Chapter 10 Updated January 2009 Network Management Chapter 10 Updated January 2009 Raymond Panko’s Business Data Networks and Telecommunications, 7th edition May only be used by adopters of the book

10-1: Planning the Technological Infrastructure The First Job of Network Management is Planning the Technological Infrastructure, which consists of the Elements of the Network and How they Fit Together. What-Is Analysis The first step in planning the technological infrastructure is to understand the current network in detail Requires a comprehensive inventory

10-1: Planning the Technological Infrastructure Second, Understand the Driving Forces for Change Normal growth in application demand Disruptive applications Applications that require massive network changes Video requires higher network capacity Voice requires high quality of service Organizational changes Changes in other aspects of IT (data center consolidation, etc.)

10-1: Planning the Technological Infrastructure Gaps Analysis Identify gaps that will exist and that need to be closed Characterize and document each Create a plan for closing each gap Performance Measure Requirement Gap What Is Time

10-1: Planning the Technological Infrastructure Options for Closing the Gaps Multiple options must be considered Select roughly the least expensive option that will fully meet requirements Base cost decisions on the total cost of ownership (TCO) Select based on scalability The ability to grow cost effectively and sufficiently (See Figure 10-2)

10-2: Scalability

Traffic Management Capacity is expensive; it must be used wisely Especially in WANs, where capacity is expensive

10-3: Traditional Traffic Management Methods As we saw in Chapter 4, even in a network with adequate capacity most of the time, there will be occasional momentary traffic peaks when traffic exceeds capacity. Switches have to store frames in their memory buffers. This creates latency in delivery. If the buffer is too small for the delayed traffic, the switch must drop some frames.

10-3: Traffic Management Methods Traditional Approaches to Managing Momentary Traffic Peaks Overprovisioning Install much more capacity than is needed most of the time This is wasteful of capacity Unacceptable in WANs, where capacity is expensive Does not require much ongoing management labor

10-3: Traffic Management Methods Traditional Approaches Priority Assign priority to applications based on sensitivity to latency In momentary periods of congestion, switch sends high-priority frames through, holding back low-priority frames Substantial ongoing management labor Used heavily in WANs, where the cost per bit is too high to use overprovisioning

10-3: Traffic Management Methods Traditional Approaches QoS Reservations In ATM, reserve capacity on each switch and transmission line for an application Allows strong QoS guarantees for voice traffic Wasteful if the reserved capacity is not sued Highly labor-intensive Usually, data gets the scraps—capacity that is not reserved for voice

10-4: Traffic Shaping

10-4: Traffic Shaping

10-4: Traffic Shaping

Figure 10-5: Compression A fifth way to manage traffic is to use compression. Here, 3 Gbps and 5 Gbps traffic streams go into the network. Without compression, 8 Gbps of capacity would be needed. With 10:1 compression, only 800 Mbps of capacity is needed. A 1 Gbps line will be adequate.

Network Simulation Software

10-6: Network Simulation Simulation Purposes Build a model, study its implications More economical to simulate network alternatives than to build several networks and see which one is best Purposes Compare alternatives to select the best one Sensitivity analysis to see what will happen if the values of variables are varied over a range Anticipating bottlenecks because procurement cycles are long in business, so problems must be anticipated well ahead of time

10-6: Network Simulation What Is: the existing situation R7 Net 1 Utilization in Peak Hour 95% Net 2 Too high! Net 5 What-Is analysis: Describe the current network Problem: Utilization in the peak hour Is too high (95%); this will create many momentary overloads Net 3 Net 6

10-6: Network Simulation What-If: See the Impact of a Change R7 Net 1 Est. Utilization in Peak Hour 70% Added Router Added Link R3 Net 2 Net 5 What-If analysis: What will happen if something is done? Adding a new link between R3 and Net5 will give good peak hour utilization. Net 3 Net 6

10-6: Network Simulation The Simulation Process: Step 1: Before the Simulation, Collect Data Data must be good Otherwise, GIGO (garbage in, garbage out) Collect data on the current network Forecast growth

10-7: OPNET IT Guru Node Template Work Area Dragged Icon The Process: 2. Add node icons to the simulation Work Area (clients, servers, switches, routers, etc.) Drag from the Object Palette Object Palette

Specify the Topology 3. Specify the topology by adding transmission lines between nodes (and specifying line speeds). Click on two nodes, click on a transmission line icon in the object palette.

10-8: Configuring Elements in IT Guru 4. Configure EACH node and transmission lines (IP Time-to-Live value, etc.). In this case, Frame Relay burst speed rate.

5. Add applications, which generate traffic data

10-6: Network Simulation 6. Run the simulation for some simulated period of time Examine the output to determine implications Validate the simulation if possible (compare with actual data to see if it is correct)

7. Do what-if analyses, trying different alternatives. 10-10: What-If Analysis 7. Do what-if analyses, trying different alternatives.

10-6: Network Simulation 8. Examine application performance, which goes beyond network performance Involves network characteristics, but Also involves host performance And also involves application configuration OPNET’s Application Characterization Environment (ACE) can do network and application simulation

IP Subnetting

IP Subnetting IP Addresses always are 32 bits long The firm is assigned a network part Usually with 8 to 24 bits The firm can assign the remaining bits to the subnet part and the host part Different choices give different numbers of subnets and hosts per subnet, as in the following examples Firms must trade-off the number of subnets and the number of hosts per subnet in a way that makes sense for their organizational situation

IP Subnetting If a part has N bits, it can represent 2N-2 subnets or hosts per subnet 2N because if you have N bits, you can represent 2N possibilities Minus 2 is because you cannot have a part that is all zeros or all ones Part Size (bits) 2N 2N-2 4 24 = 16 16-2 = 14 8 ? ? 10 ? ? 12 4,096 4,094 16 65,536 65,534

10-11: IP Subnetting Step Description 1 Total size of IP address (bits) 32 By Definition 2 Size of network part assigned to firm (bits) 16 Assigned to the firm 3 Remaining bits for firm to assign 16 Bits for the firm to assign 4 Selected subnet/host part sizes (bits) 8 / 8 The firm’s decision 5 Number of possible Subnets (2N-2) 254 (28-2) Results of the firm’s decision Number of possible hosts per subnets (2N-2) 254 (28-2)

10-11: IP Subnetting Step Description 1 Total size of IP address (bits) 32 By Definition 2 Size of network part assigned to firm (bits) 16 Assigned to the firm 3 Remaining bits for firm to assign 16 Bits for the firm to assign 4 Selected subnet/host part sizes (bits) 6/10 The firm’s decision 5 Number of possible Subnets (2N-2) 62 (26-2) Results of the firm’s decision Number of possible hosts per subnets (2N-2) 1,022 (210-2)

10-11: IP Subnetting Step Description 1 Total size of IP address (bits) 32 By Definition 2 Size of network part assigned to firm (bits) 8 Assigned to the firm 3 Remaining bits for firm to assign 24 Bits for the firm to assign 4 Selected subnet/host part sizes (bits) 12/12 The firm’s decision 5 Number of possible Subnets (2N-2) 4,094 (212-2) Results of the firm’s decision Number of possible hosts per subnets (2N-2) 4,094 (212-2)

10-11: IP Subnetting Step Description 1 Total size of IP address (bits) 32 By Definition 2 Size of network part assigned to firm (bits) 8 Assigned to the firm 3 Remaining bits for firm to assign 24 Bits for the firm to assign 4 Selected subnet/host part sizes (bits) 8/16 The firm’s decision 5 Number of possible Subnets (2N-2) 254 (28-2) Results of the firm’s decision Number of possible hosts per subnets (2N-2) 65,534 (216-2)

10-11: IP Subnetting Step Description 2 Size of network part assigned to firm (bits) 20 3 Remaining bits for firm to assign 12 Added Selected subnet part sizes (bits) 4 4 Selected host part sizes (bits) ? Number of possible Subnets (2N-2) ? Number of possible hosts per subnets (2N-2) ?

10-11: IP Subnetting Step Description 2 Size of network part assigned to firm (bits) 20 3 Remaining bits for firm to assign 12 Added Selected subnet part sizes (bits) 6 4 Selected host part sizes (bits) ? Number of possible Subnets (2N-2) ? Number of possible hosts per subnets (2N-2) ?

Network Address Translation (NAT)

10-12: Network Address Translation (NAT) A firm gets a block of IP addresses For instance, 60.5.0.0 to 60.5.255.255 Attackers wish to learn a firm’s host addresses so that they can identify potential target hosts NAT allows a firm to hide these “external” IP addresses The firm uses different internal IP addresses For instance, 192.168.0.0 to 192.168.255.255 NAT translates between internal and external addresses Attackers can only see external addresses

10-13: Network Address Translation (NAT) When an internal host sends a packet, the NAT firewall changes the source IP address and the source port number The NAT firewall records the original and changed information in a translation table for later use

10-13: Network Address Translation (NAT) If an eavesdropper with a sniffer program captures and reads a packet’s source IP address and port number, the sniffer will not learn the true source IP address and port number of the sending host. This means that the attacker cannot send attack packets to the internal hosts.

10-12: Network Address Translation (NAT) NAT is Transparent to Internal and External Hosts Neither knows that NAT has been used Expanding the Number of Available IP Addresses Problem: companies may receive a limited number of external IP addresses from their ISPs This number may be too few There are roughly 4,000 possible ephemeral port numbers for each IP address So for each external IP address, there can be 4,000 connections

10-12: Network Address Translation (NAT) NAT is Transparent to Internal and External Hosts Neither knows that NAT has been used Expanding the Number of Available IP Addresses Problem: companies may receive a limited number of external IP addresses from their ISPs This number may be too few There are roughly 3,000 possible ephemeral port numbers for each IP address So for each external IP address, there can be 4,000 connections

10-12: Network Address Translation (NAT) Expanding the Number of Available IP Addresses If a firm is given only 254 external IP addresses, it can have roughly one million external connections 254 external IP addresses Times 3,975 ephemeral ports/IP address (4,999- 1,024) = 1,009,650 internal IP addresses Even if each internal device averages several simultaneously external connections, there should not be a problem providing as many external IP connections as a firm desires

10-12: Network Address Translation (NAT) Private IP Address Ranges Reserved for use inside firms May not be used outside firms 10.x.x.x 192.168.x.x (most popular) 172.16.0.0 through 172.31.255.255

10-12: Network Address Translation (NAT) Protocol Problems with NAT IPsec, VoIP, etc. do not work properly with NAT The protocol must know the true IP address of a host Work-arounds exist, but they vary by vendor Work-arounds must be considered very carefully in product selection

Multiprotocol Label Switching

10-14: Multiprotocol Label Switching (MPLS) In normal routing, each router along the route must do a great deal of work to decide to do with EACH arriving packet, even if many packets are sent to the same destination host

10-14: Multiprotocol Label Switching (MPLS) In Multiprotocol Label Switching (MPLS), the routers select the best route between two hosts before transmission begins. This route is called the label-switched path. In other words, routing decisions are made only once, before any packets are sent.

10-14: Multiprotocol Label Switching (MPLS) 2 The first label-switched router adds a Label to each packet. This label contains The number of the label-switched route. The final label- Switched router Removes the label. Other label-switched routers send the packet back out on the basis of the label number.

10-14: MPLS MPLS is transparent to the hosts MPLS Benefits Label-switching routers add and delete the label MPLS Benefits Reduced cost per packet because routing decisions are pre-made before any packets are sent MPLS allows traffic engineering such as quality of service and load balancing to route packets around congestion

Domain Name System (DNS)

10-15: Domain Name System (DNS) Lookup In Chapter 1, We Saw DNS Lookup A host wishes to know the IP address of another host The host only knows the other host’s host name The host sends a DNS request message to a DNS server This message contains the other host’s host name The DNS server sends a DNS response message This message contains the IP address of the other host

10-15: Domain Name System (DNS) Lookup Often the local DNS server (in this case the Hawaii.edu DNS server) will not know the IP address. The local DNS server contacts the authoritative DNS server for the domain of the other host. The remote DNS server sends back the IP address.

10-15: Domain Name System (DNS) Lookup The local DNS server sends this IP address back to the host that sent the DNS request.

Figure 10-16: Domain Name System (DNS) Hierarchy More generally, DNS is a hierarchical naming system for domains, which are collections of resources under the control of an organization A host is only one type of named resource The DNS naming system is hierarchical

Figure 10-16: Domain Name System (DNS) Hierarchy At the top level is the Root, which contains All domains. There are 13 root DNS servers Below the root are Top-level domains by Type (.com, .edu) or by country (.uk, .ch, etc.)

Figure 10-16: Domain Name System (DNS) Hierarchy 2 What companies really want are good second- level domain names, such as Microsoft.com They can then internally name subnets and hosts Every second-level domain must maintain an authoritative DNS server or the hosts in its second-level domain.

Dynamic Host Configuration Protocol (DHCP)

10-17: Dynamic Host Configuration Protocol (DHCP) When a client PC boots up, it realizes that it does not have an IP address for itself. It sends a DHCP Request Message to a DHCP server. This DHCP Request Message asks for an IP address for itself.

10-17: Dynamic Host Configuration Protocol (DHCP) The DHCP server has a pool of IP addresses to manage. It selects one for the client

10-17: Dynamic Host Configuration Protocol (DHCP) The DHCP server sends this IP address to the client PC in a DHCP Response Message This message also contains other configuration information, including a subnet mask, the IP address of the client’s default router, and the IP addresses of the firm’s DNS servers

10-17: DHCP Servers Get Static (Permanent) IP Addresses So that clients can find them Clients Could Also Be Configured Manually with Static IP Addresses But this would be very time-consuming In addition, every time a firm changed the IP addresses of its DNS servers or some other configuration parameter, all clients would have to be changed manually With DHCP, clients always get “fresh” configuration data

Simple Network Management Protocol (SNMP)

10-18: Simple Network Management Protocol (SNMP) Core Elements (from Chapter 1) Manager program Managed devices Agents (communicate with the manager on behalf of the managed device) Management information base (MIB) Stores the retrieved information “MIB” can refer to either the database on the manager or on the database schema

10-18: Simple Network Management Protocol (SNMP) Messages Commands from the manger to the agents Get: Please give me the following data about yourself Set: Please change the following parameters in your configuration to the values contained in this message Responses from the agents to the manager Traps (alarms sent by agents) SNMP uses UDP at the transport layer to minimize the burden on the network

10-18: Simple Network Management Protocol (SNMP) RMON Probes Remote monitoring probes A special type of agent Collects data for a part of the network Supplies this information to the manager Offloads some work from the manager Network Management Agent (Agent), Objects RMON Probe Network Management Software (Manager)

10-18: Simple Network Management Protocol (SNMP) Objects (see Figure 10-19) Objects are NOT managed devices Objects are pieces of data about a managed device E.g., Number of rows in the routing table E.g., Number of discards caused by lack of resources (indicates a need for an upgrade) E.g., Time since last reboot. (If this time is very brief, the device may be failing intermittently and rebooting after each failure.)

10-18: Simple Network Management Protocol (SNMP) Set Commands Dangerous if used by attackers Many firms disable set to thwart such attacks However, if they do, they give up the cost savings from managing remote resources without travel SNMPv1: community string shared by the manager and all devices Shared secrets are very dangerous. If the community string is learned, all devices can be attacked SNMPv3: each manager-agent pair has a different password (strong security)

10-18: Simple Network Management Protocol (SNMP) User Functionality Reports, diagnostics tools, etc. are very important They are not specified in the standard They are added by SNMP manager vendors Critical in selection Alarm Summary Report Manager Administrator Query/Response

10-19: SNMP Object Model System Objects (One Set Per Router or Other Device) System name System description System contact person System uptime (since last reboot)

10-19: SNMP Object Model IP Objects (One Set Per Router or Other Device) Forwarding (for routers). Yes if forwarding (routing), No if not Subnet mask Default time to live Traffic statistics

10-19: SNMP Object Model IP Objects (One Set Per Router or Other Device) Number of discards because of resource limitations Number of discards because could not find route Number of rows in routing table Rows discarded because of lack of space Individual row data (mask, metric, next-hop router, etc.)

10-19: SNMP Object Model TCP Objects (One Set Per Router or Other Device) Maximum/minimum retransmission time Maximum number of TCP connections allowed Opens/failed connections/resets Segments sent Segments retransmitted Errors in incoming segments Number of open port errors Data on individual connections (sockets, states)

10-19: SNMP Object Model UDP Objects (One Set Per Router or Other Device) Error: no application on requested port Traffic statistics ICMP Objects (One Set Per Router or Other Device) Number of errors of various types

10-19: SNMP Object Model Interface Objects (One Set per Interface) Type (e.g., 69 is 100Base-FX; 71 is 802.11) Status: up/down/testing Speed Traffic statistics: octets, unicast/broadcast/multicast packets Errors: discards, unknown protocols, etc.

Directory Servers Store corporate information Hierarchical organization of content LDAP standard for accessing directory servers

10-20: Directory Server Organization and LDAP Directory Server with Hierarchical Object Structure O=organization OU=organizational unit CN=common name University of Waikiki (O) CN=Waikiki Astronomy (OU) Business (OU) CprSci (OU) Centralized management requires centralized information storage Directory servers do this Directory server information is organized in a hierarchy Faculty Staff Routers Chun Ochoa Brown CN Brown E-Mail Brown@waikiki.edu Ext x6782

10-20: Directory Server Organization and LDAP LDAP Request: GET e-mail.Brown.faculty.business.waikiki University of Waikiki (O) CN=Waikiki Astronomy (OU) Business (OU) CprSci (OU) LDAP Response: Brown@waikiki.edu Faculty Staff Routers Most directories use LDAP for data queries: (Lightweight Directory Access Protocol) Chun Ochoa Brown CN Brown E-Mail Brown@waikiki.edu Ext x6782

10-20: Directory Server Organization and LDAP University of Waikiki (O) CN=Waikiki Astronomy (OU) Business (OU) CprSci (OU) Based on the example in the previous slide, give the LDAP request message for Ochoa’s telephone extension Faculty Staff Routers Chun Ochoa Brown CN Brown E-Mail Brown@waikiki.edu Ext x6782

10-21: Active Directory Domains and Domain Controllers

10-21: Active Directory Domains and Domain Controllers

10-21: Active Directory Domains and Domain Controllers

10-21: Active Directory Domains and Domain Controllers

Topics Covered

Topics Covered Planning the Technological Infrastructure What-is analysis Driving forces for change Gaps analysis Options for closing the gaps TCO Scalability

Topics Covered Traffic Management Momentary Traffic Peaks Traditional management approaches Overprovisioning Priority QoS guarantees Traffic Shaping Prevents the network from being overloaded Compression

Topics Covered Network Simulation Stages Economical way to consider alternatives Good for anticipating problems Stages What-is analysis Build the model Validate the model What-if analysis

Topics Covered IP Subnetting Company is given a network part It must divide the remaining bits into a subnet part and a host part Making one part bigger will automatically make the other part smaller More subnets with fewer hosts per subnet Fewer subnets with more hosts per subnet If a part size is N, there can be 2N-2 networks, subnets, or hosts

Topics Covered Network Address Translation (NAT) Security More possible hosts Problems of firewall traversal Multiprotocol Label Switching (MPLS) Decide on best route before sending packets Afterward, per-packet routing decisions are very simple Reduces routing costs Allows traffic engineering

Topics Covered Domain Name System Domain is collection of resources under an organization Local and remote DNS servers Second-level domain names (Microsoft.com, etc.) Dynamic Host Configuration Protocol (DHCP) Give a client PC a fresh IP address and other configuration information Cheaper than manual configuration and reconfiguration

Topics Covered Simple Network Management Protocols (SNMP) Managers, managed devices, agents, objects Security of Set commands RMON probes act as subsidiary managers Objects (information about managed devices, not managed devices) System objects IP, TCP. UDP, ICMP objects Interface objects (one set per interface)

Topics Covered Directory Servers Active Directory Central database for corporate information Organized hierarchically LDAP to retrieve information Active Directory Microsoft’s directory server product Active directory domains Domain controllers with AD databases Replication

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of the publisher. Printed in the United States of America. Copyright © 2009 Pearson Education, Inc.   Publishing as Prentice Hall