging
  of the two
• proposals.
• None of the two proposals found enough consensus
  
• and the merger did not succeed, so the Working
  Group
• was closed down in April 2003.
• WG is still considering other enhancements.

58
RMON on ATM

• The ATM RMON feature allows you to monitor
  network traffic for
• fault monitoring or
• capacity planning.
• The ATM RMON provides high-level per-host and
  per-conversation statistics in a standards-track
  MIB.
• The ATM-RMON counter uses the per-VC counters
  already maintained in the hardware and polled by
  the software.
• The ATM RMON agent can report cell traffic
  statistics by monitoring connection management
  activity. At connection setup and release time,
  some ATM-RMON bookkeeping code is executed. The
  amount of information varies, depending on the
  ATM RMON configuration.

59
RMON on ATM (cont.)

• The ATM-RMON bookkeeping capability
  significantly reduces the processing requirements
  for ATM-RMON, and allows collecting statistics on
  many or all the of ATM switch router ports at
  once.
• The ATM-RMON agent uses the 64-bit version of
  each cell counter, if 64-bit counter support is
  present in the SNMP master-agent library.

60
Conclusion

• SNMPv3 is not that hard.
• It beats the pants off SNMPv1 for security .
• So get your network moved over to SNMPv3.
• You will sleep much better.
• One Caveat
• As part of your deployment process, be sure to
  test the security of SNMPv3.
• Do not rely on the implementations from your
  suppliers to be correct.
• Suppliers often miss the mark.
• Test for false positives - SNMPv3 agents or
  managers that accept invalid authentication
  and/or privacy keys.
• The SNMP tester should be sure to use a valid
  key with extraneous characters appended or
  prepended.

61
Network monitors

• Devices that have been employed to study the
  traffic on the network as a whole. Also called
  probes or network analyzers.
• Operate typically in promiscuous mode.
• Produce summary information, including error and
  performance statistics.
• Monitor may also store packets for later
  analysis.
• Filters may be used.
• Can be a stand-alone device dedicated to
  capturing and analyzing traffic.
• Can be a device with other duties, such as a
  workstation, a server or a router that captures
  and analyzes traffic.
• Needs to communicate with a central network
  management station.