Brian Ghilliotti

Network Design
Chapter Summary
Pages 233-237
4/1/2017

This paper will review the subject of Network Management, based on information in the

Network Design Cookbook (Thomatis, Michel) and lecture notes taken at Quinnebaug Valley

Community College. The text lists seven general areas of Network Management: fault

management, performance management, configuration management, events and logging,

desktop management, and security management.

Fault management monitors the availability of network devices and basic information,

such as utilization of the device and its interfaces. Performance Management provides

advanced monitoring of actual traffic through the network. Configuration Management provides

easy means of making mass configurations on a network, to include auditing configurations for

best security practices. Events and logging records the data and status activities of networks

and their devices, to get a better sense of usage and fault patterns. Desktop management

seeks to standardize desktop policies for network devices and promote anti-virus awareness.

This is closely related to security management, which seeks to address security issues affecting

an entire network.1

There are two basic components of a Network Management System; a Network

Management Agent and Network Management Station. Network Management Stations are

usually configured in a server-client relationship. The server is a Simple Network Management

Protocol (SNMP) server, with the client being a workstation, called a Network Management

Workstation, that uses the SNMP server to manage network issues. These workstations use

1 Thomas, Michel. Network Cookbook (Version 10.2.8). Self-Published. Last Updated: August
19, 2016. Page 233.
Network Management Agents, which are daemons that receive, authenticate, and process

SNMP requests from manager applications. 2

One of the most critical goals of network management is to do no harm to the network

while management activity is being done. These activities involve monitoring and making

adjustments to the network to enhance its performance. SNMP has three levels of intervention

in networks; passive, active, and exceptional.

In passive, SNMP is providing overall monitoring of the network and its devices. In active

mode, it is directly focused on a specific device, and affecting the performance of that device

through the Network Management Agent. In exceptional mode, there is a more direct takeover

of a device by the protocol, which can result in network shutdowns. This mode is implemented

in emergency situations.

The goal of SNMP protocol, which is to do no harm to a network while monitoring its

performance, creates a contradiction. SNMP must gain access to a networks devices through

its Network Management Agents, which in turn consume system resources that can hinder the

networks performance. So a careful balance must be made between SNMP sampling rates,

through its Network Management Agents, to get meaningful performance data, without SNMP

distracting network devices to the point of degrading performance.

In SMNP, Network Management Stations collect units of data called datagrams

throughout the network at a given rate of time. This data is then averaged. More rapid data

sampling rates gives us more accurate results of network performance, which is called data

fidelity.

However, when sampling rates are too high, system resources are overburdened, which

can result in overall degraded network performance. What we may end up with is evidence of

2IBM Knowledge Center: SNMP daemon configuration. IBM Corporation, undated,

https://www.ibm.com/support/knowledgecenter/ssw_aix_72/com.ibm.aix.networkcomm/
snmpv1_daemon_config.htm. Undated. Last accessed: April 1, 2017.
degraded network performance resulting rom SNMP activities, and not network performance

issues having to do with the network itself.

I do not profess to be an engineer, but one way to approach this contradiction is to

structure network protocols to automatically generate bits that relay network functionality that

will ready to be received by SNMP agents. This built in compensation function for network

protocols may require a little extra memory, but it could help support network to SNMP

interaction without significant slowdowns.

Network Managers may also be interested in who is generating network data , called

Netflow, as well as what is happening to the data while in the network system (which was

previously discussed). Network Managers may want to know who is consuming the most

bandwidth on the network, what kind of data is being generated, and when. This involves the

deployment of packet capture programs that look at data from Network Layer of the OSI model.

These programs do not have the ability to make network adjustments like SNMP, but it is

another way to view network activity for the purposes of trouble shooting, without the level

intrusiveness that SNMP places on a network.

Another issue discussed in the text pertaining to Network Management is the matter of

authentication. The text pushes for a centralized, server based authentication system which

enables easy adjustments to changing passwords, user IDs, profiles, and accounts. This is

especially true for large organizations.

In decentralized authentication systems, it will be difficult to standardize, control and

maintain authentication related data, which creates its own security risks. It will be easier for

potential hackers to break into a disorganized system using authentication data that had been

forgotten about, lost, and stolen. From there, the hacker can gain further entry into the system,

where they can get more access to information, or just reset data and change the access

information to penetrate the system further. This is closely linked to security management.
 In centralized authentication systems, these violations are easier to detect and react to.

The text mentions a server based centralized authentication system called ACS/IAS, which

provides authentication services through the RADIUS and TACACS+ programs. CISCO also

offers hardware devices that provide ACS.

Out of band management is another critical component of network management. Out of

band management seeks to provide a way to enable changes to a network outside the

traditional means of connectivity. Having such a system for an organizations network is critical if

there are sudden technical issues affecting the network and it is not possible to get on site to

address it.

This is linked to authentication and security issues, as this out of band management link

creates is own network security vulnerabilities. Any employee that had out of band management

privileges must have them revoked when they leave the department or organization, and access

passwords to this link should be changed as well.

Timing is another important aspect of network management. With multiple devices

talking to each other on a network, each looking for expected data to make a decision related to

a process, it is important for all devices to be using the same time system. If devices are making

decisions using different time systems, there may be significant time outs, as some devices will

stop waiting and look for data from another device related to another process. Data will get lost.

In some cases, network devices may retransmit a request for the same expected data,

forcing the sender to retransmit. If the receiving device does not keep its time window open long

enough for the sending device to be successful, both devices can send and retransmit to no

result. This will generate massive amounts of useless data on the network, slowing things down

for all devices, working in tandem or not.

Network Time Protocol is the protocol used to synchronize time in network management.

This protocol is based on the concept that each network has a device that is the authoritative
source of time for all of the networks devices. This authoritative source of time is then

referenced by other devices as the main source of network time that is to be used to carry out

operations.

Network time is measured in layers called stratums. The central time device is

measured at stratum zero. Devices that are connected to the stratum zero device are known as

stratum one devices. Devices connected to stratum one devices are known as stratum two

devices. This pattern goes all the way up to stratum fifteen. 3 Even if the network time is not in

synch with human time, as long as each device is referencing the same time source, the

network will continue to function well, albeit in its own time bubble.

If the stratum zero network device is accessed for management purposes, there may be

a distortion of time on a network. This could create time desynchronization between the network

that had its zero stratum device altered and surrounding networks, leading to the issues that

have been previously mentioned.

Indeed, this is a serious security vulnerability for all networks in general, where one

network thrown out of time synchronization can potentially affect the performance of

surrounding networks. An interesting idea to consider is a back up zero stratum timer, which

has enhanced protection, that can be reinserted back into the network with the correct time.

Perhaps a back up zero stratum device could be unconnected to the internet entirely while

continuing to connect time in isolation. This would make it impossible to access this device by

hacker intrusion, and be ready to be plugged into the network once the security breach has

been handled.

3 Wikipedia: Network Time Protocol. https://en.wikipedia.org/wiki/Network_Time_Protocol

Last modified on March 28, 2017. Last accessed: April 1, 2017.