Introduction to Network Management 6 May 2003 C.S. Hong Spring 2003

Contents SNMP Management Information XML-based Network Management SNMP Management Concepts SNMP Management Information XML-based Network Management Network Monitoring Spring 2003

SNMP Network Management Concepts Spring 2003

Introduction ICMP (Internet Control Message Protocol) for transferring control message from routers and other hosts to a host : the late 1970s useful features : echo/echo-reply message pair, time stamp and time stamp reply message pair a management tool : PING (Packet Internet Groper) verifying the operation of a server observing variations in round-trip times and in datagram loss rates Internet growing in the late 1980s SGMP (Simple Monitoring Protocol) in Nov. 1987 ----> SNMP HEMS (High-level Entity Management System) : generalization of Host Monitoring Protocol (HMP) CMIP over TCP/IP (CMOT) Spring 2003

Introduction (cont’d) In 1988, IAB approved further development of SNMP as short-term solution and CMOT as the long-term solution As a short-term solution immediate implementation of SNMP based on SGMP TCP/IP based network IETF was responsible for the implementation keep the protocol simple focus on fault and configuration management As a long-term solution CMIS/CMIP for future requirements developed by the ISO non protocol specific (for use of all network devices) Spring 2003

Evolution of SNMP Development of a remote monitoring capability for SNMP RMON (Remote Monitoring) MIB and addition to SNMP MIB for monitoring Vendor-independent SNMP MIB and Vendor-specific SNMP MIB SNMP v2 : dealing with security aspects developed by members of the networking community in 1993, and revised in 1995 solve some of deficiencies with SNMP only for IP network relatively unsecured efficient table retrieval SNMP v3 in 1998 : specifying use of cryptographic algorithms Spring 2003

SNMP-Related Standards by IETF Foundation specifications Structure and Identification for Information for TCP/IP-based networks (RFC 1155) Management Information Base for Network Management of TCP/IP-based Internet: MIB-II (RFC 1213) Simple Network Management Protocol (RFC 1157) Spring 2003

Network Management Architecture and Its Key Elements for TCP/IP Network Management station having : a set of management application for data analysis and fault recovery an interface for the network manager to monitor and control the network a database of information extracted from the MIBs of all the managed entities in the network the capability of translating the network manager’s requirements into the actual monitoring and control of remote elements in the network Management agent managed from a management station providing the management station with important but unsolicited information Spring 2003

Network Management Architecture and Its Key Elements for TCP/IP Network (cont’d) MIB (Management Information Base) representing resources as objects data variables representing one aspect of the managed agent management station performs the monitoring function by retrieving the value of MIB objects Network management protocol linking management station and agents key capabilities of SNMP get : retrieving the value of objects at the agent set : setting the value of objects at the agent trap : notifying the management station of significant events Spring 2003

Network Management Protocol Architecture SNMP implemented on the top of UDP ( or TCP), IP and relevant network-dependent protocol (ex, Ethernet, FDDI, X.25, ATM,…) Agent Process User process SNMP FTP, etc UDP TCP IP Network-dependent Protocol Manager Process SNMP UDP Agent Process User processes Router Host Management station Network manager Central MIB Internetwork Spring 2003

SNMP management station Types of SNMP Messages SNMP agent SNMP management station SNMP agent UDP IP Network-dependent protocols Managed resources SNMP Manager UDP IP Network-dependent protocols Application manages objects Management application SNMP managed objects GetRequest GetNextRequest SetRequest GetRequest Trap GetNextRequest SetRequest GetResponse GetResponse Trap SNMP Messages Network or Internet Spring 2003

Proxies Proxy agent Management station Mapping function Proxied device Manager Process SNMP UDP IP Network-dependent Protocol Management Process Protocol architecture used by proxied device Network-dependent Agent Process SNMP UDP IP Network-dependent Protocol Protocol architecture used by proxied device Network- dependent Protocol Spring 2003

SNMP Management Information Spring 2003

SNMP Management Information Database containing information about the elements to be managed : MIB Each resource to be managed, to be represented by object MIB : structured collection of such object having the form of tree Structure of Management Information (SMI) Specified in RFC 1155 Providing a standardized technique for defining the structure of a particular MIB Providing a standardized technique for defining individual objects, including the syntax and the value of each object Providing a standardized technique for encoding object values SMI Data Type Additions To Structure of Management Information Version 2 (SMIv2) and Structure of Management Information Version 1 (SMIv1) : draft-perkins-smi-addition-00.txt The new data types are Integer64, Unsigned64, Float, Double, and DiscUnion (discriminated union) Spring 2003

Defining objects MIB (Management Information Base) a precise definition of the information accessible through a network management protocol each device must use the format for displaying information that is defined by the MIB RFC 1052 define an extended MIB for use with SNMP and CMIS/CMIP is no longer realistic RFC 1065: “Structure and Identification of Management Information for TCP/IP based Internets (SMI)” describe the syntax and type of information available in the MIB for TCP/IP networks RFC 1066 use the rules of the SMI present the first version of the MIB for TCP/IP known as MIB-I Spring 2003

Defining objects (cont’d) RFC 1155 (SMI) RFC 1065 later was adopted by the IAB as a full standard four primitive data type INTEGER 32bit value in two’s complement representation -2147483648 ~ 2147483647 OCTET STRING zero or more octets 0 ~ 255 represent a text string OBJECT IDENTIFIER a sequence of integers traverse a hierarchical MIB tree NULL Spring 2003

Defining objects (cont’d) RFC 1156 allow for expansion of the MIB for vendor specific enhancement RFC 1158 propose a second MIB (MIB-II) extend the information base defined in MIB-I Note: most network devices have software agent that support MIB-II and their own private extensions Each MIB would focus on a specific technology RFC 1743: IEEE 802.5 Token Ring Interface type MIB RFC 1757: Remote Network Monitoring MIB (RMON) RFC 1513: FDDI Interface type MIB RFC 1493: Bridge MIB Spring 2003

MIB Structure Leaf objects of the tree to be actual managed objects to represent some resource, activity, or related information Object identifier : a unique identifier for particular object type Serving as the name of an object internet OBJECT IDENTIFIER :: = { iso (1) org(3) dod (6) 1} therefore, internet node’s object ID : 1.3.6.1 four nodes under the internet node directory mgmt ----> mib-1, mib-2 experimental private Spring 2003

MIB Structure (cont’d) Object Identifier ISO ASN.1 (Abstract Syntax Notation One) Syntax a subset of ASN.1 defines the syntax for the MIB use the tree architecture to organize all available information labeled node object identifier (OID) and text description Object ID consisting of sequence of integers for example : object ID for tcpConnTable : 1.3.6.1.2.1.6.13 iso org dod internet mgmt mib-2 tcp tcpConnTable 1 3 6 1 2 1 6 13 Spring 2003

MIB Tree Traversal of the MIB tree root node itu-t (0), administered by the ITU-T iso (1), administered by the ISO joint-iso-itu-t (2), jointly administered by ISO and ITU-T internet: OID= 1.3.6.1 or {iso org(3) dod(6), 1} ITU-T(0) ISO(1) joint-ISO-ITU-T (2) …. org(3) ….. ….. dod(6) ….. ….. internet (1) ….. directory(1) …… mgmt(2) …. Experimental(3) private(4) mib(1) enterprises(1) Spring 2003

MIB Tree (cont’d) directory (1) reserved for future use mgmt(2) MIB-I originally assigned OID 1.3.6.1.2.1 or {mib 1} MIB-I has been superseded by MIB-II system(1): network device operating system interfaces(2): network interface specific address translation(3): address mappings ip(4): Internet protocol specific icmp(5): ICMP specific tcp(6): transmission protocol specific udp(7): user datagram protocol specific egp(8): exterior gateway protocol specific cmot(9): CMIP on TCP specific transmission(10): transmission media specific snmp(11): SNMP specific Spring 2003

MIB Tree (cont’d) experimental (3) experimental protocols and MIB development intended to enter the standards track private(4) used to specify objects defined unilaterally enterprises(1) or {private 1} an organization that has registered its own specific extensions to the MIB vendor-specific MIBs are found OID (1.3.6.1.4.1) OIDs represent each manageable object with a unique sequence of numbers and names SNMP uses the number as an abbreviated form of the name to make requests for data values to identify each response that carries the values Spring 2003

MIB : An Example tcpMaxConn OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION “The limit on the total number of TCP connections the entity can support. In entities where the maximum number of connections is dynamic, this object should contain the value -1.” ::= { tcp 4 } * OID :1.3.6.1.2.1.6.4 Spring 2003

Macro object definition Object : having a type (syntactic description) and value To extend ASN.1 to define new types and their values Macro definition : specifying the syntax of a set of related types Macro instance : an instance generated from a specific macro definition Macro instance value : representing a specific entity with a specific value Macro used for the SNMP MIBs : RFC1155 for MIB-I, RFC 1212 (concise MIB definitions) for MIB-II Spring 2003

Private MIBs MIB has been designed to accommodate growth and to provide flexibility for adding new objects. Private extensions can be added to the private subtree The management station must be loaded with the private MIB structure The potential for difficulty arises when the two are from different vendors Most vendors supply both a text version and a formal description of their MIB extensions But, vendors can use different formats Spring 2003

SNMP Operation The five SNMPv1message types (RFC1157) Get-Request: retrieve information from device Get-Response: agent responds to the Get-Request Get-Next-Request: ask for the next specific object Set-Request: for remote configuration parameter Trap: an unsolicited message Host MS-DOS Router Terminal server Device Data Network station Managing host agent Spring 2003

SNMP Operation (cont’d) Format of SNMP PDU type Request ID Version Community Name X Value X …….. Get-Request, Get-Next-Request, Set-Request PDU type Request ID Error status Error index ……... Version Community Name X Value X Get-Response PDU type Agent addr Generic trap Specific trap Version Community Enterprise Time Name X Value X Trap Layer 7 SNMP Layer 6 ISO presentation Layer 5 ISO session Layer 4 UDP Layer 3 IP Layer 2 ISO data link Layer 1 Physical Spring 2003

SNMP Operation (cont’d) SNMP trap an unsolicited message an agent sends to a station inform the server about the occurrence of specific event seven types of SNMP traps (MIB-II) coldstart of a system: reinitializing itself such that its configuration or protocol has changed warmstart of a system: reinitializing itself such that its configuration or protocol has not changed link down: a specific link has failed Data Network station Managing host Device agent Link failure Trap: interface #2, link down Spring 2003

SNMP Operation (cont’d) link up: a specific link has come up failure of authentication: a request does not provide proper authentication EGP (Exterior Gateway Protocol) neighbor loss EGP is a reachability protocol used between data networks enterprise specific a vendor to provide additional functionality that complements the generic traps security community string station sends a particular password with each message the password is referred to as the SNMP community string Spring 2003

SNMP V2 & V3 SNMPv2 The key enhancements to SNMP that are provided in SNMPv2 Structure of Management Information (SMI) Manager-to-manager capability Protocol operations Most noticeable change in protocol operations GetBulkRequest PDU : enabling the manager to retrieve large blocks of data efficiently. It is well suited to retrieving multiple rows in a table InformRequest PDU : enabling one manager to send trap of information to another Additional types Integer32 Counter32 Gauge32 Unsigned32 Counter64 Spring 2003

SNMP V2 & V3 (cont’d) SNMPv3 Adding cryptographic algorithms Spring 2003

RMON 1 and 2 Defining a remote monitoring MIB that supplements MIB-II Providing the network manager with vital information about the internetwork Providing significant expansion in SNMP functionality RMON-Related RFCs RFC 1513 : Token Ring Extensions to the Remote Network Monitoring MIB RFC 1757 : Remote Network Monitoring Management Information Base RFC 2021 : Remote Network Monitoring Management Information Base II RFC 2074 : Remote Network Monitoring MIB Protocol Identifiers RFC 2613 Remote Network Monitoring MIB Extensions for Switched Networks Version 1.0. (proposed standard) June 1999 RFC 2819 : Remote Network Monitoring Management Information Base, May 2000. (obsolete RFC1757) RFC 2895 : Remote Network Monitoring MIB Protocol Identifier Reference, August 2000. (obsolete RFC 2074) RFC 2896 : Remote Network Monitoring MIB Protocol Identifier Macros, August 2000. (informational) Spring 2003

RMON Goals Defining standard network-monitoring functions and interfaces for communicating between SNMP-based management consoles and remote monitors Designing Goals for RMON described in RFC 1757 off-line operation : to limit or halt the routine polling of a monitor by network manager Proactive monitoring : using running diagnostics and logging network performance Problem detection and reporting Value-added-data : performing analyses specific to the data collected on its subnetwork ex) analyzing subnetwork traffic to determine which hosts generate the most traffic or errors on the subnetwork Multiple managers for improving reliability for performing different functions (ex, engineering and operations) for providing management capability to different units within an organization Spring 2003

RMON Goals (cont’d) A system that implements the RMON MIB is referred to as an RMON probe. no different from any other SNMP agent Spring 2003

RMON Goals (cont’d) Spring 2003

OID Tree for RMON ITU-T(0) iso(1) joint-iso-ITU-T (2) …. org(3) ….. ….. dod(6) ….. ….. internet (1) ….. directory(1) …… mgmt(2) …. Experimental(3) private(4) Mib-2(1) enterprises(1) system(1) interfaces(2) at(3) ip(4) icmp(5) tcp(6) udp(7) egp(8) cmot(9) transmission(10) snmp(11) …... Rmon(16) ……... Spring 2003

Network-Layer Visibility of RMON RMON probe with RMON1 can monitor all of the traffic on the LANs, or can capture all of the MAC-level frames and read the MAC-level source and destination addresses in those frames. But, no way of determining the ultimate source of incoming traffic arriving via the router or the ultimate destination of outgoing traffic leaving via the router. With RMON2, the RMON probe has the capability of seeing above the MAC layer by reading the header of the enclosed network-layer protocol, which is typically IP. analyzing traffic passing through the router to determine the ultimate source and destination. Spring 2003

The RMON MIB RMON2 RMON1 rmon (mib-2, 16) statistics (1) protocolDir (11) history (2) ProtocolDist (12) alarm (3) addressMap(13) host (4) nlHost (14) hostTopN (5) nlMatrix (15) matrix (6) alHost (16) filter (7) alMatrix (17) capture (8) usrHistory (18) probeConfig (19) event (9) rmonConformance (20) tokenRing (10) RMON2 RMON1 Spring 2003

XML-based Network Management Spring 2003

Introduction eXtensible Markup Language (XML) A simplified subset of the Standard Generalized Markup Language (SGML) XML is an emerging technology for Web-based applications and has been in the spotlight. XML has many advantages Simplicity, openness, extensible, inexpensive Most people believe that XML will succeed much more than HTML, HTTP, Web, Java Advantages in XML-based network management Easy to learn: not management domain specific technology Large supporting tools and technology: Low development cost High compatibility with legacy management technology: Integrated management. Spring 2003

XML : What is XML ? What does “XML” stands for? eXtensible: not a fixed format, customizable. Markup: used to define things. Language: used to communicate or describe and encapsulate its information and pass it. XML was designed to describe data. Document Type Definition (DTD) or XML Schema is used. XML is self-descriptive. XML is free and extensible. XML allows the author to define his own tags. XML is a compliment to HTML. XML will be used for describing data and HTML for displaying same data. XML is a future Web technology. Quick standard process, large support by vendor. Common tool for all data manipulation and data transmission. Spring 2003

XML : An Example A Telecom example PI : Processing Instruction <?xml version=“1.0” ?> <?xml:stylesheet type="text/xsl" href="schema.xsl"?> <n-entityCreation id="1"> <ems id="TaskCenter"> <mgdEltR1 id="NE1" adminState="unlocked“ opState="enabled"> <equipHolder id="1" equipHolderType="Bay"> <equipHolder id="3" holderType="Shelf"> <equipHolder id="4" holderType="Slot"> </equipHolder> </mgdEltR1> </ems> </n-entityCreation> PI target PI value PI : Processing Instruction Spring 2003

XML : Technology Map WAP, XHTML Standard DTD, XML Schema XSL XSLT Input Validate Define XPath Program Scripts Database Editor(file) Generate Input Web Brower XML Input Input Parse Dump SOAP Exchange Remote System DOM Process Program Spring 2003

XML : DTD and XML Schema DTD (Document Type Definition) XML Schema Defines the document structure with a list of legal elements Can be declared inline in XML document, or as an external reference. XML Schema A successor to DTD. Support for Data Types Provides inclusion and derivation mechanisms Uses XML as encoding syntax Why use DTD/XML Schema? Each XML file can carry a description of its own format. To verify the data you received or your own data. Independent groups of people can agree to use a common DTD for interchanging data. Spring 2003

XML : DTD Example seminar.dtd Description Verification <!DOCTYPE lecturer [ <!ELEMENT lecturer (name, (email | hp)?)> <!ELEMENT name (#PCDATA)> <!ELEMENT email (#PCDATA)> <!ATTLIST lecturer class CDATA #REQUIRED> ]> seminar.dtd Description Verification <?xml version=“1.0”?> <!DOCTYPE lecturer SYSTEM “seminar.dtd”> <lecturer class=“XML”> <name>cshong</name> <email> … </email> </lecturer> <?xml version=“1.0”?> <!DOCTYPE lecturer SYSTEM “seminar.dtd”> <lecturer class=“XML”> <name>cshong</name> <email> … </email> </lecturer> Spring 2003

XML : DOM Document Object Model (DOM) Definition Objectives A programming interface to access and manipulate XML documents Objectives To provide a standard programming interface to a wide variety of applications can create an XML document, navigate its structure, and add, modify, or delete its elements can be used with any programming language on any operating system Spring 2003

XML : DOM example DOM API DOM Applications Tree written in any <?xml version=“1.0”?> <lecturer class=“XML”> <name> cshong </name> </lecturer> Parsing Serialization DOM API DOM Tree lecturer class document Applications written in any language name juht Spring 2003

Applicability of XML Basic management tasks Management Information Modeling. Description framework for managed resource to managed object. Management Information Realization. Guarantees of consistency between managed resource and managed object. Management Information Distribution. Exchange of management information between management applications. Management Information Analysis. Process of management information production from collected information. Management Information Presentation. User interface for display management information or taking management command from operators. Spring 2003

Basic Management Tasks Agent Modeling Realization Distribution Manager Presentation Analysis Spring 2003

Management Information Modeling Standard Information model XML Schema for management information modeling Advantages Easy to learn, not domain specific technology. Use of powerful and convenient graphical XML editor. Modeling result is concise and easy to read. Secondary benefits – validation, sample data generation. Disadvantage No standard models, but easy to translate from standard information models. SNMP TMN DMTF XML Tool SMI GDMO CIM XML Schema Models MIB-II G.721 CIM v.6 No standard yet Approach Object-based Object-oriented Spring 2003

Management Information Realization Standard management frameworks leave it completely unspecified - viewed as a “local matter”. Model specification serves as a starting point for the coding of the agents. For Web interface and CLI, the model specification was not provided. For SNMP, MIB compilers have been used to generate MIB stubs. The stubs are supplemented with the code for actual access to resources. There is no common interface or data format between managed resource and management agents such as CLI, SNMP, Web. Large development cost and footprint. Consistency problem by multiple access to single managed resource. XML for management information realization XML can be used for middleware between agents and managed resources. Low footprint solution. Various methods can be used for XML generation. Spring 2003

Management information distribution Communication between management applications Agent ↔ Manger, Manager ↔ Manager Standard management communications North bound interface is usually based on CORBA. XML and CORBA are interoperable technologies. XML does not say anything about communication protocol, Implicitly HTTP is used. Reliable, efficient by compression, highly secure, high connectivity. Flexible by use of SOAP. SNMP TMN DMTF XML Protocol SNMP/UDP CMIP Operations/HTTP SOAP or HTTP Operation Get, Set, GetNext, Response M-Get, M-Set , M-Create, M-Delete, M-Action GetInstance, SetInstance, GetClass, etc. (23 Operations) Unspecified Notification Trap M-Event_Report Encoding ASN.1 Spring 2003

Management Information Analysis This has not been standardized and based on data processing such as sorting, filtering, logging and correlating. Management platforms provide basic management functionality and development environment. Their price is usually very expensive. Customization requires large amount of time and effort. In most cases, they do not depend on standard technology. Recently, CORBA has been used widely as an implementation platform for management systems. XML for management information analysis. XML is a standard data processing tool. Many supporting tools (such as database) are available. Lots of developers having XML knowledge. Spring 2003

Management Information Presentation This allows user interactive access to the management system. +: Include telnet connection. #: MS-Windows or X-Windows *: Without use of XML technologies. XML for management information presentation Separation with display and data in Web environment. Platform independent standard display technology. Device dependant display support. Ubiquitous management user interface. User-friendly graphic interface. Text+ Windows# Web* XML Ubiquity Best Bad Good Interactivity Development cost Low High Middle User-friendliness Worst Spring 2003

State of the Art for XML-based NM Research work Complimentary approaches to SNMP eXtensible Network and System Management Instrumentation. SNMP to XML translator XML/SNMP Gateway Improvement approaches to Web-based network management Direct Web Interface for Device Configuration XML-based Device Configuration New Management Architectures XML-based Service Configuration Web-based Integrated Management Architecture XML-based Network Management Architecture Standard Activities Web Based Enterprise Management (WBEM) Spring 2003

SNMP to XML Translator XML/HTTP SNMP SNMP XML GW Applications of SNMP to XML translator Encoding SNMP MIB data 2. Information analysis or presentation for SNMP MIB data 3. Specification translation for SNMP to XML gateway Web Server XML/HTTP SNMP Agent SNMP SNMP XML GW Spring 2003

XML/SNMP Gateway What is XML/SNMP Gateway? Relays management information and operations between SNMP agent and XML-based manager system. While preserving the legacy SNMP agent, one can develop XML-based manager by using XML technology. Two basic requirements for the gateway Specification translation: SNMP MIB  XML For understanding the management information exported by SNMP agent. Interaction translation: SNMP Operations  XML Operations For supporting interaction between two management applications Spring 2003

Direct Web Interface to Managed Devices Traditional Approach Result of embedding small Web server into network device. Ubiquitous, simple but powerful, user-friendly device management user interface. XML Approach (EmWeb XML parser) XML generation by program is enough small solution to be embedded. Separate display format and data generation. XML parser can save development cost by generating backend stub code based on XML schema. Embedded Web Server HTML or Java / HTTP Embedded Web Server XML & XSL / HTTP Spring 2003

Network Monitoring Spring 2003

Generic Metrics Availability Loss Delay Utilization Connectivity Functionality Loss One way loss Round trip loss Delay One way delay Round trip delay Delay variance Utilization Bandwidth Throughput Spring 2003

Network Monitoring Active Approach Performed by sending test traffic into network 1) Generate Test packet periodically or on-demand 2) Measure performance of test packet or response 3) Take the statistics Impose extra traffic on network and distort its behavior in the process Used to monitor network performance Ø e.g., Availability, Delay, Loss Spring 2003

Network Monitoring (cont’d) Passive Approach Carried out by observing normal network traffic 1) Collect network flow from device or generate it after capturing 2) Perform analysis for the purpose Using high-performance computing device (harder as traffic rates increase) Used to perform traffic characterization analysis Spatial, temporal and composition Spring 2003

Questions ? Spring 2003