network management 2110472 computer networks natawut nupairoj, ph.d. department of computer...
TRANSCRIPT
![Page 1: Network Management 2110472 Computer Networks Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649e605503460f94b5b6e1/html5/thumbnails/1.jpg)
Network Management
2110472 Computer Networks
Natawut Nupairoj, Ph.D.
Department of Computer Engineering
Chulalongkorn University
![Page 2: Network Management 2110472 Computer Networks Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649e605503460f94b5b6e1/html5/thumbnails/2.jpg)
Outline
Introduction to Network Management. Overview. Sample Applications.
Simple Network Management Protocol. History of SNMP. Basic SNMP Concepts. MIB Standards. SNMPv3.
ASN.1.
![Page 3: Network Management 2110472 Computer Networks Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649e605503460f94b5b6e1/html5/thumbnails/3.jpg)
Overview
Typical System Administrator’s Life Manage many hosts and network devices. Detect and response to the PROBLEMS.
Administrators should know the problems BEFORE the users.
Must promise for some Service Level Agreement (SLA) levels System availability. Response time. Throughput.
![Page 4: Network Management 2110472 Computer Networks Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649e605503460f94b5b6e1/html5/thumbnails/4.jpg)
Overview
What is the scope of network management ? Monitor for problems
Hosts and services. Levels of status: up, minor, major, critical. To reach SLA.
Monitor for tune-up Should we add more network bandwidth ? For how
much ? Detect the intrusion
Intrusion detection against the hackers.
![Page 5: Network Management 2110472 Computer Networks Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649e605503460f94b5b6e1/html5/thumbnails/5.jpg)
Overview
Why is it so hard ? SLA is usually difficult to achieve without good
planning and tools Availability (uptime) – Five Nines = 99.999% Thus, each host can be down only for
1 Year = 365 * 24 * 60 = 525,600 minutes. 0.001% (acceptable downtime) of 1 Year = 5.256 minutes.
This includes maintenance period !!! How about Six Nines ???
There are MANY…MANY devices.
![Page 6: Network Management 2110472 Computer Networks Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649e605503460f94b5b6e1/html5/thumbnails/6.jpg)
![Page 7: Network Management 2110472 Computer Networks Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649e605503460f94b5b6e1/html5/thumbnails/7.jpg)
System Reliability
Cause of downtime (by Gartner Group)
![Page 8: Network Management 2110472 Computer Networks Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649e605503460f94b5b6e1/html5/thumbnails/8.jpg)
Sample Network Monitoring Applications
There are several network management applications OS Tools
Ping, tracerout, netstat, etc. Freewares
Netsaint, MRTG, snort, etc. Commercial
CA Unicenter, HP Openview, IBM Trivoli, CiscoWorks.
![Page 9: Network Management 2110472 Computer Networks Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649e605503460f94b5b6e1/html5/thumbnails/9.jpg)
![Page 10: Network Management 2110472 Computer Networks Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649e605503460f94b5b6e1/html5/thumbnails/10.jpg)
![Page 11: Network Management 2110472 Computer Networks Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649e605503460f94b5b6e1/html5/thumbnails/11.jpg)
![Page 12: Network Management 2110472 Computer Networks Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649e605503460f94b5b6e1/html5/thumbnails/12.jpg)
![Page 13: Network Management 2110472 Computer Networks Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649e605503460f94b5b6e1/html5/thumbnails/13.jpg)
SNMP
Simple Network Management Protocol.
1987 1988 1989 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999
pro
pos
ed
s ta
nd
ard
imp
lem
enta
t ion
e xpe
r ien
ce
SGMP SNMPSNMP
SMPSNMPv2(parties)security
SNMPv2(community) SNMPv3
dr a
fts t
an
dar
d
full
s ta
nd
ard
dr a
fts t
an
dar
d
pro
pos
ed
s ta
nd
ard
dr a
fts t
an
dar
d
![Page 14: Network Management 2110472 Computer Networks Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649e605503460f94b5b6e1/html5/thumbnails/14.jpg)
Basic SNMP Concepts
MANAGER
AGENTS
SNMP
MIB
![Page 15: Network Management 2110472 Computer Networks Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649e605503460f94b5b6e1/html5/thumbnails/15.jpg)
Operational Modes
MANAGER
AGENTS
TRAPS
POLLING
MIB
![Page 16: Network Management 2110472 Computer Networks Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649e605503460f94b5b6e1/html5/thumbnails/16.jpg)
SNMP StructureMANAGER AGENT
CONNECTIONLESS TRANSPORT SERVICE PROVIDER
SNMP PDUs
UDP
Management ApplicationMIB
![Page 17: Network Management 2110472 Computer Networks Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649e605503460f94b5b6e1/html5/thumbnails/17.jpg)
SNMP Frameworks – MIB
Management Information Base MIB Objects
Variables that represent the resources of the system. Can have several types of values.
MANAGER AGENT
SNMP
address
name
uptime
![Page 18: Network Management 2110472 Computer Networks Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649e605503460f94b5b6e1/html5/thumbnails/18.jpg)
SNMP Frameworks - MIB
Structure of Management Information (SMI) Define a standard way to reference the information. Describe what includes / what not for each device.
NEW-MIB:
address (1) info (2)
name (1) uptime (2)
1
130.89.16.2
printer-1 123456
![Page 19: Network Management 2110472 Computer Networks Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649e605503460f94b5b6e1/html5/thumbnails/19.jpg)
SMI - Example address
Object ID = 1.1 Value of Instance = 130.89.16.2
info Object ID = 1.2
name Object ID = 1.2.1 Value of Instance = printer-1
uptime Object ID = 1.2.2 Value of Instance = 123456
ALTERNATIVE: Object ID = NEW-MIB info
uptime
NEW-MIB:
address (1) info (2)
name (1) uptime (2)
1
130.89.16.2
printer-1 123456
![Page 20: Network Management 2110472 Computer Networks Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649e605503460f94b5b6e1/html5/thumbnails/20.jpg)
Standard SMIroot
ccitt (0) iso (1) joint-iso-ccitt (2)
stnd (0) reg-auth (1) mb (2) org (3)
dod (6)
internet (1)
security (5)mngt (2) experimental (3) private (4)
mib-2 (1)
directory (1) snmpV2 (6)
enterprises (1)
snmpDomains (1)
snmpProxys (2)
snmpModules (3)
![Page 21: Network Management 2110472 Computer Networks Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649e605503460f94b5b6e1/html5/thumbnails/21.jpg)
MIB-II – Internet MIB
...
root
ccitt (0) iso (1) joint-iso-ccitt (2)
stnd (0) reg-auth (1) mb (2) org (3)
dod (6)
internet (1)
directory (1) mngt (2) experimental (3) private (4)
mib-2 (1)
system (1) interfaces (2) ... transmission (10) snmp (11) ospf (14) bgp (15)
ethernet (6) token ring (9) fddi (15) adsl (94)
...
...
security (5) snmpV2 (6)
![Page 22: Network Management 2110472 Computer Networks Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649e605503460f94b5b6e1/html5/thumbnails/22.jpg)
MIB ExampleHost Resources MIB
MIB-2
host (25)
hrSystem (1)
hrStorage (2)
hrDevice (3)
hrSWRun (4)
hrSWRunPerf (5)
hrSWInstalled (6)
hrMIBAdminInfo (7)
hrSystemUptime (1)
hrSystemdate (2)
hrSystemInitialLoadDevice (3)
hrSystemInitialLoadParameters (4)
hrSystemNumUsers (5)
hrSystemProcesses (6)
hrSystemMaxProcesses (7)
![Page 23: Network Management 2110472 Computer Networks Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649e605503460f94b5b6e1/html5/thumbnails/23.jpg)
SNMP Operations
getNext
response
MIB
manager agent
set
response
MIB
manager agent
get
response
MIB
manager agent
trap
manager agent
![Page 24: Network Management 2110472 Computer Networks Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649e605503460f94b5b6e1/html5/thumbnails/24.jpg)
PDU Structure
NAME 1 VALUE 1 NAME 2 VALUE 2 ••• ••• NAME n VALUE n
PDU TYPE* ERROR
VARIABLE BINDINGSSTATUSREQUEST
IDERRORINDEX
VERSION COMMUNITY SNMP PDU
variable bindings:
SNMP PDU:
SNMP message:
![Page 25: Network Management 2110472 Computer Networks Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649e605503460f94b5b6e1/html5/thumbnails/25.jpg)
SNMPv3 – Security Enhancements
MIB
MANAGER
APPLICATION PROCESSES
TRANSPORT SERVICE
MANAGER AGENT
GET / GET-NEXT / GETBULKSET / TRAP / INFORM
SECURE COMMUNICATION
ACCESS CONTROL
![Page 26: Network Management 2110472 Computer Networks Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649e605503460f94b5b6e1/html5/thumbnails/26.jpg)
ASN.1
Abstract Syntax Notation 1 Similar to BNF notation for programming
language. Define how data should be sent, in what order. The protocol designer must write ASN.1 to define
the protocol Programming language designer uses BNF to define
the grammar of the language. Encode in binary format.
![Page 27: Network Management 2110472 Computer Networks Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649e605503460f94b5b6e1/html5/thumbnails/27.jpg)
ASN.1 - Example
How can I send an integer 65534 ? 2 bytes: 1111 1111 1111 1110 Big-endian or little-endian ?
Sender uses little-endian, receiver uses big-endian. 1111 1110 1111 1111 = 65279
What if I want to send a whole structure ?struct {char code;int x;
}
![Page 28: Network Management 2110472 Computer Networks Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649e605503460f94b5b6e1/html5/thumbnails/28.jpg)
ASN.1 Syntax Definition
Define a data type Define based on built-in types and other data
types defined in the file. Built-in types: INTEGER, OCTET STRING,
REAL, BOOLEAN, etc. Newly-defined data type can be complicated
SEQUENCE, SEQUENCE OF, CHOICE, etc.
Format <name> ::= <description -- components>
![Page 29: Network Management 2110472 Computer Networks Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649e605503460f94b5b6e1/html5/thumbnails/29.jpg)
ASN.1 Examples
---- The currency codes from ISO 4217-- are used to identify a currency --Currency ::= OCTET STRINGObjectId ::= INTEGER
DateTime ::= SEQUENCE { timeOffsetCode TimeOffsetCode,
localTimeStamp LocalTimeStamp}
![Page 30: Network Management 2110472 Computer Networks Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649e605503460f94b5b6e1/html5/thumbnails/30.jpg)
ASN.1 Encoding Rules
Syntax definition defines the components of the data.
Encoding defines how to actually store the data.
Data can be encoded in several ways. Basic Encoding Rule (BER). Distinguished Encoding Rule (DER). Packed Encoding Rule (PER).
![Page 31: Network Management 2110472 Computer Networks Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649e605503460f94b5b6e1/html5/thumbnails/31.jpg)
BER Encoding
Basic Encoding Rule (BER) Tag Length Value (TLV).
TAG LENGTH VALUE
MyId ::= [APPLICATION 12] INTEGER
12 4 1234(this is not the actual encoded data.)
![Page 32: Network Management 2110472 Computer Networks Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649e605503460f94b5b6e1/html5/thumbnails/32.jpg)
BER Encoding
Constructed Encoded Form
T L T L T L V T L V
DateTime ::= [APPLICATION 83] SEQUENCE
{
timeOffsetCode TimeOffsetCode,
localTimeStamp LocalTimeStamp
}
TimeOffsetCode ::= [APPLICATION 232] Code
LocalTimeStamp ::= [APPLICATION 16] NumberString
Code ::= [APPLICATION 243] INTEGER
![Page 33: Network Management 2110472 Computer Networks Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University](https://reader036.vdocuments.site/reader036/viewer/2022062314/56649e605503460f94b5b6e1/html5/thumbnails/33.jpg)
References J. Kurose and K. Ross, Computer Networking: A Top-Down
Approach Featuring the Internet, Addison Wesley, 2001. Netsaint, http://www.netsaint.org. The SimpleWeb Tutorials, http://www.simpleweb.org/tutorials/. Electronic and telecommunication Institute, Lessons about SNMP,
http://www.et.put.poznan.pl/snmp/main/mainmenu.html. Yoram Cohen, SNMP – Simple Network Management Protocol,
http://www.rad.com/networks/1995/snmp/snmp.htm.