2017Q22017Q3 WI Master NM - 2

Network and Systems Management
Prof. Dr. Udo Honig
Lecture at the European University of Applied Sciences (EUFH)
Summer semester 2017
Udo Honig 1 / 71
Overview
1 Organizational matters
2 Network and systems management in modern corporate practice
3 Foundations of network and systems management
4 Management protocols and management databases
5 Central functions of network and systems management
6 Quality of Service-Management
7 Multi-stage management concepts
8 Integration of management systems in IT companies and IT departments
9 Commercial management solutions and open source management systems
Udo Honig 2 / 71
Teaching aims
Teaching aims:
The students know usual tasks and fields of application of system and
networkmanagement tools in the daily corporate practice.
They discuss and explain technical and organizational aspects that are relevant
for the conception and integration of management systems
They differentiate between several common management protocols and
databases, discuss their advantages and disadvantages and describe their
collaboration in a management infrastructure.
They apply the management systems function to monitor and control components
and services, and interpret the received status messages and error messages.
They analyze reports, status messages and event logs which were generated by
current management systems, localize error sources, and reveal weaknesses of
the present system infrastructure.
They generalize achieved analytical results and predict possible difficulties, e.g.
bottlenecks.
They assess the range of functions and other performance characteristics of
operating management platforms and recommend optimization measures.
Udo Honig Organizational matters 3 / 71

Contact address and legal instructions
Contact:
Prof. Dr. Udo Honig
e-Mail: U.Hoenig@eufh.de
Legal instructions:
These slides are protected by copyright. Any rights derived from the copyright, in
particular those of translation, reproduction, extraction of illustrations, radio broadcast,
online publication, photomechanic or similar reproduction and storage on data
processing equipments, shall be reserved even for partial exploitation thereof. A
permission to make a sufficient number of copies for the exclusive use within this
lecture is granted hereby.

Bibliography
[1] Clemm, A.: Network Management Fundamentals, Cisco, 2006

[2] Finger, A. et al.: OpenNMS: Netzwerkmanagement mit freier Software,
dpunkt.Verlag, 2010
[3] Forouzan, B.A.: Data Communications and Networking, McGraw-Hill
[4] Hegering, A.-G., Abeck, S.: Integrated Network and System Management,
Addison-Wesley, 1994
[5] Kurose, J.F., Ross, K.W.: Computernetzwerke, Pearson, 2012
[6] Lauer, G.: Nagios - Das Praxisbuch: Open Source-Monitoring im
Unternehmen, Addison-Wesley, 2009
[7] Raman, L.G.: Fundamentals of Telecommunications Network Management,
IEEE, 1999
[8] Schwenkler, T.: Sicheres Netzwerkmanagement, Springer, 2005
[9] Walsh, L.: SNMP MIB Handbook, Wyndham Press, 2008

A starting point: current state of knowledge
Initial questions:
What are network/systems management systems? What is the difference?
Do you know any network/systems management systems?
List at least ten features that should be provided by such a system.
Which components should be managed?
Do you know some technical terms in the context of network management and/or
systems management?
Network and systems management in modern

Udo Honig corporate practice 6 / 71
Complexity of modern system infrastructures
Sources: http://www.cisco.com/en/US/docs/solutions/Enterprise/Security/SAFE RG/safemediumentnetworks.html and [1, pp. 49 - 53]

Management tools
Types of management tools:

Device managers and craft terminals: remote real-time view of the equipment
Network analyzers: view and analyze current traffic on a network
Element managers: view and modify the status and configuration of a network
component; they typically include a database
Management platforms: general-purpose management applications that are used
to manage networks
Collectors and probes: auxiliary systems that offload applications from simple
functions; Collectors gather/store different types of data; probes are trigger certain
activities in the network and collect the responses
Performance analysis systems: analyze traffic and performance data to recognize
trends and traffic patterns
Alarm management systems: collect and monitor alarms from the network
Trouble ticket systems: track how problems in a network are being resolved
Work order systems: used to assign and track individual maintenance jobs
Workflow management systems: help to manage the execution of workflows
Inventory systems: help to track the assets of a network provider
[1, pp. 63 - 73]
Defining network management
Network management:
Network management refers to the activities, methods, procedures, and tools that
pertain to the operation, administration, maintenance, and provisioning of networked
systems.
Operation: keeping the network up and running
Administration: keeping track of the resources and their assignment
Maintenance: conducting repairs and upgrades
Provisioning: configuring resources to support services
[1, pp. 8 - 9]
Udo Honig Terms, functions and tasks 9 / 71

Management of networks and end nodes
Service management:
Management of services is often distinguished and subsumed under the term Service
management.
[1, p. 10]

Network, systems & application management
Network management:
Network management deals with the management of communication networks
and the resources required to establish end-to-end communication.
It deals with end-to-end connections, making sure that the configurations of the
involved network devices are coordinated.
System management:
System management deals with the management of end systems that are
connected to networks.
It deals with aspects such as memory utilization and hard disk capacity.
Application management:
Application management deals with the management of applications that are
deployed on systems that are interconnected over a network.
It is concerned with aspects that relate to the deployment of software as well as to
license, patch and compatibility management,
Attention: In terms of their management needs, networks, systems, and applications

have much more in common than what separates them!
[1, pp. 114 - 115]

Functions and tasks
Typical functions and tasks include:

Network planning, e.g. determining topology and dimensions
Network deployment, e.g. installation of new equipment
Network operations, e.g. monitoring the network
Network maintenance and maintenance planning, e.g. firmware upgrades
Workforce management and truck dispatching
Inventory management, e.g. keeping track of hardware components
Customer help desk, e.g. providing a front end to customers
[5, pp. 810 - 812] and [1, p. 38]
Basics of management systems I/II
Key elements of management and management systems:

Management is goal oriented.
Management covers personnel, procedures, programs and technical systems.
Management concerns planning and operations.
Specific form of management scheme is influenced by:

Objectives of the network, determined from an analysis of applications
Communication characteristics, i.e. the distribution and volume of network traffic
Physical network structure, determined by cabling structure and topology
Logical network structure, determined by the underlying communication
architectures and protocols
Distribution of the provision of services across the infrastructure
Structural and operational organization of the network users and resources
Structure and operational organization of the network provider
[4, pp. 64 - 65]

Basics of management systems II/II
Complexity of the management task is determined by:

Number and range of types of components to be managed
Heterogeneity of the infrastructure in terms of
system software,
interfaces,
protocols,
profiles and
versions.
Spatial distribution of the components
Number of organizations involved or areas of responsibility
Extent to which services are integrated and subnetworks have been created
Number and variety of network services and distributed applications supported
[4, pp. 65 - 66]

Network management and network planning
Network planning according to Int. Telecommunication Union (ITU):

Network planning is the continual iterative process of:
monitoring the current network characteristics
understanding environmental constraints/considerations
forecasting future needs and technology
evaluating technical opportunity
creating most appropriate plans on long to short term basis
modifying plans based on results of actual implementations
Utilization of management data for network planning:

Selection of the topology
Location of terminals, hosts, servers and network devices
Arrangement of shared resources (servers, storage, access points, ...)
Planning of cabling structures
Placing transition points to Postal Telephone and Telegraph services
Dimensioning of resources, links and lines (including spare capacities)
[4, pp. 66 - 72]

Management dimensions
Central ordering criteria for management systems include:

Functional dimension: Concerns with the assignment of management tasks to
functional areas
Time dimension: Divides the processes which implement management functions
into different life-cycle phases
Scenario dimension: Scenarios are distinguished by different target objects
[4, pp. 84 - 85]
Udo Honig Dimensions of management systems 16 / 71

Functional dimension Configuration
Configuration management and network description:

Distributed systems consist of many resources that have to cooperate.
The Task of configuration management is to link and adapt these resources.
Knowledge of the network and its resources which is contained in the network
description is a prerequisite for this task.
Network description is the basis of configuration management tasks:
Automatic updating of the configuration and support for network versions.
Reconfiguration of resources and remote configuration.
Initiation of jobs and tracing of their execution.
[4, pp. 86 - 87]

Functional dimension Fault management
Fault management and its subtasks:

Central task: maintaining the availability of a network or distributed systems as
high as possible
Subtasks include:
Monitoring of the network or system state.
Receipt and processing of alarms.
Diagnosis of the causes of faults.
Determination of the propagation of errors.
Initiation and checking of error recovery measures.
Introduction of a trouble ticket system.
Provision of a user help desk.
[4, pp. 86 - 88]

Performance and Accounting management
Performance management:
Central task: ensuring, that the overall systems runs well
Subtasks of the performance management include:
Determination of quality of service parameters.
Monitoring of the communication network or system for performance bottlenecks.
Execution of measurements.
Processing of measurement data and generation of reports.
Performance and capacity planning.
Accounting management:
Provision of communication, resources and services leads to costs which must be
distributed among those responsible for these costs.
According strategies and procedures depend on the accounting policy.
Subtasks of accounting management include:
Recording of usage data.
Maintenance of accounting accounts.
Assignment of costs to accounts.
Allocation and monitoring of quotas.
Maintenance of usage statistics.
[4, pp. 88 - 89]

Functional dimension Security management
Security management as function of a management system:

Security management is increasing in importance, even in non-obvious areas.
Subtasks of security management include:
Monitoring of the system or network for attacks on the security.
Encryption of information.
Execution of authentication procedures.
Implementation of security measures.
Security procedures are usually available, the problem is to incorporate them into
the management architecture appropriately and to control them according to the
security policy.
[4, pp. 90]

Time dimension Planning
Relevant aspects when planning a new management system:

Management planners usually have to retrofit existing management systems and
infrastructures. This means:
The old tools must be incorporated into the management scheme to be planned.
A management system must be developed for the existing resources, even though the
resources support the new system only in a small way or not at all.
Anyway, the current state (incl. existing tools, resources, employees, services, ...)
has to be determined carefully.
An analysis of the requirements will be placed on the management system has to
be conducted.
Based on the current state and the revealed requirements, suitable management
products and tools must be selected.
[4, pp. 91 - 92]

Time dimension Implementation
Options for implementing and integrations management systems:

Any implementation of a management solution will be based on certain building
blocks.
Implemented solutions can be classified by their degree of integration:
Isolated approach: An isolated tool is created for each management problem. The tools
operate independently in all aspects.
Coordinated approach: The aforementioned isolated tools are coordinated by means of
additional scripts or tools.
Integrated approach: The isolated tools of the coordinated approach are integrated into
a common context.
[4, pp. 92 - 94]

Time dimension Operation
Aspects regarding the daily operation of management systems:

Day-to-day operation reveals, whether the requirements are actually met by the
implemented management system.
Identification of weaknesses leads to a redesign, involving a new pass through the
planning and implementation phase.
Thus, normal operation is often preceded by a test phase, covering the following
tasks:
Specific functional and performance tests of the systems hardware and software
components.
Generation and preparation of the documentations and the manuals.
Checking whether the services required for operation are in place and operational.
Operational phase tasks can be distinguished according to their time horizon:
Sort-term horizon: These tasks include measures which must be executed within the
order of seconds or minutes.
Medium-term horizon: These tasks must be executed within the order of hours.
Long-term horizon: These tasks must be executed within the order of weeks or even
month.
[4, pp. 94 - 95]

Scenario dimension
Characteristics and meaning of this dimension:

Management systems coping with various types of resources, services and
policies have been developed
The Viewpoint of a management system is called management scenario
Network management was initially solely associated with networks
Applications like file servers also require an automated management
application management / component management
Open distributed infrastructures led to another scenario, system management
Enterprise management: highest order scenario comprising the whole company
[4, pp. 95 - 97]

Network elements and Managers
Managers, agents, clients and servers:

Managed devices are usually called network elements (NEs)
NEs must offer a management interface for the communication with the
management system
Management communication is inherently asymmetrical:
A managing application plays the role of a manager
Managed network elements play the role of the agents, responding to the managers
requests and notifying it proactively of unexpected events.
In client/server terminology, the manager corresponds to a client, requesting the
service of a server.
Attention: while a server serves multiple clients, an agent is usually managed by
very few managers.
[1, pp. 76 - 78]

Technical and organizational integration of
Udo Honig management platforms 25 / 71
Management agents
Main components of management agents:

The management interface handles all management communication.
The Management Information Base (MIB) is a conceptual data store that contains
a management view of the device being managed. The data contained in this data
store constitutes the management information.
The core agent logic translates between the operation of the management
interfaces, the MIB, and the actual device. It can also include additional
management functions.
Attention: any network element can actually contain several management agents!
[1, pp. 78 - 80]

Management Information and real resources
Technical terms: MO, real resource and MIB

Many aspects of network elements are of interest to management systems, e.g.:
Version of installed software and firmware
Utilization of ports, memory, CPU, ...
Environmental data, e.g. temperatures and voltages
Protocol timeouts ...
Managed object (MO): Management information exposing a real-world aspect
Management information do not model every aspect of the real resource but
abstract from details.
Any real resource can be abstracted in different ways by different agents.
Management Information Base (MIB): Collection of all management information
exposed by a network element.
[1, pp. 80 - 82]

Basic management ingredients
Basic parts of Network Management:

Management Technology connects the operational support organization to the
real world.
Management agents act as proxies that represent the real world for management
purposes.
The management system acts as a proxy for the operational support organization.
Management interfaces and protocols define their rules of engagement.
Communication between them is carried over a management network.
[1, p. 83]

Management system and manager role
MIB within a management hierarchy:

A management system can run one or more management applications and can
run on one or more hosts.
Managers (role!) should be distinguished from management systems, because of
hierarchical management.
The Management system is the consumer of the management interface offered by
the system in the agent role.
It operates on the abstraction of the real system provided through the agents MIB.
Management systems often cache the agents MIBs in an own database (MIB).
[1, pp. 83 - 86]

Network database
Content of a network database:

Documentation of network devices, incl. location, properties, responsibilities and
network interfaces
Documentation of lines and links, incl. position, properties, responsibilities and
panel configurator at the distributor
Documentation of changes, incl. version scheme, additional information
Documentation of topology, incl. topological course, precise room and building
plans
Documentation of errors, nature and time of the error, error recovery
[4, pp. 79 - 81]

Management networks I/II
In-band management:
Managers and agents communicate over a network, since network management
is just some kind of distributed application
This means: managing systems and managed systems need to communicate
Management network: network that provides such an interconnection.
Production network: network that transports the traffic of subscribers and end
users
Important difference between management traffic and other transmissions:
management traffic involved the network element itself!
Management agents are applications running on the network element. They are
treated like other applications and typically have their own port number (e.g. an
SNMP agent listens on UDP port 161 of the IP stack)
[1, pp. 86 - 87]

Management networks II/II
Out-of-band management:
Network elements can be connected to a management system through their
management ports, often a serial interface
A terminal thus connected to a network device is referred to as craft terminal
Managing many devices by fumbling around with plugs and cables is impractical
Terminal servers take the place of intermediate switches between the craft
terminal an the network elements
Modern terminal servers usually have a network interface and an IP address
enabling a remote connection via the LAN
One has to keep track of which network element is connected to which terminal
server and which port
[1, pp. 87 - 90]

Exercise: Dedicated management networks
Task:
Please discuss the pros and cons of dedicated management networks!

Suggested solution
Advantages of dedicated management networks:

Reliability: Management traffic is not affected by the production network
Interference avoidance: Management traffic does not affect the QoS of services
Ease of network planning: Planning a production network becomes easier without
management traffic (but one has to plan a second network)
Security: Dedicated networks are harder to attack and easier to secure
Disadvantages of dedicated management networks:

Cost and overhead: shared networks do not require additional devices or cables
No reasonable alternative: a shared network might realistically be the only option
[1, pp. 90 - 93]

Internet Control Message Protocol (ICMP)
Basics of the Internet Control Message Protocol:

Internet Protocol (IP) is used for host-to-host datagram service in a system of
interconnected networks
IP is connectionless and not reliable Other protocols have to ensure reliability
IP has no error-correction/error-notification mechanism, and no mechanism for
host and management queries
Internet Control Message Protocol (ICMP) is an integral part of IP and must be
implemented by every IP stack
ICMP messages are sent in several situations, e.g. traffic and route analysis or
error reporting
ICMP was originally specified in September 1981 by Request For Comments 792
and is still continually improved
IPv6 includes a more complicated version of ICMP, Internet Control Message
Protocol for the Internet Protocol Version 6 (ICMPv6)
ICMPv6 contains additional features that have been implemented by separate
protocols in IPv4
[3, pp. 574 - 575], [8, pp. 33 - 35], http://tools.ietf.org/html/rfc792
Udo Honig Internet Control Message Protocol (ICMP) 35 / 71

General format of ICMP messages
Format of ICMP messages:

ICMP messages are either error-reporting messages or query messages
Error-reporting messages report problems that a router or host encounters when
processing an IP packet
Query messages help a host to get specific information from another device
ICMP messages have an 8-byte header and a variable-size data-section
Type field defines the ICMP type of the message
Code field specifies the reason for the particular message type
E.g.: Type 3: Destination unreachable, Code 0: net unreachable, Code 1: host
unreachable, Code 2: protocol unreachable
Checksum is calculated over the entire message (header and data)
Rest of the header is specific for each message type
The data section carries extra information based on the type of query
[3, pp. 575 - 581], [8, pp. 34 - 58], http://tools.ietf.org/html/rfc792

ICMP message types
Summary of Message Types (RFC 792):

00 -- Echo Reply
03 -- Destination Unreachable
04 -- Source Quench
05 -- Redirect
08 -- Echo
11 -- Time Exceeded
12 -- Parameter Problem
13 -- Timestamp
14 -- Timestamp Reply
15 -- Information Request
16 -- Information Reply
Several other type are either unassigned, deprecated or were assigned in a later
version of the specification!
http://tools.ietf.org/html/rfc792

Ping / ICMP Echo Request
Ping a simple tool to check availability and connectivity:

The ping program is used to test whether a host is alive and responding
Ping is based on an ICMP echo request (Type 8) which is replied by an ICMP
echo reply (Type 0); The type is changed by the receiver before replying
Ping sends a sequence of packets and calculates the round-trip time (rtt) of each
packet, by inserting the sending time into the data section of each message
In general, ping can be used with different packet sizes to analyze defective
connections
[3, pp. 578 - 579]
C:\Users\uhoenig>ping www.eufh.de
Ping wird ausgefuhrt fur www.eufh.de [78.46.1.125] mit 32 Bytes Daten:

Antwort von 78.46.1.125: Bytes=32 Zeit=12ms TTL=53
Ping-Statistik fur 78.46.1.125:

Pakete: Gesendet = 4, Empfangen = 4, Verloren = 0 (0% Verlust),
Ca. Zeitangaben in Millisek.:
Minimum = 11ms, Maximum = 12ms, Mittelwert = 11ms
C:\Users\uhoenig>

Traceroute
Functional principle of the Traceroute tool:

Traceroute can be used to test the path of a packet from a source to its destination
Uses ICMP error-reporting messages: time-exceeded & destination-unreachable
Traceroute can return the ip addresses or names of all routers on the way
The tool is usually limited to a maximum of 30 hops
It sends (n + 1) messages (n = #routers en route) with invalid port number
Packets Time-to-live (TTL) is incremented every time, starting with 1
Every time a TTL is reached, the message is discarded and a time-exceed error
message is returned
The receiving host replies with a destination-unreachable message (code 3)
[3, pp. 579 - 580]

Examples
C:\Users\uhoenig>tracert www.eufh.de
Routenverfolgung zu www.eufh.de [78.46.1.125] uber maximal 30 Abschnitte:
1 <1 ms <1 ms <1 ms

fritz.box [192.168.178.1]
2 5 ms 5 ms 5 ms
XX.XX.XX.XX (address concealed)
3 8 ms 7 ms 7 ms
XX.XX.XX.XX (address concealed)
4 9 ms 8 ms 9 ms
f-ed5-i.F.DE.NET.DTAG.DE [217.5.95.54]
5 9 ms 9 ms 9 ms
193.159.165.210
6 * 10 ms 9 ms
core1.hetzner.de [213.239.245.6]
7 13 ms 12 ms 13 ms
213-239-245-253.clients.your-server.de
[213.239.245.253]
8 12 ms 17 ms 13 ms juniper3.rz2.hetzner.de [213.239.245.70]
9 12 ms 13 ms 15 ms hos-tr3.ms-ex3k2.rz1.hetzner.de [213.239.193.227]
10 13 ms 12 ms 12 ms dedi725.your-server.de [78.46.1.125]
Ablaufverfolgung beendet.
C:\Users\hoenig-claus>tracert www.google.com
Routenverfolgung zu www.google.com [173.194.39.19] uber maximal 30 Abschnitte:
1 1 ms 1 ms 1 ms 10.3.2.252
2 9 ms 2 ms 2 ms 10.97.99.253
3 * * * Zeituberschreitung der Anforderung.
...

Practical exercise: ICMP-based tools
Task:
Open a command prompt on your windows desktop.
Find out the possible parameters of the commands ping and tracert.
Trace the route to your companies web server and some other sites you know.
What do you notice?
Based on this experience: are these tools useful within a network management
infrastructure?

MOs and the MIB
Managers and agents need a common terminology:

Both, managers and agents have to assign the same terms to the same pieces of
management information
Management information are generally called managed objects (MOs)
Managed objects are part of the devices Management Information Base (MIB)
A MIB is some kind of data store the management agent uses to correspond with
a management system
It is not really a data store, since it does not store anything but simply offers a view
A MIB offers an abstraction of a managed device, providing the management
information required and knobs to change the devices configuration
MOs within a MIB are often shown as a conceptual tree structure
Names by which MOs are referred to are often hierarchical, because the real
objects are structured this way
[1, pp. 171 - 174]
Udo Honig Management Information Base (MIB) 42 / 71

Real resources and managed objects
Management plane and real resource plane:

Real-world aspects of an entity are referred to as real resources or managed
resources, their managed representations are the managed objects
Managed device consistes of a real resource plane that exists independent of its
needs to be managed
Management plane provides the management infrastructure and views on it
Management information can be classified into four categories:
State information
Physical configuration information
Logical configuration information
Historical information (often performance-related state information)
[1, pp. 175 - 176]

MIBs and Management protocols
Management protocols affect the MIBs:

Management protocols are used to transfer management data
MIB does not depend on any particular management protocol
Therefore, the general concept of an MIB needs to be distinguished from its
implementation
Management agents support particular protocols and the protocols mandate the
way of data exposition (MIB flavor)
Different management protocols require their own specific way of exposing a view
of the underlying resource
[1, pp. 178 - 180]

Structure of management information
One MIB, multiple MIB modules:

MIBs are described by means of MIB specification languages
Structure of Management Information (SMI/SMIv2) is the language in conjunction
with SNMP
in SMI, MIB definitions are specified as MIB modules, that serve to particular
purposes
MIBs of particular devices instantiate multiple MIB modules, covering different
aspects of the manged device
Types of Information defined in a MIB module:
Object types, the instances of which contain the actual management information the
MIB variables
Notifications, defining information conveyed to managers as port of event messages
Elements, that were introduced for grouping purposes
[1, pp. 190 - 191]

Anatomy of a MIB
Object identifier within a MIB:

MIB information is arranged into a conceptual tree where every definition in a MIB
module is represented by a node of the tree
Nodes are named relatively to a containing node by an object identifier (OID)
Top node of a MIB module is the definition of the module which in turn can be part
of a larger tree
mgmt node serves as container for MIB modules that constitute official standards
enterprises node allows companies to add their own proprietary MIB module into
the object identifier tree (e.g. 1.3.6.1.4.1.2 - IBM and 1.3.6.1.4.1.9 - Cisco )
Test it on your own: Search the web for an OID like 1.3.6.1
[1, pp. 191 - 193]

Simple Network Management Protocol
Basics of the Simple Network Management Protocol (SNMP):

SNMP is defined in several Internet Engineering Task Force (IETF) standards,
dating back to the late 1980s
Standards cover the protocol and the MIB specification language
Seven versions of the protocol (SNMPv1, SNMPsec, SNMPv2p, SNMPv2c,
SNMPv2u, SNMPv2*, and SNMPv3) have been proposed
Simple means, simple to implement for agents on managed devices
Simplicity implies limitations, that managers have to work around
Functionalities offered by SNMP agents are not always as powerful/elegant as required
by the application
Reason: To keep the agent implementations simple, the complexity was moved to the
management application itself (Why?)
Result: Rapidly available agent implementations Managers have to follow
SNMP protocol provides the operations to access a MIB and interact with it
SNMP operations all use OIDs to refer to objects in the MIB
Five management operations are the primitives of all SNMP management activities
Get and get-next requests are used to retrieve management information from a MIB
Set requests are used to write to a MIB
Get responses are used by agents to respond
Traps are used to send event messages
[1, pp. 250 - 251] and http://oreilly.com/perl/excerpts/system-admin-with-perl/twenty-minute-snmp-tutorial.html
Udo Honig Simple Network Management Protocol (SNMP) 47 / 71

SNMP: Get and Get-Next requests
Get and Get-Next:

Manager uses a get request to retrieve management information, i.e. MIB objects
Get includes an identifier for the request and a list of variable bindings
(name/value pairs) of MIB objects
Message size is limited by the implementations, e.g. to 484 octets
Get-Next requests that the agent returns the object with the OID that comes in
lexicographical order right after that OID
Get-Next also responds the OID of the returned object
Using get-next requests to discover an agents MIB is called walking a MIB
[1, pp. 251 - 253]

SNMP: Get-response
Replies to Get- and Set-requests:

An agent sends an Get-response to a manager as a reply to a request
Get-responses are not restricted to Get-requests but are also used as reply to
Get-next and Set-requests
Get-responses include several parameters:
Identifier of the request it contains the response to
Error status, indicating the success or a failure of the request
An Error index with additional information in case of an error
List of variable bindings, containing management information as response to a request
Variable bindings contain the OID and value of the requested MIB object (this will
also hold for Set-requests)
[1, pp. 256 - 257]

SNMP: Set requests
Setting MIB-values via a SNMP Set request:

A manager uses a Set request to write to a MIB:
Modification of a devices configuration by adjusting parameter settings
Creating/deleting logical entities in a MIB
Causing the device to perform an action, e.g. Ping MIB, specified in RFC 2925
An error is reported via the Get-response message if either
the named object is not available for set operations
the object does not manifest a type, length, and value that is consistent with that required for the
variable
the reply message would exceed a local limitation
the value of the named object cannot be altered for any reason
[1, pp. 254 - 256] and http://www.ietf.org/rfc/rfc1157.txt

SNMP: Trap
Traps agent initiated messages:

A Trap is sent by an agents to inform a manager of an event
Traps are unconfirmed, this means the manager does not respond
Traps include the following information:
Information regarding the sender of the trap, including the agents address as well as the
type of system
Parameters that identify the type of event
A timestamp of when the trap was generated by the emitting system (measured in terms
of system uptime)
Additional information, conveyed in a set of variable bindings
Standard generic traps are: warmStart, linkDown, linkUp, authenticationFailure, ...
Management systems must know what the object identifier defines. They need the
MIB for that trap loaded to understand the traps sent to it.
A device does not send a trap to a network management system unless it is
configured to do so.
[1, pp. 257] and http://www.cisco.com/en/US/tech/tk648/tk362/technologies tech note09186a0080094aa5.shtml

SNMP Messages and Message Structure
On the structure of SNMP messages:

SNMP operations are communicated using SNMP messages consisting of three
parts:
The SNMP version number
A community string, matching a corresponding string configured at the device
The SNMP protocol data unit (PDU), which is the SNMP operation itself
Format of the message and the PDU is formally specified in a syntax called
Abstract Syntax Notation 1 (ASN.1)
Attention: SNMP PDU is just the payload of the SNMP message! Dont mix it up!
SNMP ensures only the delivery of messages with up to 48 bytes, though some
implementations allow larger messages
[1, pp. 257 - 258] and http://www.rane.com/swf/n161fig4.swf

Versions of SNMP
SNMP is no longer simple:

SNMPv1 can best be described as a simple request/response model protocol
SNMPv1 utilizes the concept of community strings that operate via plain text
SNMPv1 has several drawbacks because of its simplicity
SNMPv2 supports the same GetRequest, GetNextRequest, and SetRequest
operations as SNMPv1
SNMPv2 defines a new trap operation called GetInform, allowing an NMS to send
trap information to another NMS
SNMPv2 also defines the GetBulk operation, enabling the NMS to efficiently
retrieve large blocks of data from particular agents rather than doing so in a
sequential fashion
SNMPv2 led to the introduction of SMIv2 as MIB specification language
SNMPv3 can be thought of as SNMPv2c plus security, allowing an encryption of
messages and strong authentication
SNMPv3 does not introduce a new specification language, SMIv2 is still in effect
[1, pp. 258 - 261] and http://blog.ipexpert.com/2012/06/11/snmp-theory-and-operation/

Security enhancements in SNMPv3
SNMPv3 is much less vulnerable to security attacks:

SNMPv3 messages are enhanced by a data field for message security parameters
SNMPv3 can actually ensure that packets have not been manipulated in transit
SNMPv3 can verify that the packets are arriving from a valid source
SNMPv3 agents support the following set of security levels (RFC 2574):
noAuthnoPriv - Communication without authentication and privacy
authNoPriv - Communication with authentication (MD5 and SHA) and without privacy
authPriv - Communication with authentication (MD5/SHA) and privacy (DES/AES)
http://blog.ipexpert.com/2012/06/11/snmp-theory-and-operation/

Remote Network Monitoring (RMON)
Remote network monitoring via probes:

Probes are instruments existing for managing and/or monitoring a network
Probes are often stand-alone devices, devoting significant internal resources for
the sole purpose of managing a network
Organizations may employ many of these devices, up to one per network
segment, to manage their internet
Goals of RMON: Offline Operation, Proactive Monitoring, Problem Detection and
Reporting, Value Added Data, and Multiple Managers
[1, p. 308] and http://tools.ietf.org/html/rfc3577
Udo Honig Remote Network Monitoring (RMON) 55 / 71

Telecommunications Management Network
TMN Layers: A management hierarchy reference model:

Network/System Management can be structured into a hierarchy of layers
Telecommunications Management Network (TMN) is a well-established
categorization of management layers
Covered principles vary according to the managed network; Layers are:
Network Element: manageable information of a network element provided by its agent
Element Management: managing individual devices incl. their configuration
Network Management: managing networks as a whole to maintain end-to-end
connectivity, incl. the cross-network connections
Service Management: ensuring that provided services run smoothly and performant
Business Management: managing the business, incl. billing, help desk management
and forecasting
[1, pp. 118 - 122]
Udo Honig Management Functions and Reference Models 56 / 71

FCAPS
Classification of management functions:

Management reference models serve as conceptual frameworks for organizing
different tasks & functions
Reference models simplify the testing of management systems for completeness
They help to categorize, group and structure different management functions
They help to identify scenarios and use cases that need to be analyzed
Range of management functions is often grouped into a set of categories: Fault,
Configuration, Accounting, Performance, Security (FCAPS)
[1, pp. 129 - 132]
Udo Honig Management Functions and Reference Models 57 / 71

Foundations of Fault Management
Keeping a network up and running by means of fault management:

Fault management deals with faults occurring in the network
Effective fault management is crucial to ensure that the disruption of services is
kept to a minimum
Fault management functionality includes the following tasks:
Network monitoring, including alarm management and alarm processing
Fault diagnosis, root cause analysis, and troubleshooting
Maintaining historical alarm logs
Trouble ticketing
Proactive fault management
Faults can be collected in lists or visualized in a submap hierarchy
[1, pp. 132 - 135]
Udo Honig Fault management 58 / 71

Advanced Alarm Management Functions
Historical data and alarm filtering:

Maintaining historical alarm data is useful in several ways:
Identification of alarm patterns that occurred in the past to reuse their past resolution to
fix current problems faster
Establishing of trends, to see how alarm rates and types evolve over time
Analysis in conjunction with other historical data, usage patterns, and so on
Filtering and forwarding alarms to the operator in charge
Automatic failure onset and failure remission are required to maintain an accurate
list of current alarms
Clearing of alerts is not the same as acknowledging alerts
[1, pp. 135 - 137]

Filtering and correlation of events
Techniques for dealing with potential event information overload:

Filtering: removing event information that is deemed unimportant or redundant
Correlation: preprocessing and aggregating data from events and alarms und
distilling it into more concise and meaningful information
Redundant alerts should be deduplicated but counted
[1, pp. 137 - 140]

Fault Diagnosis and Troubleshooting
Root cause analysis:

Fault management includes alert management, fault diagnosis and
troubleshooting
Capability to diagnose a network problem quickly is the key to minimize its impact
on users
A proper diagnosis is the basis for selecting the proper repair action
Analysis process that leads to a diagnosis is called root cause analysis
Alarms only alert to a symptom, not to its cause!
[1, pp. 141 - 142]

Configuration management
Configuration management functions:

Configuring managed resources, whether they are network equipment or services
running over the network
Auditing the network and discovering whats in it
Synchronizing management information in the network with management
information in management applications
Backing up network configuration and restoring it in case of failures
Managing software images running on the network equipment
Configuration operations can impact multiple devices at the same time
[1, pp. 143 - 145]
Udo Honig Configuration management 62 / 71

Detecting devices and configurations
Auditing, Discovery and Autodiscovery:

Auditing: querying the network to find out what is actually configured
Discovery the connected infrastructure is important because of:
Inventory records might not be accurate
Personnel might change things in the network and might not always record those
changes properly
Discovering the network might be more efficient than having to enter the information
about the network into a management applications
Inventory records might not be available because keeping an inventory might not be
appropriate in the first place
[1, pp. 146 - 147] and http://www.iebmedia.com/images/art images/ieb34network2.gif

Configuration and image storage
Synchronization, Backup/Restore and Image Management:

Two representation of the management information exist: the network itself and
management systems view of it
Functions are needed to help to maintain an accurate and consistent
management view of the network
Synchronization requires a primary information store (master/golden store)
Backup and restore functionalities can be used to recover a network from a
catastrophic event
Management systems can be used for image management as well!
[1, pp. 148 - 150]

Accounting/Billing management
Foundations of accounting management:

Organizations/departments need to generate revenue for provided services
Accounting management is all about the functions that allow organizations to
collect revenue and keeping track of their services utilization
Accounting management needs to be highly robust, available and reliable
Billing requires data on what was consumed, by whom and when accounting
Usage data is based on volume, duration and/or quality
Accounting data is collected for offline processing or (near-)real time processing
Fraud detection deals with tracking down and preventing theft of communication
services
[1, pp. 151 - 155]
Udo Honig Accounting/Billing management 65 / 71

Foundations of performance management
Performance management basics:

Performance management deals with monitoring and tuning a network for its
performance
Management systems must be able to provide snapshots of a systems current
performance
For a more sophisticated analysis, e.g. a trend determination, some parameters
must be observed over time
Such plots require periodically taken samples, e.g. every 5 minutes
Plots are always a trade-off between accuracy and memory/storage requirements
[1, pp. 155 - 158] and http://www.ciscoconsole.com/wp-content/uploads/2012/01/colasoft-Packet.gif
Udo Honig Performance management 66 / 71

Metrics of performance management
Common performance metrics include:

Throughput, measured by a number of units of communication performed over
time, e.g. bytes/octets transmitted per second, packets routed per second, web
requests that are serviced per second, voice calls processed per hour
Load, measured in absolute values or percentage, e.g. disk usage and CPU load
Delay measured in a unit of time, e.g. time that it takes for an IP packet to reach
its destination
Quality, that can also be performance related, e.g. number of percentage of
packets dropped
[1, pp. 155 - 158] and http://www.ciscoconsole.com/network-tools/monitoring-tools/top-10-best-network-monitoring-software-tools.html/
Udo Honig Performance management 67 / 71

Security
Security: the S of FCAPS:

Security means: management of aspects related to securing the network from
threats e.g.
hacker attacks,
spread of worms and viruses, and
malicious intrusion attempts
Security of management vs. Management of security:
Security of management: ensuring that the management is secure
Management of security: manages the security of the network
[1, p. 158]
Udo Honig Security management 68 / 71

Security of Management
Elements of securing a management system:

Ensuring that management operations themselves are secure
Access to management functions must be restricted to authorized users
Management interfaces must be protected to avoid unauthorized changes of the
configuration
Management networks have to be secured to prevent a disruption of management traffic
Maintenance of tamper-proof security audit trails
Attention: security threats from inside are harder to defend against that threats
from the outside
Tasks to defend the management system against threats include:
Set up proper processes and procedures to ensure orderly operations
Assign access privileges only to those who actually need these privileges for their
immediate job function
Require secure passwords that cannot easily be cracked
Require that passwords are changed at regular intervals
Establish audit trails, themselves secured properly
Set up proper facilities for backup and restore of critical management data
[1, pp. 158 - 159]

Management of security
Managing a networks security:

Management of security deals with the security of the network itself
Common security threats include :
Hacker attacks of individuals trying to obtain control of a system
Denial-of-Service (DOS) attacks that try to overload portions of the network
Viruses and worms that attempt to corrupt/destroy systems along with their file systems
Spam can overwhelm a network and its servers
Functions that can be part of a security management strategy:
Intrusion detection involves monitoring a network to detect suspicious traffic
Policies that limit only a gradual increase of traffic to specific addresses
Blacklisting ports and network addresses at which suspicious traffic patterns are
observed
Honey pots attract attacker and serve as traps
Alarms of firewalls and intrusion detection systems can be forwarded to network
management systems
[1, pp. 159 - 161]

Thank you very much for your attention!
Udo Honig 71 / 71

2017Q22017Q3 WI Master NM - 2

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

2017Q22017Q3 WI Master NM - 2

Încărcat de

Drepturi de autor:

Formate disponibile

Network and Systems Management

Prof. Dr. Udo Honig

Lecture at the European University of Applied Sciences (EUFH)

Summer semester 2017

2 Network and systems management in modern corporate practice

3 Foundations of network and systems management

4 Management protocols and management databases

5 Central functions of network and systems management

7 Multi-stage management concepts

8 Integration of management systems in IT companies and IT departments

9 Commercial management solutions and open source management systems

Udo Honig Organizational matters 3 / 71

Udo Honig Organizational matters 4 / 71

[1] Clemm, A.: Network Management Fundamentals, Cisco, 2006

Udo Honig Organizational matters 5 / 71

Network and systems management in modern

Sources: http://www.cisco.com/en/US/docs/solutions/Enterprise/Security/SAFE RG/safemediumentnetworks.html and [1, pp. 49 - 53]

Network and systems management in modern

Types of management tools:

Udo Honig Terms, functions and tasks 9 / 71

Udo Honig Terms, functions and tasks 10 / 71

Attention: In terms of their management needs, networks, systems, and applications

Udo Honig Terms, functions and tasks 11 / 71

Typical functions and tasks include:

Key elements of management and management systems:

Specific form of management scheme is influenced by:

[4, pp. 64 - 65]

Udo Honig Terms, functions and tasks 13 / 71

Complexity of the management task is determined by:

[4, pp. 65 - 66]

Udo Honig Terms, functions and tasks 14 / 71

Network planning according to Int. Telecommunication Union (ITU):

Utilization of management data for network planning:

Udo Honig Terms, functions and tasks 15 / 71

Central ordering criteria for management systems include:

Udo Honig Dimensions of management systems 16 / 71

Configuration management and network description:

[4, pp. 86 - 87]

Fault management and its subtasks:

[4, pp. 86 - 88]

Udo Honig Dimensions of management systems 18 / 71

[4, pp. 88 - 89]

Udo Honig Dimensions of management systems 19 / 71

Security management as function of a management system:

[4, pp. 90]

Udo Honig Dimensions of management systems 20 / 71

Relevant aspects when planning a new management system:

[4, pp. 91 - 92]

Udo Honig Dimensions of management systems 21 / 71

Options for implementing and integrations management systems:

[4, pp. 92 - 94]

Udo Honig Dimensions of management systems 22 / 71

Aspects regarding the daily operation of management systems:

[4, pp. 94 - 95]

Udo Honig Dimensions of management systems 23 / 71

Characteristics and meaning of this dimension:

[4, pp. 95 - 97]

Managers, agents, clients and servers:

[1, pp. 76 - 78]

Main components of management agents:

[1, pp. 78 - 80]

Technical terms: MO, real resource and MIB

[1, pp. 80 - 82]