Network Management

 introduction to network management

 motivation
 major components
 Internet network management framework
 MIB: management information base
 SMI: data definition language
 SNMP: protocol for network management
 security and administration
 presentation services: ASN.1
 firewalls

8: Network Management 1
What is network management?
 autonomous systems (aka “network”): 100s or 1000s
of interacting hw/sw components
 other complex systems requiring monitoring, control:
 jet airplane
 nuclear power plant
 others?

"Network management includes the deployment, integration

and coordination of the hardware, software, and human
elements to monitor, test, poll, configure, analyze, evaluate,
and control the network and element resources to meet the
real-time, operational performance, and Quality of Service
requirements at a reasonable cost."
8: Network Management 2
What would we like NM to do?
 Detecting failures: NICs, routers, links
 Monitor operations:
 abnormal host behaviors
 routing instabilities

 Monitor traffic: supply stats for planning

and resource allocation
 Monitor performance contracts
 Intrusion detection

8: Network Management 3
ISO NM model
 Performance management
 Fault management
 Configuration management
 Accounting management
 Security management

8: Network Management 4
Infrastructure for network management
definitions:

managing entity agent data

managing managed devices contain
data managed device
entity managed objects whose
data is gathered into a
agent data Management Information
network
management Base (MIB)
managed device
protocol

agent data
agent data
managed device

managed device

8: Network Management 5
Network Management standards

OSI CMIP SNMP: Simple Network

 Common Management Management Protocol
Information Protocol  Internet roots (SGMP)
 designed 1980’s: the  started simple
unifying net  deployed, adopted rapidly
management standard  growth: size, complexity
 too slowly
 currently: SNMP V3
standardized
 de facto network
management standard

8: Network Management 6
 SNMP overview: 4 key parts
 Management information base (MIB):
 distributed information store of network
management data
 Structure of Management Information (SMI):
 data definition language for MIB objects

 SNMP protocol
 convey manager<->managed object info, commands
 security, administration capabilities
 major addition in SNMPv3

8: Network Management 7
SMI: data definition language
Purpose: syntax, semantics of Basic Data Types
management data well-
defined, unambiguous INTEGER
 base data types: Integer32
 straightforward, boring
Unsigned32
OCTET STRING
 OBJECT-TYPE
OBJECT IDENTIFIED
 data type, status,
IPaddress
semantics of managed Counter32
object Counter64
 MODULE-IDENTITY
Guage32
 groups related objects Tie Ticks
into MIB module Opaque
8: Network Management 8
SNMP MIB
MIB module specified via SMI
MODULE-IDENTITY
(100 standardized MIBs, more vendor-specific)

MODULE OBJECT TYPE:

OBJECT TYPE:OBJECT TYPE:

objects specified via SMI

OBJECT-TYPE construct

8: Network Management 9
 SMI: Object, module examples
OBJECT-TYPE: ipInDelivers MODULE-IDENTITY: ipMIB

ipMIB MODULE-IDENTITY
ipInDelivers OBJECT TYPE LAST-UPDATED “941101000Z”
SYNTAX Counter32 ORGANZATION “IETF SNPv2
MAX-ACCESS read-only Working Group”
STATUS current CONTACT-INFO
“ Keith McCloghrie
DESCRIPTION
……”
“The total number of input DESCRIPTION
datagrams successfully “The MIB module for managing IP
delivered to IP user- and ICMP implementations, but
protocols (including ICMP)” excluding their management of
::= { ip 9} IP routes.”
REVISION “019331000Z”
………
::= {mib-2 48}
8: Network Management 10
OBJECT-TYPE examples
udpInDatagrams OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of UDP datagrams delivered to UDP users."
::= { udp 1 }

udpNoPorts OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of received UDP datagrams for which there
was no application at the destination port."
::= { udp 2 }

8: Network Management 11
 MIB example: UDP module
Object ID Name Type Comments
1.3.6.1.2.1.7.1 UDPInDatagrams Counter32 total # datagrams delivered
at this node
1.3.6.1.2.1.7.2 UDPNoPorts Counter32 # underliverable datagrams
no app at portl
1.3.6.1.2.1.7.3 UDInErrors Counter32 # undeliverable datagrams
all other reasons
1.3.6.1.2.1.7.4 UDPOutDatagrams Counter32 # datagrams sent
1.3.6.1.2.1.7.5 udpTable SEQUENCE one entry for each port

in use by app, gives port #

and IP address

8: Network Management 12
SNMP Naming
question: how to name every possible standard
object (protocol, data, more..) in every
possible network standard??
answer: ISO Object Identifier tree:
 hierarchical
naming of all objects
 each branchpoint has name, number

1.3.6.1.2.1.7.1
ISO udpInDatagrams
ISO-ident. Org. UDP
US DoD MIB2
Internet management
8: Network Management 13
OSI
Object
Identifier
Tree

Check out www.alvestrand.no/harald/objectid/top.html

8: Network Management 14
SNMP protocol
Two ways to convey MIB info, commands:

managing managing
entity entity

request
trap msg
response

agent data agent data

Managed device Managed device

request/response mode trap mode

8: Network Management 15
SNMP protocol: message types
Message type Function
GetRequest
Mgr-to-agent: “get me data”
GetNextRequest
(instance,next in list, block)
GetBulkRequest

InformRequest Mgr-to-Mgr: here’s MIB value

SetRequest Mgr-to-agent: set MIB value

Response Agent-to-mgr: value, response to

Request
Trap Agent-to-mgr: inform manager
of exceptional event
8: Network Management 16
SNMP protocol: message formats

8: Network Management 17
SNMP security and administration

 encryption: DES-encrypt SNMP message

 authentication: compute, send MIC(m,k):
compute hash (MIC) over message (m),
secret shared key (k)
 protection against playback: use nonce
 view-based access control
 SNMP entity maintains database of access
rights, policies for various users
 database itself accessible as managed object!

8: Network Management 18
The presentation problem
Q: does perfect memory-to-memory copy
solve “the communication problem”?
A: not always!

struct { test.code a test.code a

char code; test.x 00000001
int x; 00000011 test.x 00000011
} test; 00000001
test.x = 259;
test.code=‘a’ host 2 format
host 1 format

problem: different data format, storage conventions

8: Network Management 19
 Solving the presentation problem
1. Translate local-host format to host-independent format
2. Transmit data in host-independent format
3. Translate host-independent format to remote-host
format

8: Network Management 20
ASN.1: Abstract Syntax Notation 1
 ISO standard X.680
 used extensively in Internet
 like eating vegetables, knowing this “good for you”!

 defined data types, object constructors

 like SMI
 BER: Basic Encoding Rules
 specify how ASN.1-defined data objects to be
transmitted
 each transmitted object has Type, Length, Value
(TLV) encoding

8: Network Management 21
TLV Encoding
Idea: transmitted data is self-identifying
 T: data type, one of ASN.1-defined types
 L: length of data in bytes
 V: value of data, encoded according to ASN.1
standard
Tag Value Type
1 Boolean
2 Integer
3 Bitstring
4 Octet string
5 Null
6 Object Identifier
9 Real
8: Network Management 22
TLV
encoding:
example

Value, 259
Length, 2 bytes
Type=2, integer

Value, 5 octets (chars)

Length, 5 bytes
Type=4, octet string
8: Network Management 23
 From Centralized to Distributed

Correction
action

Monitoring

Abnormality
detection

Discovery

Centralized Hierarchical Distributed

8: Network Management 24
Firewalls
firewall
isolates organization’s internal
net from larger Internet,
allowing some packets to pass,
blocking others.
To prevent illegal modification
Two firewall types:
 packet filter
 application gateways
To prevent intruders from
To prevent denial of service
attacks:
 SYN flooding: attacker
establishes many bogus
TCP connections.
Attacked host alloc’s
TCP buffers for bogus
connections, none left
for “real” connections.
of internal data.
 e.g., attacker replaces
CIA’s homepage with
something else
obtaining secret info.
8: Network Management 25
Packet Filtering
 Internal network is
connected to Internet
through a router.
 Router manufacturer
provides options for
filtering packets, based on:
 source IP address
 destination IP address
 TCP/UDP source and
destination port numbers
 ICMP message type
 TCP SYN and ACK bits
 Example 1: block incoming
and outgoing datagrams with
IP protocol field = 17 and
with either source or dest
port = 23.
All incoming and outgoing

UDP flows and telnet
connections are blocked.
 Example 2: Block inbound
TCP segments with ACK=0.
 Prevents external clients
from making TCP
connections with internal
clients, but allows internal
clients to connect to
outside.
8: Network Management 26
Application gateways gateway-to-remote
host telnet session
host-to-gateway
telnet session
 Filters packets on
application data as well as application
gateway
router and filter

on IP/TCP/UDP fields.
 Example: allow select
internal users to telnet
outside.

1. Require all telnet users to telnet through gateway.

2. For authorized users, gateway sets up telnet connection to
dest host. Gateway relays data between 2 connections
3. Router filter blocks all telnet connections not originating
from gateway.

8: Network Management 27
Limitations of firewalls and gateways
 IP spoofing: router
can’t know if data
“really” comes from
claimed source
 If multiple app’s. need
special treatment, each
has own app. gateway.
 Client software must
know how to contact
gateway.
 e.g., must set IP address
of proxy in Web browser
 Filters often use all or
nothing policy for UDP.
 Tradeoff: degree of
communication with
outside world, level of
security
 Many highly protected
sites still suffer from
attacks.
8: Network Management 28