Embed Size (px)
Citation preview
Managing Enterprise Networks
The necessary minimal components required for making a system manageable are:
• MBIs• Agents/entities-host on network devices to provide management facilities• Scripts for manipulating MIB objects• Java/C/C++ software modules for manipulating MIB objects
MIBs provide a detailed description of the managed data objects. Typically, the description of each MIB object consist off:
• Accessibility (read-only, read write, not-accessible)• Status (mandatory, deprecated)• Description
Managing Enterprise Networks (cont.)
Agents (or entities in SNMPv3) are software components that implement the MIB and map the objects to real data on the NE, provide the managed object definitions for underlying systems:
• Serial interfaces • Serial interface attributes such as bit rate, word size, and parity• IP address
Standards based consolidation of management systems can help enterprises to achieve the following:
• Fewer and simpler user interfaces for managing network systems• Reduction in the time required for IT staff training• Faster resolution of NE problems, such as switch interface congestion
Managing Enterprise Networks (cont.)
Manageability
For the number of reasons, not all NEs lend themselves to flexible, integrated, centralized management. This tend to add to the cost of ownership and arises for range of reasons:
• The NE is a legacy device with proprietary management infrastructure • The NE implements only SNMPv1 with support for set operations• The NE implements only SNMPv1 without support for set (a set operations is an update to a network-resident manage object operations)• The NE supports SNMPv3, but it has been poorly implemented• The NE supports SNMP3 but has a number of low quality MIB modules• An NE is considered to have good manageability if it supports a well implemented SNMPv3 agent and a high-quality MIB
Operating and Managing Large Networks
Some important aspects of enterprise network management are:
•Availability of NEs, interfaces, links, and services • Discovery and inventory management• Monitoring the status of NEs, interfaces, links, virtual circuits, VLANs, and so on• Measuring traffic levels and checking for network congestion• Configuration – VLAN setup, SAN volume setup,storage allocations, remote control software• Service level agreement (SLA) reporting, SLA verification between an enterprise and SP• Security control – resistance to attacks from both sides of the firewall• Scalability – handling increased numbers of users, traffic, NEs,• Disaster recovery
Layers 2, 3, and 2.5
The primary protocols that SNMP implements are the User Datagram Protocol (UDP) and the Internet Protocol (IP).SNMP also requires Data Link Layer protocols such as Ethernet or TokenRing to implement the communication channel from the management to the managed agent.
Layer 2 and VLANs
• Layer 2 network that is logically divided in to VLANs
Layers 2, 3, and 2.5 (cont.)
The layer 2 technology has the following general characteristics:
• Path through the network can be resered either manually (by using ATM PVCs or MPLS LSPs) or using signaling (such as ATM PNNI, MPS LDP/RSVP-TE).• Path can be assigned different class of service, a crucial component for SLAs.• Layer 2 forwarding is fast because address can be looked up with hardware assistance. This is no longer an advantage of layer 2 devices because line-rate forwarding is now also possible with layer 3 devices (., routers)• ATM layer 2 forwarding allows for traffic policing where contract non-complaint cells can be tagged or dropped• DiffServ, policing and shaping are also available at layer 3
Layers 2, 3, and 2.5 (cont.)
Layer 3
• An IP network with an intermediate WAN that crosses an SP network
Layer 2.5 (or Sub-IP)
• MPLS operates at what is often called layer 2.5, that is, not quite layer 3 but also higher than layer 2• MPLS can also be deployed on router and brings numerous benefits to IP networks• VoIP traffic would need a higher class of service than email traffic • Traditional IP routing protocols, such as OSPF, IS-IS, and BGP4• Traffic engineering becomes possible. This help a void congested
Port and Interface
Interfaces some times referred to as logical ports
• Routing such as OSPF, IS-IS, BGB-4• Signaling, such as RSVP-TE and LDP• MPLS• IP
Why use Network Management?
There are a number of reason why network management is a crucial enterprise and SP component
• NEs don’t tend to have an over view of an entire network; management systems do• An NMS maintains useful records and audit trails of past configuration actions• If Net don’t support SNMP, then and NMS can facilitate a superior Command Line Interface (CLI)• NMS can facilitate network wide service like traffic engineering, QoS, planning, modeling, and backup/restore
Why Use Network Management? (cont.)
• NMS enable fast access to faults. Some network faults can be meaning fully processed only by an NMS• NMS assist in rebalancing networks after new hardware is add• Management system can provide network wide object support for service profile
What Is Network Management?
Network management provides the means to keep network up and running in as orderly a fashion as possible. Broadly speaking the functional area required for effective network management are:
• Fault• Configuration• Accounting• Performance• Security
The above points describe what we are known as the OSI functional areas of network management, FCAPS
• Who Produces Network Management Software?
Equipment vendors such as Cisco, Nortel, Hewlett-Packard, and Alcatel generally provide SNMP agent on their device, separately purchased, integrated management systems are also available from these and many other organizations
• These management systems typically run on UNIX or Windows NT/2K platform and feature GUIs, and fairly extensive FCAPS facilities
The Management System Pyramid• Operation Support System (OSS) • Network Management System (NMS)• Element Management System (EMS)
Other Management Technology
• Microsoft Systems Management Server (SMS)• Telnet-base menu systems• Series link-based menu systems• Desktop Management Interface (DMI)
Network Convergence and Aggregate Objects
From a network management perspective, VLANs are aggregate object make up of:
• Switches• Ports, MAC addresses, IEEE 802.1Q VLAN IDs• Links between separate VLANs
Use the term notification to mean any one of three different things
• Events• Faults• Alarms
SNMP: The De Facto Network Management Standard
The principal components of SNMP are:
• Agent• Managers• MIBs• A communications protocol
SNMP Facilitates the Exchange of Network Information Between Devices
The SNMP Agent
SNMP agent are the entities that reside on manage devices. Agent are the workhorses of management and provide the following functionality:
• Implementing and maintaining MIB objects• Responding to management operations such as requests• Generating notifications, both traps (acknowledged) and informs (acknowledged)• Implementing security – SNMPv1 and SNMPv2 support community-base security with clear-text passwords; stronger security (authentication and encryption) is avaiable with SNMPv3• Setting the access policy for external managers
The SNMP Agent (cont.)
SNMPv3 also provides an access control framework, which consists of:
• MIB view• Access mode to managed objects either READ-ONLY or READ-WRITE. A READ-ONLY
SNMP can be hosted on almost any computing device
• Windows NT/2K machines • UNIX hosts• Novell NetWare workstations and servers• Many network devices, including hubs, router, switches, etc.
The SNMP Agent (cont.)
The agent listens on UDP port 161
The SNMP Agent (cont.)
An SNMP-Managed Network Consists of Managed Devices, Agents, and NMSs
The SNMP Manager
SNMP managers are the entities that interact with the agent
• Getting and setting the values of MBI objects instances on agent• Receiving notifications from agents• Exchanging messages with other managers
Various mechanisms for accessing the EMS are allow including:
• Series• Telnet• SNMP
The SNMP Manager (cont.)
Facilities offered by management systems are:
• FCAPS (Fault, Configuration, Accounting, Performance, and Security)
• A centralized database• Reporting• Support for many simultaneous client users• Topology discovery• A full featured, multilevel GUI representing the managed network
The MBI
SNMP MIB Tables
• The SNMPv1 MIB defines highly structured tables that are used to group the instances of a tabular object (that is, an object that contains multiple variables). • Tables are composed of zero or more rows, which are indexed in a way that allows SNMP to retrieve or alter an entire row with a single Get, GetNext, or Set command.
MIB Object Attributes
• Syntax• Max-Access• Status
Criteria and Philosophy for standardized MIB
• Objects have to be uniquely named • Objects have to be essential • Abstract structure of the MIB needed to be universal • For the standard MIB maintain only a small number of objects • Allow for private extensions • Object must be general and not too device dependant • Objects can not be easily derivable from their objects • If agent is to be SNMP manageable then it is mandatory to implement the Internet MIB
SNPM Protocol Data Units (PDU)
Each SNMP message has the format
• Version Number • Community Name - kind of a password • One or more SNMP Protocol Data Unit (PDU) - assuming trivial authentication
SNPM Protocol Data Units (cont.)
The Simple Network Management Protocol has become the de facto standard for internetwork management. Because it is a simple solution, requiring little code to implement, vendors can easily build SNMP agents to their products. SNMP is extensible, allowing vendors to easily add network management functions to their existing products. SNMP also separates the management architecture from the architecture of the hardware devices, which broadens the base of multivendor support. Perhaps most important, unlike other so-called standards,SNMP is not a mere paper specification, but an implementation that is widely available today.
