Download Rudimentary NMS Software Components (Chapter 7)

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
page
52
page
53
page
54
page
55
page
56
page
57
page
58
page
59
page
60
page
61
page
62
Document related concepts

Computer network wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Wireless security wikipedia , lookup

Deep packet inspection wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Airborne Networking wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Distributed firewall wikipedia , lookup

Network tap wikipedia , lookup

Green Dam Youth Escort wikipedia , lookup

Multiprotocol Label Switching wikipedia , lookup

Quality of service wikipedia , lookup

Transcript 
SNMPv3 and Network
Management
Chapter 2
Network Management, MIBs, and MPLS
Stephen B. Morris
Copyright 2003. Pearson Education Inc., Publishing as Prentice Hall PTR. All rights reserved.
Visit the companion Web site at http://authors.phptr.com/morris/
Revised Spring 2006
SNMPv3 and Network
Management
1
1
Overview
The purpose of this particular lesson is to familiarize you
with the message structure and encryption methods of
SNMPv3.
Revised Spring 2006
Rudimentary NMS Software
Components
2
Structure

Provides modular structure that is flexible

Complements trend toward component technology

Engine and a collection of applications

Dispatcher and message, security, and access control subsystems
Has

Has four subcomponents


two main components
Subcomponents service versions one through three
Important facts to remember about engine subcomponents


Can hand off msg processing to each other as required
Are themselves extensible entities
Revised Spring 2006
SNMPv3 and Network
Management
32
Applications

Currently five SNMPv3 apps defined
Cmd generators create msgs
 Cmd responders respond to msgs
 Notification originators send trap or inform msgs
 Notification receivers receive and processs trap or inform msgs
 Proxy forwarders forward messsages between SNMP entity components


v3 framework allow room for additional apps
Revised Spring 2006
SNMPv3 and Network
Management
43
Message Formats
Security Model Data
Common Data
Msg Version
MsgID
MaxMsgSize
MsgFlags
MsgSecurity

General
EngineID
EngineBoots
EngineTime
UserName
Authentication
MD5 Digest
or
SHA Digest
Context
Privacy
DES Key
ContextID
ContextName
PDU
PDU Types
Msg format is broken down into four overall sections




Common data: occur in all SNMPv3 msgs
Security model data: three subsections-one general, one authentication,
and one privacy data
Context: two fields used to provide correct context in which PDU should
be processed
PDU: contains a v2 PDU

Encrypted or plain text1
Revised Spring 2006
SNMPv3 and Network
Management
54
Message Formats

First field in SNMP msg is the MsgVersion


MsgID used between two entities for msg correlation



The number shown indicates version
Similar IDs should not be used simultaneously
Msg should time out or be answered before the ID is used again
PDU has a request ID field


No longer used since encryption is an option under v3
MsgID now found in the unencrypted header
Revised Spring 2006
SNMPv3 and Network
Management
65
Message Formats

MsgID also allow discernment between duplicate msgs


MaxMsgSize




Supported by sender of msg
Largest packet that transport protocol can carry without having to use
fragmetation
Receiver of msg uses info to ensure its reply is within allowed size range
MsgFlags


Underlying datagram services duplicate msgs
1 byte long: determines authentication and privacy settings for the msg
 Indicates if msg requires response
The security subsystem handles processing of this section
Revised Spring 2006
SNMPv3 and Network
Management
77

MsgSecurity

Message Formats
An integer object that determines security setting associated with the
msg
0 reserved for any and 1-3 correlates to SNMP versions 1-3
 4-255 reserved for standards-track security models
 Values greater than 255 for enterprise specific security models


Security Model Data: Authentication Protocol

MD5 and SHA are two support protocols in SNMPv3
Both authenticate the SNMP msg
 SHA most complex algorithm with 20-byte calculation
 MD5 has 16-byte algorithm

First 12-bytes/96 bits in both protocols are included in the
authentication field
 20-octet passwd for SHA and 16-octet for MD5

Revised Spring 2006
SNMPv3 and Network
Management
8
8
Message Formats

12-byte octet string used to authenticate msg

String known as electronic fingerprint



Verifies data has not be altered in transit
True for MD5 and SHA protocols
SNMP: entity to entity
During msg exchange authentication key is known to both parties
 During receipt of key the receiver recalculates the know key using
algorithm
 If the recalculated key matches the original, then authentication occurs

Security

Model Data: Privacy Protocol
Privacy protocol field
8-byte octet string used for Data Encryption Standard (DES)
 16-byte key used for encryption

First 8 octets of key used for encryption/DES
 Second 8 octets of key used as initialization vector


(continued on next slide)
Revised Spring 2006
SNMPv3 and Network
Management
99
Message Formats



Unique 8-octet value is manipulated to prevent re-usage on encryption
of packet
DES in SNMPv3 uses private key to encrypt/decrypt msgs
Context

Deals with existing MIB indexing schemes and how to extend
them

Some MIB are indexed by port number


Certain configs there may be cards/units with the same port numbers
Context feature allows multiple instances of identical MIB tables
within same SNMP agent
Revised Spring 2006
SNMPv3 and Network
Management
10
Message Formats


SNMPv3 Message Exchanges
The flow diagram explains the flow of SNMP msgs
Revised Spring 2006
SNMPv3 and Network
Management
11
Message Formats
Revised Spring 2006
SNMPv3 and Network
Management
12
Message Formats
Revised Spring 2006
SNMPv3 and Network
Management
13
SNMP Problems






Has difficulty manipulating large data sets
Scalability issues where table grow in the thousands
Notifications aren’t guaranteed to arrive
 UDP
Management operations (such as get or set) can time
out if network is congested or agent host is heavily
loaded
SNMP use UDP
Despite shortcomings, SNMP’s widespread
deployment and simplicity are great strengths!
Revised Spring 2006
SNMPv3 and Network
Management
14
Summary




SNMPv3 offers much greater security than previous
versions
Allows extension of MIBs
Understanding SNMP msg flow is critical to network
managers
Network elements combine to make up a managed
network
Revised Spring 2006
SNMPv3 and Network
Management
15
The Network Management Problem
Chapter 3
Network Management, MIBs, and MPLS
Stephen B. Morris
Rodrigo Iglesias de Aliaga
Revised Spring 2006
Rudimentary NMS Software
Components
16
Overview



Network Operators problems with the growth of traffic
types and volumes.
Operational increase due to Multiple NMS growth.
There is a strong need to reduce the cost of ownership
and improve the return on investment (ROI) for network
equipment.
Revised Spring 2006
Rudimentary NMS Software
Components
17
Overview

Automated, flow-through actions are required for
network management operations.






Provisioning
Detecting faults
Checking (and verifying) performance
Billing/accounting
Initiating repairs or network upgrades
Maintaining the network inventory
Revised Spring 2006
Rudimentary NMS Software
Components
18
Bringing the Managed Data to the Code



Managed objects reside on many SNMP agent hosts.
Copies of managed objects reside on SNMP management
systems.
Changes in agent data may have to be regularly
reconciled with the management system copy.
Revised Spring 2006
Rudimentary NMS Software
Components
19
Bringing the Managed Data to the Code

Components of an NMS
Revised Spring 2006
Rudimentary NMS Software
Components
20
Bringing the Managed Data to the Code


The Quality of an NMS is inversely proportional to the
gap between its picture of the network and the actual
state of the underlying network- the smaller the gap, the
better the NMS.
As managed NES become more complex, an extra
burden is placed on the management system.
Revised Spring 2006
Rudimentary NMS Software
Components
21
Scalability

Today’s Network is Tomorrow’s NE


Scalability is one of the biggest problems facing modern
networking.
A scalability problem occurs when an increase in the number of
instances of a given managed object in the network necessitates
a compensating, proportional resource increase inside the
management system.
Revised Spring 2006
Rudimentary NMS Software
Components
22
Layer 2 VPN Scalability


Scalability Problems tend to arise in situations of
proportional growth.
The N2 Problem



When the number of layer 2 virtual circuits required is
proportional to the square of the number of sites.
Anything in networking that grows at the rate of N2 tends to give
rise to a problem of scale.
As the number of sites gets bigger, the N2 term is more
significant than the other terms.
Revised Spring 2006
Rudimentary NMS Software
Components
23
The N2 problem
Revised Spring 2006
Rudimentary NMS Software
Components
24
The N2 problem

Layer 3 VPNs


Layer 3 VPNs provide a much more scalable solution because the
number of connections required is proportional to a number of
sites, not the square of the number of sites.
Layer 3 VPNs avoid the need for a full mesh between all of the
customer edge routers by providing these features:



A layer 3 core
Overlapping IP address range across the connected sites (if
separate organizations use the same VPN service)
Multiple routing table instances in the provider edge routers
Revised Spring 2006
Rudimentary NMS Software
Components
25
Virtual Circuit Status Monitoring

Scalability problems arise when the MIB table entries
become very large due to NMS attempts to read all MIB
table entries at the same time.
Revised Spring 2006
Rudimentary NMS Software
Components
26
MIB Scalability

Network operators and their users demand more:




Bandwidth
Faster Networks
Bigger Devices
Scalability concerns are growing because routers and
switches are routinely expected to support the creation
of millions of virtual circuits.
Revised Spring 2006
Rudimentary NMS Software
Components
27
Creating LSPs in an MPLS network
Revised Spring 2006
Rudimentary NMS Software
Components
28
Other Enterprise Network Scalability
Issues

Scalability concerns also affect enterprise networks in
these areas:

Storage Solutions


Administration of Firewalls


Access control lists and static routes
Security Managements


Rules for permitting or blocking packet transit
Routers


Adding, deleting, modifying, and monitoring SANs
Encryption keys, biometrics facilities, and password control
Application Management
Revised Spring 2006
Rudimentary NMS Software
Components
29
Light Reading Trials

Internet core routers from Cisco, Juniper, Charlotte’s
Networks, and Foundry Networks were stress-tested
during 2001 using these tests




MPLS throughput
Latency
IP throughput at OC-48
IP throughput at OC-192
Revised Spring 2006
Rudimentary NMS Software
Components
30
Large NEs

Advantages of the deployment of much bigger device




They reduce the number of devices required, saving central
office (CO) space and reducing cooling and power requirements.
They may help to reduce cabling by aggregating links.
They offer richer feature set.
Disadvantages



They are harder to manage.
They potentially generate vast amounts of management data.
They are a possible single point of failure if not back up.
Revised Spring 2006
Rudimentary NMS Software
Components
31
Expensive (and Scarce) Development
Skill Sets



Building management systems for the devices of today
and tomorrow is increasingly difficult.
General migration to a Layer 3 infrastructure is another
reason for the widening gap between available
development skills and required product features.
The need for customers to see rapid ROI for all
infrastructural purchases
Revised Spring 2006
Rudimentary NMS Software
Components
32
Expensive (and Scarce) Development
Skill Sets


A different approach is needed for developing
management systems.
Acquiring skills like these would positively enhance the
development process.







A solution mindset
Distributed, creative problem solving
Taking ownership
Acquiring domain expertise
Embracing short development cycles
Minimizing code changes
Strong testing capability
Revised Spring 2006
Rudimentary NMS Software
Components
33
A Solution Mindset

Solutions have a number of characteristics



Clear economic value
Fulfillment of important requirements
Resolution of one or more end-user problems
Revised Spring 2006
Rudimentary NMS Software
Components
34
A Solution Mindset
Revised Spring 2006
Rudimentary NMS Software
Components
35
Distributed, Creative Problem Solving






Software Bugs
NE Bugs (Hard to identify)
Performance Bottlenecks in FCAPS applications due to
congestion on the network.
Client Applications crashing from time to time
MIB Table Corruption
SNMP Agent Exceptions
Revised Spring 2006
Rudimentary NMS Software
Components
36
Distributed, Creative Problem Solving

Tools available to solve these problems




UML support packages
Java/C++/SDL products
Version control
Debuggers
Revised Spring 2006
Rudimentary NMS Software
Components
37
Taking Ownership


A broad task can be ring-fenced by a small group of
developers who take responsibility for design,
development, and delivery.
Traditional development boundaries are removed.



No more pure GUI, backend, or database developers.
All NMS software developers should strive to extend their
portfolio of skills to achieve this.
Institutional memory relates to individual developers
with key knowledge of product infrastructure.
Revised Spring 2006
Rudimentary NMS Software
Components
38
Acquiring Domain Expertise

Domain expertise represents a range of detailed
knowledge

IP/MPLS that can be readily applied to the needs of an
organization.
Revised Spring 2006
Rudimentary NMS Software
Components
39
Acquiring Domain Expertise

Knowledge include areas such us:





Layer 2 and layer 3 traffic engineering
Layer 2 and layer 3 QoS
Network Management
Convergence of legacy technologies into IP
Backward and forward compatibility of new technologies

MPLS
Revised Spring 2006
Rudimentary NMS Software
Components
40
Linked Overviews




ATM Linked Overview
IP Linked Overview
Embracing Short Development Cycles
Minimizing Code Changes
Revised Spring 2006
Rudimentary NMS Software
Components
41
Elements of NMS Development

NMS Developments





Using a browser-based GUI
Developer wants to check that the software executed the correct
actions
During provisioning, developer verifies Java
Database is updated by the management system code
Verifying that the correct set of managed objects was written to
the NE
Revised Spring 2006
Rudimentary NMS Software
Components
42
Elements of NMS Development







Data Analysis
Upgrade considerations
UML, Java, and Object-Oriented Development
Class Design for Major NMS Features
GUI Development
Middleware Using CORBA-Based Products
Insulating Applications from Low-Level Code
Revised Spring 2006
Rudimentary NMS Software
Components
43
Expensive (and Scarce) Operational
Skill Sets


The growing complexity of networks is pointing to
increasingly scarce operational skills
Multiservice Switches

Enterprise network typically want to:



Reduce the payback period for new purchases
Maintain and expand existing network services
Reduce operational costs associated with multiple networks


Telephony
LAN
Revised Spring 2006
Rudimentary NMS Software
Components
44
Expensive (and Scarce) Operational
Skill Sets

Multiservice Switches

MPLS provides a way of filling these needs in conjunction with
multiservice switches




ATM
FR
TDM
IP
Revised Spring 2006
Rudimentary NMS Software
Components
45
MPLS: Second Chunk

Managed objects of MPLS











Explicit Route Objects
Resource blocks
Tunnels and LSPs
In-segments
Out-segments
Cross-connects
Routing Protocols
Signaling Protocols
Label operations
Traffic Engineering
QoS
Revised Spring 2006
Rudimentary NMS Software
Components
46
Explicit Route Objects



An ERO is a of layer 3 address hops inside an MPLS
cloud
Describes a list of MPLS nodes through which a tunnel
passes.
EROs are used by signaling protocols to create tunnels
Revised Spring 2006
Rudimentary NMS Software
Components
47
Resource Blocks



MPLS permits the reservation of resources in the
network.
Resource blocks provide a means for recording the
bandwidth settings
Resource blocks include



Maximum reserved bandwidth
Maximum traffic burst size
Packet length
Revised Spring 2006
Rudimentary NMS Software
Components
48
Tunnels and LSPs

MPLS-encapsulated packets enter the tunnel, pass
across the appropiaye path, and exhibit three important
characteristics



Forwarding is based on MPLS label rather than IP header
Resource usage is fixed, based on those rederved at the time of
connection creation
The path taken by the traffic is constrained by the path chosen
in advance by the user.
Revised Spring 2006
Rudimentary NMS Software
Components
49
In-Segments and Out-Segments


In-segments on an MPLS node represent the point of
ingress for traffic
Out-segments represent the point of egress for traffic
Revised Spring 2006
Rudimentary NMS Software
Components
50
Cross-Connects


MPLS node uses the cross-connect settings to decide
how to switch traffic between the segments
Connection Types



Point-to-Point
Point-to-Multipoint
Multipoint-to-Point
Revised Spring 2006
Rudimentary NMS Software
Components
51
Routing Protocols

MPLS incorporates standard IP routing protocols such as
OSPF, IS-IS and BGP4
Revised Spring 2006
Rudimentary NMS Software
Components
52
Signaling Protocols


LSPs and tunnels can be achieved either manually or via
signaling
Signaled connections have



Resource Reserved
Labels Distributed
Paths selected by protocols


RSVP-TE
LDP
Revised Spring 2006
Rudimentary NMS Software
Components
53
Label Operations


MPLS-labeled traffic is forwarded based on its
encapsulated value
The operations that can be executed against labels are




Lookup
Swap
Pop
Push
Revised Spring 2006
Rudimentary NMS Software
Components
54
MPLS Encapsulation

The MPLS Encapsulation specifies four reserved label
values




0-IPv4 explicit null that signals the receiving node to pop the
label and execute an IP lookup
1-Router alert that indicates to the receiving node to examine
the packet more closely (rather than simply forwarding it)
2-IPv6 explicit null
3-Implicit null that signals the receiving node to pop the label
and execute an IP lookup
Revised Spring 2006
Rudimentary NMS Software
Components
55
Qos and Traffic Engineering

LAN Bandwidth can be increased as needed using
switches


Excess bandwidth helps avoid congestion
Traffic Engineering is set to become a mandatory
element of converged layer 3 enterprise networks.
Revised Spring 2006
Rudimentary NMS Software
Components
56
QoS

There are three approaches that can be adopted for
providing different levels of network service



Best effort (as provided by the Internet)
Fine granularity QoS (Integrated Services – IntServ)
Coarse granularity QoS (Differentiated Services – DiffServ)
Revised Spring 2006
Rudimentary NMS Software
Components
57
IP Header
Revised Spring 2006
Rudimentary NMS Software
Components
58
MPLS and Scalability



This table can include millions of rows
It is not practical to try to read or write an object of this
size using SNMP
Unfortunately, it might be necessary if a network is
being initially commissioned or rebalanced after adding
new hardware
Revised Spring 2006
Rudimentary NMS Software
Components
59
MPLS and Scalability
Revised Spring 2006
Rudimentary NMS Software
Components
60
MPLS and Scalability
Revised Spring 2006
Rudimentary NMS Software
Components
61
Summary



Bringing managed data and code together is one of the
central foundations of computing and network
management
Designers of management systems need rarified skills
set that matches the range of technologies embedded in
NEs and networks Liberal use of standards documents
and linked overviews are some important tools for
tackling the complexity of system development,
managed object derivation, and definition.
Networks must increasingly support a growing range of
traffic types. (Traffic Engineering and QoS handling in
Layer 2 and Layer 3 Networks).
Revised Spring 2006
Rudimentary NMS Software
Components
62
Related documents
Leukaemia Section 11p15 rearrangements in
Leukaemia Section 11p15 rearrangements in
COLLEGE OF CENTRAL FLORIDA
COLLEGE OF CENTRAL FLORIDA
Rudimentary NMS Software Components
Rudimentary NMS Software Components
Rudimentary NMS Software Components (Chapter 7)
Rudimentary NMS Software Components (Chapter 7)
Type Here - Faith Pediatric Rehabilitation
Type Here - Faith Pediatric Rehabilitation
Problem 3
Problem 3
Conciseness - Troy University
Conciseness - Troy University
Release Notes
Release Notes
Business Web Page Design
Business Web Page Design
Using the Standard Normal Table
Using the Standard Normal Table
Weather Notes
Weather Notes
Simple Network Management Protocol(SNMP) is simply define as
Simple Network Management Protocol(SNMP) is simply define as