* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download SNMP In Depth
Survey
Document related concepts
Parallel port wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Airborne Networking wikipedia , lookup
Computer network wikipedia , lookup
Asynchronous Transfer Mode wikipedia , lookup
Serial digital interface wikipedia , lookup
Internet protocol suite wikipedia , lookup
Distributed firewall wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
UniPro protocol stack wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Deep packet inspection wikipedia , lookup
Transcript
SNMP Network Management Systems Servers Compaq Windows 2000 Insight Manager Windows NT Cisco Simple Network Management Protocol (SNMP) AIX Linux IBM Netfinity HP HP-UX Top Tools Sun OS Dell OpenManage Netware Services Devices Exchange PBX’s SQL Server Routers & Hubs IIS Printers Agenda Features What justified the need History Objective What is SNMP ? MIB Design SNMP RMON Protools Standards Summary Wanted: An Application for IT Management Support Integration of System & People Processes End-User Support Infrastructure Support Support Process Technology Process Network Mgmt Desktop Mgmt Security Mgmt Server Mgmt Centralized Alerts Open Alerting Architecture Page, Fax, E-Mail Anti-Virus Firewall Help Desk SNMP Sniffer ISS CyberCop IDS Programmable Backend RMON MIB Standard RMON - Published Under RFC 1271/1513 And contains 9 Groups RMON Is an SNMP Definition or MIB Designed To Capture All relevant Information Necessary To Manage And Analyze Local or Remote Networks Developed By IETF (Internet Engineering Task Force) Consists Of A Plethora Of Definitions Relating To Network Traffic And Alarm Conditions Can Be Extended Beyond IETF Definition By Adding “Private Extensions” Vendors Can Add Value To RMON Via Their Own Private Extensions, some Proprietary And Others Public Domain RMON MIB Overview RMON MIB Remote Monitoring - Management Information Base RFC 1271 - Ethernet Standard RFC 1513 - Token Ring Standard Objective Use SNMP and standard MIB design to provide multi-vendor interoperability between monitoring products and management station RMON - High Level View Remote Network Monitoring (MIB) Monitoring of the LAN Traffic and devices Performance Monitoring Proactive Network Monitoring activities Discover abnormalities and trends Performance isolation Device Monitoring Fault Management Discover problems Eliminates Reactive Network Monitoring Activities Trend Analysis RMON MIB Features Additional packet error counters Ethernet & Token Ring error stats Frame size distribution Event and alarm generation Performance/traffic matrix Host tables Filtering and packet capture for analysis and decode applications RMON Statistics History Alarms Hosts Host Top N Traffic Matrix Filter Packet Capture Events Token Ring RMON 2 All 10 groups plus... Protocol Directory Protocol Distribution Address Mapping Network Layer Host Network Layer Matrix Application Layer Host Application Layer Matrix User History RMON Conformance (everything except Probe Configuration) Management Information Base MIB -- Management Information Base – MIBs describe object attributes – Some MIBs are pre-loaded – Additional MIBs are needed » Loaded manually » Downloaded from manufacture’s WEB sites Standard MIBs – MIB-I – MIB-II – RMON – RMON 2 – Bridge – Repeater SNMP MIB Comparison MIB II Int erf ace St at ist ics IP, TCP, UDP St at ist ics SNM P St at ist ics Host Job Count s Host File Syst em Inf ormat ion Link Test ing Net w ork Traf f ic St at ist ics Host Table of all A ddresses Host St at ist ics Hist orical St at ist ics Spanning Tree Perf ormance Wide A rea Link Perf ormance Thresholds f or any Variable Conf igurable St at ist ics Traf f ic M at rix w it h all Nodes Host Top n St udies Packet Capt ure Filt ering Dist ribut ed Logging RMON MIB HUB MIB Bridge MIB Host MIB MIB Structure iso (1) org (3) dod (6) internet (1) directory (1) mgmt (2) experimental mib-2 (1) system (1) interfaces (2) snmp (11) sysObjectID (2) sysDescr (1) private (4) enterprises (1) cisco (9) hp(11) novell(23) MIB OID’s ISO - 1 ORG - 3 DOD - 6 INTERNET - 1 Directory - 1 MGMT - 2 Experimental - 3 ENTERPRISE - 4 MIB2 - 1 System Interfaces at ip icmp tcp RMON RMON II sysdesc sysuptime syscontact 9 Groups 4 Groups SNMP/RMON/RMON II Management Information Base I & II Database of Information Called: Object Identifiers or OID’s Simple Network Management Protocol Protocol to gather information Called SNMP The Three OID areas Three Commands of SNMP Text - IP Address Counters - Statistics Variables - Port On/Off Set Get Get Next Abstract Syntax Notation (ASN.1) iso org dod internet private enterprises RMON 1 . 3 . 6 . 1 . 4 . 1 . 16 1 . 3 . 6 . 1 . 4 . 1 . 16 . 1 . 1 . 1 . 12 Object Identifier of an SNMP MIB Object Statistical RMON I ALL NINE GROUPS (Ethernet) GROUPS Event Counters 1. Statistics 8.view Packet Historical of Stats 2. History Capture of Defines conditions 3. Alarms from Statsspecifics group Host or station 4. Host Table Group alerts PACKET Sorted host tables 5. Top N Hosts SNIFFING Host Conversations 6. Traffic Matrix Sends alarms & takes actions 7. based Packeton need Filter GROUPS GROUPS 9. Events Enterprise Level RMON II ISO Five Levels PERFORMANCE ACCOUNTING CONFIGURATION FAULT SECURITY Report who is talking to who Who’s Require usingfaster backbone backbone/segment - Charge Them Find back doors Inventory all hardware Analyze Protocol Distribution Reporting Investigate faults open ports Port status - admin up/down Catch Hackers/Intruders Embedded RMON "Mini RMON" Switch Statistics (collision, errors, utilization, broadcast/multicast, etc.) History Alarms Events Roving Probe Switch ATM Switch CiscoSystems Catalyst 5000 Copied Traffic Analysis Port Switch Manager Probe Monitor Switched Networks EnterpriseProbe for FDDI Router WAN FDDI Switch EnterpriseProbe for Fast Ethernet Roving RMON Probe Switch Switch Embedded RMON Agents RMON Statistics History Alarms Hosts Host Top N Traffic Matrix Filter Packet Capture Events Token Ring RMON 2 All 10 groups plus... Protocol Directory Protocol Distribution Address Mapping Network Layer Host Network Layer Matrix Application Layer Host Application Layer Matrix User History RMON Conformance (everything except Probe Configuration) Benefits Of Ongoing Remote Monitoring Better Understanding Of Computing Environment On An Ongoing Basis – Preventive Maintenance, Spot Problems Early – Faster Problem Solving When They Occur Improved Productivity Due To Centralized Monitoring – Reduces Need To Travel To Remote Sites To Monitor Health Of Network Or Diagnose Problems Cost And Productivity Benefits SNMP Summary (continued) Alternatives to SNMP Distributed Management Environment(DME) Common Management Interface Protocol(CMIP) CMIP Over TCP/IP(CMOT) Managing Critical Devices Possible Corrective Action Device Resources Manager Monitors Router Free buffers, congestion loss, errors, drop packets Detect loopback, non-routed requests Shutdown Interface Send mail to manager with TopN user and utilization report Bridge Dropped packets, error rate Unauthorized users Generate and send mail MAC Report Report of Broadcast Storm UPS Monitor wattage level Peak current level Changes in input voltage Inform manager of abnormal, highs, and lows Look at MIB variables Server Number of process CPU utilization Disk utilization's Inform manager Generate RMON reports of TopN users, protocols, domains HUB Collision or port threshold Intruders and port security Show intruder address in report form Shut off port Host TFTP traffic to secure a host Show intruder address in report Shut off port RMON MIB Root 1 ISO 3 Organizations 1 6 Statistics DOD Internet 1 2 Private 4 History 3 Alarms 2 MIB 1 & 2 4 Management Hosts 1 5 16 6 RMON Host Top N Traffic Matrix 7 Filters 8 9 Events Packet Capture Root 10 Token Ring 9 Events Organizations 8 Packet Capture DOD 7 Filters Internet Private 6 Traffic Matrix Management MIB I & II 5 Host TopN RMON 4 Hosts 3 MIB I Alarms 1 MIB II Statistics 2 History RMON2 Architecture MIB I & II (1) Statistics (1) RMON History (2) (16) Alarms (3) Hosts (4) Host Top N (5) Traffic Matrix (6) Filters (7) Packet Capture (8) Events (9) Token Ring (10) protocolDir (11) protocolDist (12) addressMap (13) nlHost (14) nlMatrix (15) alHost (16) alMatrix (17) usrHistory (18) probeConfig (19) rmonConformance (20) RFC 1271 MIB I & MIB II Root SYSTEM ISO Interface 1 3 Organizations AT DOD Internet 1 IP MIB 1 (9 Groups) ICMP MIB2 (10 Groups) TCP 2 1 Management UDP EGP CMOT SNMP 6 16 RMON Private 4 RMON, RMON2 and Beyond Application Presentation Session Enterprise RMON Transport Network Data Link (MAC) Physical RMON2 RMON Standard Enterprise RMON vs RMON2 7 6 5 4 3 2 1 Enterprise RMON RMON2 RMON 1 Hosts Host TopN Host Matrix Stats History Alarms Events Filters Packet CApture RMON Functionality Comparison RMON Distributed Device Monitoring Advanced Topology Support (100 BaseT, WAN, FDDI, ATM) 9/10 Groups MAC Layer Monitoring Network Layer Monitoring Application Layer Monitoring Switch Support VLAN Support EnterpriseRMON Ethernet/Token Ring RMON2 Groups RMON History Groups RMON MIB Groups Description Group Track different traffic characteristics. Includes counters for Segment Statistics undersized packets, fragments, CRC/ alignment errors, jabbers, and oversized packets. History Alarm Lets user setup frequency and duration of traffic obeservation intervals called buckets. Provides high and low thresholds for all statistics. Organizes traffic statistics by each device on the network. Host Node statistics include packets sent/received, octets sent/received, as well as error packets, multicast and broadcast packets. Host Top N Extends host table by allowing sorting capability of all host statistics. RMON MIB Groups (continued) Group Traffic Matrix Filter Packet Capturing Events Description Maintains a matrix at the MAC layer that shows the amount of traffic and number of errors between pairs of nodes, one source and one destination pair. A generic filter engine activates all packet capture functions and events. Users can choose to capture packets that are valid or invalid for multilple filter masks. Depends on filter group. Allows users to create multiple capture buffers and to control whether the trac3 buffer will wrap or stop when full. Provides ability to create entries in the monitor log and/or SNMP traps from the agent to the management station on any event of the user's choice. Events can be generated from any crossed threshold or on any integer or counter or from any packet match. Statistics Group Statistics (etherStatsIndex) 1.1.1 Index Data Source Drop Events Octets Pkts Broadcast Pkts Multicast Pkts CRC Align Errors Undersize Pkts Oversize Pkts Fragments Jabbers Collisions Pkts64Octets Pkts65to127Octets Pkts128to511Octets Pkts512to1023Octets Pkts1024to1518Octets Owner Status History Group History (etherHistoryEntry) 2.2.1 Index Sample Index Interval Start Drop Events Octets Pkts Broadcast Pkts Multicast Pkts CRC Align Errors Fragments Undersize Pkts Oversize Pkts Fragments Jabbers Collisions Utilization Alarm Group Alarm(alarmEntry)3.1.1 Index Interval Variable Sample Type Value Startup Alarm Rising Threshold Falling Threshold Rising Event Index Falling Event Index Owner Status Host Group Hosts(hostEntry)4.2.1 Address Creation Order Index In Pkts Out Pkts In Octets Out Octets Out Errors Out Broadcast Pkts Out Multicast Pkts Hosts Group Hosts(hostTimeEntry)4.3.1 Address Creation Order Index Time In Pkts Broadcast Pkts Time Out Pkts Pkts Time In Octets Time Out Octets Time Out Errors Time Out Time Out Multicast Host Top N Group HostTopN(hostTopNEntry)5.2.1 Top N Report Top N Index Top N Address Top N Rate Matrix Group Matrix(matrixSD&DSEntry)6.2.1&6.3.1 SD Source Address SD Dest Address SD Index SD Pkts SD Octets SD Errors DS Source Address DS Dest Address DS Index DS Pkts DS Octets DS Errors Filter Group Filter(filterEntry)7.1.1 Index Channel Index Pkt Data Offset Pkt Data Pkt Data Mask Pkt Data Not Mask Pkt Status Pkt Status Mask Pkt Status Not Mask Owner Status Filter Group Filter(channelEntry)7.2.1 Channel Index Index Channel IfIndex Status Channel Accept Type Channel Data Control Turn On Event Index Turn Off Event Index Channel Event Channel Event Channel Matches Channel Description Channel Owner Channel Status Packet Capture Group Capture(captureBufferEntry)8.2.1 Buffer Control Index Data Buffer Index Length Buffer Pkt ID Time Buffer Pkt Buffer Pkt Buffer Pkt Buffer Pkt Status Event Group Event(logEntry)9.2.1 Log Event Index Log Index Log Time Log Description How Does RMON Differ From What Network Monitoring Does Today? SNMP compliant Same statistics but in different groups Has Comprehensive Traffic Matrix Supports more alarms Does not define applications Console application not specified Database not specified Applications MIB Walkers Detail MIB knowledge Single variable Point visibility Table Tools Reflect MIB organization User view in MIB Integrated Tools MIB Table Multi-MIB Other Applications, databases, etc. General/Protools RMON Description Product Highlights Standards Based – Full RMON Support » All 9 Groups » Ethernet And Token Ring Scalable Solution – Grows As Network Grows – Easy To Add New Agents Distributed Monitoring Solution – Faster Problem Solving – Preventive Maintenance Product Highlights (continued) Integrated Into Leading Management Platforms – Platform As “Home” For Management Applications – Platform Services Integration (Alert Management, Database etc.) – Application Integration Possible Operating System Independence – Able To Mix And Match Agents With Console On Any Operating System » UNIX, OS/2, Windows – Fits Reality Of Heterogeneous User Environments Product Features Monitoring Of Key Performance Variables Baselining For “Normal” Behavior Real-Time Maps Of Traffic Flow Real-Time And Trend Graphing Of all Statistics On-Line Help (Network Consultant) Infinite Filtering (By Address, Length, Mask) Graphical User Interface Export To DDE For Sophisticated Reporting Product Description Console Product - Foundation Manager – Advanced Monitoring, Analysis And Managing Console For RMON Compliant SNMP Agents – Support For Up To 256 Remote RMON Agents (In Monitor Mode) – Operating System Support - OS/2, Microsoft Windows and UNIX Q2 Remote Products - Cornerstone Agent – OS/2 And Microsoft Windows Support – Real Time Monitor For Each Segment With User Interface – Requires Dedicated Machine – Supports Ethernet Or Token Ring Topologies Product Description (continued) Remote Products - Cornerstone Probe – RMON Agent Only, With No User Interface – Turnkey Bundled RMON Agent, Software And Hardware – Supports Ethernet Or Token Ring Topologies Benefits Of Ongoing Remote Monitoring Better Understanding Of Computing Environment On An Ongoing Basis – Preventive Maintenance, Spot Problems Early – Faster Problem Solving When They Occur Improved Productivity Due To Centralized Monitoring – Reduces Need To Travel To Remote Sites To Monitor Health Of Network Or Diagnose Problems Cost And Productivity Benefits Summary Appendix Sources of Information – The Simple Book(1st and 2nd Edition) » Marshall T. Rose » Prentice Hall 9publisher) SNMP, SNMPv2, and CMIP: The Practical Guide to Network MAnagement Standards – William Stallings – Addison-Wesley, 1993. The RMON MIB: Standards Driving the Marketplace – Presentation by Micheal Erlinger, Harvey Mudd University – Chair: IETF RMON Working Group RFC ‘s – RFC available from ftp.nisc.sri.com Summary of Standards Full Standards – 1155 - Structure of Management Information(SMI) – 1157 - Simple Network Management Protocol(SNMP) – 1213 - Management Information Base(MIBII) Draft Standards – 1212 - Concise MIB definitions Proposed Standards – 1229 - Extensions to the generic-interface MIB – 1230 - IEEE 802.4 Token Bus Interface type MIB – 1231 - IEEE 802.5 Token Ring Interface type MIB – 1232 - DS1 Interface Type MIB – 1233 - DS3 Interface Type MIB – 1239 - Reassignment of experimental MIBs to standard MIBs – 1243 - AppleTalk MIB – 1253 - OSPF version 2 MIB – 1269 - BGP version 3 MIB – 1271 - Remote LAN Monitoring MIB(Ethernet RMON) – 1284 - Ether-Like Interface Type MIB – 1285 - FDDI Interface Type MIB – 1286 - Bridge MIB – 1289 - DECnet Phase IV MIB extensions – 1304 - SMDS Interface Protocol(SIP) Interface Type MIB – 1315 - Frame Relay DTE Interface Type MIB – 1316 - Character Stream Device MIB – 1317 - RS-232 Interface Type MIB – 1318 - Parallel Printer Interface Type MIB – 1351 - SNMP Administrative Model – 1352 - SNMP Security Protocols – 1353 - SNMP Party MIB – 1354 - SNMP IP Forwarding Tables Summary of Standards (continued) Experimental – – – – – – – Informational – – – – 1187 - Bulk Table Retrieval with SNMP 1224 - Techniques for Managing asynchronously generated alerts 1227 - SNMP MUX Protocol 1228 - SNMP Distributed Program Interface 1238 - CLNS MIB 1238 - SNMP Over OSI 1298 - SNMP Over IPX 1147 - A Network Management Tool Catalog 1215 - A Convention for Defining SNMP Traps 1303 - A Convention for Defining SNMP Based Agents 3121 - MD5 Message - digest Algorithm Historical – 1213 - Management Information Base I (MIBI) SNMP Summary Today = SNMP Network management standardization Vendor interoperability Fault management Performance management Primarily TCP/IP Future = SMP(SNMP v2 and v3) Security management New error codes Enhances efficiency Improved set functionality More compatibility with AppleTalk, OSI and IPX Backward compatibility with SNMP SNMP Summary (continued) Alternatives to SNMP Distributed Management Environment(DME) Common Management Interface Protocol(CMIP) CMIP Over TCP/IP(CMOT)