580 likes | 739 Views
ICmyNet.IS - Networking Information and Monitoring System. Content. Concepts Features Monitoring elements Tools Use cases Further development. Architecture and User Interface. Java platform Linux web application server MySQL/PostgreSQL database backend Client access
E N D
Akademska mreža Srbije www.amres.ac.yu Content • Concepts • Features • Monitoring elements • Tools • Use cases • Further development
Architecture and User Interface Java platform Linux web application server MySQL/PostgreSQL database backend Client access Web Interface - typical user access Standalone client application
Web Interface Independent to OS Web browser – IE, Mozilla Typical usage View and Edit modes
Standalone client application Independent to OS Efficient GUI advanced system configuration Java web-start technology – RMI Automatic download up-to-date software from server, local execution Clients communicate with web server only, no direct access to DB Simplifies technical maintenance and support
Note Keeps arbitrary text data Saving certain information connected to the parent element Example: for Devices - history of comments about hardware changes, distributor of the device, period of guarantee, reaction procedure in the case of network problem etc. for Locations – description of the presented organization for Users – CVs for Ports - troubleshooting procedures in case of failure
User People in charge (helpdesk, administrator, operator, contact, email) Relevant information (name, address, telephone) NetIIS user usernames and passwords Permissions for access to the system – read and write Predefined users: guest – access public data with read permission, no password required administrator – full read/write access to data and all tools
User User Group User and User group
Networking information system Presents all objects from the external world in the most efficient and easily understood way Hierarchically organised and presented by a tree Basic elemets: Folder Location Device Port
Monitoring System Passive and active monitoring the network status – status of devices, ports, links, services Performs: Performance measurement Failure notification Configured on Devices or Ports and in that context are executed
Monitor Permanently and periodically observes the status of the computer network Defined within devices or ports as their children Typical presentation - putting monitors in groups Monitor types: Traffic monitor Port monitor SNMP monitor ping monitor service monior (nagios plug-ins) external monitor
RRD Chart MRTG like chart Arbitrary time frame Defined under the Monitors Purpose: Measures the values of the monitor during a period of time Shows the chart for a chosen period of time
Alarm Defined under the Monitors Compares values of the monitor within given thresholds Alarm activation in the case of criteria fulfilment Can execute the given notification action Two general types Bad Alarm (connection failure) Good Alarm (link recovery) Critical levels in the range from -10 to +10.
Action Action is adjoined to certain Alarms Define in which way the NetIIS system is going to react in the case of alarm activation. There are 2 types of action: E-Mail Action - sends e-mail messages to a certain user or user groups SMS Action - sending SMS messages to a certain user or user groups. Defining messages of arbitrary content that are sent with other parameters connected to adhered alarms and monitor Default Action is notification in the Event log
Traffic Monitor Predefined SNMP monitor under Port object Measures data traffic through the network interface Variables: var(1) and var(2) - Bytes per sec var(3) and var(4) - bits per sec RRD Chart for var(3) and var(4) Input traffic - green colour Output traffic - blue colour Alarms can be set up to react to certain traffic intensity.
Ping Monitor Defined under Device object Executes native ICMP ping service towards this device Measures the results of ping command 6 variables for packet delay and percentage of lost packets • Includes two RRD Chart objects • Ping Delay - measures the minimum and maximum delay of ping packets (var(1) and var(2)) • Ping Loss - measures the percentage of lost packets (var(6)) • Alarms for the Ping Loss percentage
Port Monitor Predefined SNMP monitor under Port object Observes administrative and operational status of the network interfaces var(1) – administrative status (1.3.6.1.2.1.2.2.7) var(2) – operational status (1.3.6.1.2.1.2.2.8) Children: RRD Chart related to administrative and operational statuses Alarms related to the operational status Good Alarm – "var(2) == 1". Message: "Link is UP" BadAlarm –"var(2) != 1". Message is: "Link is DOWN“ Mail action is configured on Alarms with the same message.
Port Monitor Net Trap support Router A Router X DOWN
Ping and Port Monitors usage Router B Packet Loss = 0 % DOWN UP Router A Router X
Pre-defined SNMP Monitors Pre-defined and often used SNMP Monitors are: Packets Monitor BGP Monitor CPU Load Monitor System Memory Monitor
Packet Monitor Measures packets flow on the interface in a similar way to Traffic Monitor Useful in the case of detecting anomalies in the network traffic In the case of DoS attack or an attempt of virus expansion on the network, the network traffic (in bps) does not have to rise, but it will increase the number of packets Two variables: Var(1) - Interface In Packets (unicast) OID= .1.3.6.1.2.1.2.2.1.17 Var(2) - Interface Out Packets (unicast) OID= .1.3.6.1.2.1.2.2.1.18 Unit: Packets per second RRD can be attached to the Monitor
BGP Monitor Measures the status of BGP sessions Monitor in variable var(1) returns the current status of the session with certain peer. OID suffix is required - IP address of the BGP peer .1.3.6.1.2.1.15.3.1.16.147.91.0.112 RRD Chart assigned
CPU Usage Monitor Three variables, the processor utilization in time intervals of 5s, 1min and 5min Correspondent OID’s are not standardised, they are specified exclusively for Cisco devices and belong to the MIB hierarchy of the Cisco Systems RRD Chart refers to the variable var(2), for processor utilization in the time interval of 1min
System Memory Monitor Measures more variables, specified exclusively for Cisco devices Requests input of suffixes to the defined OIDs Processor memory - suffix .1 interface memory - suffix .2, .3 or even higher value RRD Chart refers to variables var(4) and var(8), for the memory usage in percentage.
Report Selected SNMP variables shown predefined table Executed on the user’s request (on-demand) Recognizes existing monitors and charts
Group Serves for grouping other objects for joint presentation in certain form Objects are grouped by creating shortcuts Objects can be assigned to a number of groups. One group can contain other groups Group types: Simple Group (default) - showing elements in a table format Graph - graphical presentation of the topology Looking Glass - joins devices that enable remote command execution - Looking Glass functionality
Data hierarchy Setup process
Link hierarchy Network topology
Link hierarchy Network topology
AutoDiscovery AutoDiscovery function aims: Easing the initial database population Updating - topology, new devices and relevant data AutoDiscovery types: Device Attributes Discovery – system data Ports Discovery - interfaces data CDP Neighbours Discovery – likn topology Layer 3 Hosts Discovery – ARP table Discovery on hop-by-hop basis Better overview and control over the process No retrieval of the entire network Possibility of clear database organisation in the system
AutoDiscovery Lokacija 1 Ruter 1 Lokacija A Serial 0 Serial 0 Serial 1 Router A Serial 1 M M PC1 PC5 Ruter A PC2 PC4 Ruter B PC3 Ruter C Ruter A1 Ruter D Ruter A2 Ruter A3 Ruter A3 Lokacija A3 • Model • Warranty • Contract number • …
Other Concepts Repository inactive predifined objects Recycle Bin deleted objects Tools Event Log Alerts Chart viewer SLA reports Search panel
Alerts Current alerts (active alarms)
SLA report Service Availability Statistics
Use case corporate network example