Organized by: Nada Alhirabi Edited By Maysoon ALDuwais NET 311

Organized by: Nada Alhirabi Edited By Maysoon ALDuwais NET 311 Lecture 2: Infrastructure of Network Management Part1 from : Computer Networking: A Top Down Approach 6th edition – Chapter 9 1

Outline Structure of Management Information: SMI Management Information Base: MIB SNMP Protocol Operations and Transport Mappings Security and Administration Network Management What is network management? Internet-standard management framework 9-2

What is network management? (common network administrator) on behalf of a single administrative entity (such as a university, a business enterprise, or a business division). other complex systems requiring monitoring, control: jet airplane - nuclear power plant - others? Network Management autonomous systems (aka “network”): An autonomous system (AS) is a network or a collection of networks that are all managed and supervised by a single entity or organization. 9-3

Network management “includes the deployment, integration and coordination of the hardware, software, and human elements to monitor, test, poll, configure, analyze, evaluate, and control the network and element resources to meet the real-time, operational performance, and Quality of Service requirements at a reasonable cost."

definitions: managing entity managing data entity rk netwo ent m e g mana tocol agent data pro managed device agent data managed devices contain managed objects whose data is gathered into a agent data Management managed device Information Base (MIB) agent data managed device Network Management Architecture for network management agent data managed device managed device 9-5

Architecture for network management (TCP/IP network management model) 1. Management station 2. Management agent 3. Management information base 4. Network management protocol 6

Management Station (Managing Entity) Is a stand-alone device A set of management applications for data analysis, fault recovery An interface by which network manager monitors and controls the network A database of information extracted from the MIBs of all the managed entities in the network 7

Management Station (Managing Entity) Performs the monitoring function by retrieving the value of MIB objects Cause an action to take place at an agent Changes the configuration settings at an agent by modifying the value of specific variables 8

Management Agent (Managed Device) Equipped on key platforms Hosts, bridges, routers, and hubs Managed from a management station Responds to requests for information Action from the management station Asynchronously provides the management with important but unsolicited information 9

Management Information Base Object Represented the managed resources in the network Is a data variable that represents one aspect of managed agent MIB The collection of objects (Data Base) Functions as a collection of access points at the agent for the management station. Objects are standardized across systems of a particular class Used for the management of routers 10

Network Management Protocol Links the management station and agents Example: SNMP Simple Network Management Protocol OSI CMIP (Common Management Information Protocol) 11

Network Management Protocols OSI CMIP Common Management Information Protocol designed 1980’s: the unifying net management standard too slowly standardized SNMP: Simple Network Management Protocol Internet roots (SGMP) started simple deployed, adopted rapidly growth: size, complexity currently: SNMP V3 de facto network management standard Network Management The purpose of Network management protocol is to links the management station and agents 9-12

SNMP overview: 4 key parts Management information base (MIB): distributed information store of network management data Structure of Management Information (SMI): SNMP protocol The link between manager - managed object info, commands security, administration capabilities major addition in SNMPv3 Network Management data definition language for MIB objects 9-13

SMI: data definition language basic data types OBJECT-TYPE data type, status, semantics of managed object MODULE-IDENTITY groups related objects into MIB module Basic Data Types INTEGER Integer32 Unsigned32 OCTET STRING OBJECT IDENTIFIED IPaddress Counter32 Counter64 Guage32 Time Ticks Opaque Network Management Purpose: syntax, semantics of management data well-defined, unambiguous 9-14

SNMP MIB MODULE OBJECT TYPE: OBJECT TYPE:OBJECT TYPE: Network Management MIB module specified via SMI MODULE-IDENTITY (100 standardized MIBs, more vendor-specific) objects specified via SMI OBJECT-TYPE construct 9-15

SMI: object, module examples ipInDelivers OBJECT TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION “The total number of input datagrams successfully delivered to IP userprotocols (including ICMP)” :: { ip 9} MODULE-IDENTITY: ipMIB ipMIB MODULE-IDENTITY LAST-UPDATED “941101000Z” ORGANZATION “IETF SNPv2 Working Group” CONTACT-INFO “ Keith McCloghrie ” DESCRIPTION “The MIB module for managing IP and ICMP implementations, but excluding their management of IP routes.” REVISION “019331000Z” 9-16 :: {mib-2 48} Network Management OBJECT-TYPE: ipInDelivers

MIB example: UDP module Object ID Name Type 1.3.6.1.2.1.7.1 UDPInDatagrams Counter32 Comments total # datagrams delivered at this node UDPNoPorts Counter32 # underliverable datagrams: no application at port 1.3.6.1.2.1.7.3 UDInErrors Counter32 # undeliverable datagrams: all other reasons 1.3.6.1.2.1.7.4 UDPOutDatagrams Counter32 1.3.6.1.2.1.7.5 udpTable SEQUENCE # datagrams sent Network Management 1.3.6.1.2.1.7.2 one entry for each port in use by app, gives port # and IP address 9-17

SNMP naming hierarchical naming of all objects each branch point has name, number Network Management question: how to name every possible standard object (protocol, data, more.) in every possible network standard? answer: ISO Object Identifier tree: 1.3.6.1.2.1.7.1 ISO ISO-ident. Org. US DoD Internet udpInDatagrams UDP MIB2 management 9-18

Network Management OSI Object Identifier Tree 9-19

Overview and basic concepts An SNMP-managed network consists of three key components: Managed device Agent — software which runs on managed devices Network management station (NMS) — software which runs on the manager

Network Management Protocol Architecture Designed to be an application-level protocol that is part of the TCP/IP protocol suite Operates over UDP Management Station Manager process Controls access to a central MIB at the management station Provides an interface to the network manager Achieves network management by using SNMP Implemented on top of UDP. IP, and the relevant network-dependent protocols Managed devices Agent Implements SNMP, UDP, IP Interprets the SNMP messages and controls the agent’s MIB 21

Configuration of SNMP 22

Overview and basic concepts

SNMP protocol Two ways to convey MIB info, commands: managing entity Network Management managing entity request response agent data managed device request/response mode trap msg agent data managed device trap mode 24

Network Management Example A management application of network management station NMS calls for the service of the management process The management process calls the SNMP manager The SNMP manager constructs a request packet and sends it to SNMP agent The SNMP agent passes the packet to the agent process The agent process accesses the values of the requested variable and passes it to the SNMP agent 25

Network Management Example The SNMP agent constructs the response packet And sent it to the SNMP manager The SNMP manager receives the response packet and passes it to management process The management process either passes the requested values to the application program that displays it, perhaps using a Graphical User Interface (GUI), or stores it in memory for later retrieval. 26

SNMP Protocol SNMP management station getRequest getNextRequest setRequest SNMP agent GetResponse The form of acknowledged message by the agent Passed up to the management application Trap MIB and the underlying managed resources Issues by agent to response to an event that effects the 27

The Role of SNMP 28

SNMP protocol: message formats Variables to get/set PDU type (0-3) PDU type 4 Request ID Error Status (0-5) Enterprise Agent Addr Error Index Trap Type (0-7) Value . Name Value Name Specific code Time stamp Name Value . Trap header Network Management Get/set header Trap info SNMP PDU 29

SNMP protocol: message types The seven SNMP protocol data unit (PDU) types are as follows: Function Message type InformRequest SetRequest Response Mgr-to-agent: “get me data” (instance,next in list, block) Mgr-to-Mgr: here’s MIB value Mgr-to-agent: set MIB value Network Management GetRequest GetNextRequest GetBulkRequest Agent-to-mgr: value, response to Request 30 Trap Agent-to-mgr: inform manager of exceptional event

Trap Directed Polling If the number of managed agents is large, and if each agent maintains a large number of objects Management station becomes impractical regularly to poll all agents for all object data At initialization time, and at infrequent intervals Management station poll all of the agents for some key information Interface characteristics Baseline performance statistics Packet count 31

Trap Directed Polling Once baseline is established Management station refrains from polling Each agent notifies the management station of any unusual event – Trap Triggers Agent crashes and is rebooted Link fails Overload condition as defined by the packet load goes beyond its normal load. 32

Trap Directed Polling Management station may choose to take some action Altered to an exception condition May directly poll to the agent reporting the event and to some nearby agents to diagnose any problem Gain more specific information about the exception condition Results in substantial savings of network capacity and agent processing time 33

encryption: DES-encrypt SNMP message authentication: compute, send MIC(m,k): compute hash (MIC) over message (m), secret shared key (k) protection against playback: use nonce view-based access control: SNMP entity maintains database of access rights, policies for various users database itself accessible as managed object! Network Management SNMP security and administration 34