Slides - TNC 2007

Download Report

Transcript Slides - TNC 2007

Automated Management of Large IP Networks
Introduction Context Options
Solution
Conclusions
Automated Management of
Large IP Networks
[email protected]
[email protected]
Terena Networking Conference 2007
21-24 May 2007, Copenhagen, Denmark
Automated Management of Large IP Networks
Introduction Context Options
Solution
Conclusions
Introduction
Context
Choosing Options
Our Solution
Conclusion
Automated Management of Large IP Networks
Introduction Context Options
Solution
Conclusions
Today Large IP Networks tend to
be...
Fast growing
Heterogeneous
Difficult to maintain
Difficult to control
So a new concept arises:
“Network Growth Sustainability”
Automated Management of Large IP Networks
Introduction Context Options
Solution
Conclusions
A “Sustainable Growing Network”
would...
Reuse rather than buy new hardware
Recycle rather than enlarge the IP
address pools or maintain inactive
addresses or devices
Reduce the incident handling time
Automated Management of Large IP Networks
Introduction Context Options
Solution
Conclusions
And answer questions like...
In a full switch stack, can I recycle a port and give
service to a new network jack without having to enlarge
the stack? Which is the port that has been for longer
unused?
Who is the owner of this fake (DHCP) server? Can I
quarantine it from my management console?
Where has been connected this node with a (default
router) duplicate address?
What is the L2 traceroute of a given MAC address?
Who is the owner of this node that 10 days ago
generated a security incident I’m processing now?
Automated Management of Large IP Networks
Introduction Context Options
Solution
Conclusions
But let me not to spend my time...
On routine tasks like registering a new node in
the network (let the user self service it)
Searching through bridge tables to find in which
port is a problematic MAC address
Following the wires in the wiring closet
Moving stations from one subnet to another
Calling my users to find out who is the owner of
that 10 days ago incident machine
Automated Management of Large IP Networks
Introduction Context Options
Solution
Conclusions
We wanted to apply this philosophy to
our network whose main traits are:
Centralized Network Management…
But not access to user nodes
Multi brand multi generation hardware
+700 Network Switch or Router nodes all
of them SNMP enabled
+14.000 User Network Ports
+420 L2-L2 links
Public and static DHCP served addressing
+10.000 User Network Nodes
Automated Management of Large IP Networks
Automated Management of Large IP Networks
Introduction Context Options
Solution
Conclusions
Are there “Sustainable” Products in the
Market?
Network Infrastructure oriented (like HP
Openview)
IP Inventory oriented (like ALM)
“NAC” type oriented (like CISCO’s NAC or
Enterasys UPN)
No one met our requirements but…
Automated Management of Large IP Networks
Introduction Context Options
Solution
Conclusions
Promising free software
+
The will to develop
=
Automated Management of Large IP Networks
Solution ->
Objectives
Products
Own Development
Snapshot
Main Objectives
Better service time on user network
related tasks: automated self service
To keep an Up-to-date Inventory
Have all the information for keeping
the network growing sustainable
Automated Management of Large IP Networks
Solution ->
Objectives
Products
Own Development
Snapshot
For better service time
on user node network tasks
Change management procedures on
DNS and DHCP services
User-centred approach self service
Automated Management of Large IP Networks
Solution ->
Objectives
Products
Own Development
Snapshot
Build Network Management upon Sauron..
GPL licensed product for integrated
management of DNS and DHCP services
provided by Jyväskylä University
(Finland)
http://sauron.jyu.fi/
Automated Management of Large IP Networks
Solution ->
Objectives
Products
Own Development
Snapshot
Sauron Openet used Features
Network Services Database Oriented
ISC configuration files generation
IP Address Space Statistics
Command line Interaction
Subnets Movement
Massive Import Tools
Automated Management of Large IP Networks
Solution ->
Objectives
Products
Own Development
Snapshot
To keep an up-to-date Inventory...
We needed a multi-brand
multi-generation network
monitor platform
Automated Management of Large IP Networks
Solution ->
Objectives
Products
Own Development
Snapshot
To Build a real time inventory using Netdisco
Open Source product BSD licensed
for network management and control
originally developed by Max Baker on
UC Santa Cruz's NTS department
http://www.netdisco.org
Automated Management of Large IP Networks
Solution ->
Objectives
Products
Own Development
Snapshot
Netdisco Openet used Features
Active inventory of network nodes
IP Address – MAC Address – Switch Port
Network equipment Inventory
Topology History Changes Registry
Node search
Auto-Discovery functions
Automated Management of Large IP Networks
Solution ->
Objectives
Products
Own Development
Is it enough ?
Active and
Static Data,
But
Automated ?
Snapshot
Automated Management of Large IP Networks
Solution ->
Objectives
Products
Own Development
Snapshot
What is missing?
Infrastructure Inventory Relation
Process Automation
Reporting
Alarm management
Geographic Location
Automated Management of Large IP Networks
Solution ->
Objectives
Products
Own Development
Snapshot
What do we have to keep in our
Inventory:
For every Network Node its Responsible User
For every Network Node its Network Switch Port
where it’s connected
For every Network Switch its Geographic Location
2004
Change History
2007
Automated Management of Large IP Networks
Solution ->
Objectives
Products
Own Development
Snapshot
Infrastructure Inventory relation...
Network
Declared
Inventory
Nodes
Network
Discovered
Nodes
The more both sources
match, the better
Automated Management of Large IP Networks
Solution ->
Objectives
Products
Own Development
Snapshot
Component Relation
IT Personnel
Management
and Control
Console
Self Service
Module
Staff
Inventory
Module
DNS/DHCP
Active
Inventory
Module
Automated Management of Large IP Networks
Solution ->
Objectives
Products
Own Development
Snapshot
Self Service Module
User delegated actions
Automated Management of Large IP Networks
Solution ->
Objectives
Products
Own Development
Snapshot
Management and Control Module offers
Visible Services - Controlled Transparent Networks
Devices, Port
Control, AutoInventory,
Innactive Hosts, xSubnet Reports,
Infraestructure Relation, Innactive Ports,
,Users-Host Relation,
Multihost Ports,
Autoranges
New Installations
Automated Management of Large IP Networks
Automated Management of Large IP Networks
Solution ->
Objectives
Products
Own Development
Snapshot
A final snapshot...
Active Inventory
Front-End
Back-End
Cron
Static Inventory
SNMP::Info
Netdisco
Shared
Library
Apache Web Server
Cron
Sauron
Mason
Components
Database
Database
Admin
Daemon
DHCP
Switches and Routers
IT Staff
Management Module
Users
Database
BIND
Automated Management of Large IP Networks
Introduction Context Options
Solution
Conclusions
After one year using Openet...
More control and happier users
Better response time on (security) incidents
Network resource optimization
Network Topology and Inventory Up-to-date
We have now a “Sustainable Growing Network”
Automated Management of Large IP Networks
Introduction Context Options
Solution
Conclusions
Thank you for your attention!
Any
question?
+Info
[email protected]
[email protected]
[email protected]