SNMP - IT Strategic Template Document Solutions

Download Report

Transcript SNMP - IT Strategic Template Document Solutions

SNMP
Network Management Systems
Servers
Compaq
Windows 2000
Insight Manager
Windows NT
Cisco
Simple Network
Management Protocol
(SNMP)
AIX
Linux
IBM
Netfinity
HP
HP-UX
Top Tools
Sun OS
Dell
OpenManage
Netware
Services
Devices
Exchange
PBX’s
SQL Server
Routers & Hubs
IIS
Printers
Agenda
 Features
 What
justified the need
 History
 Objective
 What is SNMP ?
MIB Design
SNMP
RMON
Protools
 Standards
Summary
Wanted: An Application for IT
Management
Support
Integration of System & People Processes
End-User
Support
Infrastructure
Support
Support Process
Technology Process
Network
Mgmt
Desktop
Mgmt
Security
Mgmt
Server
Mgmt
Centralized Alerts Open Alerting Architecture
Page, Fax,
E-Mail
Anti-Virus
Firewall
Help Desk
SNMP
Sniffer
ISS
CyberCop
IDS
Programmable
Backend
RMON MIB Standard




RMON - Published Under RFC 1271/1513 And contains 9 Groups
RMON Is an SNMP Definition or MIB
 Designed To Capture All relevant Information Necessary To
Manage And Analyze Local or Remote Networks
Developed By IETF (Internet Engineering Task Force)
 Consists Of A Plethora Of Definitions Relating To Network
Traffic And Alarm Conditions
Can Be Extended Beyond IETF Definition By Adding “Private
Extensions”
 Vendors Can Add Value To RMON Via Their Own Private
Extensions, some Proprietary And Others Public Domain
RMON MIB Overview

RMON MIB
 Remote Monitoring - Management Information Base
 RFC 1271 - Ethernet Standard
 RFC 1513 - Token Ring Standard

Objective
 Use SNMP and standard MIB design to provide multi-vendor
interoperability between monitoring products and management
station
RMON - High Level View



Remote Network Monitoring (MIB)
Monitoring of the LAN Traffic and devices
Performance Monitoring
 Proactive Network Monitoring activities
 Discover abnormalities and trends
 Performance isolation
 Device Monitoring

Fault Management
 Discover problems
 Eliminates Reactive Network Monitoring Activities

Trend Analysis
RMON MIB Features







Additional packet error counters
Ethernet & Token Ring error stats
Frame size distribution
Event and alarm generation
Performance/traffic matrix
Host tables
Filtering and packet capture for analysis and decode
applications
RMON
 Statistics
 History
 Alarms
 Hosts
 Host Top N
 Traffic Matrix
 Filter
 Packet Capture
 Events
 Token Ring
RMON 2
All 10 groups plus...
 Protocol Directory
 Protocol Distribution
 Address Mapping
 Network Layer Host
 Network Layer Matrix
 Application Layer Host
 Application Layer Matrix
 User History
 RMON Conformance
(everything except Probe Configuration)
Management Information Base


MIB -- Management Information Base
– MIBs describe object attributes
– Some MIBs are pre-loaded
– Additional MIBs are needed
» Loaded manually
» Downloaded from manufacture’s WEB sites
Standard MIBs
– MIB-I
– MIB-II
– RMON
– RMON 2
– Bridge
– Repeater
SNMP MIB Comparison
M IB
II
Int erf ace St at ist ics
IP, TCP, UDP St at ist ics
SNM P St at ist ics
Host J ob Count s
Host File Sy st em Inf orm at ion
Link Test ing
Net w ork Traf f ic St at ist ics
Host Table of all A ddresses
Host St at ist ics
Hist orical St at ist ics
Spanning Tree Perf orm ance
W ide A rea Link Perf orm ance
Thresholds f or any V ariable
Conf igurable St at ist ics
Traf f ic M at rix w it h all Nodes
Host Top n St udies
Packet Capt ure Filt ering
Dist ribut ed Logging
RMON
M IB
HUB
M IB
B rid g e
M IB
H o st
M IB























MIB Structure
iso (1)
org (3)
dod (6)
internet (1)
directory (1)
mgmt (2)
experimental
mib-2 (1)
system (1) interfaces (2) snmp (11)
sysObjectID (2) sysDescr (1)
private (4)
enterprises (1)
cisco (9) hp(11) novell(23)
MIB OID’s
ISO - 1
ORG - 3
DOD - 6
INTERNET - 1
Directory - 1
MGMT - 2
Experimental - 3
ENTERPRISE - 4
MIB2 - 1
System
Interfaces
at
ip
icmp
tcp
RMON
RMON II
sysdesc
sysuptime
syscontact
9 Groups
4 Groups
SNMP/RMON/RMON II
Management Information Base I & II
Database of Information
Called: Object Identifiers or OID’s
Simple Network Management Protocol
Protocol to gather information
Called SNMP
The Three OID areas
Three Commands of SNMP
Text - IP Address
Counters - Statistics
Variables - Port On/Off
Set
Get
Get Next
Abstract Syntax Notation (ASN.1)
iso
org
dod
internet
private
enterprises
RMON
1 . 3 . 6 . 1 . 4 . 1 . 16
1 . 3 . 6 . 1 . 4 . 1 . 16 . 1 . 1 . 1 . 12
Object Identifier of an SNMP MIB Object
Statistical
RMON I
ALL NINE GROUPS
(Ethernet)
GROUPS
Event Counters
1. Statistics
8.view
Packet
Historical
of Stats
2. History
Capture of
Defines conditions
3. Alarms
from
Statsspecifics
group
Host or
station
4. Host Table Group alerts
PACKET
Sorted
host tables
5. Top N Hosts
SNIFFING
Host Conversations
6. Traffic Matrix
Sends alarms & takes
actions
7. based
Packeton need
Filter
GROUPS
GROUPS
9. Events
Enterprise Level
RMON II
ISO Five Levels
PERFORMANCE
ACCOUNTING
CONFIGURATION
FAULT
SECURITY
Report who is talking to who
Who’s
Require
usingfaster
backbone
backbone/segment
- Charge Them
Find
back
doors
Inventory
all hardware
Analyze Protocol
Distribution
Reporting
Investigate
faults
open
ports
Port status - admin up/down
Catch Hackers/Intruders
Embedded RMON
"Mini RMON"
Switch
Statistics (collision, errors,
utilization, broadcast/multicast, etc.)
 History
 Alarms
 Events

Roving Probe
Switch
ATM
Switch
CiscoSystems
Catalyst
5000
Copied Traffic
Analysis Port
Switch Manager
Probe
Monitor Switched Networks
EnterpriseProbe for FDDI
Router
WAN
FDDI
Switch
EnterpriseProbe
for Fast Ethernet
Roving RMON
Probe
Switch
Switch
Embedded
RMON
Agents
RMON










Statistics
History
Alarms
Hosts
Host Top N
Traffic Matrix
Filter
Packet Capture
Events
Token Ring
RMON 2
All 10 groups plus...
 Protocol Directory
 Protocol Distribution
 Address Mapping
 Network Layer Host
 Network Layer Matrix
 Application Layer Host
 Application Layer Matrix
 User History
 RMON Conformance
(everything except Probe
Configuration)
Benefits Of Ongoing Remote Monitoring

Better Understanding Of Computing Environment
On An Ongoing Basis
– Preventive Maintenance, Spot Problems Early
– Faster Problem Solving When They Occur

Improved Productivity Due To Centralized
Monitoring
– Reduces Need To Travel To Remote Sites To Monitor
Health Of Network Or Diagnose Problems
 Cost
And Productivity Benefits
SNMP Summary (continued)

Alternatives to SNMP
 Distributed Management Environment(DME)
 Common Management Interface Protocol(CMIP)
 CMIP Over TCP/IP(CMOT)
Managing Critical Devices
Possible Corrective Action
Device
Resources Manager Monitors
Router
Free buffers, congestion loss, errors,
drop packets
Detect loopback, non-routed requests
Shutdown Interface
Send mail to manager with TopN user
and utilization report
Bridge
Dropped packets, error rate
Unauthorized users
Generate and send mail MAC Report
Report of Broadcast Storm
UPS
Monitor wattage level
Peak current level
Changes in input voltage
Inform manager of abnormal, highs,
and lows
Look at MIB variables
Server
Number of process
CPU utilization
Disk utilization's
Inform manager
Generate RMON reports of TopN users,
protocols, domains
HUB
Collision or port threshold
Intruders and port security
Show intruder address in report form
Shut off port
Host
TFTP traffic to secure a host
Show intruder address in report
Shut off port
RMON MIB
Root
1
ISO
3
Organizations
1
6
Statistics
DOD
Internet 1
2
Private
4
History
3
Alarms
2
MIB 1 & 2
4
Management
Hosts
1
5
16
6
RMON
Host Top N
Traffic Matrix
7
Filters
8
9
Events
Packet Capture
Root
10
Token Ring
9
Events
Organizations
8
Packet Capture
DOD
7
Filters
Internet
Private
6
Traffic Matrix
Management
MIB I & II
5
Host TopN
RMON
4
Hosts
3
MIB I
Alarms
1
MIB II
Statistics
2
History
RMON2 Architecture
MIB I & II (1)
Statistics (1)
RMON
History (2)
(16)
Alarms (3)
Hosts (4)
Host Top N (5)
Traffic Matrix (6)
Filters (7)
Packet Capture (8)
Events (9)
Token Ring (10)
protocolDir (11)
protocolDist (12)
addressMap (13)
nlHost (14)
nlMatrix (15)
alHost (16)
alMatrix (17)
usrHistory (18)
probeConfig (19)
rmonConformance (20)
RFC 1271
MIB I & MIB II
Root
SYSTEM
ISO
Interface
1
3
Organizations
AT
DOD
Internet 1
IP
MIB 1
(9 Groups)
ICMP
MIB2
(10 Groups) TCP
2
1
Management
UDP
EGP
CMOT
SNMP
6
16
RMON
Private
4
RMON, RMON2 and Beyond
Application
Presentation
Session
Enterprise
RMON
Transport
Network
Data Link (MAC)
Physical
RMON2
RMON
Standard
Enterprise RMON vs RMON2
7
6
5
4
3
2
1
Enterprise RMON
RMON2
RMON 1
Hosts
Host TopN
Host Matrix
Stats
History
Alarms
Events
Filters
Packet CApture
RMON Functionality Comparison
RMON
Distributed Device Monitoring
Advanced Topology Support
(100 BaseT, WAN, FDDI, ATM)

9/10 Groups
MAC Layer Monitoring
Network Layer Monitoring
Application Layer Monitoring
Switch Support
VLAN Support





EnterpriseRMON








Ethernet/Token Ring



RMON2
Groups

RMON History Groups
RMON MIB Groups
Description
Group
Track different traffic characteristics. Includes counters for
Segment Statistics
undersized packets, fragments, CRC/ alignment errors,
jabbers, and oversized packets.
History
Alarm
Lets user setup frequency and duration of traffic obeservation
intervals called buckets.
Provides high and low thresholds for all statistics.
Organizes traffic statistics by each device on the network.
Host
Node statistics include packets sent/received, octets
sent/received, as well as error packets, multicast and
broadcast packets.
Host Top N
Extends host table by allowing sorting capability of all host
statistics.
RMON MIB Groups (continued)
Group
Traffic Matrix
Filter
Packet Capturing
Events
Description
Maintains a matrix at the MAC layer that shows the amount of
traffic and number of errors between pairs of nodes, one
source and one destination pair.
A generic filter engine activates all packet capture functions
and events. Users can choose to capture packets that are
valid or invalid for multilple filter masks.
Depends on filter group. Allows users to create multiple
capture buffers and to control whether the trac3 buffer will
wrap or stop when full.
Provides ability to create entries in the monitor log and/or
SNMP traps from the agent to the management station on any
event of the user's choice. Events can be generated from any
crossed threshold or on any integer or counter or from any
packet match.
Statistics Group Statistics (etherStatsIndex) 1.1.1










Index
Data Source
Drop Events
Octets
Pkts
Broadcast Pkts
Multicast Pkts
CRC Align Errors
Undersize Pkts
Oversize Pkts










Fragments
Jabbers
Collisions
Pkts64Octets
Pkts65to127Octets
Pkts128to511Octets
Pkts512to1023Octets
Pkts1024to1518Octets
Owner
Status
History Group History (etherHistoryEntry) 2.2.1








Index
Sample Index
Interval Start
Drop Events
Octets
Pkts
Broadcast Pkts
Multicast Pkts
 CRC Align Errors
 Fragments
 Undersize Pkts
 Oversize Pkts
 Fragments
 Jabbers
 Collisions
 Utilization
Alarm Group






Alarm(alarmEntry)3.1.1
Index
Interval
Variable
Sample Type
Value
Startup Alarm
 Rising Threshold
 Falling Threshold
 Rising Event Index
 Falling Event Index
 Owner
 Status
Host Group Hosts(hostEntry)4.2.1





Address
Creation Order
Index
In Pkts
Out Pkts
 In Octets
 Out Octets
 Out Errors
 Out Broadcast Pkts
 Out Multicast Pkts
Hosts Group Hosts(hostTimeEntry)4.3.1





Address
Creation Order
Index
Time In Pkts
Broadcast Pkts
Time Out Pkts
Pkts
 Time In Octets
 Time Out Octets
 Time Out Errors
 Time Out
 Time Out Multicast
Host Top N Group HostTopN(hostTopNEntry)5.2.1


Top N Report
Top N Index
 Top N Address
 Top N Rate
Matrix Group Matrix(matrixSD&DSEntry)6.2.1&6.3.1






SD Source Address
SD Dest Address
SD Index
 SD Pkts
 SD Octets
 SD Errors
DS Source Address
DS Dest Address
DS Index
 DS Pkts
 DS Octets
 DS Errors
Filter Group Filter(filterEntry)7.1.1





Index
Channel Index
Pkt Data Offset
Pkt Data
Pkt Data Mask
 Pkt Data Not Mask
 Pkt Status
 Pkt Status Mask
 Pkt Status Not Mask
 Owner
 Status
Filter Group Filter(channelEntry)7.2.1






Channel Index
Index
Channel IfIndex
Status
Channel Accept Type
Channel Data Control
Turn On Event Index
Turn Off Event Index
 Channel Event
 Channel Event
 Channel Matches
 Channel Description
 Channel Owner
 Channel Status
Packet Capture Group Capture(captureBufferEntry)8.2.1



Buffer Control Index
Data
Buffer Index
Length
Buffer Pkt ID
Time
 Buffer Pkt
 Buffer Pkt
 Buffer Pkt
 Buffer Pkt Status
Event Group Event(logEntry)9.2.1


Log Event Index
Log Index
 Log Time
 Log Description
How Does RMON Differ From What Network Monitoring Does Today?
SNMP compliant
 Same statistics but in different groups
 Has Comprehensive Traffic Matrix
 Supports more alarms
 Does not define applications
 Console application not specified
 Database not specified

Applications

MIB Walkers
 Detail MIB knowledge
 Single variable
 Point visibility

Table Tools
 Reflect MIB organization
 User view in MIB

Integrated Tools
 MIB Table
 Multi-MIB
 Other Applications, databases, etc.
General/Protools
RMON
Description
Product Highlights
 Standards
Based
– Full RMON Support
» All 9 Groups
» Ethernet And Token Ring
 Scalable
Solution
– Grows As Network Grows
– Easy To Add New Agents
 Distributed
Monitoring Solution
– Faster Problem Solving
– Preventive Maintenance
Product Highlights (continued)
 Integrated
Into Leading Management
Platforms
– Platform As “Home” For Management
Applications
– Platform Services Integration (Alert Management,
Database etc.)
– Application Integration Possible
 Operating
System Independence
– Able To Mix And Match Agents With Console On
Any Operating System
» UNIX, OS/2, Windows
– Fits Reality Of Heterogeneous User Environments
Product Features
 Monitoring
Of Key Performance Variables
 Baselining For “Normal” Behavior
 Real-Time Maps Of Traffic Flow
 Real-Time And Trend Graphing Of all
Statistics
 On-Line Help (Network Consultant)
 Infinite Filtering (By Address, Length, Mask)
 Graphical User Interface
 Export To DDE For Sophisticated Reporting
Product Description
 Console
Product
-
Foundation Manager
– Advanced Monitoring, Analysis And Managing
Console For RMON Compliant SNMP Agents
– Support For Up To 256 Remote RMON Agents
(In Monitor Mode)
– Operating System Support - OS/2, Microsoft
Windows and UNIX Q2
 Remote
Products
-
Cornerstone Agent
– OS/2 And Microsoft Windows Support
– Real Time Monitor For Each Segment With User
Interface
– Requires Dedicated Machine
– Supports Ethernet Or Token Ring Topologies
Product Description (continued)
 Remote
Products - Cornerstone Probe
– RMON Agent Only, With No User
Interface
– Turnkey Bundled RMON Agent, Software
And Hardware
– Supports Ethernet Or Token Ring
Topologies
Benefits Of Ongoing Remote Monitoring

Better Understanding Of Computing Environment
On An Ongoing Basis
– Preventive Maintenance, Spot Problems Early
– Faster Problem Solving When They Occur

Improved Productivity Due To Centralized
Monitoring
– Reduces Need To Travel To Remote Sites To Monitor
Health Of Network Or Diagnose Problems
 Cost
And Productivity Benefits
Summary
Appendix

Sources of Information
– The Simple Book(1st and 2nd Edition)

» Marshall T. Rose
» Prentice Hall 9publisher)
SNMP, SNMPv2, and CMIP: The Practical Guide to Network
MAnagement Standards
– William Stallings
– Addison-Wesley, 1993.

The RMON MIB: Standards Driving the Marketplace
– Presentation by Micheal Erlinger, Harvey Mudd University
– Chair: IETF RMON Working Group

RFC ‘s
– RFC available from ftp.nisc.sri.com
Summary of Standards



Full Standards
– 1155 - Structure of Management Information(SMI)
– 1157 - Simple Network Management Protocol(SNMP)
– 1213 - Management Information Base(MIBII)
Draft Standards
– 1212 - Concise MIB definitions
Proposed Standards
– 1229 - Extensions to the generic-interface MIB
– 1230 - IEEE 802.4 Token Bus Interface type MIB
– 1231 - IEEE 802.5 Token Ring Interface type MIB
– 1232 - DS1 Interface Type MIB
– 1233 - DS3 Interface Type MIB
– 1239 - Reassignment of experimental MIBs to standard MIBs
– 1243 - AppleTalk MIB
– 1253 - OSPF version 2 MIB
– 1269 - BGP version 3 MIB
– 1271 - Remote LAN Monitoring MIB(Ethernet RMON)
– 1284 - Ether-Like Interface Type MIB
– 1285 - FDDI Interface Type MIB
– 1286 - Bridge MIB
– 1289 - DECnet Phase IV MIB extensions
– 1304 - SMDS Interface Protocol(SIP) Interface Type MIB
– 1315 - Frame Relay DTE Interface Type MIB
– 1316 - Character Stream Device MIB
– 1317 - RS-232 Interface Type MIB
– 1318 - Parallel Printer Interface Type MIB
– 1351 - SNMP Administrative Model
– 1352 - SNMP Security Protocols
– 1353 - SNMP Party MIB
– 1354 - SNMP IP Forwarding Tables
Summary of Standards (continued)

Experimental
–
–
–
–
–
–
–

Informational
–
–
–
–

1187 - Bulk Table Retrieval with SNMP
1224 - Techniques for Managing asynchronously generated alerts
1227 - SNMP MUX Protocol
1228 - SNMP Distributed Program Interface
1238 - CLNS MIB
1238 - SNMP Over OSI
1298 - SNMP Over IPX
1147 - A Network Management Tool Catalog
1215 - A Convention for Defining SNMP Traps
1303 - A Convention for Defining SNMP Based Agents
3121 - MD5 Message - digest Algorithm
Historical
– 1213 - Management Information Base I (MIBI)
SNMP Summary

Today = SNMP
 Network management standardization
 Vendor interoperability
 Fault management
 Performance management
 Primarily TCP/IP

Future = SMP(SNMP v2 and v3)
 Security management
 New error codes
 Enhances efficiency
 Improved set functionality
 More compatibility with AppleTalk, OSI and IPX
 Backward compatibility with SNMP
SNMP Summary (continued)

Alternatives to SNMP
 Distributed Management Environment(DME)
 Common Management Interface Protocol(CMIP)
 CMIP Over TCP/IP(CMOT)