ICmyNet.IS - Networking Information and Monitoring System

ICmyNet.IS - Networking Information and Monitoring System

GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009 Akademska mreža Srbijewww.amres.ac.yu

Content ConceptsFeaturesMonitoring elementsToolsUse casesFurther development

GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009

Architecture and User InterfaceJava platformLinux web application server MySQL/PostgreSQL database backendClient access

Web Interface - typical user access Standalone client application

NetIIS Server

NetIIS Web Interface

Client

NetIIS Standalone

Client

NetIIS Database

Monitored Network


Web Interface Independent to OSWeb browser – IE, MozillaTypical usageView and Edit modes


Standalone client applicationIndependent to OSEfficient GUI

advanced system configuration

Java web-start technology – RMI

Automatic download up-to-date software from server, local executionClients communicate with web server only, no direct access to DBSimplifies technical maintenance and support


NoteKeeps arbitrary text data Saving certain information connected to the parent element

Example: for Devices - history of comments about hardware changes, distributor of the device, period of guarantee, reaction procedure in the case of network problem etc.for Locations – description of the presented organizationfor Users – CVsfor Ports - troubleshooting procedures in case of failure


UserPeople in charge (helpdesk, administrator, operator, contact, email)Relevant information (name, address, telephone)NetIIS user

usernames and passwordsPermissions for access to the system – read and write

Predefined users: guest – access public data with read permission, no password requiredadministrator – full read/write access to data and all tools


UserUser Group

User and User group


Networking information systemPresents all objects from the external world in the most efficient and easily understood wayHierarchically organised and presented by a tree

Basic elemets:Folder

Location

Device

Port


Monitoring SystemPassive and active monitoring the network status – status of devices, ports, links, servicesPerforms:

Performance measurementFailure notification

Configured on Devices or Ports and in that context are executed


MonitorPermanently and periodically observes the status of the computer networkDefined within devices or ports as their childrenTypical presentation - putting monitors in groupsMonitor types:

Traffic monitorPort monitorSNMP monitorping monitorservice monior (nagios plug-ins)external monitor


RRD ChartMRTG like chartArbitrary time frameDefined under the MonitorsPurpose:

Measures the values of the monitor during a period of time Shows the chart for a chosen period of time


AlarmDefined under the Monitors Compares values of the monitor within given thresholdsAlarm activation in the case of criteria fulfilmentCan execute the given notification action Two general types

Bad Alarm (connection failure)Good Alarm (link recovery)

Critical levels in the range from -10 to +10.


ActionAction is adjoined to certain Alarms Define in which way the NetIIS system is going to react in the case of alarm activation. There are 2 types of action:

E-Mail Action - sends e-mail messages to a certain user or user groupsSMS Action - sending SMS messages to a certain user or user groups.

Defining messages of arbitrary content that are sent with other parameters connected to adhered alarms and monitorDefault Action is notification in the Event log


Traffic MonitorPredefined SNMP monitor under Port object Measures data traffic through the network interfaceVariables:

var(1) and var(2) - Bytes per secvar(3) and var(4) - bits per sec

RRD Chart for var(3) and var(4)Input traffic - green colourOutput traffic - blue colour

Alarms can be set up to react to certain traffic intensity.


Ping MonitorDefined under Device objectExecutes native ICMP ping service towards this device Measures the results of ping command

6 variables for packet delay and percentage of lost packets

Variables Descriptionvar(1) Minimum RTT (Round Trip Time ) – minimum delay var(2) Maximum RTT (Round Trip Time) – maximum delayvar(3) Average RTT (Round Trip Time ) – average delay var(4) Sent Packets – number of sent packetsvar(5) Received Packets – number of received packetsvar(6) Packet Loss – percent of lost packets (100* var(5)/ var(4))

Includes two RRD Chart objectsPing Delay - measures the minimum and maximum delay of ping packets (var(1) and var(2))Ping Loss - measures the percentage of lost packets (var(6))

Alarms for the Ping Loss percentage


Port MonitorPredefined SNMP monitor under Port object

Observes administrative and operational status of the network interfaces

var(1) – administrative status (1.3.6.1.2.1.2.2.7)var(2) – operational status (1.3.6.1.2.1.2.2.8)

Children:RRD Chart related to administrative and operational statuses Alarms related to the operational status

Good Alarm – "var(2) == 1". Message: "Link is UP"Bad Alarm –"var(2) != 1". Message is: "Link is DOWN“Mail action is configured on Alarms with the same message.

Value Status1 Up2 Down3 Testing4 Unknown5 Dormant

Operational port status


Port Monitor

Router A Router X

DOWNDOWN

Trap support


Packet Loss = 0 %

Router B

Router A Router X

DOWNDOWN UPUP

Ping and Port Monitors usage


Pre-defined SNMP MonitorsPre-defined and often used SNMP

Monitors are:Packets MonitorBGP MonitorCPU Load Monitor System Memory Monitor


Packet MonitorMeasures packets flow on the interface in a similar way to Traffic MonitorUseful in the case of detecting anomalies in the network trafficIn the case of DoS attack or an attempt of virus expansion on the network, the network traffic (in bps) does not have to rise, but it will increase the number of packetsTwo variables:

Var(1) - Interface In Packets (unicast) OID= .1.3.6.1.2.1.2.2.1.17 Var(2) - Interface Out Packets (unicast) OID= .1.3.6.1.2.1.2.2.1.18

Unit: Packets per secondRRD can be attached to the Monitor


BGP MonitorMeasures the status of BGP sessions Monitor in variable var(1) returns the current status of the session with certain peer. OID suffix is required - IP address of the BGP peer

.1.3.6.1.2.1.15.3.1.16.147.91.0.112RRD Chart assigned

State Description1 Idle Session has not been configured2 Connect Attempt to connect, session still

not established 3 Active Attempt to establish session,

session still not established4 OpenSent Request for connection sent,

session still not established5 OpenConfirm Answer for request received,

session still not established6 Established Session successfully

established


CPU Usage MonitorThree variables, the processor utilization in time intervals of 5s, 1min and 5minCorrespondent OID’s are not standardised, they are specified exclusively for Cisco devices and belong to the MIB hierarchy of the Cisco SystemsRRD Chart refers to the variable var(2), for processor utilization in the time interval of 1min


System Memory MonitorMeasures more variables, specified exclusively for Cisco devicesRequests input of suffixes to the defined OIDs• Processor memory - suffix .1• interface memory - suffix .2, .3 or even higher value

RRD Chart refers to variables var(4) and var(8), for the memory usage in percentage. var Description

var(1) Memory Name - memory name that is being monitored

var(2) Used Memory (suffix) – used memory in bytes

var(3) Free Memory (suffix) – free memory in bytes

var(4)

Used Memory – free memory in percentage 100 * var(2) / (var(2) + var(3))

var(5) Memory Name – memory name that is being monitored

var(6) Used Memory (suffix) – used memory in bytes

var(7) Free Memory (suffix) – free memory in bytes

var(8)

Used Memory – free memory in percentage 100 * var(6) / (var(6) + var(7))


Service monitor – nagios plug-in


Service monitor – nagios plug-in


ReportSelected SNMP variables shown predefined tableExecuted on the user’s request (on-demand) Recognizes existing monitors and charts


GroupServes for grouping other objects for joint presentation in certain formObjects are grouped by creating shortcutsObjects can be assigned to a number of groups. One group can contain other groupsGroup types:

Simple Group (default) - showing elements in a table formatGraph - graphical presentation of the topologyLooking Glass - joins devices that enable remote command execution - Looking Glass functionality


Group


Data hierarchySetup process


Link hierarchyNetwork topology


Link hierarchyNetwork topology


AutoDiscoveryAutoDiscovery function aims:

Easing the initial database populationUpdating - topology, new devices and relevant data

AutoDiscovery types:Device Attributes Discovery – system data Ports Discovery - interfaces data CDP Neighbours Discovery – likn topologyLayer 3 Hosts Discovery – ARP table

Discovery on hop-by-hop basisBetter overview and control over the processNo retrieval of the entire network Possibility of clear database organisation in the system


Lokacija A

Lokacija 1

Ruter 1

Lokacija A3

Ruter B

Serial 0

Serial 1

Ruter A

Ruter C

Ruter D

Serial 1

Router A

Serial 0

Ruter A2

Ruter A1

Ruter A3Ruter A3

•ModelModel•WarrantyWarranty•Contract Contract

numbernumber……

PC1

PC2

PC3

PC4

PC5

M

M

AutoDiscovery


Other ConceptsRepository

inactive predifined objects

Recycle Bindeleted objects

ToolsEvent LogAlertsChart viewerSLA reports Search panel


Event Log


AlertsCurrent alerts (active alarms)


Chart viewer


SLA reportService Availability Statistics


Use casecorporate network example


















Questions...

Documents

ICmyNet.IS - Networking Information and Monitoring System