Chapt 7 :Network Management

Net Management

• A good network management design can help an

organization achieve availability, performance, and
security goals.
• It can help an organization measure how well design
goals are being met and adjust network parameters
if these goals are not being met.
• It can help an organization analyze current network
behavior, apply upgrades appropriately, and
troubleshoot any problems with upgrades.
 Network Management Design
• Approaching network management design, think about
scalability, traffic patterns, data formats, and
cost/benefit tradeoffs.
• Network management systems can be expensive.
• They can also have a negative effect on network
performance.
• Some network management systems poll/survey remote
stations on a regular basis. The amount of traffic caused
by the polling can be significant.
• You should analyze your customer’s requirements for
polling timers.
 Network Management Design cont’d…
• Work with your customer to figure out which resources
should be monitored and the metrics to use when
measuring the performance of devices.

• Choose carefully the data to collect.

• Saving too much data can result in a requirement for a
supercomputer to process and store the data.
• Plan the format that data should be saved in
carefully.
-You should try to use general-purpose data formats.
 Proactive Network Management
• Proactive management means checking the health of
the network during normal operation to recognize
potential problems, optimize performance, and plan
upgrades.
• Companies that practice proactive management
collect statistics and conduct tests, such as
response-time measurements, on a routine basis.

• Network managers can write monthly or quarterly

reports that document the quality of network
service that has been delivered in the last period,
measured against service goals.
• The service goals are defined by the network design:
availability, response time, throughput, usability,
and so on.
 Network Management Process includes:

1) Fault Management(FM)
2) Configuration Management(CM)
3) Accounting Management(AM)
4) Performance Management(PM)
5) Security Management(SM)

• Hence, we should understand and consider the

aforementioned processes for effective management
of the Network.
 Network Management Processes
1) Fault Management (FM): Detecting, isolating, and
correcting problems; reporting problems to end users
and managers; tracking trends related to problems.

• A variety of tools exist to meet these fault-

management requirements, including:
Monitoring tools that alert managers to problems,
Protocol analyzers for fault resolution, and
Help-desk software for documenting problems and
alerting users of problems.
• Monitoring tools are often based on the Simple
Network Management Protocol (SNMP) and Remote
Monitoring (RMON) standards.
 Fault Management cont’d…
Most operating systems provide a means for the system and its running processes to
report faults to a network manager.

Cisco devices produce syslog messages as a result of

network events.
A syslog analyzer applies filters and sends only a predefined subset of all
syslog messages to a network management
station.
This saves bandwidth and also reduces the amount of information a network
administrator must analyze.

• Every syslog message contains a time stamp, level, and facility. Syslog levels are as
follows:
■ Emergency (level 0, the most severe level)
■ Alert (level 1)
■ Critical (level 2)
■ Error (level 3)
■ Warning (level 4)
■ Notice (level 5)
■ Informational (level 6)
■ Debugging (level 7)
 Network Management Processes cont’d…
2) Configuration Management(CM): Controlling, operating,
identifying, and collecting data from managed devices.
• CM helps a network manager keep track of network devices and
maintain information on how devices are configured.
• It can be used to define and save a default configuration for
similar devices, modify the default configuration for specific
devices, and load the configuration on devices.
• It lets maintain an inventory of network assets and do version-
logging.
• Version-logging refers to keeping track of the version of
operating systems or applications running on network devices.
• The inventory of network assets can also include information on
the hardware configuration of devices, such as the amount of
RAM, the size of flash memory, and the type of cabling that
the devices use. Example conf. mgt…. DHCP, VLAN, VTP…
Etc
 Network Management Processes cont’d…
3) Accounting Management (AM):
Accounting of network usage to allocate costs to network
users and/or plan for changes in capacity requirements.
• AM facilitates usage-based billing, whereby individual
departments or projects are charged for network
services.
• Even in cases in which there is no money exchange,
accounting of network usage can be useful to catch
departments or individuals who “abuse” the network.
• The abuse could be intentional.
• A practical reason to track unexpected traffic growth is
so that the traffic can be considered during the next
capacity-planning phase.
 Network Management Processes cont’d…
4) Performance Management(PM): Analyzing traffic and application
behavior to optimize a network, meet service-level agreements,
and plan for expansion.
• PM includes examining network application and protocol behavior,
analyzing reachability, measuring response time, and recording
network route changes. Ping(ICMP), SNMP tools can be used.
• You should monitor two types of performance:
i) End-to-end performance: Measures performance across an
internetwork. It can measure availability, capacity, utilization,
delay, delay variation, throughput, reachability, response
time, errors, and the burstiness of traffic.
ii) Component performance: Measures the performance of
individual links or devices. For example, throughput and utilization
on a particular network segment can be measured. Additionally,
routers and switches can be monitored for throughput (packets
per second), memory and CPU usage, and errors.
 Network Management Processes cont’d…
5) Security Management(SM): Monitoring and testing security
and protection policies, maintaining and distributing passwords
and other authentication and authorization information,
managing encryption keys, and auditing adherence to security
policies.
• SM is a process for collecting, storing, and examining
security audit logs. Audit logs should document logins and
logouts (but not save passwords) and attempts by people to
change their level of authorization.
• Collecting audit data can result in a rapid accumulation of
data.
• The required storage can be minimized by keeping data for
a short period of time and summarizing the data.
• One drawback to keeping less data, however, is that it
makes it harder to investigate security incidents.
 Sec. Management Cont’d…
• In SM, Compressing the data, instead of keeping less data, is
often a better solution.
• It is also a good idea to encrypt audit logs.
-A hacker who accesses audit logs can cause a lot of damage
to
a network if the audit log is not encrypted.
-The hacker can alter the log without detection and also glean
sensitive information from the log.
• A variety of tools exist for maintaining security logs, including
Event Viewer on Windows systems and syslog on UNIX and
Cisco IOS devices.
• Most contemporary operating systems, including Windows,
Solaris, Mac OS X, and FreeBSD, support audit event
logging because of requirements in the Common Criteria for
Information Technology Security Evaluation, an international
standard for computer security certification.
 Network Management Architectures
• A network management architecture consists of three major
components:
■ A managed device: A network node that collects and stores
management information. Managed devices can be routers,
servers, switches, bridges, hubs, end systems, or printers.
■ An agent: Network management software that resides in a
managed device. An agent tracks local management information
and uses a protocol such as SNMP to send information to
NMSs.
■ A network management system (NMS): Runs applications to
display management data, monitor and control managed
devices, and communicate with agents.
An NMS is generally a powerful workstation that has
sophisticated graphics, memory, storage, and processing
capabilities. The NMS is typically located in a network operations
center (NOC).
Network Management Architectures
Selecting Network Management Tools and Protocols
• You can meet most customers’ needs by recommending tools that
support SNMP and RMON (Remote Monitoring) Standards.
-Cisco Discovery Protocol (CDP) and Cisco NetFlow Accounting
are also helpful
• At a minimum, a network management solution should include
tools for isolating, diagnosing, and reporting problems to
facilitate quick repair and recovery.
• Network management tools should provide an
intuitive user interface that can react quickly to user input.
-In many cases, having both a
browser interface and command-line interface (CLI) is
beneficial.
• Management software that supports the dynamic configuration
of devices should require authentication to avoid an
unauthorized user making changes.
 Simple Network Management Protocol

• SNMP is supported by most commercial NMSs and many

networking devices, including
switches, routers, servers, and workstations.
• SNMP has gained widespread popularity
because of its simplicity and because it is easy to
implement, install, and use.
• Also, when used sensibly, SNMP does not place undue
burden on the network.
• Interoperability between SNMP implementations from
different vendors can be achieved with minimal effort
because SNMP is so simple.
 SNMP cont’d….
• SNMPv3 should gradually supplant versions 1 and 2 because it
offers better security,
including authentication to protect against modification of
information, and secure set
operations for the remote configuration of SNMP-managed
devices.
• Neither SNMPv1 nor SNMPv2 provide security features.
• Because of its security, SNMPv3 can
be used for more than just monitoring network statistics.
• SNMPv3 can also be used for control
applications.
• Most vendors support SNMPv3.
for example: Cisco started supporting SNMPv3 in
Cisco IOS Software Release 12.0(3)T.
 SNMP cont’d…
• SNMP is specified in three sets of documents:
■ RFC 2579 defines mechanisms for describing and naming
parameters that are managed
with SNMP. The mechanisms are called the structure of
managed information (SMI).
•
■ RFC 3416 defines protocol operations for SNMP.
■ Management Information Bases (MIB) define management
parameters that are accessible via SNMP.
• Various RFCs define MIBs of different types.
• The core set of parameters for the Internet suite of protocols
is called MIB II and is defined in RFC 1213.
Vendors can also define private MIBs.
 SNMP cont’d…
SNMP has seven types of packets:
■ Get Request: Sent by an NMS to an agent to collect a
management parameter
■ Get-Next Request: Sent by an NMS to collect the next
parameter in a list or table of parameters
■ Get-Bulk Request: Sent by an NMS to retrieve large blocks of
data, such as multiple rows in a table (not in SNMPv1)
■ Response: Sent by an agent to an NMS in response to a request
■ Set Request: Sent by an NMS to an agent to configure a
parameter on a managed device
■ Trap: Sent autonomously (not in response to a request) by an
agent to an NMS to notify the NMS of an event
■ Inform: Sent by an NMS to notify another NMS of information.
 Remote Monitoring (RMON)
• The RMON MIB was developed by the IETF in the early 1990s
to address shortcomings
in the standard MIBs, which lacked the capability to provide
statistics on data link and
physical layer parameters.
• The IETF developed the RMON MIB to provide Ethernet
traffic statistics and fault diagnosis.
• RMON agents gather statistics on cyclic redundancy check
(CRC) errors, Ethernet collisions, packet-size distribution,
the number of packets in and out, and the rate of broadcast
packets.
• The RMON alarm group lets a network manager set thresholds
for network parameters and configure agents to
automatically deliver alerts to NMSs.
• RMON also supports capturing packets (with filters if
desired) and sending the captured packets to an
NMS for protocol analysis.
 RMON cont’d..
• RMON provides network managers with information about the
health and performance
of the network segment on which the RMON agent resides.
• RMON provides a view of
the health of the whole segment, rather than the device-
specific information that many
non-RMON SNMP agents provide.
• RMON version 1 (RMON1) is limited because it focuses on data
link and physical layer parameters.
• The IETF is currently working on an RMON2 standard that
moves beyond segment information to supply information on
the health and performance of network applications and end-
to-end communications.
• RMON2 is described in RFC 4502.
 Reading Assignment

#Compare and contrast Cisco Discovery Protocol and

Cisco NetFlow Accounting?