Funkcionisanje AMRES veza prema Internetu u proteklom i
Download
Report
Transcript Funkcionisanje AMRES veza prema Internetu u proteklom i
ICmyNet.IS Networking
Information and
Monitoring System
Content
Concepts
Features
Monitoring elements
Tools
Use cases
Further development
Akademska mreža
GN3/NA3/T4
- Network
Srbije
monitoring workshop
Belgrade, 20-21 October, 2009
www.amres.ac.yu
Architecture and User Interface
Java platform
Linux web application server
Monitored
Network
MySQL/PostgreSQL database backend
Client access
Web Interface - typical user access
Standalone client application
RM
I
P,
SNM
,
Ping ...
P
NMA
NetIIS
Standalone
Client
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
),
(S
TP net
HT Tel
NetIIS
Server
NetIIS
Database
NetIIS Web
Interface
Client
Web Interface
Independent to OS
Web browser – IE,
Mozilla
Typical usage
View and Edit modes
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
Standalone client application
Independent to OS
Efficient GUI
advanced system
configuration
Java web-start
technology – RMI
Automatic download
up-to-date software
from server, local
execution
Clients communicate
with web server only,
no direct access to DB
Simplifies technical
maintenance and
support
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
Note
Keeps arbitrary text data
Saving certain information connected to the parent
element
Example:
for Devices - history of comments about hardware
changes, distributor of the device, period of guarantee,
reaction procedure in the case of network problem etc.
for Locations – description of the presented organization
for Users – CVs
for Ports - troubleshooting procedures in case of failure
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
User
People in charge
(helpdesk, administrator, operator, contact, email)
Relevant information (name, address, telephone)
NetIIS user
usernames and passwords
Permissions for access to the system – read and write
Predefined users:
guest – access public data with read permission, no
password required
administrator – full read/write access to data and all
tools
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
User and User group
User
User Group
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
Networking information system
Presents all objects from
the external world in the
most efficient and easily
understood way
Hierarchically organised and
presented by a tree
Basic elemets:
Folder
Location
Device
Port
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
Monitoring System
Passive and active monitoring the network status –
status of devices, ports, links, services
Performs:
Performance measurement
Failure notification
Configured on Devices or Ports and in that context
are executed
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
Monitor
Permanently and periodically observes the status of the
computer network
Defined within devices or ports as their children
Typical presentation - putting monitors in groups
Monitor types:
Traffic monitor
Port monitor
SNMP monitor
ping monitor
service monior
(nagios plug-ins)
external monitor
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
RRD Chart
MRTG like chart
Arbitrary time frame
Defined under the Monitors
Purpose:
Measures the values of the monitor during a period of
time
Shows the chart for a chosen period of time
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
Alarm
Defined under the Monitors
Compares values of the monitor within given thresholds
Alarm activation in the case of criteria fulfilment
Can execute the given notification action
Two general types
Bad Alarm (connection failure)
Good Alarm (link recovery)
Critical levels in the range from -10 to +10.
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
Action
Action is adjoined to certain Alarms
Define in which way the NetIIS system is going to react in the
case of alarm activation.
There are 2 types of action:
E-Mail Action - sends e-mail messages to a certain user or user
groups
SMS Action - sending SMS messages to a certain user or user
groups.
Defining messages of arbitrary content that are sent with other
parameters connected to adhered alarms and monitor
Default Action is notification
in the Event log
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
Traffic Monitor
Predefined SNMP monitor under
Port object
Measures data traffic through
the network interface
Variables:
var(1) and var(2) - Bytes per sec
var(3) and var(4) - bits per sec
RRD Chart for var(3) and var(4)
Input traffic - green colour
Output traffic - blue colour
Alarms can be set up to react to
certain traffic intensity.
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
Ping Monitor
Defined under Device object
Executes native ICMP ping service towards this device
Measures the results of ping command
6 variables for packet delay and percentage of lost packets
Includes two RRD Chart objects
Ping Delay - measures the minimum and maximum delay of ping
packets (var(1) and var(2))
Ping Loss - measures the percentage of lost packets (var(6))
Alarms for the Ping Loss percentage
Variables Description
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
var(1)
Minimum RTT (Round Trip Time ) – minimum delay
var(2)
Maximum RTT (Round Trip Time ) – maximum delay
var(3)
Average RTT (Round Trip Time ) – average delay
var(4)
Sent Packets – number of sent packets
var(5)
Received Packets – number of received packets
var(6)
Packet Loss – percent of lost packets (100* var(5)/var(4))
Port Monitor
Predefined SNMP monitor under Port object
Observes administrative and operational
status of the network interfaces
var(1) – administrative status (1.3.6.1.2.1.2.2.7)
var(2) – operational status
(1.3.6.1.2.1.2.2.8)
Children:
RRD Chart related to administrative and operational
statuses
Alarms related to the operational status
Good Alarm – "var(2) == 1". Message: "Link is UP"
Bad Alarm –"var(2) != 1". Message is: "Link is DOWN“
Mail action is configured on Alarms with the
same message.
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
Operational port status
Value
Status
1
Up
2
Down
3
Testing
4
Unknown
5
Dormant
Port Monitor
Trap support
Router A
Router X
DOWN
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
Ping and Port Monitors usage
Packet Loss = 0 %
DOWN
UP
Router A
Router X
Router B
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
Pre-defined SNMP Monitors
Pre-defined and often used SNMP Monitors are:
Packets Monitor
BGP Monitor
CPU Load Monitor
System Memory Monitor
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
Packet Monitor
Measures packets flow on the interface in a similar way to
Traffic Monitor
Useful in the case of detecting anomalies in the network traffic
In the case of DoS attack or an attempt of virus expansion on the
network, the network traffic (in bps) does not have to rise, but it
will increase the number of packets
Two variables:
Var(1) - Interface In Packets (unicast) OID= .1.3.6.1.2.1.2.2.1.17
Var(2) - Interface Out Packets (unicast) OID= .1.3.6.1.2.1.2.2.1.18
Unit: Packets per second
RRD can be attached to the Monitor
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
BGP Monitor
Measures the status of BGP sessions
Monitor in variable var(1) returns the current status
of the session with certain peer.
OID suffix is required - IP address of the BGP peer
.1.3.6.1.2.1.15.3.1.16.147.91.0.112
RRD Chart assigned
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
State
Description
1
Idle
Session has not been configured
2
Connect
Attempt to connect, session still not
established
3
Active
Attempt to establish session, session
still not established
4
OpenSent
Request for connection sent, session
still not established
5
OpenConfirm
Answer for request received, session
still not established
6
Established
Session successfully established
CPU Usage Monitor
Three variables, the processor utilization in time
intervals of 5s, 1min and 5min
Correspondent OID’s are not standardised, they are
specified exclusively for Cisco devices and belong to
the MIB hierarchy of the Cisco Systems
RRD Chart refers to the variable var(2), for processor
utilization in the time interval of 1min
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
System Memory Monitor
Measures more variables, specified exclusively for Cisco
devices
Requests input of suffixes to the defined OIDs
Processor memory - suffix .1
• interface memory - suffix .2, .3 or even higher value
•
RRD Chart refers to variables var(4)
and var(8), for the memory usage
in percentage.
var
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
Description
var(1)
Memory Name - memory name that is being
monitored
var(2)
Used Memory (suffix) – used memory in bytes
var(3)
Free Memory (suffix) – free memory in bytes
var(4)
Used Memory – free memory in percentage
100 * var(2) / (var(2) + var(3))
var(5)
Memory Name – memory name that is being
monitored
var(6)
Used Memory (suffix) – used memory in bytes
var(7)
Free Memory (suffix) – free memory in bytes
var(8)
Used Memory – free memory in percentage
100 * var(6) / (var(6) + var(7))
Service monitor – nagios plug-in
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
Service monitor – nagios plug-in
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
Report
Selected SNMP variables shown predefined table
Executed on the user’s request (on-demand)
Recognizes existing monitors and charts
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
Group
Serves for grouping other objects for joint
presentation in certain form
Objects are grouped by creating shortcuts
Objects can be assigned to a number of groups.
One group can contain other groups
Group types:
Simple Group (default) - showing elements in a table
format
Graph - graphical presentation of the topology
Looking Glass - joins devices that enable remote
command execution - Looking Glass functionality
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
Group
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
Data hierarchy
Setup process
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
Link hierarchy
Network topology
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
Link hierarchy
Network topology
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
AutoDiscovery
AutoDiscovery function aims:
Easing the initial database population
Updating - topology, new devices and relevant data
AutoDiscovery types:
Device Attributes Discovery – system data
Ports Discovery - interfaces data
CDP Neighbours Discovery – likn topology
Layer 3 Hosts Discovery – ARP table
Discovery on hop-by-hop basis
Better overview and control over the process
No retrieval of the entire network
Possibility of clear database organisation in the system
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
AutoDiscovery
• Model
• Warranty
• Contract number
…
Lokacija 1
Ruter 1
Lokacija A
Serial 0
Serial 1
Router A
Serial 1
PC1
PC5
PC2
Ruter A
PC4
PC3
M
Ruter B
Ruter C
Ruter A1
Ruter D
Ruter A2
M
Ruter A3
Ruter A3
Lokacija A3
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
Other Concepts
Repository
inactive predifined
objects
Recycle Bin
deleted objects
Tools
Event Log
Alerts
Chart viewer
SLA reports
Search panel
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
Event Log
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
Alerts
Current alerts (active alarms)
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
Chart viewer
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
SLA report
Service Availability Statistics
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
Use case
corporate network example
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
GN3/NA3/T4 - Network monitoring workshop
Belgrade, 20-21 October, 2009
Questions...