500 likes | 967 Views
Understanding Network Management Standards. Internet Standards Network Management Standards Reading a MIB MIB-2 SNMP RMON other Standard MIBs. Internet Standard. All internet standards are written in the form of request for comments (RFCs) Relating organization
E N D
Understanding Network Management Standards • Internet Standards • Network Management Standards • Reading a MIB • MIB-2 • SNMP • RMON • other Standard MIBs
Internet Standard • All internet standards are written in the form of request for comments (RFCs) • Relating organization • IETF(Internet Engineering Task Force) • IAB(Internet Activities Board) • IRTF(Internet Research Task Force) • NIC(Network Information Center) • States becoming a standard • Preliminary draft • Proposed standard • Draft standard • Full Standard • ftp.nctu.edu.tw/Documents/internet/rfc
Network Management Standards • MIB( Management Information Base) -structured databases of information that physical located on a Network Device • SNMP(Simple Network Management Protocol)-a communication protocol for accessing the information between station and agent
MIB • concisely defined databases of information That characterize the functional and operational aspects of a network device • contain objects for each functional aspect of a network device that needs to be managed. • Provide the common view and structure of management capabilities shared between the management application and network device’s agent • Some MIBs are vendor-specific and other are common (Figure 2.1)
Common MIBS • Giving the network manager a consistent mechanism to manage a network device regardless of its vendor • MIB2 - a common TCP/IP-base database of information that many network devices support • RMON(Remote Network Monitoring) - Provides statistical and diagnostic “information”in distributed mode that minimizes network data traffics and services many stations simultaneously ; limited in layer 2 data. • RMON2( Remote Network Monitoring Version 2 ) extends RMON by providing management at layer 3 ( IP, ARP, IPX or Apple Talk ) or above ( e-mail or WWW access )
The Structure of Management Information Standard • RFC 1155 defines the structure of Management Information (SIM) • SIM presents a global tree structure for management information Original conventions, syntax, and rules for building MIBs (Fig 2.2) • RFC1212 concise description of the SMI data representation mechanism. • All MIB object have a unique object identifier(OID) • composed of a series of dot-separated positive integer(0..255) • define the object position within a global tree • the top of the SMI tree (iso(1), org(3), dod(6), internet(1), mgmt(2) or 1.3.6.1.2)
The SNMP Standard • RFC 1157 defines the SNMP used between management stations and agents • Provides network access protocol to all MIB Objects supported by a network devices • polling the device in order to check for key device states. • Set operational characteristics of a device • receive event notification for important device state change that many require management attention
All SNMP-based management data are encoded and interpreted based on MIBs defined using the SMI (RFC 1155 , 1212 ) • The Actual data going across the wire are Encoded in a subset of Abstract Syntax Notation One (ASN.1 ) • ASN.1(Abstract Syntax Notation One) • a formal language developed and standardized by CCITT and ISO • used to define abstract syntaxes of application data • used to define management information base for both SNMP and OSI system management • Reference : SNMP, SNMPv2 and RMON William Stallings Addision Wesley • Fig. 2.3
The MIB-2 Standard • RFC 1213 defines MIB-2 • MIB2 is the MIB for SNMP and widespread within the internet • Provides a core set of standard common management data across many diverse network devices and can be interpreted identically in order to compare fairly • Fig. 2.4
Reading a MIB • Determining the object identifier within the global MIB tree (Table 2.2) • Other object attributes • Syntax: datatype of the object • Access: define read/ write limitation • Status : Status of object(mandatory, optional, obsolete or deprecated • Description: a textual description of the object
Scalar and Tables • Scalar - only one instance of a given scalar object within many network device (append a “0” to the end of object identifier when using SNMP) • Tables • network device has several instances of the same object (Ex ifTable within the interface group) (Table 2.4) • INDEX and SEQUENCE are used for specifying tables (Table 2.5 , 2.6, 2.7)
Common Datatypes • Integer • Octet String • Display String • Object Identifier • Object Descriptor • Sequence • Ipaddress • Counter • Gauge • Time Ticks
MIB-2 Functional Areas • System contains general information about a network device • sysDescr -- a textual string description for the network device • sysObject ID -- indicates a vendor-specific identification of the network device • sysUpTime -- the time from the network device was booted (hundredths of a second) • sysContact -- containing the name of the person responsible for the network device (textual string) • sysName -- represents a name for the network device (textual string) • sysLocation --represents where the network device is locate (textual string) • sysServices -- tells which layers the network device support (integer)
Interfaces contains both a row of information for each of a network device’s interfaces and a count of these rows (ifNumber), ifSpeed, ifType, ifOperStatus, ifError • IPcontains information useful to manage a network device at layer 3 (ipRouteTable, ipNetToMediaNetAddress) • ICMPcontains information useful for monitoring the ICMP protocol; packet counts and error rates are included (icmpInErrors, icmpInDestUnreachs) • TCPcontains information useful for managing TCP(tcpConnTable, tcpConnState)
UDP contains information useful for managing UDP protocol (udpInDatagrams, udpInErrors) • EGP Contains information useful for managing the Exterior Gateway Protocol(EGP) (egpNeighTable, egpNeighState) • Transmission contains information based on transmission media underlying each interface on a system • SNMP contains useful information for SNMP accounting (snmpInPkts, snmpOutPkts, snmpInSetRequests, snmpInTooBigs)
What is SNMP • The management protocol that facilitates communication stack using well-known port number 161(normal),162(trap) ; over IPX using 36879 and 36880 • five operations for SNMPv1 • set , get , getnext, set or get response , trap • There are currently two Versions of SNMP : SNMPv1 and SNMPv2
SNMP data interpretation • Each with its own PDU ( Protocol Data Units ), contains SNMP header , information for authentication ; Variable Binding Lists (VBLs ), structures used to package a bunch of objects into request • The datatypes and associated coded values for manageable objects are stored in MIBs that provide a common repository describing device attributes
MIBs are used by both the agent and the management station. The MIB Revisions must be carefully synchronized between the agent and the management station.
SNMPv1 Community Strings • SNMPv1 authentication relies on community strings contain within the packet header. • The read community string enables read access to a network device’s Objects • The write community string enables both read write access to a network device’s object • These community strings pass through the network without any encryption ; then provide only weak authentication.
SNMPv1 Traps • There are six “generic”trap types and one more for enterprise-specific trap • coldStar • warmStar • linkDown • linkUp • authenticationFailure • egpNeighborLoss • enterpriseSpecific
SNMPv1 Errors • NoError ( code 0 ) • tooBig (code 1) • NoSuchName (code 2) • badValue (code 3) • readOnly (code 4) • genErr(code 5)
SNMP Request • Three request PDU types : GET, SET, GETNEXT • Operating procedure • pack the PDU • sent out the packet with providing IP address • Normally, a return “request-response”will sent back. May be Time-out by management station if it takes too long to Return
GET and GETNEXT - management station unpack VBL and retrieve the values for request • SET • agent unpack PDU then setting new values. • After setting objects, the agent reads the values and stuffs the read values into VBL for validation by the setter. • Management station unpack the return PDU and validate the value has been set correctly.
SNMPv2 New Features • Security • Bulk operations • New Trap Format • Manager to Manager Communications • New 64-bit Data Type • Improved GET
What is RMON ? • RMON ( Remote Network Monitoring ) is a major extension to MIB-2 • MIB-2 collects raw data v.s ROMN collects statistics through formulas • RMON divides data collection into two parts • RMON agent ( probe ) collects data on a segment near the device • embedded within the network device • Management stations talk to the RMON agent ( Using SNMP )rather than talking directly to the network device
This design facilitates data sharing among multiple-management stations • Collection would still proceed as long as the probe is connected to the network it is monitoring when management station loses connection to the probe
Having RMON support embedded in the switch • embedded RMON at each port • advantage : • can manage each switched port • disadvantage : • only a few groups can be provided because the calculations are processor-intensive
Function Areas • Statistics provides key statistics for specific media types • History provides control for periodic statistical sampling • Alarm provides event generation when periodic statistical samplings exceed defined thresholds • Host provides statistics about source and destination MAC addresses seen in the network • HostTopN provides a list of rate-based statistics pertaining to a group of hosts
Matrix provides statistics about conversations between any two MAC addresses • Filterprovides the ability to filter out packets that satisfy a given filter equation • Packet Captureenables the capture of packets based on a filter equation • Eventprovides the ability to generate and log events • Token Ringprovide four additional parameters for Token-Ring network : Ring Station, Ring Station Order, Ring Station configuration and Source Routing Statistics
RMON Design • Offline Operation • Proactive Monitoring • Problem Detection and Reporting • Value Added Data • Multiple Managers
Using RMON in a Switched Environment • Roving RMON capability within a switch • the probe can attach to a port • automatically rove to the next port • advantage : • get support for all groups • no impact on the performance of the switch • disadvantage : • must give a port • base on sampling, not on dedicated monitoring
What is RMON2 ? • RMON2 extends RMON by providing management at layer 3 and above • Enables monitoring of network layer traffic ( for example IP, ARP, IPX, or Apple Talk ) • Enables monitoring application-level traffic (for example notes, e-mail, or WWW access ) • The RMON2 draft extends RMON with the following ten groups :
RMON2 ten new groups • Protocol directory provides a list of protocols that the probe can support • Protocol distribution provides a breakdown of octets and packets for each of the protocol detected • Address mapping provides inventory of MAC to network address bindings inventory • Network layer host counts traffic in both directions for each network address discovered by the probe
Network layer matrix counts traffic sent between pairs of network addresses • Application layer host counts traffic in both directions by protocol for each network address • Application layer matrix counts traffic by protocol sent between pairs of network addresses • User history uses alarm and history group mechanisms to provide user-specific history collection
Probe configurationprovides standard mechanism to configure the various operating parameters of a probe • RMON conformance describes the requirements for conforming with the RMON2 MIB