Network Management Chapter 10 Revised January 2007 Panko’s Business Data Networks and Telecommunications, 6th edition Copyright 2007 Prentice-Hall May only be used by adopters of the book

Network Simulation Software

Figure 10-1: Network Simulation Build a model, study its implications More economical to simulate network alternatives than to build several networks and see which one is best Purposes Compare alternatives to select the best one Sensitivity analysis to see what will happen if the values of variables were varied over a range Anticipating bottlenecks because procurement cycles are long in business, so problems must be anticipated well ahead of time

Figure 10-1: Network Simulation What Is: the existing situation R7 Net 1 Net 4 Utilization in Peak Hour 95% Net 2 Too high! Net 5 What Is analysis: Describe the current situation. Problem: Utilization in the peak hour Is too high (95%); this will create many momentary overloads Net 3 Net 6

Figure 10-1: Network Simulation What-If: See the Impact of a Change R7 Net 1 Net 4 Est. Utilization in Peak Hour 70% Added Router Added Link R3 Net 2 Net 5 What If analysis: What will happen if something is done? Adding a new link between R3 and Net5 will give good peak hour utilization. Net 3 Net 6

Figure 10-1: Network Simulation The Simulation Process: Step 1: Before the Simulation, Collect Data Data must be good Otherwise, GIGO (garbage in, garbage out) Collect data on the current network Forecast growth

Figure 10-2: OPNET IT Guru Node Template Work Area Dragged Icon The Process: 2. Add node icons to the simulation Work Area (clients, servers, switches, routers, etc.) Drag from the Object Palette Object Palette

Figure 10-4: Configured Simulation Model 3. Specify the topology by adding transmission lines between nodes (and specifying line speeds). Click on two nodes, click on a transmission line icon in the object palette.

Figure 10-3: Configuring a Frame Relay CIR 4. Configure EACH node and transmission lines (IP Time-to-Live value, etc.). In this case, Frame Relay burst speed rate.

Figure 10-4: Configured Simulation Model 5. Add applications, which generate traffic data Applications

Figure 10-1: Network Simulation 6. Run the simulation for some simulated period of time Examine the output to determine implications Validate the simulation if possible (compare with actual data to see if it is correct)

Figure 10-5: What-If Analysis 7. Do what-if analyses, trying different alternatives.

IP Subnetting

IP Subnetting IP Addresses always are 32 bits long The firm is assigned a network part Usually with 8 to 24 bits The firm can assign the remaining bits to the subnet part and the host part Different choices give different numbers of subnets and hosts per subnet, as in the following examples Firms must trade-off the number of subnets and the number of hosts per subnet in a way that makes sense for their organizational situation

IP Subnetting If a part has N bits, it can represent 2N-2 subnets or hosts per subnet 2N because if you have N bits, you can represent 2N possibilities Minus 2 is because you cannot have a part that is all zeros or all ones Part Size (bits) 2N 2N-2 4 24 = 16 16-2 = 14 8 ? ? 10 ? ? 12 4,096 4,094 16 65,536 65,534

Figure 10-6: IP Subnetting Step Description 1 Total size of IP address (bits) 32 By Definition 2 Size of network part assigned to firm (bits) 16 Assigned to the firm 3 Remaining bits for firm to assign 16 Bits for the firm to assign 4 Selected subnet/host part sizes (bits) 8 / 8 The firm’s decision Number of possible Subnets (2N-2) 254 (28-2) Number of possible hosts per subnets (2N-2) 254

Figure 10-6: IP Subnetting Step Description 1 Total size of IP address (bits) 32 By Definition 2 Size of network part assigned to firm (bits) 16 Assigned to the firm 3 Remaining bits for firm to assign 16 Bits for the firm to assign 4 Selected subnet/host part sizes (bits) 6/10 The firm’s decision Number of possible Subnets (2N-2) 62 (26-2) Number of possible hosts per subnets (2N-2) 1,022

Figure 10-6: IP Subnetting Step Description 1 Total size of IP address (bits) 32 By Definition 2 Size of network part assigned to firm (bits) 8 Assigned to the firm 3 Remaining bits for firm to assign 24 Bits for the firm to assign 4 Selected subnet/host part sizes (bits) 12/12 The firm’s decision Number of possible Subnets (2N-2) 4,094 Number of possible hosts per subnets (2N-2) 4,094

Figure 10-6: IP Subnetting Step Description 1 Total size of IP address (bits) 32 By Definition 2 Size of network part assigned to firm (bits) 8 Assigned to the firm 3 Remaining bits for firm to assign 24 Bits for the firm to assign 4 Selected subnet/host part sizes (bits) 8/16 The firm’s decision Number of possible Subnets (2N-2) 254 Number of possible hosts per subnets (2N-2) 65,534

Figure 10-6: IP Subnetting Step Description 2 Size of network part assigned to firm (bits) 20 3 Remaining bits for firm to assign 12 Added Selected subnet part sizes (bits) 4 4 Selected host part sizes (bits) ? Number of possible Subnets (2N-2) ? Number of possible hosts per subnets (2N-2) ?

Figure 10-6: IP Subnetting Step Description 2 Size of network part assigned to firm (bits) 20 3 Remaining bits for firm to assign 12 Added Selected subnet part sizes (bits) 6 4 Selected host part sizes (bits) ? Number of possible Subnets (2N-2) ? Number of possible hosts per subnets (2N-2) ?

Directory Servers Store corporate information Hierarchical organization of content LDAP standard to access directory servers

Figure 10-7: Hierarchical Directory Server Name Space Directory Server with Hierarchical Object Structure O=organization OU=organizational unit CN=common name University of Waikiki (O) CN=Waikiki Astronomy (OU) Business (OU) CprSci (OU) Faculty Staff Routers Centralized management requires Centralized information storage. Directory servers provide this. Directory servers are organized as hierarchies Chun Ochoa Brown CN Brown E-Mail Brown@waikiki.edu Ext x6782

Figure 10-7: Hierarchical Directory Server Name Space LDAP Request: GET e-mail.Brown.faculty.business.waikiki University of Waikiki (O) CN=Waikiki Astronomy (OU) Business (OU) CprSci (OU) LDAP Response: Brown@waikiki.edu Faculty Staff Routers Most directories use LDAP for data queries: (Lightweight Directory Access Protocol.) Chun Ochoa Brown CN Brown E-Mail Brown@waikiki.edu Ext x6782

Figure 10-7: Hierarchical Directory Server Name Space University of Waikiki (O) CN=Waikiki Astronomy (OU) Business (OU) CprSci (OU) Based on the example in the previous slide, give the LDAP request message for Ochoa’s telephone extension: Faculty Staff Routers Chun Ochoa Brown CN Brown E-Mail Brown@waikiki.edu Ext x6782

Configuring Routers Needed to set up new routers Needed to change operation of existing routers Time consuming and an important skill

Cisco dominates the router market Routers are computers Figure 10-8: Cisco Internetwork Operating System (IOS) Command Line Interface (CLI) Cisco dominates the router market Routers are computers They have operating systems The Cisco operating system is called the Internetwork Operating System (IOS) IOS is also used in other Cisco products IOS uses a command line interface (CLI) Type complex commands at a prompt: Router#hostname julia

Figure 10-8: Cisco Internetwork Operating System (IOS) Command Line Interface (CLI) Comment Router>enable[Enter] Router> is the prompt. The “>” shows that the user is in non-privileged mode. This command enables privileged mode so that user can take supervisory actions. User must enter the enable secret. Note: All commands end with [Enter]. Enter is not shown in subsequent commands.

Figure 10-8: Cisco Internetwork Operating System (IOS) Command Line Interface (CLI) Comment Router#hostname julia Prompt changes to “#” to indicate that user is in privileged mode. User gives the router a name, julia. julia#config t Enter configuration mode. The t is an abbreviation for terminal.

Figure 10-8: Cisco Internetwork Operating System (IOS) Command Line Interface (CLI) Comment julia(config)#int e0 The prompt changes to julia(config) to indicate that the user is in configuration mode. User wishes to configure the first Ethernet interface, e0. (Router has two Ethernet interfaces, 0 and 1.) julia(config-if)#ip address 10.5.0.6 255.255.0.0 User gives interface e0 an IP address (10.5.0.6) and a subnet mask (255.255.0.0). (Every router interface must have a separate IP address.) The IP subnet is 5.

Figure 10-8: Cisco Internetwork Operating System (IOS) Command Line Interface (CLI) Comment julia(config-if)#no shutdown This is an odd one. The command to shut down an interface is “shutdown”. Correspondingly, “no shutdown” turns the interface on. julia(config-if)# Ctrl-Z User types Ctrl-Z (the key combination, not the letters) to end the configuration of e0.

Figure 10-8: Cisco Internetwork Operating System (IOS) Command Line Interface (CLI) Comment julia(config)#int s1 Next, the user wishes to configure the Second serial interface, s1. (Router has two serial interfaces, 0 and 1.) julia(config-if)#ip address 10.6.0.1 255.255.0.0 User gives the interface an IP address and subnet mask. The subnet is 6. julia(config-if)#no shutdown Turns on s1. julia(config-if)# Ctrl-Z Ends the configuration of s1.

Figure 10-8: Cisco Internetwork Operating System (IOS) Command Line Interface (CLI) Comment julia# router rip Enables the Router Information Protocol (RIP) routing protocol. julia#disable Takes user back to non-privileged mode. This prevents anyone getting access to the terminal from making administrative changes to the router. julia> The user is now in non-privileged mode

Figure 10-8: Cisco Internetwork Operating System (IOS) Command Line Interface (CLI) Give the commands to configure Ethernet interface 2 with the IP address 192.168.47.3. Do not show Enters. Do show the prompts. Julia>

Network Management Utilities

Figure 10-9: Network Management Utilities Network management utilities are programs to help network managers administer the network Security Concerns Danger: management tools can be used to make attacks So policies should limit these tools to certain employees and to certain purposes Firewalls block many network management tools to avoid attacks

Figure 10-9: Network Management Utilities Windows PC Diagnostic Tools Normally, the network connection to the Internet is set up automatically If it is not setup, the Network Setup Wizard will set it up To test your connection Simply open the browser and see if you can connect to a known website If the connection works but seems slow Ping a host to see if latency is acceptable

Figure 10-9: Network Management Utilities Windows PC Diagnostic Tools If there is no connection, do loopback testing and ipconfig/winipconfig At the command line, Ping 127.0.0.1. This is the loopback interface (you ping yourself) If it works, the problem is likely to be in the network. For detailed information on the connection: ipconfig /all or winipconfig (older versions of Windows) This can let you see if your IP address is reasonable, your network mask is correct, etc.

Figure 10-9: Network Management Utilities Windows PC Diagnostic Tools If you suspect your NIC in Windows XP Right-click on a connection and select Properties Select the NIC and hit the Configuration button The dialog box that appears will show you the status of the NIC It also offers a Troubleshooting wizard if the NIC is not working

Figure 10-9: Network Management Utilities Windows PC Diagnostic Tools Packet capture and display programs Capture data on individual packets Allows extremely detailed analysis of the traffic You can look at individual packet data or summaries WinDUMP is a popular packet capture and display program on Windows So is Ethereal

Figure 10-9: Network Management Utilities Command prompt>tcpdump www2.pukanui.com  7:50.10.500020 10.0.5.3.62030 > www2.pukanui.com.http: S 800000050:800000050(0) win 4086 <mss1460> 7:50.10.500020 is the time 10.0.5.3.62030 is the source host (62030 is the port number) www2.pukanui.com.http is the destination host. Its port is http (80) WinDUMP from Ch. 8a

Figure 10-9: Network Management Utilities 7:50.10.500020 10.0.5.3.62030 > www2.pukanui.com.http: S 800000050:800000050(0) win 4086 <mss1460> S indicates that the SYN flag is set 800000050:800000050(0) Seq. No. and length Win 4086 is the window size (for flow control) <mss1460> is an option that sets the maximum segment size (size of the TCP data field) to 1460 octets WinDUMP from Ch. 8a

Figure 10-9: Network Management Utilities 7:50.10.500030 www2.pukanui.com.http > 10.0.5.3.62030 : S 300000030:300000030(0) ack 800000051 win 8760 <mss1460> SYN/ACK from the webserver 7:50.10.500040 10.0.5.3.62030 > www2.pukanui.com.http: . ack 1 win 4086 ACK to finish 3-way open Change in sequence number to simple numbering (1) WinDUMP from Ch. 8a

Figure 10-11: EtherPeek Packet Capture and Summarization Program Summarization in a packet capture and analysis program

Figure 10-9: Network Management Utilities Windows PC Diagnostic Tools Connection analysis At the command line, netstat shows active connections This can identify problem connections Figure 10-12 Spyware running on Port 3290

Figure 10-9: Network Management Utilities Route Analysis Tools To test the route to another host (1) Ping gives the latency of a whole route (2) Tracert gives latencies to each router Note the high latency between R2 and R3. This could indicate a network problem. (1) Ping 275 ms R1 R2 R3 (2) Tracert 250 ms 25 ms 75 ms 225 ms 150 ms (Problem?)

Figure 10-9: Network Management Utilities Network Mapping Tools To understand how the network is organized Discovering IP addresses with active devices Fingerprinting them to determine their operating system (client, server, or router) A popular network mapping program is nmap (shown in Chapter 9) Loved by hackers Use carefully: Can crash some hosts

Simple Network Management Protocol (SNMP)

Figure 10-13: Simple Network Management Protocol (SNMP) A protocol for remotely managing network devices from a centralized device For many tasks, avoid the expense of traveling to many devices SNMP standardizes remote management communication Collects information from remote devices to give the network administrator an overview of the network Optionally, allows the network administrator to reconfigure remote devices Potential for large labor cost savings

Figure 10-13: Simple Network Management Protocol (SNMP) Software (Manager) Managed Device Manager manages multiple managed devices from a central location RMON Probe

Figure 10-13: Simple Network Management Protocol (SNMP) Agent (Agent), Objects Network Management Software (Manager) Network Management Agent (Agent), Objects Manager talks to a network management agent on each managed device—not to the managed device directly. <Read the text box.> <Analogy: When you want to hire an actor, you usually must talk to his or her agent rather than directly to the actor.> RMON Probe

Figure 10-13: Simple Network Management Protocol (SNMP) Agent (Agent), Objects Network Management Software (Manager) Network Management Agent (Agent), Objects RMON (remote monitoring) probe is a special agent that collects data about multiple devices in a region of in the network. It is like a local manager that can be queried by the main manager. <Read the text box.> RMON Probe

Figure 10-13: Simple Network Management Protocol (SNMP) Information Base (MIB) Network Management Software (Manager) Management Information Base (MIB) Management Information Base (MIB) <Read the text box.> MIB stores data about devices. MIB on manager stores all. MIB on device stores local information RMON Probe

Figure 10-13: Simple Network Management Protocol (SNMP) Software (Manager) 1. Command (Get, Set, etc.) 2. Response 3. Trap (Alarm) Initiated by a Managed Device <This slide shows the three types of messages that can be sent using the Simple Network Management Protocol (SNMP).> <Go through the command-response cycle (1) and (2). The Get command asks for data. The Set command changes the configuration of the remote device.> <Then note that if agents on managed devices sense a problem, they do not wait for the manager to initiate action. They send an alarm message called a trap in SNMP.> Simple Network Management Protocol (SNMP) Messages RMON Probe

Figure 10-14: SNMP Object Model Management Information Base (MIB) SNMP Object Model The MIB database schema Defines objects (parameters) about which information is stored for each managed device SNMP System Objects System name System description System contact person System uptime (since last reboot) … <Read the slide.> System uptime is a good diagnostic tool. If the time since the last reboot is very short, this could indicate an intermittent failure that is causing the device to reboot frequently.

Figure 10-14: SNMP Object Model Management Information Base (MIB) SNMP IP Objects Forwarding (for routers). Yes if forwarding (routing), No if not Subnet mask Default time to live Traffic statistics Number of discards due to resource limitations … <Read the slide.> The number of discards due to resource limitations is important because it indicates that a router is running out of capacity and cannot handle the traffic load.

Figure 10-14: SNMP Object Model Management Information Base (MIB) SNMP IP Objects (Continued) Number of discards because could not find route Number of rows in routing table Rows discarded because of lack of space Individual row data in the routing table … <Read the slide.> The number of rows discarded due to lack of memory space is important because the existence of many discards indicates that the router is running out of memory. Note that you can retrieve data on individual rows.

Figure 10-14: SNMP Object Model Management Information Base (MIB) SNMP TCP Objects Maximum / minimum retransmission time Maximum number of TCP connections allowed Opens / failed connections / resets Segments sent Segments retransmitted Errors in incoming segments No open port errors Data on individual connections (sockets, states) … Now we will look at TCP objects in the MIB. Only host computers have TCP objects. Routers only have IP objects. <Read the slide.> <If the minimum retransmission time is too small, many segments will be resent needlessly. Segments retransmitted will be high.>

Figure 10-14: SNMP Object Model Management Information Base (MIB) SNMP UDP Objects Error: no application on requested port Traffic statistics SNMP ICMP Objects Number of error messages of various types <Read the slide.> < “Error: no application on requested port” can indicate attacks. If this number is large, an attacker may be trying a port scan.> <Certain ICMP error messages also are good indicators that an attack is underway—for instance, if there are many pings.>

Figure 10-14: SNMP Object Model Management Information Base (MIB) SNMP Interface Objects (One per Port) Type (e.g., 69 is 100Base-FX; 71 is 802.11) Status: up / down / testing Speed MTU (maximum transmission unit—the maximum packet size) Traffic statistics: octets, unicast / broadcast / multicast packets Errors: discards, unknown protocols, etc. SNMP interface (port) objects describe what is happening on a single interface. Many devices, such as routers, have multiple ports. There is one set of SNMP interface object for each port. So if a router has a dozen ports, it will have a dozen different interface object sets. <Read the slide.> <You can use the Get command to change the interface to testing mode, turn it on (up mode), or stop traffic from flowing through it (down mode).>

Traffic Management Capacity is expensive; it must be used wisely <Read the text box.> Capacity is expensive; it must be used wisely Especially in WANs, where capacity is expensive

Figure 10-15: Traffic Management Methods Traditional Approaches Overprovisioning In Ethernet, install much more capacity than is needed most of the time This is wasteful of capacity Unacceptable in WANs, where capacity is expensive Does not require much ongoing management labor <Read the slide.>

Figure 10-15: Traffic Management Methods Traditional Approaches Priority In Ethernet, assign priority to applications based on sensitivity to latency In momentary periods of congestion, switch sends high-priority frames through Substantial ongoing management labor Used heavily in WANs <Read the slide.>

Figure 10-15: Traffic Management Methods Traditional Approaches QoS Reservations In ATM, reserve capacity on each switch and transmission line for an application Allows strong QoS guarantees for voice traffic Wasteful if the reserved capacity is not sued Highly labor-intensive Usually, data gets the scraps—capacity that is not reserved for voice <Read the slide.>

Figure 10-15: Traffic Management Methods Traffic Shaping The Concept Control traffic coming into the network at access switches Like the doorman in a night club Filter out unwanted applications Give a maximum percentage of traffic to other applications Prevents congestion from starting instead of just coping when congestion occurs— controls the on ramp to the network <Read the slide.> The other methods we have seen—overprovisioning, priority, and QoS—merely cope with congestion. They cannot avoid it.

Topics Covered

Topics Covered Network Simulation IP Subnetting Study before you install equipment There is a process to follow What Is versus What If IP Subnetting Must balance number of subnets with number of hosts per subnet A part with N bits can support 2N-2 subnets or hosts

Topics Covered Directory Servers Configuring Routers Centralized storage of information Hierarchical organization LDAP is the protocol for data queries Configuring Routers Cisco IOS command line interface (CLI) Worked through a simple example Network Management Utilities Diagnose a network connection for a client PC

Topics Covered Simple Network Management Protocol (SNMP) Protocol for managing network devices remotely Manager, managed device, agent, RMON probe Management information base (MIB) SNMP messages: commands and responses, traps Traffic Management Overprovisioning Priority QoS reservations Traffic shaping: prevent congestion from occurring