Network Management and O&M

Page 0 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Foreword
 The ever expanding network and increasing network devices present a significant
challenge in managing networks effectively and providing high-quality network
services.
 There are many network management and O&M methods, of which this course
describes some of the most common.

Page 1 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
 On completion of this course, you will be able to:
▫ Understand basic concepts of network management and O&M.

▫ Master common network management and O&M methods.

▫ Describe basic functions of network management and O&M.

▫ Understand the fundamentals of SNMP.

▫ Understand Huawei iMaster NCE and related technologies.

Page 2 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Basic Concepts of Network Management and O&M

2. SNMP Fundamentals and Configuration

3. Network Management Based on Huawei iMaster NCE

Page 3 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 What Is Network Management and O&M?
 Network management and O&M plays an important role on a communications network. It
ensures that devices work properly and the communications network runs properly to
provide efficient, reliable, and secure communications services.

The network
administrator manages
and maintains the
network for stable
operation.

Network administrator

Common enterprise network architecture

Page 4 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Basic Network Management Functions

Configuration Performance Fault Security Accounting

management management management management management

OSI defines five functional models for network management:

▫ Configuration management: monitors network configuration information so that network administrators can
generate, query, and modify hardware and software running parameters and conditions, and configure services.
▫ Performance management: manages network performance so that the network can provide reliable, continuous,
and low-latency communication capabilities with as few network resources as possible.
▫ Fault management: ensures that the network is always available and rectifies faults as soon as possible.
▫ Security management: protects networks and systems from unauthorized access and attacks.
▫ Accounting management: records the network resource usage of users, charges users, and collects statistics on
network resource usage.

Page 5 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network Management Modes
Traditional Network Management and O&M iMaster NCE-based Network Management and O&M

ERP Video Office OS Advertisement

conferencing operations

Commercial application

Northbound API

`
Analysis

Network Network
automation intelligence
Control
Management
iMaster NCE
Web SNMP-based Cloud platform
CLI
system centralized
mode
mode management

Network administrator Network management station Data center Campus WAN Branch

Page 6 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Basic Concepts of Network Management and O&M

2. Traditional Network Management

3. Network Management Based on Huawei iMaster NCE

Page 7 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Management Through the CLI or Web System
 When the network scale is small, the CLI and web system are generally used for network management.
▫ Network administrators can log in to a device through HTTPS, Telnet, or the console port to manage the device.

▫ These network management modes do not require any program or server to be installed on the network, and
the cost is low.

▫ Network administrators must have a good master of network knowledge and vendor-specific network
configuration commands.

▫ These modes have great limitations when the network scale is large and the network topology is complex.
Vendor A Vendor A Vendor A Vendor A Vendor B Vendor C Vendor D
Switch Firewall AC Router Router Switch Switch

One-to-one management
Network administrator

Page 8 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 SNMP-based Centralized Management
 SNMP is a standard network management protocol widely used on TCP/IP networks. It provides a
method for managing NEs through a central computer that runs network management software, that
is, a network management station.

• Network administrators can use the NMS to

query information, modify information, and
troubleshoot faults on any node on the network,
improving work efficiency.
SNMP • Network devices of different types and vendors
packet exchange
are managed in a unified manner.
One-to-many
management

NMS Network administrator

Page 9 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Typical SNMP Architecture
 On a network where SNMP is used for network
Client management, a network management system (NMS)
SNMP message
functions as a network management center and runs
Monitor
management processes. Each managed device needs to
Provides a visualized interface. run an agent process. The management process and
agent process communicate with each other through
NMS SNMP messages.
Network management  An NMS is a system that uses SNMP to manage and
process monitor network devices. The NMS software runs on
NMS servers.
IP
Network
 Managed devices are devices that are managed by the
NMS on the network.
Agent Agent Agent  The agent process runs on managed devices to
process process process
maintain the information data of the managed devices,
Managed device Managed device Managed device
respond to the request from the NMS, and report the
management data to the NMS that sends the request.

Page 10 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 SNMP Message Exchange
NMS Managed object • The NMS and managed devices exchange messages in
Network management the following modes:
process ▫ The NMS sends a request for modifying or querying
configuration information to a managed device through
1 2 3
SNMP. The agent process running on the managed device
Query/Modify Request

Query/Modify response

Trap
responds to the request from the NMS.
▫ The managed device can proactively report traps to the
NMS so that the network administrator can detect faults in
a timely manner.
• Managed object: Each device may contain multiple
Agent managed objects. A managed object can be a
process hardware component or a set of parameters
configured on the hardware or software (such as a
routing protocol).
• SNMP uses management information bases (MIBs) to
describe a group of objects of a manageable entity.
Managed device

Page 11 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 MIB
root

iso (1) • A MIB is a database containing the variables that are

ccitt (0) joint-iso-ccitt (2) maintained by managed devices. (The variables can
org (3) be queried or set by the agent processes.) The MIB
defines the attributes of managed devices in the
dod (6) database.
▫ Object identifier (OID) of an object
OID:1.3.6.1.2 ▫ Status of an object
internet (1)
▫ Access permission of an object
mgmt (2) ▫ Data types of an object
• A MIB provides a structure that contains data on all
mib (1) NEs that may be managed on the network. Because
the data structure is similar to the tree structure, a
system (1) interface (2) ... MIB is also called an object naming tree.

... ...

Page 12 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Common MIB Objects
 Objects used for query or modification:
Maximum
OID Object Name Data Type Description
Access
Number of network interfaces in
1.3.6.1.2.1.2.1 ifNumber Integer read-only the system (regardless of the
current interface status)
1.3.6.1.4.1.2011.5.25.41.1
hwIpAdEntNetMask IpAddress read-create Subnet mask of an IP address
.2.1.1.3

 Objects used for alarm notification:

OID Object Name Bound Variable Description
ifIndex It is detected that one of the communication links in the
ifAdminStatus ifOperStatus object has entered the down state from
3.6.1.6.3.1.1.5.3 linkDown
ifOperStatus another state (but not the notPresent state). The original
ifDesc state is indicated by the value of ifOperStatus.

Page 13 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 SNMP Management Model
NMS
Network management • Query/Modify operation:
process ▫ The NMS sends an SNMP request message to an
agent process.
SNMP message exchange
▫ The agent process searches the MIB on the device for
information to be queried or modified and sends an
Agent process
SNMP response message to the NMS.
• Trap operation:
MIB ▫ If the trap triggering conditions defined for a module
are met, the agent process sends a message to notify
the NMS that an event or trap has occurred on a
Managed object managed object. This helps network administrators
promptly process network faults.

Managed devices

Page 14 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 SNMPv1
NMS IP Network Managed device
What's the IP address
Get of GE 0/0/1

Response 10.0.1.1/24

What's the IP address

GetNext of GE 0/0/2

Response 10.0.2.1/24

Set the IP address of

Set GE 0/0/3 to
10.0.3.1/24.

Response Setting succeeded.

The CPU usage is

Trap
too high.

Page 15 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 SNMPv2c
NMS IP Network
Managed device

Get

Response

GetNext

Response

Set

Response

Trap
Query the IP addresses of
GetBulk
all interfaces on the device
The IP address of GE 0/0/1 is...
Response
The IP address of GE 0/0/2 is...

Inform The CPU usage is too high.

Response Alarm received.

Page 16 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 SNMPv3
 SNMPv3 has the same working mechanism as SNMPv1 and SNMPv2c, but adds header data and
security parameters.
 SNMPv3 messages can be authenticated and encrypted.
 SNMPv3 is applicable to networks of various scales and has high security.

NMS IP Network Managed device

Authenticates all
exchanged messages
and encrypts messages.

Page 17 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 SNMP Summary
 SNMP has the following advantages:
▫ Simplicity: SNMP is applicable to networks that require high speed and low cost because it uses a polling mechanism and
provides basic network management functions. Moreover, SNMP uses UDP to exchange data and therefore is supported by most
products.

▫ Convenience: SNMP allows management information exchange between arbitrary devices on a network, so that a network
administrator can query information and locate faults on any device.

 SNMPv1 applies to small-scale networks where security requirements are not high or the network environment is
safe and stable, such as campus networks and small-sized enterprise networks.
 SNMPv2c applies to medium- and large-sized networks where security requirements are not high or the network
environment is safe, but a large volume of traffic exists and traffic congestion may occur.
 SNMPv3 is the recommended version and applies to networks of various scales, especially those networks that have
high security requirements and allow only authorized administrators to manage network devices.

Page 18 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Basic SNMP Configuration (1)
1. Enable the SNMP agent function.

[Huawei] snmp-agent

2. Set the SNMP version.

[Huawei] snmp-agent sys-info version [v1 | v2c | v3]

You can configure the SNMP version as required. However, the protocol version used on the device must be the
same as that used on the NMS.
3. Create or update MIB view information.
[Huawei] snmp-agent mib-view view-name { exclude | include } subtree-name [mask mask]

4. Add a new SNMP group and map users in this group to the SNMP view.

[Huawei] snmp-agent group v3 group-name { authentication | noauth | privacy } [ read-view view-name |

write-view view-name | notify-view view-name ]

This command is used to create an SNMP group of the SNMPv3 version and specify the authentication and
encryption mode and one or more of read-only view, read-write view, and notification view. It is a mandatory
command on networks that require high security.

Page 19 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Basic SNMP Configuration (2)
5. Add a user to the SNMP group.

[Huawei] snmp-agent usm-user v3 user-name group group-name

6. Configure an authentication password for an SNMPv3 user.

[Huawei] snmp-agent usm-user v3 user-name authentication-mode { md5 | sha | sha2-256 }

7. Configure the SNMPv3 user encryption password.

[Huawei] snmp-agent usm-user v3 user-name privacy-mode { aes128 | des56 }

8. Set parameters for the device to send traps.

[Huawei] snmp-agent target-host trap-paramsname paramsname v3 securityname securityname {

authentication | noauthnopriv | privacy }

Page 20 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Basic SNMP Configuration (3)
9. Configure the target host of traps.

[Huawei] snmp-agent target-host trap-hostname hostname address ipv4-address trap-paramsname

paramsname

10. Enable all trap functions.

[Huawei] snmp-agent trap enable

Note that this command is used only to enable the device to send traps. This command must be used together
with the snmp-agent target-host command. The snmp-agent target-host command specifies the device to
which traps are sent.

11. Configure the source interface that sends traps.

[Huawei] snmp-agent trap source interface-type interface-number

Note that a source IP address must have been configured for the interface that sends traps.

Page 21 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 SNMP Configuration Example (Network
Device Side)

GE0/0/1
NMS R1 R1configuration:
192.168.1.10 [R1]snmp-agent
Managed device [R1]snmp-agent sys-info version v3
[R1]snmp-agent group v3 test privacy
• Enable SNMP on R1and set the SNMP version to [R1]snmp-agent usm-user v3 R1 test authentication-
SNMPv3. mode md5 HCIA@Datacom123 privacy-mode aes128
• Set the SNMPv3 group name to test and encryption HCIA-Datacom123
authentication mode to privacy. [R1]snmp-agent target-host trap-paramsname param v3
• Create an SNMPv3 user named R1 and set the securityname sec privacy
authentication and encryption passwords to HCIA- [R1]snmp-agent target-host trap-hostname nms address
Datacom123. 192.168.1.10 trap-paramsname param
• Create a trap parameter named param and set [R1]snmp-agent trap source GigabitEthernet 0/0/1
securityname to sec. [R1]snmp-agent trap enable
• Set the IP address of the SNMP target host to Info: All switches of SNMP trap/notification will be open.
192.168.1.10. Continue? [Y/N]:y
• Enable the trap function and specify GE 0/0/1 as the
source interface that sends traps.

Page 22 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Basic Concepts of Network Management and O&M

2. Traditional Network Management

3. Network Management Based on Huawei iMaster NCE

Page 23 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Transformation and Challenges of the
Network Industry
 With the advent of the 5G and cloud era, innovative services such as VR/AR, live streaming, and autonomous driving
are emerging, and the entire ICT industry is booming. At the same time, the traffic of the entire network also
increases explosively. Huawei Global Industry Vision (GIV) predicts that the amount of new data will reach 180 ZB
by 2025. Moreover, the dynamic complexity of services makes the entire network more complex.
 Such challenges can only be overcome by constructing automated and intelligent network systems centered on user
experience.

Autonomous
driving

Live
VR/AR
streaming

Traditional networks
are overloaded.

Page 24 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Huawei iMaster NCE
 Huawei iMaster NCE is a network automation and intelligence platform that integrates management,
control, analysis, and AI functions.
• In terms of management and control, iMaster NCE
Cloud platform & application
allows you to:
▫ Manage and control traditional devices through
iMaster NCE traditional technologies such as CLI and SNMP.
Open API ▫ Manage and control SDN-capable networks through
Intent engine NETCONF (based on the YANG model).

Management Control Analysis • iMaster NCE collects network data through protocols
such as SNMP and telemetry, performs intelligent
Unified cloud-based platform
big data analysis based on AI algorithms, and
displays device and network status in multiple
CLI/SNMP NETCONF/YANG Telemetry
dimensions through dashboards and reports, helping
Traditional O&M personnel quickly detect and handle device
SDN-capable network devices
devices and network exceptions and ensuring normal
running of devices and networks.

Page 25 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 NETCONF Overview
 NETCONF provides a network device management mechanism. You can use NETCONF to add, modify,
or delete configurations of network devices, and obtain configurations and status of network devices.

NETCONF requires that

NETCONF has three
messages exchanged
objects: between a client and server
NETCONF client
be encoded using XML.
▫ NETCONF client
NETCONF
▫ NETCONF server Network message exchange

▫ NETCONF message

NETCONF server
Device
Device 1 Device 2 Device 3

Page 27 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 NETCONF Advantages
Function NETCONF SNMP CLI

Machine-machine interface: The interface definition is Machine-to-

Man-machine
Interface type complete and standard, and the interface is easy to control machine
interface
and use. interface

High: Object-based modeling is supported. Only one

Operation
interaction is required for object operations. Operations Medium Low
efficiency
such as filtering and batch processing are supported.

Scalability Proprietary protocol capabilities can be extended. Weak Moderate

Supports transaction processing mechanisms such as trial Partially

Transaction Not supported
running, rollback upon errors, and configuration rollback. supported

Only SNMPv3
Secure Multiple security protocols: SSH, TLS, BEEP/TLS, and
supports secure SSH
transmission SOAP/HTTP/TLS
transmission.

Page 28 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Typical NETCONF Interaction
SSH connection

RPC

<?xml version="1.0" encoding="UTF-8"?>

<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-
id= "101">
<edit-config> This operation is to
modify configuration.
<target> RPC-Reply
<running/>
</target>
<?xml version="1.0" encoding="UTF-8"?>
<config>
<rpc-reply message-id="101"
Configuration content in XML format xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
</config> <ok/> Modified successfully.
</edit-config> </rpc-reply>
</rpc>

Page 29 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 YANG Language Overview
 Yet Another Next Generation (YANG) is a data modeling language that standardizes NETCONF data content.
 The YANG model defines the hierarchical structure of data and can be used for NETCONF-based operations.
Modeling objects include configuration, status data, remote procedure calls, and notifications. This allows a
complete description of all data exchanged between a NETCONF client and server.

A model is an abstraction and expression of things.

A data model is an abstraction and expression of data features.

Name, gender, Interface, routing

height, weight, age, protocol, IP address,
skin color... routing table...

Person Router

Page 30 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 YANG and XML (1)
 A YANG file is loaded on the NETCONF client (such as the NMS or SDN controller).
 The YANG file is used to convert data into XML-format NETCONF messages before they are sent to the device.

list server { <server>

name="smtp"
key "name"; <name>smtp</name>
ip=192.0.2.1
unique "ip port"; <ip>192.0.2.1</ip>
port=25
leaf name { <port>25</port>
type string; </server>
}
leaf ip { + name="http"
ip=192.0.2.1 =
<server>
<name>http</name>
type inet:ip-address; port= <ip>192.0.2.1</ip>
} </server>
leaf port { <server>
type inet:port-number; name="ftp"
<name>ftp</name>
} ip=192.0.2.1
<ip>192.0.2.1</ip>
} port=
</server>
YANG file Data XML

Page 31 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 YANG and XML (2)
 A YANG file is loaded on the NETCONF server (such as a router or switch).
 The YANG file is used to convert received XML-format NETCONF messages into data for subsequent processing.

<server> list server { name="smtp"

<name>smtp</name> key "name"; ip=192.0.2.1
<ip>192.0.2.1</ip> unique "ip port"; port=25
<port>25</port> leaf name {
</server> type string;
<server>
<name>http</name> + }
leaf ip { =
name="http"
ip=192.0.2.1
<ip>192.0.2.1</ip> type inet:ip-address; port=
</server> }
<server> leaf port {
<name>ftp</name> type inet:port-number; name="ftp"
<ip>192.0.2.1</ip> } ip=192.0.2.1
</server> } port=

XML YANG file Data

Page 32 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Telemetry Overview
 Telemetry, also called network telemetry, is a technology that remotely collects data from physical or virtual devices
at a high speed.

 Devices periodically send interface traffic statistics, CPU usage, and memory usage to collectors in push mode.
Compared with the traditional pull mode, the push mode provides faster and more real-time data collection.
SNMP Telemetry

T > 5 min
T < 1s
"Pull" "Subscription
and push"

Telemetry supports
data collection
at the level of subseconds.

Page 33 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. (Single) On an SNMP-based network, which of the following runs the management process to
manage the managed devices? ( )
A. NMS

B. Agent process

C. MIB

D. SNMP

2. (Single) In SNMPv1, which of the following operations is used by a managed device to report traps?
( )
A. Get-Request

B. Set-Request

C. Trap

D. Response

Page 34 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
3. YANG is a data modeling language. ( )
A. True

B. False

4. Telemetry supports data collection at the level of subseconds. ( )

A. True

B. False

Page 35 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Summary
 With the development of network technologies, more and more network
management and O&M methods are available. The common methods are as
follows:
▫ CLI mode or web system

▫ SNMP

▫ Huawei iMaster NCE's intelligent O&M platform (covering management, control, and
analysis)

Page 36 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Thank You
www.huawei.com

Page 37 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.