Transcript Slide 1
Lecture 13
Network Management
Khaled Mahbub, IICT, BUET, 2008
ICT 6621 : Advanced Networking
Outline
• Network management concepts
• Internet-standard management framework (SNMP)
–
–
–
–
Structure of Management Information: SMI
Management Information Base: MIB
SNMP Protocol Operations and Transport Mappings
Security and Administration
• Abstract Syntax Notation One (ASN.1)
Khaled Mahbub, IICT, BUET, 2008
ICT 6621 : Advanced Networking
Network Management
• autonomous systems (aka “network”): 100s or 1000s of interacting
hardware/software components
• "Network management includes the deployment, integration and
coordination of the hardware, software, and human elements to
monitor, test, poll, configure, analyze, evaluate, and control the
network and element resources to meet the real-time, operational
performance, and Quality of Service requirements at a reasonable
cost."
• More specifically network management comprises of:
– Performance management: quantify, measure, report, analyze and
control the performance (e.g., utilization, throughput) of different network
components.
– Fault management: log, detect, and respond to fault conditions in the
network.
– Configuration management: track which devices are on the managed
network and the hardware and software configurations of these devices.
– Accounting management: specify, log, and control user and device
access to network resources.
– Security management: control access to network resources according to
some well-defined policy.
Khaled Mahbub, IICT, BUET, 2008
ICT 6621 : Advanced Networking
Infrastructure for Network Management
managing entity is an application
• definitions:
managing
entity
agent data
data
managed device
agent data
network
management
protocol
managed device
agent data
agent data
managed device
Khaled Mahbub, IICT, BUET, 2008
that controls the collection,
processing, analysis, and/or
display of network management
information.
managed device is a piece of
network equipment, e.g. host,
router (including its software)
that contains managed objects
e.g. interface card, whose data is
gathered into a Management
Information Base (MIB)
network management protocol
managed device runs between the managing
entity and the managed devices
to query the status of managed
devices and take actions in these
devices.
ICT 6621 : Advanced Networking
Network Management standards
OSI CMIP
• Common Management
Information Protocol
• designed 1980’s: the
unifying net
management standard
• too slowly standardized
Khaled Mahbub, IICT, BUET, 2008
SNMP: Simple Network
Management Protocol
•
•
•
•
•
•
Internet roots (SGMP)
started simple
deployed, adopted rapidly
growth: size, complexity
currently: SNMP V3
de facto network
management standard
ICT 6621 : Advanced Networking
Outline
• Network management concepts
• Internet-standard management framework (SNMP)
–
–
–
–
Structure of Management Information: SMI
Management Information Base: MIB
SNMP Protocol Operations and Transport Mappings
Security and Administration
• Abstract Syntax Notation One (ASN.1)
Khaled Mahbub, IICT, BUET, 2008
ICT 6621 : Advanced Networking
SNMP overview: 4 key parts
• Management information base (MIB):
– distributed information store of network management
data. Management information is represented as a
collection of managed objects. A MIB object might be
a counter, such as the number of IP datagrams
discarded at a router due to errors in an IP datagram
header or the number of carrier sense errors in an
Ethernet interface,
• Structure of Management Information (SMI):
– data definition language for MIB objects
• SNMP protocol
– convey manager<->managed object information,
commands
• security, administration capabilities
– major addition in SNMPv3
Khaled Mahbub, IICT, BUET, 2008
ICT 6621 : Advanced Networking
SMI: Data Definition Language
Purpose: syntax, semantics of management data well-defined,
unambiguous
• base data types:
– INTEGER, Integer32, Unsigned32, OCTET STRING, OBJECT
IDENTIFIED, IP address, Counter32, Counter64, Guage32, Time Ticks
• OBJECT-TYPE
– used to specify the data type, status, and semantics of a managed
object. The OBJECT-TYPE construct has four clauses. The SYNTAX
clause specifies the basic data type associated with the object. The
MAX-ACCESS clause specifies whether the managed object can be
read, written, created, or have its value included in a notification. The
STATUS clause indicates whether object definition is current and valid,
obsolete or deprecated. The DESCRIPTION clause contains a humanreadable textual definition of the object;
• MODULE-IDENTITY
– groups related objects into MIB module
Khaled Mahbub, IICT, BUET, 2008
ICT 6621 : Advanced Networking
SMI: Data Definition Language
• NOTIFICATION-TYPE
– is used to specify information regarding "InformationRequest"
messages generated by an agent, or a managing entity. This
information includes a textual DESCRIPTION of when such
messages are to be sent, as well as list of values to be included
in the message generated.
• MODULE-COMPLIANCE
– defines the set of managed objects within a module that an
agent must implement.
• AGENT-CAPABILITIES
– specifies the capabilities of agents with respect to object and
event notification definitions.
Khaled Mahbub, IICT, BUET, 2008
ICT 6621 : Advanced Networking
SNMP MIB
MIB module specified via
SMI MODULE-IDENTITY
MODULE
OBJECT TYPE:
OBJECT TYPE:OBJECT TYPE:
objects specified via SMI
OBJECT-TYPE construct
Khaled Mahbub, IICT, BUET, 2008
100 standardized MIBs, even
more vendor-specific are defined,
e.g.
[RFC 2011] specifies the MIB
module that defines managed
objects for managing
implementations of the Internet
Protocol (IP) and its associated
Internet Control Message Protocol
(ICMP).
[RFC 2012] specifies the MIB
module for TCP and [RFC 2013]
specifies the MIB module for UDP.
ICT 6621 : Advanced Networking
SMI: Object, Module Examples
ipInDeliversobject type definition
(from [RFC 2011]) defines a 32-bit
counter which keeps track of the number
of IP datagrams that were received at the
managed node
OBJECT-TYPE: ipInDelivers
ipInDelivers OBJECT TYPE
SYNTAX
Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
“The total number of input
datagrams successfully
delivered to IP userprotocols (including ICMP)”
::= { ip 9}
Khaled Mahbub, IICT, BUET, 2008
ipMIB module definition for management
of the IP protocol:
MODULE-IDENTITY: ipMIB
ipMIB MODULE-IDENTITY
LAST-UPDATED “941101000Z”
ORGANZATION “IETF SNPv2
Working Group”
CONTACT-INFO
“ Keith McCloghrie
……”
DESCRIPTION
“The MIB module for managing IP
and ICMP implementations, but
excluding their management of
IP routes.”
REVISION “019331000Z”
………
::= {mib-2 48}
ICT 6621 : Advanced Networking
SNMP Naming
question: how to name every possible standard object
(protocol, data, more..) in every possible network
standard
answer: ISO Object Identifier tree:
– hierarchical naming of all objects
– each branch point has name, number
1.3.6.1.2.1.7.1
ISO
ISO-ident. Org.
US DoD
Internet
Khaled Mahbub, IICT, BUET, 2008
udpInDatagrams
UDP
MIB2
management
ICT 6621 : Advanced Networking
OSI Object Identifier Tree
Khaled Mahbub, IICT, BUET, 2008
ICT 6621 : Advanced Networking
MIB Example: UDP Module
Object ID
Name
Type
Comments
1.3.6.1.2.1.7.1
UDPInDatagrams
Counter32
total number of UDP datagrams
delivered to UDP users
1.3.6.1.2.1.7.2
UDPNoPorts
Counter32
total number of received UDP
datagrams for which there was no
application at the destination port
1.3.6.1.2.1.7.3
UDInErrors
Counter32
number of received UDP
datagrams that could not be
delivered for reasons other than
the lack of an application at the
destination port
1.3.6.1.2.1.7.4
UDPOutDatagrams
Counter32
total number of UDP datagrams
sent from this entity
1.3.6.1.2.1.7.5
udpTable
SEQUENCE
of UdpEentry
a sequence of UdpEntry objects,
one for each port that is currently
open by an application, giving the
IP address and the port number
used by application
Khaled Mahbub, IICT, BUET, 2008
ICT 6621 : Advanced Networking
SNMP Protocol
Two ways to convey MIB information and commands:
managing
managing
entity
entity
request
response
agent data
Managed device
request/response mode: used to
query (retrieve) or modify (set) MIB
object values associated with a
managed device.
Khaled Mahbub, IICT, BUET, 2008
trap msg
agent data
Managed device
trap mode: used to notify a
managing entity of an exceptional
situation that has resulted in changes
to MIB object values.
ICT 6621 : Advanced Networking
SNMP Protocol: Message Types
Message type
GetRequest
GetNextRequest
GetBulkRequest
InformRequest
SetRequest
Response
Trap
Khaled Mahbub, IICT, BUET, 2008
Function
Mgr-to-agent: “get me data”
(instance,next in list, block)
Mgr-to-Mgr: here’s MIB value
Mgr-to-agent: set MIB value
Agent-to-mgr: value, response to
Request
Agent-to-mgr: inform manager
of exceptional event
ICT 6621 : Advanced Networking
SNMP Protocol: Message Formats
Khaled Mahbub, IICT, BUET, 2008
ICT 6621 : Advanced Networking
SNMP Protocol: Message Formats
Khaled Mahbub, IICT, BUET, 2008
ICT 6621 : Advanced Networking
SNMP Applications
• Typically a SNMP applications consist of two
parts:
– managing entity includes
• a command generator: generates the GetRequest,
GetNextRequest, GetBulkRequest and SetRequest PDUs
• notification receiver: receive and process Trap PDUs
• proxy forwarder: forwards request, notification, and response
PDUs.
– agent in managed device includes
• a command responder: receives, processes and replies to
received GetRequest, GetNextRequest, GetBulkRequest and
SetRequest PDUs.
• notification originator: generates Trap PDUs.
Khaled Mahbub, IICT, BUET, 2008
ICT 6621 : Advanced Networking
SNMP Engine and Application
Khaled Mahbub, IICT, BUET, 2008
ICT 6621 : Advanced Networking
SNMP Security and Administration
• encryption: DES-encrypt SNMP message
• authentication: compute, send MIC(m,k):
compute hash (Message Integrity Code: MIC)
over message (m), and secret shared key (k)
• protection against playback: use nonce
• view-based access control
– SNMP entity maintains database of access rights,
policies for various users
– database itself accessible as managed object!
Khaled Mahbub, IICT, BUET, 2008
ICT 6621 : Advanced Networking
Outline
• Network management concepts
• Internet-standard management framework (SNMP)
–
–
–
–
Structure of Management Information: SMI
Management Information Base: MIB
SNMP Protocol Operations and Transport Mappings
Security and Administration
• Abstract Syntax Notation One (ASN.1)
Khaled Mahbub, IICT, BUET, 2008
ICT 6621 : Advanced Networking
The Presentation Problem
Q: does perfect memory-to-memory copy solve “the
communication problem”?
A: not always!
struct {
char code;
int x;
} test;
test.x = 259;
test.code=‘a’
test.code
test.x
a
00000001
00000011
host 1 format
test.code
test.x
a
00000011
00000001
host 2 format
259 in decimal is equivalent to binary 1 00000011
problem: different data format, storage conventions
Khaled Mahbub, IICT, BUET, 2008
ICT 6621 : Advanced Networking
Presentation Problem: Potential Solutions
1. Sender learns receiver’s format. Sender
translates into receiver’s format. Sender sends.
2. Sender sends. Receiver learns sender’s format.
Receiver translate into receiver-local format
3. Sender translates host-independent format.
Sends. Receiver translates to receiver-local
format.
Khaled Mahbub, IICT, BUET, 2008
ICT 6621 : Advanced Networking
Solving the Presentation Problem
1. Translate local-host format to host-independent format
2. Transmit data in host-independent format
3. Translate host-independent format to remote-host format
Khaled Mahbub, IICT, BUET, 2008
ICT 6621 : Advanced Networking
ASN.1: Abstract Syntax Notation One
• ISO standard X.680
– used extensively in Internet
• defined data types, object constructors
– like SMI
• BER: Basic Encoding Rules
– specify how ASN.1-defined data objects to be
transmitted
– each transmitted object has Type, Length, Value
(TLV) encoding
Khaled Mahbub, IICT, BUET, 2008
ICT 6621 : Advanced Networking
TLV Encoding
Idea: transmitted data is self-identifying
– T: data type, one of ASN.1-defined types
– L: length of data in bytes
– V: value of data, encoded according to ASN.1 standard
Tag Value
1
2
3
4
5
6
9
Khaled Mahbub, IICT, BUET, 2008
Type
Boolean
Integer
Bitstring
Octet string
Null
Object Identifier
Real
ICT 6621 : Advanced Networking
TLV Encoding: Example
Value, 259
Length, 2 bytes
Type=2, integer
Value, 5 octets (chars)
Length, 5 bytes
Type=4, octet string
Khaled Mahbub, IICT, BUET, 2008
ICT 6621 : Advanced Networking
Reading Material
• Chapter 8 – text3 (Kurose)
• Chapter 25 – text1 (Stevens)
Khaled Mahbub, IICT, BUET, 2008
ICT 6621 : Advanced Networking