vtu.allsyllabus.

com

www.allsyllabus.com

SYLLABUS
Exam Hours: 03
Total Hours: 52
Exam Marks: 100

Subject Code: 10CS834

I.A Marks: 25
Hours/Week: 04

1. Introduction: Analogy of Telephone Network Management, Data and Telecommunication Network

,Distributed computing Environments, TCP/IP Based Networks: The Internet and Intranets,
Communications Protocols and Standards- Communication Architectures, Protocol Layers and Services;
Case Histories of Networking and Management The Importance of topology , Filtering Does Not Reduce
Load on Node, Some Common Network Problems; Challenges of Information Technology Managers,

Network Management: Goals, Organization, and Functions- Goal of Network Management, Network

co

Provisioning, Network Operations and the NOC, Network Installation and Maintenance; Network and
System Management, Network Management System platform, Current Status and Future of Network

bu

s.

Management.

2. Basic Foundations: Standards, Models, and Language: Network Management Standards, Network

yl
la

Management Model, Organization Model,Information Model Management Information Trees,

Managed object Perspectives, Communication Model; ASN.1- Terminology, Symbols, and Conventions,

.a
lls

Objects and Data Types, Object Names, An Example of ASN.1 from ISO 8824; Encoding Structure;
Macros, Functional Model.

3. SNMPv1 Network Management: Managed Network: The History of SNMP Management, Internet

Organizations and standards, Internet Documents, The SNMP Model, The Organization Model, System

Overview. The Information Model Introduction, The Structure of Management

Information, Managed Objects, Management Information Base. The SNMP Communication Model The
SNMP Architecture, Administrative Model,SNMP Specifications, SNMP Operations, SNMP MIB Group,
Functional Model.
4. SNMP Management RMON: Remote Monitoring, RMON SMI and MIB,RMONI1- RMON1 Textual
Conventions, RMON1 Groups and Functions,

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

Relationship

Between Control

and

Data T ables,

RMON1 Common and

Ethernet Groups, RMON Token Ring E xtension Groups, RMON2 The

RMON2 Management Information Base, RMON2 Conformance Specifications.
5. Broadband

Netw ork

M anagement:

Broadband

Access

Networks

and

Technologies: Broadband Access Networks, Broadband Access Technology;

HFCT Technology: The Broadband LAN, The Cable Modem, T he Cable
Modem Termination System, The HFC Plant, The RF Spectrum for Cable
Modem; Data Over Cable Reference Architecture; HFC Management Cable
Modem and CMTS Management, HFC Link Management, RF Spectrum
DSL

T echnology;

Asymmetric

Digital

Subscriber

Management,

Line

co

Technolo gy Role of the ADSL Access Net work in an Overall Net work,
ADSL Architecture, ADSL Channeling Schemes, ADSL Encoding Schemes;
Management

ADSL

Network

Management

s.

ADSL

Elements,

Performance

bu

Configuration Management, ADSL Fault Management, ADSL

ADSL

Management, SNMP-Based ADSL Line MIB, MIB Integration with Interfaces

yl
la

Groups in MIB-2, ADSL Configuration Profiles.

6. Network Management Applications: Configuration Management- Network

.a
lls

Provisioning, Inventory Management, Net work Topology, Fault ManagementFault Detection, Fault Location and Isolation Techniques, Performance
Management Performance Metrics, Data Monitoring, Problem Isolation,
Event

Model-Based

Reasoning,

Statistics;

Performance

Correlation

Reasoning,

Techniques

Case-Based

Rule-Based

Reasoning,

Codebook

correlation Model, State Transition Graph Model, Finite State Machine Model,
Security Management Policies and Procedures, Security Breaches and the
Resources

Needed

Authentication

and

to

Prevent

Authorization,

Them,

Firewalls,

Client/Server

Cryptography,

Authentication

Systems,

Messages T ransfer Security, Protection of Networks from Virus Attacks,

Accounting Management, Report Manage ment, Policy-Based Management,
Service Level Management.

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

.a
lls

yl
la

bu

s.

co

TEXT BOOKS:
Mani Subramanian: Network Management- Principles and Practice, 2nd
Pearson Education, 2010.
REFERENCE BOOKS:
J. Richard Burke: Network management Concepts and Practices: a Hands-On
Approach, PHI, 2008.

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

TABLE OF CONTENTS
1. Introduction

Analogy of telephone network

Data and telecommunication network
Distributed computing environment
In t e rn et
Protocols and standards
IT m an ag em en t
Network and system management
Current status and future of network management

1.1
1.2
1.3
1.4
1.5
1.6
1.7
1.8

6-14

Network

s.
bu

M anagement

.a
lls

3. SNMPv1

yl
la

2.1 Network Management Standards

2.2 Network Management Model
2.3 Organization Model
2.4 Infor mation Model
2.5 Co mmunication Model
2.6 ASN.1
2.7 Functional Model

15-27

co

2. Basic Foundations: Standards, Models, and Language

28-52

3.1 Managed Network

3.2 The SNMP Model
3.3 The Organization Model
3.4 The Information Model
3.5 Management Information Base
3.6 The SNMP Architecture
3.7 Administrative Model
3.8 Functional Model
4. SNMP Management RMON

4.1 Remote Monitoring

4.2 RMON SMI and MIB
4.3 RMONI1
4.4 RMON1 Groups and Functions
4.5 Relationship Between Co ntrol and Data Tables
4.6 RMON1 Co mmon and Ethernet Groups
4.7 RMON Token Ring Extension Groups
4.8 RMON2 Management Information Base

www.allsyllabus.com

53-61

vtu.allsyllabus.com

www.allsyllabus.com

5. Broadband Netw ork Manage ment

62-84

5.1 Broadband Access Networks

5.2 Broadband Access Technology
5.3 HFCT Technology
5.4 HFC Management
5.5 Asymmetric Digital Subscriber Line Te chnolog y
5.6 ADSL Management
6. Network Management Applications

85-113

.a
lls

yl
la

bu

s.

co

6.1 Configuration Management

6.2 Performance Management
6.3 Event Correlation Techniques
6.4 Security Management
6.5 Policy-Based Management
6.6 Service Level Management

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

Chapter 1

I NT RO D U C T I O N

1.1 Analogy of Telephone Network

yl
la

bu

s.

co

Characteristics:
It is Reliable - does what is expected of it
Dependable - always there when you need
it (remember 911?)
Good quality (connection) - hearing each
other well
The reasons for that are good planning, design, and implementation .Good operation and
management of network.
Telephone Network Model
Notice the hierarchy of switches
Primary and secondary routes programmed
Automatic routing
Where is the most likely failure?
Use of Operations Systems to ensure QoS

Regional Center
Cla ss 1 switch

.a
lls

Regional Center
Cla ss 1 switch

Prima ry Center
Cla ss 3 switch

Sectional Center
Cla ss 2 switch

Sectional Center
Cla ss 2 switch

Prima ry Center
Cla ss 3 switch

Toll Center
Cla ss 4 switch

En d Office
Cla ss 5 switch

End Office
Cla ss 5 switch

Toll Center
Cla ss 4 switch

To other
Regional centers
Sectional centers
Primary centers
Toll centers
En d offices
To other
Primary centers
Toll centers
En d offices
To other
Class 4 toll points
En d offices

Legend:
Loop
Dire ct Trunk
Toll-Connecting Trunk

Voice

V o ic e

Toll Trunk

Figure 1.1 Telephone Network Model

Operations Systems / NOC

Monitor telephone network parameters S/N ratio, transmission loss, call blockage, etc.

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

Real-time management of network

Trunk (logical entity between switches) maintenance system measures loss and S/N.
Trunks not meeting QoS are removed before customer notices poor quality
Traffic measurement systems measure call blockage. Additional switch planned to keep
the call blockage below acceptable level
Operations systems are distributed at central offices
Network management done centrally from Network Operations Center (NOC)

1.2 Data and Telecommunication Network

Computer data is carried over long distance by telephone (telecommunication network).
Output of telephone is analog and output of computers is digital. Modem is used to modulate
and demodulate .Computer data to analog format and analog to data should be done. Clear
distinction between the two networks is getting fuzzier with modern multimedia networks.

T erminal

Host

bu

s.

T erminal

co

Data communication network

Modem

Voice

Loop

Loop

.a
lls

Loop

Modem

yl
la

Modem

Voice

Figure 1.2 Data and Telecom m unicat ion Networks

T elecommunication net work

IBM SNA Architecture

IBM System Network Architecture (SNA) is a major step in network architecture SNA is based
on multitude of (dumb) terminals accessing a mainframe host at a remote location
LAN-WAN Network

LAN A

LAN B

B r id g e /
Router

B rid g e /
Router

B r id g e /
Router
LAN C

WAN
communication link

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

W o r k s t a t io n

W o r k s t a t io n

Cluster
controller

Cluster
controller

Communications
controller

s.

co

Communications
controller

bu

M a in f r a m e

yl
la

Figure 1.3 IBM Systems Network Architecture Mo del

Control
transf er

Server

Client

.a
lls

Major impacts of DCE are no more monopolistic service provider, no centralized IT controller,
hosts doing specialized function and Client/Server architecture formed the core of DCE network
Client/Server Model

Control
transf er

Figure 1.4 Simple Client-Server Model

For example in Post office analogy; clerk the server, and the customer the client. Client always
initiates requests and Server always responds. Notice that control is handed over to the receiving
entity.
1.3 TCP/IP Based Networks

TCP/IP is a suite of protocols

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

Internet is based on TCP/IP

IP is Internet protocol at the network layer level
TCP is connection-oriented transport protocol and ensures end-to-end connection
UDP is connectionless transport protocol and provides datagram service
Internet e-mail and much of the network management. Messages are based on
UDP/IP
ICMP part of TCP/IP suite

yl
la

1.4 Communication protocols and standards

bu

s.

co

Architecture, Protocols and Standards

Communication architecture
Modeling of communication systems, comprising
functional components and
operations interfaces between them
Communication protocols
Operational procedures
intra- and inter-modules
Communication standards
Agreement between manufacturers on protocols of communication equipment on
physical characteristics and
operational procedures

User A

User Z

Application Layers

Transport Layers

.a
lls

Peer-Protocol Interface

Application Layers
Transport Layers

Physical Medium

(a) Direct C ommu nication between E nd Sys tems

Intermedi ate system

System A
User A

System Z
User Z

Peer-Protocol Interface

Application Layers

Application Layers
T r a n s p o rt L a y e r

T r a n s p o rt L a y e r s

T r a n s p o rt L a y e r s
Conversion

Physical Medium

Physical Medium

(b) Com m unication between E nd S ystems via an Interme diate System

Figure 1.5 Basic Comm unication Architecture

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

OSI Reference Model

Layer 7

Application

Layer 6

Presentation

Layer 5

Session

Layer 4

Transport

Layer 3

Network

Layer 2

Data link

Layer 1

Physical

co

Physical medium

User / Application program

s.

Figure 1.6 OSI Protocol Layers

yl
la

bu

OSI Layers and Services

There are similarities between SNA and OSI. Simplicity of Internet specifies only layers
3 and 4 .There is integrated application layers over Internet. Commonality of layers 1 and 2 as in
IEEE standard as shown in table

Internet user
Telnet

.a
lls

Application Protocols

OSI user
Virtual Terminal
File Transfer Access & Management

Simple Mail Transfer

Message-orientedText

P ro t o c o l

In t e rch an g e St an d a rd

File Transfer Protocol

Simple Network

CommonManagement

M a n a g e m e n t P ro t o c o l

Information Protocol

1.5 Common Network Problems

Loss of connectivity
Duplicate IP address
Intermittent problems
Network configuration issues
Non-problems
P e r f o r m a n c e p ro b l e m s

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

1.6 Challenges of IT Managers

Reliability
Non-real time problems
Rapid technological advance
Managing client/server environment
Scalability
Troubleshooting tools and systems
Trouble prediction
Standardization of operations - NMS helps
Centralized management vs sneaker-net
L a y e r N a me

Salient services provided by the layer

Physical

-Transfers to and gathers from the physical medium raw

bit data

co

Layer
No.

Data link

-Consists of two sublayers: Logical li nk control (LLC) and

Media access control (MAC)

bu

s.

-Handles physical and electrical interfaces to the

transmission medium

yl
la

-LLC: Formats the data to go on the medium; performs

error control and flow control

Network

T r a ns p or t

.a
lls

-MAC: Controls data transfer to and from LAN; resolves

conflicts with other data on LAN

Forms the switching / routing layer of the network

-Multiplexing and de-multiplexing of messages from

a ppl i c at i o ns
-Acts as a transparent layer to appli cations and thus
isolates them from the transport system layers
-Makes and breaks connecti ons for connecti on-ori ented
communications
-Flow control of data in both directi ons

Session

-Establishes and cl ears sessions for applicati ons, and

thus minimizes loss of data during large data exchange

Presentation

-Provi des a set of standard protocols so that the display

would be transparent to syntax of the application
-Data encrypti on and decrypti on

Application

-Provi des applicati on specific protocols for each specific

application and each specific transport protocol system

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

SN A

OSI

I N T E R NE T

End User A pplic ation

Application

Presentation Services

Presentation

Data Flow Control

Application Specific
Protocols

Session

Transmission Control

Transport
ConnectionC o n n e c ti o n less: UDP
oriented: T CP

Transport
S NICP
Network

Path Control

Network
IP

SNDCP
SNDAP

Data Link

Data Link

Physical

Physical

co

Not Specified

bu

s.

Figure 1.7 Comparisons of OSI, Internet, and SNA Protocol Layer Models

yl
la

1.7 Network Management

.a
lls

Network
Management

Network
Operations

Design

Planning

Network
Provisioning

Network
Maintenance

Fault Manage ment / Service Restoration

F ault Management

Configuration Mana geme nt

Trouble Tick et
Administration

Performance Manage ment / Traffic Ma nagem ent

Network Installation
Security Ma nage ment
Network Repairs
Accounting Manage ment
F acilities Installation
R e p o rt s M a n a g e m e n t

& Mai ntenance

Inventory Mana ge ment

T ests

Routine Network

Data Gathering & Analys es

Figure 1.8 Network Management Functional Groupings

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

1.8 Network Operations

Net wor k
Users

Configuration Data

Management
Decision

TT Restoration

Engineering Group

Operations Group
NOC

- Network Planning &

Design

I & M Group
-Network Installation &
Maintenance

- Network Operations

co

F aul t T T

Performance & Traffic Data

New
Technology

s.

Installation

yl
la

Network Management Components

bu

Figure 1.9 Network Management Functional Flow Chart

.a
lls

NMS

Network
Agent

Network
Objects

Network
Objects

Network
Agent

Figure 1.10 Network Management Components

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

Interoperability
Messages

NM S
Vendor A

NM S
Vendor B

Services & Protocols

Network
Agent

Network
Agent

Network
Agent

Network
Objects

Network
Objects

Network
Objects

Network
Objects

co

bu

Objects

s.

Application
Se r v i c e s

Management
Pr o t o c o l

yl
la

Ve n d o r A
O bj ec t s

Network
Agent

.a
lls

Tr ans p or t
Pr o t o c o l s

O bj ec t s

Ve n d o r B
O bj ec t s

(b) Services and Protocols

Figure 1.11 Network Management Dumbbell Architecture

1.9 Current Status and Future of Network Management

Status:

SN M P m an ag em en t
Limited CMIP management
Operations systems
Polled systems

Future trends:

Object-oriented approach
Service and policy management
Business management
Web-based management

www.allsyllabus.com

vtu.allsyllabus.com

Chapter 2

www.allsyllabus.com

Basic Foundations: Standards, Models, and Language

Introduction
Network Management is the management of the network resources comprising nodes
(e.g., hubs, switches, routers) and links (e.g., connectivity between two nodes). System
Management is the management of systems and system resources in the network. Network
Management can also be defined as OAM&P (Operations, Administration, Maintenance, and
Provisioning) of network and services.
2.1 Network Management Standards

S t a n d a rd

International standard (ISO / OSI)

co

OSI / CMIP

Salient Points

Table 2.1 Network Management Standards

Most complete

yl
la

Object oriented

bu

Deals with all 7 layers

s.

Management of data communications network - LAN and

W AN

W ell structured and layered

Consumes large resource in implementation
SNMP /
Internet

.a
lls

Industry standard (IETF)

Originally intended for management of Internet components,

currently adopted for W AN and telecommunicati on systems

Easy to implement
Most widely implemented
T MN

International standard (ITU-T)

Management of telecommunications network

Based on OSI network management framework
Addresses both network and administrative aspects of
m a n a g e me n t

IE E E

IEEE standards adopted internationally

Addresses LAN and MAN management
Adopts OSI standards significantly
Deals with first two layers of OSI RM

W e b - b a se d
M a n a g e me n t

W eb-Based Enterprise Management (W BEM)

Java Management Application Program Interface (JMAPI)

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

OSI/CMIP: Common Management Information Protocol

SNMP/Internet: Simple Network Management Protocol (IETF)
TMN: Telecommunications Management Network (ITU-T)
IEEE standards
Web-based Management
SNMP is the most widely used. SNMP and CMIP use polling methodology for additional load
on the network. It requires dedicated workstations for the NMS (Network Management System)
2.2 Network Management Model

Communication
Model

s.

Information
Model

Functional
Model

bu

Organization
Model

co

Network
Management

yl
la

Figure 2.1 OSl Network Management Model

.a
lls

The Organization model describes the network management components, functions of

components and their relationships. The OSI Information deals with Structure of management
information (SMI), it deals with syntax and semantics. It contains Management information base
(MIB) and MIB deals with organization of management information. The Communication
models consists of Transfer syntax with bi-directional messages, Transfer structure (PDU).The
Functional model deals with user oriented requirements.

The OSI defines five functional applications namely

Configure components
Monitor components
Measure performance
Secure information
Usage accounting
2.3 Organizational Model
This describes components of network management and their relationship. It defines the
terms object, agent and manager.
Manager is responsible for
o Manages the managed elements
o Sends requests to agents
o Monitors alarms
o Houses applications
o Provides user interface

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

Agent is responsible for

o Gathers information from objects
o Configures parameters of objects
o Responds to managers requests
o Generates alarms and sends them to managers
Managed object performs
o Network element that is managed
o Houses management agent
o All objects are either managed or unmanaged
Two-Tier Model
Manager

s.

co

MD B

bu

Managed objects

Unm anaged objects

yl
la

MDB Managem ent Database

.a
lls

Agent process

Figure 2.2 T wo-Tier Network Management Organization Model

The Agent built into network element for example the Managed hub, managed router. An
agent can manage multiple elements for example the Switched hub, ATM switch. The MDB is a
physical database. Unmanaged objects are network elements that are not managed - both hysical
(unmanaged hub) and logical (passive elements).
Three-Tier Model

The middle layer plays the dual role

Agent to the top-level manager
Manager to the managed objects
Example of middle level: Remote monitoring
agent (RMON)

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

M DB

Manager

M DB

Agent / Manager

Managed objects
MDB Management Database
Ag e n t p r o c e s s

co

Figure 2.3 Three-Tier Network Management Organization Model

bu

s.

Manager of Managers

yl
la

MoM

A ge nt

Agent NMS

MD B

Agent

Agent NMS
M an a ger

MD B

.a
lls

M an ag er

MD B

Managed objects

Manage d objects

MoM
MD B

Agent NMS

Manager of Managers
Manageme nt Database

Agent

Manager

Agent process

Figure 2.4 Network Management Organization Model with MoM

Agent Network Management System manages the domain. Manager of Managers (MoM)
presents integrated view of domains. The Domain may be geographical, administrative, vendorspecific products, etc
Peer Network Management Systems
Dual role of both NMSs
Network management system acts as peers

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

Dumbbell architecture discussed in Chapter 1

Notice
that
the
manager
and
processes and not systems

agent

functions

Age nt N M S

Ma n a g e r N MS

Ma n a g e r N MS

A g e n t N MS

a re

Figure 2.5 Dual Role of Management Process

2.4 Information Model

(SMI)

bu

Structure of Management Information

s.

co

Figure in a book uniquely identified by ISBN, Chapter, and Figure number in that
hierarchical order. The ID: {ISBN, chapter, figure}. The three elements above define the
syntax. Semantics is the meaning of the three entities according to Websters dictionary. The
information comprises syntax and semantics about an object.

.a
lls

yl
la

SMI defines for a managed object. It contains Syntax, Semantics and plus additional
information such as status.
Example
sysDescr: {system1}
Sy n t ax :
OCTET STRING
Definition: "A textual description of the entity "
Access: read-only
Status:
mandatory

Management Data Base / Information Base

MD B

Manager

Managed objects

www.allsyllabus.com

MIB

vtu.allsyllabus.com

www.allsyllabus.com

The distinction between MDB and MIB are

MDB physical database; e.g.. Oracle, Sybase

MIB
virtual
database;
s ch e m a
management software

compiled

into

An NMS can automatically discover a managed object, such as a hub, when added to the
network. The NMS can identify the new object as hub only after the MIB schema of the hub is
compiled into NMS software
Management Information Tree
Root
.

co

Lev el 1

s.

Lev el 2

yl
la

bu

Lev el 3

.a
lls

Figure 2.6 Generic Representation of Management Information Tree

Object Type and Instance
The object types are name,Syntax,Definition,Status and Access

iso
itu
dod
Designation:
iso
org
dod
internet

For the example of a circle

International
St an d a rd s
International
Telecommunications
Department of Defense

Organization
Union

1
1.3
1.3.6
1.3.6.1

The circle is syntax. Semantics is definition from dictionary. A plane figure bounded by a
single curved line, every point of which is of equal distance from the center of the figure.

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

it u
0

is o
1

iso-itu
2

or g
3

dod
6
internet
1

Figure2.7

OSI Management Information Tree

and

Defintion
Semantics textual description

Status
Impl ementaion
requirements

.a
lls

Syntax
model of object

yl
la

bu

Object T ype:
Object ID
D e s c ri p t o r
circle

s.

A ccess:
Access
privilege

co

Managed Object Perspectives

Figure 2.8(a) Internet Perspecti ve

Notifications :
Notify changes in
attribute values

Object Class:
Circular
object

Behaviour

Operations:
Push

Attributes :
circle, dimension
Figure 3.9(b) OSI Perspective

www.allsyllabus.com

Attributes:
ellipse, dimension

vtu.allsyllabus.com

www.allsyllabus.com

object ID
and descriptor
syntax
access
status
d ef i n i t i o n

o b j e ct cl a s s
attributes
o p er a t i o n s
b eh a vi o r
notifications
Packet Counter Example

unique ID
and name for the object
used to model the object
access privilege to a managed object
implementation requirements
textual description of the semantics
of object type

co

managed object
attributes visible at its boundary
operations which may be applied to it
behavior exhibited by it in response to operation
notifications emitted by the object

s.

yl
la

Object type
Sy nt ax

.a
lls

Ac c es s
Status
Description

Example

bu

Characteristics

P k t Co u n t e r

Co u n t e r
Read-only
Mandatory
Co u n t s n u m b e r o f p a c k e t s

Figure 2.10(a) Internet Perspective

Characteristics

Exa m p l e

Object class

P a c k e t Co u n t e r

A t t ri b ut es

Single-val ued

Operations

g et , s et

Beh av i or

Retrieves or resets val ues

Notifications

Generates notificati ons on new

value
Figure 2.10 (b) OSI Perspective

Figure 2.10 Packet Counter As Example of Managed Object

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

2.5 Communication Model

In Internet requests/responses are in OSI operations. In Internet traps and notifications are
in (SNMPv2).
Operations /
Re q u e s t s
Manager

Re s p o n s e s

A p p l ic a t i o n s

Notifications /
Traps

Agent

co

Network Elements /
M an age d O bj ec t s

s.

Figure 2.11 Management Message Communication Model

yl
la

bu

Transfer Protocols

Manager
C o m m u n i c a ti o n
Module

Operations / Requests / Responses

Traps / Notifications

.a
lls

Manager
Applications

Transport Layers

SNMP (Internet)
CMI P ( O S I)

UDP / IP (Internet)
OSI Lower Layer Profiles (OSI)

Agent
Applications

Agent
Communication
Module

Transport Layers

Phys ical Medium

Figure 2.12 Management Communication Transfer Protocols

Internet is based on SNMP and OSI is based on CMIP. OSI uses CMISE (Common
Management Information Service Element) application with CMIP.
OSI specifies both c-o and connectionless transport protocol; SNMPv2 extended to c-o,
but rarely used.

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

2.6 Abstract Syntax Notation One:ASN.1

ASN.1 is more than syntax; its a language. It addresses both syntax and semantics. There are
two types of syntax

Abstract syntax: set of rules that specify data type and structure for information storage.
Transfer syntax: set of rules for communicating information between systems.

Makes application layer protocols independent of lower layer protocols. It can generate
machine-readable code for example Basic Encoding Rules (BER) is used in management
modules.
Backus-Nauer Form (BNF)

bu

s.

BNF is used for ASN.1 constructs

Constructs developed from primitives
The below example illustrates how numbers are constructed from the primitive
<digit>
Simple Arithmetic Expression entity (<SAE>) is constructed from the primitives
<digit> and <op>

co

.a
lls

yl
la

Definition:
<name> ::= <definition>
Rules:
<digit> ::= 0|1|2|3|4|5|6|7|8|9
<number> ::= <number> | <digit> <number>
< o p > : : = + |-|x |/
<SAE> ::= <number>|<SAE>|<SAE><op><SAE>
Example:
9 is primitive 9
19 is construct of 1 and 9
619 is construct of 6 and 19

Simple Arithmetic Expression

SAE> ::= <number> | <SAE><op><number>
Example: 26 = 13 x 2
Constructs and primitives

Type and Value

Assignments values
<BooleanType> ::= BOOLEAN
<BooleanValue> ::= TRUE | FALSE
ASN.1
module
is
a
person-name
Person-Name :: =
{ first
"John",
middle "I",

group

www.allsyllabus.com

of

assignments

vtu.allsyllabus.com

www.allsyllabus.com

last "Smith"
}
Data Type: Example 1
Module name starts with capital letters
Data types:
Primitives: NULL, GraphicString
Constructs
Alternatives : CHOICE
List maker: SET, SEQUENCE
Repetition: SET OF, SEQUENCE OF:

co
s.

[0]

SEQUENCE

bu

PersonnelRecord ::= SET

{
Name,
title
GraphicString,
division CHOICE
marketing
{Sector,
Country},
research
[1]
{product
- based
basic
production
{Product
- line
Country
}
etc.

Difference between SET and SEQUENCE

yl
la

CH O IC E
[0]
NULL,
[1]
NULL},
[2]
SEQUENCE
}

.a
lls

ASN.1 Symbols
Sy m b o l
::=
|
-{}
[]
()
..

Example 1

Meaning
Defined as
or, alternative, options of a list
Signed number
Following the symbol are comments
Start and end of a list
Start and end of a tag
Start and end of subtype
R an g e

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

Data Type: Structure & Tag

Structure defines how data type is built

Tag uniquely identifies the data type

If the Structure is simple

PageNumber ::= INTEGER
ChapterNumber ::= INTEGER
St ru ct u re / Co n s t ru ct
BookPageNumber ::= SEQUENCE
Example: {1-1, 2-3, 3-39}
Tagged

{ChapterNumber,

BookPages

::=

SEQUENCE

co
OF

BookPageNumber}

.a
lls

yl
la

bu

or
B o o k Pag es : : = SE Q U E N C E O F
{SEQUENCE
{ChapterNumber, Separator, PageNumber}
}

PageNumber}

In Fig, INTEGER is either universal or

s.

Derived from another type; given a new ID

application specific
Other types:
CHOICE, ANY

Sep a r at o r,

Data Type

Tag

Structure

Number
Simple

Structured

T agged

Class

Other

Universal

Application

Figure 2.13 ASN.1 Data Type Structure and Tag

www.allsyllabus.com

Contextspecific

Private

vtu.allsyllabus.com

www.allsyllabus.com

2.7Functional Model
OSI
Functional Model

Configuration
Management

co

s.

bu
yl
la
.a
lls
w

Security
Management

Accounting
Management

The configuration management will set and change network configuration and
component parameters. It will set up alarm thresholds
Fault management will do detection and isolation of failures in network and trouble ticket
administration
Performance management monitors performance of network
Security managementAuthentication, Authorization and Encryption
Accounting management-- Functional accounting of network usage

Performance
Management

Fault
Management

www.allsyllabus.com

vtu.allsyllabus.com

Chapter 3

www.allsyllabus.com

SNMPv1: Organization and Information Models

3.1 Managed Network: Case Histories

AT&T Network Management Centers

Network Control Centers
Network Operations Center
CNN World Headquarters
Centralized troubleshooting of NIC
Performance degradation due to NMS
Bell Operating company procedure

Managed LAN

co

NM S
192.168.252.110

yl
la

Backbone Network

bu

Router 2

s.

172.17.252.1

Router 1

Hu b 1
172.16.46.2

.a
lls

172.16.4 6.1

Hu b 2
172.16.46. 3

Figure 3.1 A Man age d LAN Network

NMS on subnet 192.168.252.1 manages the router and the hubs on subnet 172.16.46.1
across the backbone network .Information obtained querying the hub. Data truly reflects what is
stored in the hub
Managed Router: Port Addresses

Information acquired by NMS on the router interfaces

I n d e x r e f e r s t o t h e i n t er f a c e o n t h e ro u t e r
LEC is the LAN emulation card
Ethernet 2/0 interface refers to the interface
card 2 and port 0 in that card

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

I ndex

Interface

IP address

Network Mask

Network
Address

Link Address

23
25

L EC. 1 .0
L EC. 3 .9

255.255.255.0
255.255.255.0

Ethernet2/0
Ethernet2/3
Ethernet2/4
Ethernet1/2
Ethernet 0/1
Ethernet2/2
Ethernet1/1
Ethernet2/1

192.168.3.0
192.168.252.
0
172.16 ..46.0
172.16.49.0
172.16.52.0
172.16.55.0
172.16.56.0
172.16.57.0
172.16.58.0
172.16.60.0

0x00000C3920B4
0x00000C3920B4

13
16
17
9
2
15
8
14

192.168.3.1
192.168.252.1
5
172.16 ..46.1
172.16.49.1
172.16.52.1
172.16.55.1
172.16.56.1
172.16.57.1
172.16.58.1
172.16.60.1

255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0

0x00000C3920AC
0x00000C3920AF
0x00000C3920B0
0x00000C3920A6
0x00000C39209D
0x00000C3920AE
0x00000C3920A5
0x00000C3920AD

3.2 History Internet SNMP Management

1970 Advanced
R es e a rch
Project
Agency
Network
Internet control Message Protocol (ICMP)
Internet Engineering Task Force (IETF)
1990 SNMPv1
1995 SNMPv2
1998 SNMPv3
Internet documents:
Request for Comments (RFC)
IETF STD Internet Standard
FYI For your information
So u rc e fo r R FC s
SNMP
Management
ftp://nic.mil/rfc
Documents
ftp://ftp.internic.net/rfc
http://nic/internet.net/

.a
lls

yl
la

bu

s.

co

(ARPANET)

Concise SMI
RFC 1212
STD 16

w
RFC 1442
SMIv2
RFC 1902

RFC 1066
MIB I
RFC 1156

RFC 1067
RFC 1098
SNMPv1
RFC 1157
STD 15

SNMPv1
Traps
RFC 1215

RFC 1065
SMI
RFC 1155
STD 16

RFC 1158
MIB II
RFC 1213
STD 17
RFC 1443
SMIv2 Txt
Conventions
RFC 1903

RFC 1448
SNMPv2
Protocol Ops
1905

RFC 1444
SMIv2
Conformances
RFC 1904

MIB II for
SNMPv2
RFC 1907

Figure 3.2 SNMP Document Evolution

www.allsyllabus.com

RFC 1449
SNMPv2
Transport Map.
RFC 1906

vtu.allsyllabus.com

www.allsyllabus.com

3.3 SNMP Model

co

Organization Model
Relationship between network element,
agent, and manager
Hierarchical architecture
Information Model
Uses ASN.1 syntax
SMI (Structure of Management Information
MIB ( Management Information Base)
Communication Model
Transfer syntax
SN M P o v e r T C P/ IP
Communication services addressed by messages
Security framework community-based model
3.4 The Organization Model

s.

Two-Tier Organization Model

SNMPAgent

SNMP
Manager

.a
lls

yl
la

bu

SNMP
Manager

Network
Element

SNMP
Manager
Network Agent
Network
Element

(b) Multiple Managers - One Agent Model

(a) One Manager - One Agent Model

Three-Tier Organization Model: RMON

SN MP
Manager

RMON
Probe
Managed
Objects

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

Managed object comprises network element and

m an ag e m en t ag en t
R M O N a ct s as an ag en t an d a m an ag e r
RMON (Remote Monitoring) gathers data from MO,
analyses the data, and stores the data
Communicates the statistics to the manager

3.5 System Architecture

SNMP Manag er

SNMP Agent

SNMP Agent
Application

GetNext-Request
Get-Request Set-R eG
ete-sRtesponse
qu

GetNext-Request
Get-Request Set-Re
q eGt ue
R-ste s p o ns e

SNMP Manag er
Application

M an ag em ent
Dat a

s.

co

Trap

bu

S N MP

IP

.a
lls

DL C

yl
la

UDP

SN M P

IP
DLC
P HY

Physical Medium

Figure 3.3 SNMP Network Mana gement Arc hitecture

PHY

UDP

Messages between manager and agent

Direction of messages - 3 from manager and
2 fro m ag en t
SNMP Messages
Get-Request
Sent by manager requesting data from agent
Get-Next-Request
Sent by manager requesting data on the next
M O t o t h e o n e s p e ci fi ed
Set-Request
Initializes or changes the value of network
element

www.allsyllabus.com

Trap

vtu.allsyllabus.com

www.allsyllabus.com

Get-Response
Agent responds with data for get and set
requests from the manager
Trap
Alarm generated by an agent

3.6 The Information Model

Managed Object
Object
Object
Instance

Name:
OBJECT
IDENTIFIER

co

Object
Type

Encoding:
BER

bu

s.

Syntax:
ASN.1

Object type and data type are synonymous

Object identifier is data type, not instance

.a
lls

yl
la

Figure 3.4 Managed Object: Type and Instance

Managed Object: Multiple Instances

Name:
O B JE CT
IDENTIFIER

Object

Object
Typ e

Object
Instance 3
Object
Instance 2

Syntax:
ASN.1

Encoding:
BER

Object
Instance 1

Figure 3.5 M anaged Object : Type with Multiple Instances

All 3 Com hubs of the same version have identical

identifier; they are distinguished by the IP address
Each IP address is an instance of the object

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

N a me
Uniquely defined by
DESCRIPTOR AND
OBJECT IDENTIFIER

internet OBJECT IDENTIFIER ::=

{iso org(3) dod(6) 1 }.

internet OBJECT IDENTIFIER ::= {iso(1) standard(3) dod(6) internet(1)}

internet OBJECT IDENTIFIER ::= {1 3 6 1}
internet
OBJECT
IDENTIFIER
::=
{iso
standard
dod
internet OBJECT IDENTIFIER ::= { iso standard dod(6) internet(1) }
internet OBJECT IDENTIFIER ::= { iso(1) standard(3) 6 1 }

Internet Subnodes

mgmt
(2)

experimental
(3)

private
(4)

.a
lls

yl
la

directory
(1)

bu

s.

co

Internet
{1 3 6 1}

Figure 3.6 Subnodes und er Internet Node in SNMPv1

OBJECT IDENTIFIER ::= {internet 1}

OBJECT IDENTIFIER ::= {internet 2}
OBJECT IDENTIFIER ::= {internet 3}
OBJECT IDENTIFIER ::= {internet 4}

directory
mg mt
experimental
private

Private MIB Example

I nt er net
{ 1 3 6 1}

private
(4)

ent er pr i s es
(1)

cisco
(9)

hp
(11)

3 Co m
( 4 3)

Figure 3.7 Private Subtree for Commercial Vendo rs

www.allsyllabus.com

Cabletron
( 52)

internet

vtu.allsyllabus.com

www.allsyllabus.com

SNMP ASN.1
Data Type
Tag
Structure

Number
Class
Simple
or
P ri m i ti v e

Defined
or
Application

Constructor
or
Structured

Application

Contextspecific

Private

s.

Figure 3.7 SNMP ASN.1 Data Type

yl
la

Data Type
INTEGER

bu

Primitive Data Types

S t ru c t u r e
Primitive types

.a
lls

OCTET STRING

Comments
Subtype INTEGER (n1..nN)
Special case: Enumerated
INTEGER type
8-bit bytes bi nary and textual data
Subtypes can be specifi ed by
either range or fi xed
Object position in MIB
Placehol der

OBJECT IDENTIFIER
NULL

get-request message has NULL for value fields and

get-response from agent has the values filled in
subtype:
INTEGER (0..255)
OCTET STRING (SIZE 0..255)
OCTET STRING (SIZE 8)
Enumerated
error-status INTEGER {
noError(0)
tooBig(1)
genErr(5)
authorizationError(16)
}

co

Universal

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

Defi ned types

NetworkAddress
IpAddress
Co u n t e r

Not used
Dotted decimal IP address
W rap-around, non-negative
integer, monotonically increasi ng,
max 2^32 -1
Capped, non-negative i nteger,
increase or decrease
Non-negative integer in
hundredths of second units
Application-wi de arbitrary ASN.1
syntax, double wrapped OCTET
S T RI NG

G a ug e
TimeTicks

N e t wo r k A d d r e s s
IpAddress
Counter

.a
lls

yl
la

Defi ned types

G a ug e

TimeTicks

O p aq u e

s.

Defined or Application Data Type

co

Defined data types are simple or base types

Opaque is used to create data types based on
previously defined data types

bu

O p aq ue

Not used
Dotted decimal IP address
Wrap-around, non-negative
integer, monotonically increasing,
max 2^32 -1
Capped, non-negative integer,
increase or decrease
Non-negative integer in
hundredths of second units
Application-wide arbitrary ASN.1
syntax, double wrapped OCTET
S T RI NG

Constructor or Structured Data Type: SEQUENCE

1
2
3
4
5
6

Object
ipAdEntAddr
ipAdEntIfIndex
ipAdEntNetMask
ipAdEntBcastAddr
ipAdEntReasmMaxSize
ipAddrEntry

OBJECT IDENTIFIER
{ipAddrEntry 1}
{ipAddrEntry 2}
{ipAddrEntry 3}
{ipAddrEntry 4}
{ipAddrEntry 5}
{ipAddrTable 1}

www.allsyllabus.com

ObjectSyntax
IpAddress
INTEGER
IpAddress
INTEGER
INTEGER
SEQUENCE

vtu.allsyllabus.com

List:

IpAddrEntry ::=
SEQUENCE {
i pAd Ent A d dr
I pAd dr e s s
ipAdEntIfIndex
INTEGER
i pAdE nt N et M as k
IpAddress
ipAdEntBcastAddr
INTEGER
i p A d E n t Re a s m Ma x S i z e
INTEGER (0..65535)
}
Managed Object IpAddrEntry as a list

Basic Encoding Rules (BER) Tag, Length, and Value (TLV

Length

Value

Tag Number
(1-5th bits)

bu

P/C
(6th bit)

yl
la

Class
(7-8th bits)

s.

co

Type

www.allsyllabus.com

.a
lls

SNMP Data Types and Tags

Type
Tag
OBJECT IDENTIFIER
UNIVERSAL 6
SEQUENCE
UNIVERSAL 16
IpAddress
APPLICATION 0
Counter
APPLICATION 1
Gauge
APPLICATION 2
TimeTicks
APPLICATION 3
Opaque
APPLICATION 4
Managed Object: Structure
OBJECT:
sysDescr:
{ system 1 }
Sy n t ax :
O CT E T ST R I N G
Definition:
"A textual description of the entity. This value
should include the full name and version
identification of the system's hardware type,
software operating-system, and networking
software. It is mandatory that this only contain
printable ASCII characters."
Access:
read-only
Status:
m an d at o ry
Figure 31 Specifications for System Description

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

Managed Object: Macro

OBJECT-TYPE MACRO ::=
BEGIN
TYPE NOTATION ::= SYNTAX type(TYPE ObjectSyntax)
ACCESS Access
STATUS Status
VALUE NOTATION ::= value(VALUE ObjectName)
Access ::= read-only | write-only | not-accessible
Status ::= mandatory | optional | obsolete
END

Figure 3.2(a) OBJECT-TYPE Macro [RFC 1155]

.a
lls

yl
la

bu

s.

co

sysDescr OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..255))
ACCESS read-only
ST A T U S m a n d at o ry
DESCRIPTION
A textual description of the entit y. This value should include the full name and
version identification of the systems hardware type, software operating-system,
and networking software. It is mandatory that this only contain printable ASCII
ch a ra ct e rs .
::= {system 1 }
Figure 3.3(b) Scalar or Single Instance Macro: sysDescr
[RFC 1213]

Aggregate Object
A group of objects
Also called tabular objects
Can be represented by a table with
Columns of objects
Rows of instances
Example: IP address table
Consists of objects:
IP address
Interface
Subnet mask (which subnet this address
belongs to)
Broadcast address (value of l.s.b. in IP
broadcast address)
Largest IP datagram that can be assembled
Multiple instances of these objects associated with
the node

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

Aggregate M.O. Macro: Table Object

"The table of addressing

information relevant to this entity's IP
addresses."
::= {ip 20}
ipAddrTable OBJECT-TYPE
::= {ip 20}
ipAddrEntry OBJECT-TYPE

ipAddrTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpAddrEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION

::= {ipAddrTable 1}

co

yl
la

bu

ipAddrEntry OBJECT-TYPE
SYNTAX IpAddrEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"The addressing information for one of this entity's IP addresses."

.a
lls

s.

Aggregate M.O. Macro: Entry Object

INDEX { ipAdEntAddr }
::= { ipAddrTable 1 }

IpAddrEntry ::=
SEQUENCE {
ipAdEntAddr
IpAddress,
ipAdEntIfIndex
INTEGER,
ipAdEntNetMask
IpAddress,
ipAdEntBcastAddr
INTEGER,
ipAdEntReasmMaxSize
INTEGER (0..65535)

Index ipAdEntAddr uniquely identifies an instance. May require more than one object in the
instance to uniquely identify it

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

Aggregate M.O. Macro: Columnar Objects

ipAdEntAddr OBJECT-TYPE
SYNTAX IpAddress
ACCESS read-onl y
STATUS mandatory
DESCRIPTION

co

::= { ipAddrEntry 1 }
ipAdEntReasmMaxSize OBJECT-TYPE
SYNTAX INTEGER (0..65535)
ACCESS read-onl y
STATUS mandatory
DESCRIPTION
"The size of the largest IP datagram which this
entity can re-assemble from incoming IP
fragmented datagrams received on this interface."
::= { ipAddrEntry 5 }

s.

"The IP address to which this entry's

addressing information pertains."

.a
lls

yl
la

Tabular Representation of Aggregate Object

bu

TABLE
T

COLUMNAR
OBJECT 2

COLUMNAR
OBJECT 3

COLUMNAR
OBJECT 1

ENTRY
E

COLUMNAR
OBJECT 4

COLUMNAR
OBJECT 5

Figure 3.8(a) Multiple Instance Managed Object

The objects TABLE T and ENTRY E are objects that are logical objects. They define the
grouping and are not accessible. Columnar objects are objects that represent the attributes
and hence are accessible. Each instance of E is a row of columnar objects 1 through 5.
Multiple instances of E are represented by multiple rows.
3.7 Management Information Base

MIB-II (RFC 1213) is superset of MIB-I

Objects that are related grouped into object groups
MIB module comprises module name, imports from
other modules, and definitions of current module

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

RFC 1213 defines eleven groups.

Internet
{1 3 6 1}

directory
(1)

mgmt
(2)

experimental
(3)

private
(4)

mib-2
(1)

system (1)

snmp (11)

interfaces (2)

transmission (10)
cmot (9)

ip (4)

at (3)

egp (8)
udp (7)

co

icmp (5)

bu

s.

tcp (6)

Figure 4.26 Internet MIB-II Group

yl
la

System Group

Description (brief)
Textual description
OBJECT IDENTIFIER of the entity
Ti me (in hundredths of a second since last reset)
Contact person for the node
Administrative name of the system
Physical locati on of the node
Value designati ng the layer services provided by the
entity

.a
lls

OID
system 1
system 2
system 3
system 4
system 5
system 6
system 7

Entity
s y s De s c r
sysObjectID
sysUpTime
s y s Co n t a c t
sysName
s y s Loc at i o n
sysServices

syst e m
(mib-2 1)

s y s D es c r ( 1)
s y s O bj ec t I d
(2)
sysUpTime (3)

sysServices (7)
s y s Loc at i on ( 6)
sysName (5)
sysContact (4)

Figure 3.9 System Group

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

sysServices

s.

co

p h y s i c a l ( e . g . , r e p e a t er s )
datalink/subnetwork (e.g., bridges)
internet (e.g., IP gateways)
end-to-end (e.g., IP hosts)
applications (e.g., mail relays)

bu

layer functionality
1
2
3
4
7

sysServices OBJECT-TYPE
SYNTAX INTEGER (0..127)
ACCESS read-only
STATUS mandatory
DESCRIPTION
"A value which indicates the set of services that this entity primarily offers.The value is a
sum. This sum initially takes the value zero, Then, for each layer, L, in the range1 through 7,
that this node performs transactions for, 2 raised to (L - 1) is added to the sum. For example, a
node which performs primarily routing functions would have a value of 4 (2^(3-1)). In
contrast, a node which is a host offering application services would have a value of 72
(2^(4-1) + 2^(7-1)). Note that in the context of the Internet suite of protocols, values should b
calculated accordingly:

yl
la

For systems including OSI protocols, layers 5 and 6 may also be counted." :: = { system 7 }

.a
lls

Interfaces Group

interfaces
(mib-2 2)

i f Num ber
(1)

i f T a bl e
( 2)

ifEntry
(1)

ifIndex (1)

ifSpecific (22)

ifDescr (2)
i f T y pe ( 3)

i f O ut Q L e n ( 2 1 )
i f O ut E r r o r s ( 2 0 )

i f M t u ( 4)

i f O ut Di s c ar ds ( 19)

i f S pe ed ( 5)

i f O ut N Uc as t P k t s ( 1 8 )

i f P hy s A ddr es s ( 6)

ifOut UcastPkts (17)

i f A dm i ns t at us ( 7)

i f O u t O c t et s ( 1 6 )

i f O p er S t at us ( 8)

i f Unk n o w nP r ot os ( 15)

i f Las t C ha ng e ( 9)

ifInErrors (14)

i f I nO c t et s ( 1 0)
i f I nUc as t P k t s ( 11)

Le g en d:

ifInDiscards (13)
ifInNUcastPkts (12)

I N DE X i n b o l d

Figure 3.9 Interfaces Group

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

IP Group
ip
(mib-2 4)

ipRoutingDiscards (23)

i pF or war di ng ( 1)
i p D ef a u l t T T L ( 2 )

i p N et T o M e d i aT a b l e ( 2 2 )
i pRo ut eT abl e ( 21)

ipInReceives (3)
i pI n H dr E r r or s ( 4 )

ipAddrT able ( 20)

ipInAddrErrors (5)

ipFragCreat es (19)
ipFragFails (18)

ipForwDatagrams (6)
ipInUnknownProtos (7)

ipFragOKs (17)

ipInDiscards (8)

ipReasm Fails (16)

ipInDelivers (9)
ipOutRequests(10)

i pR e as m O K s ( 1 5)
ipReasmReqds (14)

i p O u t D i s c a r ds ( 1 1 )

co

ipReasmTimeout (13)

.a
lls

ipForwarding: Gateway(1) and Router(2)

IP Address Table contains table of IP addresses
IP Route Table contains an entry for each route
IP Network-to-Media Table is address translation table
mapping IP addresses to physical addresses

IP Address Translation Table

ipNetToMediaTable
(ip 22)

yl
la

bu

Figure 3.10 IP Group

s.

ipOutNoRoutes (12)

ipNetToMediaEntry (1)

ipNetToMediaIfIndex (1)

ipNetT oMediaType (4)

ipNetToMediaPhysAddress (2)

ipNetToMediaNetAddress

Figure 3.11 IP Address Translation Table

www.allsyllabus.com

(3)

vtu.allsyllabus.com

www.allsyllabus.com

ICMP Group

icmp
(mib-2 5)

icmpInMsgs (1)

icmpOutA ddrMask Reps (26)

icmpOutA ddrMasks (25)

icmpInErrors (2)
icmpInDestUnre achs (3)

icmpOutTimestampR eps (24)

icmpInTimeE xcds (4)

icmpOutTimestamps (23)

ic m p I n P a r m Pr o b e ( 5 )

icmpOutEc hoR eps (22)

icmpInSrcQuen chs ( 6)

i c m p O u tE c h o s ( 2 1 )

icmpInRedir ects (7)

icmpOutRedirects (20)

icmpInEchos (8)

ic m p O u t Sr c Q u e n c h s ( 1 9 )

icmpInEchoR eps (9)

icmpOutP armProbe (1 8)
icmpOutTimeExcds (17)

icmpInTimestamps (10)
icmpInTimestampReps (11)

icmpOutDestUnreac hs (16)

icmpInAddr Masks (12)

icmpOutErrors (15)
icmpInMsgs (14)

Objects associated with ping

icmpOutEchos
# ICMP echo messages sent
icmpInEchoReps # ICMP echo reply messages
re c ei v ed
Objects associated with traceroute/tracert
icmpInTimeExcs # ICMP time exceeded messages received

.a
lls

yl
la

bu

s.

Figure 3.12 ICMP Gro up

co

icmpInAddrMask Reps (13)

tc p
(mib-2 6)

TC P G ro up

tcpOut Rsts (15)

( 1)

tcpInErrors (14)

t c p Rt o A l g or i t h m
tcpRtoMin (2)

tcpConnTable 13)

tcpRtoM ax (3)

tcpRetranSegs (12)

tcpM axConn (4)

tcpActiveO pens (5)

tcpOutSegs (11)

tcpP assiveO pens (6)

tcpInS egs (10)

tcpAttem ptFails (7)

tcpCurrEstab (9)
tcpEstabResets (8)

Figure 3.13 TCP Group

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

TCP Connection Table

Entity

OID

tcpConnTable
tcpconnEntry

Description (brief)

tcp 13
TcpConnTable 1
1
2
3
4
5

t c pC o nn St at e
TcpConnEntry
tcpConnLocalAddress TcpConnEntry
Tc p C o n n E n t r y
tcpConnLocalPort
tcpConnRemAddress TcpConnEntry
Tc p C o n n E n t r y
tcpConnRemPort

TCO connecti on table

Information about a particular TCP
connection
State of the TCP connection
Local IP address
Loc al por t n u m ber
Re m o t e I P a d d r e s s
Re m o t e p o r t n u m b e r

co

tcpConnTable
(tcp 13)

bu

s.

t c p Co n n E n t r y
( 1)

tcpConnState (1)

tcpCommRemPort (5)

tcpConnRemAddress(4)

yl
la

tcpConnLocalAddress (2)

.a
lls

tcpConnLocalPort (3)

Figure 3.14 TCP Connection Table

UDP Group

Connectionless transport protocol group Has one table, UDP table

Entity
udpInDatagrams

OID
udp 1

udpNoPorts

udp 2

udpInErrors
udpOutDatagrams
udpTable
udpEntry

udp 3
udp 4
udp 5
udpTable 1

u d p L o c a l A d d r e ss
udpLocalPort

u dp E n t ry 1
u dp E n t ry 2

Description (brief)
Total number of datagrams delivered to the
users
Total number of received datagrams for
which there is no applicati on
Number of received datagrams with errors
Total number of datagrams sent
UDP Listener tabl e
Information about a particular connecti on or
UDP listener
Local IP address
Local UDP port

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

udp
(mib-2 7)

udpInDatagrams
(1)

udpInErrors
(3)

udpNoPorts
(2)

udpOutDatagrams
(4)

udpTable
(5)

udpEntry
(1)

udpLocalPort
(2)

udpLocAddress
(1)

.a
lls

StNNM
Pt-R
Meaqnuaegsetr
ex
Ge
Application
e
Get-Request
Set-ReqeuGstt-Response

SNMP Agent

SN
M P A g e nt
GetN
extRequest
Application
Get-Request
Gset t-Respo nse
Set-Reque

Trap

Trap

M an ag em ent
Dat a

yl
la

SN M P M a n a g e r

bu

3.7 SNMPv1: Communication Model

SNMP Architecture

s.

co

Figure 3.15 UDP Group

S N MP

S N MP

UDP

UDP

IP

IP

DL C

DL C

PHY

P HY

Physical Medium
Figure 3.16 SNMP Network Mana ge m ent Archit ecture

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

Based on community profile and policy

SNMP Entities:
SNMP application entities
- Reside in management stations and network
elements
- Manager and agent
SNMP protocol entities
- C o m m u n i c at i o n p ro c e s s e s (P D U h a n d l e r s )
- Peer processes that support application entities

.a
lls

3.8 Administrative Model

yl
la

bu

s.

co

It is truly simple network management protocol . Five messages, three from manager and two
fro m ag en t
SNMP Messages
Get-Request
Get-Next-Request
Set-Request
Get-Response
Trap
Generic trap
Sp e ci fi c t rap
Time stamp
Generic trap
coldStart
warmStart
linkDown
linkUp
authenticationfailure
egpNeighborLoss
enterpriseSpecific
Sp e ci fi c t rap
for special measurements such as statistics
Time stamp: Time since last initialization

SNMP Manag er
Authentication Sche me

SNM P Manager
Authentication Scheme
Authentic Messages
Authentication Sche me
SNMP Agent

Figure 3.17 SNMP Community

www.allsyllabus.com

SNMP Manager
Authentication Scheme

vtu.allsyllabus.com

www.allsyllabus.com

Security in SNMPv1 is community-based

Authentication scheme in manager and agent
Community: Pairing of two application entities
Community name: String of octets
Two applications in the same community
communicate with each other
Application could have multiple community names
Communication is not secured in SNMPv1 - no
encryption
SNMP Agent

read-only

write-only

Object 2

Object 3

read-write
Object 4

MIB Acc ess

SNMP MIB View

s.

Object 1

SNMP Access Mode

not-accessible

READW RIT E

co

READO N LY

yl
la

.a
lls

MIB view
An agent is programmed to view only a subset of managed objects of a network
el e m en t
Access mode
Each community name is assigned an access mode:: read-only and read-write
C o m m u n i t y p r o fi l e : M I B v i e w + a c c e s s m o d e
Operations on an object determined by community. Profile and the access mode of the
object
Total of four access privileges
Some objects, such as table and table entry are non-accessible
Administration model is SNMP access policy
SNMP community paired with SNMP. community profile is SNMP access policy

bu

Figure 3.18 SNMP Com munit y Profile

Pa ram et e rs :
Community / communities
Agent / Agents
Manager / managers

Manager

Community
Agent 1

Community Profile 1
Community Profile 2

www.allsyllabus.com

Agent 2

vtu.allsyllabus.com

www.allsyllabus.com

Access Policy
Manager manages Community 1 and 2 network .Components via Agents 1 and 2. Agent 1
has only view of Community Profile 1, e.g. Cisco components. Agent 2 has only view of
Community Profile 2, e.g. 3Com components. Manager has total view of both Cisco and 3
components.
Generalized Administration Model

M an ag er 1
( Com m uni t y 1)

Com munity 1
A g e nt 1

Comm unity Profile 1

A ge nt 2

co

Com munity Profile 2

Com munity 2

bu

A g e nt 3

Comm unity Profile 3

s.

M an ag er 3
( Com m uni t y 1, C om m u ni t y 2)

A ge nt 4

yl
la

Com munity Profile 4

.a
lls

M an ag er 2
( Com m uni t y 2)

F i g u re 3. 1 9 S N M P A c ce s s P o l i c y

Manager 1 manages community 1, manager 2. community 2,and manager 3 (MoM) both

communities . 1 and 2

Proxy Access Policy

SNMP Manag er
(Community 1)

SNMP
Agent

Proxy Agent

non-SNMP
Community

SNMP Community

Figure 3.20 SNMP Pro xy Access Policy

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

Proxy agent enables non-SNMP community. The elements are managed by an SNMP manager.
An SNMP MIB is created to handle the non-SNMP objects.
3.9 SNMP Protocol Specifications

SNMP
PDU

Dat a

Application
PDU

Application
Header

Transport
PDU

UDP
Header

Network
PDU

Transport

S NM P P D U

PDU

DLC
Header

co

Network PDU

yl
la

bu

Protocol entities support application entities

Communication between remote peer processes
Message consists of
Version identifier
Community name
Protocol Data Unit
Message encapsulated and transmitted

s.

Figure 3.20 Encapsulated SNMP Message

Get and Set PDU

Error
Index

VarBind 1
name

PDUs ::=

Error
Status

PD U
RequestID
Ty p e

.a
lls

Comm unity

Application PDU

IP
Header

Data Link
PDU

Versi on

VarBind 1
value

CHOICE {
Us
get-request Figure 5.8 GGeteatnd
ReSet
queTsytp-PeDPDU,
get-next-request
GetNextRequest-PDU,
get-response
GetResponse-PDU,
set-request
SetRequest-PDU,
trap
Trap-PDU
}
PDU Types: enumerated INTEGER
get-request
[0]
get-next-request
[1]
s et -req u es t
[2 ]
get-response
[3]
trap
[4]

www.allsyllabus.com

...

VarBind n
name

VarBind n
va l u e

vtu.allsyllabus.com

www.allsyllabus.com

Error in Response
ErrorStatus ::=
INTEGER {
noError(0)
tooBig(1)
noSuchName(2)
bad value(3)
readOnly(4)
genErr(5)
}
Error Index: No. of VarBind that the first error occurred

Generic
Trap Type

Timestamp

VarBind 1
name

VarBind 1
value

...

VarBind n
name

VarBind n
value

Description (brief)
Sending protocol entity is reinitializing itself;
agent's confi gurati on or protocol entity
impl ementati on may be altered
Sending protocol entity is reinitializing itself;
agent configuration or protocol enti ty
implementati on not altered
Failure of one of the communi cati on links
One of the links has come up
Authenti cati on failure
Loss of EGP nei ghbor
Enterprise-specific trap

bu

Generic T rap Type

coldStart(0)

Specific
Trap Type

co

Agent
Address

s.

Ente
rprise

warmStart(1)

.a
lls

linkDown(2)
linkUp(3)
authenticationFailure(4)
egpNeighborLoss(5)
enterpriseSpecific(6)

yl
la

PDU
Ty p e

Tra p P D U

Enterprise and agent address pertain to the system generating the trap. Seven generic
traps specified by enumerated INTEGER. Specific trap is a trap not covered by enterprise
specific trap time stamp indicates elapsed time since last re- initialization.

3.10 SNMP Operations

M an ag er
Process

Get Request (sysDescr.0)

Get Respons e (sysDescr .0= "SunOS" )
Get Request (sysObjectI D.0)
Get Respons e ( sysObjectID.0= enterprises.11. 2.3.10.1.2 )
Get Request (sysUpTime.0)
Get Respons e (sysUpTime.0= 2247349530)
G et Re q u es t ( s y s C o nt ac t . 0)
G et Res p o ns e ( s y s C o nt ac t . 0= " " )
G et Re q u es t ( s y s N am e. 0)
G et Res p o ns e ( s y s N am e. 0= " n oc 1 " )
Get Request (sysLocation. 0)
G e t R e s p o n s e ( s y s L o c at i o n . 0 = " " )
Get Request (sysServices.0)
Get Respons e (sysServi ces.0= 72)

Figure 3.21 Get-Request Operation for Sys tem Grou p

www.allsyllabus.com

Agent
Proc ess

vtu.allsyllabus.com

www.allsyllabus.com

MIB for Get-Next-Request

2. 1

3. 1

1. 2

2. 2

3. 2

1. 1

bu

s.

co

Figure 3.21 MIB for Operation Sequences

.a
lls

yl
la

A More Complex MIB Example

10

18

Figure 3.22 MIB Example for Lexicographic Ordering

www.allsyllabus.com

21

vtu.allsyllabus.com

www.allsyllabus.com

Get-Next-Request Operation

Manager
Process

Agent
Process

GetNextRequest (sysUpTime,
atPhysAddress)
GetResponse( (sysUpTime.0 = "315131795"),
(atPhysAddress.13.172.16.46.1 = "0000000C3920AC"))

co

s.

GetResponse( (sysUpTime.0 = "315131800"),

(atPhysAddress.16.172.16.49.1 = "0000000C3920AF") )

yl
la

bu

GetNextRequest (sysUpTime,
atPhysAddress.16.172.16.49.1)

.a
lls

GetResponse( (sysUpTime.0 = "315131805"),

(atPhysAddress.23.192.168.3.1 = "0000000C3920B4") )

GetNextRequest (sysUpTime,
atPhysAddress.23.192.168.3.1)

GetResponse( (sysUpTime.0 = "315131810"),

(ipForwarding.0 = "1") )

Figure 3.23 GetNextRequ est Example with Indices

www.allsyllabus.com

atIfIndex atPhysAddressatNetAddress
23
0000000C3920B4192.168.3.1
13
0000000C3920AC172.16.46.1
16
0000000C3920AF172.16.49.1

GetNextRequest (sysUpTime,
atPhysAddress.13.172.16.46.1)

vtu.allsyllabus.com

www.allsyllabus.com

Chapter 4

SNMP Management -- RMON

RMON Components

Data
Analyzer

SNMP
Traffic

Router

BACKBONE
N ET W O R K

Router

SNMP
Traffic

RMON
Probe

co

L AN

bu

s.

RMON Probe Data gatherer is a physical device. Data analyzer is a processor that
analyzes data. RMON Remote Network Monitoring
4.1 Remote Monitoring

.a
lls

Router with
RMON

yl
la

R e m o t e F D DI L A N

F D DI
Backbone Network

Bridge

Router

FDDI Probe

Loc al LA N

Router

NM S

Remot e Token Ring LA N

Token Ring
Probe

Figure 4.1 Network Configuration with RM ONs

The RMON is embedded monitoring remote FDDI LAN. Analysis done in NMS
RMON Benefits
Monitors and analyzes locally and relays data;
Less load on the network
Needs no direct visibility by NMS;
More reliable information

www.allsyllabus.com

Ethernet
Probe

vtu.allsyllabus.com

www.allsyllabus.com

Pe rm i t s
monitoring
on
and hence faster fault diagnosis
Increases productivity for administrators

m o re

fre q u e n t

basis

4.2 RMON SMI and MIB

rmon (mib-2 16)

r m onC o nf or m a nc e ( 20)
statistics (1)

probeConfig (19)

hi s t or y ( 2)

usrHistory (18)
a1M atrix (17)

alarm (3)
hos t ( 4)

a1 Hos t ( 16)
n1M atrix (15)

co

hos t T o p N ( 5)
matrix (6)
filter (7)

n1 Hos t ( 14)

addressMap (13)

c apt ur e ( 8)

protocolDist (12)

protocolDir (11)

T ok e n Ri ng ( 10)

RM O N 2

bu

RM O N 1

s.

ev ent ( 9)

yl
la

RM O N 1 E x t ens i on

Figure 4.2 RMON Group

4.3 RMON1

.a
lls

RMON1: Ethernet RMON groups (rmon 1 - rmon 9)

RMON1: Extension: Token ring extension (rmon 10)
RMON2: Higher layers (3-7) groups (rmon 11 - rmon 20)

Row Creation & Deletion

EntryStatus data type introduced in RMON
EntryStatus (similar to RowStatus in SNMPv2)
used to create and delete conceptual row.
Only 4 states in RMON compared to 6 in SNMPv2
State
valid
createRequest
underCreation
invalid

E n u me ration
1
2
3
4

Description
Row exists and is active. It is fully configured and operational
Create a new row by creating this object
Row is not fully active
Delete the row by disassociating the mapping of this entry

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

4.4 RMON Groups and Functions

T o k e n Ri n g S t a ti s ti c s
T o k e n Ri n g
Statistics

T o k e n Ri n g
History

History
Control

Ethernet Statistics
Ethernet
Statistics

Remotely
Monitored
Network

Ethernet
History

History
Control

Host an d Conversation Stati stics

Data
Gathering

Host
Statistics

HostT opN
Statistics

Network
Manager

Matrix
Statistics

F i l te r G r o u p

Event
Generation

Packet
Capture

s.

Alarm
Generation

Channel
Filtering

co

Packet
Filtering

bu

Figure 4.3 RMON1 Groups and F u nct ion s

.a
lls

yl
la

Probe gathers data. Its functions are

Statistics
on
Ethernet,
token
hosts / conversations
Filter group filters data prior to capture of data
Generation of alarms and events

RMON1 MIB Groups & Tables

Ten groups divided into three categories
Statistics groups (rmon 1, 2, 4, 5, 6, and 10))
Event reporting groups (rmon 3 and 9)
Filter and packet capture groups(romon 7 and 8)
Groups with 2 in the name are enhancements with RMON2
Textual Convention:
LastCreateTime and TimeFilter
LastCreateTime tracks change of data with the
changes in control in the control tables
Timefilter used to download only those rows that
c h a n g e d a f t e r a p a rt i c u l a r t i m e
FooTable (bold indicating the indices):
fo o T i m eM a r k
fo o I n d e x
fooCounts
fo o Co u n t s
.0.1
5
fooCounts.

0.2

fooCounts.

1.1

www.allsyllabus.com

ring,

and

vtu.allsyllabus.com

www.allsyllabus.com

fooCounts.

1.2

fooCounts.

2.1

fooCounts.

1.2

fooCounts.

3.1

fooCounts.

3.2

fooCounts.

4.2

9 -- (Note that row #1 does not exist for times 4 & 5

since the last update occurred at time-mark 3.)

r mo n 4

HostTopN

rm o n 5

Matrix

r mo n 6

co

Host

s.

rm o n 3

bu

Alarm

yl
la

r mo n 2

Tables
-etherStatsTable
-etherStats2Table
Periodic statistical data
-historyControlTable
collection and storage for later
-etherHistoryTable
retrieval
-historyControl2Table
-etherHistory2Table
Generates events when the data -alarmTable
sample gathered crosses pree s t a b li s h e d t h r e s h o l d s
Gathers statistical data on hosts -hostControlTable
-hostTable
-hostTimeTable
-hostControl2Table
Co mputes the top N hosts on
-hostTopNcontrolTable
t h e re s p e c t i v e c a t e g o ri e s o f
statistics gathered
Statistics on traffic between pair -matrixControlTable
of hosts
-matrixSDTable
-matrixDSTable
-matrixControl2Table
Filter function that enables
-filterTable
c a pt u re of d es i re d p ar am et e rs
-channelTable
-filter2Table
-channel2Table
Packet capture capability to
-buffercontrolTable
gather packets after they flow
-captureBufferTable
through a channel
Controls the generation of
-e v e n t T ab l e
events and notifications
See T abl e 8. 3
See Table 8.3

.a
lls

History

Function
Link level statistics

OID
rmon 1

Group
Statistics

fooCounts.
5.2
9 (Both rows #1 and #2 do not exist for time-mark greater
than 5.)Bold objects (fooTimeMark and fooIndex) are indices

Filter

rm o n 7

Packet
Ca p t u r e

rm o n 8

Event

rm o n 9

Token
Ring

rm o n 1 0

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

4.5 Control and Data Tables

dataT able

dataEntr y
controlT able

control
DataS ource

control
T ableSize

control
O w ner

control
Status

control
Other

control
In d e x

control
DataS ource

control
T ableSize

control
O w ner

control
Status

control
Other

data
AddlIndex

dat a
Other

data
In d e x

data
AddlIndex

dat a
Other

data
In d e x

data
AddlIndex

dat a
Other

data
In d e x

data
AddlIndex

dat a
Other

s.

co

control
In d e x

data
In d e x

controlEntry

yl
la

bu

Note on Indices:
Indices marked in bold letter
Value of dataIndex same as value of controlIndex

.a
lls

Figure 4.4 Relationship between Control and Data Tables

Filter Group

Control table used to set the instances of data rows in the data table. Values of data index and
control index are the same. MatrixSDTable is the source-destination table. ControlDataSource
identifies the source of the data. ControlTableSize identifies entries associated with the data
source. ControlOwner is creator of the entry.

Filter group used to capture packets defined by

logical expressions
Ch an n el i s a s t re a m o f d at a c ap t u red b a s ed o n a
logical expression
Filter table allows packets to be filtered with an
arbitrary filter expression
A row in the channel table associated with multiple
rows in the filter table

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

filterTable

filterEntry
channelTable

channel
IfIndex

channel
Ac ceptType

channel
Acc eptType

channel
DataControl

Other
Channel
Parameters

channel
DataControl

Other
Channel
Parameters

yl
la

bu

Note on Indices:
Indices marked in bold letter
Value of filterChannelIndex same as value of channelIndex

Filter
Parameters

filterIndex
=2

filter
ChannelIndex
=1

Filter
Parameters

filter
ChannelIndex
=2

Filter
Parameters

filter
ChannelIndex
=2

Filter
Parameters

channel
Inde x = 2

channel
IfIn d e x = 1

filter
ChannelIndex
=1

filterIndex
=3

filterIndex
=4

s.

channel
Index =1

filterIndex
=1

co

channelE ntry

.a
lls

Packet Capture Group

Packet capture group is a post-filter group
Buffer control table used to select channels
Captured data stored in the capture buffer table

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

4.6 RMON Token Ring Extension Groups

Promiscuous History
Ri n g St at i o n
Ring Station Order
Ring Station Configuration

tokenRingPHistoryTable

ringStationControlTable
ringStationTable
ringStationControl2Table
Order of the stations ringStationOrderTable
Active configuration ringStationConfigControlTable
of ring stations
ringStationConfigTable
Utilization statistics sourceRoutingStatsTable
of source routing sourceRoutingStats2Table
information

yl
la

So u rc e Ro u t i n g

tokenRingMLHistoryTable

co

Mac-Layer History

tokenRingPStatsTable
tokenRingPStats2Table

s.

Promiscuous Statistics

Tables
tokenRingMLStatsTable
tokenRingMLStats2Table

Function
Current utilization
and error statistics of
Mac Layer
Current utilization
and error statistics of
promiscuous data
Historical utilization
and error statistics of
Mac Layer
Historical utilization
and error statistics of
promiscuous data
Station statistics

bu

Token Ring Group

Statistics

collects
packets

.a
lls

Two statistics groups and associated history groups

MAC
l ay er
(St at i s t i cs
group)
TR parameters
Pro m i s cu o u s
Statistics
group
collects
promiscuously on sizes and types of packets
Three groups associated with the stations. Routing group gathers on routing

4.7 RMON2
Applicable to Layers 3 and above
Functions similar to RMON1
Enhancement to RMON1
Defined conformance and compliance
ATM RMON
ATM Forum extended RMON to ATM. Switch extensions and ATM RMON defines objects
at the base layer. ATM protocol IDs for RMON2 defines additional objects at the higher levels.
ATM devices require cell-based measurements and statistics. Probe should be able to handle
high speed .

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

Application
Layer

Up p e r L a y e r P r o t o c o l s
RMON-2
(RFC 2021, 2074)

Et h e r n e t
RMON
( RF C 1 7 5 7 )

ATM Protocol IDs for

RMON-2
(Additions to RFC 2074)

Network Layer

T o k e n Ri n g
RMON
( RF C 1 5 1 3 )

Switch
Ex t e n s i o n s
f o r RM O N

'Base' Layer

AT M
RMON

Additional MIBs

IETF MIBs

co

Figure 4.5 RMON MIB Framework (1995 ATM Forum)

bu

s.

ATM Probe Location

A TM
Switch

yl
la

A TM
Switch

.a
lls

RMON
Probe

(b) Internal Probe with copy

(a) External Probe with copy

RMON
Probe

ATM Switch
with internal
RMON Probe

A TM
Switch

A TM
Switch
RMON
Probe

(c) Internal Probe without copy

(d) External Probe without copy

Figure 4.6 ATM Probe Location 1995 ATM Forum)

Stand-alone probe in (a) copies the cells

Embedded
v e rs i o n
in
(b)
has no access to switch fabric
Internal probe (c) similar to (b) with access to switch

www.allsyllabus.com

reports

data,

but

vtu.allsyllabus.com

m
co
s.
bu
yl
la
.a
lls
w

Stand-alone probe (d) taps network-to-network

interface between two ATM switches
(a) and (b) require duplex circuits, steering of traffic,
and design modification
Embedded designs (c) and (d) require no
modification

www.allsyllabus.com

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

Chapter 5

Broadband Network Management

Corporate or enterprise

S e r v i c e p ro v i d e r s

Residence or SOHO

Ca bl e
Modem

T el eph on e
Lo op

Cable
M od e m
Head End

Cent r al
Office
E q u i pm e n t

O C- n /
STS-n
Link

Ro ut er /
ATM Switch

Satellite Communication
and/or Telephone Loop

W i r el es s
& Telephone
Lo op

Business
Cus t o m er s

.a
lls

Ro ut er /
A T M S wi t c h

yl
la

S DH / S O NE T
WA N

xDSL
Modem

s.

co

HF C
Net wor k

bu

Cable Modem
Cus t o m er
Net wor k

5.1 Broadband Access Networks

Three categories of customer base

Figure 5.1 Broadband Access Networks

5.2 Broadband Access Technology

Five types of access networks

OC-n / STS-n link

Gateway to service providers (not shown)

HFC / Cable modem

DSL

Wi r e l e s s

www.allsyllabus.com

W i r el es s
Cus t o m er
Net wor k

DS L
Cus t o m er
Net wor k

vtu.allsyllabus.com

www.allsyllabus.com

Fixed wireless

Satellite communication

Access Technologies

HF C

x D SL

Tw oWay

H DS L

V DS L

I SM

M M DS

LMDS

Tel ep h ony Re t u r n

AD S L

Sa t e l l i t e
Communication

Wireless

T wo Way

co

TelephonyReturn

Br o a d b a n d
Ac c e s s
Technology

Tw oWay

s.

OneWay

bu

Figure 5.2 Broadband Access Technologies

yl
la

Hybrid fiber coaxial technology plant / cable modem at customer premises

Telephony
ret u rn
(forward
d i re ct i o n )
direction) telephone

Two-way
downstream
at
and upstream at low frequency band

is
cable,

one-way,
upstream
high

downstream
(rev e rs e

freq u en cy

band

.a
lls

Carries voice, video and data. Upstream bandwidth requirements less compared to downstream
bandwidth. xDSL: Digital subscriber line technology

Asymmetric DSL (ADSL)

High-speed DSL (HDSL)
Very-high speed DSL (VDSL)

Uses existing local loop telephone facilities.Wireless: Terrestrial fixed wireless systems
Instructional scientific and medical (ISM): 902 - 928 MHz (0.5 mile) and 2400 - 2483 MHz
(15 miles). Multichannel multipoint distribution service (MMDS) 2500 - 2686 MHz (35 miles).
Local multipoint distribution service 27,500 - 28,350 MHz and 31,000 - 31,300 MHz (3 miles).

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

Satellite communication, Telephony return is one-way, downstream,

telephone. Two-way downstream and upstream wireless networks.

wireless, upstream

5.3 HFC Network

Fiber - 2 one-way transmission

Coaxial - 2-way transmission

2-way amplifiers

Fiber node: optical - RF conversion

Ethernet

co

Cable
Modem

s.

W AN

Fiber

2-WAY
COAX

Amplifier

.a
lls

ISP

Cable
Modem
TV Monitor

Network Interface Unit

NIU

Workstation

Head end:

Fiber
Node

yl
la

Head
End

bu

Satellite

NIU

NIU

Signals from multiple sources multiplexed

Frequency conversion for local signal

Network interface device (NID) / unit (NIU). Demarcation point between customer
network and service provider networks

Cable modem: RF Ethernet, analog telephony, and video

B ro ad b an d L A N

Asymmetric bandwidth allocation for 2-way communication

RF spread-spectrum that carries multiple signals over HFC

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

RF spectrum allocation to carry multimedia services - voice, video and data

Broadband LAN
Downstream Signal
50 - 860 M H z

He a d
End

Cable
Mo d e m A

Termination

Cable
Mo d e m B

Cable
Modem C

Termination

Upstream Signal
5 - 42 MHz

s.

co

Figure 5.3 Broadband L AN

Di g i t a l

bu

Digital-to-Analog Encoding
Modulated analog

yl
la

Modem

carrier

1
0

.a
lls

time

1
frequency

Ch a n n e l
b a n d wi d t h

Figure 5.4 Digital-to-Analog Encoding

bit rate

s y m b o l rat e

number of levels n = 2k

bit rate = symbol rate x k

Amplitude shift keying

Frequency shift keying

Phase shift keying

Quadrature phase shift keying

Four levels ( 00, 01. 10, 11)

Relatively insensitive to noise

Digital

Modem

www.allsyllabus.com

time

vtu.allsyllabus.com

www.allsyllabus.com

Used for low-band upstream

Quadrature amplitude modulation (not 4-levels)

Combination of AM and PM

16-QAM = 8 PM x 2 AM or 4 PM x 4 AM

Used for higher-band downstream

Cable Modem
HFC uses tree topology

Downstream in broadcast mode

Upstream transmission by cable modem coordinated by head end

Data over cable service specifications (DOCSIS) for cable modem ensures
interoperability

co

s.

One-way cable modem uses telco-return

Up s t r e a m
2 . 5 6 Ms y m/ s e c
1 0 Mb p s
1 0 Mb p s
1 0 Mb p s
1 0 Mb p s

Do w n s t r e a m
5.36 Msym/sec
38 M b ps
38 M b ps
10 M b ps
40 M b ps

.a
lls

yl
la

bu

Toshiba
R CA D C M 1 0 5
Cisco
LANcity
Motorola
Functions of Cable Modem

Equipment at the head end

All cable modems terminated on the head end
Gateway to the external network
Multiplexes and demultiplexes signals
Frequency
converts
upstream
signals
Can be designed either as a bridge or router
HFC Plant

Termination System

to

downstream

Multiple fiber pairs run from head end to fiber node; each pair carries 2 one-way signals
Head end converts all (telephony, digital video, data, and analog video) signals to
optical carrier to transmit on the fiber.
Houses are connected from fiber node via coaxial cables
Coaxial cable are in tree topology and carries 2-way signal
Amplifiers on the coaxial cable have 2-way amplifiers that amplify the signals in both
directions
Drop from coaxial cable to NID (also called NIU) - called Tap-to-TV in CATV

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

R F S pect ru m

G u a rd
B and
42-54 MHz

Anal og
Video
54-550 MHz

Digital
Data Services
5 5 0 - 5 6 0 M Hz

Digital
Video
5 6 0 - 7 0 0 M Hz

T el epho ny
700-750 MHz

Upstream
(R ev e rs e )
5-42 MHz

Downstream (Forward)
5 4 - 7 5 0 M Hz

Digital
D a t a S erv i c es
1 0 - 2 5 M Hz

s.

Telephony
2 5 - 4 0 M Hz

yl
la

bu

Digital
Video Control
6-8 MHz

co

Upstream (Reverse)
5-42 MHz

.a
lls

Figure 5.5 An Example of RF Frequency Assignment

Tel co Return

DOCS Reference Architecture

Head
End

HFC Link

W AN

4
6

Cable
Modem

Subscriber
PC

Video
Cable Modem Data
Termi nation System
(CMTS)
Mod
Swi tc h / Router

Term

Data
Demod

Servers
Operations Support System/
Element Manager

Transmi tter
Fiber
Receiver

Security & Access

Controller

INTERFACES:
1 CMCI
Cable Modem to CPE Interface
2 CMTS-NSI
CMTS Network Si de Interface
3 DOCS-OSSI Data Over Cable Servi ces Operatio ns Support System Interface
4 CMTRI
Cable Modem to Tel co Return Interface
5 DOCSS
Data Over Cabl e Security System
6 RFI
Cable Modem to RF Interface

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

The architecture shows two-way (HFC link) and one-way (HFC link & telco return).
CMTS Components
Video
Cable Modem Data
Termination System
(CMTS)
Mod
Switch / Router

Fiber

Data

Term
Demod

Security & Access

Controller

s.

co

Receiver

Servers
Operations Support System/
Element Manager

Transmitter

.a
lls

yl
la

bu

Switch / router routes the traffic between cable modems and to the external network. It
interfaces to CMTS via the terminator (term). Modulator (mod) and demodulator demod)
transform digital data from and to analog format. Combiner and splitter and filter perform the
complimentary functions of muxing and demuxing. Transmitter converts the RF signals to
optical carrier; receiver down-converts the optical signal. Servers handle the applications and
databases. Security is managed by the security and access controller. OSS and element manager
perform network and service management.

DOCS Interfaces

WA N

Telco Return
4
Head
End

HFC Link

Cable
Modem

Subscriber
PC

Video
Cable Modem Data
Termination System
(CMTS)
Mod
Swi t c h / R o u t er

T e rm

Data
Demod

Servers
Operations Support System/
Element Manager

Security & Access

Controller

www.allsyllabus.com

Transmitter
Fiber
Receiver

vtu.allsyllabus.com

www.allsyllabus.com

Three groups of interfaces:

Data interfaces
Cable modem to CPE (1)
CMTS-NSI (2)
Operations support systems and telco-return
OSS (3)
Telco-return (4)
R F a n d s e c u ri t y
DOCS security system (5)
RF interface (6)

5.4 HFC Management

s.

co

It is more complex than either computer network or telecommunication network. This

involves both physical and data layers. Multiple physical facilities. Legacy cable system.
Multimedia service. It has RF spectrum management. Service and business management is
important for MSOs and customer. Shared media impacts security and bandwidth. Security
and privacy of home network

Ca b l e M o d e m

Modem Applications
SNMP Agent

.a
lls

Ap p l i c a t i o n s ,
SNMP Manager

yl
la

Head End

bu

HFC Protocol Architecture

SN M P

SN M P, F T P,
HTTP, ETC

T C P / UD P

T C P / U DP

T C P / UD P

SN M P, F T P,
HT T P , E T C

IP

IP

ATM
Li nk

SO N ET

Ap p l i c a t i o n s

HF C
Li nk

HF C
Li nk

IP
Et h e r n e t
Li nk

Ethernet
Li nk

Figure 5.6 Protocol La yer Architecture in HFC System

Head end has both NM applications and manager

C ab l e m o d e m s h av e SN M P ag en t s

NMS
can
be
behave as RMONs

regionalized;

then,

www.allsyllabus.com

h e ad

ends

could

vtu.allsyllabus.com

www.allsyllabus.com

CM Management MIBs
mib-2
(internet.2.1)

system (1)

doc s D ev ( 69 )

interfaces (2)

transmission (10)

i f MI B ( 3 1 )

docsTrCmMIB (128)

co

docsIfMib (127)

yl
la

bu

s.

Figure 5.7 Cable Modem Management MIBs

Standard MIBs:

s y s t e m , i n t e rfa c es , i fM I B

CM and CMTS interfaces

docIfMIB
..
RF
Interfaces
base line privacy and QoS

.a
lls

Three categories of MIBs

docsTrCmMIB .. telephony-return interface

CM and CMTS objects

in

docsDevMIB

www.allsyllabus.com

CM

and

CMTS,

vtu.allsyllabus.com

www.allsyllabus.com

DOCS Interface MIB

transmission
(mib-2 10)
docsIfMIB
(127)

docsIfMIBObjects (1)
docsIfNotification (2)

docsQosMIB (6)
docsBpiMIB (5)

docsIfConformance
(3)
docsIfCmtsObjects (3)

docsIfBaseObjects(1)

docsIfCmObjects (2)

docsBpiConformance
(3)

co

docsBpiMIBObjects
(1)

yl
la

bu

s.

docsBpiNotification
(2)

docsQosMIBObjects
(6)

docsQosIpPktClassTable (1)

docsFlowToClassTable (6)

.a
lls

docsQosEthPktClassTable (2)
docsQosServiceClassGroup (3)

docsQosFlowTable (4)

Network Layer

RF MAC Interface

docsSidToClassTable (5)

RF MAC Layer

Downstream1

Upstream1

RF Physical Layer

Figure 5.8 RF MAC Interface

www.allsyllabus.com

U p s t r e a m2

vtu.allsyllabus.com

www.allsyllabus.com

Multiple RF channels upstream and downstream

Layered structure
Specified using RFC 1573 ifMIB

DOCS Cable Device MIB

docsDevMIBObjects 1

docsDevNmAccessTable

docsDevMIBObjects 2

docsDevSoftware

docsDevMIBObjects 3

docsDevServer

docsDevMIBObjects 4

bu

yl
la

.a
lls

docsDevMIBObjects 5

docsDevMIBObjects 6

docsDevFilter

docsDevEvent

docsDevCpe

docsDevBase

Description
Objects of the cable
modem and CMTS device
Extends MIB-II System
Group with objects
needed for cable device
system management
Defines the minimum
level of SNMP access
security
Provides information for
network-downloadable
software upgrades
Provides information
about the progress of the
interaction with various
provisioning servers
Provides control and
logging for event
reporting
Configures filters at link
layer and IP layer for
bridged data traffic
CPE IP management and
anti-spoofing group on
cable modems

co

OID
docsDev 1

s.

Entity
docsDevMIBObjects

docsDevMIBObjects 7

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

HFC Failure Models

Window
(M o d e m v o l t a g e )

Smooth
(C o n n e c t o r l o s s )

co

Sharp
(Signal/Noise)

s.

Event Index

bu

HFC Link Management

Signal strength critical

Requires
continuous
using transponders (CheetahNet)

Legacy system requires proxy server

RF Spectrum Management

.a
lls

yl
la

Allocation
of
upstream and downstream

s p e ct ru m

Frequency agility management

of

for

a m p l i fi e rs

services

30,000

bps

monitoring

DSL Access Technology

Why is DSL attractive?

Sh an n o n
l i mi t
of
(3-KHz, 30 dB S/N channel)

Digital
data rate

transmission

data
over

T1/DS1 (1.544Mbps) 18,000 feet

T2/DS2 (6.312 Mbps)

rate
loop

12,000 feet

www.allsyllabus.com

is
(DSL)

i m p ro v es

vtu.allsyllabus.com

www.allsyllabus.com

DSL Limitations

Loop conditions with no direct copper to the house

Loaded
coils
in
loop
distance) cannot carry digital signal

Modern
subdivisions
or curb with digital mux

Operating
issue)

(used

h av e

c o m p an y

fi b e r
inventory

to

increase

to

the
dated

neighborhood
(administrative

ADSL
Loop

Splitter

Splitter

ATU-R

s.

ATU-C

co

5.5 ADSL Network

B roa db a n d
Ne t w o r k

bu

Voi c e

Voice

yl
la

Figure 5.9 ADSL Access Network

ADSL... Asymmetric Digital Subscriber Line

ATU-C ADSL transmission unit - central office

ATU-C ADSL transmission unit - remote/residence

Splitter separates voice and data

.a
lls

ADSL Spectrum Allocation with Guard Band Modulation Schemes

FDM

Downstream

Upstream

POTS
4 KHz

25 KHz

200 KHz
Frequency

www.allsyllabus.com

analog

1.1 MHz

vtu.allsyllabus.com

www.allsyllabus.com

Carrierless amplitude phase (CAP) modulation

Discrete multiTone modulation (DMT): 4kHz tones

Both CAP and DMT are QAM-based

DMT outperforms CAP

10-to-1 upstream throughput

Rate adaptive

On-going active monitoring

Maximum loop variation coverage

Standard and hence interoperability

co

4-to-1 downstream throughput

s.

yl
la

TR-014
TR-015
TR-016

A DS L F o r u m S y s t e m R e f e r e n c e M o d e l
A DS L N e t w o r k E l e m e n t M a n a g e m e n t S y s t e m
SNMP-based ADSL LINE MIB; see also draftietf-adslmib-adsllinemib-09.txt
DMT Line Code Specific MIB
CAP Line Code Specific MIB
CMIP-based Network Management Framework

.a
lls

TR-001
TR-005
TR-006

bu

ADSL Forum

ADSL Forum is an industry consortium to

achieve interoperability

accelerate implementation

address end-to-end system operation

s e c u ri t y

m an ag e m en t

Physical layer standard T1-413 (ANSI)

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

VDSL Network

Central
Office

Fiber

Optical
Network
Unit

Twisted
Pair

VDSL

VDSL

Home
Network

co

Used in FTTN configuration. Asymmetric band allocation (similar to ADSL). Fiber

carries multiple channels to ONU. Channels demultiplexed at ONU and carried to customer
premises on multiple twisted pairs. Shorter distance of twisted pairs permission of higher data
rate - 55.2 Mbps downstream and 2.3 Mbps upstream

s.

ADSL Network
Private
Network

Premises
Network

bu

Public
Network

A D S L A c c e s s N e tw o rk

Service
Systems

Broadband
Network

Access
Node

Narrowband
Network

.a
lls

O n - l in e S e r v ic e s
I n t e r n e t Ac c e s s
L A N Ac c e s s
Intera cti ve V ideo
Video Conf

OS

yl
la

OS

Packet
Network

ATU-C

ATU-R

A DS L
LLLLL
L

ADSL

STM

Packet
STM

Packet

ATM

ATM

Tran s po r t M o des

ATM

ADSL
AT M
ST M
TE
OS
PDN
SM

Asynchronous Digital Subscriber Line

Asynchronous Transfer Mode
S ynchronous Transfer Mode
T erminal Equipment
Operations System
Premises Distri buti on Network
Service Module

Figure 5.10 Over all Network and AD SL

Transport Modes

Synchronous transport mode (STM)

Bit synchronous transmission ( T1/E1)

End-to-end packet mode

www.allsyllabus.com

PDN

SM
Settop

TE (s)
TV

SM
PC I/O

TE (s)
PC

SM
ISDN

TE (s)
ISDN

vtu.allsyllabus.com

www.allsyllabus.com

Used for SOHO (IP packets)

ATM / STM
ATM
WAN
STM access network

(Public

network)

and

ATM / Packet
ATM WAN and packet access network (IP)

End-to-end ATM

Interfaces
An interface can have multiple physical connections
V interface
VC
interface
between
acces s
external network and interfaces
U
interfaces
o ff
the
splitters;
Will
be
ADSL-Lite
POTS interfaces - low pass filter interfaces for POTS
T and B are customer premises network interfaces
T between PDN and service modules
B auxiliary data input (e.g., satellite feed)
ADSL Channeling Schemes

node

and

eliminated

with

Transport bearer channels

Seven
AS
downstream
- multiples (1-, 2-, 3- or 4-) T1 rate of 1.536 Mbps

ch an n el s

Three
LS
- 160. 384, and 576 Kbps

channels

.a
lls

yl
la

bu

s.

co

duplex

B u f f e ri n g s c h e m e
Fast channel: uses fast buffers for real-time data
Interleaved channel: used for non-real-time data
Both
fast
and
same physical channel

interleaved

channels

www.allsyllabus.com

c a rri ed

on

the

vtu.allsyllabus.com

www.allsyllabus.com

5.6 ADSL Management

T-R

V-C

T/S

Se r v i c e
Module

Network Termination
Broadband PHY
Network Layer

Switch

ATU-C

ATU-R

S wi t c h

PH Y
Layer

Home
Ne t w o r k

U-C2

Se r v i c e
Module

U-R2
Hi g h
Pa s s
Filter
Loop
U-CU-R

L ow
Pa s s
Fi l t er

POTS

Splitter-R

Telephone Set
or
Voice-Band Modem

s.

Splitter-C

Lo w
Pa s s
Filter

PS T N

co

PS T N

High
Pa s s
Filter

.a
lls

yl
la

bu

Interfaces:
T-R Interface between ATU-R and Switching layers
T/S Interface between ADSL Network Termination and customer installation or home network
U-C Interface between Loop and ATU-C (analog)
UC2 Interface between POTS splitter and ATU-C
U-R Interface between Loop and ATU-R (analog)
U-R2 Interface between POTS splitter and ATU-R
V-C Logical interface between ATU-C and a digital network element such as one or more switching systems

Figure 5.10 ADSL Forum System Reference Model for Management

Management Elements

Management of elements done across V-interface:

Management
across V-interface

communications

protocol

Management
across U-interfaces

communications

protocol

Parameters and operations across ATU-C

Parameters and operations across ATU-R

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

ATU-R side of the T interface

Note
addition
of
physical
m a n a g e m e n t a r c h i t e c t u r e r e p r e s e n t at i o n

Management of physical layer involves:

Fa s t ch an n el

Interleaved channel

switching

in

the

DMT

CAP

co

Management of type of line encoding

Signal Power and Data Rate Mgmt

yl
la

bu

Physical channel

and

s.

layer

Maximum noise margin

Reduce power

Upshift noise margin

Target noise margin

.a
lls

Increase rate if noise margin > Upshift noise margin

Steady state operation
Steady state operation

Decrease rate if noise margin < Downshift noise margin

Downshift noise margin

Minimum noise margin

Increase power

Figure 5.11 Noise Margins

Five levels of noise margin

Signal power controlled by noise margin

Data
rat e:
threshold margins

In c re as e

or

www.allsyllabus.com

d e c re as e

b as ed

on

vtu.allsyllabus.com

www.allsyllabus.com

Data
rat e
adaptation
automatic at start-up (2), and dynamic (3)

m o d es :

Manual

Configuration Management Parameters

Pa r a m e t e r
ADSL Li ne type

Component Line
Descri ption
ADSL Line N/A Five types: no channel, fast,
i nterl eaved, either or both
ADSL Line N/A ADSL coding type
A T U- C/ R
Phy Noise margin under steady
state (BER= <10-7)
A T U- C/ R
Phy Modem reduces power above
this threshold
A T U- C / R
P h y M o d e m i n c r e a s es p o w e r b e l o w
this margin
A T U- C/ R
Phy Mode 1: Manual
Mode 2: Select at start-up
Mode 3: Dynamic
A T U- C/ R
Phy Threshold for modem incr eases
d at a r at e
A T U- C/ R
Phy Ti me i nterval to upshi ft

ADSL Li ne coding
Target noise margin
Max. noi se margin
Min. noi se margin

A T U- C/ R
A T U- C/ R
A T U- C / R
A T U- C/ R
A T U- C/ R

Max. i nterleave delay

A T U- C/ R

.a
lls

A T U- C/ R

A T U- C / R
A T U- C/ R
A T U- C/ R
A T U- C/ R
A T U- C/ R

Rate up threshold
Rate down threshold
Vendor ID
Version No.
Serial No.

Alarm threshol ds

F/I Max rates for ATU-C/R

F/I Min. rates for ATU-C/R
Phy Di stri buti on ratio between fast
and i nterl eaved channels for
avail able excess bit r ate
F/I Max. transmissi on delay
allowed by i nterleavi ng process
Phy 15-mi nute count threshold on
loss of signal, frame, poser and
error-seconds
F/I Rate-up change al arm
F/I Rate-down change alarm
Phy Vendor ID assi gned by T1E1.4
Phy Vendor specific versi on
Phy Vendor specific Serial No.

yl
la

Min. time interval for downshift

rate adaptati on
Desired max. rate
Desired min. rate
Rate adaptati on ratio

Phy Threshold for modem

decreases data rate
Phy Ti me i nterval to downshift

s.

Min. ti me interval for upshift

rate adaptati on
Downshift noi se margin

bu

Upshift noise margin

co

Rate adaptati on mode

Fault Management
Parameter
ADSL Line status

Component
ADSL Line

Line
Phy

Alarms thresholds

ATU-C/R

P hy

Unable to initialize ATU-R

ATU-C/R

P hy

R a te c h a n g e

ATU-C/R

P hy

Description
Indicates operational and
various types of failures of
the link
Generates alarms on failures
or crossing of thresholds
Initialization fail ure of ATU-R
from ATU-C
Event generati on when rate
changes when crossi ng of
shift margins in both
upstream and downstream

www.allsyllabus.com

(1),

vtu.allsyllabus.com

www.allsyllabus.com

Failure indication of physical channel by NMS

Failure indication of logical channels

Failure indication of ATU-C/R

Self-test of ATU-C/R as per T1.413

Noise margin threshold alarms

Rate change due to noise margin

Line
Phy

Noise margin

A T U- C / R

Phy

Total output power

A T U- C / R

Phy

Max. attainable rate

A T U- C / R

Phy

A T U- C / R

F /I

A T U- C / R

F /I

A T U- C / R

F /I

A T U- C / R

F /I

A T U- C / R

Phy
F/I

Previ ous rate

Channel data block l ength

Interl eave delay

St at i s t i c s

s.

bu

.a
lls

Current rate

Descripti on
Measured power loss in dB
from transmitter to receiver
AT U
Noise margin in dB of the
ATU with respect to received
signal
Total output power from the
modem
Max. currently attai nable
dat a r at e by t h e m o de m
Current transmit rate to
which the modem is adapted
Rate of the modem before
the last change
Data block on which CRC
check is done
Transmit delay introduced
by the interleavi ng process
15 minute / 1 day failure
statistics

Co m p o n e n t
A T U- C / R

co

P a ra m e t e r
Line attenuation

yl
la

Performance Management

A DS L S N M P M I B
handled
Su b -l ay e rs
ifStackTable {ifMib.ifMIBObjects 2} (RFC 1573)
P ro p o s e
adslPhysIf
::=
adslInterIf
::=
adslFastIf ::= {transmission 125}

www.allsyllabus.com

by

{transmission
{transmission

ifMIB
ifTypes
94}
124}

vtu.allsyllabus.com

www.allsyllabus.com

adslF orum
(1.3.6.1.4.1.xx)
adslMIB
(1 )
adslLineMib
(1 )

adslTraps (2)

adslCon formance (2)

adslMibObjects(1)

adslLineT able
( 1)
adslAtucPhysT able (2)

adslLineAlarmConfProfileT able(15
adslLineConfProfileT able(14)
adslAturC hanInterv alTable (13)

co

adslAturPh ysTable (3)

adslAtucCha nT able (4)

adslAtucChanIntervalT able(12)
adslAturC hanP erfDataT able (11)

adslAturC hanT able (5)

adslAtucPerfDataT able (6)
adslAturPerfDataT able (7)

s.

adslAtucChanP erfD ataT able (10)

adslAturIntervalT able (9)

bu

adslAtucIntervalT able (8)

yl
la

adslLCSMi b (16)

adslDMT Mib (1)

adslCAP Mib (1)

.a
lls

Figure 5.12 ADSL SNMP MIB

Proposed IF Types

Higher Layer IF
(e.g.: ATM)

Higher Layer IF
(e.g.: ATM)

Fast Channel IF
(ATU-C & ATU-R)
ifType = Fast (125)
ifIndex = k

Interleaved Channel IF
(ATU-C & ATU-R)
ifType = Interleaved (124)
ifIndex = j

Physical Line IF
(ATU-C & ATU-R)
ifType = ADSL (94)
ifIndex = i
Figure 5.13 Relationship between ADSL Entries

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

ADSL Interfaces Table

ifDescr
ifType (IANA)
ifSpeed

NOR M A L
94
ATU-C Line Tx
rate
NU L L
NOR M A L
NOR M A L
NOR M A L
NOR M A L
(default: Enable)
True
NU L L

P e r f o r m a n c e p r o fi l e

Alarm profile

Traps

Generic
Loss of frame
Loss of signal
Loss of power
Error-second threshold
Data rate change
Loss of link
ATU-C initialization failure

yl
la

Configuration profile

.a
lls

ADSL Profiles Management

bu

s.

ifPhyAddress
ifAdminStatus
ifOperStatus
ifLastChange
ifLinkUpDownTrap
Enable
ifConnectPresent
ifHighSpeed

Interleaved
Channel (j)
N ORM A L
124
ATU-C channel
Tx rate
N UL L
N ORM A L
N ORM A L
N ORM A L
N ORM A L
(default: Enable)
False
N UL L

Fast
Channel (k)
NO R M A L
12 5
ATU-C channel
T x r a te
NULL
NO R M A L
NO R M A L
NO R M A L
NO R M A L
(default: Enable)
False
NULL

Physical Line (i)

co

MIB Variable

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

Configuration Profile: Mode I - Dynamic

ADSL-Line

i f T abl e

Configuration
Profile Table

profileIndex

i1

ADSL Line Entry

j1

Interleav ed Chan

k1

Fast Chan Entry

i2

ADSL Line Entry

j2

Interleav ed Chan

k2

Fast Chan Entry

Profile-1

Profile-2

Profile-n

ix

ADSL Line Entry

jx

Interleav ed Chan

kx

s.

Fast Chan Entry

bu

co

i f I ndex

Figure 5.14 Use of Profiles in MODE-I (Dynamic)

ifIndex

i1
j1

j2

Interleaved Cha n

jx
kx

i1
Profile-i1

Fast Ch an E ntry

ADSL Line Entry

ix

Configuration
Profile T able

Interleaved Cha n

i2

k2

profileIndex

ADSL Line Entry

k1

ifTable

.a
lls

ADSL-Line

yl
la

Configuration Profile: Mode II - Static

i2

Profile-i2

Fast Ch an E ntry

ADSL Line Entry

ix

Interleaved Cha n
Fast Ch an E ntry

Figure 5.15 Use of Profiles in M ODE-II (St atic)

www.allsyllabus.com

Pro file-in

vtu.allsyllabus.com

www.allsyllabus.com

Chapter 6
Network Management Applications

Network and Systems Management

Business
Management

Service
Management

System
Management

co

Network
Management

System
Resources

yl
la

Network
Elements

bu

s.

Element
Management

.a
lls

Networked Information Systems

Figure 6.1 Network and System Management

T M N a rch i t e ct u re ex p an d e d t o i n cl u d e s y s t e m s m an ag e m en t

Management Applications
OSI Model

Configuration
Fau l t
Pe rfo r m an c e
S e c u ri t y
Accounting

R e p o rt s

Service Level Management

Policy-based management

www.allsyllabus.com

Resource
Management

vtu.allsyllabus.com

www.allsyllabus.com

6.1 Configuration Management

Network Provisioning

Inventory Management
Equipment
Facilities

Network Topology

Database Considerations

Circuit Provisioning

s.

co

Network Provisioning is provisioning of network resources such as design,

installation and maintenance. It is Circuit-switched network. Packet-switched network,
configuration for Protocol , Performance, QoS .

Examples:

yl
la

bu

ATM networks

R e co rd

Keeping

.a
lls

TIRKS
(Trunk
In t eg rat ed
System) for circuit-switched networks
E1 in TIRKS for equipment management

F1 in TIRKS for facilities management

Network Topology

It is Manual. Auto-discovery by NMS using Broadcast ping, ARP table in devices.

Mapping of network is by Layout, Layering. The Views are Physical and Logical.
Traditional LAN Configuration
One-to-one mapping between physical and logical configuration

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

Hu b 1
Port A
S egm ent A

A1
A2

Router

Port B
Segment B

B1
Hu b 2

Figure 13.2 LAN P hysical Configuration

A1

B2

A2

Segment A / H ub 1
Router

co

Segment B / H ub 2

B2

s.

B1

bu

Figure 6.2 Logical Configur ation of T wo LAN Segm ents

.a
lls

yl
la

Virtual LAN Configuration

A1
B1

Segment B

Port A / Segment A
Port A / Segment B

Segment A

Router

Hu b 1
Segment A

Switch

A2

Segment B
Hu b 2

Figure 6.3 VLAN Physical Configuration

www.allsyllabus.com

B2

vtu.allsyllabus.com

www.allsyllabus.com

A1 (Hub 1)

A2 (Hub 2)
Se g m e n t A / H u b 1 & 2

Router

switch
Se g m e n t B / H u b 1 & 2

B2 (Hub 2)

B1 (Hub 1)
Figure 6.4 Lo gical Configuration of Two VLAN Segments

Physical and logical configurations different. Physical location obtained from System group

Fault is a failure of a network component

Results in loss of connectivity

Fault management involves:

s.
bu

Fault detection
Polling

Traps: linkDown, egpNeighborLoss

yl
la

.a
lls

co

6.2 Fault Management

Fault location

Detect all components failed and trace down the tree topology to the source. Fault
isolation by network and SNMP tools. Use artificial intelligence / correlation techniques.
Restoration of service. Identification of root cause of the problem. Problem resolution.

6.3 Performance Management

Tools

Performance Metrics

Data Monitoring

Problem Isolation

Pe rfo rm an c e St at i s t i cs

Tools:

Protocol analyzers

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

R MO N
M RT G

Performance Metrics
Macro-level

Micro-level

Bandwidth
Utilization
Error rate
Peak load
Average load

co

s.

Throughput
Response time
Availability
Reliability

bu

yl
la

6.4 Traffic Flow Measurement

Network Characterization

Four levels defined by IETF (RFC 2063)

Three measurement entities:

.a
lls

Meters gather data and build tables

Meter readers collect data from meters

Managers oversee the operation

Meter MIB (RFC 2064)

NetrMet - an implementation(RFC 2123)

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

International
Backbones / N atio nal

Regional / Midlevel

Stub / Enterprise

End-Systems / Hosts

co

Figure 6.4 Tr affic Flow Measure me nt Network Characteriz ati on

bu

Normal behavior

Abnormal
behavior
high packet loss, etc)

Se t
up
t rap s
(e.g.,
p a ram et e rs
in RMON on object identifier of interest)

Set up alarms for criticality

Manual and automatic clearing of alarms

excessive
in

collisions,
alarm

group

.a
lls

yl
la

(e . g . ,

Data monitoring

Problem isolation

s.

Data Monitoring and Problem Isolation

Manual mode using network and SNMP tools

Problems
in
tracking down the topology

Automated mode using correlation technology

multiple

Performance Statistics

Traffic statistics

Error statistics

www.allsyllabus.com

components

needs

vtu.allsyllabus.com

www.allsyllabus.com

Used in

B a s i c el e m en t s

Detection and filtering of events

Correlation of observed events using AI
Localize the source of the problem
Identify the cause of the problem
Techniques

.a
lls

yl
la

bu

s.

Rule-based reasoning
Model-based reasoning
Case-based reasoning
Codebook correlation model
State transition graph model
Finite state machine model
Rule-Based Reasoning

co

QoS tracking
Performance tuning
Validation of SLA
Trend analysis
Facility planning
Functional accounting
6.5Event Correlation Techniques

Data Level

Create
new data
elements

Working Memory

Recognize

Modify
attributes
of data
elements

Remove
data
elements

Inference Engine

Match
potential
rules

Select
best
rule

Act

Invoke
action

Knowledge Level

Figure 6.5 Basic Rule-Based Reasoning Paradigm

www.allsyllabus.com

Control Level

Knowledge Level

vtu.allsyllabus.com

www.allsyllabus.com

Knowledge base contains expert knowledge on problem symptoms and actions to be taken
if
-> then, condition ->
action. Working memory contains topological and
state information of the network; recognizes system going into faulty stat e. Inference engine in
cooperation with knowledge base decides on the action to be taken. Knowledge executes the
action
Rule-Based Reasoning

knowledge

base

poses
instability
g re en
yellow
red

bu

s.

Ru l e - b as ed p a rad i g m i s an i t e rat i v e p ro c es s
RBR is brittle if no precedence exists
An
exponential
growth
in
problem in scalability
Problem
with
i f p a ck et l o s s < 1 0 %
al a rm
if packet loss => 10% < 15%
alarm
if packet loss => 15%
alarm
Solution using fuzzy logic

co

yl
la

Configuration for RBR Example

.a
lls

Ba c k b o n e
Ro u t e r A

Al a r m A

Al a r m B

Hu b C

Al a r m C

Ro u t e r B

Server D1

S e r v e r D2

Server D3

Figure 6.7 RBR-Based Correlation Example Scenario

www.allsyllabus.com

Server D4

Alarms Dx

vtu.allsyllabus.com

www.allsyllabus.com

Model-Based Reasoning

NMS / Correlator

Backbone
Network
Router
Model

Hub2

Hub2
Model

Hub1
Model

Hub3

Hub3
Model

co

Hub1

Router

Equivalent Model

s.

Physical Network

bu

Figure 6.8 Model-Based Reasoning Event Correlator

Object-oriented model
Model is a representation of the component it models
Model has attributes and relations to other models
Relationship
between
o b j e ct s
reflected
relationship between models
Case-Based Reasoning

in

Case
Library

.a
lls

yl
la

Input

Retrieve

Adapt

Process

Figure 6.9 General CBR Architecture

Unit of knowledg

RBR

rule

www.allsyllabus.com

similar

vtu.allsyllabus.com

www.allsyllabus.com

CBR

case

CBR based on the case experienced before;extend to the current situation by adaptation

Three adaptation schemes

Parameterized adaptation

Abstraction / re-specialization adaptation

Critic-based adaptation

CBR: Abstraction / Re-specialization

bu

s.

co

Trouble: file_transfer_throughput=F
Additional data: none
Resolution: A=f(F), adjust_network_load=A
Resolution status: good

.a
lls

yl
la

Trouble: file_transfer_throughput=F
Additional data: none
Resolution: B=g(F), adjust_network_bandwidth=B
Resolution status: good

Trouble: file_transfer_throughput=F
Additional data: adjust_network_load=no
Resolution: B=g(F), adjust_network_bandwidth=B
Resolution status: good

Abstraction / Re-specialization Adaptation

Two possible resolutions

A = f(F )

Adjust network load level

B = g (F)

Adjust bandwidth

Resolution based on constraint imposed

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

CBR-Based Critter
Network

Spectrum
Configuration
Management
Fault
Detection

CRITTER
Fault Management
Fault Resolution
Case
Library

Application
Techniques

Process

User-based
Adaptation

bu

s.

Determinators

Propose

Adapt

Retrieve

co

Input

User

yl
la

Figure 6.10 CRITTER Architecture

CRITTER is CBR-based trouble resolution system

Integrated with Cabletron Spectrum NMS

P ro p o s e
is
additional
architecture; permits manual intervention

(5th)

module

to

C BR

.a
lls

Codebook Correlation Model: Generic Architecture

Configuration
Model

Event
Model
Correlator

Network

Monitors

www.allsyllabus.com

Problems

vtu.allsyllabus.com

www.allsyllabus.com

Monitors capture alarm events. Configuration model contains the configuration of

the network Event model represents events and their causal relationships. Correlator correlates
alarm events with event model and determines the problem that caused the events
Codebook Approach
Correlation algorithms based upon coding approach to even correlation. Problem
events viewed as messages generated by a system and encoded in sets of alarms. Correlator
decodes the problem messages to identify the problems.
Two phases:
Codebook
P ro b l e m s
to
be
selection
phase:
monitored
identified
and
the
symptoms
they
g en e rat e
a re
associated
with
the
problem.
This generates codebook (problem-symptom matrix)

2.

Correlator
compares
and identifies the problem.

s.

events

with

codebook

bu

alarm

co

1.

yl
la

Causality Graph
E5

E6

E7

.a
lls

E4

E2

E3

E1

Figure 6.11 Causality Graph

Each node is an event

An event may cause other events
Directed
edges
start
terminate at a resulting event
Picture
causing
resulting events as symptoms

at

events

www.allsyllabus.com

causing
as

event
problems

and
and

vtu.allsyllabus.com

www.allsyllabus.com

Labeled Causality Graph

S1

S2

S3

P1

P2

P3

S4

co

Figure 6.12 Labeled Causality Graph

Ps are problems and Ss are symptoms

P1 c au s es S1 an d S2

Note
d i re ct ed
edge
from
S1
S2 is caused directly or indirectly (via S1) by P1

S2 could also be caused by either P2 or P3

to

S2

removed;

g ra p h

after

removing

Codebook

P1
1
1
0
0

P2
1
1
1
0

P3
0
1
1
1

S1
S2
S3
S4

.a
lls

yl
la

bu

s.

Codebook is problem-symptom matrix

It
is
d e ri v e d
from
causality
directed edges of propagation of symptoms

Number of symptoms => number of problems

2 rows are adequate to identify uniquely 3 problems

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

Correlation Matrix
S1
S3

P1
1
0

P2
1
1

P3
0
1

Correlation matrix is reduced codebook

Correlation Graph
S3

P3

s.

P2

bu

P1

co

S1

.a
lls

Generalized Causality Graph

yl
la

Figure 6.13 Correlation Graph for

11

10
5

7
6
3

(a) Event Causality Graph

Causality graph has 11 events - problems and symptoms. Mark all nodes that have onl y
emerging directed edges as problems - Nodes 1, 2, and 11. Other nodes are symptoms.

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

P-S Causality Graph

S
S

S
9

10

P
5

11
8
7

S
6
3

2
P

co

(b) Pr oblem-Symptom Causality Graph

Symptoms
3,
4,
o n e s y mp t o m, s a y 3

are

S7
and
S1 0
h en c e i g n o red

S8
causes
S9.
Keep
S9
and
for
this
would
be
more
obvious
reduction of codebook to correlation matrix

bu

and

s.

To reduce causality graph to correlation graph:

c au s e d

by

.a
lls

yl
la

are

cyclical:
S3

eliminate
if
we

11

Correlation Graph and Matrix

Figure 6.14 Correlation Graph

www.allsyllabus.com

and

rep l a c e

with

S5

and

S8;
go

reason
through

vtu.allsyllabus.com

www.allsyllabus.com

S3
S6
S9

P1
1
0
1

P2
1
1
0

P11
1
0
1

Codebook Enhancements

Codebook
d e s c ri b e d
so
far
as s u m es
distance of 1 for uniqueness
Noise affects accuracy
Increase Hamming distance to >1
Probability
of
a
problem
causing
a
assumed
as
1.
It
can
be
m ad e
Si
=
be more realistic
State Transition Model
Used in Seagates NerveCenter correlation system
Integrated in NMS, such as OpenView
Used to determine the status of a node

bu

s.

co

ping

.a
lls

response

yl
la

ping node

receive response

Figure 6.15 State Transition Diagram for Ping / Response

State Transition Model Example

NMS / Correlator

Backbone
Network

Router

Hub1

Hub2

Physical Network

www.allsyllabus.com

Hub3

Hamming

symptom
Pr(Pj )
to

vtu.allsyllabus.com

www.allsyllabus.com

NMS pings hubs every minute

Failure indicated by the absence of a response

State Transition Graph

ping hub

response

pi ng

r ec ei v e r es p o ns e

No r es p ons e

co

pinged twice
(Ground stat e)

s.

No r es p ons e

bu

pinged 3 times

No r es p ons e

ping router

yl
la

Re qu es t

No r es p o ns e
from Router,
No action

r ec ei v e r es p o ns e
from router

Res po ns e

.a
lls

Res ponse received

from Router

Action: Send Alarm

F i g u r e 6 . 1 6 S t at e T r a n s i t i o n G r a p h E x a m p l e

S er v er

Client

Finite State Machine Model

Re qu es t
M es s ag e

S en d R e qu es t

Res p ons e

Re qu es t

Rec ei v e R es p ons e

Comm unication
Ch an nel

Res po ns e
M es s ag e

Figure 6.17 Communicating Finite State Machine

www.allsyllabus.com

Rec ei v e R eq u es t

S en d

Rec ei v e

S en d R es po ns e

vtu.allsyllabus.com

www.allsyllabus.com

Finite state machine model is a passive system; state transition graph model is an active
system. An observer agent is present in each node and reports abnormalities, such as a Web
agent. A central system correlates events reported by the agents. Failure is detected by a node
entering an illegal state
6.6 Security Management

Security threats
Policies and Procedures
Resources to prevent security breaches
Firewalls
Cryptography
Authentication and Authorization
Client/Server authentication system
Message transfer security
Network protection security

co

bu

s.

Security Threats

.a
lls

yl
la

Modification of information
Masquerade
Message stream modification

Management
Entity A

Management
Entity B

Disclosure
Figure 6.18 Security Threats to Management Information

SNMPv3 addressed security threats using USM (user-based security model). USM has two
modules:

Authentication module

One-to-one
configuration

mapping

between

P ri v a c y m o d u l e

Data confidentiality

www.allsyllabus.com

physical

and

logical

vtu.allsyllabus.com

www.allsyllabus.com

Message timeliness

M e s s ag e p ro t e ct i o n
Policies and Procedures
Basic guidelines to set up policies and procedures:
1.
2.
3.
4.

Identify what you are trying to protect.

Determine what you are trying to protect it from.
Determine how likely the threats are.
Implement measures, which will protect your assets in a cost-effective manner.

Review the process continuously and make improvements to each item if a weakness is found
R e fe ren c e s :
Formal statement of rules for protecting
2196)

organizations technology and assets (RFC

Introduction to Firewalls (NIST)

Orange Book by National Computer Security Center (NCSC) rates computers based on
security design features

.a
lls

Secured Communication Network

yl
la

bu

s.

co

Client A

Se c u r e d
Ne t w o r k A

F i r e wa l l
Gateway

Cl i e n t B
Rout er

Se r v e r A

Ne t w o r k B

Figure 6.19 Secured Communication Network

Firewall secures traffic in and out of Network A

Security breach could occur by intercepting the message going from B to A, even if B
has permission to access Network A

Most systems implement authentication with user id and password

Authorization is by establishment of accounts

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

Firewalls

Protects a network from external attacks

Controls traffic in and out of a secure network

Could be implemented in a router, gateway, or a special host

Reduces risks of access to hosts

Controlled access
Eliminates annoyance to the users
Protects privacy (e.g. finger)
Hierarchical
implementation
and technology (e.g. finger)
Packet Filtering Firewall

policy

and

co

of

B e n e fi t s

SM T P G at e w ay

yl
la

Ethernet

FTP Gateway

Packet Filtering
Ro u t e r

I nt e rn et

.a
lls

S c ree ne d
SMTP & FTP

bu

s.

Trash

Secured Network

Figure 6.20 Packet Filtering Router

Uses protocol specific criteria at DLC, network, and transport layers.Implemented

in routers - called screening router or packet filtering routers.
Filtering parameters:

Source and/or destination IP address

Source
and/or
address, such as ftp port 21

destination

TCP/UDP

Multistage screening - address and protocol. Works best when rules are simple.

www.allsyllabus.com

port

vtu.allsyllabus.com

www.allsyllabus.com

Application Level Gateway

Secured
Network

Secured
LAN

Firewall 1

Firewall 2

Internet

Proxy
Services
Application
Gateway
Figure 6.21 Application Level Gateway

yl
la

Secure communication requires

Integrity protection: ensuring that the message is not tampered with

Authentication validation: ensures the originator identification

.a
lls

bu

s.

co

Firewalls 1 and 2 route traffic only from and to the secured LAN
Secured LAN is gateway LAN
Behavior of application gateway dependent on the application
FTP traffic stored and forwarded after validation
TELNET hosts validated for the session and then direct communication established
Cryptography

S e c u ri t y t h r e a t s

Modification of information
Masquerade
Message stream modification
Disclosure
Hardware and software solutions

Most secure communication is software based

Secret Key Cryptography

Plaintext

EncrypStieocnret Key

Transmission
Channel
C i p h e rt e x t

DecryptiSoencret Key

Figure 6.22 Basic Cryptographic Communication

www.allsyllabus.com

Plaintext

vtu.allsyllabus.com

www.allsyllabus.com

Caesar cipher: each letter replaced by another letter, which is three letters behind in the
alphabet
Maximum of 26 attempts to decode Caesar cipher
Monoalphabetic cipher: Replace a letter with another randomly chosen; Maximum
attempts to decode 26!
One secret key is needed between each pair
Two standard algorithms for secret key:

DES
(Data
Encryption
64-bit message blocks and 56-bit key
IDEA
(International
Data
Encryption
64-bit message blocks and 128-bit key

Message block derived using CBC (Cipher Block Chaining)

Principle
b as ed
on
rearranging
the
times based on predetermined algorithm and secret key

blocks

Algorithm):

several

co

St an d a rd ):

bu

s.

Public Key Cryptography

En c r y p t i o n

Plaintext

yl
la

Transmission
Ch a n n e l

Ciphertext

Private Key

Plaintext

.a
lls

Public Key

Decryption

Asymmetric cryptography - public and private key

Public key is distributed by the receiver to the senders to encrypt the message.
Private key is used by receiver to decode ciphertext
Mailbox analogy
Commonly used public key is RSA (Rivest, Shamir, and Adleman); 512-bit key, variable
block size
RSA less efficient than DES and IDEA; used to encrypt secret key

Figure 6.23 Public Key Cryptographic Communication

Message Digest

Message digest is a cryptographic hash algorithm added to a message

One-way function
Analogy with CRC
If the message is tampered with the message digest at the receiving end fails to validate

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

MD5 (used in SNMPv3) commonly used MD

MD5 takes a message of arbitrary length (32-Byte) blocks and generates 128-bit
message digest
SHS (Secured Hash Standard) message digest proposed by NIST handles 264 bits and
generates 160-bit output

Digital Signature
Plaint ext

Plaint ext
Plaintext

Ri t a' s P ubl i c K ey ( R)

Ian's Private Key (S)

Digital
Signature

Plaintext

Encryption

Rita's Private Key (R)

Transmission
Chan nel

Decryption

Signature
Validation

s.

co

Signed Ciphert ext

I a n ' s P u b l i c K ey ( S )

Principle reverse of public key

Signature created using private key and validated using public key
Digital signature is a message digest generated from plaintext and private key by a
hashing algorithm
Digital signature is concatenated with the plaintext and encrypted using public key

.a
lls

yl
la

bu

Figure 6.24 Sign ed Public Key Cr yptogra phic Co mmunicati on

Authentication verifies user identification

Client/server environment

Ticket-granting system
Authentication server system
Cryptographic authentication
Messaging environment

Authentication and Authorization

e-mail
e-commerce
Authorization grants access to information

Read, read-write, no-access

Indefinite period, finite period, one-time use

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

Ticket-Granting System

Kerberos

Client
Workstation

User
Inp ut

Authentication
Server

Application
Server /
Service

Tick etGranting
Server

co

Figure 6.26 Tick et-Granting System

s.

Authentication Server

bu

Client
W o rk s t a t i o n

Authentication

yl
la

User
I nput

A u t h e n t ic a t i o n
Server
P rox y S e rv er

.a
lls

S e r v ic e

A p p l ic a t i o n
Server /
S erv i c e

Authentication

Figure 6.27 Authentication Server

Architecture of Novell LAN

Authentication server does not issue ticket
Login and password not sent from client workstation
User sends id to central authentication server
Authentication
s e rv er
a ct s
as
p ro x y
and authenticates the user with the application server
Process transparent to the user

www.allsyllabus.com

agent

to

the

cl i en t

vtu.allsyllabus.com

www.allsyllabus.com

Message Transfer Security

Messaging one-way communication

Secure
an d s e cu red

Three secure mail systems

m e s s ag e

needs

to

be

Privacy Enhanced Mail (PEM)

Pretty Good Privacy (PGP)

X-400:
OSI
specifications
framework; not implementation specific

Privacy Enhanced Mail

Developed by IETF (RFC 1421 - 1424)

End-to-end cryptography

Provides

d e fi n e

yl
la

bu

s.

that

co

authenticated

Confidentiality

Authentication

Message integrity assurance

Non repudiation of origin

.a
lls

Data
encryption
key
public
key-based
ag re ed u p o n m et h o d

PE M
processes
m e s s ag e en co d i n g

(DEK)
co u l d
originator

be
and

secret

or
receiver

b as ed

on

MIC-CLEAR (Message Integrity Code-CLEAR)

MIC-ONLY

ENCRYPTED

www.allsyllabus.com

cryptography

and

vtu.allsyllabus.com

www.allsyllabus.com

PEM Processes

MIC
Encrypted DEK
Text

User Plaintext

SMTP Format
Conversion

SMTP
Text

MIC
Generator

MIC-CLEAR
PEM

MIC/DEK

e-mail
System

MIC
Encrypted DEK

(a) MIC-CLEAR PEM Process

SMTP Format
Conversion

SMTP
Text

Encoder
(Printable
code)

MIC
Generator

Encoded Text

MIC ONLY
PEM

s.

User Plaintext

co

MIC/DEK

bu

MIC
Encrypted DEK

SMTP
Text

MIC
Generator

.a
lls

SMTP Format
Conversion

yl
la

(b) MIC-ONLY PEM Process

User Plaintext

Legend:
DEK Data Encryption Key
IK Interexchange Key
MIC Message Integrity Code
SMTP Simple Mail Transfer Protocol

e-mail
System

Encrypted &
Encoded
Message

MIC/DEK

Padding &
Encryption

Encoder
(Printable
code)

ENCRYPTED
PEM

e-mail
System

(c) ENCRYPTED PEM Process

Figure 13. 40 PEM Processes

DEK a random number generated per message basis: used to encrypt the message text
and generate MIC. IK a long-range key agreed upon between the sender receiver used to
encrypt DEK: IK is either public or secret. Public key avoids repudiation.
Pretty Good Privacy

PGP secure mail package developed by Zimmerman

Available in public domain

Signature generation

Uses MD5 to generate hash code

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com

Encrypts
hash
using RSA algorithm

code

with

Encryption of the message done using IDEA or RSA

Compression done with ZIP

e-mail conversion done using Radix-64

PGP
similar
compression

to

en c ry p t e d

senders

with

PEM

P ubl i c K ey

Encryption

Compression

s.

Concatenation

added

Signature
Generation

e-mail
conversion

Encrypted &
Compressed
Message

e-mail
system

bu

Plaintext

key

Signature

co

Plaintext

private

Figure 6.28 P GP Proc ess

.a
lls

yl
la

Private Key

Authentication key equivalent to DEK in PEM or private key in PGP

Authentication key generated using user password and SNMP engine id
Authentication key may be used to encrypt message
USM prepares the whole message including scoped PDU
HMAC, equivalent of signature in PEM and PGP, generated using authentication key
and the whole message
Authentication
module
provided
with
authentication
key and HMAC to process incoming message

SNMPv3 Security

www.allsyllabus.com

vtu.allsyllabus.com

www.allsyllabus.com
Encrypted
scopedP D U

Pr i v a c y
Module

scopedP D U
Encryption Key

password
authoritativeSnmpE ngin eId

wholeMsg

authKey

USM

authenticated
wholeMsg

co

Executable programs that make copies and insert them into other programs
Attacks hosts and routers
Attack infects boot track, compromises cpu, floods network traffic, etc.
Prevention is by identifying the pattern of the virus and implementing protection in virus
ch e ck ers

bu

s.

Accounting Management

yl
la

Least developed
Usage of resources
Hidden cost of IT usage (libraries)
Functional accounting
Business application

.a
lls

HMAC Gen.
Au t h e n t i c a t i o n
Module

Figure 6.29 SNMP Secure Communication

Virus Attacks

USM

6.7 Policy-Based Management

Domain
attributes)

s p a ce

Rule space consists of rules (if-then)

Policy Driver controls action to be taken

Distinction
between
policy
responsibility and accountability

consists

of

objects

(al a rm s

with

and

rule;

policy

assigns

Service Level Management

SLA
m an ag em en t
QoS of network

S L A d e fi n e s

of

service

Identification of services and characteristics

www.allsyllabus.com

equivalent

to

vtu.allsyllabus.com

Negotiation of SLA

Deployment of agents to monitor and control

Generation of reports

SLA characteristics
Se rv i c e p a ra m et e rs

Se rv i c e l ev el s

Component parameters

Component-to-service mappings

s.

co

yl
la

bu

Network
Attributes

.a
lls

P o li c y S p a c e

Do m a i n S p a c e

P o l i c y D r iv e r

www.allsyllabus.com

Rule Space

Figure 6.30 Policy Management Architecture

www.allsyllabus.com

Action Space