1
2 Managing Enterprise Networks The necessary minimal components required for making a system manageable are: MBIs Agents/entities-host on network devices to provide management facilities Scripts for manipulating MIB objects Java/C/C++ software modules for manipulating MIB objects MIBs provide a detailed description of the managed data objects. Typically, the description of each MIB object consist off: Accessibility (read-only, read write, not-accessible) Status (mandatory, deprecated) Description
3 Managing Enterprise Networks (cont.) Agents (or entities in SNMPv3) are software components that implement the MIB and map the objects to real data on the NE, provide the managed object definitions for underlying systems: Serial interfaces Serial interface attributes such as bit rate, word size, and parity IP address Standards based consolidation of management systems can help enterprises to achieve the following: Fewer and simpler user interfaces for managing network systems Reduction in the time required for IT staff training Faster resolution of NEs problems, such as switch interface congestion
4 Managing Enterprise Networks (cont.)
5 Manageability For the number of reasons, not all NEs lend themselves to flexible, integrated, centralized management. This tend to add to the cost of ownership and arises for range of reasons: The NE is a legacy device with proprietary management infrastructure The NE implements only SNMPv1 with support for set operations The NE implements only SNMPv1 without support for set (a set operations is an update to a network-resident manage object operations) The NE supports SNMPv3, but it has been poorly implemented The NE supports SNMP3 but has a number of low quality MIB modules An NE is considered to have good manageability if it supports a well implemented SNMPv3 agent and a high-quality MIB
6 Operating and Managing Large Networks Some important aspects of enterprise network management are: Availability of NEs, interfaces, links, and services Discovery and inventory management Monitoring the status of NEs, interfaces, links, virtual circuits, VLANs, and so on Measuring traffic levels and checking for network congestion Configuration – VLAN setup, SAN volume setup,storage allocations, remote control software Service level agreement (SLA) reporting, SLA verification between an enterprise and SP Security control – resistance to attacks from both sides of the firewall Scalability – handling increased numbers of users, traffic, NEs, Disaster recovery
7 Layers 2, 3, and 2.5 The primary protocols that SNMP implements are the User Datagram Protocol (UDP) and the Internet Protocol (IP).SNMP also requires Data Link Layer protocols such as Ethernet or TokenRing to implement the communication channel from the management to the managed agent. Layer 2 and VLANs Layer 2 network that is logically divided in to VLANs
8 Layers 2, 3, and 2.5 (cont.) The layer 2 technology has the following general characteristics: Path through the network can be resered either manually (by using ATM PVCs or MPLS LSPs) or using signaling (such as ATM PNNI, MPS LDP/RSVP-TE). Path can be assigned different class of service, a crucial component for SLAs. Layer 2 forwarding is fast because address can be looked up with hardware assistance. This is no longer an advantage of layer 2 devices because line-rate forwarding is now also possible with layer 3 devices (., routers) ATM layer 2 forwarding allows for traffic policing where contract non-complaint cells can be tagged or dropped DiffServ, policing and shaping are also available at layer 3
9 Layers 2, 3, and 2.5 (cont.) Layer 3 An IP network with an intermediate WAN that crosses an SP network Layer 2.5 (or Sub-IP) MPLS operates at what is often called layer 2.5, that is, not quite layer 3 but also higher than layer 2 MPLS can also be deployed on router and brings numerous benefits to IP networks VoIP traffic would need a higher class of service than traffic Traditional IP routing protocols, such as OSPF, IS-IS, and BGP4 Traffic engineering becomes possible. This help a void congested
10 Port and Interface Interfaces some times referred to as logical ports Routing such as OSPF, IS-IS, BGB-4 Signaling, such as RSVP-TE and LDP MPLS IP
11 Why use Network Management? There are a number of reason why network management is a crucial enterprise and SP component NEs don’t tend to have an over view of an entire network; management systems do An IMS maintains useful records and audit trails of past configuration actions If NEs don’t support SNMP, then and NMS can facilitate a superior CLI NMS can facilitate network wide service like traffic engineering, QoS, planning, modeling, and backup/restore
12 Why Use Network Management? (cont.) NMS enable fast access to faults. Some network faults can be meaning fully processed only by an NMS NMS assist in rebalancing networks after new hardware is add Management system can provide network wide object support for service profile
13 What Is Network Management? Network management provides the means to keep network up and running in as orderly a fashion as possible. Broadly speaking the functional area required for effective network management are: F ault C onfiguration A ccounting P erformance S ecurity The above points describe what we are known as the OSI functional areas of network management, FCAPS
14 Who Produces Network Management Software? Equipment vendors such as Cisco, Nortel, Hewlett-Packard, and Alcatel generally provide SNMP agent on their device, separately purchased, integrated management systems are also available from these and many other organizations These management systems typically run on UNIX or Windows NT/2K platform and feature GUIs, and fairly extensive FCAPS facilities
15 The Management System Pyramid OSS NMS EMS
16 Other Management Technology Microsoft Systems Management Server (SMS) Telnet-base menu systems Series link-based menu systems Desktop Management Interface (DMI)
17 Network Convergence and Aggregate Objects From a network management perspective, VLANs are aggregate object make up of: Switches Ports, MAC addresses, IEEE 802.1Q VLAN Ids Links between separate VLANs Use the term notification to mean any one of three different things Events Faults Alarms
18 SNMP: The De Facto Network Management Standard The principal components of SNMP are: Agent Managers MIBs A communications protocol SNMP Facilitates the Exchange of Network Information Between Devices
19 The SNMP Agent SNMP agent are the entities that reside on manage devices. Agent are the workhorses of management and provide the following functionality: Implementing and maintaining MIB objects Responding to management operations such as requests Generating notifications, both traps (acknowledged) and informs (acknowledged) Implementing security – SNMPv1 and SNMPv2 support community-base security with clear-text passwords; stronger security (authentication and encryption) is avaiable with SNMPv3 Setting the access policy for external managers
20 The SNMP Agent (cont.) SNMPv3 also provides an access control framework, which consists of: MIB view Access mode to managed objects either READ-ONLY or READ-WRITE. A READ-ONLY SNMP can be hosted on almost any computing device Windows NT/2K machines UNIX hosts Novell NetWare workstations and servers Many network devices, including hubs, router, switches, etc.
21 The SNMP Agent (cont.) The agent listens on UDP port 161
22 The SNMP Agent (cont.) An SNMP-Managed Network Consists of Managed Devices, Agents, and NMSs
23 The SNMP Manager SNMP managers are the entities that interact with the agent Getting and setting the values of MBI objects instances on agent Receiving notifications from agents Exchanging messages with other managers Various mechanisms for accessing the EMS are allow including: Series Telnet SNMP
24 The SNMP Manager (cont.) Facilities offered by management systems are: FCAP A centralized database Reporting Support for many simultaneous client users Topology discovery A full featured, multilevel GUI representing the managed network
25 The MBI SNMP MIB Tables The SNMPv1 SMI defines highly structured tables that are used to group the instances of a tabular object (that is, an object that contains multiple variables). Tables are composed of zero or more rows, which are indexed in a way that allows SNMP to retrieve or alter an entire row with a single Get, GetNext, or Set command. MIB Object Attributes Syntax Max-Access Status
26 Criteria and Philosophy for standardized MIB Objects have to be uniquely named Objects have to be essential Abstract structure of the MIB needed to be universal For the standard MIB maintain only a small number of objects Allow for private extensions Object must be general and not too device dependant Objects can not be easily derivable from their objects If agent is to be SNMP manageable then it is mandatory to implement the Internet MIB
27 SNPM Protocol Data Units (PDU) Each SNMP message has the format Version Number Community Name - kind of a password One or more SNMP PDUs - assuming trivial authentication
28 SNPM Protocol Data Units (cont.)
29 SNPM Protocol Data Units (cont.)
30 SNPM Protocol Data Units (cont.)
31 SNPM Protocol Data Units (cont.)
32 The Simple Network Management Protocol has become the de facto standard for internetwork management. Because it is a simple solution, requiring little code to implement, vendors can easily build SNMP agents to their products. SNMP is extensible, allowing vendors to easily add network management functions to their existing products. SNMP also separates the management architecture from the architecture of the hardware devices, which broadens the base of multivendor support. Perhaps most important, unlike other so-called standards,SNMP is not a mere paper specification, but an implementation that is widely available today.