Transcript Trap
Network Monitoring Learning outcomes At the end of this session, you should be able to: – Explain the uses of network monitoring – Explain the operation of SNMP – Differentiate between SNMP and RMON – Explain the construction of MIBs – Construct a simple network monitoring strategy using SNMP commands and MIBs – Distinguish the advantages and disadvantages of network monitoring Dr Alejandra Flores-Mosri Internet Management & Security 06 Network Monitoring Introduction Network monitoring and management is used to ensure that: • Resources are operating optimally • As many faults as possible are prevented • Faults are identified and fixed timely Dr Alejandra Flores-Mosri Internet Management & Security 06 Network Monitoring Introduction SNMP in TCP/IP Remember this? Dr Alejandra Flores-Mosri Internet Management & Security 06 Network Monitoring Introduction SNMP in TCP/IP and this? Dr Alejandra Flores-Mosri Internet Management & Security 06 Network Monitoring Network Management Protocols • SNMP is an application layer protocol that facilitates the exchange of management information between network devices. • It is part of the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite. • SNMP enables network administrators to manage network performance, find and solve network problems, and plan for network growth. Dr Alejandra Flores-Mosri Internet Management & Security 06 Network Monitoring Introduction SNMP-managed network consists of three key components: managed devices, agents, and network-management systems (NMSs). Dr Alejandra Flores-Mosri Internet Management & Security 06 Network Monitoring Introduction More accurately…with flow Dr Alejandra Flores-Mosri Internet Management & Security 06 Network Monitoring Resources & Elements NMS Network Management System (Station) NMA Network Management Agent NMP Network Management Protocol NMA NMA Resources: any device attached to the network. NMA NMS NMA NMA NMA NMA NMA NMA NMA NMA NMS Dr Alejandra Flores-Mosri Internet Management & Security 06 Network Monitoring SNMP v1 SNMP – Basic Commands Managed devices are controlled using 4 basic commands and traversal operation: • read - command is used by an NMS to monitor managed devices. The NMS examines different variables that are maintained by managed devices. • write - command is used by an NMS to control managed devices. The NMS changes the values of variables stored within managed devices. • Trap - command is used by managed devices to asynchronously report events to the NMS. When certain types of events occur, a managed device sends a trap to the NMS. Dr Alejandra Flores-Mosri Internet Management & Security 06 Network Monitoring SNMP v1 SNMP – Basic Commands Traversal operations are used by the NMS to determine which variables a managed device supports and to sequentially gather information in variable tables, such as a routing table. Dr Alejandra Flores-Mosri Internet Management & Security 06 Network Monitoring SNMP v1 SNMP – Simple Network Management Protocol Basic operation: • Polls – NMS query NMAs in devices about specific status and NMAs respond to NMS • Traps – NMAs in devices inform NMS of changes in status (need to be configured) Polls and traps can occur simultaneously Dr Alejandra Flores-Mosri Internet Management & Security 06 Network Monitoring Network Management Protocols • Network Management Protocols determine how the NMS and the NMAs will work and the information they provide and collect: – SNMP v1 – SNMP v2 – SNMP v3 (not really an NMP) – RMONv1 – RMONv2 Dr Alejandra Flores-Mosri Internet Management & Security 06 Network Monitoring Structure of Management Information and MIBs • The Structure of Management Information (SMI) is the way in which an NMS organises collected information. • A Management Information Base (MIB) is the way in which an NMA organises the monitored information: – is a collection of information that is organized hierarchically. – MIBs are accessed using a networkmanagement protocol such as SNMP.. Dr Alejandra Flores-Mosri Internet Management & Security 06 Network Monitoring Structure of Management Information and MIBs • SMI defines the managed objects and MIB is a managed object. • Managed objects are comprised of one or more object instances, which are essentially variables. • Two types of managed objects exist: scalar and tabular: – Scalar objects define a single object instance. – Tabular objects define multiple related object instances that are grouped in MIB tables. Dr Alejandra Flores-Mosri Internet Management & Security 06 Network Monitoring MIB-II Standard MIBs are defined by the MIB-II RFC (rfc 1213) and address general TCP/IP management information – Interface speeds – Maximum Transfer Unit (MTU) – Octets sent – Octets received (MIB was the original standard but was absorbed by MIB-II) Dr Alejandra Flores-Mosri Internet Management & Security 06 Network Monitoring Dr Alejandra Flores-Mosri SMI object tree Internet Management & Security 06 Network Monitoring Other standard MIBs Other standard MIBs have been defined by the standard groups for several purposes: – ATM MIB (RFC 2515) – Frame Relay DTE Interface type MIB (RFC 2115) – Mail Monitoring MIB (RFC 2249) – DNS Server MIB (RFC 1611) Network managers are also able to design ad hoc MIBs for their network devices. Dr Alejandra Flores-Mosri Internet Management & Security 06 Network Monitoring SNMP main characteristics • Uses UDP as a transport protocol (port 162 for polls and 161 for traps) • Security by using community names: – Read-only – Read-write – Trap • SNMPv1 basic version • SNMPv2 enhances SNMPv1 • SNMPv3 adds security to SNMPv2 Dr Alejandra Flores-Mosri Internet Management & Security 06 Network Monitoring SNMP commands SNMPv1 PDU SNMPv2 PDU Direction Description GetRequest GetRequest NMS NMA Request value for each listed object GetRequest GetRequest NMS NMA Request next value for each listed object ------ GetBulkRequest NMS NMA Request multiple values SetRequest SetRequest NMS NMA Set value for each listed object ------ InformRequest NMS NMS Transmit unsolicited information GetResponse Response NMA NMS NMS NMS Respond to manager request ------ Report (implemented in SNMPv3) NMS NMS Problems with processing SNMP messages Notification NMA NMS As trap but with same format as get & set SNMPv2-Trap NMA NMS Transmit unsolicited information Trap Dr Alejandra Flores-Mosri Internet Management & Security 06 Network Monitoring Remote Monitoring (RMON) • RMONv1 – Monitors that watch traffic on network segments in LANs or WANs – Also uses MIBs in order to organise information – Some vendors include the probing (polling) facility • RMONv2 – Enhances RMONv1 by providing network and application level statistical gathering (like passive network measurement) Dr Alejandra Flores-Mosri Internet Management & Security 06 Network Monitoring Remote Monitoring (RMON) • An RMON Probe Can Send Statistical Information to an RMON Console Dr Alejandra Flores-Mosri Internet Management & Security 06 Network Monitoring Advantages & Disadvantages Advantages • Network monitoring allows a centralised vision of all of the devices in the network • Allows flexibility and mobility to network managers Disadvantages • Introduces administration traffic into the network (roughly 5% of all traffic is control traffic) • Needs careful planning on traps and polls in order to maintain the balance between management and bandwidth utilisation. Dr Alejandra Flores-Mosri Internet Management & Security 06 Network Monitoring Conclusions • Network monitoring facilitates the task of managing several devices at a time • The network monitoring centres need to be manned at all times for large networks and the network manager needs to be on call at all times for smaller networks • SNMP provides a set of simple commands that collect a wide range of information about devices through MIBs • RMON is similar to passive traffic measurement and allows minimal probing of devices Dr Alejandra Flores-Mosri Internet Management & Security 06 Network Monitoring • • • • • Resources SNMPv1 - RFC 1157 SNMPv2 - RFC 1905, 1906, 1907 SNMPv3 - RFC 2571, 2573, 2574, 2575 RMONv2 - RFC 2021 RFCs can be found at: http://www.ietf.org/rfc.html • D. R. Mauro, Essential SNMP, O’Reilly. 2001 • CISCO Internetworking Technology Handbook : http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/ Dr Alejandra Flores-Mosri Internet Management & Security 06