Professional Documents
Culture Documents
8: Network Management 1
What is network management?
autonomous systems (aka “network”): 100s or 1000s
of interacting hw/sw components
other complex systems requiring monitoring, control:
jet airplane
nuclear power plant
others?
8: Network Management 3
ISO NM model
Performance management
Fault management
Configuration management
Accounting management
Security management
8: Network Management 4
Infrastructure for network management
definitions:
agent data
agent data
managed device
managed device
8: Network Management 5
Network Management standards
8: Network Management 6
SNMP overview: 4 key parts
Management information base (MIB):
distributed information store of network
management data
Structure of Management Information (SMI):
data definition language for MIB objects
SNMP protocol
convey manager<->managed object info, commands
security, administration capabilities
major addition in SNMPv3
8: Network Management 7
SMI: data definition language
Purpose: syntax, semantics of Basic Data Types
management data well-
defined, unambiguous INTEGER
base data types: Integer32
straightforward, boring
Unsigned32
OCTET STRING
OBJECT-TYPE
OBJECT IDENTIFIED
data type, status,
IPaddress
semantics of managed Counter32
object Counter64
MODULE-IDENTITY
Guage32
groups related objects Tie Ticks
into MIB module Opaque
8: Network Management 8
SNMP MIB
MIB module specified via SMI
MODULE-IDENTITY
(100 standardized MIBs, more vendor-specific)
8: Network Management 9
SMI: Object, module examples
OBJECT-TYPE: ipInDelivers MODULE-IDENTITY: ipMIB
ipMIB MODULE-IDENTITY
ipInDelivers OBJECT TYPE LAST-UPDATED “941101000Z”
SYNTAX Counter32 ORGANZATION “IETF SNPv2
MAX-ACCESS read-only Working Group”
STATUS current CONTACT-INFO
“ Keith McCloghrie
DESCRIPTION
……”
“The total number of input DESCRIPTION
datagrams successfully “The MIB module for managing IP
delivered to IP user- and ICMP implementations, but
protocols (including ICMP)” excluding their management of
::= { ip 9} IP routes.”
REVISION “019331000Z”
………
::= {mib-2 48}
8: Network Management 10
OBJECT-TYPE examples
udpInDatagrams OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of UDP datagrams delivered to UDP users."
::= { udp 1 }
udpNoPorts OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of received UDP datagrams for which there
was no application at the destination port."
::= { udp 2 }
8: Network Management 11
MIB example: UDP module
Object ID Name Type Comments
1.3.6.1.2.1.7.1 UDPInDatagrams Counter32 total # datagrams delivered
at this node
1.3.6.1.2.1.7.2 UDPNoPorts Counter32 # underliverable datagrams
no app at portl
1.3.6.1.2.1.7.3 UDInErrors Counter32 # undeliverable datagrams
all other reasons
1.3.6.1.2.1.7.4 UDPOutDatagrams Counter32 # datagrams sent
1.3.6.1.2.1.7.5 udpTable SEQUENCE one entry for each port
8: Network Management 12
SNMP Naming
question: how to name every possible standard
object (protocol, data, more..) in every
possible network standard??
answer: ISO Object Identifier tree:
hierarchical
naming of all objects
each branchpoint has name, number
1.3.6.1.2.1.7.1
ISO udpInDatagrams
ISO-ident. Org. UDP
US DoD MIB2
Internet management
8: Network Management 13
OSI
Object
Identifier
Tree
managing managing
entity entity
request
trap msg
response
8: Network Management 17
SNMP security and administration
8: Network Management 18
The presentation problem
Q: does perfect memory-to-memory copy
solve “the communication problem”?
A: not always!
8: Network Management 20
ASN.1: Abstract Syntax Notation 1
ISO standard X.680
used extensively in Internet
like eating vegetables, knowing this “good for you”!
8: Network Management 21
TLV Encoding
Idea: transmitted data is self-identifying
T: data type, one of ASN.1-defined types
L: length of data in bytes
V: value of data, encoded according to ASN.1
standard
Tag Value Type
1 Boolean
2 Integer
3 Bitstring
4 Octet string
5 Null
6 Object Identifier
9 Real
8: Network Management 22
TLV
encoding:
example
Value, 259
Length, 2 bytes
Type=2, integer
Correction
action
Monitoring
Abnormality
detection
Discovery
8: Network Management 24
Firewalls To prevent denial of service
attacks:
firewall SYN flooding: attacker
establishes many bogus
isolates organization’s internal
TCP connections.
net from larger Internet,
Attacked host alloc’s
allowing some packets to pass,
TCP buffers for bogus
blocking others.
connections, none left
for “real” connections.
To prevent illegal modification
Two firewall types: of internal data.
e.g., attacker replaces
packet filter
CIA’s homepage with
application gateways something else
To prevent intruders from
obtaining secret info.
8: Network Management 25
Packet Filtering
Internal network is Example 1: block incoming
connected to Internet and outgoing datagrams with
through a router. IP protocol field = 17 and
Router manufacturer with either source or dest
port = 23.
provides options for
All incoming and outgoing
filtering packets, based on:
UDP flows and telnet
source IP address connections are blocked.
destination IP address Example 2: Block inbound
TCP/UDP source and TCP segments with ACK=0.
destination port numbers Prevents external clients
ICMP message type from making TCP
TCP SYN and ACK bits connections with internal
clients, but allows internal
clients to connect to
outside.
8: Network Management 26
Application gateways gateway-to-remote
host telnet session
host-to-gateway
telnet session
Filters packets on
application data as well as application
gateway
router and filter
on IP/TCP/UDP fields.
Example: allow select
internal users to telnet
outside.
8: Network Management 27
Limitations of firewalls and gateways
8: Network Management 28