Network Analysis, Design

and Management
Lecture 10 - Develop Management Strategies

Le Hai Duong, PhD. (lhduong@hcmiu.edu.vn)

1
Overview

● One of the most important aspects of logical network design.

● Consider management from the beginning → avoid scalability
and performance problems
● Help an organization achieve availability, performance, and
security goals
● Help an organization measure how well design goals are being
met and adjust network parameters if these goals are not being
met

2
Outline

● Network management design

○ Proactive network management
○ Network management processes
● Network management architectures
○ In-band vs. Out-of-band monitoring
○ Centralized vs. distributed monitoring
● Selecting network management tools and protocols

3
 Network
Management
Design

4
Network management design

● Network management systems poll remote stations on regular

basis → significant amount of traffic
● Determine which resources should be monitored and the
metrics to use for measuring performance
○ Choose careful data to collect
● Plan the format that data should be saved in

5
Proactive network management

● Should encourage the practice of proactive network

management
○ health checking the network during normal operation
○ optimize performance
○ plan upgrades
● Conduct tests
● Write monthly/quarterly reports that document the quality of
network service → service goals: availability, response time,
throughput, usability…

6
Network management processes

ISO defines 5 types of network management processes:

● Fault management
● Configuration management
● Accounting management
● Performance management
● Security management

7
Fault management

● Fault management refers to detecting, isolating, diagnosing, and

correcting problems.
○ processes for reporting problems to end users and managers
○ tracking trends related to problems
● Tools
○ monitoring tools that alert managers to problems
○ protocol analyzers for fault resolution
○ help-desk software for documenting problems and alerting users of problems
● Monitoring tools based on
○ Simple Network Management Protocol (SNMP)
○ Remote Monitoring (RMON)

8
Syslog level

■ Emergency (level 0, the most severe level)

■ Alert (level 1)
■ Critical (level 2)
■ Error (level 3)
■ Warning (level 4)
■ Notice (level 5)
■ Informational (level 6)
■ Debugging (level 7)

9
Configuration management

● Keep track of network devices and maintain information on

how devices are configured
○ maintain an inventory of network assets and do version-logging

10
Accounting management

● Facilitates usage-based billing

● Accounting of network usage can be useful to catch
departments or individuals who “abuse” the network
● Track unexpected traffic growth → next capacity-planning

11
Performance management

● Measurement of network behaviour and effectiveness

○ examining network application and protocol behavior
○ analyzing reachability
○ measuring response time
○ recording network route changes
● Facilitate optimizing a network → meet service-level
agreements (SLA) + planning for expansion

12
Types of performance

● End-to-end performance
○ measure availability, capacity, utilization, delay, delay variation, throughput,
reachability, response time, errors, and the burstiness of traffic
● Component performance
○ measure performance of individual links or devices
○ monitor routers and switches for throughput (packets per second), memory
and CPU usage, and errors

13
Performance management (conti.)

● response-time → ping (send echo packet of ICMP) and

measure round-trip time (RTT)
● use protocol analyser or SNMP tools to record traffic loads

14
Security management

● Maintain and distribute passwords and other authentication and

authorization information
● Generating, distributing, and storing encryption keys
● Tools and reports to analyze a group of router and switch
configuration for compliance with site security standards
● Collecting, storing, and examining security audit logs
○ engrypt audit logs
● Tools: Event Viewer, syslog

15
 Network
Management
Architecture

16
Three major components in network management architecture

● A managed device
○ collects and stores management information (routers, servers, switches, end
systems, or printers…)
● An agent
○ software resides in a managed device
○ tracks local management information and uses a protocol such as SNMP to
send information to NMSs
● A network management system (NMS)
○ display management data, monitor and control managed devices, and
communicate with agents
○ NMS is typically located in a network operations center (NOC)

17
18
Considerations

● Designing a network management architecture in parallel with

designing an internetwork.
● Whether management traffic flows in-band (with other network
traffic) or out-of-band (outside normal traffic flow)?
● Redundant topology → a centralized or distributed
management topology?

19
In-band vs. Out-of-band monitoring

● In-band monitoring:
○ network management data travels across an internetwork using the same
paths as user traffic
○ easy to develop but harder to troubleshoot the problems.
○ it is beneficial to use management tools even when the internetwork is
congested, failing, or under a security attack.
● Out-of-band monitoring:
○ network design more complex and expensive
○ there are security risks associated with adding extra links between NMSs
and agents

20
Centralized vs. Distributed monitoring
● Centralized monitoring architecture
○ all NMSs reside in one area of the network, often in a corporate NOC
○ agents are distributed across the internetwork and send data such as ping and SNMP
responses to the centralized NMSs
● Distributed monitoring:
○ NMSs and agents are spread out across the internet work
○ a hierarchical distributed arrangement can be used whereby distributed NMSs send data to
sophisticated centralized NMSs using a manager-of-managers (MoM) architecture
○ a centralized system that manages distributed NMSs is sometimes called an umbrella NMS.
■ distributed NMSs can filter data before sending it to the centralized stations → reducing
the amount of network management data that flows on the internetwork
○ Advantage: can often gather data even when parts of the internetwork are failing
○ Disadvantage:
■ architecture is complex and hard to manage
■ more difficult to control security, contain the amount of data that is collected and stored,
and keep track of management devices.
● A simple network management architecture that does not complicate the
job of managing the network is generally a better solution
21
Selecting Network
Management Tools
and Protocols

22
Selecting tools for network management
● Management tools should support numerous features that can be used for performance,
fault, configuration, security, and accounting management
● At a minimum, should include tools for isolating, diagnosing, and reporting problems to
facilitate quick repair and recovery.
● Ideally, the system should also incorporate intelligence to identify trends that can predict a
potential failure so that a network manager can take action before a fault condition occurs.
● Consider the flexibility of the tools and the varied audiences that may interface with them.
→ having both a browser interface and command-line interface (CLI) is beneficial
● If the tools allow dynamic configuration of devices, configuration changes should take
effect without requiring a reboot of the device
○ management software should also check the validity of any configuration changes and automatically restore
operation to the last known configuration or software image in case of error
○ .management software that supports the dynamic configuration of devices should require authentication to
avoid an unauthorized user making changes

23
Selecting network management protocol

● SNMP is supported by most commercial NMSs and many

networking devices
○ simplicity, easy to implement, install, and use
○ SNMPv3 offers better security, including authentication to protect against
modification of information, and secure set operations for the remote
configuration of SNMP-managed devices.
● Management Information Bases (MIB)
○ stores information gathered by the local management agent on a managed
device
○ each object in a MIB has a unique identifier → network management
applications use the identifier to retrieve a specific object
○ The MIB is structured as a tree. → Similar objects are grouped under the
same branch of the MIB tree.
24
Selecting network management protocol (conti.)

● Remote Monitoring (RMON)

○ The RMON MIB was developed by the IETF in the early 1990s to address
shortcomings in the standard MIBs, which lacked the capability to provide
statistics on data link and physical layer parameters
○ The IETF developed the RMON MIB to provide Ethernet traffic statistics
and fault diagnosis.
○ RMON agents gather statistics on cyclic redundancy check (CRC) errors,
Ethernet collisions, packet-size distribution, the number of packets in and
out, and the rate of broadcast packets.
○ RMON alarm group lets a network manager set thresholds for network
parameters and configure agents to automatically deliver alerts to NMSs.
○ RMON also supports capturing packets (with filters if desired) and sending
the captured packets to an NMS for protocol analysis.

25