1 Chapter 3 Basic Foundations: Standards, Models, and Language Network Management: Principles and...

1

Chapter 3

Basic Foundations:Standards, Models, and Language

Network Management: Principles and Practice© Mani Subramanian 2000

Chapter 3

And

Chapter 13Network Management Applications

2

Notes

Introduction

• Standards• Standards organizations• Protocol standards of transport layers• Protocol standards of management

(application) layer• Management Models• Language


Chapter 3

3

Table 3.1 Network Management Standards

Standard Salient Points

OSI / CMIP

(Common Management Information Protocol)

International standard (ISO / OSI)

Management of data communications network - LAN and WAN

Deals with all 7 OSI layers

Most complete

Object oriented – classes, inheritance

Well structured and layered

Consumes large resource in implementation – complex

SNMP / Internet

(Simple Network Management Protocol)

Industry standard (IETF)

Originally intended for management of Internet components, currently adopted for WAN and telecommunication systems

Easy to implement – uses scalar objects

Most widely implemented

TMN

(Telecom Management Network)

International standard (ITU-T)

Management of telecommunications network – service providers

Based on OSI network management framework

Addresses both network and administrative aspects of management – Service and Business Management

IEEE IEEE standards adopted internationally

Addresses LAN and MAN management

Adopts OSI standards significantly

Deals with first two layers of OSI RM – Physical and Data Link

Web-based Management

Web-Based Enterprise Management (WBEM) – spec by DMTF

Java Management Extensions (JMX) – called earlier JMAPI


Chapter 3

4

Notes

OSI NM Architecture and Model


NetworkMangement

InformationModel

OrganizationModel

FunctionalModel

CommunicationModel

Figure 3.1 OSl Network Management Model

• Organization model• Network management components

• object, agent, and manager• Functions of components• Relationships

• Information model• Structure of management information (SMI)

• Syntax and semantics• Management information base (MIB)

• Organization of management information• Object-oriented

Chapter 3

5

Notes

OSI NM Architecture and Model


NetworkMangement

InformationModel

OrganizationModel

FunctionalModel

CommunicationModel


• Communication model• Transfer syntax with bi-directional messages

• M-SET, M-GET• Transfer structure (PDU)

• Functional model – User oriented requirements of NM• Application functions (Covered in chapter 13)

• Configure components (CM)• Monitor components (FM)• Measure performance (PM)• Secure information (SM)• Usage accounting (AM)

Chapter 3

6

Notes

SNMP Architecture and Model(Not defined explicitly)


NetworkMangement

InformationModel

OrganizationModel

FunctionalModel

CommunicationModel


• Organization model• Same as OSI model

• Information model• Same as OSI, but scalar

•Communication model• Messages less complex than OSI and unidirectional (request, response)• Transfer structure (PDU)

• Functional model• Application functions in terms of

• Operations (get, set)• Administration – who has access to what• Security – community-based

Chapter 3

7


TMN Architecture• Addresses management of telecommunication

networks

• Based on OSI model

• Superstructure on OSI network

• Addresses network, service, and business

management

• See chapter 11 for more details

Chapter 3

Business Management

Service Management

Network Management

Element Management

Managed Network Element

q3

q3

q3

q3

Figure 11.11 TMN Service Architecture

8

Example (NMF)

BusinessManagement

CustomerService

Management

ServiceManagement

Service MgmtTarif/Charging

Service MgmtProvisioning

Service MgmtOther

NetworkManagement

Net MgmtRouting Admin

Net MgmtTraffic Admin

Net MgmtRestoration

ElementManagement

Net ElementCust Admin

Net ElementSwitch Mgmt

Net ElementTrans Eqpt

Mgmt

ServiceDetails

Performance andBilling Data

ServiceConfiguration

Service-impacting

Events

EquipmentConfiguration

EquipmentAlarms

Q3

Q3

Q3

TMN LogicalLayered Architecture

Physical Realization ofTMN Architecture

Figure 11.14 TMN Realization Example (NMF)

q3Ref. Point

q3Ref. Point

q3Ref. Point

Chapter 11


9


Organization Model• Manager

• Manages the managed elements• Sends requests to agents, retrieves management information & stores it in MDB• Monitors alarms – unsolicited traps/notifications from agents• Houses applications, e.g., CM, FM, etc.• Provides user interface, e.g., HPOpenview

• Agent• Gathers information from objects – get• Configures parameters of objects – set• Responds to managers’ requests – response• Generates alarms and sends them to managers (unsolicited) – trap

• Managed object• Network element that is managed, e.g., hubs, bridges, etc.• Houses management agent – process running• All objects are either not managed or manageable (more expensive)

Chapter 3

10

Notes

Manager

Managed objects

Unmanaged objects

Figure 3.2 Two-Tier Network Mangement Organization Model

Agent process

MDB

MDB Management Database


Two-Tier Model

• Agent built into network element Example: Managed hub, managed router• A manager can manage multiple elements Example: Switched hub, ATM switch• MDB is a physical database• Unmanaged objects are network elements that are not managed - both physical (unmanaged hub) and logical (passive elements)

Chapter 3

11

Notes

Agent / Manager

Managed objects

Agent process

Manager

Figure 3.3 Three-Tier Network Mangement Organization Model

MDB

MDB

MDB Management Database


Three-Tier Model

• Middle layer plays the dual role• Agent to the top-level manager• Manager to the managed objects - e.g., collects data

• Example of middle level: Remote monitoring agent (RMON)

• Examples:• Statistical measurement on a network• Local site passes information to a remote site

Chapter 3

12

Notes

MoM

Agent

Agent NMSManager

Managed objects

Managed objects

Figure 3.4 Network Mangement Organization Model with MoM

Agent process

MDB

MDB MDB

MoM Manager of ManagersMDB Management Database

AgentManager

Agent NMS

Agent

Agent NMSManager


Manager of Managers

• Agent NMS manages the domain• MoM presents integrated view of domains• Domain may be geographical (cities), administrative (departments), vendor-specific products (Cisco), etc.

Chapter 3

13

Notes

Manager NMS

Agent NMS

Agent NMS

Manager NMS

Figure 3.5 Dual Role of Management Process


Peer NMSs

• NMSs configured in a peer-to-peer relationship• Network management system acts as peers• Dual role of both NMSs• Example: Two network service providers exchange Management information• Dumbbell architecture discussed in Chapter 1• Notice that the manager and agent functions are processes and not systems

Chapter 3

14

Notes

InteroperabilityChapter 1

NMSVendor A

NetworkAgent

NetworkAgent

NetworkObjects

NetworkObjects

NMSVendor B

NetworkAgent

NetworkAgent

NetworkObjects

NetworkObjects

Messages

Services & Protocols

• Message exchange between NMSs managing different domains

Vendor A

(b) Services and Protocols

ApplicationServices

ManagementProtocol

TransportProtocols

Objects

Objects

Vendor B

Objects

Objects

Figure 1.23 Network Management Dumbbell Architecture


15

Notes

Information Model: Analogy

• Information model – Structure & storage of information• Figure in a book uniquely identified by

• ISBN, Chapter, and Figure number in that hierarchical order

• ID: {ISBN, chapter, figure} – Hierarchy of designation• The three elements above define the syntax – format• Semantics is the meaning of the three entities according to Webster’s dictionary• The information comprises syntax and semantics about an object


Chapter 3

• Management information model =objects representation (SMI) +management information of objects (MIB)

• SMI defines the syntax & semantics of management information stored in the MIB• Information model specifies the information base to describe managed objects and their relationships (i.e., MIB)

16

Notes

Structure of Management Information (SMI)


• SMI defines for a managed object:• Syntax• Semantics – i.e., definition • plus additional information such as status

• Example sysDescr: { system 1 } Syntax: OCTET STRING Definition: "A textual description of the entity. " Access: read-only Status: mandatory

Chapter 3

• Uses ASN.1: Abstract Syntax Notation One

• See RFC 1155:• Section 4. Managed objects• Section 4.3. Macros

17

Notes

Management Information Base (MIB)


• Used by manager & agents to store & exchange

management information• Information base contains information about objects• Organized by grouping of related objects (e.g., IP group)• Defines relationship between objects (e.g., object system

is a parent of object sysDescr)• It is NOT a physical database. It is a virtual

database that is compiled into management module

Chapter 3

• The agent MIB is used for accessing local information requested by the manager, and sending a response back

• The manager MIB is used for accessing information on all network components the manager manages.

• See RFC 1213

18

Notes

Information Base View: An Analogy


• Fulton County library system has many branches• Each branch has a set of books• The books in each branch is a different set• The information base of the county has the view (catalog) of all books• The information base of each branch has the catalog of books that belong to that branch. That is, each branch has its view (catalog) of the information base• Let us apply this to MIB view

Chapter 3

19

Notes

MIB View and Access of an Object


• A managed object has many attributes - its information base (e.g., IPAddress, # of ports)• There are several operations that can be performed on the objects (get, set)• A user (manager) can view and perform only certain operations on the object by invoking the management agent – privileges depends on the user and the managed object• The view of the object attributes that the agent perceives is the MIB view• The operation that a user can perform is the MIB access

Chapter 3

20

Notes


Management Data Base / Information Base

• Distinction between MDB and MIB• MDB physical database; e.g.. Oracle, Sybase• MIB virtual database; schema compiled into management software (for processes to exchange information)

• An NMS can automatically discover a managed object, such as a hub, when added to the network• The NMS can identify the new object as hub only after the MIB schema of the hub is compiled into NMS software

Manager

Managed objects

MDB MIB

Agent process

MDB Management DatabaseMIB Management Information Base

Figure 3.6 Network Configuration with Data and Information Base

Chapter 3

21

Notes

Managed Object


• Managed objects can be• Network elements (hardware, system)

• hubs, bridges, routers, transmission facilities• Software (non-physical)

• programs, algorithms• Administrative information

• contact person, name of group of objects (IP group)

Chapter 3

• In fact, any type of info that can be included in theMIB can be managed.

22

Notes

Root

Level 1

Level 2

Level 3

Figure 3.7 Generic Representation of Management Information Tree


Management Information TreeChapter 3

23

Notes

iso-itu2

itu0

iso1

org3

dod6

internet1

Figure 3.8 OSI Management Information Tree


OSI Management Information Tree

• iso International Standards Organization itu International Telecommunications Union dod Department of Defense• Designation:

• iso 1• org 1.3• dod 1.3.6• internet 1.3.6.1 – all internet managed

objects will start with this

Chapter 3

24

Notes

• Type

• Name

• Syntax

• Definition

• Status

• Access

• Instance

Object Type and Instance

• Example of a circle• “circle” is syntax• Semantics is definition from dictionary “A plane figure bounded by a single curved line, every point of which is of equal distance from the center of the figure.”

• Analogy of nursery school


Chapter 3

25

Notes

Managed Object: Internet Perspective

object ID unique ID

and descriptor and name for the objectsyntax used to model the objectaccess access privilege to a managed object

status implementation requirements

definition textual description of the semantics of object type


Object Type:Object ID and

Descriptorcircle

Access:Access

privilege

Defintion :Semantics -

textual description

Status :Implementaionrequirements

Syntax :model of object

Figure 3.9(a) Internet Perspective

Chapter 3

26

Notes

object class managed object

attributes attributes visible at its boundary

operations operations which may be applied to it

behaviour behaviour exhibited by it in response to operation

notifications notifications emitted by the object


Behaviour

Object Class:Circularobject

Obj

ect C

lass

:El

liptic

alob

ject

Attributes :circle, dimension

Operations:Push

Attributes:ellipse, dimension

Notifications :Notify changes ina ttribute values

Figure 3.9(b) OSI Perspective

Managed Object: OSI Perspective

Chapter 3

27

Notes

Characteristics Example

Object type PktCounter

Syntax Counter

Access Read-only

Status Mandatory

Description Counts number of packets

Figure 3.10(a) Internet Perspective

Characteristics Example

Object class Packet Counter

Attributes Single-valued

Operations get, set

Behavior Retrieves or resets values

Notifications Generates notifications on newvalue

Figure 3.10 (b) OSI Perspective

Figure 3.10 Packet Counter As Example of Managed Object

Packet Counter Example


Chapter 3

28

Notes

Internet Vs OSI Managed Object


• Scalar object in Internet vs. Object-Oriented approach in OSI• OSI characteristics of operations, behavior, and notification are part of communication model in Internet: get/set and response/alarm• Internet syntax is absorbed as part of OSI attributes• Internet access is part of OSI security model• Internet status is part of OSI conformance application• OSI permits creation and deletion of objects; Internet does not. However, enhancement in SNMPv2 include:

• Defining new data types• Adding or deleting conceptual rows in tables

Chapter 3

29

Notes

Mgmt. Communication Model

Manager Agent

Operations /Requests

Responses

Notifications /Traps

ApplicationsNetwork Elements /Managed Objects

Figure 3.11 Management Message Communication Model


• In Internet requests/responses, in OSI operations• In Internet traps and notifications (SNMPv2), in OSI notifications

Chapter 3

30

Notes

Transfer Protocols

ManagerApplications

ManagerCommunication

Module

Transport Layers

AgentApplications

AgentCommunication

Module

Transport Layers

Physical Medium

Operations / Requests / ResponsesTraps / Notifications

SNMP (Internet)CMIP (OSI)

UDP / IP (Internet) OSI Lower Layer Profiles (OSI)

Figure 3.12 Management Communication Transfer Protocols


• Internet is based on SNMP; OSI is based on CMIP• OSI uses CMISE (Common Management Information Service Element) application with CMIP• OSI specifies both c-o and connectionless transport protocol; SNMPv2 extended to c-o, but rarely used

Chapter 3

31

Notes

Abstract Syntax Notation One


• ASN.1 is more than a syntax; it’s a formal language• Addresses both syntax and semantics• Two type of syntax

• Abstract syntax: set of rules that specify data type and structure for information storage• Transfer syntax: set of rules for communicating information between systems

• Makes application layer protocols independent of lower layer protocols• Can generate machine-readable code: Basic Encoding Rules (BER) is used in management modules

Chapter 3

• ASN.1 developed jointly by ITU-T and ISO • Abstract syntax → Information model

• Transfer syntax → communication model

32

Notes

Backus-Nauer Form (BNF)Definition:

<name> ::= <definition>

Rules:

<digit> ::= 0|1|2|3|4|5|6|7|8|9

<number> ::= <number> | <digit> <number>

<op> ::= +|-|x|/

<SAE> ::= <number>|<SAE>|<SAE><op><SAE>

Example:• 9 is primitive 9• 19 is construct of 1 and 9• 619 is construct of 6 and 19

• BNF is used for ASN.1 constructs• Constructs developed from primitives• The above example illustrates how numbers

are constructed from the primitive <digit>• Simple Arithmetic Expression entity (<SAE>) is

constructed from the primitives <digit> and <op>


Chapter 3

33

Notes

Simple Arithmetic Expression


<SAE> ::= <number> | <SAE><op><number>

Example: 26 = 13 x 2

Constructs and primitives

Chapter 3

34

Notes

Type and Value


• Assignments• <BooleanType> ::= BOOLEAN• <BooleanValue> ::= TRUE | FALSE

• ASN.1 module is a group of assignmentsperson-name Person-Name::=

{

first "John",

middle "I",

last "Smith"

}

Chapter 3

• Two basic parameters associated with an entity (e.g., BOOLEAN)

• Data type• Value (assigned to this data type)

• Keywords: entities with all capital letters (e.g., TRUE)

35

Notes

Data Type: Example 1


• Module name starts with capital letters• Tags uniquely identify a data type• Data types:

• Primitives: NULL, GraphicString• Constructs

• Alternatives : CHOICE• List maker: SET, SEQUENCE• Repetition: SET OF, SEQUENCE OF

• Difference between SET and SEQUENCE

Chapter 3

PersonnelRecord ::= SET{ Name, title GraphicString, division CHOICE { marketing [0] SEQUENCE

{Sector, Country},

research [1] CHOICE{product-based [0] NULL, basic [1] NULL},

production [2] SEQUENCE{Product-line, Country } } }

etc.

Figure 3.13 ASN.1 Data Type Definition Example 1

36

Notes

Data Type: Example 2


• SET– No order required– Order not important– Data types should all be distinct

• SEQUENCE– The order in the list is maintained

• SEQUENCE OF SEQUENCE makes tables of rows

Trade-message ::= SEQUENCE {invoice-no INTEGER name GraphicString, details SEQUENCE OF SEQUENCE {part-no INTEGER quantity INTEGER}, charge REAL, authenticator Security-Type} Security-Type ::= SET { … … … }

Figure 3.14 ASN.1 Data Type Definition Example 2

Chapter 3

37

Notes

Modules


Chapter 3

Formal Definition:

<module name> DEFINITIONS ::= BEGIN<name> ::= <definition><name> ::= <definition>END

Example:

RFC1213 DEFINITIONS ::= BEGIN……END

• A module is a group of assignments.

• Modules can be imported into and exported from other modules.

38

Notes

ASN.1 SymbolsSymbol Meaning

::= Defined as

| or, alternative, options of a list

- Signed number

-- Following the symbol are comments

{} Start and end of a list

[] Start and end of a tag

() Start and end of subtype

.. Range


Chapter 3

39

Notes

• CHOICE

• SET

• SEQUENCE

• OF

• NULL

Keyword Examples

• Keywords are in all UPPERCASE letters


Chapter 3

40

Notes

ASN.1 Data Type Conventions

Data Types Convention Example

Object name Initial lowercase letter sysDescr, etherStatsPkts

Application data type Initial uppercase letter Counter, IpAddress

Module Initial uppercase letter PersonnelRecord

Macro, MIB module All uppercase letters RMON-MIB

Keywords All uppercase letters INTEGER, BEGIN


Chapter 3

41

Notes

Data Type: Structure & Tag

Data Type

OtherTaggedStructuredSimple

Number

Tag

Structure

Class

Universal ApplicationContext-specific

Private

Figure 3.15 ASN.1 Data Type Structure and Tag


• A Data Type is defined based on a structure and a tag

• Structure defines how data type is built

• Tag uniquely identifies the data type

Chapter 3

42

Notes

Structure


• Simple• PageNumber ::= INTEGER• ChapterNumber ::= INTEGER

• Structured / Construct• BookPageNumber ::=

SEQUENCE {ChapterNumber, Separator, PageNumber}

Example: {1-1, 2-3, 3-39}• Tagged

• Derived from another type; given a new ID• In Fig. 3-14, INTEGER could be either universal or application specific

• Other types: • CHOICE, ANY

• BookPages ::= SEQUENCE OF { BookPageNumber}or

BookPages ::= SEQUENCE OF{SEQUENCE {ChapterNumber, Separator, PageNumber}}

Chapter 3

43

Notes

Tag


• Tag uniquely identifies a data type• Comprises class and tag number• Class:

• Universal - always true• Application - only in the application used• Context-specific - specific context in application• Private - used extensively by commercial vendors

• Example (RFC 1155):• IpAddress ::= [APPLICATION 0] IMPLICIT OCTET STRING (SIZE (4))• Counter ::= [APPLICATION 1] IMPLICIT INTEGER (0..4294967295)

Example: BOOLEAN Universal 1 INTEGER Universal 2 research [Application 1] (Figure 3.13) product-based Context-specific under research [0]

Chapter 3

44

Notes

Enumerated Integer

• ENUMERATED is a special case of INTEGER

• Does not have INTEGER semantics → Arithmetic operations should not be performed on enumerated values.

• Example: RainbowColors (5) is orange

RainbowColors ::= ENUMERATED

{

violet (0)

indigo (1)

blue (2)

green (3)

yellow (4)

orange (5)

red (6)

}


Chapter 3

Example From the SNMP MIB (RFC 1157):

ErrorStatus ::=INTEGER {

noError (0),tooBig (1),noSuchName (2),badValues (3),readOnly(4),genErr (5)}

45

Notes

Subtype Data Type


Chapter 3

• A subtype data type is derived from a parent type.

Example:

PageNumber ::= INTEGER (0..255)

→ Limits the maximum page number to 255

Example (RFC 1213):

sysDescr OBJECT-TYPESYNTAX DisplayString (SIZE (0..255))ACCESS ……

46

Notes

ASN.1 Module Example


Chapter 3

IpNetToMediaEntry ::= SEQUENCE {

ipNetToMediaIfIndex INTEGER,

ipNetToMediaPhysAddress PhysAddress,

ipNetToMediaNetAddress IpAddress,

ipNetToMediaType INTEGER}

• An entry of the address translation table in SNMP IP MIB (RFC 1213) is the following:

47

Name: John P Smith Title: Director Employee Number 51 Date of Hire: 17 September 1971 Name of Spouse; Mary T Smith Number of Children 2 Child Information Name Ralph T Smith Date of Birth 11 November 1957 Child Information Name Susan B Jones Date of Birth 17 July 1959

(a) Informal description of personnel record ---------------------------------------------------------------------------------------------------------

PersonnelRecord ::= [APPLICATION 0] IMPLICIT SET { Name, title [0] VisibleString, number EmployeeNumber, dateOfHire [1] Date, nameOfSpouse [2] Name, children [3] IMPLICIT SEQUENCE OF ChildInformation DEFAULT { } } ChildInformation ::= SET { Name, dateOfBirth [0] Date } Name ::= [APPLICATION 1] IMPLICIT SEQUENCE { givenName VisibleString, initial VisibleString, familyName VisibleString } EmployeeNumber ::= [APPLICATION 2] IMPLICIT INTEGER Date ::= [APPLICATION 3] IMPLICIT VisibleString -- YYYYMMDD

(b) ASN.1 description of the record structure ---------------------------------------------------------------------------------------------------------

{ {givenName “John”, initial “T”, familyName “Smith”}, title “Director” number “51” dateOfHire “19710917” nameOfSpouse {givenName “Mary”, initial “T”, familyName “Smith”}, children { { {givenName “Ralph”, initial “T”, familyName “Smith”}, dateOfBirth “19571111”}, { {givenName “Susan”, initial “B”, familyName “Jones”} dateOfBirth “19590717”}}}

(c) ASN.1 description of a record value


ASN.1 Example from ISO 8824Chapter 3

48

Notes

Object Name

• Example from RFC 1155:

internet OBJECT IDENTIFIER ::= {iso(1) org(3) dod(6) 1}

iso-itu2

iso1

itu0

org3

dod6

internet1

private4

enterprise1

IBM2


Chapter 3

49

Notes

TLV Encoding

• ASN.1 syntax containing management info is encoded using the BER (Basic Encoding Rules) → defined for the transfer syntax.

• ASCII text data is converted to bit-oriented data.

• TLV: Type, Length, and Value are components of the structure.

• Length: of the Value field in number of octets.

• Value: is encoded based on the data type.

Type Length Value

Class(7-8th bits)

P/C(6th bit)

Tag Number(1-5th bits)


Chapter 3

Class 8th bit 7th bit Universal 0 0 Application 0 1 Context-specific 1 0 Private 1 1

P/C bit:0: primitive1: construct

50

TLV Encoding- INTEGER

• INTEGER: Universal 2• Type: 00000010 [Class (00), P/C (0), Tag (00010)]• Length:

• If Value length ≤ 127 → Use 1 octet (with b8 = 0)• If Value length > 127 → Use >1 octet (with b8 = 1)

First octet indicates number of octets that follow to specify the Value length. Example: 128 → 10000001 10000000

• Value:• If Value > 0 (always MSB = 0 → add more octets if needed)

Example: 255 → 00000000 11111111• If Value < 0 → twos-complement

Takes the absolute value and inverts all 1s to 0s and all 0s to 1s, then adds 1. Example: -5 → 11111011

• Example: TLV for 255→ 00000010 00000010 00000000 11111111

Type Length Value

Class(7-8th bits)

P/C(6th bit)




Chapter 3


51

Notes

TLV Encoding- OCTET STRING

• OCTET STRING: Universal 4

• Type: 00000100 [Class (00), P/C (0), Tag (00100)]

• Length: Number of octets in Value.

• Value: Binary representation of string.

• Example: TLV for ‘0C1B’ →00000100 00000010 00001100 00011011

Type Length Value

Class(7-8th bits)

P/C(6th bit)




Chapter 3


52

Notes

Macro

• Macro is used to create new data types• TYPE NOTATION → defines the syntax of new types• VALUE NOTATION → defines the syntax of new values

<macroname> MACRO ::=

BEGIN

TYPE NOTATION ::= <syntaxOfNewType>

VALUE NOTATION ::= <syntaxOfNewValue>

<auxiliaryAssignments>

END

CS8803 OBJECT-IDENTITY STATUS current DESCRIPTION "A graduate-level network

management course offered every fall by College of Computing in Georgia Institute of Technology."

::= {csclasses 50}


Example:

Chapter 3

Macro from RFC 2578 (SMIv2):

OBJECT-IDENTITY MACRO ::=BEGIN

TYPE NOTATION ::="STATUS" Status"DESCRIPTION" TextReferPart

VALUE NOTATION ::= value (VALUE OBJECT IDENTIFIER)Status ::= "current" | "deprecated" | "obsolete“ReferPart ::= "REFERENCE" Text | empty Text ::= value(IA5String)

END

53


Chapter 3

Part II

Chapter 13Network Management Applications

54

Notes

Network and Systems Mgmt

Networked Information Systems

BusinessManagement

ServiceManagement

NetworkManagement

SystemManagement

ElementManagement

ResourceManagement

NetworkElements

SystemResources

Figure 13.1 Network and System Management

• TMN architecture expanded to include systems management


Chapter 13

55

Notes

Functional Model

OSIFunctional Model

FaultManagement

ConfigurationManagement

PerformanceManagement

SecurityManagement

AccountingManagement


• Configuration management• Set and change network configuration and component parameters• Network provisioning• Inventory management• Network topology• Set up alarm thresholds

• Fault management• Detection and isolation of failures in network• Trouble ticket administration

• Performance management• Monitor performance of network

• Security management• Authentication• Authorization• Encryption

• Accounting management• Functional accounting of network usage

Chapter 3

56

Notes

Network Provisioning(Configuration Management)

• Provisioning of network resources• Design• Installation and maintenance

• Circuit provisioning in telephone industry• Circuit-switched network• Automated process

• Provisioning for packet-switched network based on:• Performance statistics• QoS requirements• Example: Provisioning of links is based on average and peak demands

• ATM networks• Permanent virtual circuit (PVC)• Switched virtual circuit (SVC)


Chapter 13

57

Notes

Inventory Management(Configuration Management)

• Inventory Management of:• Equipment • Facilities

• Efficient Database system:

• Indices and keys for easy access and search• Characteristics of components• Status of components


Chapter 13

58

Notes

Network Topology(Configuration Management)

• Manual• Filter parameters → impose constraints• Auto-discovery by NMS using

• Broadcast ping• ARP table in devices (e.g., local router)

• Mapping of network• Layout• Layering

• Views• Physical• Logical


Chapter 13

59

Notes

Traditional LAN ConfigurationHub 1

Hub 2

A1

Router

Port BSegment B

Port ASegment A

A2

B1

B2

Router

Segment A / Hub 1

A2A1

Segment B / Hub 2

B2B1

Figure 13.2 LAN Physical Configuration

Figure 13.3 Logical Configuration of Two LAN Segments

• One-to-one mapping between physical and logical configuration


Chapter 13

60

Notes

Virtual LAN Configuration

• Physical and logical configurations different• Physical location obtained from System group

Hub 1

Hub 2

A1

Router

B1

A2

B2

Switch

Port A / Segment APort A / Segment B

Figure 13.4 VLAN Physical Configuration

Segment B

Segment A

Segment B

Segment A

Router

Segment A / Hub 1 & 2

A2 (Hub 2)A1 (Hub 1)

Segment B / Hub 1 & 2

B2 (Hub 2)B1 (Hub 1)

switch

Figure 13.5 Logical Configuration of Two VLAN Segments


Chapter 13

61

Fault Management• Fault is a failure of a network component

• Results in loss of connectivity

• Fault management involves a 5-step process:1. Fault detection

• Polling• Traps: linkDown, egpNeighborLoss

2. Fault location• Detect all components that failed and trace

down the tree topology to where the problem starts

3. Restoration of service (has higher priority)4. Fault isolation

• Identification of root cause of the problem• Fault isolation by network and SNMP tools

to determine source of problem → Trouble ticket generated

• Use artificial intelligence /correlation techniques

5. Problem resolution → Trouble ticket closed


Chapter 13

62

Notes

Performance Management

• Tools

• Performance Metrics

• Data Monitoring (e.g., RMON)

• Problem Isolation (process similar to FM)

• Performance Statistics

• Tools:• Protocol analyzers• RMON• MRTG


Chapter 13

63

Notes

Performance Metrics

• Macro-level• Throughput• Response time• Availability• Reliability

• Micro-level• Bandwidth• Utilization• Error rate• Peak load• Average load


Chapter 13

• Macro-level parameters can be defined in terms of micro-level parameters

• Response time depends on both network and system performance.

64

Notes

Data Monitoring and Problem Isolation

• Data monitoring• Normal behavior• Abnormal behavior (e.g., excessive collisions, high packet loss, etc)• Set up traps (e.g., parameters in alarm group in RMON on object identifier of interest)• Set up alarms for criticality• Manual and automatic clearing of alarms

• Problem isolation• Manual mode using network and SNMP tools• Problems in multiple components needs tracking down the topology• Automated mode using correlation technology


Chapter 13

65

Notes

Performance Statistics

• Traffic statistics• Error statistics• Used in

• QoS tracking• Performance tuning • Validation of SLA• Trend analysis• Facility planning• Functional accounting


Chapter 13

• Statistics require large amount of data sampling → overhead traffic on the network.

• One solution is RMON → Collecting statistical data is done locally → Improves overall network performance.

66

Notes

Security Management

• Security threats• Policies and Procedures• Resources to prevent security breaches• Firewalls• Cryptography• Authentication and Authorization• Client/Server authentication system• Message transfer security• Network protection security


Chapter 13

67

Notes

Security Threats (RFC 3414)

ManagementEntity A

ManagementEntity B

Modification of informationMasquerade

Message stream modification

Disclosure

Figure 7.10 Security Threats to Management Information

• Modification of information: Contents modified by unauthorized user, does not include address change• Masquerade: change of originating address by unauthorized user• Message Stream Modification: Fragments of message altered by an unauthorized user to modify the meaning of the message• Disclosure: is eavesdropping. This does not require interception of message• Denial of service and traffic analysis are not considered as threats


Chapter 7

68

Notes

Security Threats

ManagementEntity A

ManagementEntity B

Modification of informationMasqueradeMessage stream modification

Disclosure

Figure 7.10 Security Threats to Management Information

• SNMPv3 addressed security threats using USM (user-based security model)• USM has two modules:

• Authentication module• Data integrity• Data origin

• Privacy module• Data confidentiality• Message timeliness• Message protection


Chapter 13

69

Notes

Policies and ProceduresBasic guidelines to set up policies and procedures:

1. Identify what you are trying to protect.2. Determine what you are trying to protect it from.3. Determine how likely the threats are.4. Implement measures, which will protect your assets in

a cost-effective manner.5. Review the process continuously and make

improvements to each item if a weakness is found.

• References:• Formal statement of rules for protecting organization’s technology and assets (RFC 2196)• Introduction to Firewalls (NIST)• Orange Book by National Computer Security Center (NCSC) rates computers based on security design features


Chapter 13

70

Notes

Accounting Management

• Least developed • Usage of resources• Hidden cost of IT usage• Functional accounting• Business application


Chapter 13

Date post:	02-Jan-2016
Category:	Documents
Upload:	bonnie-west
View:	226 times
Download:	1 times

1 Chapter 3 Basic Foundations: Standards, Models, and Language Network Management: Principles and...

Documents