Challenges of Managing

Large Networks
 Network critical to running of business
 Complexity of network – requiring automated
management tools
 Large number of devices, increased probability of
device failure
 Likelihood of devices from different manufacturers
 Physical distribution of network assets –
requiring management of assets across the
network itself
OSI Key Areas of Network
Management
 Fault Management
 Correcting a work-stopping fault and resuming
normal service with the minimum of delay
 Steps:
 Determine location of fault
 Isolate rest of network from failure
 Reconfigure network to operate efficiently without
failed components
 Rectify fault, reconnect components, reconfigure
network again
OSI Key Areas of Network
Management
 Accounting Management
 Charging cost of providing network to departments
or cost centres based on usage statistics
 Reasons
 User(s) may overburden network at expense of
other users
 User(s) making inefficient use of network can be
targetted by network manager to change
procedures are improve performance
 Network manager can plan for network growth if
user activity is known
OSI Key Areas of Network
Management
 Configuration and Name Management
 Deciding how a device is to be used, choosing
appropriate software and settings for the device
 Concerned with
 Initialising a network
 Gracefully shutting down all or part of a network
 Maintaining, adding, updating relationships
between components
 Status of components during network operation
OSI Key Areas of Network
Management
 Performance Management
 Identifying deteriorating response or throughput of
the network and introducing additional equipment /
transmission-capacity to alleviate the problem
 Performance issues
 What is the level of capacity utilisation?
 Is there excessive traffic?
 Has throughput reduced unacceptably?
 Are there bottlenecks?
 Is response time increasing?
OSI Key Areas of Network
Management
 Security Management
 Monitoring and controlling access to
computer networks
 Concerned with generation, distributing

and storing encryption keys, passwords

and other access control information
 Requires use of security logs and audit

records
Sub-area of Configuration and
Name Management
 Layer Management
 Most of the protocols associated with the
TCP/IP suite have associated operational
parameters, e.g. IP’s TTL parameter and
TCP’s retransmission timer
 As a network expands, such parameters

may need to be changed while the network

is still operational
Network Management
Techniques
 Connection Monitoring
 Ping a number of critical IP addresses at intervals
 Inefficient, and not very informative, should only be
used if no alternative
 Traffic Monitoring
 Analyse traffic on a network and generate reports
 MS Network Monitor / Fluke Network Analyzer
 Works on a single segment at a time
 More sophisticated tools use SNMP/CIMP to remotely
monitor other segments
SNMP (Simple Network Management
Protocol)
 Released by US Department of Defense and TCP/IP
developers in 1988
 Most widely used and well-known in network software
management tools
 Uses a technique called MIB collection to retrieve network
information - i.e polls each device on a network in
sequence, asking for status, records that information
centrally
 Devices on the network don’t need to be smart enough to
report problems as they occur
 SNMP’s polling contributes significantly to network traffic
CMIP (Common Management
Information Protocol)
 Developed by the ISO, pre-dating SNMP
 Not implemented as much as SNMP, especially since
SNMP became a part of TCP/IP
 Uses a technique called MIB reporting to gather network
information - the central monitoring station waits for
devices to report their current status to it
 May be useful if keeping non-essential network traffic to a
minimum is critical
TMN (Telecommunications
Management Network)
 Developed by ITU-T
 Specifies management architectures for
telecommunications networks (e.g. ISDN, B-ISDN, ATM)
 Provides a richer framework of architectural concepts than
SNMPv3
 Underlying protocols may be provided by SNMP or CMIP
Network Monitors / Network Analysers
 A network monitor uses SNMP or CMIP to keep track of
statistical information about a network
 A network analyser does the same but provides a more
sophisticated level of service - for example some network
analysers can not only detect and identify problems, they
can fix them as well
 A network analyser may be dedicated hardware, but can
just be a specialised software package that runs on a
typical PC using a typical network card
Network Troubleshooting
 Problems will happen on networks
 Approach the problem logically and
methodically
 Two useful approaches to network
troubleshooting:
 The Process of Elimination
 Divide and Conquer
Network Troubleshooting S/W
Tools
 Ping – network layer connectivity
 Traceroute – identifying network layer
point of failure
 Telnet – application layer connectivity
 Netstat – protocol statistics / TCP/IP
connections
 ARP – show / change ARP cache
 IPConfig – show IP / MAC settings
Simple Network Management
Protocol
 Application-layer protocol
 Facilitates the exchange of management
information between network devices
 Part of the TCP/IP protocol suite.
SNMP Basic Components
 Network Management System (NMS)
 Executes applications that monitor and control
managed devices
 May be a dedicated device
 Could have more than one NMS on a network
 Managed elements
 Devices: switch, router, workstation, printer…
 Software Elements: protocol…
 Collect and store management-related information
SNMP Basic Components…
 Agents
 Network management software that resides in a
managed device
 Has local knowledge of management information
 Translates the information into SNMP form
 Communicates with Network Management System
 Master Agent
 Parses and formats protocol messages
 Subagent
 Models objects of interest within a subsystem
 Interfaces to the subsystem for monitoring and management
operations
SNMP Standards
 SNMPv1 original standard defined by RFCs 1155, 1157,
1212 and 1213
 Widely used
 SNMPv2 core defined by RFCs 2578-2580, 2819; 1907,
2572
 Not widely adopted due to serious disagreements about security
framework
 Fragmented into v2c, v2p and v2u
 SNMPv3 current standard defined by RFCs 3411-3418
 Standardised as of 2004
 Implementations often support v1, v2c and v3
SNMPv3 Framework

Structure of Management
Information (SMI)
SNMP
Management Information Security
Bases (MIBs) and
Administration
Simple Network Management
Protocol (SNMP)

Internet Standard Management Framework

(SNMP Framework)
SNMP SMI
 SMI defines rules for describing
management information using ASN.1
 SMI specifies:
 ASN.1 data types
 SMI-specific data types

 MIB table

 Information modules (added in SNMPv2)

SNMP Data Representation
 In order to allow communication between
very different devices, SNMP uses an
platform-independent format
 Data types of each managed object defined
using a subset of ASN.1
 Before communication, values are
converted into standard syntax using ASN.1
Basic Encoding Rules (BER)
SNMP MIB
 Management Information Base
 Database of information, organised hierarchically
 Accessed via SNMP protocol
 Contains managed objects, each identified by an
object identifier
 Managed object:
 Some characteristic of a managed device
 Comprised of one or more object instances
 May be scalar or tabular
SNMP MIB Tree Example
SNMP MIB Tree Example…
SNMP Security
 SNMPv1 lacks authentication capabilities
 A password (community string) is required between NMS and
agent, but this is not encrypted for transmission
 SNMPv2 security fragmented into:
 v2p – party-based security
 v2u – user-based security
 v2c – back to community strings
 SNMPv3 allows a number of different security methods to
be incorporated into its architecture, including:
 user-based security as defined in SNMPv2u
 a new view-based access control model
SNMPv3 Message Format
Message Header Scoped PDU

 Message header has fields:

 Version Number - 3 for SNMPv3
 Message Identifier - matches responses to requests

 Maximum Message Size - that sender can receive

 Message Flags - controls processing of message

 Message Security Model - identifying which security model was

used for message

 Message Security Parameters - appropriate to chosen security

model
 Scoped PDU has fields:
 Context Engine ID – identifies application to process PDU

 Context Name – object identifier specifying context of PDU

 PDU – variable formats, see next slide

SNMPv2 PDU Formats
 Get, GetNext, Inform, Response, Set, Trap:

 GetBulk:
SNMP Protocol Operations
 Get – Retrieve the value of a scalar SNMP variable
 GetNext – Retrieve the next value in a tabular SNMP
variable
 Set – Change the value of an SNMP variable
 Trap – Used by agent to report an event to an NMS
 GetBulk (added in SNMPv2) – Retrieve whole table in one
operation
 Inform (added in SNMPv2 – Used by one NMS to report
an event to another NMS
Remote Monitoring
 RMON is an enhancement to SNMP
 Allows SNMP to look at entire network, not
just individual devices
 RMON probe collects data from a network
segment and relays it back to management
console
 RMON creates new categories of data, i.e.
new branches added to MIB tree
RMON
RMON Categories of Data
 Ethernet Statistics Group – statistics gathered for
each segment
 History Control Group – records sample from the
Ethernet Statistics Group of a specified period of
time
 Alarm Group – alerts network admin based on
counters exceeding specified thresholds
 Host Group – counters for each host on segment
 Host TOPN Group – reports, e.g. top 10 hosts that
generate broadcast