بسم اللّه الرّحمن الرّحیم

TCP/IP Protocol Suite لایه ‎ ها در پروتکل TCP/IP دقیقاً با مدل OSI تطابق ندارند. نسخه ‎ ی اصلی پروتکل TCP/IP با چهار لایه تعریف شده است : دسترسی به شبکه، اینترنت، انتقال و کاربرد. اما وقتی TCP/IP با OSI مقایسه می شود می توان گفت که دارای 5 لایه است : فیزیکی، پیوند داده ‎ ها، شبکه، انتقال و کاربرد. 2

TCP/IP Protocol Suit vs. OSI Model 3

OSI Model and TCP/IP Protocol Suite 4

TCP/IP addressing چهار سطح آدرس ‎ دهی در پروتکل TCP/IP استفاده می شود : فیزیکی منطقی پورت آدرس خاصِ لایه ‎ ی کاربرد. 5

TCP/IP addressing 6

Relationship between addressing and layers 7

What is network management? Informal definition Formal definition 8

What is network management? Informal definition Network management refers to the activities associated with running a network, along with the technology required to support those activities. A significant part of running a network is simply monitoring it to understand what is going on. Analogy: Health Care (Intensive Care Unit) Throwing a party 9

What is network management? Formal definition Network management refers to the activities, methods, procedures, and tools that pertain to the operation, administration, maintenance, and provisioning of networked systems. 10

What is network management? Operation deals with keeping the network (and the services that the network provides) up and running smoothly. It includes monitoring the network to spot problems as soon as possible, ideally before a user is affected. Administration involves keeping track of resources in the network and how they are assigned. It deals with all the “housekeeping” that is necessary to keep things under control. Maintenance is concerned with performing repairs and upgrades. Provisioning is concerned with configuring resources in the network to support a given service. 11

ABC of network management (FCAPS) people often group management functions into a set of broad categories that are known as Fault, Configuration, Accounting, Performance, Security (FCAPS) Fault Configuration Accounting Performance Security 12

F is Fault Fault management deals with faults that occur in the network, such as equipment or software failures, as well as communication services that fail to work properly. Fault management is therefore concerned with monitoring the network to ensure that everything is running smoothly and reacting when this is not the case. 13

F is Fault The most important aspect of network monitoring concerns the management of alarms. Alarms are unsolicited messages from the network that indicate that some unexpected event has occurred, which in some cases requires operator intervention. Unexpected events such as:  router detects that one of its line cards is no longer working to a fire alarm  sudden drop in signal quality on a wireless link to a suspected intrusion into the network by an unauthorized user. 14

C is Configuration Configuration management includes functionality to perform operations that will deliver and modify configuration settings to equipment in the network. 15

A is Accounting Accounting management is all about the functions that allow organizations to collect revenue and get credit for the communication services they provide, and to keep track of their use. 16

P is Performance Performance management deals with monitoring and tuning your network for its performance. 17

S is Security management aspects that are related to securing your network from threats, such as hacker attacks, the spread of worms and viruses, and malicious intrusion attempts. 18

Network Management Protocol Simple Network Management Protocol (SNMP) SNMP v1 SNMP v2 SNMP v3 19

What is network monitoring? The term network monitoring describes the use of a system that constantly monitors a computer network for slow or failing components and that notifies the network administrator in case of outages via , pager or other alarms. It is part of network management. 20

What is network monitoring? In network management terms, network monitoring is the phrase used to describe a system that continuously monitors a network and notifies a network administrator through messaging systems (usually ) when a device fails or an outage occurs. Network monitoring is usually performed through the use of software applications and tools. At the most basic level, ping is a type of network monitoring tool. 21

What is network monitoring? The process of obtaining the status and configuration information of the various elements of a computer system and consolidating that information. Information consolidation involves  Preparing reports  Cleaning of the raw-monitored information  Consolidation of the monitored information into more compact representations 22

Types of Monitored Information Status Information  Not be on  Turned on and functioning properly  Turned on but not functioning properly Configuration Information  All modifiable attributes of elements 23

Types of Monitored Information Usage Information  All attributes regarding Throughput of elements o Web server: Number of HTTP requests o Mail server: Number of messages processed o Router: Number of packets transmitted Number of active users an element supports Performance Statistics  Performance metrics such as Delay SNR 24

Types of Monitored Information Error Information Information about faults and incorrect operations at elements Topology Information Changes to the topology (Why just changes?) 25

Data Collection Techniques  Passive Observes the happenings in the system, via agents installed on devices.  Active Sends requests into the system in order to retrieve the desired information. 26

Passive Monitoring SNMP Traps: enable an agent to notify the management station of significant events by way of an unsolicited SNMP message 27

Active Monitoring Servers  Agent-based  Agent-less Networks  SNMP agents  Ping  Trace route 28

29 Question & Answer

Active Monitoring Applications –Each application is a manipulator of information –State of an application Set of information the application maintains –CRUD Transactions Read and some types of updates are safe for monitoring For other transactions –Use of dummy information »Dummy bank accounts »Dummy URLs –Two canceling transactions –N canceling transactions –Recovery mechanisms needed 30

Passive Monitoring Applications  Log files Locally processed Remotely processed Log rotation must be considered  Proxies Servers  Agents  Available commands and available standards  Server overloading must be considered 31