Network Management: Accounting and Performance Strategies by Benoit Claise - CCIE No 2686; Ralf Wolter Publisher: Cisco Press Pub Date: June 20, 2007 Print ISBN-10: 1-58705-198-2 Print ISBN-13: 978-1-58705-198-2 Pages: 672 Table of Contents | Index Overview Network Management: Accounting and Performance Strategies The definitive guide to collecting usage information from Cisco networks Benoit Claise, CCIÊ® No 2868 Ralf Wolter Understanding network performance and effectiveness is now crucial to business success To ensure user satisfaction, both service providers and enterprise IT teams must provide servicelevel agreements (SLA) to the users of their networksâand then consistently deliver on those commitments Now, two of the Cisco® leading network performance and accounting experts bring together all the knowledge network professionals need to do so Network Management: Accounting and Performance Strategies imparts a deep understanding of Cisco IOS® embedded management for monitoring and optimizing performance, together with proven best strategies for both accounting and performance management Benoit Claise and Ralf Wolter begin by introducing the role of accounting and performance management in today's large-scale data and voice networks They present widely accepted performance standards and definitions, along with today's best practice methodologies for data collection Next, they turn to Cisco devices and the Cisco IOS Software, illuminating embedded management and device instrumentation features that enable you to thoroughly characterize performance, plan network enhancements, and anticipate potential problems and prevent them Network standards, technologies, and Cisco solutions covered in depth include Simple Network Management Protocol (SNMP) and Management Information Bases (MIB), Remote Monitoring (RMON), IP accounting, NetFlow, BGP policy accounting, AAA Accounting, Network Based Application Recognition (NBAR), and IP SLA (formerly known as SAA) For each, the authors present practical examples and hands-on techniques The book concludes with chapter-length scenarios that walk you through accounting and performance management for five different applications: data network monitoring, capacity planning, billing, security, and voice network performance Network Management: Accounting and Performance Strategies will be indispensable to every professional concerned with network performance, effectiveness, or profitability, especially NMS/OSS architects, network and service designers, network administrators, and anyone responsible for network accounting or billing Benoit Claise, CCIÊ® No 2868, is a Cisco Distinguished Engineer working as an architect for embedded management and device instrumentation His area of expertise includes accounting, performance, and fault management Claise is a contributor to the NetFlow standardization at the IETF in the IPFIX and PSAMP Working Groups He joined Cisco in 1996 as a customer support engineer in the Technical Assistance Center network management team and became an escalation engineer before joining the engineering team Ralf Wolter is a senior manager, consulting engineering at Cisco He leads the Cisco Core and NMS/OSS consulting team for Europe, works closely with corporate engineering, and supports large-scale customer projects He specializes in device instrumentation related to accounting and performance management Compare accounting methods and choose the best approach for you Apply network performance best practices to your network Leverage built-in Cisco IOS network management system components to quantify performance Uncover trends in performance statistics to help avoid service degradation before it occurs Identify under use of network paths, so you can improve overall network efficiency Walk through hands-on case studies that address monitoring, capacity planning, billing, security, and voice networks Understand Cisco network performance, deliver on your SLAs, and improve accounting and billing This book is part of the Networking Technology Series from Cisco Press®, which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers Network Management: Accounting and Performance Strategies by Benoit Claise - CCIE No 2686; Ralf Wolter Publisher: Cisco Press Pub Date: June 20, 2007 Print ISBN-10: 1-58705-198-2 Print ISBN-13: 978-1-58705-198-2 Pages: 672 Table of Contents | Index Copyright About the Authors About the Technical Reviewers Acknowledgments Icons Used in This Book Command Syntax Conventions Introduction Part I: Data Collection and Methodology Standards Chapter 1 Understanding the Need for Accounting and Performance Management Definitions and the Relationship Between Accounting and Performance Management The Purposes of Accounting Purposes of Performance Applying the Information to the Business Summary Chapter 2 Data Collection Methodology Data Collection Details: What to Collect Defining the User Metering Methods: How to Collect Data Records Metering Positions: Where to Collect Data Records Collection Infrastructure: How to Collect Data Records Mediation Device Functionality: How to Process Data Records Security Considerations: How to Ensure Data Authenticity and Integrity Summary Chapter 3 Accounting and Performance Standards and Definitions Understanding Standards and Standards Organizations Architectural and Framework Standards: The TMN/FCAPS Model (ITU-T) Architectural and Framework Standards: the eTOM Model (TMF) Informational IETF Standards Information Modeling Data Collection Protocols: SNMP, SMI, and MIB Data Collection Protocols: NetFlow Version 9 and IPFIX Export Protocols Data Collection Protocols: PSAMP Data Collection Protocols: AAA (RADIUS, Diameter, and TACACS+) Data Collection Protocols: IPDR Data Collection Protocols: CMISE/CMIP and GDMO Service Notions Summary Part II: Implementations on the Cisco Devices Chapter 4 SNMP and MIBs MIBs IOS Support for SNMP Versions net-snmp Utilities CLI Operations and Configuration Example for SNMPv2c CLI Operations and Configuration Examples for SNMPv3 MIB Table Retrieval Example MIB Functional Area Comparison Table General-Purpose MIBs for Accounting and Performance Advanced Device Instrumentation Technology-Specific MIBs for Accounting and Performance Creating New MIB Objects: EXPRESSION-MIB Obtaining MIBs Chapter 5 RMON RMON 1 and RMON 2 MIBs DSMON MIB SMON MIB APM MIB and ART MIB Applicability Further Reading Chapter 6 IP Accounting IP Accounting (Layer 3) IP Accounting Access Control List (ACL) IP Accounting MAC Address IP Accounting Precedence Applicability Chapter 7 NetFlow Fundamentals of NetFlow CLI Operations SNMP Operations with the NETFLOW-MIB Example: NetFlow Version 5 on a Router Example: NetFlow Configuration on the Catalyst Example: NetFlow Version 8 Example: NetFlow Version 9 New Features Supported with NetFlow Version 9 Deployment Guidelines Supported Devices and IOS Versions Chapter 8 BGP Policy Accounting Input BGP Policy Accounting Output BGP Policy Accounting Summary of All Four BGP Policy Accounting Combinations Fundamentals BGP Policy Accounting Commands SNMP Operations Examples (CLI and SNMP) Destination-Sensitive Services Applicability Chapter 9 AAA Accounting Fundamentals of AAA Accounting High-Level Comparison of RADIUS, TACACS+, and Diameter RADIUS Diameter Details Chapter 10 NBAR NBAR Functionality Supported Devices and IOS Versions NBAR Protocol Discovery (PD) MIB NBAR Configuration Commands NBAR show Commands NBAR Examples (CLI and SNMP) NBAR Applicability Chapter 11 IP SLA Measured Metrics: What to Measure Operations: How to Measure IP SLA CLI Operations SNMP Operations with the CISCO-RTTMON-MIB Application-Specific Scenario: HTTP Application-Specific Scenario: VoIP Advanced Features Implementation Considerations Chapter 12 Summary of Data Collection Methodology Applicability Part III: Assigning Technologies to Solutions Chapter 13 Monitoring Scenarios Network Blueprint for Monitoring Device and Link Performance Network Connectivity and Performance Application Monitoring Service Monitoring and Routing Optimization Chapter 14 Capacity Planning Scenarios Link Capacity Planning Network Blueprint for Capacity Planning Problem Space Capacity Planning Tools Methods for Generating the Core Traffic Matrix Additional Considerations: Peer-to-Peer Traffic Summary Chapter 15 Voice Scenarios Network Blueprint for IP Telephony Voice Performance Measurement Voice Accounting Is Your Network Ready for IP Telephony? Chapter 16 Security Scenarios Network Blueprint for Security Management Security Management Process Summary Chapter 17 Billing Scenarios Network Blueprint for Billing Billing Approaches Summary Index Copyright Network Management Benoit Claise, CCIE No 2686, Ralf Wolter Copyright© 2007 Cisco Systems, Inc Published by: Cisco Press 800 East 96th Street Indianapolis, IN 46240 USA All rights reserved No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording, or by any information storage and retrieval system, without written permission from the publisher, except for the inclusion of brief quotations in a review Printed in the United States of America 1 2 3 4 5 6 7 8 9 0 First Printing June 2007 ISBN-13: 978-1-58705-198-2 Library of Congress Cataloging-in-Publication Data Claise, Benoit Network management / Benoit Claise, Ralf Wolter p cm ISBN 978-1-58705-198-2 (hardcover) Computer networks-Management I Wolter, Ralf, 1926- II Title TK5105.5.C544 2007 004.6068 dc22 2007018567 Warning and Disclaimer This book is designed to provide information about accounting and performance strategies for network management Every effort has been made to make this book as complete and accurate as possible, but no warranty or fitness is implied The information is provided on an "as is" basis The authors, Cisco Press, and Cisco Systems, Inc shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the discs or programs that may accompany it The opinions expressed in this book belong to the authors and are not necessarily those of Cisco Systems, Inc Corporate and Government Sales The publisher offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales, which may include electronic versions and/or custom covers and content particular to your business, training goals, marketing focus, and branding interests For more information, please contact: U.S Corporate and Government Sales 1-800-382-3419 corpsales@pearsontechgroup.com For sales outside the United States please contact: International Sales international@pearsoned.com Trademark Acknowledgments All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized Cisco Press or Cisco Systems, Inc., cannot attest to the accuracy of this information Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark responder-based operations (Cisco IP SLA) retrieving MIB table data, example 2nd SNMPv2c data RFC 1213, MIB-II RFC 2863, Interface-MIB RFC 2865 RFC 2866 RFC 2924, Accounting Attributes and Record Formats RFC 2975, Introduction to Accounting Management RFC 3812, MPLS Traffic Engineering MIB RFC 3813, MPLS LSR MIB RFCs Diameter IPFIX-related obtaining PSAMP-related RADIUS SMI-related SNMP-related RM&O (Resource Management & Operations) RMON groups, configuring on Cisco Catalyst switches MIBs, DSMON MIB NAM modules principles rows 2nd supported devices supported IOS versions RMON 1 groups RMON 2 groups RMON-MIB rogue access points, detecting round-trip times, measuring router-based aggregation router-based aggregation feature (NetFlow) routing optimization row (RMON) RRDtool (Round Robin Database) RSPAN (Remote SPAN) RTMP (Real-Time Messaging Protocol) RTP-based VoIP operation (Cisco IP SLA) RTR (Response Time Reporter) Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] SAA (Service Assurance Agent) SAMIS (Subscriber Account Management Interface Specification) Sampled NetFlow example configuration flow-based sampling methods deterministic probabilistic random stratified scalar objects scenarios capacity planning for enterprises for ISPs link capacity planning for voice networks security-related scheduling Cisco IP SLA operations Recurring function multiple Cisco IP SLA operations random Cisco IP SLA operations SCTP (Stream Control Transport Protocol) as NetFlow export protocol security [See also security management.] attack postmortem, performing intrusion attacks network blueprint reconnaissance attacks scenarios source authentication threats from intranet security management 2nd six-stage security operations model classification stage identification stage preparation stage reaction stage tracing back source of attack security models and levels (SNMP) selecting service availability, testing service monitoring 2nd Serviceability service-based billing show commands, NBAR-related show ip accounting access violations command show ip accounting command 2nd show ip accounting output-packets command show ip cache flow command 2nd show ip cache verbose flow command show ip nbar command show ip sla application command show rmon stats command show snmp command show snmp group command show snmp view command simple SMI types simply constructed SMI data types sinkholes SIP MIB six-stage security operations model classification stage identification stage preparation stage reaction stage tracing back source of attack size-based flow sampling SLAs generic monitoring network connectivity monitoring 2nd parameters SM&O (Service Management & Operations) SMI (Structure of Management Information) 2nd related RFCs SML (Service Management Layer) SMON MIB groups supported devices and IOS versions SNMP ifTable managed devices message-level security MIBs for data collection for device and link performance monitoring for IP Accounting (Layer 3) for IP Accounting ACL for IP Accounting MAC Address for IP Accounting Precedence for network connectivity monitoring 2nd NBAR PD MIB SMI related RFCs security models and levels traps, ciscoPingCompleted trap versions SNMP operations (NetFlow) snmpget utility, arguments SNMPv1 SNMPv2 configuring data retrieval statistics, displaying SNMPv3 configuring with user authentication, example configuration without user authentication, example configuration snmpwalk utility source of attack, tracing SPAN (Switched Port Analyzer) spectrum of test spoofed source addresses, tracing SRLG (Shared Risk Link Group) standards accounting and performance management de facto for voice service accounting selection process voice performance, measuring start time parameter of metric measurement stateful inspection stateful proxy servers stateless proxy servers Statistics and History group (RMON 1) switch configuration statistics distribution collection (Cisco IP SLA) statistics for SNMPv2c, displaying Stewart, John stratified sampling Stratum 0 streams subport classification summary of NBAR data collection criteria summary table of Cisco IP SLA operations supported features on NetFlow version 9 suspending conceptual rows switched network environments, SMON MIB groups supported devices and IOS versions syntax for net-snmp tools system accounting system clock synchronization Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] TACACS+ 2nd Taft, Nina TCP connect TCP Connect operation (Cisco IP SLA) technology-specific accounting and performance MIBs CISCO-FRAME-RELAY-MIB 2nd for IPv6 for multicast IF-MIB RMON-MIB for telephony CISCO-CALL-HISTORY-MIB CISCO-VOICE-COMMON-DIAL-CONTROL-MIB CISCO-VOICE-DIAL-CONTROL-MIB Dial Control Management MIB SIP MIB for traffic management and control CISCO-CAR-MIB CISCO-CLASS-BASED-QOS-MIB for VLANs community string indexing MPLS LSR MIB MPLS Traffic Engineering MIB Telecommuter OER configuration telephony, MIBs CISCO-CALL-HISTORY-MIB CISCO-VOICE-COMMON-DIAL-CONTROL-MIB CISCO-VOICE-DIAL-CONTROL-MIB Dial Control Management MIB SIP MIB Template FlowSets templates (NetFlow) 2nd test packets testing device availability network availability service availability threats from intranet thresholds for NBAR Protocol Discovery monitoring (Cisco IP SLA) violation triggers (Cisco IP SLA) time- and distance-based billing time stamps time-based billing dial-in pWLANs time-based flow sampling, configuring timeout parameter of metric measurement time-stamping TMF (TeleManagement Forum), eTOM model FAB OPS TMN (Telecommunications Management Network) TMN framework TMN/FCAPS model TOM (Telecom Operations Map) tools for capacity planning Top Talkers feature (NetFlow) example configuration match statement options top-down accounting and performance management, TMFCAPS model Top-N statistics Top-N traffic volume, identifying TOS aggregation schemes ToS bits, relationshiop to Precedence and DSCP bits traceroute tracing source of attacks traffic classification, CISCO-CLASS-BASED-QOS-MIB traffic engineering traffic management and control MIBs CISCO-CAR-MIB CISCO-CLASS-BASED-QOS-MIB transit agreements 2nd transport technology-specific MIBs traps (SNMP) CiscoPingCompleted trap Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] UAC (User Agent Client) UAS (User Agent Server) UDP as NetFlow export protocol UDP operations (Cisco IP SLA) UDP Echo operation UDP Jitter operation VoIP UDP Jitter operation UML (Unified Modeling Language) unicast communication unsupported NBAR capabilities users, defining utilities for capacity planning Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] VACM (View-based Access Control Model) verifying router-supported IP SLA operations versions of SNMP of Cisco IOS Software supporting NBAR VLAN-related MIBs community string indexing VoD (video on demand) voice extensions for RADIUS call legs VSAs accounting voice gateways voice networks metering sources performance, measuring active measurement CCM 2nd CiscoWorks Unified Operations Manager ICPIF MOS NAM passive measurement standards and technology scenarios voice quality, MOS voice service accounting standards and technology with CDRs VoIP accounting with RADIUS, commands per-call billing RTP-based VoIP operation (Cisco IP SLA) VoIP Call Setup Monitoring operation (Cisco IP SLA) VoIP Gatekeeper Registration Delay Monitoring operation (Cisco IP SLA) VoIP operations (Cisco IP SLA), example VoIP UDP Jitter operation volume-based billing peering agreements residential broadband access transit agreements VRF table VSAs accounting RADIUS accounting versus Acct-Session-Id field Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] W3C well-known ports Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] x of y triggers (Cisco IP SLA) ... Security Considerations: How to Ensure Data Authenticity and Integrity Summary Chapter 3 Accounting and Performance Standards and Definitions Understanding Standards and Standards Organizations Architectural and Framework Standards: The TMN/FCAPS... instrumentation related to accounting and performance management Compare accounting methods and choose the best approach for you Apply network performance best practices to your network Leverage built-in Cisco IOS network management system... planning, billing, security, and voice network performance Network Management: Accounting and Performance Strategies will be indispensable to every professional concerned with network performance, effectiveness, or profitability, especially