Network Management

From: Comer book on Internetworking with TCP/IP
Stallings book on SNMP
Stallings book on LAN/MAN
Rose/McCloghrie on Network Management Practicum

Overview

• OSI functional areas

• Network Explainer

• SNMP

• Tools/Applications

OSI Network Management Functional Areas

summarized in Chap 11 of Stallings LAN/MAN text

1. Fault Management: facilities that enable the detection, isolation and correction of abnormal operation (versus an error--such as transient bit error that can be detected/corrected).

2. Accounting Management: facilities to allow charges and costs to be assessed for use of network services (Germany example)

3. Configuration and Name Management: start-up and shutdown operations. Determine the network configuration.

4. Performance Management: facilities the evaluate the behavior of managed objects and the effectiveness of communication activities. Two parts--monitoring and controlling.

5. Security Management: generating, distributing and storing encryption keys and passwords. Maintaining logs of activity.

Lots of other OSI definitions and terminology in text. Talks at a high-level--not so useful.

Network Monitor

The existence of monitors for broadcast-based LANs such as Ethernet or Token Ring has been available for many years. Many such commercial and public-domain projects.

MQP motivated by the fact that oddities do occur on a network. An administrator wants to understand all traffic by placing it into ``bins.'' What is left is unexplained.

Approach: Create rules for different types of traffic. Each rule can classify a set of ``explained'' traffic. Maintain statistics on each rule for presentation.

Be able to dump explained or unexplained packets.

Unexplained packets can lead to more rules to further classify the traffic.

Limited to a particular network segment. Does not track all packets (machine is not fast enough to process all of them).

Motivation

Up until the late 1980s, the use of network management using tools such as ping (packet internet groper) were sufficient. However as exponential growth occured in the Internet this approach was no longer satisfactory.

Older networks provided network management as part of the link level using special control packets sent by a network manager. Allowed for control of switches even if problems existed at higher layers. However the Internet does not have a single link level and thus a more general method is needed and has been adopted.

Network management occurs at the application level and uses TCP/IP for message transport (actually UDP). Works for LAN to WAN environments. Advantages:

• One set of protocols for all networks.

• Same protocols for all gateways.

• Uniformity for the manager.

• Remote management capabilities.

Disadvantages:

• Need the underlying protocols to work correctly to deliver management messages.

• Cannot use if a gateway's routing tables are damaged (less relevant in LAN environment)

Management consists of two parts:

1. how client software communicates with a server

2. what data is kept and how it is named.

SNMP

Most common protocol for communication of management information is the Simple Network Management Protocol (SNMP). Also the ISO standard Common Management Information Protocol (CMIP) and its Internet implementation CMIP Over TCP (CMOT). Will concentrate on SNMP.

Its use has grown with the emergence of TCP/IP (versus OSI and OSI network management)

It's also possible to have proxy SNMP agents.

Management Information Base

Standard for network management data. Defines what data is maintained by a host or gateway and what operations are allowed. Eight categories as shown in Fig 26.2 of Comer. Fig 26.3 shows sample variables.

Variables are defined and accessed using ISO's ASN.1 abstract notation. Objects are identified with unique names using a hierarchy (see Fig 26.4 and 26.5).

All MIB variables start with the prefix 1.3.6.1.2.1 and all variables corresponding to IP begin with the prefix 1.3.6.1.2.1.4. Can also write the corresponding textual label as iso.org.dod.internet.mgmt.mib.ip

The label for the variable ipInReceives is 1.3.6.1.2.1.4.3 (this is a well-known label). This variable contains a single value.

The label for the variable ipAddrTable, containing a list of IP addresses for each network interface 1.3.6.1.2.1.4.20

It is defined as

ipAddrTable ::= SEQUENCE OF IpAddrEntry

Rather than use subscripts, MIB tables append a suffix onto the name to select a specific element in the table.

Operations given in Fig 26.6. The get-next-request can be used to iterate through a list by giving the previous entry received.

ASN.1 is used in sending the actual SNMP messages.

Have a second version of MIB called MIB-II (RFC 1213) which defines additional objects and groups. Added transmission and snmp objects at the top level.

Many other MIBs have (and are being) defined.

Example Usage

> /usr/sbin/snmp_request wpi public getnext 1.3.6.1.2.1.1.1
1.3.6.1.2.1.1.1.0 = wpi.WPI.EDU AlphaServer 4X00 5/300 2MB 
Digital UNIX V4.0D (Rev. 878); Wed May 13 13:19:19 EDT 1998 

> /usr/sbin/snmp_request wpi public getnext 1.3.6.1.2.1.4.3
1.3.6.1.2.1.4.3.0 = 309738705

> /usr/sbin/snmp_request wpi public getnext 1.3.6.1.2.1.4.20
1.3.6.1.2.1.4.20.1.1.127.0.0.1 = 127.0.0.1

> /usr/sbin/snmp_request wpi public getnext 1.3.6.1.2.1.5.8
1.3.6.1.2.1.5.8.0 = 9067

> /usr/sbin/snmp_request joseph public getnext 1.3.6.1.2.1.1.1
1.3.6.1.2.1.1.1.0 = NCD88K 8-bit Color 19c V3.5.125 #16208 04/24/96 
downloaded: LAN

Traps

To avoid polling, SNMP allows traps where the server notifies the client.

Seven generic trap values:

1. coldStart: unexpected restart

2. warmStart: routine restart

3. linkDown: signals a failure in one of the agent's communications links

4. linkUp: signals that a communication link has come up.

5. authenticationFailure: the sending protocol entity has received a protocol message that failed authentication.

6. egpNeighborLoss: an EGP neighbor has gone down

7. enterpriseSpecific: specific to a network management subsystem.

Practical Issues

1. Differences in SNMP Support by vendors of bridges and routers.

   1. Inconsistent support for reporting physical addresses on bridges.

   2. Limited or nonexistent support for set command.

   3. Cold start traps were not reliably issued.

2. Objects not supported: does a count of zero mean there were none or a value is being returned just to indicate ``support.'' Better to admit no support.

3. Polling Frequency. Depends on number of agents, processing time for a request or a response, network delay and polling interval. Also the rate has an effect on the network itself (30 seconds as a compromise).

Limititations of SNMP

• May not be suitable for management of truly large networks because of polling performance limitations.

• not well suited for retrieving large amounts of data (entire routing table).

• traps are unacknowledged (could be lost based on UDP/IP).

• only trivial authentication in base protocol--better for monitoring than control.

• only way to trigger an event is to set a variable (rather than having a remote procedure call like interface)

• does not support manager-to-manager communications

OSI network management addresses some of these issues, but along with it comes more complexity and size.

RMON

Remote Network Monitoring (RMON) standard (RFC 1271).

Is designed to collect information about the network itself (as opposed to the machines on it). See Fig 7.1

Through distributed monitoring, a single management station can monitor multiple segments.

Network Management Systems

What is in them?

Both PC and Unix-based platforms.

Features:

• network maps--hierarchy showing current status

• menus for common MIBs

• access to GET, GET-NEXT and SET operations for user-specified objects

• ability to add new MIB information

• tables/graphs

• dedicated trap windows

• some based on TCL/TK

• bilingual support for SNMPv1 and SNMPv2

Current work on how to include security in version 2. Current working model is SNMPv1.5 (no security, but other features of SNMPv2 (e.g. get-bulk).