Solution of Question paper (2016)

1(a) Describe FCAPS in Network management.

Answer:- FCAPS is a framework and model for network management. The term itself is an
acronym that stands for Fault, Configuration, Accounting, Performance and Security.

Each aspect of FCAPS can be summarized as follows:

 Fault Management: The goals and objectives include early fault recognition, isolation of
negative effects, fault correction and logging of the corrections to assist in
improvement. The network operator must assure that (usually) automatic fault
notification is followed by rapid manual or monitored automatic activities to assure fault
identification, evaluation and timely correction.
 Configuration Management: This involves the collecting and storing various
configuration data, preferably in an easily accessible database(s), simplifying
configuration procedures for each network device, logging configuration changes, and
provisioning transmission paths through networks without switches.
 Accounting Management: Also called billing management, this involves collecting such
network user data as link utilization, disk drive or data storage usage, and CPU
processing time.
 Performance Management: In view of investments made to set up the network, this
examines and monitors the current network efficiency and plans ahead for future
changes or upgrades. While constantly monitoring the health of the network and
searching for trends, network parameters are tracked and logged; these include data
transmission rate (throughput), error rates, downtime/uptime, use-time percentages
and response time to user and automated inputs or requests.
 Security Management: This is mostly concerned with authenticated and authorized
access to the network as well as encryption of data, i.e. controlling all access and
securing all data.

(b) Compare between CMIS/CMIP and SNMP.

Answer:-

Attribute SNMP CMIP

Meaning The Simple Network Management Common Management Information
Protocol (SNMP), which is located in Protocol (CMIP) is an interface for
application layer, is part of the network management in the Open
Transmission Control Protocol / Systems Interconnection (OSI)
Internet Protocol (TCP/IP) network Reference Model.
architecture.
Information SMI GDMO
 Model
Function SNMP is responsible for exchanging Supports information exchange
data between network devices between network management
stations and management agents and
also supports access to managed
information in the managed objects.
Protocol GET, SET, TRAP M-GET, M-SET, M-ACTION, M-CREATE
Services Internet Management, SNMP uses UDP Telecomm Management, CMIP uses
datagram. connection-oriented sessions

(C) Explain the functional architecture of OSI in detail.

Answer:- The Open Systems Interconnect (OSI) model has seven layers. This article describes
and explains them, beginning with the 'lowest' in the hierarchy (the physical) and proceeding to
the 'highest' (the application). The layers are stacked this way:

 Application

 Presentation

 Session

 Transport

 Network

 Data Link

 Physical

PHYSICAL LAYER:-The physical layer, the lowest layer of the OSI model, is concerned with the
transmission and reception of the unstructured raw bit stream over a physical medium. It
describes the electrical/optical, mechanical, and functional interfaces to the physical medium,
and carries the signals for all of the higher layers. It provides:

 Data encoding: modifies the simple digital signal pattern (1s and 0s) used by the PC to better
accommodate the characteristics of the physical medium, and to aid in bit and frame
synchronization. It determines:

 What signal state represents a binary 1

 How the receiving station knows when a "bit-time" starts

 How the receiving station delimits a frame

 Physical medium attachment, accommodating various possibilities in the medium:

 Will an external transceiver (MAU) be used to connect to the medium?

 How many pins do the connectors have and what is each pin used for?

 Transmission technique: determines whether the encoded bits will be transmitted by baseband
(digital) or broadband (analog) signaling.

 Physical medium transmission: transmits bits as electrical or optical signals appropriate for the
physical medium, and determines:

 What physical medium options can be used

 How many volts/db should be used to represent a given signal state, using a given physical
medium

DATA LINK LAYER:-The data link layer provides error-free transfer of data frames from one
node to another over the physical layer, allowing layers above it to assume virtually error-free
transmission over the link. To do this, the data link layer provides:

 Link establishment and termination: establishes and terminates the logical link between two
nodes.

 Frame traffic control: tells the transmitting node to "back-off" when no frame buffers are
available.

 Frame sequencing: transmits/receives frames sequentially.

 Frame acknowledgment: provides/expects frame acknowledgments. Detects and recovers from

errors that occur in the physical layer by retransmitting non-acknowledged frames and handling
duplicate frame receipt.

 Frame delimiting: creates and recognizes frame boundaries.

 Frame error checking: checks received frames for integrity.

 Media access management: determines when the node "has the right" to use the physical
medium.

NETWORK LAYER:-The network layer controls the operation of the subnet, deciding which
physical path the data should take based on network conditions, priority of service, and other
factors. It provides:

 Routing: routes frames among networks.

 Subnet traffic control: routers (network layer intermediate systems) can instruct a sending
station to "throttle back" its frame transmission when the router's buffer fills up.

 Frame fragmentation: if it determines that a downstream router's maximum transmission unit

(MTU) size is less than the frame size, a router can fragment a frame for transmission and re-
assembly at the destination station.

 Logical-physical address mapping: translates logical addresses, or names, into physical

addresses.

 Subnet usage accounting: has accounting functions to keep track of frames forwarded by
subnet intermediate systems, to produce billing information.

Communications Subnet

The network layer software must build headers so that the network layer software residing in
the subnet intermediate systems can recognize them and use them to route data to the
destination address.

This layer relieves the upper layers of the need to know anything about the data transmission
and intermediate switching technologies used to connect systems. It establishes, maintains and
terminates connections across the intervening communications facility (one or several
intermediate systems in the communication subnet).

In the network layer and the layers below, peer protocols exist between a node and its
immediate neighbor, but the neighbor may be a node through which data is routed, not the
destination station. The source and destination stations may be separated by many
intermediate systems.
 TRANSPORT LAYER:-The transport layer ensures that messages are delivered error-free, in
sequence, and with no losses or duplications. It relieves the higher layer protocols from any
concern with the transfer of data between them and their peers.

The size and complexity of a transport protocol depends on the type of service it can get from
the network layer. For a reliable network layer with virtual circuit capability, a minimal
transport layer is required. If the network layer is unreliable and/or only supports datagram,
the transport protocol should include extensive error detection and recovery.

The transport layer provides:

 Message segmentation: accepts a message from the (session) layer above it, splits the message
into smaller units (if not already small enough), and passes the smaller units down to the
network layer. The transport layer at the destination station reassembles the message.

 Message acknowledgment: provides reliable end-to-end message delivery with

acknowledgments.

 Message traffic control: tells the transmitting station to "back-off" when no message buffers are
available.

 Session multiplexing: multiplexes several message streams, or sessions onto one logical link and
keeps track of which messages belong to which sessions (see session layer).

Typically, the transport layer can accept relatively large messages, but there are strict message
size limits imposed by the network (or lower) layer. Consequently, the transport layer must
break up the messages into smaller units, or frames, prepending a header to each frame.

The transport layer header information must then include control information, such as message
start and message end flags, to enable the transport layer on the other end to recognize
message boundaries. In addition, if the lower layers do not maintain sequence, the transport
header must contain sequence information to enable the transport layer on the receiving end
to get the pieces back together in the right order before handing the received message up to
the layer above.

End-to-end layers

Unlike the lower "subnet" layers whose protocol is between immediately adjacent nodes, the
transport layer and the layers above are true "source to destination" or end-to-end layers, and
are not concerned with the details of the underlying communications facility. Transport layer
software (and software above it) on the source station carries on a conversation with similar
software on the destination station by using message headers and control messages.
 SESSION LAYER:-The session layer allows session establishment between processes running on
different stations. It provides:

 Session establishment, maintenance and termination: allows two application processes on

different machines to establish, use and terminate a connection, called a session.

 Session support: performs the functions that allow these processes to communicate over the
network, performing security, name recognition, logging, and so on.

PRESENTATION LAYER:-The presentation layer formats the data to be presented to the

application layer. It can be viewed as the translator for the network. This layer may translate
data from a format used by the application layer into a common format at the sending station,
and then translate the common format to a format known to the application layer at the
receiving station.
The presentation layer provides:

 Character code translation: for example, ASCII to EBCDIC.

 Data conversion: bit order, CR-CR/LF, integer-floating point, and so on.

 Data compression: reduces the number of bits that need to be transmitted on the network.

 Data encryption: encrypt data for security purposes. For example, password encryption.

APPLICATION LAYER:-The application layer serves as the window for users and application
processes to access network services. This layer contains a variety of commonly needed
functions:

 Resource sharing and device redirection

 Remote file access

 Remote printer access

 Inter-process communication

 Network management
 Directory services

 Electronic messaging (such as mail)

 Network virtual terminals

(d) Describe state transition model based event correlation technique.

Answer:- Several correlation techniques are used to isolate and localize fault in networks. All
are based on (1) Detecting and filtering of events (2) Correlating observed events to isolate and
localize the fault either topologically or functionally (3) Identifying the cause of the problem. In
all three cases, different reasoning methods distinguish one technique from another.
Six approaches to correlation techniques:
(1) Rule-based reasoning (2) Model-based reasoning (3) Case-based reasoning (4) Codebook (5)
State transition graph model (6) Finite state machine model
State transition graph model:- A state transition graph model is used by Seagate Nerve Center
correlation system. This could be used as a stand-alone system or integrated with an NMS,
which HP Open View and some other vendors have done.
A simple state diagram with two states for a ping/response process is shown in figure. The two
states are ping mode and receive response. When an NMS sends a ping, it transitions from the
ping mode state to the receive response state. When it receives a response, it transitions back
to the ping node state. As you know by now, this method is how the health of all the
components is nominated by the NMS.

Ping mode
Response Ping
Receive response

2.(a) What are the challenges of IT manager?

Answer:- In recent years the role of the IT department has gradually moved from a support
role into that of a business driver. As technology continues to evolve at a furious pace, it
presents both opportunities and challenges. So what are the biggest issues facing IT managers
and business owners over the coming year?
Big data and the Internet of Things (IoT): being able to capture large amounts of data is
changing the way we do business, but data in itself is worth nothing if it cannot be mined and
used to improve processes and create new revenue streams. An increasing amount of data is
generated via IoT, which sees devices and inanimate objects directly communicating via the
internet. Industry experts Gartner predict we will see 25 billion things connected to the internet
by 2020 and while still a relatively young arena set to transform some businesses, it could
potentially be the demise of others. Business owners need to recognize that as big data drives
storage, hardware and network infrastructure developments, it is the underpinning technology
solution and communications ‘plumbing’ that will really influence its success.
The IT skills gap: As IT becomes more complex the skills shortage becomes more acute. The
issue was debated in Parliament last year, and an estimated 45% of UK businesses are dealing
with a shortage of IT talent that is set to harm innovation. Rather than trying to maintain high
levels of expertise in-house, one option is to switch to the benefits of tailored managed services
or outsourcing models provided by an expert IT partner. Bringing in a third party to handle
some – or all – of their IT requirements keeps the client in the driving seat and resolves the
issue of day to day skills capability as well as allowing them to tap into high level strategic
expertise as and when needed.
Improving management overview: the age-old problem of having access to real time
management information will continue to rest with the IT department, meaning integrating
disparate systems and data from cloud and in-house systems will remain at the top of the IT
manager’s agenda. A full ‘from the inside out’ review of infrastructure and systems to assess
whether the tail is actually wagging the dog may sound daunting but will pay dividends in the
long term. What worked for you five years ago may no longer be appropriate, as your business
evolves.
Establishing anytime, anywhere access: As boundaries between work and home continue to
blur, many of us expect to be ‘always connected’. This has prompted a huge rise in bring your
own device (BYOD), where staff use their own mobile devices such as laptops, tablets and smart
phones to access company data and applications and presents an ongoing challenge to
businesses trying to balance accessibility and potential cost savings with security and control. IT
managers need to work with HR and operations teams to make sure the company and its staff
understand the risks, responsibilities and obligations around how BYOD is implemented and
used.
Tightened security: -even with all the security tools at the IT manager’s disposal, data and
security breaches are a fact of business life and will continue to make the headlines in 2016.
The IT industry has seen a recent growth explosion in tools that detect and deal with
disruptions, such as the Solar Winds N-able network monitoring platform. Combining regular
and comprehensive preventative maintenance with real time monitoring of critical network and
desktop devices can remove a major headache for IT managers and ensure network reliability
and stability.
Shrinking budgets:- the continuous push to do more with less puts IT managers under more
pressure than ever before to deliver. Step back and consider your IT requirements like a clean
sheet – encourage a strategic, creative approach to IT issues, review the potential benefits of
unified communications and cloud services to switch from capital expenditure to operating
expenditure models, and bring the right partner in for advice and support.
You might be pleasantly surprised by how fresh thinking and a new approach to your IT can not
only help you solve current and future challenges, but also deliver big benefits across the
business

b) List and describe emerging network management standards.

Answer:- Several network management standards are in use today. Table1 lists four standards
and their salient points, and a fifth standard based on emerging technology. They are the OSI
model, the Internet model, TMN, IEEE LAN/MAN, and Web-based management.

i. The Open System Interconnection (OSI) management standard is the standard adopted by the
International Standards Organization (ISO).
ii. The OSI management protocol standard is Common Management Information Protocol
(CMIP), and has built-in services, Common Management Information Service (CMIS), that
specify the basic services needed to perform the various functions.
iii. It is the most comprehensive set of specifications, and addresses all seven layers of the OSI
Reference Model. The specifications are object-oriented and hence managed objects are based
on object classes and inheritance rules.
Standard Salient points
OSI/CMIP  International standard
 Management of data communication network- LAN and WAN
 Deals with all 7 layers
 Most complete
 Object oriented
SNMP/Internet  Industry standard(IETF)
 Originally intended for management of Internet components
 Based on OSI network management framework
 Addresses both network and administrative aspects of management

IEEE  IEEE standards adopted internationally

 Addresses LAN and MAN management
 Adopts OSI standards significantly
 Deals with first two layers of OSI RM
Web-based  Web-Based Enterprise Management(WBEM)
Management  Java Management Application Program Interface(JMAPI)
iv. Besides specifying the management protocols, CMIP/CMIS also address the network
management applications. Both LANs and WANs can be managed using CMIP/ CMIS.
v. Two of the major drawbacks of the OSI management standard are that it is complex and that
the CMIP stack is large. In contrast to CMIP, Simple Network Management Protocol (SNMP) is
truly simple, as its name indicates.
vi. It started as an industry standard and has since become very much like the standard
specifications of a standards-setting organization.
vii. The Internet Engineering Task Force (IETF) is responsible for all Internet specifications
including network management. The managed objects are defined as scalar objects in SNMP,
which was primarily intended to manage Internet components, but is now used to manage
WAN and telecommunications systems.
viii. The Telecommunications Management Network (TMN) is designed to manage the
telecommunications network and is oriented toward the needs of telecommunications service
providers.
ix. TMN is the standard of the International Telecommunication Union (ITO) and is based on
OS1 CMIP/CMIS specifications. TMN extends the concept of management beyond managing
networks and network components; its specifications address service and business
considerations.
x. The IEEE standards for LAN and MAN specifications are concerned only with OS1 layers 1
(physical) and 2 (data link), and they are structured similarly to OSI specifications.
xi. Both OSI/CMIP and Internet/SNMP protocols use IEEE standards for the lower layers. The
IEEE 802.x series of specifications defines the standards for the various physical media and data
link protocols.
xii. IEEE 802.1 specifications present overview, architecture, and management. The IEEE 802.2
standard specifies the logical link control (LLC) layer. The other specifications in the IEEE series
are for specific media and protocols. For example, 802.3 specifications are for Ethernet LANs.
xiii. The last category in Table is Web-based management, which is based on using Web
technology, a Web server for the management system, and Web browsers for network
management stations.

3. (a) Define network management. State goals of network management.

Answer:- A network management system (NMS) is a set of hardware and/or software tools
that allow an IT professional to supervise the individual components of a network within a
larger network management framework.
i. The goal of network management is to ensure that the users of network are provided IT
services with a quality of service that they expect.
ii. Toward meeting this goal, the management should establish a policy to either formally or
informally contract an SLA with users. From a business administration point of view, network
management involves strategic and tactical planning of engineering, operations, and
maintenance of network and network services for current and future needs at minimum overall
cost.
iii. There needs to be a well-established interaction between the various groups performing
these functions.
iv. Figure4 presents a top-down view of network management functions. It comprises three
major groups: (a) network and service provisioning, network and (b) service operations, and (c)
network I&M.
v. It is worth considering the different functions as belonging to specific administrative groups,
although there are other ways of assigning responsibilities based on local organizational
structure. Network pro-visioning is the primary responsibility of the Engineering group.
vi. The Customer Relations group deals with clients and subscribers in providing services
planned and designed by the Engineering group.
vii. Network I&M is the primary responsibility of the Plant Facilities group.
viii. Normal daily operations are the function of the Network Operations group, which controls
and administers a NOC. This is the nerve center of network management operations.
ix. The functions of NOC are primarily concerned with network operations: its secondary
responsibilities are network provisioning and network I&M.
x. The associated service operations are handled by a subscriber operation center (SOC) and
customer relations management (CRM). Our focus here is on NOC.

4 (a) Describe all CMISE services in following categories:

(i) Management association services
Answer:- i) To transfer management information between open systems using CMIS/CMIP,
peer connections, i.e. associations, must be established. This requires the establishment of an
Application layer association, a Session layer connection, a Transport layer connection, and,
depending on supporting communications technology, Network layer and Link layer
connections.
ii) CMIS initially defined management association services but it was later decided these
services could be provided by ACSE and these services were removed.
iii) Management association services establish application associations to allow CMIS users to
communicate.
iv) CMIS includes three association service elements.

 M-INITIALIZE is used to establish an association with a peer CMISE service.

  M-TERMINATE is used to obtain normal termination of an association. Terminates an
established connection
 M-ABORT is used to obtain an abrupt release from an association. Terminates the
association in the case of an abnormal connection termination

(ii) Management Notification Services:

Answer:- Management notification services are used to convey notifications of managed
object events. M-EVENT-REPORT is used to report managed object events to a service user. A
report can be about any event the CMISE user chooses to collect and includes a time stamp of
the occurrence. It sends events occurring on managed objects.

(b) Compare between SNMP v1, SNMP v2 and SNMP v3.

Answer:-

Content SNMPv1 SNMPv2 SNMPv3

Standards RFC-1155.1157.1212 RFC-1441,1452 RFC- RFC-1902 to

1909.1910 RFC- 1901 to 1908 1908,2271 to 2275

Version SNMPv1 was the first version SNMPv2 currently exists in at SNMPv3 is the
of SNMP least three flavors, SNMPv2c, newest version of
SNMPv2u, and SNMPv2 SNMP.

protocol Simple request/ response Similarity: Get, GetNext, Set SNMPv3 uses
operations protocol. Protocol Changes: Trap message SNMPv2 protocol
operations :Get, GetNext, Set, format New protocol operations and its
and Trap operations GetBulk and PDU message
Inform format

Security No security from someone SNMPv2 failed to improve on Its primary feature
with access to the network security. is enhanced
security.
Content SNMPv1 SNMPv2 SNMPv3

Complexity Performance and security More powerful but more SNMPv3 focuses on
limitations. complex than SNMPv1 improving the
security aspect.

Message Five Seven messages instead of Implements SNMP

Format messages(GetRequest,,GetNex five (inform-request, get-bulk- v1 and v2
tRequest, SetRequest, Trap, request) specifications along
Response) with proposed new
features.

Protocol An open, standard protocol, Simple request/response The "EngineID"

Streamlined protocol protocol Identifier in SNMPv3
uniquely identifies
each SNMP entity.

MIB Defines limited, easily Defines general framework Can configure

implemented MIB of scalar with which MIB defined and agents to provide a
variables and two dimensional constructed number of levels of
tables access to MIB

Plaintext Yes Yes No

community
strings

Encrypted No Yes Yes

traffic,
Detection of
malformed
Content SNMPv1 SNMPv2 SNMPv3

packets

Susceptible to Yes Yes No

brute- force
attacks,
Susceptible to
buffer-
overflow
attacks

Susceptible to Yes No No
injection
attacks

Susceptible to Yes No No
replay attacks

Susceptible to Yes No No
sniffing of
session keys

Default/ Yes Yes No

known
passwords

5. (a) List and describe event correlation techniques.

Answer:- Several correlation techniques are used to isolate and localize fault in networks. All
are based on (1) Detecting and filtering of events (2) Correlating observed events to isolate and
localize the fault either topologically or functionally (3) Identifying the cause of the problem. In
all three cases, different reasoning methods distinguish one technique from another.
Six approaches to correlation techniques:
(1) Rule-based reasoning (2) Model-based reasoning (3) Case-based reasoning (4) Codebook (5)
State transition graph model (6) Finite state machine model
 Rule-Based Reasoning :-

i) Rule-based reasoning (RBR) is the earliest form of correlation technique. It is also known by
many other names, including rule-based expert system, expert system, production system, and
blackboard system.
ii) It has a working memory, an inference engine and a knowledge base. The three levels
representing the three components are the data level, control level, and knowledge level,
respectively.
iii) The knowledge base contains expert knowledge as to (1) definition of a problem in the
network and (2) action that needs to be taken if a particular condition occurs.
iv) The knowledge base information is rule-based in the form of if-then or condition-action,
containing rules that indicate which operations are to be performed when.
v) The working memory contains, as working memory elements, the topological and state
information of the network being monitored.
vi) The working memory recognizes when the network goes into a faulty state.
vii) The inference engine, in cooperation with the knowledge base, compares the current state
with the left side of the rule-base and finds the closest match to output the right side of the
rule. The knowledge base then executes an action on the working memory element.
viii) In Figure1, the rule-based paradigm is interactive among the three components and is
iterative. Several strategies are available for the rule-based paradigm.
ix) A specific strategy is implemented in the inference engine. When a specific rule has been
chosen, an action is performed on the working memory element, which can then initiate
another event. This process continues until the correct state is achieved in the working
memory.
x) Rules are established in the knowledge base from the expertise of people in the field. The
rule is an exact match and the action is very specific.
xi) If the antecedent and action in the rule do not match, the paradigm breaks and it is called
brittle. However, it can be fixed by adding more rules, but doing so increases the database size
and degrades performance, called a knowledge acquisition bottleneck.
xii) As the number of working memory elements grows, memory requirements grow
exponentially. In addition, the action is specific, which can cause unwanted behavior.
xiii) For example, we can define the alarm condition for packet loss as follows:
If packet loss < 10% alarm green
If packet loss => 10% < 15% alarm yellow
If packet loss => 15% alarm red
xiv) The left side conditions are the working memory elements, which if detected would
execute the appropriate rule defined in the rule-base
xv) This action could cause the alarm condition to flip back and forth in boundary cases. An
application of fuzzy logic is used to remedy this problem, but it is difficult to implement.
Model Based Correlation Technique :- In artificial intelligence, model-based reasoning refers to
an inference method used in expert systems based on a model of the physical world. With this
approach, the main focus of application development is developing the model. Then at run
time, an "engine" combines this model knowledge with observed data to derive conclusions
such as a diagnosis or a prediction
Case-based reasoning:-Case-based reasoning broadly construed, is the process of solving new
problems based on the solutions of similar past problems. An auto mechanic who fixes an
engine by recalling another car that exhibited similar symptoms is using case-based reasoning.
A lawyer who advocates a particular outcome in a trial based on legal precedentsor a judge who
creates case law is using case-based reasoning. So, too, an engineer copying working elements
of nature (practicing biomimicry), is treating nature as a database of solutions to problems.
Case-based reasoning is a prominent kind of analogy making.
It has been argued that case-based reasoning is not only a powerful method for computer
reasoning, but also a pervasive behavior in everyday human problem solving; or, more radically,
that all reasoning is based on past cases personally experienced. This view is related
to prototype theory, which is most deeply explored in cognitive science.
Codebook:- a codebook is a document used for implementing a code. A codebook contains
a lookup table for coding and decoding; each word or phrase has one or more strings which
replace it. To decipher messages written in code, corresponding copies of the codebook must
be available at either end. The distribution and physical security of codebooks presents a
special difficulty in the use of codes, compared to the secret information used in ciphers,
the key, which is typically much shorter.
The United States National Security Agency documents sometimes use codebook to refer
to block ciphers; compare their use of combiner-type algorithm to refer to stream ciphers.
A codebook is usually made in two parts, one part being for converting plaintext to ciphertext,
the other for the opposite purpose. Both are usually organized similar to a standard dictionary,
with plaintext words (in the first part) and ciphertext words (in the second part) presented like
dictionary headwords.
State transition graph model:- A state transition graph model is used by Seagate NerveCenter
correlation system. This could be used as a stand-alone system or integrated with an NMS,
which HP OpenView and some other vendors have done.
A simple state diagram with two states for a ping/response process is shown in figure. The two
states are ping mode and receive response. When an NMS sends a ping, it transitions from the
ping mode state to the receive response state. When it receive a response, it transitions back to
the ping node state. As you know by now, this method is how the health of all the components
is nominated by the NMS.
 .

Fig2: An RBR-Based Correlation Example Scenario

v) Four correlation rules are specified in Figure3.
vi) Rule 0 has no associated condition with, but rules 1-3 are conditional. To allow for
propagation time, a correlation window of 20 seconds is set.
5.(b) What is user security model(USM) and VACM in SNMP v3? Describe in detail.
Answer:- It is the purpose of RFC 3413, "SNMPv3 Applications" to describe the five types of
applications that can be associated with an SNMP engine. The applications are: Command
Generators, Command Responders, Notification Originators, Notification Receivers, and Proxy
Forwarders.
The document also defines MIB modules for specifying targets of management operations
(including notifications), for notification filtering, and for proxy forwarding.
User-based Security Model (USM):-
RFC 3414, the "User-based Security Model (USM) for version 3 of the Simple Network
Management Protocol (SNMPv3)," describes the User-based Security Model for SNMPv3. It
defines the Elements of Procedure for providing SNMP message-level security. The document
describes the two primary and two secondary threats that are defended against by the User-
based Security Model. These threats are: modification of information, masquerade, message
stream modification, and [optionally] disclosure.
The USM utilizes MD5 and the Secure Hash Algorithm as keyed hashing algorithms for digest
computation to provide data integrity to directly protect against data modification attacks, to
indirectly provide data origin authentication, and to defend against masquerade attacks.
The USM uses loosely synchronized monotonically increasing time indicators to defend against
certain message stream modification attacks. Automatic clock synchronization mechanisms
based on the protocol are specified without dependence on third-party time sources and
concomitant security considerations.
The USM uses the Data Encryption Standard (DES) in the cipher block chaining mode (CBC)
[optionally] to protect against disclosure.
The document also includes a MIB suitable for remotely monitoring and managing the
configuration parameters for the USM, including key distribution and key management.
A single protocol entity may provide simultaneous support for multiple security models, as well
as multiple authentication and privacy protocols. All of the protocols used by the USM are
based on symmetric cryptography (i.e., private key mechanisms). The SNMPv3 architecture
admits the use of public key cryptography, but as of this writing, no SNMPv3 security models
utilizing public key cryptography have been published.
View-based Access Control (VACM):-
The purpose of RFC 3415, the "View-based Access Control Model (VACM) for the Simple
Network Management Protocol (SNMP)," is to describe the View-based Access Control Model
for use in the SNMP architecture. It defines the Elements of Procedure for controlling access to
management information. This document also includes a MIB for remotely managing the
configuration parameters for the View-based Access Control Model.
The VACM can simultaneously be associated in a single engine implementation with multiple
Message Processing Models and multiple Security Models.
It is architecturally possible to have multiple, different, Access Control Models active and
present simultaneously in a single engine, but this is expected to be very rare in practice
and far less common than simultaneous support for multiple Message Processing Models
and/or multiple Security Models.
6. (a) Discuss M1, M2, M3, M4 and M5 interface in ATM network management.
Answer:- i. The ATM Forum interface reference architecture identifies a series of management
interfaces numbered Ml through M5.
ii. M1 and M2 are the interfaces between a private NMS and either an end user or a private
network, respectively. The end user can be a workstation, ATM switch, or any ATM device. A
private ATM network is an enterprise network.
iii. A private network management system can access its own network-related information in a
public network via an M3 interface to the public network management system.
iv. The public NMS responds to the private NMS via the M3 interface with the relevant
information or takes the action requested.
v. The M4 interface is between the public NMS and the public network. The final interface, M5,
is between the NMSs of two service providers. The ATM Forum has not yet specified this
interface.
vi. The ATM framework defines five different M-interfaces for management see Figure 1.

The ATM Forum Management Interface Reference Architecture

The ATM Forum Management Model:
i. The Network Management Working Group of the ATM Forum has developed an end-to-end
generic management model that encompasses private and public networks and lays out
standards for interworking between them.
ii. The model defines gateways between SNMP and CMIP systems, and between standards-
based and proprietary systems.
iii. Five key management interfaces are defined in this model, labeled M1-M5.
iv. M1 is concerned with the management of the end-user equipment connecting to either
private or public switches.
v. M2 undertakes management of private ATM switches and networks. Private ATM network
management is addressed through M1 combined with M2. M4 deals with their public ATM
switches and networks. M3 is the link between
vi. private and public networks, used for exchanging fault, performance and configuration
information.
vii. Finally, M5 supports interactions between any two public networks. The definition of these
interfaces allows a complete management service, ranging from a global view of the network
(M5 management interface) to the management of individual elements (M1 management
interface).
viii. In some cases, several management interfaces use the same information from a
management information base (MIB) tree, see Table1.
Type Interaction Purpose Services Protocol
s

M1 CPE / NMS Management of user - SNMP

terminal equipment

M2 P-Switch / Management of the ATM Similar to M4 SNMP

NMS private network

M3 NMS / NML Management interaction i. Public network configuration and SNMP

between private and status gathering , ii. Add & deletion
public domains of pre-authorized VCs, iii.new
connection request

M4 NML / EML Management of NE's and i.,Fault and performance CMIP,(Q3),or

or,EML / NE EMLs management, ii.,Configuration and SNMP
circuit provisioning, iii.,accounting

M5 NML / NML Management interaction Cross public network management No standard

between different owned yet
public domains

ILMI Private/public Service control Service activation, service assurance ILMI - SNMP
(maintenance), usage metering
(performance, billing)

Table1: Management Interface

  M1 Interface: Management of ATM Network Element

i. The M1 interface is between an SNMP management system and an SNMP agent in an ATM
device, as shown in Figure2.

SNMP ATM Management (M1 Interface)

ii. Four entities, ifInNUcastPkts, ifOutNUcastPkts, ifOutQLen, and ifspecific have been
deprecated. The interfaces (interfaces) and ifMIB (IF MIB) groups under the mgmt. node.

 M1/M2 Interfaces and the ILMI Implementation:

i. Interim Local Management Interface (ILMI), which is an implementation of the M I /M2

interfaces, enables the exchange of status, configuration, accounting and control information
between any two ATM devices - such as two ATM switches - across a user-to-network interface
(UNI).
ii. For ILMI to function, every ATM switch or network terminator and every ATM network that
deploys a public or private network UNI must be equipped with a UNI Management Entity
(UME) which supports an ILMI MIB.
iii. Two adjacent (or peer) UMEs can communicate using the common attributes provided by
the ILMI.
iv. By sending SNMP commands, a UME may obtain or modify (if the object is indeed
modifiable) information contained in its ILMI MIB.
v. The ILMI has been deployed by some vendors to perform management tasks across the UNI
for some devices. However, since the ILMI provides a solution that is applicable only at the UNI,
it cannot support the management tasks that are involved in a network comprising a range of
ATM devices.

 M4 Interface: Public Network Management

i. The management of public ATM network is primarily the responsibility of network service
providers, carriers and Postal Telephone and Telegraph (PTT) companies.
ii. They have the challenge of not only managing the public network, but also keeping up with
new technology.
6(b) What is fault management? Describe five steps process in fault management.

Answer:- Fault in a network is normally associated with failure of a network component and
subsequent loss of connectivity. Fault management involves a five-step process:
(1) Fault detection, (2) Fault location, (3) Restoration of service, (4) Identification of root cause
of the problem, and (5) Problem resolution.
i. The fault should be detected as quickly as possible by the centralized management system,
preferably before or at about the same time as when the users notice it.
ii. Fault location involves identifying where the problem is located. We distinguish this from
problem isolation, although in practice it could be the same.
iii. The reason for doing this is that it is important to restore service to the users as quickly as
possible, using alternative means.
iv. The restoration of service takes a higher priority over diagnosing the problem and fixing it.
v. Identification of the root cause of the problem could be a complex process, which we will go
into greater depth soon.
vi. After identifying the source of the problem, a trouble ticket can be generated to resolve the
problem.
vii. In an automated network operations center, the trouble ticket could be generated
automatically by the NMS.

Fault Detection:-

i. Fault detection is accomplished using either a polling scheme (the NMS polling management
agents periodically for status) or by the generation of traps (management agents based on
information from the network elements sending unsolicited alarms to the NMS).
ii. An application program in NMS generates the ping command periodically and waits for
response. Connectivity is declared broken when a preset number of consecutive responses are
not received.
iii. The frequency of pinging and the preset number for failure detection may be optimized for
balance between traffic overhead and the rapidity with which failure is to be detected.
iv. The alternative detection scheme is to use traps. One of the advantages of traps is that
failure detection is accomplished faster with less traffic overhead.
Fault Location and Isolation Techniques:-

i. Fault location using a simple would be to detect all the network components that have failed.
The origin of the problem could then be traced by walking down the topology tree where the
problem starts.
ii. Thus, if an interface card on a router has failed; all managed components connected to that
interface would indicate failure.
iii. After having located where the fault is, the next step is to isolate the fault (i.e. determine the
source of the problem).
iv. First, we should delineate the problem between failure of the component and the physical
link. Thus, in the above example, the interface card may be functioning well, but the link to the
interface may be down. We need to use various diagnostic tools to isolate the cause.
v. Let us assume for the moment that the link is not the problem but that the interface card is.
We then proceed to isolate the problem to the layer that is causing it. It is possible that
excessive packet loss is causing disconnection.
vi. We can measure packet loss by pinging, if pinging can be used. We can query the various
Management Information Base (MIB) parameters on the node itself or other related nodes to
further localize the cause of the problem.
vii. For example, error rates calculated from the interface group parameters, ifInDiscards,
ifInErrors, ifOutDiscards, and ifOutErrors with respect to the input and out-put packet rates,
could help us isolate the problem in the interface card.

Service Restoration:-

i. Whenever there is a service failure, it is NOC's responsibility to restore service as soon as

possible. This involves detection and isolation of the problem causing the failure, and
restoration of service.
ii. In several failure situations, the network will do this automatically. This network feature is
called self-healing. In other situations NMS can detect failure of components and indicate with
appropriate alarms.
iii. Restoration of service does not include fixing the cause of the problem. That responsibility
usually rests with the I&M group.
iv. A trouble ticket is generated and followed up for resolution of the problem by the I&M
group.

Root Cause Analysis (RCA) :-

Root Cause Analysis (RCA) is a popular and often-used technique that helps people answer the
question of why the problem occurred in the first place.
It seeks to identify the origin of a problem using a specific set of steps, with associated tools, to
find the primary cause of the problem, so that you can:

1. Determine what happened.

2. Determine why it happened.
3. Figure out what to do to reduce the likelihood that it will happen again.

Problem Resolution:-

Correcting the problem (indicates that the problem has been solved) by hardware & software
techniques, managed objects are repaired or replaced, and operations returned to normal.