ICmyNet.IS - Networking Information and Monitoring System
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009 Akademska mreža Srbijewww.amres.ac.yu
Content ConceptsFeaturesMonitoring elementsToolsUse casesFurther development
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
Architecture and User InterfaceJava platformLinux web application server MySQL/PostgreSQL database backendClient access
Web Interface - typical user access Standalone client application
NetIIS Server
NetIIS Web Interface
Client
NetIIS Standalone
Client
NetIIS Database
Monitored Network
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
Web Interface Independent to OSWeb browser – IE, MozillaTypical usageView and Edit modes
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
Standalone client applicationIndependent to OSEfficient GUI
advanced system configuration
Java web-start technology – RMI
Automatic download up-to-date software from server, local executionClients communicate with web server only, no direct access to DBSimplifies technical maintenance and support
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
NoteKeeps arbitrary text data Saving certain information connected to the parent element
Example: for Devices - history of comments about hardware changes, distributor of the device, period of guarantee, reaction procedure in the case of network problem etc.for Locations – description of the presented organizationfor Users – CVsfor Ports - troubleshooting procedures in case of failure
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
UserPeople in charge (helpdesk, administrator, operator, contact, email)Relevant information (name, address, telephone)NetIIS user
usernames and passwordsPermissions for access to the system – read and write
Predefined users: guest – access public data with read permission, no password requiredadministrator – full read/write access to data and all tools
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
UserUser Group
User and User group
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
Networking information systemPresents all objects from the external world in the most efficient and easily understood wayHierarchically organised and presented by a tree
Basic elemets:Folder
Location
Device
Port
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
Monitoring SystemPassive and active monitoring the network status – status of devices, ports, links, servicesPerforms:
Performance measurementFailure notification
Configured on Devices or Ports and in that context are executed
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
MonitorPermanently and periodically observes the status of the computer networkDefined within devices or ports as their childrenTypical presentation - putting monitors in groupsMonitor types:
Traffic monitorPort monitorSNMP monitorping monitorservice monior (nagios plug-ins)external monitor
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
RRD ChartMRTG like chartArbitrary time frameDefined under the MonitorsPurpose:
Measures the values of the monitor during a period of time Shows the chart for a chosen period of time
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
AlarmDefined under the Monitors Compares values of the monitor within given thresholdsAlarm activation in the case of criteria fulfilmentCan execute the given notification action Two general types
Bad Alarm (connection failure)Good Alarm (link recovery)
Critical levels in the range from -10 to +10.
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
ActionAction is adjoined to certain Alarms Define in which way the NetIIS system is going to react in the case of alarm activation. There are 2 types of action:
E-Mail Action - sends e-mail messages to a certain user or user groupsSMS Action - sending SMS messages to a certain user or user groups.
Defining messages of arbitrary content that are sent with other parameters connected to adhered alarms and monitorDefault Action is notification in the Event log
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
Traffic MonitorPredefined SNMP monitor under Port object Measures data traffic through the network interfaceVariables:
var(1) and var(2) - Bytes per secvar(3) and var(4) - bits per sec
RRD Chart for var(3) and var(4)Input traffic - green colourOutput traffic - blue colour
Alarms can be set up to react to certain traffic intensity.
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
Ping MonitorDefined under Device objectExecutes native ICMP ping service towards this device Measures the results of ping command
6 variables for packet delay and percentage of lost packets
Variables Descriptionvar(1) Minimum RTT (Round Trip Time ) – minimum delay var(2) Maximum RTT (Round Trip Time) – maximum delayvar(3) Average RTT (Round Trip Time ) – average delay var(4) Sent Packets – number of sent packetsvar(5) Received Packets – number of received packetsvar(6) Packet Loss – percent of lost packets (100* var(5)/ var(4))
Includes two RRD Chart objectsPing Delay - measures the minimum and maximum delay of ping packets (var(1) and var(2))Ping Loss - measures the percentage of lost packets (var(6))
Alarms for the Ping Loss percentage
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
Port MonitorPredefined SNMP monitor under Port object
Observes administrative and operational status of the network interfaces
var(1) – administrative status (1.3.6.1.2.1.2.2.7)var(2) – operational status (1.3.6.1.2.1.2.2.8)
Children:RRD Chart related to administrative and operational statuses Alarms related to the operational status
Good Alarm – "var(2) == 1". Message: "Link is UP"Bad Alarm –"var(2) != 1". Message is: "Link is DOWN“Mail action is configured on Alarms with the same message.
Value Status1 Up2 Down3 Testing4 Unknown5 Dormant
Operational port status
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
Port Monitor
Router A Router X
DOWNDOWN
Trap support
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
Packet Loss = 0 %
Router B
Router A Router X
DOWNDOWN UPUP
Ping and Port Monitors usage
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
Pre-defined SNMP MonitorsPre-defined and often used SNMP
Monitors are:Packets MonitorBGP MonitorCPU Load Monitor System Memory Monitor
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
Packet MonitorMeasures packets flow on the interface in a similar way to Traffic MonitorUseful in the case of detecting anomalies in the network trafficIn the case of DoS attack or an attempt of virus expansion on the network, the network traffic (in bps) does not have to rise, but it will increase the number of packetsTwo variables:
Var(1) - Interface In Packets (unicast) OID= .1.3.6.1.2.1.2.2.1.17 Var(2) - Interface Out Packets (unicast) OID= .1.3.6.1.2.1.2.2.1.18
Unit: Packets per secondRRD can be attached to the Monitor
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
BGP MonitorMeasures the status of BGP sessions Monitor in variable var(1) returns the current status of the session with certain peer. OID suffix is required - IP address of the BGP peer
.1.3.6.1.2.1.15.3.1.16.147.91.0.112RRD Chart assigned
State Description1 Idle Session has not been configured2 Connect Attempt to connect, session still
not established 3 Active Attempt to establish session,
session still not established4 OpenSent Request for connection sent,
session still not established5 OpenConfirm Answer for request received,
session still not established6 Established Session successfully
established
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
CPU Usage MonitorThree variables, the processor utilization in time intervals of 5s, 1min and 5minCorrespondent OID’s are not standardised, they are specified exclusively for Cisco devices and belong to the MIB hierarchy of the Cisco SystemsRRD Chart refers to the variable var(2), for processor utilization in the time interval of 1min
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
System Memory MonitorMeasures more variables, specified exclusively for Cisco devicesRequests input of suffixes to the defined OIDs• Processor memory - suffix .1• interface memory - suffix .2, .3 or even higher value
RRD Chart refers to variables var(4) and var(8), for the memory usage in percentage. var Description
var(1) Memory Name - memory name that is being monitored
var(2) Used Memory (suffix) – used memory in bytes
var(3) Free Memory (suffix) – free memory in bytes
var(4)
Used Memory – free memory in percentage 100 * var(2) / (var(2) + var(3))
var(5) Memory Name – memory name that is being monitored
var(6) Used Memory (suffix) – used memory in bytes
var(7) Free Memory (suffix) – free memory in bytes
var(8)
Used Memory – free memory in percentage 100 * var(6) / (var(6) + var(7))
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
Service monitor – nagios plug-in
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
Service monitor – nagios plug-in
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
ReportSelected SNMP variables shown predefined tableExecuted on the user’s request (on-demand) Recognizes existing monitors and charts
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
GroupServes for grouping other objects for joint presentation in certain formObjects are grouped by creating shortcutsObjects can be assigned to a number of groups. One group can contain other groupsGroup types:
Simple Group (default) - showing elements in a table formatGraph - graphical presentation of the topologyLooking Glass - joins devices that enable remote command execution - Looking Glass functionality
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
Group
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
Data hierarchySetup process
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
Link hierarchyNetwork topology
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
Link hierarchyNetwork topology
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
AutoDiscoveryAutoDiscovery function aims:
Easing the initial database populationUpdating - topology, new devices and relevant data
AutoDiscovery types:Device Attributes Discovery – system data Ports Discovery - interfaces data CDP Neighbours Discovery – likn topologyLayer 3 Hosts Discovery – ARP table
Discovery on hop-by-hop basisBetter overview and control over the processNo retrieval of the entire network Possibility of clear database organisation in the system
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
Lokacija A
Lokacija 1
Ruter 1
Lokacija A3
Ruter B
Serial 0
Serial 1
Ruter A
Ruter C
Ruter D
Serial 1
Router A
Serial 0
Ruter A2
Ruter A1
Ruter A3Ruter A3
•ModelModel•WarrantyWarranty•Contract Contract
numbernumber……
PC1
PC2
PC3
PC4
PC5
M
M
AutoDiscovery
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
Other ConceptsRepository
inactive predifined objects
Recycle Bindeleted objects
ToolsEvent LogAlertsChart viewerSLA reports Search panel
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
Event Log
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
AlertsCurrent alerts (active alarms)
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
Chart viewer
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
SLA reportService Availability Statistics
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
Use casecorporate network example
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
GN3/NA3/T4 - Network monitoring workshopBelgrade, 20-21 October, 2009
Questions...