Chapter Chapter Basic Foundations: Standards, Models, and Language And Chapter 13 Network Management Applications Network Management: Principles and Practice © Mani Subramanian 2000 Chapter Introduction • Standards • Standards organizations • Protocol standards of transport layers • Protocol standards of management (application) layer • Management Models • Language Notes Network Management: Principles and Practice © Mani Subramanian 2000 Chapter 3 Network Management: Principles and Practice © Mani Subramanian 2000 Chapter OSI NM Architecture and Model Network Mangement Organization Model Information Model Communication Model Functional Model Figure 3.1 OSl Network Management Model Notes • Organization model • Network management components • object, agent, and manager • Functions of components • Relationships • Information model • Structure of management information (SMI) • Syntax and semantics • Management information base (MIB) • Organization of management information • Object-oriented Network Management: Principles and Practice © Mani Subramanian 2000 Chapter OSI NM Architecture and Model Network Mangement Organization Model Information Model Communication Model Functional Model Figure 3.1 OSl Network Management Model Notes • Communication model • Transfer syntax with bi-directional messages • M-SET, M-GET • Transfer structure (PDU) • Functional model – User oriented requirements of NM • Application functions (Covered in chapter 13) • Configure components (CM) • Monitor components (FM) • Measure performance (PM) • Secure information (SM) • Usage accounting (AM) Network Management: Principles and Practice © Mani Subramanian 2000 Chapter SNMP Architecture and Model (Not defined explicitly) Network Mangement Organization Model Information Model Communication Model Functional Model Figure 3.1 OSl Network Management Model Notes • Organization model • Same as OSI model • Information model • Same as OSI, but scalar •Communication model • Messages less complex than OSI and unidirectional (request, response) • Transfer structure (PDU) • Functional model • Application functions in terms of • Operations (get, set) • Administration – who has access to what • Security – community-based Network Management: Principles and Practice © Mani Subramanian 2000 Chapter TMN Architecture • Addresses management of telecommunication networks • Based on OSI model • Superstructure on OSI network • Addresses network, service, and business management • See chapter 11 for more details Network Management: Principles and Practice © Mani Subramanian 2000 Chapter 11 Example (NMF) TMN Logical Layered Architecture Business Management Physical Realization of TMN Architecture Customer Service Management q3 Ref Point Q3 Service Details Service Management q3 Ref Point Service Mgmt Tarif /Charging Service Mgmt Provisioning Service Configuration Network Management q3 Ref Point Net Mgmt Routing Admin Net Element Cust Admin Service Mgmt Other Q3 Serviceimpacting Events Net Mgmt Traffic Admin Equipment Configuration Element Management Performance and Billing Data Net Mgmt Restoration Q3 Equipment Alarms Net Element Trans Eqpt Mgmt Net Element Switch Mgmt Figure 11.14 TMN Realization Example (NMF) Network Management: Principles and Practice © Mani Subramanian 2000 Chapter Organization Model • Manager • Manages the managed elements • Sends requests to agents, retrieves management information & stores it in MDB • Monitors alarms – unsolicited traps/notifications from agents • Houses applications, e.g., CM, FM, etc • Provides user interface, e.g., HPOpenview • Agent • Gathers information from objects – get • Configures parameters of objects – set • Responds to managers’ requests – response • Generates alarms and sends them to managers (unsolicited) – trap • Managed object • Network element that is managed, e.g., hubs, bridges, etc • Houses management agent – process running • All objects are either not managed or manageable (more expensive) Network Management: Principles and Practice © Mani Subramanian 2000 Chapter Two-Tier Model Manager MDB Managed objects Unmanaged objects MDB Management Database Agent process Figure 3.2 Two-Tier Network Mangement Organization Model Notes • Agent built into network element Example: Managed hub, managed router • A manager can manage multiple elements Example: Switched hub, ATM switch • MDB is a physical database • Unmanaged objects are network elements that are not managed - both physical (unmanaged hub) and logical (passive elements) 10 Network Management: Principles and Practice © Mani Subramanian 2000 Chapter 13 Network Provisioning (Configuration Management) • Provisioning of network resources • Design • Installation and maintenance • Circuit provisioning in telephone industry • Circuit-switched network • Automated process • Provisioning for packet-switched network based on: • Performance statistics • QoS requirements • Example: Provisioning of links is based on average and peak demands • ATM networks • Permanent virtual circuit (PVC) • Switched virtual circuit (SVC) Notes 56 Network Management: Principles and Practice © Mani Subramanian 2000 Chapter 13 Inventory Management (Configuration Management) • Inventory Management of: • Equipment • Facilities • Efficient Database system: • Indices and keys for easy access and search • Characteristics of components • Status of components Notes 57 Network Management: Principles and Practice © Mani Subramanian 2000 Chapter 13 Network Topology (Configuration Management) • Manual • Filter parameters → impose constraints • Auto-discovery by NMS using • Broadcast ping • ARP table in devices (e.g., local router) • Mapping of network • Layout • Layering • Views • Physical • Logical Notes 58 Network Management: Principles and Practice © Mani Subramanian 2000 Chapter 13 Traditional LAN Configuration Hub Port A Segment A A1 A2 Router Port B Segment B B1 Hub B2 Figure 13.2 LAN Physical Configuration A1 A2 Segment A / Hub Router Segment B / Hub B1 B2 Figure 13.3 Logical Configuration of Two LAN Segments Notes • One-to-one mapping between physical and logical configuration 59 Network Management: Principles and Practice © Mani Subramanian 2000 Chapter 13 Virtual LAN Configuration Hub Segment A A1 Router B1 Segment B Port A / Segment A Port A / Segment B Segment A Switch A2 Segment B Hub B2 Figure 13.4 VLAN Physical Configuration A1 (Hub 1) A2 (Hub 2) Segment A / Hub & Router switch Segment B / Hub & B1 (Hub 1) B2 (Hub 2) Figure 13.5 Logical Configuration of Two VLAN Segments Notes • Physical and logical configurations different • Physical location obtained from System group 60 Network Management: Principles and Practice © Mani Subramanian 2000 Chapter 13 Fault Management • Fault is a failure of a network component • Results in loss of connectivity • Fault management involves a 5-step process: Fault detection • Polling • Traps: linkDown, egpNeighborLoss Fault location • Detect all components that failed and trace down the tree topology to where the problem starts Restoration of service (has higher priority) Fault isolation • Identification of root cause of the problem • Fault isolation by network and SNMP tools to determine source of problem → Trouble ticket generated • Use artificial intelligence / correlation techniques Problem resolution → Trouble ticket closed 61 Network Management: Principles and Practice © Mani Subramanian 2000 Chapter 13 Performance Management • Tools • Performance Metrics • Data Monitoring (e.g., RMON) • Problem Isolation (process similar to FM) • Performance Statistics Notes • Tools: • Protocol analyzers • RMON • MRTG 62 Network Management: Principles and Practice © Mani Subramanian 2000 Chapter 13 Performance Metrics • Macro-level • Throughput • Response time • Availability • Reliability • Micro-level • Bandwidth • Utilization • Error rate • Peak load • Average load Notes • Macro-level parameters can be defined in terms of micro-level parameters • Response time depends on both network and system performance 63 Network Management: Principles and Practice © Mani Subramanian 2000 Chapter 13 Data Monitoring and Problem Isolation • Data monitoring • Normal behavior • Abnormal behavior (e.g., excessive collisions, high packet loss, etc) • Set up traps (e.g., parameters in alarm group in RMON on object identifier of interest) • Set up alarms for criticality • Manual and automatic clearing of alarms • Problem isolation • Manual mode using network and SNMP tools • Problems in multiple components needs tracking down the topology • Automated mode using correlation technology Notes 64 Network Management: Principles and Practice © Mani Subramanian 2000 Chapter 13 Performance Statistics • Traffic statistics • Error statistics • Used in • QoS tracking • Performance tuning • Validation of SLA • Trend analysis • Facility planning • Functional accounting Notes • Statistics require large amount of data sampling → overhead traffic on the network • One solution is RMON → Collecting statistical data is done locally → Improves overall network performance 65 Network Management: Principles and Practice © Mani Subramanian 2000 Chapter 13 Security Management • Security threats • Policies and Procedures • Resources to prevent security breaches • Firewalls • Cryptography • Authentication and Authorization • Client/Server authentication system • Message transfer security • Network protection security Notes 66 Network Management: Principles and Practice © Mani Subramanian 2000 Chapter Security Threats (RFC 3414) Modif ication of information Masquerade Message stream modif ication Management Entity A Management Entity B Disclosure Figure 7.10 Security Threats to Management Information Notes • Modification of information: Contents modified by unauthorized user, does not include address change • Masquerade: change of originating address by unauthorized user • Message Stream Modification: Fragments of message altered by an unauthorized user to modify the meaning of the message • Disclosure: is eavesdropping This does not require interception of message • Denial of service and traffic analysis are not considered as threats 67 Network Management: Principles and Practice © Mani Subramanian 2000 Chapter 13 Security Threats Modif ication of information Masquerade Message stream modif ication Management Entity A Management Entity B Disclosure Figure 7.10 Security Threats to Management Information Notes • SNMPv3 addressed security threats using USM (user-based security model) • USM has two modules: • Authentication module • Data integrity • Data origin • Privacy module • Data confidentiality • Message timeliness • Message protection 68 Network Management: Principles and Practice © Mani Subramanian 2000 Chapter 13 Policies and Procedures Basic guidelines to set up policies and procedures: Identify what you are trying to protect Determine what you are trying to protect it from Determine how likely the threats are Implement measures, which will protect your assets in a cost-effective manner Review the process continuously and make improvements to each item if a weakness is found Notes • References: • Formal statement of rules for protecting organization’s technology and assets (RFC 2196) • Introduction to Firewalls (NIST) • Orange Book by National Computer Security Center (NCSC) rates computers based on security design features 69 Network Management: Principles and Practice © Mani Subramanian 2000 Chapter 13 Accounting Management • Least developed • Usage of resources • Hidden cost of IT usage • Functional accounting • Business application Notes 70 Network Management: Principles and Practice © Mani Subramanian 2000 [...]... Protocols Network Agent Network Agent Network Agent Network Agent Network Objects Network Objects Network Objects Network Objects Objects Vendor A Objects Application Services Management Protocol Objects Vendor B Objects Transport Protocols (b) Services and Protocols Figure 1.23 Network Management Dumbbell Architecture Notes • Message exchange between NMSs managing different domains 14 Network Management: ... managed 21 Network Management: Principles and Practice © Mani Subramanian 2000 Chapter 3 Management Information Tree Root Level 1 Level 2 Level 3 Figure 3.7 Generic Representation of Management Information Tree Notes 22 Network Management: Principles and Practice © Mani Subramanian 2000 Chapter 3 OSI Management Information Tree itu 0 iso 1 iso-itu 2 org 3 dod 6 internet 1 Figure 3.8 OSI Management. .. NMS Figure 3.5 Dual Role of Management Process Notes • NMSs configured in a peer-to-peer relationship • Network management system acts as peers • Dual role of both NMSs • Example: Two network service providers exchange Management information • Dumbbell architecture discussed in Chapter 1 • Notice that the manager and agent functions are processes and not systems 13 Network Management: Principles and... perceives is the MIB view • The operation that a user can perform is the MIB access Notes 19 Network Management: Principles and Practice © Mani Subramanian 2000 Chapter 3 Management Data Base / Information Base Manager MDB MIB MDB Management Database MIB Management Information Base Agent process Managed objects Figure 3.6 Network Configuration with Data and Information Base Notes • Distinction between MDB... Notes • Management information model = objects representation (SMI) + management information of objects (MIB) • SMI defines the syntax & semantics of management information stored in the MIB • Information model specifies the information base to describe managed objects and their relationships (i.e., MIB) 15 Network Management: Principles and Practice © Mani Subramanian 2000 Chapter 3 Structure of Management. .. into management software (for processes to exchange information) • An NMS can automatically discover a managed object, such as a hub, when added to the network • The NMS can identify the new object as hub only after the MIB schema of the hub is compiled into NMS software 20 Network Management: Principles and Practice © Mani Subramanian 2000 Chapter 3 Managed Object • Managed objects can be • Network. .. objects MDB Management Database Agent process Figure 3.3 Three-Tier Network Mangement Organization Model Notes • Middle layer plays the dual role • Agent to the top-level manager • Manager to the managed objects - e.g., collects data • Example of middle level: Remote monitoring agent (RMON) • Examples: • Statistical measurement on a network • Local site passes information to a remote site 11 Network Management: ... Managed objects Agent NMS MoM Manager of Managers MDB Management Database Agent Manager Agent process Figure 3.4 Network Mangement Organization Model with MoM Notes • Agent NMS manages the domain • MoM presents integrated view of domains • Domain may be geographical (cities), administrative (departments), vendor-specific products (Cisco), etc 12 Network Management: Principles and Practice © Mani Subramanian... mandatory Notes • Uses ASN.1: Abstract Syntax Notation One • See RFC 1155: • Section 4 Managed objects • Section 4.3 Macros 16 Network Management: Principles and Practice © Mani Subramanian 2000 Chapter 3 Management Information Base (MIB) • Used by manager & agents to store & exchange management information • Information base contains information about objects • Organized by grouping of related objects (e.g.,... NOT a physical database It is a virtual database that is compiled into management module Notes • The agent MIB is used for accessing local information requested by the manager, and sending a response back • The manager MIB is used for accessing information on all network components the manager manages • See RFC 1213 17 Network Management: Principles and Practice © Mani Subramanian 2000 Chapter 3 Information ... Protocol standards of management (application) layer • Management Models • Language Notes Network Management: Principles and Practice © Mani Subramanian 2000 Chapter 3 Network Management: Principles... Agent Network Agent Network Agent Network Agent Network Objects Network Objects Network Objects Network Objects Objects Vendor A Objects Application Services Management Protocol Objects Vendor... model • Structure of management information (SMI) • Syntax and semantics • Management information base (MIB) • Organization of management information • Object-oriented Network Management: Principles