Network Management

Unit-VI:
Network Management: Basic principals, Infrastructure 4 n/w management, The internet
netowrk management framework: SMI, MIB, SNMP details, Security & administration,
ASN.1, Firewalls: Packet filtering and application Gateways
 introduction to network management
motivation
 major components
 Internet network management framework
 MIB: management information base
 SMI: data definition language
 SNMP: protocol for network management
 security and administration
 presentation services: ASN.1
Unit 6 1
 What is network management?

 autonomous systems (aka “network”): 100s or 1000s of

interacting hardware/software components
 other complex systems requiring monitoring, control:
 jet airplane
 nuclear power plant
 others?

"Network management includes the deployment, integration

and coordination of the hardware, software, and human
elements to monitor, test, poll, configure, analyze, evaluate,
and control the network and element resources to meet the
real-time, operational performance, and Quality of Service
requirements at a reasonable cost."
Unit 6 2
 Infrastructure for network management
definitions:

managing entity agent data

managing managed devices contain
data managed device
entity managed objects whose
data is gathered into a
agent data Management Information
network
management Base (MIB)
managed device
protocol

agent data
agent data
managed device

managed device

Unit 6 3
 Network Management standards

OSI CMIP SNMP: Simple Network

 Common Management Management Protocol
Information Protocol  Internet roots (SGMP)
 designed 1980’s: the  started simple
unifying net  deployed, adopted rapidly
management standard  growth: size, complexity
 too slowly standardized
 currently: SNMP V3
 de facto network
management standard

Unit 6 4
 SNMP overview: 4 key parts
 Management information base (MIB):
 distributed information store of network management
data
 Structure of Management Information (SMI):
 data definition language for MIB objects
 SNMP protocol
 convey manager<->managed object info, commands

 security, administration capabilities

 major addition in SNMPv3

Unit 6 5
 SMI: data definition language
Purpose: syntax, semantics of Basic Data Types
management data well-
defined, unambiguous INTEGER
 base data types: Integer32
 straightforward, boring Unsigned32
 OBJECT-TYPE OCTET STRING
 data type, status,
OBJECT IDENTIFIED
semantics of managed IPaddress
object Counter32
 MODULE-IDENTITY Counter64
 groups related objects
Guage32
Time Ticks
into MIB module
Opaque
Unit 6 6
 SNMP MIB
MIB module specified via SMI
MODULE-IDENTITY
(100 standardized MIBs, more vendor-specific)

MODULE OBJECT TYPE:

OBJECT TYPE:OBJECT TYPE:

objects specified via SMI

OBJECT-TYPE construct

Unit 6 7
 SMI: Object, module examples
OBJECT-TYPE: ipInDelivers MODULE-IDENTITY: ipMIB

ipMIB MODULE-IDENTITY
ipInDelivers OBJECT TYPE LAST-UPDATED “941101000Z”
SYNTAX Counter32 ORGANZATION “IETF SNPv2
MAX-ACCESS read-only Working Group”
STATUS current CONTACT-INFO
“ Keith McCloghrie
DESCRIPTION
……”
“The total number of input DESCRIPTION
datagrams successfully “The MIB module for managing IP
delivered to IP user- and ICMP implementations, but
protocols (including ICMP)” excluding their management of
::= { ip 9} IP routes.”
REVISION “019331000Z”
………
::= {mib-2 48}
Unit 6 8
 MIB example: UDP module
Object ID Name Type Comments
1.3.6.1.2.1.7.1 UDPInDatagrams Counter32 total # datagrams delivered
at this node
1.3.6.1.2.1.7.2 UDPNoPorts Counter32 # underliverable datagrams
no app at portl
1.3.6.1.2.1.7.3 UDInErrors Counter32 # undeliverable datagrams
all other reasons
1.3.6.1.2.1.7.4 UDPOutDatagrams Counter32 # datagrams sent
1.3.6.1.2.1.7.5 udpTable SEQUENCE one entry for each port

in use by app, gives port #

and IP address

Unit 6 9
 SNMP Naming
question: how to name every possible standard object
(protocol, data, more..) in every possible network
standard??
answer: ISO Object Identifier tree:
 hierarchical naming of all objects
 each branchpoint has name, number

1.3.6.1.2.1.7.1
ISO udpInDatagrams
ISO-ident. Org. UDP
US DoD MIB2
Internet management
Unit 6 10
 OSI
Object
Identifier
Tree

Check out www.alvestrand.no/harald/objectid/top.html

Unit 6 11
 SNMP protocol
Two ways to convey MIB info, commands:

managing managing
entity entity

request
trap msg
response

agent data agent data

Managed device Managed device

request/response mode trap mode

Unit 6 12
 SNMP protocol: message types
Message type Function
GetRequest
Mgr-to-agent: “get me data”
GetNextRequest
(instance,next in list, block)
GetBulkRequest

InformRequest Mgr-to-Mgr: here’s MIB value

SetRequest Mgr-to-agent: set MIB value

Response Agent-to-mgr: value, response to

Request
Trap Agent-to-mgr: inform manager
of exceptional event
Unit 6 13
SNMP protocol: message formats

Unit 6 14
 SNMP security and administration

 encryption: DES-encrypt SNMP message

 authentication: compute, send MIC(m,k):
compute hash (MIC) over message (m),
secret shared key (k)
 protection against playback: use nonce
 view-based access control
 SNMP entity maintains database of access rights,
policies for various users
 database itself accessible as managed object!

Unit 6 15
 The presentation problem
Q: does perfect memory-to-memory copy solve
“the communication problem”?
A: not always!

struct { test.code a test.code a

char code; test.x 00000001
int x; 00000011 test.x 00000011
} test; 00000001
test.x = 256;
test.code=‘a’ host 2 format
host 1 format

problem: different data format, storage conventions

Unit 6 16
A real-life presentation problem:

grandma 2004 teenager

aging 60’s
hippie

Unit 6 17
 Presentation problem: potential solutions
1. Sender learns receiver’s format. Sender translates
into receiver’s format. Sender sends.
– real-world analogy?
– pros and cons?
2. Sender sends. Receiver learns sender’s format.
Receiver translate into receiver-local format
– real-world-analogy
– pros and cons?
3. Sender translates host-independent format. Sends.
Receiver translates to receiver-local format.
– real-world analogy?
– pros and cons?

Unit 6 18
 Solving the presentation problem
1. Translate local-host format to host-independent format
2. Transmit data in host-independent format
3. Translate host-independent format to remote-host format

aging 60’s
grandma hippie 2004 teenager
Unit 6 19
 ASN.1: Abstract Syntax Notation 1
 ISO standard X.680
 used extensively in Internet
 like eating vegetables, knowing this “good for you”!

 defined data types, object constructors

 like SMI
 BER: Basic Encoding Rules
 specify how ASN.1-defined data objects to be
transmitted
 each transmitted object has Type, Length, Value
(TLV) encoding

Unit 6 20
 TLV Encoding
Idea: transmitted data is self-identifying
 T: data type, one of ASN.1-defined types
 L: length of data in bytes
 V: value of data, encoded according to ASN.1
standard
Tag Value Type
1 Boolean
2 Integer
3 Bitstring
4 Octet string
5 Null
6 Object Identifier
9 Real
Unit 6 21
 TLV
encoding:
example

Value, 259
Length, 2 bytes
Type=2, integer

Value, 5 octets (chars)

Length, 5 bytes
Type=4, octet string
Unit 6 22
Network Management: summary
 network management
 extremely important: 80% of network “cost”
 ASN.1 for data description
 SNMP protocol as a tool for conveying information
 Network management: more art than science
 what to measure/monitor
 how to respond to failures?
 alarm correlation/filtering?

Unit 6 23