You are on page 1of 77

| ||




   

    

   
 | 
   refers to the activities,
methods, procedures and tools that pertain to the
operation, administration, maintenance, and provisioning of
networked systems.

 | 
    
describes the operations that deals with keeping the
network (and the services that the network provides) up
and running smoothly. It includes monitoring the network
to spot problems as soon as possible, ideally before users
are affected.
   
 | 
     
deals with keeping track of resources in the network and
how they are assigned. It includes all the "housekeeping"
that is necessary to keep the network under control.

 | 
  
   is
concerned with performing repairs and upgrades£for
example, when equipment must be replaced, when a router
needs a patch for an operating system image, when a new
switch is added to a network. Maintenance also involves
corrective and preventive measures to make the managed
network run "better", such as adjusting device
configuration parameters.
   
 | 
   is data
for network management that are collected through
several mechanisms, including agents installed on
infrastructure, synthetic monitoring that simulates
transactions, logs of activity, sniffers and real user
monitoring.
   
 | 
   is data
for network management that are collected through
several mechanisms, including agents installed on
infrastructure, synthetic monitoring that simulates
transactions, logs of activity, sniffers and real user
monitoring.
   
 | 
     that are
performed as part of network management accordingly
includes:

D [ontrolling D [ryptographic key


D Planning D Distribution authorization
D Allocating D [onfiguration management
D Deploying D Fault management
D [oordinating D Security management
D Monitoring the resources D Performance management
of a network D Bandwidth management
D Network planning, D Route analytics
D Frequency allocation D Accounting management
D Predetermined traffic routing
to support load balancing
   
 Î     
     
    is common way of
characterizing network management
functions .
| 

?hat is Network Monitoring?


ÿ 

 | 
   describes the use of a
system that constantly monitors a computer network for
slow or failing systems and that notifies the network
administrator in case of outages via email, pager or other
alarms. It is a subset of the functions involved in network
management.
 | ! 
    is the
process of measuring the amount and type of traffic on a
particular network. This is especially important with regard
to effective bandwidth management.
| 

Difference between an
Intrusion Detection System
and Network Monitoring?
| 

 ÷      


monitors a network for threats from the
outside

 | 
   monitors the
network for problems caused by overloaded
and/or crashed servers, network connections
or other devices
|  

 [ommonly measured metrics are


    , " #  
  , although both   
  #   metrics are starting to gain
popularity.
|  
 [AIDA Metrics ?orking Group (www.caida.org)
-Latency
-Packet Loss
-Throughput
-Link Utilization
-Availability

 IETFAs IP Performance Metrics (IPPM) ?orking Group


-[onnectivity (RF[ 2687)
-One-?ay Delay (RF[ 2679)
-One-?ay Packet Loss (RF[ 2680)
-Round Trip Delay (RF[ 2681)
-Delay Variation
-Bulk transfer capacity
|  

 
   
  

V 



|   

  V  

 
 

 

 

      


 
|  
 Availability: The percentage of a specified time interval
during which the system was available for normal use.
-[onnectivity: the physical connectivity of network elements.
-Functionality: whether the associated system works well or not.

 Latency: The time taken for a packet to travel from a host


to another.
-Round Trip Delay = Forward transport delay + server delay +
backward transport delay
-Ping is still the most commonly used to measure latency.

 Link Utilization over a specified interval is simply the


throughput for the link expressed as a percentage of the
access rate.
 
 Active Monitoring
 Passive Monitoring
^ 
 Performed by sending test traffic into network
-Generate test packets periodically or on-demand
-Measure performance of test packets or responses
-Take the statistics

 Impose extra traffic on network and distort its


behavior in the process

 Test packet can be blocked by firewall or


processed at low priority by routers

 Mainly used to monitor network performance


r  
 [arried out by observing network traffic
-[ollect packets from a link or network flow from a router
-Perform analysis on captured packets for various purposes
-Network device performance degrades by mirroring or flow
export

 Used to perform various traffic


usage/characterization analysis/intrusion
detection
[ ^  

Active monitoring Passive monitoring


[onfiguration Multi-point Single or multi-point
Data size Small Large
Network Additional traffic - Device overhead
overhead - No overhead if
splitter is used
Purpose Delay, packet loss, Throughput, traffic
availability pattern, trend, &
detection
[PU Requirement Low to Moderate High
  |  
    
 The ping program
 SNMP servers
 IBM AURORA Network
Performance Profiling System
 Intellipool Network Monitor
 Jumpnode
 Microsoft Network Monitor 3
 MRTG
 Nagios (formerly | )
 Netdisco
 NetQoS
 NetXMS Scalable network and
application monitoring system
  |  
    
 OpenNMS
 PRTG
 Pandora (Free Monitoring System) - Network and
Application Monitoring System
 PIKT
 RAN[ID - monitors router/switch configuration changes
 RRDtool
 siNMs by Siemens
 SysOrb Server & Network Monitoring System
 Sentinet3 - Network and Systems Monitoring Appliance
 Servers[heck Monitoring Software
 [acti network graphing solution
 Zabbix - Network and Application Monitoring System
 Zenoss - Network and Systems Monitoring Platform
 Level Platforms - Software support for network monitoring
^ 
 Acterna DA-3400 and DA-3600 Data Network
Analyzer is a monitoring tool for testing next
generation packet-over-SONET/SDH network
 Provides fast, timely information on network
performance
 Enables providers to make more informed
decisions concerning the performance of their
peering links, independent of current router
tools
^ 
 Provides faster, more accurate information
on network utilization in order to plan for
new applications
 Proactively monitors and identifies
potential intrusion detection and denial of
service attacks to maintain superior
service delivery
 Provides advanced MPLS verification
techniques within interoperability.
p 
|r  

BA[K
^
       r

BA[K
 
| 


BA[K


BA[K
| 

BA[K
|  

BA[K
| !

BA[K
 |

BA[K
r

BA[K
 [ 

BA[K