Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Computer network wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Distributed firewall wikipedia , lookup
Network tap wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Airborne Networking wikipedia , lookup
Automated Management of Large IP Networks Introduction Context Options Solution Conclusions Automated Management of Large IP Networks [email protected] [email protected] Terena Networking Conference 2007 21-24 May 2007, Copenhagen, Denmark Automated Management of Large IP Networks Introduction Context Options Solution Conclusions Introduction Context Choosing Options Our Solution Conclusion Automated Management of Large IP Networks Introduction Context Options Solution Conclusions Today Large IP Networks tend to be... Fast growing Heterogeneous Difficult to maintain Difficult to control So a new concept arises: “Network Growth Sustainability” Automated Management of Large IP Networks Introduction Context Options Solution Conclusions A “Sustainable Growing Network” would... Reuse rather than buy new hardware Recycle rather than enlarge the IP address pools or maintain inactive addresses or devices Reduce the incident handling time Automated Management of Large IP Networks Introduction Context Options Solution Conclusions And answer questions like... In a full switch stack, can I recycle a port and give service to a new network jack without having to enlarge the stack? Which is the port that has been for longer unused? Who is the owner of this fake (DHCP) server? Can I quarantine it from my management console? Where has been connected this node with a (default router) duplicate address? What is the L2 traceroute of a given MAC address? Who is the owner of this node that 10 days ago generated a security incident I’m processing now? Automated Management of Large IP Networks Introduction Context Options Solution Conclusions But let me not to spend my time... On routine tasks like registering a new node in the network (let the user self service it) Searching through bridge tables to find in which port is a problematic MAC address Following the wires in the wiring closet Moving stations from one subnet to another Calling my users to find out who is the owner of that 10 days ago incident machine Automated Management of Large IP Networks Introduction Context Options Solution Conclusions We wanted to apply this philosophy to our network whose main traits are: Centralized Network Management… But not access to user nodes Multi brand multi generation hardware +700 Network Switch or Router nodes all of them SNMP enabled +14.000 User Network Ports +420 L2-L2 links Public and static DHCP served addressing +10.000 User Network Nodes Automated Management of Large IP Networks Automated Management of Large IP Networks Introduction Context Options Solution Conclusions Are there “Sustainable” Products in the Market? Network Infrastructure oriented (like HP Openview) IP Inventory oriented (like ALM) “NAC” type oriented (like CISCO’s NAC or Enterasys UPN) No one met our requirements but… Automated Management of Large IP Networks Introduction Context Options Solution Conclusions Promising free software + The will to develop = Automated Management of Large IP Networks Solution -> Objectives Products Own Development Snapshot Main Objectives Better service time on user network related tasks: automated self service To keep an Up-to-date Inventory Have all the information for keeping the network growing sustainable Automated Management of Large IP Networks Solution -> Objectives Products Own Development Snapshot For better service time on user node network tasks Change management procedures on DNS and DHCP services User-centred approach self service Automated Management of Large IP Networks Solution -> Objectives Products Own Development Snapshot Build Network Management upon Sauron.. GPL licensed product for integrated management of DNS and DHCP services provided by Jyväskylä University (Finland) http://sauron.jyu.fi/ Automated Management of Large IP Networks Solution -> Objectives Products Own Development Snapshot Sauron Openet used Features Network Services Database Oriented ISC configuration files generation IP Address Space Statistics Command line Interaction Subnets Movement Massive Import Tools Automated Management of Large IP Networks Solution -> Objectives Products Own Development Snapshot To keep an up-to-date Inventory... We needed a multi-brand multi-generation network monitor platform Automated Management of Large IP Networks Solution -> Objectives Products Own Development Snapshot To Build a real time inventory using Netdisco Open Source product BSD licensed for network management and control originally developed by Max Baker on UC Santa Cruz's NTS department http://www.netdisco.org Automated Management of Large IP Networks Solution -> Objectives Products Own Development Snapshot Netdisco Openet used Features Active inventory of network nodes IP Address – MAC Address – Switch Port Network equipment Inventory Topology History Changes Registry Node search Auto-Discovery functions Automated Management of Large IP Networks Solution -> Objectives Products Own Development Is it enough ? Active and Static Data, But Automated ? Snapshot Automated Management of Large IP Networks Solution -> Objectives Products Own Development Snapshot What is missing? Infrastructure Inventory Relation Process Automation Reporting Alarm management Geographic Location Automated Management of Large IP Networks Solution -> Objectives Products Own Development Snapshot What do we have to keep in our Inventory: For every Network Node its Responsible User For every Network Node its Network Switch Port where it’s connected For every Network Switch its Geographic Location 2004 Change History 2007 Automated Management of Large IP Networks Solution -> Objectives Products Own Development Snapshot Infrastructure Inventory relation... Network Declared Inventory Nodes Network Discovered Nodes The more both sources match, the better Automated Management of Large IP Networks Solution -> Objectives Products Own Development Snapshot Component Relation IT Personnel Management and Control Console Self Service Module Staff Inventory Module DNS/DHCP Active Inventory Module Automated Management of Large IP Networks Solution -> Objectives Products Own Development Snapshot Self Service Module User delegated actions Automated Management of Large IP Networks Solution -> Objectives Products Own Development Snapshot Management and Control Module offers Visible Services - Controlled Transparent Networks Devices, Port Control, AutoInventory, Innactive Hosts, xSubnet Reports, Infraestructure Relation, Innactive Ports, ,Users-Host Relation, Multihost Ports, Autoranges New Installations Automated Management of Large IP Networks Automated Management of Large IP Networks Solution -> Objectives Products Own Development Snapshot A final snapshot... Active Inventory Front-End Back-End Cron Static Inventory SNMP::Info Netdisco Shared Library Apache Web Server Cron Sauron Mason Components Database Database Admin Daemon DHCP Switches and Routers IT Staff Management Module Users Database BIND Automated Management of Large IP Networks Introduction Context Options Solution Conclusions After one year using Openet... More control and happier users Better response time on (security) incidents Network resource optimization Network Topology and Inventory Up-to-date We have now a “Sustainable Growing Network” Automated Management of Large IP Networks Introduction Context Options Solution Conclusions Thank you for your attention! Any question? +Info [email protected] [email protected] [email protected]