NETWORK MANAGEMENT Semester 4, Chapter 7

The Administrative Side of Network  Management

A network is a collection of devices that interact with one another to provide communication. When a network administrator looks at a network, it should be as a whole instead of individual parts.

The important thing to remember when dealing with a network is to view it as a single unit opposed to a group of individual connected devices. This also applies to the wide area connections that are used when connecting to the Internet

It is important to know the responsibilities of the network staff.

Network costs Maintaining, upgrading, and monitoring the network Network growth over time Technical and user training, repairs, and software deployment The cost of redundant equipment for mission critical operations

When problems arise, some form of error document should be generated

PING - AN IMPORTANT NETWORK TEST! The two primary reasons for network monitoring are: 1) predicting changes for future growth 2) detecting unexpected changes in network status PING - AN IMPORTANT NETWORK TEST! FOR LARGE NETWORKS Ping a few of the important hosts, servers, routers, and switches to verify their connectivity

Network monitoring looks at the actual packet traffic on the network and generates reports based upon the network traffic. Monitor examples Microsoft Windows NT network monitor Fluke's Network Analyzer :

Management Station: The management station is the network manager's interface into the network system. It has the programs to manipulate data from and control the network. The management station also maintains a database of management information (MIB) extracted from the devices under its management.

Management Agent: Component that is contained in the devices that are to be managed. Bridges, routers, hubs, and switches may contain SNMP agents . The management agent responds to the management station in two ways. Polling - the management station requests data from the agent and the agent responds with the requested data. 2) Trapping is a data gathering method designed to reduce traffic on the network and processing on the devices being monitored. Thresholds (top or bottom limits) are set on the managed device. If this threshold on the device is exceeded, the managed device will send an alert message to the management station.                   

Management Information Base(MIB): The management information base has a database structure and is resident on each device that is managed. The database contains a series of objects, which are resource data gathered on the managed device. Some of the categories in the MIB include Port interface data, TCP data, and ICMP data.

Network Management Protocol: The network management protocol used is SNMP. SNMP is an application layer protocol SNMP is designed to communicate data between the management console and the management agent. It has three key capabilities. The ability to GET, the management console retrieving data from the agent, PUT, the management console setting object values on the agent, and TRAP, the agent notifying the management console of significant events

One of the greatest enhancements to SNMP is called Remote Monitoring (RMON). RMON extensions to SNMP give the ability to look at the network as a whole as opposed to looking at individual devices.

RMON PROBES Probes gather remote data in RMON. A probe has the same function as a SNMP agent. A probe has RMON capabilities; an agent does not. When working with RMON, as with SNMP, a central management console is the point of data collection An RMON probe is located on each segment of the network monitored. These probes can be dedicated hosts, resident on a server, or included in a standard networking device such as a router or switch. probes gather the specified data from each segment and relay it to the management console.

Redundant management consoles Two major benefits to network management processes: ability to have more than one network administrator in different physical locations monitor and manage the same network Having two or more management consoles means that if one of the consoles fails, the other console still can be used to monitor and control the network until the first console is repaired. (ie. Redundancy)

The Ethernet Statistics Group Contains statistics gathered for each monitored subnetwork. These statistics include counters (incremental that start from zero) for bytes, packets, errors, and frame size. The other type of data reference is an index table. The table identifies each monitored Ethernet device, allowing counters to be kept for each individual Ethernet device. The Ethernet Statistics Group provides a view of the overall load and health of a subnetwork by measuring different types of errors including CRC, collisions, over and under-sized packets.

The History Control Group Contains a data table that will record samples of the counters in the Ethernet Statistics Group over a specified period of time. The default time: every thirty minutes table size is fifty entries total of twenty-five hours of continuous monitoring These samples provide a baseline of the network and can be used to compare against the original baseline to resolve problems or to update the baseline as the network changes.

The Alarm Group Thresholds set, and when met, a message or alarm will be sent to the specified people This process, known as an error trap, can automate many functions OR

The Host Group Contains counters maintained about each host discovered on the subnetwork segment. Counter categories maintained are: Packets, Octets, Errors, and Broadcasts. Example: Total packets, Packets received, Packets sent, along with many counters specific to the type of item. The Host TOPN Group Prepares reports about a group of hosts that top a statistical list based on a measured parameter. Ex: A report could be generated for the top ten hosts generating broadcasts for a day or most packets transmitted during the day. Easy way to determine who and what type of data traffic most occupies the selected subnetwork

The Matrix Group Records the data communication between two hosts on a subnetwork data is stored in the form of a matrix (a multi- dimensional table). Examples: one report might show all users of a particular server, while another report shows all the servers used by a particular host.  

The Filter Group Provides a way that a management console can instruct an RMON probe to gather selected packets from a specific interface on a particular subnetwork. Based on the use of two filters, the DATA and the STATUS filter. The data filter is designed to match or not match particular data patterns The status filter is based on the type of packet looked at

The Packet Capture Group Allows the administrator to specify a method to use to capture packets that have been selected by the Filter Group Administrator can look at the exact detail for packets that meet the basic filter The Event Group Contains events generated by other groups in the MIB database The Token-Ring Group Contains counters specific to token-ring networks

Remember that RMON is an extension to the SNMP protocol . SNMP is still required for RMON to operate on a network. Later revisions of both SNMP and RMON. They are labeled as SNMPv2 and RMON2.

Know all points – if “this” then “that” scenario. The first step in network troubleshooting is the definition of the problem Know all points – if “this” then “that” scenario.

The first and most important thing is to use your engineering journal and take notes. Another essential element of preemptive troubleshooting is labeling The Process of Elimination and Divide and Conquer techniques are the most successful methods for networking troubleshooting The following slides will show various tools of the network administrator.

Ping Sends ICMP echo packets to verify Ping [-t] [-a] [-n count] [-l length] [-f] [-i ttl] [-r count] destination -t ping until interrupted -a resolves host name and ping address -n counts the number of pings -l length - send specified size echo packets -f DO NOT FRAGMENT command sent to gateways -I ttl sets the TTL field -r count records the route of the outgoing and returning packets Destination specifies the remote host to ping, by domain name or by IP address

Tracert (Traceroute) This utility shows the route a packet took to reach its destination (Based on TTL – time to live). Tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name -d specifies IP addresses shouldn't be resolved to host names -h max_hops Maximum number of hops searched -j host-list specifies the loose source route -w timeout waits the number of milliseconds specified for each reply Telnet This is a terminal emulation program that will allow you to run interactive commands on the telnet server.

Netstat [-a] [-e] [-n] [-s] [-p proto] [-r] [interval] Netstat Displays protocol statistics and current TCP/IP network connections. Netstat [-a] [-e] [-n] [-s] [-p proto] [-r] [interval] -a Displays all connections and listening ports. (Server-side connections are normally not shown) eDisplays Ethernet statistics. This may be combined with the -s option -n Displays addresses and port numbers in numerical form -p proto Shows connections for the protocol specified by proto; proto may be tcp or udp-r Displays the contents of the routing table -s Displays per-protocol statistics. By default, statistics are shown for TCP, UDP and IP -p option may be used to specify a subset of the default interval Redisplays selected statistics, pausing interval seconds between each display

ARP Used to gather hardware addresses of local hosts and the default gateway, you can view the ARP cache and check for invalid or duplicate entries arp -a [inet_addr] [-N [if_addr]] arp -d inet_addr [if_addr] arp -s inet_addr ether_addr [if_addr] -a or –g Displays the current contents of the arp cache -d Deletes the entry specified by inet_addr -s Adds a static entry to the cache -N Displays the arp entries for the specified physical address inet_addr IP address, in dotted decimal formatif_addr IP address whose cache should be modified ether_addr The MAC address in hex separated by hyphens

/allall information about adapter(s) IPconfig (Windows NT)/WinIPcfg (Windows 95-98) IPconfig [/all | /renew [adapter] | /release [adapter]] /allall information about adapter(s)  /renew renew DHCP lease information for all local adapters if none is named /release release DHCP lease information disabling TCP/IP on this adapter

Network Monitoring ensures a happy network! THE END