Date post: | 22-Jan-2015 |
Category: |
Documents |
Upload: | networksguy |
View: | 674 times |
Download: | 4 times |
2. What is network management?
" Network managementincludes the deployment, integrationand coordination of the hardware, software, and humanelements to monitor, test, poll, configure, analyze, evaluate,and control the network and element resources to meet thereal-time, operational performance, and Quality of Servicerequirements at a reasonable cost." 3. What would we like NM to do?
4. ISO NM model
5. Infrastructure for network management managed device managed device managed device managed device network management protocol definitions: managed devicescontain managed objectswhosedata is gathered into a Management Information Base (MIB) managing entity agent data agent data agent data agent data managing entity data 6. Network Management standards
7. SNMP overview: 4 key parts
8. SMI: data definition language
Basic Data Types INTEGER Integer32 Unsigned32 OCTET STRING OBJECT IDENTIFIED IPaddress Counter32 Counter64 Guage32 Tie Ticks Opaque 9. SNMP MIB OBJECT TYPE: OBJECT TYPE: OBJECT TYPE: objects specified via SMI OBJECT-TYPEconstruct MIB module specified via SMIMODULE-IDENTITY (100 standardized MIBs, more vendor-specific) MODULE 10. SMI: Object, module examples
ipInDelivers OBJECT TYPE SYNTAXCounter32 MAX-ACCESSread-only STATUScurrent DESCRIPTION The total number of inputdatagrams successfullydelivered to IP user- protocols (including ICMP) ::= { ip9} ipMIB MODULE-IDENTITY LAST-UPDATED 941101000Z ORGANZATION IETF SNPv2 Working Group CONTACT-INFO Keith McCloghrie DESCRIPTION The MIB module for managing IP and ICMP implementations, but excluding their management of IP routes. REVISION 019331000Z ::= {mib-2 48} 11. OBJECT-TYPE examples
12. MIB example: UDP module Object IDNameTypeComments 1.3.6.1.2.1.7.1UDPInDatagramsCounter32total # datagrams delivered at this node 1.3.6.1.2.1.7.2UDPNoPortsCounter32# underliverable datagrams no app at portl 1.3.6.1.2.1.7.3UDInErrorsCounter32# undeliverable datagrams all other reasons 1.3.6.1.2.1.7.4UDPOutDatagrams Counter32# datagrams sent 1.3.6.1.2.1.7.5udpTable SEQUENCEone entry for each port in use by app, gives port # and IP address 13. SNMP Naming
1.3.6.1.2.1.7.1 ISO ISO-ident. Org. US DoD Internet udpInDatagrams UDP MIB2 management 14. OSIObjectIdentifierTree Check outwww.alvestrand.no/harald/objectid/top.html 15. SNMP protocol
Managed device response Managed device trap msg request/response mode trap mode agent data managing entity agent data managing entity request 16. SNMP protocol: message types GetRequest GetNextRequest GetBulkRequest Mgr-to-agent: get me data (instance,next in list, block) Message type Function InformRequest Mgr-to-Mgr: heres MIB value SetRequest Mgr-to-agent: set MIB value Response Agent-to-mgr: value, response toRequest Trap Agent-to-mgr: inform manager of exceptional event 17. SNMP protocol: message formats 18. SNMP security and administration
19. The presentation problem
problem:different data format, storage conventions struct { char code; int x; } test; test.x = 259; test.code=a test.code test.x test.code test.x host 1 format host 2 format a 00000001 00000011 a 00000011 00000001 20. Solving the presentation problem
21. ASN.1: Abstract Syntax Notation 1
22. TLV Encoding
1 2 3 4 5 6 9 Boolean Integer Bitstring Octet string Null Object Identifier Real Tag Value Type 23. TLVencoding:example V alue, 5 octets (chars) L ength, 5 bytes T ype=4, octet string V alue, 259 L ength, 2 bytes T ype=2, integer 24. From Centralized to Distributed Centralized Hierarchical Distributed Monitoring Correctionaction Abnormality detection Discovery 25. Firewalls
isolates organizations internal net from larger Internet, allowing some packets to pass, blocking others. firewall 26. Packet Filtering
27. Application gateways
1.Require all telnet users to telnet through gateway. 2.For authorized users, gateway sets up telnet connection to dest host. Gateway relays data between 2 connections 3.Router filter blocks all telnet connections not originating from gateway. host-to-gateway telnet session gateway-to-remotehost telnet session application gateway router and filter 28. Limitations of firewalls and gateways