Download ch8_MNGT_0708

Communication Networks
P. Demeester
Chapter 8
Network Management
Computer networking A top-down approach featuring the
internet
4th Edition, 2008
Addison Wesley
James F. Kurose, Keith W. Ross
ISBN 0-321-49770-8
Network Management
Part of slides provided by J.F Kurose and K.W. Ross, All Rights Reserved
8-1
Chapter 8: Network Management
Chapter goals:
 introduction to network management
 motivation
 major components
 Internet network management framework
 MIB: management information base
 SMI: data definition language
 SNMP: protocol for network management
 security and administration
Network Management
8-2
Chapter 8 outline
 What is network management?
 Internet-standard management framework
 Structure of Management Information: SMI
 Management Information Base: MIB
 SNMP Protocol Operations and Transport Mappings
 Security and Administration
Network Management
8-3
What is network management?
 autonomous systems (“network”): 100s or
1000s of interacting hardware/software
components
"Network management includes the deployment,
integration and coordination of the hardware, software,
and human elements to monitor, test, poll, configure,
analyze, evaluate, and control the network and element
resources
to
meet
the
real-time,
operational
Performance, and Quality of Service requirements at a
reasonable cost."
Network Management
8-4
FCAPS : fault, configuration,
accounting, performance, security
Fault Management : log, detect, respond to fault conditions in the network
(similar to performance management, but short term; e.g.
link failure, power shut down, …)
Configuration Management : track which devices are in the network,
what the hardware and software configurations are, … (e.g. router,
hubs, switches, …)
Accounting Management : specify, log and control user and device access
to the network (e.g. usage quotas, usage based charging, …)
Performance Management : quantify, measure, report, analyze, and control
the performance of different network components (router, host,
link but also end-to-end abstractions) (long term, in contrast to
fault management, e.g. average packet loss rate, …)
Network
Management
Security Management : control access to resources (e.g.
KDC
and CA)
8-5
Infrastructure for network management
definitions:
managing device
managing
entity
Central
MIB
agent data
managed device
managed devices contain
managed objects whose
data is gathered into a
Management Information
Base (MIB)
agent data
network
management
protocol
managed device
agent data
agent data
managed device
Examples :
- monitoring traffic
- detecting NIC failures
- monitoring hosts are up
-…
managed device
Network Management
8-6
Network Management standards
OSI CMIP
 Common Management
Information Protocol
 designed 1980’s: the
unifying net
management standard
 too slowly
standardized
SNMP: Simple Network
Management Protocol
 Internet roots (SGMP)
 started simple
 deployed, adopted rapidly
 growth: size, complexity
 currently: SNMP V3
 de facto network
management standard
Network Management
8-7
Chapter 8 outline
 What is network management?
 Internet-standard management framework
 Structure of Management Information: SMI
 Management Information Base: MIB
 SNMP Protocol Operations and Transport Mappings
 Security and Administration
Network Management
8-8
SNMP overview: 4 key parts
 Structure of Management Information (SMI):

data definition language for managed objects
 Management information base (MIB):

distributed information store of network
management data
 SNMP protocol
 convey manager<->managed object info, commands
 security, administration capabilities
 major addition in SNMPv3
Typically the whole framework is called SNMPNetwork
(not only
the protocol part)
Management
8-9
SMI: data definition language
Purpose:
- syntax, semantics of management data
- well-defined, unambiguous
 base data types:
 straightforward
 OBJECT-TYPE
 base data type, status, semantics of managed object
 MODULE-IDENTITY
 groups related objects into a MIB module
Network Management
8-10
Basic Data Types
INTEGER
Integer32
Unsigned32
OCTET STRING
OBJECT IDENTIFIER
IPaddress
Counter32
Examples :
Counter64
OCTET STRING : byte-string representing
Guage32
arbitrary binary or textual data,
up to 65535 bytes long
TimeTicks
OBJECT IDENTIFIER : assigned name to
Opaque
object element (sequence of up
to 128 integers)
TimeTicks : time, measured in 1/100ths
of a second since some event
Network Management
8-11
OBJECT-TYPE
Specify the data-type, status and semantics
of a managed object (nearly 10.000 defined objects)
OBJECT-TYPE construct has 4 clauses :
- SYNTAX : basic data type associated with object
- MAX-ACCESS : what is allowed : read, write, create,
include value in notification
- STATUS : current and valid, obsolete, deprecated
- DESCRIPTION : human-readable definition of object
ipInDelivers OBJECT TYPE
SYNTAX
counter32
MAX-ACCESS read-only
STATUS
current
DESCRIPTION
“The total number of input datagrams successfully
delivered to IP user-protocols (including ICMP)”
::= { ip 9}
Network Management
8-12
MODULE-IDENTITY
Allows related objects to be grouped together within a module
(MIB module)
ipMIB MODULE-IDENTITY
LAST-UPDATED “9411010000Z”
ORGANZATION “IETF SNMPv2 Working Group”
CONTACT-INFO
“ Keith McCloghrie
……”
DESCRIPTION
“The MIB module for managing IP and ICMP implementations, but
excluding their management of IP routes.”
REVISION “0193310000Z”
::= {mib-2 48}
e.g. RFC 2011 (MIB for the internet protocol using SMIv2)
Network Management
8-13
Chapter 8 outline
 What is network management?
 Internet-standard management framework
 Structure of Management Information: SMI
 Management Information Base: MIB
 SNMP Protocol Operations and Transport Mappings
 Security and Administration
Network Management
8-14
MIB : Management Information Base
- MIB : virtual information store, holding managed objects whose values
collectively reflect the current status of the network
- managed objects specified by OBJECT-TYPE SMI
- managed objects grouped in MIB modules (using MODULE-IDENTITY)
- over 100 standards-based MIB modules (even larger number vendor
specific (private) MIB modules)
MODULE
OBJECT TYPE:
OBJECT TYPE:OBJECT TYPE:
Network Management
8-15
Object Naming
How to name every possible standard object (protocol,
data, more..) in every possible network standard ?
ISO Object Identifier tree:
 hierarchical naming of all objects
 each branchpoint has name, number
1.3.6.1.2.1.7.1
ISO
ISO-ident. Org.
US DoD
Internet
udpInDatagrams
UDP
MIB2
management
Network Management
8-16
ASN.1 Object Identifier Tree
ISO(1)
ISO identified
Organization (3)
US
DoD (6)
Internet (1)
management (2)
MIB-2 (1)
UDP(7)
1.3.6.1.2.1.7.x
www.alvestrand.no/harald/objectid/top.html
Network Management
8-17
MIB example: UDP module
Object ID
1.3.6.1.2.1.7.1
1.3.6.1.2.1.7.2
1.3.6.1.2.1.7.3
1.3.6.1.2.1.7.4
1.3.6.1.2.1.7.5
Name
Type
Comments
UDPInDatagrams Counter32 total # datagrams delivered
at this node
UDPNoPorts
Counter32 # undeliverable datagrams
no app at port
UDPInErrors
Counter32 # undeliverable datagrams
all other reasons
UDPOutDatagrams Counter32 # datagrams sent
udpTable
SEQUENCE one entry for each port
in use by app, gives port #
and IP address
Network Management
8-18
Chapter 8 outline
 What is network management?
 Internet-standard management framework
 Structure of Management Information: SMI
 Management Information Base: MIB
 SNMP Protocol Operations and Transport Mappings
 Security and Administration
Network Management
8-19
SNMP protocol
Two ways to convey MIB info, commands:
managing
entity
request
managing
entity
trap msg
response
agent data
Managed device
request/response mode
agent data
Managed device
trap mode
Network Management
8-20
SNMP protocol: message types
Message type
GetRequest
GetNextRequest
GetBulkRequest
InformRequest
SetRequest
Response
Trap
Function
Mgr-to-agent: “get me data”
(instance,next in list, block)
Mgr-to-Mgr: here’s MIB value
Mgr-to-agent: set MIB value
Agent-to-mgr: value, response to
Request
Agent-to-mgr: inform manager
of exceptional event
Network Management
8-21
SNMP protocol summary
Management
application
GetRequest
GetResponse
GetNextRequest
application
managed
objects
UDP
SNMP managed objects
GetRequest
GetResponse
GetNextRequest
Trap
SetRequest
SNMP manager
Management agent
Trap
SetRequest
SNMP
messages
SNMP agent
UDP
IP
IP
DL
DL
PHY
PHY
Public Internet
Network Management
8-22
SNMP Example
ipRouteDest
ipRouteMetric1
ipRouteNextHop
10.0.0.1
3
10.0.0.254
10.0.0.2
3
10.0.0.254
10.10.10.1
5
10.10.10.254
subtree :
ipRouteTable
1.3.6.1.2.1.4.21
ipRouteEntry
1.3.6.1.2.1.4.21.1=X
ipRouteDest
X.1
ipRouteMetric1
X.3
ipRouteNextHop
X.7
ipRouteDest.10.0.0.1
X.1.10.0.0.1
ipRouteMetric1.10.0.0.1
X.3.10.0.0.1
ipRouteNextHop.10.0.0.1
X.7.10.0.0.1
ipRouteDest.10.0.0.2
X.1.10.0.0.2
ipRouteMetric1.10.0.0.2
X.3.10.0.0.2
ipRouteNextHop.10.0.0.2
X.7.10.0.0.2
ipRouteDest.10.10.10.1
X.1.10.10.10.1
ipRouteMetric1.10.10.10.1
X.3.10.10.10.1
ipRouteNextHop.10.10.10.1
X.7.10.10.10.1
Network Management
8-23
SNMP Example
GetRequest (ipRouteDest.10.0.0.1, ipRouteMetric1.10.0.0.1,
ipRouteNextHop.10.0.0.1)
GetResponse ((ipRouteDest.10.0.0.1 = 10.0.0.1, ipRouteMetric1.10.0.0.1 = 3,
ipRouteNextHop.10.0.0.1 = 10.0.0.254)
GetNextRequest (ipRouteDest, ipRouteMetric1, ipRouteNextHop)
GetResponse ((ipRouteDest.10.0.0.1 = 10.0.0.1, ipRouteMetric1.10.0.0.1 = 3,
ipRouteNextHop.10.0.0.1 = 10.0.0.254)
GetNextRequest (ipRouteDest.10.0.0.1, ipRouteMetric1.10.0.0.1,
ipRouteNextHop.10.0.0.1)
GetResponse ((ipRouteDest.10.0.0.2 = 10.0.0.2, ipRouteMetric1.10.0.0.2 = 3,
ipRouteNextHop.10.0.0.2 = 10.0.0.254)
GetNextRequest (ipRouteDest.10.0.0.2, ipRouteMetric1.10.0.0.2,
ipRouteNextHop.10.0.0.2)
GetResponse ((ipRouteDest.10.10.10.1 = 10.10.10.1, ipRouteMetric1.10.10.10.1 = 5,
ipRouteNextHop.10.10.10.1 = 10.10.10.254)
ipRouteDest
ipRouteMetric1
ipRouteNextHop
10.0.0.1
3
10.0.0.254
10.0.0.2
10.10.10.1
3
10.0.0.254
Network
Management
8-24
5
10.10.10.254
SNMP : message formats : PDU
PDU-type
Request-id
0
0
Variable bindings
GetRequest, GetNextRequest, SetRequest
PDU-type
Request-id
Error-status
Error-index
Variable bindings
GetResponse
name1
value1
name2
value2
name3
…
Request-id : each request has a unique identification number
Error-status : (0) noError, (1) tooBig, (2) noSuchName, (3)badvalue, …
Error-index : additional information by indicating which variable caused
the exception
Variable bindings : list of names and corresponding values
Network Management 8-25
(value Null in case of request)
Chapter 8 outline
 What is network management?
 Internet-standard management framework
 Structure of Management Information: SMI
 Management Information Base: MIB
 SNMP Protocol Operations and Transport Mappings
 Security and Administration
Network Management
8-26
SNMP security and administration
Command
generator
Notification
receiver
Command
responder
Proxy
forwarder
SNMP
application
Others
Notification
originator
PDU
Dispatching
Message
Processing
system
Timeliness
Authentication
Privacy
Security/message header
Access
control
SNMP
engine
PDU
Transport layer
Network Management
8-27
SNMP security and administration
 encryption: DES-encrypt SNMP PDU (symmetric key !)
 authentication/integrity: HMAC


(Hashed Message Authentication Codes)
Authentication (using K, key known by sender and receiver)
Protection against tampering (using H(.))
 protection against playback: use nonce
 view-based access control


SNMP entity maintains database of access rights, policies for various users
database itself accessible as managed object!
K
m
+
H(.)
H(m,K)
+
Internet
m
Network Management
8-28
Network Management: summary
 network management
 extremely
important: 80% of network “cost”
 SNMP protocol as a tool for conveying
information
 Network management: more art than science
 what to measure/monitor
 how to respond to failures?
 alarm correlation/filtering?
Network Management
8-29
Table of contents
 What is network management ?
3
 Internet-standard management framework
 Structure of Management Information: SMI
 Management Information Base: MIB
 SNMP Protocol Operations and Transport Mappings
 Security and Administration
 Table of contents
8
14
19
26
30
Network Management
8-30