NETWORK MONITORING

Table of Contents

IntroductionMonitored Types of InformationNetwork Monitoring ConfigurationsNetwork Monitoring MethodsPerformance Monitoring

Performance IndicatorsPerformance Monitoring Functions

Fault MonitoringProblems of Fault MonitoringFault Monitoring Functions

Accounting Monitoring2

Introduction

Network monitoring is concerned with observing and analyzing the status and behavior of the end systems, intermediate systems, and subnetworks that make up the network to be managed.

3

Introduction

Issues in network monitoringwhat to monitor?

• define what is to be monitored

how to monitor?

• how to obtain information from managed resources

what to do with the monitored information?

• how the monitored information is used in various management functional areas

4

Monitored Types of Information

Static information hardly changes current configuration information

e.g., the number and identification of ports on a router

Dynamic information changes frequently information related to events in the network

e.g., change of state, transmission/reception of packets

Statistical information derived from dynamic information

e.g., average number of packets transmitted per unit time

5

Organization of a Management Information Base (MIB)

6

MANAGEMENT INFORMATION BASE (MIB)

Call_Blocked Packet_Loss

Time_Delay Throughput

State_Variable

Event_Variable

Switch_serverBuffer Source

ServerStation_Info

Switch_BufferSwitch_Source

Status_Sensor

Derived_Status_Sensor

Event_Sensor

Configuration data base

Sensor data base

Statisticaldata base

Dynamic data base

Abstraction of stateand event variables

Sensor activation anddata collection

Static data base

Monitoring System Components

monitoring application includes the functions of monitoring that are visible

to the user e.g., performance, fault, accounting

manager function performs the basic monitoring function of retrieving

information

7

Monitoring System Components

agent function gathers and records management information for one or more

network elements and delivers the information to the monitor

managed objects management information that represents resources and their

activities

monitoring agent generates summaries and statistical analysis of management

information

8

Functional Architecture for Network Monitoring

9

Monitoringapplication

Monitoringapplication

Managerfunction

Managerfunction

Monitoringagent

...

Agentfunction

Agentfunction

Agentfunction

Managedobjects

Managedobjects

Managedobjects

(a) manager-agent model (b) A model for summarization

Network Monitoring Configurations

10

LAN

(c) External monitor

Monitoringapplication

Monitoringapplication

Monitoringapplication

Managerfunction

Managerfunction

Managerfunction

Agent function

Agent function

Agent function

Managedobjects

LAN

(a) Managed resources inmanager system

(d) proxy monitor agentobserved traffic

Subnetworkor internet

MonitoringapplicationManagerfunction

Agent function

Managedobjects

(b) Resources in agent system

Subnetworkor internet

Subnetworkor internet

Network Monitoring Methods

Polling a request-response interaction between a manager

and agent a manager sends request to an agent which

processes the request and responds with information from its MIB

a manager may use polling to learn about the configuration it is managing obtain periodically an update of conditions investigate an area in detail after being altered to

a problem11

Network Monitoring Methods

Event Reporting information flow is initiated from the agent to

manager an agent may generate report periodically to give

the manager its current status or whenever a significant event (e.g., change of a state) or an unusual event (e.g., fault) occurs

good for detecting problems as soon as they occur

12

Performance Monitoring

Measuring the performance of the network (or performance monitoring) is absolutely required in Network Management to detect & fix problems that cause performance

degradation to better plan network upgrades

13

Performance Monitoring

Problems in selecting and using appropriate indicators (or metrics) too many indicators in use the meaning of most indicators are not yet clearly

understood some indicators are supported by some manufacturers

only frequently, the indicators are accurately measured but

incorrectly interpreted by human or management application

the calculation of indicators takes too much time 14

Network Performance Indicators

Service-orientedAvailability: the percentage of time that a network system, a component, or an application is available for a user

Response Time: how long it takes for a response to appear at a user’s terminal after a user action calls for it

Accuracy: the percentage of time that no errors in the transmission and delivery of information

15

Network Performance Indicators

Efficiency-orientedThroughput: the rate at which application-oriented events (e.g., file transfers) occur

Utilization: the percentage of the theoretical capacity of a resource (e.g., transmission line, switch, CPU) that is being used

16

Elements of Response Time

17

RT = response time CPU = CPU process delayTI = inbound terminal delay WO = outbound queuing timeWI = inbound queuing time SO = outbound service timeSI = inbound service time TO = outbound terminal delay

TO

Workstation

Network interface(e.g., router) Server

SI

SO

TI

WI WO

CPURT = TI + WI + SI + CPU + WO + SO + TO

Network

Performance Monitoring Functions

Performance Measurement the actual gathering of statistics about network traffic

& timing typically performed by agents within network devices e.g., amount of data in and out of a node, number of

connections, traffic per connection

18

Performance Monitoring Functions

Performance Analysis analyzing the gathered data and presenting it

e.g., total, average, min, max, histogram

Synthetic Traffic Generation generating artificial traffic load permits the network to be observed under a

controlled load

19

Typical Performance-Related Questions

Performance measurements can be used to answer a number of questions Why is the response so slow? (a very loaded

question!) Why is the retransmission rate so high? Is traffic evenly distributed among network users

or are there source-destination pairs with unusually heavy traffic?

What is the percentage of each type of packet?20

Typical Performance-Related Questions

What is the channel utilization and throughput? What is the effect of traffic load on utilization,

throughput & time delays? When does traffic load start to degrade system

performance? What is the maximum capacity of the channel

under normal operating conditions? How many active users are necessary to reach this maximum?

21

Fault Monitoring

To detect faults as quickly as possible after they occur and to identify the cause of the fault so that correctional action may be taken

Problems of Fault MonitoringFault Detection Problems

• Unobservable faults: e.g., deadlock, device not monitorable

• Partially observable faults: insufficient to pinpoint the problem

• Uncertainty in observation: not clear what the problem is 22

Fault Monitoring

Fault Isolation Problems• Multiple potential causes• Too many related observations• Interference between diagnosis and local recovery

procedures• Absence of automated testing tools

23

What happens when the T1 link fails?

24

Client Server

802.5

Router

MUX MUX

PBX PBX

Router

802.3

802.3

T1

Heterogeneous Network Environment

Propagation of Failures to Higher Layers

25

ClientServer

Router Router

Mux Mux

Application failure

Transport failure

Data link failure

Transmissionbreak

Fault Monitoring Functions

Logging record important events and errors logs should be accessible by managers (e.g., via polling)

Event Reporting sending events, errors to managers sending alarms to manager to warn possible problems

26

Fault Monitoring Functions

Diagnostic Functions connectivity test (e.g., traceroute) response-time test liveness test (e.g., ping) protocol integrity test loopback test

27

Accounting Monitoring

Keeping track of users’ usage of network resources communication facilities computer hardware software and systems services

Usage may need to be broken down by account, by project, or by individual user for appropriate accounting purposes

28

Summary

Network monitoring is the most basic aspect of Network Management

The purpose of network monitoring is to gather information about the status and behavior of network elements

Information to be gathered include

static, dynamic and statistical information Monitoring methods - polling & event reporting Monitoring functions

performance monitoring fault monitoring accounting monitoring 29

ON THE JOB WITH A NETWORK MANAGER

Network Manager

The type of activities that are performed by people who run network for a living

The term of network manager is rarely used for the people involved in managing networks

Network operator, network administrator, network planner are much more common.

Each of those terms refers to a more special function that is only one aspect of Network Management

31

Network Manager

Network management involves not just technology, but also a human dimension: How people use management tools and

management technology to achieve a given purpose?• How people who perform management functions?• Who are ultimately responsible for the fact that networks and

networking services are running smoothly can best be supported. The organizational dimension must be considered

• How the tasks and workflows are organized, • How people involved in managing a network work together,• What procedures they have in place and must follow to

collectively get the job done32

A Day in the Life of a Network Manager Pat: A Network Operator for a Global Service

Provider

Chris: Network Administrator for a Medium-Size Business

Sandy: Administrator and Planner in an Internet Data Center

Pat: A Network Operator for a Global Service Provider Pat works as network operator at the Network Operations

Center (NOC) of a Global Service Provider (GSP)

She and her group are responsible for monitoring both the global backbone network and the access network

This’ a big responsibility, several terabytes of data more over GSP’s backbone daily connecting several million end customers as well as a significant percentage of global Fortune 500 companies.

Any disruption to this service could have huge economic implications, leading to revenue losses of millions of dollars, exposing GSP to penalties and liability claims, and putting jobs in jeopardy.

Pat: A Network Operator for a Global Service Provider

They show statistics on network utilization, information about current delays and service levels experienced by the network’s users, and the number of problems that have been reported indifferent geographic areas.

This gives everybody in the room a good overall sense of what iscurrently going on

Pat: A Network Operator for a Global Service Provider

Chris: Network Administrator for a Medium-Size Business Chris is responsible for the computer and networking

infrastructure of a retail chain, RC Stores, with a headquarters and 40 branch locations.

RC Stores’ network contains close to 100 routers: typically, an access router and a wireless router in the branch locations, and additional networking infrastructure in the headquarters and at the warehouse.

The company has turned to a managed service provider (MSP) to interconnect the various locations of its network.

The MSP has set up a Virtual Private Network (VPN) with tunnels between the access routers at each site that connects all the branch locations and the headquarters.

This means that the entire company’s network can be managed as one network

Chris: Network Administrator for a Medium-Size Business Although the MSP worries about the interconnectivity among

the branch offices, Chris and his colleagues are their points of contact. Also, the contract with the MSP does not cover how the network is being used within the company. This is the responsibility of Chris and his colleagues.

Chris has a workstation at his desk that runs a management platform.

This is a general-purpose management application used to monitor the network.

At the core of the application is a graphical view of the network that displays the network topology. Each router is represented as an icon on the screen that is green, yellow, orange, or red, depending on its alarm state.

This color coding allows Chris to see at first glance whether everything is up and running.

Chris: Network Administrator for a Medium-Size Business

RC Stores’ Network

Chris: Network Administrator for a Medium-Size Business

A Typical Management Application Screen (Cisco Packet Telephony Center)

Chris: Network Administrator for a Medium-Size Business

Sample Screen of a Management Application with Performance Graphs (Cisco Works IPPerformance Monitor)

Sandy: Administrator and Planner in an Internet Data Center Sandy works in the Internet Data Center for a global Fortune

500 company, F500, Inc. The data center is at the center of the company’s intranet,

extranet, and Internet presence: It hosts the company’s external website, which provides

company and product information and connects customers to the online ordering system.

More important, it is host to all the company’s crucial business data: its product documents and specifications, its customer data, and its supplier data.

In addition, the data center hosts the company’s internal website through which most of this data can be accessed, given the proper access privileges.

Sandy: Administrator and Planner in an Internet Data Center Sandy has been tasked with developing a plan for how to

accommodate a new partner supplier.

This will involve setting up the server and storage infrastructure for storing and sharing data that is critical for the business relationship. Also, an extranet over which the shared data can be accessed must be carved out.

The extranet constitutes essentially its own Virtual Private Network that will be set up specifically for that purpose.

Sandy: Administrator and Planner in an Internet Data Center

Sample Screen of a Management Application That Allows the Configuration of Ports (CiscoWAN Manager 15.1)