degraded. They should also allow incorporation and definition of user-defined agents if needed with those widely used. Typical metrics obtained include server I/O information, system memory, and central processing unit (CPU) utilization and net - work latency in communicating with a device. In general, SNMP GET and TRAP commands are used to collect data from devices. SET commands are used to remotely configure devices. As this command can be quite destructive if improperly used, it poses a high security risk and should be utilized judiciously [6, 7]. Many devices use SNMP MIP, but manage via Java applets and secure socket layer (SSL)–management Web servers. A network itself is a single point of failure for network management. Network monitoring implies communication with the network elements. Often times, SNMP commands are issued inband, meaning that they are sent over the production net - work. If the network is down, then SNMP is of little use. Often, an agent can indi - cate if communication with any other nodes has failed or if it is unacceptable. Some agents can try to fix the problem on their own. If communication is lost, some agents can communicate via other nodes. Some can even assume control server tasks if communication with the server is lost. However, without the ability to communi - cate to a failed node, nothing beyond the problem notification can be done. An alternative approach is to communicate to a device via an out-of-band mechanism, typically through a secure dial-up connection or SSL over dial-up through a Web server. Many network monitoring solutions focus on devices. Often, information alerts regarding a device may not indicate what applications, and ultimately services and transactions, are going to be impacted. Network-monitoring tools should be able to help identify the impact of device problem by application. This requires the identifi- cation of resources and processes required for the operation of an application, including such items as databases and storage, connectivity, servers, and even other applications. Application-performance problems are often difficult to identify and usually affect other applications. Sampling application transaction rates is an approach that can help identify application performance problems. Sampling rates can vary by application. Sam - pling at low rates (or long intervals) can delay problem identification and mask transient conditions. Sampling too frequently can cause false alarms, particularly in response to transient bursts of activity. Many monitoring tools focus on layer 3, primarily Internet protocol (IP)–related diagnostics and error checking. The Internet control message protocol (ICMP) is widely used for this purpose. Router administrators can issue a PING or TRACEROUTE command to a network location to determine if a location is avail - able and accessible. Other than this, it is often difficult to obtain status of a logical IP connection, as it is a connectionless service. Newer tools also address layer 2 problems associated with LANs, even down to the network interface card (NIC). Some enable virtual LAN (VLAN) management. They allow reassigning user connections away from problematic switch ports for troubleshooting. Proactive monitoring systems can identify and correct network faults in critical components before they occur. Intelligent agents should be able to detect and cor - rect an imminent problem. This requires the agent to diagnose a problem and 12.3 Network Monitoring 327 identify the cause as it occurs. This not only makes network management easier, but also significantly reduces MTTR. Furthermore, there should be strong business awareness on the part of network management to anticipate and prepare for special events such as promotions or new accounts. Overall, a proactive approach can avert up to 80% of network problems. Tracking and trending of performance information is key to proactive fault management. A correlation tool can use different metrics help to identify patterns that signify a problem and cause. Cross correlation between CPU utilization, mem - ory utilization, network throughput, and application performance can identify the leading indicators of a potential faults. Such information can be conveyed to the intelligent agents using rules that tell them how and when to recognize a potential event. For example, an agent performing exception monitoring will know, based on the pattern of exceptions, when an extraordinary event has or is about to take place. Probe devices can provide additional capabilities beyond SNMP and intelligent agents. Probes are hardware devices that passively collect simple measurement data across a link or segment of a network. Some devices are equipped with memory to store data for analysis. Probes should have the capacity to collect and store data on a network during peak use. Many probes are designed to monitor specific ele - ments [8]. For example, it is not uncommon to find probes designed specifically to monitor frame relay or asynchronous transfer mode (ATM) links (Figure 12.1). They are often placed at points of demarcation between a customer’s LAN and WAN, typically in front of, in parallel with, or embedded within a DSU/CSU to ver- ify WAN provider compliance to service levels. 12.4 Problem Resolution Automated network-management tools by themselves are not enough to assure sat- isfactory network availability and performance. A systematic and logical approach in responding to events can also be an effective tool. First and foremost, it is impor - tant to identify the most critical portions of a network and potential points of fail - ure. This helps to outline the entire network-management effort and identify those areas within an IT infrastructure where attention should be most directed. A system - atic approach should entail the following steps: 1. Event detection. Detection is the process of discovering an event. It is typically measured as the time an adverse event occurs to the time of 328 Network Management for Continuity LAN CSU/ DSU WAN Network probe device Customer network Figure 12.1 Use of probe example. becoming aware of it. Recognizing certain behavioral patterns can often forewarn that a fault has or is about to occur. Faults should be reported in a way that discriminates, classifies, and conveys priority. Valid faults should be distinguished from alerts stemming from nonfailing but affected devices. Quite often, a device downstream from one that has exhibited an alarm will most likely indicate an alarm as well. The magnitude and duration of the event should also be conveyed. Minor faults that occur over time can cumulatively signify that an element is about to fail. Because unexpected shifts in an element’s behavioral pattern can also signify imminent failure, awareness of normal or previous behavior should be conveyed. Automating the process of managing alarms can help maintain opera - tional focus. Furthermore, awareness of the connectivity, interdependencies, and relationships between different elements can aid in alarm management. Elimination of redundant or downstream alarms, consolidation, and priori - tization of alarms can help clear much of the smoke so that a network man - ager can focus on symptoms signifying a real problem. 2. Problem isolation. Isolation is the process of locating the precise point of failure. The fault should be localized to the lowest level possible (e.g., subnetwork, server, application, content, or hardware component). It should be the level where the least service disruption will occur once the item is removed from service, or the level at which the defective item can cause the least amount of damage while operational. A network-management tool should provide the ability to window in, if not isolate, the problem source. An educated guess or a structured search approach to fault isolation is usually a good substitute if a system is incapable of problem isolation. 3. Event correlation. Event correlation is a precursor to root cause analysis. It is a process that associates different events or conditions to identify problems. Correlation can be performed at different network levels (Figure 12.2). At the nodal level, an individual device or network element is monitored and information is evaluated to isolate the problem within the device. At the network level, several nodes are associated with each other. The group is then evaluated to see how problems within that group affect the network. Nodes or connections within that group are interrogated. The service level associates applications with network elements to determine how problems in either group affect each other. Faults occurring at the service level usually signify problems at the network or node levels [9, 10]. Some network-management tools offer capabilities to associate symptoms with problems. These tools rely on accurate relationship information that conveys application dependencies on other elements. 4. Root cause analysis. It is often the case that many network managers don’t have the time to exhaustively research each problem and identify root cause. Most spend much of their time putting out fires. Root cause analysis, if approached properly, can help minimize the time to pinpoint cause. It goes without saying that merely putting out the fire will not guarantee that it will happen again. Root cause analysis is designed to identify the nature, location, and origin of a problem so that it can be corrected and prevented 12.4 Problem Resolution 329 from reoccurring. It is unlike correlation, which refers to associating events to identify symptoms, root cause analysis attempts to identify the single point of failure. Root cause analysis software tools are available to help automate the process [11]. The process is actually quite simple: • Collect and analyze the information. This means collect all of the valid and correlated symptoms from the previous steps. Information should include: – Events and values of metrics at the time of failure; – How events or metrics changed from their normal operating or historical behavior; – Any additional information about the network; in particular, any recent changes in equipment or software. • Enumerate the possible causes. The process of elimination works well to narrow down the potential causes to a few. Although many causes result mainly from problems in design, specification, quality, human error, or adherence to standards, such problems are not easily or readily correctable. A cause in many cases may be broken down into a series of causes and should be identified by the location, extent, and condition causing the problem. • Test the cause. If possible, once a probable cause is identified, testing the cause to obtain the symptoms can validate the analysis and provide com - fort that a corrective action will mitigate the problem. This might involve performing nondisruptive tests in a lab or simulated environment. Testing the cause is usually a luxury and cannot always be easily performed. 5. Corrective action. A recommendation for corrective action should then be made. It is always wise to inform customers or client organizations of the root cause and corrective action. (Contrary to what many may think, this reflects positively on network management and their ability to resolve problems.) Corrective action amounts to identifying the corrective procedures and developing an action plan to execute them. When implementing the plan, each step should be followed by a test to see that the expected result was achieved. It is important to document results along the way, as users may become affected by the changes. Having a formal process that notes what was changed will avoid addressing these effects as new problems arise. 330 Network Management for Continuity Node event Node event Node event Node event Node event Node event Local network Local network Core network Application Service level Network level Nodal level Figure 12.2 Event correlation at different levels. The results of the analysis should be kept in a log for future reference. If the same problem reappears at a later time, a recovery procedure is now available. It is often wise to track the most common problems over time, as they can often point to defects in a network design or help in planning upgrades. One will find that some of the most common problems fall into the following categories: • Memory. Inadequate memory is often the culprit for poor system performance and outages. When memory is exhausted, a system will tend to swap content in and out from disk, degrading system performance. This can often mislead one to believe that the problem lies in another area, such as inadequate band - width or a database problem. • Database. Bona fide database problems usually materialize from poorly struc - tured queries and applications, rather than system problems. • Hardware. A well-designed software application can still be at the mercy of poorly designed hardware. A hardware component can fail at any time. Pre - ventive maintenance and spares should be maintained for those components with high failure expectancy. • Network. A bottleneck in a network can render any application or service use- less. Bottlenecks are attributed to inadequate network planning. 12.5 Restoration Management Restoration management is the process of how to manage a service interruption. It involves coordination between non-IT and IT activities. Restoration management allocates the resources required to restore a network to an operational state. This means restoring those portions of the network that were impacted by an out- age. Restoration is that point where a network continues to provide operation, not necessarily in the same way it did prior to the outage but in a manner that is satisfac - tory to users. It is important to note that an IT environment can restore operation even if a problem has not been fixed. Once the network provides service it is restored, the remaining activities do not necessarily contribute to the overall resto - ration time. This point is paramount to the understanding of mission critical—a network is less likely to restore service the longer it is out of service. Restoration management can involve simultaneously coordinating and prioritizing contingency and several recovery efforts, with service restoration as the goal. The following are several steps that can be taken to manage a restoration effort: 1. Containment. When an outage has occurred, the first step is to neutralize it with the objective of minimizing the disruption as much as possible. Some refer to this stage as incident management. Regardless of what it is called, the appropriate problem resolution and recovery efforts should be put in motion. Efforts may involve hardware, communications, applications, systems, or data recovery activities. A determination should be made as to the severity level of the problem. There is no real standard for severity levels—a firm should use what works best. For each level, a list 12.5 Restoration Management 331 of procedures should be defined. These should identify the appropriate failover, contingency, recovery, and resumption procedures required to restore service. Instantaneous restoration is a job well done. Today’s enterprise networks are deeply intertwined with other net - works, typically those of customers, suppliers, or partners. Consequently, their plans should become relevant when a planning a restoration process. The tighter the level of integration, the more relevant their plans become. At this stage, it is important to identify all affected or potentially affected parties of an outage, including those external to the organization. 2. Contingency. When a problem occurs, a portion of a network has to be isolated for recovery. A firm must switch to a backup mechanism to continue to provide service. This could well be a hot or mirrored site, another cluster server, service provider, or even a manual procedure. Much discussion in this book is devoted to establishing redundancy and protection mechanisms in various portions of a network with goal of providing continuous service. Redundancy at the component level (e.g., hardware component, switch, router, or power supply), network level (e.g., physical/ logical link, automatic reroute, protection switching, congestion control, or hot site), and service level (e.g., application, systems, or processes) should in some way provide a contingency to fall upon while recovery efforts are in motion. 3. Notification. This is the process that reports the event to key stakeholders. This includes users, suppliers, and business partners. A determination should be made if stakeholders should be notified in the first place. Sometimes such notifications are made out of policy or embedded in service level agreements. A stakeholder should be notified if the outage can potentially affect their operation, or their actions can potentially affect successful service restoration. For an enterprise, the worst that can happen is for stakeholders to learn of an outage from somewhere else. 4. Repair. Repair is the process of applying the corrective actions. These can range from replacing a defective component to applying a software fix or configuration change. The repair step is the most critical portion of the process. It involves implementing the steps outlined in the previous section. It is also a point where errors can create greater problems. Whatever is being repaired, hot replacement should be avoided. This is the practice of applying a change while in service or immediately placing it into service. Instead, the changed item should be gradually placed in service and not be committed to production mode immediately. The component should be allowed to share some load and be evaluated to determine its adequacy for production. If incorrect judgment is made that a fix will work, chances are the repaired component will fail again. Availability of spares or personnel to repair the problem is implicit in the repair process. 5. Resumption. Resumption is the process of synchronizing a repaired item with other resources and operations and committing it to production. This process might involve restoring data and reprocessing backlogged transactions to roll forward to the current point in time (PIT). 332 Network Management for Continuity 12.6 Carrier/Supplier Management Suppliers—equipment manufacturers, software vendors, or network service provid - ers—are a fundamental component to the operation of any IT environment. The more suppliers that one depends on, the greater the number of problems that are likely to occur. In this respect, they should be viewed almost as a network compo - nent or resource. For this reason, dependency on individual suppliers should be kept to a minimum. This means that they should be used only if they can do something better and more cost effectively. It also means that organizations should educate their suppliers and service providers about their operational procedures in the event they need to be engaged during a critical situation. Organizations should take several steps when evaluating a service provider’s competence, particularly for emergency preparedness. Their business, outage, com - plaint, response, and restoration history should be reviewed. They should also be evaluated for their ability to handle mass calling in the event a major incident has taken place. A major incident will affect many companies and competing providers. Access to their key technical personnel is of prime importance during these situa - tions. Providers should also have the mechanisms in place to easily track and esti - mate problem resolution. When dealing with either service providers or equipment suppliers, it is a good idea to obtain a copy of their outage response plans. It is quite often the case that redundant carriers meet somewhere downstream in a network, resulting in a single point of failure. If a major disaster wipes out a key POP or operating location, one may run the risk of extended service interruption. With respect to carriers, plans and procedures related to the following areas should be obtained: incident management, service-level management, availability management, change management, configu- ration management, capacity management, and problem management. A good barometer for evaluating a service provider’s capabilities is its financial stability. A provider’s balance sheet usually can provide clues regarding its service history, ubiquity, availability, levels of redundancy, market size, and service part - nerships—all of which contribute to its ability to respond when needed. In recent years, insolvency is quite prevalent, so this knowledge will also indicate if their demise is imminent. Whenever possible, clauses should be embedded within service level agreements (SLAs) to address these issues. A determination has to be made as to what level of support to purchase from a supplier. Many suppliers have many different types of plans, with the best usually being 24 x 7 dedicated access. A basic rule to follow is to buy the service that will best protect the most critical portions of an operation—those that are most impor - tant to the business or those that are potential single points of failure. Some protective precautions should be taken when using suppliers. Turnover in suppliers and technology warrants avoiding contracts longer than a year. For criti - cal services, it is wise to retain redundant suppliers and understand what their strengths and weaknesses are. Contract terms with a secondary supplier can be agreed upon, but activated only when needed to save money. In working with carri - ers, it is important to realize that they are usually hesitant to respond to network problems that they feel are not theirs. A problem-reporting mechanism with the car - rier should be established up front. There should be an understanding of what 12.6 Carrier/Supplier Management 333 circumstances will draw the carrier’s immediate attention. Although such mecha - nisms are spelled out in a service contract, they are often not executed in the same fashion. 12.7 Traffic Management Traffic management is fast becoming a discrete task for network managers. Good traffic management results in cost-effective use of bandwidth and resources. This requires striking a balance between a decentralized reliance on expensive, high- performance switching/routing and centralized network traffic management. As diversity in traffic streams grows, so does complexity in the traffic management required to sustain service levels on a shared network. 12.7.1 Classifying Traffic Traffic management boils down to the problem of how to manage network capacity so that traffic service levels are maintained. The first step in managing traffic is to prioritize traffic streams and decide which users or applications can use designated bandwidth and resources throughout the network. Some level of bandwidth guaran- tee for higher priority traffic should be assured. This guarantee could vary in differ- ent portions of the network. Traffic classification identifies what’s running on a network. Criteria should be established as to how traffic should be differentiated. Some examples of classifica- tion criteria are: • Application type (e.g., voice/video, e-mail, file transfer, virtual private net- work [VPN]); • Application (specific names); • Service type (e.g., banking service or retail service); • Protocol type (e.g., IP, SNMP, or SMTP); • Subnet; • Internet; • Browser; • User type (e.g., user login/address, management category, or customer); • Transaction type (primary/secondary); • Network paths used (e.g., user, LAN, edge, or WAN backbone); • Streamed/nonstreamed. Those classes having the most demanding and important traffic types should be identified. Priority levels that work best for an organization should be used—low, medium, and high can work fairly well. Important network traffic should have pri - ority over noncritical traffic. Many times, noncritical traffic such as file transfer pro - tocol (FTP) and Web browsing can consume more bandwidth. The distributed management task force (DMTF) directory-enabled networking (DEN) specifications provide standards for using a directory service to apply policies 334 Network Management for Continuity for accessing network resources [12]. The following is a list of network traffic pri - orities with 7 being the highest: • Class 7—network management traffic; • Class 6—voice traffic with less than 10 ms latency; • Class 5—video traffic with less than 100 ms latency; • Class 4—mission-critical business applications such as customer relationship management (CRM); • Class 3—extra-effort traffic, including executives’ and super users’ file, print, and e-mail services; • Class 2—reserved for future use; • Class 1—background traffic such as server backups and other bulk data transfers; • Class 0—best-effort traffic (the default) such as a user’s file, print, and e-mail services. 12.7.2 Traffic Control For each traffic class, the average and peak traffic performance levels should be identified. Table 12.1 illustrates an approach to identify key application and traffic service parameters. The clients, servers, and network segments used by the traffic, should also be identified if known. This will aid in tracking response times and iden- tifying those elements that contribute to slow performance. Time-of-day critical traffic should be identified where possible. A table such as this could provide the requirements that will dictate traffic planning and traffic control policies. This table is by no means complete. A typical large enterprise might have numerous applications. Distinguishing the most important traffic types having spe- cial requirements will usually account for more than half of the total traffic. 12.7 Traffic Management 335 Table 12.1 Application Classification Example Application Host Location(s) Type Traffic Class Priority Bandwidth (G = Guaranteed; B= Best Effort) Delay Availability Access Locations (Users) Emt 1.1.2 ch01 at01 ny01 ERP 4 H 1 Mbps (G) 40 ms 99.99% CH (40); AT (20); NY (100) Ora 3.2 ny01 DBMS 4 H 1 Mbps (G) 25 ms 99.99% CH (40); AT (20); NY (100) User ch01 at01 ny01 Miscellaneous 0 M 4 Mbps (B) 100 ms 99.5% CH (40); AT (20); NY (100) Gra 2.1 Ny01 Web site 2 M 1 Mbps (Peak) 56 Kbps (Min) 150 ms 99.5% CH (40); AT (20); NY (100); Internet Additional information can be included in the table as well, such as time of day, pro - tocol, special treatment, and budget requirements. Tables such as this provide the foundation for network design. McCabe [13] provides an excellent methodology for taking such information and using it to design networks. Traffic surges or spikes will require a dynamic adjustment so that high-priority traffic is preserved at the expense of lower priority traffic. A determination should be made as to whether lower priority traffic can tolerate both latency and packet loss if necessary. Minimum bandwidth or resources per application should be assigned. An example is streamed voice, which although not bandwidth intensive, requires sustained bandwidth utilization and latency during a session. Overprovisioning a network in key places, although expensive, can help miti - gate bottlenecks and single points of failure when spikes occur. These places are typically the edge and backbone segments of the network, where traffic can accumu - late. However, because data traffic tries to consume assigned bandwidth, simply throwing bandwidth at these locations may not suffice. Intelligence to the backbone network and at the network edge is required. Links having limited bandwidth will require controls in place to make sure that higher priority traffic will get through when competing with other lower priority traffic for bandwidth and switch resources. Such controls are discussed further in this chapter. Network traffic can peak periodically, creating network slowdowns. A consis- tent network slowdown is indicative of a bottleneck. Traffic spikes are not the only cause of bottlenecks. Growth in users, high-performance servers and switch connec- tions, Internet use, multimedia applications, and e-commerce all contribute to bot- tlenecks. Classic traffic theory says that throttling traffic will sustain the performance of a network or system to a certain point. Thus, when confronted with a bottleneck, traffic control should focus on who gets throttled, when, and for how long. Traffic shaping or rate-limiting tools use techniques to alleviate bottlenecks. These are discussed further in Section 12.7.3.1. 12.7.3 Congestion Management Congestion management requires balancing a variety of things in order to control and mitigate the congestion. Congestion occurs when network resources, such as a switch or server, are not performing as expected, or an unanticipated surge in traffic has taken place. The first and foremost task in congestion management is to under - stand the length and frequency of the congestion. Congestion that is short in dura - tion can be somewhat controlled by switch or server queuing mechanisms and random-discard techniques. Many devices have mechanisms to detect congestion and act accordingly. Congestion that is longer in duration will likely require more proactive involvement, using techniques such as traffic shaping. If such techniques prove ineffective, then it could signal the need for a switch, server or bandwidth upgrade, network redesign, path diversity, or load control techniques, such as load balancing. Second, the location of the congestion needs to be identified. Traffic bottlenecks typically occur at the edge, access, or backbone portions of a network—points where traffic is aggregated. They can also occur at devices such as servers and switches. This is why throwing bandwidth at a problem doesn’t necessarily resolve it. Latency is caused by delay and congestion at the aggregation points. Throwing 336 Network Management for Continuity [...]... “Demystifying Capacity Planning, ” Network World, October 29, 2001, p 28 [17] Yasin, R., “Software that Sees the Future,” Internet Week, No 827, September 4, 2000, pp 1, 60 [18] Ashwood-Smith, P., B Jamoussi, , and D Fedyk, “MPLS: A Progress Report,” Network Magazine, November 199 9, pp 96 –102 [ 19] Xiao, X., et al., “Traffic Engineering with MPLS,” America’s Network, November 15, 199 9, pp 32–38 [20] Sudan,... Vulnerability,” Network Magazine, May 2002, p 76 [8] Cooper, A., Network Probes Provide In-Depth Data,” Network World, July 3, 2000, p 41 [9] Freitas, R., “Event Correlation From Myth to Reality,” Network World, October 25, 199 9, pp 65–66 [10] Dubie, D., “Probe Gives User Better Handle on WAN,” Network World, October 29, 2001, pp 2–26 [11] Drogseth, D “Digging for the Root Cause of Network Problems,” Network. .. the Internet, July 199 9 [25] Miller, M A., “How’s Your Net Working?” Infoworld—Enterprise Connections: The Networking Series, Part 7, 199 9, pp 3–7 [26] Jacobson, V., “Congestion Control and Avoidance,” ACM Computer Communication Review: Proceedings of the Sigcomm ‘88 Symposium in Stanford, CA, August 198 8 [27] Khan, M., Network Management: Don’t Let Unruly Internet Apps Bring Your Network Down,” Communication... 54–56 [ 29] Parrish, S J., “Regular or Premium: What Are You Buying,” Phone+, February 2002, pp 48, 65 [30] Boardman, B., “Orchestream Conducts PBNM with Precision,” Network Computing, January 21, 2002, pp 41– 49 [31] Saperia, J., “IETF Wrangles over Policy Definitions,” Network Computing, January 21, 2002, p 38 [32] Conover, J., “Policy Based Network Management,” Network Computing, November 29, 199 9, pp... Network Problems,” Network Magazine, May 2002, pp 96 –100 [12] Connolly, P J., “Boost Your Bandwidth Efficiency,” Infoworld, March 27, 2000, p 41 [13] McCabe, J D., Practical Computer Network Analysis and Design, San Francisco, CA: Morgan Kaufmann, 199 8 [14] Davis, K., “Traffic Shapers Ease WAN Congestion,” Network World, April 22, 2002, p 49 [15] Browning, T., Planning Ahead,” Enterprise Systems Journal,... creating the appropriate response mechanisms In a mission-critical network, the ultimate network management goal is to ensure reliable and optimal service for the amount of money invested References [1] Angner, R., “Migration Patterns,” America’s Network, May 1, 2002, pp 51–52 [2] Llana, A., “Real Time Network Management,” Enterprise Systems Journal, April 199 8, pp 20–27 [3] Wilson, T., “B2B Apps Prone... to QoS, capacity planning is required to identify and reserve the bandwidth required to support these services 12.10 Policy-Based Network Management Policy-based network management (PBNM) is the term describing a class of approaches designed to centrally classify, prioritize, and control traffic in a network A network manager establishes a set of rules or policies that dictate how network resources... of network topology SNMP is a widely use standard in network management Many network management tools employ SNMP agents—software processes that run on network components and collect and report status information Proactive agents can identify and correct problems before they even occur Because SNMP commands are issued in band over a production network, their effectiveness is prone to the very same network. .. the previously mentioned capacityplanning tools, SLM tools allow firms to proactively provision a service from end to 342 Network Management for Continuity end in an existing network They also provide some of the reactive features that respond to network events The better SLM tools offer detailed monitoring in addition to the service level They can monitor a variety of network elements, including servers,... level objectives Network changes should be done in phases New features, applications, systems, and locations should be added gradually, versus all at once Improper 356 Network Management for Continuity modifications of system configurations are often the blame for many network outages The potential impact of any change should be well understood and documented prior to making the change Network managers . Mbps (G) 40 ms 99 .99 % CH (40); AT (20); NY (100) Ora 3.2 ny01 DBMS 4 H 1 Mbps (G) 25 ms 99 .99 % CH (40); AT (20); NY (100) User ch01 at01 ny01 Miscellaneous 0 M 4 Mbps (B) 100 ms 99 .5% CH (40);. problems arise. 330 Network Management for Continuity Node event Node event Node event Node event Node event Node event Local network Local network Core network Application Service level Network level Nodal. components with high failure expectancy. • Network. A bottleneck in a network can render any application or service use- less. Bottlenecks are attributed to inadequate network planning. 12.5 Restoration Management Restoration