270 likes | 461 Views
Poglavlje 9 Upravljanje mrežom. Computer Networking: A Top Down Approach Featuring the Internet , 3 rd edition. Jim Kurose, Keith Ross Addison-Wesley, July 2004. Ciljevi : Uvod motiva cija glavne komponente Okvir upravljanja mrežama na Internet -u MIB: baza upravljačkih informacija
E N D
Poglavlje 9Upravljanje mrežom Computer Networking: A Top Down Approach Featuring the Internet, 3rd edition. Jim Kurose, Keith RossAddison-Wesley, July 2004. Network Management
Ciljevi: Uvod motivacija glavne komponente Okvir upravljanja mrežama na Internet-u MIB: baza upravljačkih informacija SMI: data definition language SNMP: protokol za mrežni menadžment bezbednost i administracija prezentacioni servisi: ASN.1 Poglavlje 9: upravljanje mrežom Network Management
Šta je mrežni menadžment? Okvir Internet-standardnog menadžmenta Structure of Management Information: SMI Management Information Base: MIB SNMP Protocol Operations and Transport Mappings Bezbednost i administracija Abstract Syntax Notation 1 - ASN.1 Poglavlje 9 kratak pregled Network Management
Šta je mrežni menadžment? • autonomni sistemi (“mreže”): 100 ili 1000 međusobno povezanih hardversko/softverskih komponenti • različiti složeni sistemi zahtevaju monitoring, kontrolu: • avioni • nuklearne centrale • drugi? "Mrežni menadžmentuključuje razvijanje, integraciju i koordinaciju hardvera, softvera i ljudi da bi nadgledali, testirali, ispitivali, konfigurisali, analizirali, razvijali i kontrolisali mrežu i resurse, da bi ispunili u realnom vremenu performanse rada i zahteve kvaliteta servisa sa razumnim troškovima" Network Management
managing entity data data data data data agent agent agent agent Infrastruktura za upravljanje mrežom definicije: managing entity managed devicessadrže managed objectsčije podatke sakupljaju u Management Information Base (MIB) managed device network management protocol managed device managed device managed device Network Management
OSI CMIP Common Management Information Protocol projektovan 1980: unificira net management standard isuviše sporo standardizovan SNMP: Simple Network Management Protocol Internet korene (SGMP) startovan prosto razvijan, prilagođen rapidno veličina, kompleksnost trenutno: SNMP V3 de factostandard za mrežni menadžment Standardi mrežnog menadžmenta Network Management
Šta je mrežni menadžment? Okvir Internet-standardnog menadžmenta Structure of Management Information: SMI Management Information Base: MIB SNMP Protocol Operations and Transport Mappings Bezbednost i administracija ASN.1 Poglavlje 9 kratak pregled Network Management
SNMP pregled: 4 ključna dela • Management information base (MIB): • distribuira informacije skladištenja podataka mrežnog menadžmenta • Structure of Management Information (SMI): • data definition language za MIB objekte • SNMP protokol • prenosi manager<->managed object informacije, komande • security, administration sposobnosti • glavni dodatak u SNMPv3 Network Management
Purpose: syntax, semantics of management data well-defined, unambiguous base data types: straightforward, boring OBJECT-TYPE data type, status, semantics of managed object MODULE-IDENTITY groups related objects into MIB module SMI: data definition languagejezik za definiciju podataka Basic Data Types INTEGER Integer32 Unsigned32 OCTET STRING OBJECT IDENTIFIED IPaddress Counter32 Counter64 Guage32 Time Ticks Opaque Network Management
MODULE SNMP MIB MIB module specified via SMI MODULE-IDENTITY (100 standardized MIBs, more vendor-specific) OBJECT TYPE: OBJECT TYPE: OBJECT TYPE: objects specified via SMI OBJECT-TYPE construct Network Management
OBJECT-TYPE:ipInDelivers MODULE-IDENTITY:ipMIB SMI: Object, module primeri ipMIB MODULE-IDENTITY LAST-UPDATED “941101000Z” ORGANZATION “IETF SNPv2 Working Group” CONTACT-INFO “ Keith McCloghrie ……” DESCRIPTION “The MIB module for managing IP and ICMP implementations, but excluding their management of IP routes.” REVISION “019331000Z” ……… ::= {mib-2 48} ipInDelivers OBJECT TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION “The total number of input datagrams successfully delivered to IP user- protocols (including ICMP)” ::= { ip 9} Network Management
MIB primer: UDP modul Object ID Name Type Comments 1.3.6.1.2.1.7.1 UDPInDatagrams Counter32 total # datagrams delivered at this node 1.3.6.1.2.1.7.2 UDPNoPorts Counter32 # underliverable datagrams no app at portl 1.3.6.1.2.1.7.3 UDInErrors Counter32 # undeliverable datagrams all other reasons 1.3.6.1.2.1.7.4 UDPOutDatagrams Counter32 # datagrams sent 1.3.6.1.2.1.7.5 udpTable SEQUENCE one entry for each port in use by app, gives port # and IP address Network Management
SNMP Naming question:kako dati ime svakom mogućem standardnom objektu (protokol, podaci, ...) u svakom mogućem mrežnom standardu?? answer: ISO - Object Identifier tree - stablo identifikacije objekata: • hijerarhijski naming svih objekata • svaka grana ima ime i broj 1.3.6.1.2.1.7.1 udpInDatagrams UDP MIB2 management ISO ISO-ident. Org. US DoD Internet Network Management
OSI Stablo identifikacije objekata Check out www.alvestrand.no/harald/objectid/top.html Network Management
request managing entity managing entity data data agent agent SNMP protokol Dva načina da se prenesu MIB informacije, komande: trap msg response Managed device Managed device request/response mod trap mod Network Management
SNMP protokol: tipovi poruka Function Message type GetRequest GetNextRequest GetBulkRequest Mgr-to-agent: “get me data” (instance,next in list, block) InformRequest Mgr-to-Mgr: here’s MIB value SetRequest Mgr-to-agent: set MIB value Agent-to-mgr: value, response to Request Response Agent-to-mgr: inform manager of exceptional event Trap Network Management
SNMP protokol: formati poruka Network Management
SNMP bezbednosti administracija • encryption: DES-enkripcija SNMP poruke • authentication: compute, send MIC(m,k): compute hash (MIC) over message (m), secret shared key (k) • protection against playback: use nonce • view-based access control • SNMP entity održava bazu podataka prava pristupa, politike za različite korisnike • samoj bazi podataka je moguće pristupiti kao upravljanom objektu! Network Management
Poglavlje 9 kratak pregled • Šta je mrežni menadžment? • Okvir Internet-standardnog menadžmenta • Structure of Management Information: SMI • Management Information Base: MIB • SNMP Protocol Operations and Transport Mappings • Bezbednost i administracija • Problem prezentacije: ASN.1 Network Management
a 00000011 00000001 a 00000001 00000011 Problem prezentacije Q: da li savršeno memory-to-memory kopiranje rešava “komunikacioni problem”? A: ne uvek! struct { char code; int x; } test; test.x = 256; test.code=‘a’ test.code test.x test.code test.x host 2 format host 1 format problem:različiti formati poruka, konvencije skladištenja Network Management
Problem prezentacije iz realnog života grandma 2004 teenager aging 60’s hippie Network Management
Problem prezentacije: potencijalna rečenja 1. Sender learns receiver’s format. Sender translates into receiver’s format. Sender sends. • real-world analogy? • pros and cons? 2. Sender sends. Receiver learns sender’s format. Receiver translate into receiver-local format • real-world-analogy • pros and cons? 3. Sender translates host-independent format. Sends. Receiver translates to receiver-local format. • real-world analogy? • pros and cons? Network Management
Rešavanje problema prezentacije 1. Translate local-host format to host-independent format 2. Transmit data in host-independent format 3. Translate host-independent format to remote-host format aging 60’s hippie 2004 teenager grandma Network Management
ASN.1: Abstract Syntax Notation 1 • ISO standard X.680 • veoma se koristi na Internet-u • like eating vegetables, knowing this “good for you”! • definisani tipovi podataka, konstruktori objekata • like SMI • BER: Basic Encoding Rules • određuju kako su ASN.1-definisani objekti podataka koji treba da se prenose • svaki objekat koji treba da se prenese ima Type, Length, Value (TLV) encoding Network Management
TLV Encoding Idea: transmitted data is self-identifying • T: data type, one of ASN.1-defined types • L: length of data in bytes • V: value of data, encoded according to ASN.1 standard Tag ValueType Boolean Integer Bitstring Octet string Null Object Identifier Real 1 2 3 4 5 6 9 Network Management
TLV encoding:primer Value, 259 Length, 2 bytes Type=2, integer Value, 5 octets (chars) Length, 5 bytes Type=4, octet string Network Management
mrežni menadžment ekstremno važan: 80% mrežnih “troškova” ASN.1 za opis podataka SNMP protokol kao alat za dopremanje informacija Mrežni menadžment: više umetnost nego nauka šta da se izmeri/nadgleda kako da se odgovori na greške? Upravljanje mrežom: zaključak Network Management