Agenda

1. Quiz 2. Homework 3. Test Review 4. Network Management Paper 5. CMIS 6. RMON 7. Network Management Tools

Homework

9-4, 10-1, 10-2, 10-3, 10-4 & 10-5.

Mid Term Examination

Average score = As (all varieties) = 89 or higher Bs (all varieties) = 70 or higher

Options for extra credit for grades below 70a. Retest: Midterm grade will be average of 2 testsb. Short Research Paper

4-7 pages if mid term grade was 60 - 69 7-10 pages if mid term grade was 50 - 59

13-16 pages if mid term grade was below 50

Question 1

What are the principal things that “ping” and “trace route” show you?

Ping shows you the time to a location and the packet loss. (It’s actually used most often just to make sure a device is connected to the network.)

Trace route shows you the number of hops required to get to a location.

Question 2

If a QPSK signal is sent over a 3 KHz channel where the signal-to-noise ratio is 30 dB, what is the maximum achievable data rate?

Nyquist: Max Data Rate = 2 H log2 V

Shannon: Max Data Rate = CBW log2 (1 + S/N)

Question 3

A database operates on a 10 Mbps line. The average input has 1,000 bytes of questions. The average output has 1 Million bytesof answers. Database processing time averages 9 seconds. What is thetotal response time if you assume 8 bits per byte? If the 10 Mbps ispart of a SONET MAN, what determines if there is a congestionproblem?

Question 4

The OSI network management architecture model has four models.Name them and give their principal functions.

Network Management

Network Management

Organizational Model

Information Model

Communication Model

Functional Model

Network Management

Organizational Model:• Describes components of a network management system• Focuses on functions and infrastructure• Objects are network elements such as hubs, bridges, routers, etc.• Managed elements have a process running them called an agent• Manager queries the agent, gets information, processes it and stores it in the MIB

MIB

agent agent

Managed Objects

Unmanaged Objects

Manager Note: This is a simplified hierarchicalset up

Network Management Information Model:

• Deals with structure & organization of management information• Specifies the structure of management information (SMI)• Specifies the management information base (MIB)• SMI defines the syntax and semantics of information stored• MIB is used by the agent and management process to store info• MDB is the real database with measured or administratively configured data on the elements in the network

MIB

agent agentManaged Objects

Unmanaged Objects

Manager MDB

Network Management Communication Model:

• Has three components•Management information processes that function in the

application layer• Layer management between the layers

• Transport protocol is medium of exchange• Application protocol is the message format• Actual message

• Layer operation within layers

Network Management

Functional Model:Network Management is the process of controllinga complex data network to maximize its efficiency and productivity. It should include:• Fault Management • Configuration Management• Security Management• Accounting Management• Performance Management

Fault Management

Detection and isolation of the problem causing failure in a network. Fault management can:• monitor the physical or other layers• be self healing• trouble ticket based • a nightmare

Configuration Management

Configuration Management consists of the following steps:1. Gather information about current network.2. Use that data to modify the configuration of the network device.3. Store the data, maintain an up-to-date inventory of all network components and produce carious reports.

Security Management

The Security Management process includes the following steps:• Identify the sensitive information. • Find the access points.• Secure the access points.• Maintain the secure access points.

Accounting Management

Should track server utilization:• Is a delicate balance• Involves internal and external issues• Is the most political of the management issues

Performance Management

Measuring Performance-Including but not limited to:• Throughput• Response time• Percent utilization• Error rates• Availability

Question 5

What are the principal advantages of SNMPv2 over SNMP and the principal advantages of SNMPv3 over SNMPv2?

SNMPv2

SNMP DRAWBACKS1. Officially standardized only for use on IP networks2. Inefficient for large table retrievals3. Uses cleartext strings for security, leaving it relatively unsecure4. Standards are always necessary but never sufficient

SNMPv2 FEATURES INCLUDE:1. Additions to the SMI2. New Message types3. Standardized multiprotocol support4. Enhanced security5. New MIB objects6. Backward compatibility

SNMPv3 Advantages

SNMPv3 has markedly improved security

SNMPv3 has improved modularity and flexibility

RFC 2273 defines three MIBs to support SNMPv3 applications:

• The Management Target MIB• The Notification MIB• The Proxy MIB

Question 6

What three questions are implicit in the question, “Can remotesite management be established?”1. How much can we spend?

a. Initiallyb. On a continuing basis

 2. What equipment and people will be made available?

a. For installationsb. For continuing managementc. For maintenance and repair

 3. How much time do we have to deliver?

Question 7

Explain succinctly the difference between the database of a networkManagement system and its MIB. How do you implement each in a network management system?

The database is physical, containing network objects and values. It isImplemented with any open or proprietary database software. The MIB is virtual. It is a structure that is used by managers and agentsto exchange information about network objects. It has a hierarchicalStructure and the schema is compiled into the management and andagent management software.

Question 8

What are the four subsystems in the SNMPv3 engine

SNMP entity (RFC 2271)

Command Generator

Notification Receiver

Proxy Forwarder

Command Responder

OtherNotification Originator

DispatcherMessage

Processingsubsystem

Securitysubsystem

Accesscontrol

subsystem

SNMP Engine (identified by SNMPEngineID)

Application(s)

SNMP (architecture)

Dispatcher subsystem: One dispatcher in an SNMP engineOne dispatcher in an SNMP engine transport mapper delivers messages over the

transport protocol. Handles multiple version messagesHandles multiple version messages

- Determines version of a message and interacts with corresponding module

Interfaces with application modules, network, and Interfaces with application modules, network, and message processing modelsmessage processing models

Three components for three functionsThree components for three functions– Transport mapper delivers messages over the Transport mapper delivers messages over the

transport protocoltransport protocol– Message Dispatcher routes messages between Message Dispatcher routes messages between

network and appropriate module of MPSnetwork and appropriate module of MPS– PDU dispatcher handles messages between PDU dispatcher handles messages between

application and MSPapplication and MSP

SNMP (architecture cont.)

Message Processing Subsystem: Contains one or more Message Processing ModelsContains one or more Message Processing Models Interacts with dispatcher to handle version-specific SNMP Interacts with dispatcher to handle version-specific SNMP

messagesmessages One MPS for each SNMP versionOne MPS for each SNMP version SNMP version identified in the headerSNMP version identified in the header

Security and Access Control Subsystem:Security and Access Control Subsystem: Security at the message levelSecurity at the message level

– Authentication Authentication – Privacy of message via secure communicationPrivacy of message via secure communication

Flexible access controlFlexible access control– Who can accessWho can access– What can be accessedWhat can be accessed– Flexible MIB viewsFlexible MIB views

Question 9

You manage a communications network that has identical satellite terminals connecting the office in Paris with the corporate database in Washington D.C. The following parameters apply: C/N = 70 dB, M = 5 dB, L = 203 dB, G = 63.4 dB &

T = 100°K. What is your satellite power requirement in dBw for the Washington D.C. receive side?

EIRP = 10 log R + Eb/No + L + M + K – G/T

Question 10

What are the three SNMPv2 management information bases?

SNMPv2 MIBs

SNMP uses three management information bases

• SNMPv2 MIB

• Manager-to-manager MIB

• Party MIBJMNS*

JCRD*

SNMPv2 MIBs

SNMPv2 MIB GROUPSName Provides Objects To:

SNMPv2 Statistics Group Give stats about manager or agent, mostlymsgs that could not be processed

SNMPv1 Statistics Group Give stats about manager or agent thatcommunicates with SNMPv1

PurposeObject Resource Group Provide information that defines which

objects an agent can define dynamicallyTraps Group Provides information about each of the

traps an agent can sendSet Group Provides a single object that allows

multiple managers to send SNMP Setmessages to a single agent (set serial #)

SNMPv2 MIBs

MANAGER-TO-MANAGER MIB GROUPSName PURPOSE

The Alarm Group The objects in this group allow you todefine two thresholds over a duration of time

The Event Group The objects in this group allow you todefine events. It has two tables,one to specify the type of notification the probe should invokewhen the event triggers and the second to log the event.

SNMPv2 MIBs

PARTY MIB Name PURPOSE

The Party Database Group Information which is stored on thedevice about all known local andremote parties.

The Contexts Database Group Deal with privileges

The Access Privileges Database Group between manager and agent, e.g., localMIB View Database Group and remote contexts, access control policies,

defined MIB views, etc.

Discussion

Network Management Paper

Deliverables

1. Proposal Part Ia. System Analysisb. Requirements Specificationc. Protocol(s) Assessment (with recommendations on appropriate network management structure)

2. Proposal Part IIa. Proposed System Designb. Knowledge (network & functional) Management Plan

New Network Management Tools: General Issues

Individual tools choose specific devices to get specificstatistics:

• They don’t try to tackle all tasks• They don’t always perform exception reporting• They don’t usually perform configuration management• They usually don’t do applications monitoring (but they should)• They provide reports that meet specific needs of the users• They sort reports based on criteria you develop/choose

You shouldn’t compare costs until you know what you want and what you need

Network Management Tools: General Qualities

Tool Good Thing Bad Thing How Collects Data

NextPoint S3 Accuracy Remote SNMP MIB2Admin RMON & 2

Cisco Disc

VitalNet Fast & Flexible Accuracy RMON

Network Health Maturity & No Alarms RMON & 2Reliability

NetMetrix/UX Reporting Not User SNMP MIB2Friendly RMON & 2

New Network Management Tools: Functionality

Tool Database Operating Sys Real Time Reports

NextPoint S3 Oracle & NT 4 SP 5 No Access

VitalNet Sybase & NT 4 SP 5 No MS SQL

Network Health Ingres NT 4 SP 4/5 No HP/UX 10.54 Solaris 2.X

NetMetrix/UX Proprietary NT Net Perfmnce Yes flat file HP/UX 10.20/11

Solaris 2.5/6

New Network Management Tools: Net Comp Evaluation

Services Wt. NextPt. S3 VitalNet NetHealth NetMetrix 2.5 7.0 4.5 6.02

Net Performance Info 30% 5 5 4 4Reliability 30% 4 3 5 4 Administration 20% 4 4 4 4 Ease of Use 10% 4 5 3 2 Price 10% 2 3 3 4 Total Score 4.25 4.20 4.05 3.7 B+ B+ B+ B Companies: NextPoint: NextPoint Networks (Now P/O Check Point Technologies) VitaNet: Lucent TechnologiesNetwork Health: Concord Communications NetMatrix/UX: Agilent (Hewlett Packard subsidiary)

Note: Scores weighted 0-5

Management In The OSI Stack

ACSE ROSEPresentationSessionTransportNetworkData LinkPhysical

Mgt Appl ProcessCMISE

Common Management Information Services (CMIS)

Foundation:• Each CMIS service is a single operation that a network management operation can perform.• Any application that performs systems manage- ment is a CMISE-service-user. • The existence of defined services between peer open systems is an important difference between CMIS and SNMP.• CMIS has defined three classes of service

• Management Association• Management Notification• Management Operation

Common Management Information Services (CMIS)

Management Association:• M-INITIALIZE institutes an association• M-TERMINATE terminates an association• M-ABORT is used for abnormal termination

Management Notification:• M-EVENT-REPORT services are CMIS traps (although less structured)

Common Management Information Services (CMIS)

Management Operation:• M-GET is like Get-Request •M-CANCEL-GET cancels M-GET •M-SET is like Set-Request allowing modification of info •M-ACTION is like Set-Request invoking new action, like delegating fault management •M-CREATE creates another instance of a managed object •M-DELETE deletes an instance of a managed object

CMIS/Common Management Information Protocol (CMIP)

Foundation:• Is the protocol that accepts operations and initiates instructions• Uses ROSE to send messages across the network

Problems (because it’s so powerful):• Requires large amounts of overhead• Is difficult to implement

Common Mgt. Information Services over TCP/IP (CMOT)

ACSE ROSELightweight Presentation Protocol (LPP)

SessionTCP UDP IPData LinkPhysical

Mgt Appl ProcessCMISE Tough, really tough!

ACSE (Association Control Service Element) handles association establishment & release.ROSE (Remote Operations Service Element)is the application protocol used to access remotesystems.LPP is effectively an abbreviated PresentationLayer.

RMON

Remote Monitoring (RMON) is a standard monitoring specification that enables various network monitors and console systems to exchange network-monitoring data.

It provides network administrators with more freedom in selecting network-monitoring probes and consoles.

It provides network administrators with comprehensive network-fault diagnosis, planning, and performance-tuning information.

It allows you to set up automatic histories, which the RMON agent collects over a period of time, providing trending data on such basic statistics as utilization, collisions, and so forth.

RMON (cont.)

Defines a remote network monitoring MIB. Is an addition to the basic set of SNMP standards. Provides a common platform from which to monitor multi-vendor networks.

Why RMON?

With MIB-II the network manager can obtain information that is purely local to the individual devices. Information pertaining to traffic on the LAN as a whole? Collision domain concept

Features of RMON

Is primarily a definition of a MIB.

Is used to passively monitor data transmitted over LAN segments.

Provides interoperability between SNMP-based management consoles and remote monitors.

RMON Goals

•Off-line operation:

RMON MIB allows a probe to be configured to perform diagnostics even in the absence of communication with the management station.

•Proactive monitoring:

A monitor can continuously run diagnostics and log network performance. In the event of a failure, the monitor can supply this information to the management station.

RMON Goals (cont.)

•Problem detection and reporting:

The monitor can be configured to recognize error conditions, continuously check for them and notify the management station in the event of one.

•Value added data:

A remote monitoring device can add value to the data it collects by highlighting those hosts that generate the most traffic or errors.

•Multiple Managers-An organization can have multiple management

stations for different units. The monitor can be configured to deal with more than one management station concurrently.

RMON2 RMON2 is an extension to RMON. The main added feature is providing RMON analysis up to

the application layer. It decodes packets at layer 3 through 7 of the OSI model.

The two major capabilities as a result are as follows:

1. An RMON probe can monitor traffic on the basis of network-layer protocols and addresses, including the Internet Protocol (IP). This enables the probe to look beyond the LAN segments to which it is attached and to see traffic coming onto the LAN via routers.

2. Because an RMON probe can decode and monitor application level traffic, such as email, file transfer, and World Wide Web protocols, the probe can record traffic to and from hosts for particular applications.

RMON2 (cont.)

RMON2 probe is not limited to monitoring and decoding network -layer traffic.

RMON2 probe is capable of reading the enclosed higher level headers such as TCP, which allows the network managers to monitor traffic in greater detail.

With RMON2 , a network management application can be implemented that will generate charts and graphs depicting traffic percentage by protocols or by applications.

RMON2 MIB

The RMON2 MIB adds a number of groups to the original RMON MIB. These groups are as follows:

Protocol Directory (protocolDir): a master directory of all of the protocols that the probe can interpret.

Protocol Distribution (protocolDist): aggregate statistics on the amountof traffic generated by each protocol, per LAN segment.

Address Map (addressmap): matches each network address to a specific MAC address and port on an attached device and the physicaladdress on this subnetwork.

Network-Layer host (nlhost): statistics on the amount of traffic intoand out of hosts on the basis of the network-layer address.

RMON2 MIB (cont.)

Network-Layer Matrix(nkMatrix): statistics on the amount of traffic between pairs of hosts on the basis of network-layer address.

Application-Layer Host (alHost): statistics on the amount of traffic into and out of hosts on the basis of application-level address.

Application-Layer Matrix (alMatrix): statistics on the amount of traffic between pairs of hosts on the basis of application-level address.

User History collection (usrHistory): periodically samples user-specified variables and logs that data based on user-defined parameters.

Probe configuration (probeConfig): defines standard configuration parameters for RMON probes.

Structure of Management Information (SMI)

SMI defines the general framework for defining SNMP MIBs. It describes how the managed objects (MOs) can be defined in the MIB, data types and values MOs can have and how MOs are named. The SNMPv2 SMI provides for more elaborate specification and documentation of managed objects and MIBs. The new SMI enhancements provides a systematic and more powerful technique for row creation and deletion. The SNMPv2 SMI also includes new macros for defining object groups, traps, compliance characteristics, and capability characteristics.

SMI (cont.)

The SMI is divided into three parts: 1. module definitions:Module definitions are used when describing information modules. An ASN.1 macro, MODULE-IDENTITY, is used to concisely convey the semantics of an information module.2. object definitions:Object definitions are used when describing managed objects. An ASN.1 macro, OBJECT-TYPE, is used to concisely convey the syntax and semantics of a managed object.3. notification definitions:Notification definitions are used when describing unsolicited transmissions of management information. An ASN.1 macro, NOTIFICATION-TYPE, is used to concisely convey the syntax and semantics of a notification.

SMIv3

An evolution of SMIv2- the rules for writing MIBs (for the last 7+years)

Charter of IETF’s SMIng WG:- programming language like data model- aggregated data structures with containment hierarchy- backward compatible with SMIv2

WG received two proposals. First proposal:

- SMIng from NMRG (Internet Research Group)- object-oriented language, with mappings to SMIv2 (and COPS-PR)

SMIv3 (cont.)

Second proposal: - SMI-DS from Andy Bierman (Cisco)

- a smaller deviation from SMIv2- formal definition of aggregate types: array, union, struct.- OID extended to allow access to component data items.

In the beginning WG agreed to pursue a merging of the two proposals.

None of the two proposals found enough consensus and the merger did not succeed, so the Working Group was closed down in April 2003.

WG is still considering other enhancements.

RMON on ATM

The ATM RMON feature allows you to monitor network traffic for

1. fault monitoring or

2. capacity planning.

The ATM RMON provides high-level per-host and per-conversation statistics in a standards-track MIB.

The ATM-RMON counter uses the per-VC counters already maintained in the hardware and polled by the software.

The ATM RMON agent can report cell traffic statistics by monitoring connection management activity. At connection setup and release time, some ATM-RMON bookkeeping code is executed. The amount of information varies, depending on the ATM RMON configuration.

RMON on ATM (cont.)

The ATM-RMON bookkeeping capability significantly reduces the processing requirements for ATM-RMON, and allows collecting statistics on many or all the of ATM switch router ports at once.

The ATM-RMON agent uses the 64-bit version of each cell counter, if 64-bit counter support is present in the SNMP master-agent library.

Conclusion SNMPv3 is not that hard. It beats the pants off SNMPv1 for security . So get your network moved over to SNMPv3. You will sleep much better.

One Caveat: As part of your deployment process, be sure to test the security of SNMPv3. Do not rely on the implementations from your suppliers to be correct. Suppliers often miss the mark. Test for false positives - SNMPv3 agents or managers that accept invalid authentication and/or privacy keys. The SNMP tester should be sure to use a valid key with extraneous characters appended or prepended.

Network monitors Devices that have been employed to study the traffic on the network as a whole. Also called probes or network analyzers. Operate typically in promiscuous mode. Produce summary information, including error and performance statistics. Monitor may also store packets for later analysis. Filters may be used. Can be a stand-alone device dedicated to capturing and analyzing traffic. Can be a device with other duties, such as a workstation, a server or a router that captures and analyzes traffic. Needs to communicate with a central network management station.