1 / 105

Chapter 13 Network Management Applications

Chapter 13 Network Management Applications. Network and Systems Management. Management Applications. OSI Model Configuration Fault Performance Security Accounting Reports Service Level Management Policy-based management. Configuration Management. Network Provisioning

hop
Download Presentation

Chapter 13 Network Management Applications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 13Network Management Applications

  2. Network and Systems Management

  3. Management Applications • OSI Model • Configuration • Fault • Performance • Security • Accounting • Reports • Service Level Management • Policy-based management

  4. Configuration Management • Network Provisioning • Inventory Management • Equipment • Facilities • Network Topology • Database Considerations

  5. Network Provisioning • Network Provisioning • Provisioning of network resources • Design • Installation and maintenance • Circuit-switched network • Packet-switched network, configuration for • Protocol • Performance • QoS • ATM networks

  6. Network Topology • Manual • Auto-discovery by NMS using • Broadcast ping • ARP table in devices • Mapping of network • Layout • Layering • Views • Physical • Logical

  7. Network Topology Discovery 163.25.145.0 163.25.146.0 140.112.8.0 140.112.6.0 163.25.146.128 163.25.147.0 140.112.5.0 192.168.12.0 192.168.13.0

  8. Discovery In a Network • What to be discovered in a network ? • Node Discovery • The network devices in each network segment • Network Discovery • The topology of networks of interest • Service Discovery • The network services provided • NetworkTopology Discovery • Network Discovery + Node Discovery

  9. Node Discovery • Node Discovery • Given an IP Address, find the nodes in the same network. • Two Major Approaches: • Use Ping to query the possible IP addresses. • Use SNMP to retrieve the ARP Cache of a known node.

  10. Use ICMP ECHO • Eg: IP address: 163.25.147.12 Subnet mask: 255.255.255.0 • All possible addresses: • 163.25.147.1 ~ 163.25.147.254 • For each of the above addresses, use ICMP ECHO to inquire the address • If a node replies (ICMP ECHO Reply), then it is found. • Broadcast Ping

  11. Use SNMP • Find a node which supports SNMP • The given node, default gateway, or router • Or try a node arbitrarily • Query the ipNetToMediaTable in MIB-II IP group (ARP Cache) ipNetToMediaPhysAddress ipNetToMediaType ipNetToMediaIfIndex ipNetToMediaNetAddress 1 00:80:43:5F:12:9A 163.25.147.10 dynamic(3) 2 00:80:51:F3:11:DE 163.25.147.11 dynamic(3)

  12. Network Discovery • Network Discovery • Find the networks of interest with their interconnections • Key Issue: • Given a network, what are the networks directly connected with it ? • Major Approach • Use SNMP to retrieve the routing table of a router.

  13. Default Router Routing table

  14. Mapping of network

  15. Traditional LAN Configuration Physical Logical

  16. Virtual LAN Configuration Physical Logical

  17. Fault Management • Fault is a failure of a network component • Results in loss of connectivity • Fault management involves: • Fault detection • Polling • Traps: linkDown, egpNeighborLoss • Fault location • Detect all components failed and trace down the tree topology to the source • Fault isolation by network and SNMP tools • Use artificial intelligence / correlation techniques • Restoration of service • Identification of root cause of the problem • Problem resolution

  18. Performance Management • Tools • Protocol analyzers • RMON • MRTG • Performance Metrics • Data Monitoring • Problem Isolation • Performance Statistics

  19. Performance Metrics • Macro-level • Throughput • Response time • Availability • Reliability • Micro-level • Bandwidth • Utilization • Error rate • Peak load • Average load

  20. Traffic Flow MeasurementNetwork Characterization Four levels defined by IETF (RFC 2063)

  21. Network Flow Measurements • Three measurement entities: • Meters gather data and build tables • Meter readers collect data from meters • Managers oversee the operation • Meter MIB (RFC 2064) • NetraMet - an implementation(RFC 2123)

  22. Data Monitoring and Problem Isolation • Data monitoring • Normal behavior • Abnormal behavior (e.g., excessive collisions, high packet loss, etc) • Set up traps (e.g., parameters in alarm group in RMON on object identifier of interest) • Set up alarms for criticality • Manual and automatic clearing of alarms • Problem isolation • Manual mode using network and SNMP tools • Problems in multiple components needs tracking down the topology • Automated mode using correlation technology

  23. Performance Statistics • Traffic statistics • Error statistics • Used in • QoS tracking • Performance tuning • Validation of SLA (Service Level Agreement) • Trend analysis • Facility planning • Functional accounting

  24. Event Correlation Techniques • Basic elements • Detection and filtering of events • Correlation of observed events using AI • Localize the source of the problem • Identify the cause of the problem • Techniques • Rule-based reasoning • Model-based reasoning • Case-based reasoning • Codebook correlation model • State transition graph model • Finite state machine model

  25. Rule-Based Reasoning

  26. Rule-Based Reasoning • Knowledge base contains expert knowledge onproblem symptoms and actions to be taken if  then condition  action • Working memory contains topological and stateinformation of the network; recognizes system going into faulty state • Inference engine in cooperation with knowledge base decides on the action to be taken • Knowledge executes the action

  27. Rule-Based Reasoning • Rule-based paradigm is an iterative process • RBR is “brittle” if no precedence exists • An exponential growth in knowledge base poses problem in scalability • Problem with instability if packet loss < 10% alarm green if packet loss => 10% < 15% alarm yellow if packet loss => 15% alarm red • Solution using fuzzy logic

  28. Configuration for RBR Example

  29. RBR Example

  30. Model-Based Reasoning

  31. Model-Based Reasoning • Object-oriented model • Model is a representation of the component it models • Model has attributes and relations to other models • Relationship between objects reflected in a similar relationship between models

  32. MBR Event Correlator Example: Hub 1 fails Recognized by Hub 1 model Hub 1 model queries router model Router model declares no failure Router model declares failure Hub 1 model declares Failure Hub 1 model declares NO failure

  33. Case-Based Reasoning

  34. Case-Based Reasoning • Unit of knowledge • RBR rule • CBR case • CBR based on the case experienced before; extend to the current situation by adaptation • Three adaptation schemes • Parameterized adaptation • Abstraction / re-specialization adaptation • Critic-based adaptation

  35. CBR Parameterized Adaption

  36. CBR: Abstraction / Re-specialization

  37. CBR: Critic-Based Adaptation • Human expertise introduces a new case

  38. CBR-Based CRITTER

  39. Codebook Correlation Model:Generic Architecture

  40. Codebook Correlation Model • Yemini, et.al. proposed this model • Monitors capture alarm events • Configuration model contains the configuration of the network • Event model represents events and their causalrelationships • Correlator correlates alarm events with event model and determines the problem that caused the events

  41. Codebook Approach • Correlation algorithms based upon coding approach to event correlation • Problem events viewed as messages generated by a system and encoded in sets of alarms • Correlator decodes the problem messages to identify the problems

  42. Two phases of Codebook Approaches • Codebook selection phase: Problems to be monitored identified and the symptoms theygenerate are associated with the problem.This generates codebook (problem-symptom matrix) 2. Correlator compares alarm events with codebook and identifies the problem.

  43. Causality Graph

  44. Labeled Causality Graph • Ps are problems and Ss are symptoms • P1 causes S1 and S2 • Note directed edge from S1 to S2 removed; S2 is caused directly or indirectly (via S1) by P1 • S2 could also be caused by either P2 or P3

  45. Codebook • Codebook is problem-symptom matrix • It is derived from causality graph after removing directed edges of propagation of symptoms • Number of symptoms >= number of problems • 2 rows are adequate to identify uniquely 3 problems

  46. Correlation Matrix • Correlation matrix is a reduced codebook

  47. Correlation Graph

  48. State Transition Model

  49. State Transition Model Example

More Related