NETWORK MANAGEMENT MANAGEMENT PROTOCOL
NETWORK MANAGEMENT Competencies Name the most common management protocols Understand how they are positioned and what their most important distinguishing characteristics are Explain management primitives and protocol message structure used with SNMP Grasp the reasons for the enormous popularity of the command-line interface (CLI), while appreciating some of the challenges faced by management applications that use it Understand how syslog works Explain the use of Netflow and IP Flow Information Export (IPFIX) Describe the latest trend in management protocols, Netconf
NETWORK MANAGEMENT SNMP Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks and more. used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention. consists of a set of standards for network management, including an application layer protocol, a database schema, and a set of data objects. SNMP-managed network consists of three key components: Managed device Agent — software which runs on managed devices Network management system (NMS) — software which runs on the manager
NETWORK MANAGEMENT How SNMP works SNMP is a IETF udp-based network protocol to manage network attached devices, formally managed devices, from remote network management systems (NMS). The managed device software component supporting the protocol, formally called agent, is public through UDP port 161 and allows NMSs: Setting data to managed devices. Getting data from managed devices. Receiving events from managed devices.
NETWORK MANAGEMENT
NETWORK MANAGEMENT
NETWORK MANAGEMENT SNMP uses SNMP communication principles SNMP uses one or more administrative computers, managers, have the task of monitoring or managing a group of hosts or devices on a computer network. Each managed system executes, at all times, a software component called an agent which reports information via SNMP to the manager.
NETWORK MANAGEMENT MIB (Management information base) SNMP itself does not define which information (which variables) a managed system should offer. SNMP uses an extensible design, where the available information is defined by management information bases (MIBs). MIBs describe the structure of the management data of a device subsystem; they use a hierarchical namespace containing object identifiers (OID). Each OID identifies a variable that can be read or set via SNMP. MIBs use the notation defined by Structure of Management Information Version 2 (SMIv2, RFC 2578), a subset of ASN.1.
NETWORK MANAGEMENT SNMP Message Format
NETWORK MANAGEMENT CLI (Command Line interface) CLI is intended for human interaction, it offers many features to make such interactions easier: Help functions (typing a ? behind a command to display the list of available command options) Autocompletion (needing to type only the first few characters of a command or option that make it unique, and using the Tab key to tell the system to fill in the rest) Prompts (enabling you to enter different command modes, and reminding you of that mode by the form that the prompt takes)
NETWORK MANAGEMENT Example CLI : Configuring an Interface Cisco Linux # mcedit /etc/sysconfig/network-scripts/ifcfg-eth0 # Intel Corporation 82573E Gigabit Ethernet Controller (Copper) DEVICE=eth0 BOOTPROTO=static DHCPCLASS= HWADDR=00:30:48:56:A6:2E IPADDR=192.168.1.10 NETMASK=255.255.255.0 ONBOOT=yes
NETWORK MANAGEMENT Use of CLI as a Management Protocol CLI is not a management protocol at all. It is a command-line interface However, management applications are faced with the problem of how to access certain management functionality at the device. In many cases, not all features are covered through SNMP or other management interfaces. This requires applications (as well as operator-defined management scripts, subsumed in our discussion under management applications) to fall back on what is available, which is generally CLI. show Management Information Displayed in Table Format
NETWORK MANAGEMENT syslog: The CLI Notification Sidekick syslog (by convention, written in lowercase) originated in the server world—for example, with UNIX hosts. It has become extremely popular as a simple mechanism for managed devices to emit event messages and is today provided by most data communications equipment—routers, switches, and the like. syslog messages have two parts, a message header and the message body. The message body contains the content of the message itself. It is the “informal” part of a syslog message, not subjected to any inherent constraints. In many cases, it simply contains plain English text.
NETWORK MANAGEMENT example of a syslog message: 172.19.209.130 000024: *Apr 12 18:01:55.643: % ENV_MON-1-SHUTDOWN: Environmental Monitor initiated shutdown originator is a device with IP address 172.19.209.130 sequence number is 000024 message was generated on April 12, 18:01:55.643 local time. facility emitting the alarm is ENV_MON, the severity is 1, and the mnemonic is SHUTDOWN. message header is components up to the colon after ENV MON-1-SHUTDOWN The rest of the message is part of the message body.
NETWORK MANAGEMENT
NETWORK MANAGEMENT Netconf: A Management Protocol for a New Generation Netconf is one such management protocol. It is geared specifically toward managing the configuration of data-networking devices. The fact that Netconf is designed for device configuration does not mean that it could not be used or expanded for other purposes.
NETWORK MANAGEMENT
NETWORK MANAGEMENT
NETWORK MANAGEMENT IPFIX (Internet Protocol Flow Information Export) universal standard of export for Internet Protocol flow information from routers, probes and other devices that are used by mediation systems, accounting/billing systems and network management systems to facilitate services such as measurement, accounting and billing. The IPFIX standard defines how IP flow information is to be formatted and transferred from an exporter to a collector. Previously many data network operators were relying on the proprietary Cisco Systems NetFlow standard for traffic flow information export. A simple information set sent via IPFIX might look like this: Source Destination Packets ------------------------------------------ 192.168.0.201 192.168.0.1 235 192.168.0.202 192.168.0.1 42
NETWORK MANAGEMENT This information set would be sent in the following IPFIX message: As can be seen, the message contains the IPFIX header and two IPFIX Sets: Template Set : introduces the build-up of the Data Set used Data Set : contains the actual data. Because the Template Set is buffered in Collectors it will not need to be transmitted in subsequent messages.
NETWORK MANAGEMENT Summarizing
NETWORK MANAGEMENT Summarizing SNMP, Netconf, and Netflow/IPFIX are all targeted at management applications. SNMP is primarily used for monitoring and retrieving state information and operational data from devices. Netconf is primarily intended to provision devices and manage configurations. Netflow and IPFIX are specialized to collect statistical information about IP-based network traffic from data-networking equipment. CLI is targeted at human users. Applications also use it to provision devices when necessary. syslog is used by humans (such as administrators needing to inspect logs) and management applications alike. As far as human users are concerned, it complements CLI. Sometimes event coverage of syslog and SNMP overlaps. syslog provides generally wider coverage than SNMP, but when available, SNMP is often preferred by applications because of its rigid formal structure and semantics.
NETWORK MANAGEMENT Bibliography Alexander Clemm, Ph.D., Network Management Fundamentals, Copyright© 2007 Cisco Systems, Inc., Cisco Press 800 East 96th Street Indianapolis, IN 46240 USA http://www.cisco.com/networkers/nw04/presos/docs/NMS-1N02.pdf http://monitoringtt.blogspot.com/2010/05/snmp-for-dummies-protocol.html http://medusa.sdsu.edu/network/CS596/Lectures/ch23_SNMP.pdf https://ietf.org/wg/ipfix/charter/