Transcript Network Management Applications

In the Name of the Most High
Network Management Applications
by
Behzad Akbari
Fall 2008
1
Network and Systems Management
Business
Management
Service
Management
Network
Management
System
Management
Element
Management
Resource
Management
Network
Elements
System
Resources
Networked Information Systems
2
Management Applications
• OSI Model
• Configuration
• Fault
• Performance
• Security
• Accounting
• Reports
• Service Level Management
• Policy-based management
3
Configuration Management
• Inventory Management
• Equipment
• Facilities
• Network Topology
4
Network Topology
• Manual
• Auto-discovery by NMS using
• Broadcast ping
• ARP table in devices
• Mapping of network
• Layout
• Layering
• Views
• Physical
• Logical
5
Network Topology Discovery
163.25.145.0 163.25.146.0
140.112.8.0
140.112.6.0
163.25.146.128
163.25.147.0
140.112.5.0
192.168.13.0
192.168.12.0
6
Discovery In a Network

What to be discovered in a network ?

Node Discovery


Network Discovery


The topology of networks of interest
Service Discovery


The network devices in each network segment
The network services provided
Network Topology Discovery

Network Discovery + Node Discovery
7
Node Discovery

Node Discovery


Given an IP Address, find the nodes in the same
network.
Two Major Approaches:


Use Ping to query the possible IP addresses.
Use SNMP to retrieve the ARP Cache of a known
node.
8
Use ICMP ECHO


Eg: IP address: 163.25.147.12
Subnet mask: 255.255.255.0
All possible addresses:




163.25.147.1 ~ 163.25.147.254
For each of the above addresses, use ICMP ECHO
to inquire the address
If a node replies (ICMP ECHO Reply), then it is
found.
Broadcast Ping
9
Use SNMP

Find a node which supports SNMP



The given node, default gateway, or router
Or try a node arbitrarily
Query the ipNetToMediaTable in MIB-II IP
group (ARP Cache)
ipNetToMediaPhysAddress
ipNetToMediaType
ipNetToMediaIfIndex
ipNetToMediaNetAddress
1
2
00:80:43:5F:12:9A
00:80:51:F3:11:DE
163.25.147.10 dynamic(3)
163.25.147.11 dynamic(3)
10
Network Discovery

Network Discovery


Key Issue:


Find the networks of interest with their
interconnections
Given a network, what are the networks directly
connected with it ?
Major Approach

Use SNMP to retrieve the routing table of a router.
11
Default Router
Routing table
12
Mapping of network
16
Traditional LAN Configuration
Hub 1
Port A
Segment A
A1
Hub 1
A2
Port A
Segment A
A1
Router
Physical
A2
Port B
Segment B
Router
B1
Hub 2
B2
Port B
Figure 13.2 LAN Segment
PhysicalBConfiguration
B1
Hub 2
B2
Figure 13.2 LAN Physical Configuration
A1
A2
Segment A / Hub 1
Logical
A1
A2
Segment A / Hub 1
Router
Segment B / Hub 2
Router
B1
Segment B / Hub 2
B2
17
Virtual LAN Configuration
Hub 1
Segment A
A1
Physical
B1
Segment B
Port A / Segment A
Port A / Segment B
Segment A
Router
Switch
A2
Segment B
Hub 2
B2
Figure 13.4 VLAN Physical Configuration
A1 (Hub 1)
A2 (Hub 2)
Segment A / Hub 1 & 2
Logical
Router
switch
Segment B / Hub 1 & 2
B1 (Hub 1)
B2 (Hub 2)
18
Fault Management
•
•
•
Fault is a failure of a network component
Results in loss of connectivity
Fault management involves:
• Fault detection
• Polling
• Traps: linkDown, egpNeighborLoss
• Fault location
• Detect all components failed and trace
down the tree topology to the source
• Fault isolation by network and SNMP tools
• Use artificial intelligence /
correlation techniques
• Restoration of service
• Identification of root cause of the problem
• Problem resolution
19
Performance Management
• Tools
• Protocol analyzers
• RMON
• MRTG
• Performance Metrics
• Data Monitoring
• Problem Isolation
• Performance Statistics
20
Performance Metrics
•
Macro-level
• Throughput
• Response time
• Availability
• Reliability
•
Micro-level
• Bandwidth
• Utilization
• Error rate
• Peak load
• Average load
21
Performance Statistics
• Traffic statistics
• Error statistics
• Used in
• QoS tracking
• Performance tuning
• Validation of SLA (Service Level Agreement)
• Trend analysis
• Facility planning
• Functional accounting
22
Event Correlation Techniques
•
Basic elements
• Detection and filtering of events
• Correlation of observed events using AI
• Localize the source of the problem
• Identify the cause of the problem
•
Techniques
• Rule-based reasoning
• Model-based reasoning
• Case-based reasoning
• Codebook correlation model
• State transition graph model
• Finite state machine model
23
Security Management
•
•
•
•
•
•
•
•
•
Security threats
Policies and Procedures
Resources to prevent security breaches
Firewalls
Cryptography
Authentication and Authorization
Client/Server authentication system
Message transfer security
Network protection security
24
Security Threats
• Modification of information: Contents modified by
unauthorized user, does not include address change
• Masquerade: change of originating address by
unauthorized user
• Message Stream Modification: Fragments of message altered
by an unauthorized user to modify the meaning of the message
• Disclosure
• Eavesdropping
• Disclosure does not require interception of message
• Denial of service and traffic analysis are not considered as
threats.
25
Security Threats
Modification of information
Masquerade
Message stream modification
Management
Entity A
Management
Entity B
Disclosure
Figure 7.10 Security Threats to Management Information
26
Polices and Procedures
Basic guidelines to set up policies and procedures:
1. Identify what you are trying to protect.
2. Determine what you are trying to protect it from.
3. Determine how likely the threats are.
4. Implement measures, which will protect your assets in
a cost-effective manner.
5. Review the process continuously and make
improvements to each item if a weakness is found.
27
Secured Communication Network
Client A
Firewall
Gateway
Secured
Network A
Client B
Router
Network B
Server A
No Security Breaches ?
Figure 13.30 Secured Communication Network
• Firewall secures traffic in and out of Network A
• Security breach could occur by intercepting the
message going from B to A, even if B has
permission to access Network A
• Most systems implement authentication with user
id and password
• Authorization is by establishment of accounts
28
Firewalls
•
•
•
Protects a network from external attacks
Controls traffic in and out of a secure network
Could be implemented in a router, gateway, or
a special host
• Benefits
• Reduces risks of access to hosts
• Controlled access
• Eliminates annoyance to the users
• Protects privacy
• Hierarchical implementation of policy and
and technology
29
Packet Filtering Firewall
Trash
Ethernet
SMTP Gateway
FTP Gateway
Packet Filtering
Router
Internet
Screened
SMTP & FTP
Secured Network
Figure 13.31 Packet Filtering Router
30
Packet Filtering
• Uses protocol specific criteria at DLC, network,
and transport layers
• Implemented in routers - called screening router or
packet filtering routers
• Filtering parameters:
• Source and/or destination IP address
• Source and/or destination TCP/UDP port
address, such as ftp port 21
• Multistage screening - address and protocol
• Works best when rules are simple
31
Application Level Gateway
Secured
Network
Firewall 1
Secured
LAN
Firewall 2
Internet
Proxy
Services
Application
Gateway
Figure 13.32 Application Level Gateway
DMZ
(De-Militarized Zone)
32
Authentication Server
User
Input
Client
Workstation
Authentication
Authentication
Server
Proxy Server
Service
Application
Server /
Service
Authentication
Figure 13.39 Authentication Server
33
Authentication Server
•
•
•
•
•
Architecture of Novell LAN
Authentication server does not issue ticket
Login and password not sent from client workstation
User sends id to central authentication server
Authentication server acts as proxy agent to the
client and authenticates the user with the application
server
• Process transparent to the user
34
Accounting Management
•
•
•
•
•
Least developed
Usage of resources
Hidden cost of IT usage (libraries)
Functional accounting
Business application
35
Report Management
Table 13.1 Planning and Management Reports
Category
Quality of service /
Service level agreement
Traffic trends
Technology trends
Cost of Operations
Reports
Network availability
Systems availability
Problem reports
Service response
Customer satisfaction
Traffic patterns
Analysis of internal traffic volume
Analysis of external traffic volume
Current status
Technology migration projection
Functional
Usage
Personnel
36
Table 13.2 System Reports
Category
Traffic
Failures
Performance
Reports
Traffic load - internal
Traffic load - external
Network failures
System failures
Network
Servers
Applications
Table 13.3 User Reports
Category
Service level agreement
User specific reports
Reports
Network availability
System availability
Traffic load
Performance
User-defined reports
37
Policy-Based Management
Network
Attributes
Policy Space
Domain Space
Policy Driver
Action Space
Rule Space
38
Policy-Based Management
• Domain space consists of objects (alarms with
attributes)
• Rule space consists of rules (if-then)
• Policy Driver controls action to be taken
• Distinction between policy and rule; policy assigns
responsibility and accountability
• Action Space implements actions
39
Service Level Management
• SLA management of service equivalent to
QoS of network
• SLA defines
• Identification of services and characteristics
• Negotiation of SLA
• Deployment of agents to monitor and control
• Generation of reports
• SLA characteristics
• Service parameters
• Service levels
• Component parameters
• Component-to-service mappings
40