Professional Documents
Culture Documents
Agenda
• Intro to Network Management
• Configuration Management
• Device Monitoring
• Flow Monitoring
• Log Management
1
7/11/19
Module 1
INTRO TO NETWORK
MANAGEMENT
2
7/11/19
3
7/11/19
Operational Data
• Host • Service
– CPU Utilisation – Time to Respond to Request
– Memory Utilisation – Processes in Use
– Disk Utilisation – Queue Length
– Network Interface Utilisation – State of a BGP session
– Fan State
– Port Errors
Operational Data
• Availability • Reachability
– Applies to Hosts & Services – Applies to Hosts & Services
– Percent of time host or service is – Percent of time host or service is
performing to specification reachable
– Typically measured as a percent, for – Typically measured as a percent, for
example 99.99% example 99.99%
– Excludes planned outages – Unreachable hosts may not be
unavailable to everyone
– Unreachable hosts may be available
• Performance from another location
– Time to respond to request or
forward packet
– Megabits or Packets Per Second
– Discards, Errors, Loss
8
4
7/11/19
10
5
7/11/19
• Check_mk
– Explain the idea of a service checking
• Nagios Plugins
– Explains what is Nagios and what are plugins
11
Network Automation
• A continuous process of generation and deployment of
configuration changes, management, and operations of
network devices (from Network Automation at Scale)
12
6
7/11/19
Network Automation
• Automating config management
• Including config changes based on operational data
• Orchestrated with tools like Ansible Chef, Puppet, and Salt
• This is the next step in network monitoring and
management
13
Module 2
ADDRESS MANAGEMENT
14
7
7/11/19
Address Management
• planning and managing the assignment and use of IP
addresses and closely related resources of a computer
network.
https://en.wikipedia.org/wiki/IP_address_management 15
Tools - Racktables
• Asset management tool
https://www.racktables.org/demo.php
16
8
7/11/19
Tools - Netbox
• open source web application designed to help manage and
document computer networks.
https://netbox.readthedocs.io/en/stable/
17
Module 3
CONFIG MANAGEMENT
18
9
7/11/19
20
10
7/11/19
21
What’s a Diff?
• A comparison of two versions of a single file or document
• Highlighting the changes between the two versions
• Allowing users to quickly see only what’s changed
22
11
7/11/19
What’s a Diff?
23
24
12
7/11/19
Tools - Rancid
• Really Awesome New Cisco config differ
• monitors a router's (or more generally a device's)
configuration
• Uses CVS, Subversion, or Git to maintain history
• Supports Cisco, Foundry, HP, Juniper, and more
• Runs on BSD, Linux, Mac OS
• Pros:
– The de-facto industry standard for config management
https://www.shrubbery.net/rancid/
25
Rancid Example
Index: configs/dc1-gw1
===================================================================
retrieving revision 1.677
26
13
7/11/19
Rancid Example
Index: configs/dc1-gw
===================================================================
@@ -32,9 +32,8 @@
!Flash: bootflash: 48769 drwx 4096 Jan 11 2017 12:16:08 +10:00 .installer
!Flash: bootflash: 438913 drwx 4096 Jan 11 2017 13:05:11 +10:00 core
!Flash: bootflash: 829057 drwx 4096 Oct 11 2018 07:24:32 +10:00 .prst_sync
!Flash: bootflash: 520193 drwx 4096 Jan 11 2017 12:19:19 +10:00 .rollback_timer
27
Tools - Oxidized
• network device configuration backup tool (to replace
Rancid)
• Stores files in a version control system
• Supports a large number of manufacturer
– Cisco (CatOS, IOS, IOSXR, NXOS)
– Juniper (JunOS, ScreenOS)
– Huawei (VRP, SmartAX)
– Mikrotik (RouterOS)
• Pros:
– Integrates with LibreNMS
https://github.com/ytti/oxidized
28
14
7/11/19
Other Tools
• Fetchconfig
• Jazigo
29
Module 4
DEVICE MONITORING
30
15
7/11/19
Intro to SNMP
• Simple Network Management Protocol
• Used to communicate management information between
the network management stations and the agents in the
network elements.
31
Intro to SNMP
• Network management stations execute management
applications which monitor and control network elements.
32
16
7/11/19
• A trap is way for the agent to tell the NMS that something has
happened. Traps are sent asynchronously, not in response to queries
from the NMS. SNMP traps are sent using UDP port 162.
33
SNMP Applications
• LibreNMS
• MRTG
• PRTG
• …
34
17
7/11/19
Beyond SNMP
• SNMP is a heavy-weight protocol with low information density
• SNMP was not designed for streaming high resolution data
• It’s seen as too slow, incomplete, network-specific, and hard to
operationalize
35
Tools - LibreNMS
• An open-source network monitoring system (NMS)
• Capable of managing small or big networks
• Most management functions are supported or can be
integrated
• Details under the hood:
– Written in PHP, derived from the Observium project
– Configuration in MySQL
– Operational data is stored in Round Robin Database files
https://www.librenms.org/
36
18
7/11/19
LibreNMS Dashboard
37
Tools – Sensu
• Sensu is a multi-cloud monitoring system that allows for
automating monitoring workflow
– Monitor containers, instances, applications, and on-premises
infrastructure
– Integrates with PagerDuty, Slack, Grafana, etc
• Sensu Go is the latest version
• Uchiwa is an open-source dashboard for the Sensu
monitoring framework
https://sensu.io/about/
38
19
7/11/19
https://github.com/sensu/uchiwa
39
Tools - Grafana
• Open platform for monitoring and analytics
• Does time series analytics
• Plugins to integrate with other applications
40
20
7/11/19
Grafana Dashboard
https://grafana.com/
41
Module 5
FLOW MONITORING
42
21
7/11/19
What is a Flow?
• A flow is defined as a unidirectional sequence of packets
with some common properties that pass through a network
device. (RFC3954)
43
44
22
7/11/19
What’s Netflow?
• Cisco protocol for flow monitoring released in 1996
• Described by RFC3954, but not an Internet Standard
• Netflow V5 is supported by nearly all router platofrms
• Versions:
– Version 5: Ipv4 only
– Version 9: IPv4/v6 and MPLS
45
What is IPFIX?
• IP Flow Information Export
• Vendor neutral protocol for flow monitoring
• Started through the IETF process in 2004 & released in
2011
• Based on Cisco’s Netflow version9
• IPFIX is an Internet Standard replacement for version 9
46
23
7/11/19
48
24
7/11/19
49
Tools - Softflowd
• Software Flow Monitoring
• Passive Netflow collector
• Network traffic passing through a switch can be mirrored
• Attach a Unix computer to the mirrored port
• Softflowd tracks flows from the mirrored traffic
• Flows can be exported just as they are from routers &
switches
50
25
7/11/19
• JunOS
show services accounting flow-detail
51
https://github.com/phaag/nfdump
http://nfsen.sourceforge.net/ 52
26
7/11/19
53
Tools - ntopng
• Web-based traffic and security network monitoring tool
https://github.com/ntop/ntopng
54
27
7/11/19
Module 6
LOG MANAGEMENT
55
• Network applications
– Bgp, dhcp, http, iptables …
56
28
7/11/19
57
58
29
7/11/19
59
Firewall Log
60
30
7/11/19
61
Syslog aggregation
62
31
7/11/19
63
Tools - Graylog
• Commercial + Open source software
• Collection, Storage, Analysis, & Visualisation
• Tightly coupled software stack including:
– ElasticSearch for Search
– MongoDB for log storage
• LibreNMS integration
64
32
7/11/19
65
Tools - Rsyslog
• Open source with commercial support available
• TCP, SSL, TLS, RELP
• MySQL, PostgreSQL, Oracle and more
• Filter any part of syslog message
• Multi-threading and suitable for relay chains
66
33
7/11/19
Tools - Splunk
• Commercial software
• Free for small users at < 500 mb/day
• Collection, Storage, Analysis & visualization
• Real-time alerting engine included
• Popular corporate solution with 13k customers
67
Tools – Syslog-ng
• Free and open source with commercial support available
• Collection and storage
• Adds TCP and TLS to basic UDP transport
• Can extract structured information from log messages
• Can log directly to a database
• Requires external tools for Analysis and visualization
68
34
7/11/19
69
70
35
7/11/19
7171
36