Network Management: Overview of FACPS, Study notes of Architecture

Download Network Management: Overview of FACPS and more Study notes Architecture in PDF only on Docsity! NETWORK MANAGEMENT 20.1 Network Management Requirements Fault Management Accounting Management Configuration and Name Management Performance Management Security Management 20.2 Network Management Systems Architecture of a Network Management System 20.3 Simple Network Management Protocol (SNMP) Simple Network Management Protocol Version 1 (SNMPv1) Simple Network Management Protocol Version 2 (SNMPv2) Simple Network Management Protocol Version 3 (SNMPv3) 20.4 Recommended Reading and Web Sites 20.5 Key Terms, Review Questions, and Problems 20-1 CHAPTER M21_STAL7412_06_SE_C20.QXD 8/22/08 3:29 PM Page 20-1 Networks and distributed processing systems are of critical and growing importance in enterprises of all sorts. The trend is toward larger, more complex networks supporting more applications and more users. As these networks grow in scale, two facts become painfully evident: • The network and its associated resources and distributed applications become indispensable to the organization. • More things can go wrong, disabling the network or a portion of the network or degrading performance to an unacceptable level. A large network cannot be put together and managed by human effort alone.The complexity of such a system dictates the use of automated network management tools. The urgency of the need for such tools is increased, and the difficulty of supplying such tools is also increased, if the network includes equipment from multiple vendors. More- over, the increasing decentralization of network services as exemplified by the increas- ing importance of workstations and client/server computing makes coherent and coordinated network management increasingly difficult. In such complex information systems, many significant network assets are dispersed far from network management personnel. This chapter provides an overview of network management.We begin by looking at the requirements for network management.This should give some idea of the scope of the task to be accomplished.To manage a network, it is fundamental to know some- thing about the current status and behavior of that network. For either LAN management alone, or for a combined LAN/WAN environment, what is needed is a network management system that includes a comprehensive set of data gathering and control tools and that is integrated with the network hardware and software. We look at the general architecture of a network management system and then examine the most widely used standardized software package for supporting net- work management: SNMP. 20.1 NETWORK MANAGEMENT REQUIREMENTS Table 20.1 lists key areas of network management as suggested by the International Organization for Standardization (ISO). These categories provide a useful way of organizing our discussion of requirements. Chapter Objectives After reading this chapter, you should be able to ♦ List and define the key requirements that a network management system should satisfy. ♦ Give an overview of the architecture of a network management system and explain each of its key elements. ♦ Describe SNMP and list the differences among versions 1, 2, and 3. 20-2 CHAPTER 20 / NETWORK MANAGEMENT M21_STAL7412_06_SE_C20.QXD 8/22/08 3:29 PM Page 20-2 20.1 / NETWORK MANAGEMENT REQUIREMENTS 20-5 maintaining, adding, and updating the relationships among components and the status of components themselves during network operation. USER REQUIREMENTS Startup and shutdown operations on a network are the spe- cific responsibilities of configuration management. It is often desirable for these operations on certain components to be performed unattended (e.g., starting up or shutting down a network interface unit). The network manager needs the capability to identify initially the components that comprise the network and to define the de- sired connectivity of these components. Those who regularly configure a network with the same or a similar set of resource attributes need ways to define and modify default attributes and to load these predefined sets of attributes into the specified network components. The network manager needs the capability to change the con- nectivity of network components when users’ needs change. Reconfiguration of a network is often desired in response to performance evaluation or in support of net- work upgrade, fault recovery, or security checks. Users often need to, or want to, be informed of the status of network resources and components. Therefore, when changes in configuration occur, users should be notified of these changes. Configuration reports can be generated either on some routine periodic basis or in response to a request for such a report. Before reconfig- uration, users often want to inquire about the upcoming status of resources and their attributes. Network managers usually want only authorized users (operators) to manage and control network operation (e.g., software distribution and updating). Performance Management OVERVIEW Modern data communications networks are composed of many and var- ied components, which must intercommunicate and share data and resources. In some cases, it is critical to the effectiveness of an application that the communication over the network be within certain performance limits. Performance management of a computer network comprises two broad functional categories—monitoring and controlling. Monitoring is the function that tracks activities on the network.The con- trolling function enables performance management to make adjustments to improve network performance. Some of the performance issues of concern to the network manager are as follows: • What is the level of capacity utilization? • Is there excessive traffic? • Has throughput been reduced to unacceptable levels? • Are there bottlenecks? • Is response time increasing? To deal with these concerns, the network manager must focus on some initial set of resources to be monitored to assess performance levels.This includes associat- ing appropriate metrics and values with relevant network resources as indicators of different levels of performance. For example, what count of retransmissions on a transport connection is considered to be a performance problem requiring atten- tion? Performance management, therefore, must monitor many resources to provide M21_STAL7412_06_SE_C20.QXD 8/22/08 3:29 PM Page 20-5 information in determining network operating level. By collecting this information, analyzing it, and then using the resultant analysis as feedback to the prescribed set of values, the network manger can become more and more adept at recognizing sit- uations indicative of present or impending performance degradation. USER REQUIREMENTS Before using a network for a particular application, a user may want to know such things as the average and worst-case response times and the reliability of network services. Thus, performance must be known in sufficient detail to respond to specific user queries. End users expect network services to be man- aged in such a way as to afford their applications consistently good response time. Network managers need performance statistics to help them plan, manage, and maintain large networks. Performance statistics can be used to recognize poten- tial bottlenecks before they cause problems to end users. Appropriate corrective action can then be taken.This action can take the form of changing routing tables to balance or redistribute traffic load during times of peak use or when a bottleneck is identified by a rapidly growing load in one area. Over the long term, capacity plan- ning based on such performance information can indicate the proper decisions to make, for example, with regard to expansion of lines in that area. Security Management OVERVIEW Security management is concerned with generating, distributing, and storing encryption keys. Passwords and other authorization or access control infor- mation must be maintained and distributed. Security management is also concerned with monitoring and controlling access to computer networks and access to all or part of the network management information obtained from the network nodes. Logs are an important security tool, and therefore security management is very much involved with the collection, storage, and examination of audit records and se- curity logs, as well as with the enabling and disabling of these logging facilities. USER REQUIREMENTS Security management provides facilities for protection of network resources and user information. Network security facilities should be available for authorized users only. Users want to know that the proper security policies are in force and effective and that the management of security facilities is itself secure. 20.2 NETWORK MANAGEMENT SYSTEMS Architecture of a Network Management System A network management system is a collection of tools for network monitoring and control that is integrated in the following senses: • A single operator interface with a powerful but user-friendly set of commands for performing most or all network management tasks. • A minimal amount of separate equipment. That is, most of the hardware and software required for network management is incorporated into the existing user equipment. 20-6 CHAPTER 20 / NETWORK MANAGEMENT M21_STAL7412_06_SE_C20.QXD 8/22/08 3:29 PM Page 20-6 20.2 / NETWORK MANAGEMENT SYSTEMS 20-7 A network management system consists of incremental hardware and soft- ware additions implemented among existing network components. The software used in accomplishing the network management tasks resides in the host computers and communications processors (e.g., front-end processors, terminal cluster con- trollers, bridges, routers).A network management system is designed to view the en- tire network as a unified architecture, with addresses and labels assigned to each point and the specific attributes of each element and link known to the system. The active elements of the network provide regular feedback of status information to the network control center. Figure 20.1 suggests the architecture of a network management system. Each network node contains a collection of software devoted to the network manage- ment task, referred to in the diagram as a network management entity (NME). Each NME performs the following tasks: • Collect statistics on communications and network-related activities. • Store statistics locally. • Respond to commands from the network control center, including commands to 1. Transmit collected statistics to the network control center. 2. Change a parameter (e.g., a timer used in a transport protocol). 3. Provide status information (e.g., parameter values, active links). 4. Generate artificial traffic to perform a test. • Send messages to the NCC when local conditions undergo a significant change. NME Appl Comm OS NMA Network control host (manager) Workstation (agent) Server (agent) Router (agent) NMA  network management application NME  network management entity Appl  application Comm  communications software OS  operating system LAN, WAN, or Internet NME Appl Comm OS NME Appl Comm OS NME Comm OS Figure 20.1 Elements of a Network Management System M21_STAL7412_06_SE_C20.QXD 8/22/08 3:29 PM Page 20-7 its responsibility. It also plays an agent role to provide information and accept con- trol from a higher-level management server. This type of architecture spreads the processing burden and reduces total network traffic. NETWORK MANAGEMENT PROTOCOL ARCHITECTURE SNMP is an application-level protocol that is part of the TCP/IP protocol suite. It is intended to operate over the user datagram protocol (UDP). Figure 20.3 suggests the typical configuration of protocols for SNMPv1. For a standalone management station, a manager process controls access to a central MIB at the management station and provides an inter- face to the network manager. The manager process achieves network management by using SNMP, which is implemented on top of UDP, IP, and the relevant network- dependent protocols (e.g., Ethernet, ATM, frame relay). Each agent must also implement SNMP, UDP, and IP. In addition, there is an agent process that interprets the SNMP messages and controls the agent’s MIB. For an agent device that supports other applications, such as FTP,TCP as well as UDP is required. In Figure 20.3, the shaded portions depict the operational environment: that which is to be managed.The unshaded portions provide support to the network management function. 20-10 CHAPTER 20 / NETWORK MANAGEMENT Ethernet Internet Ethernet switch Ethernet Ethernet Router (agent) Router (agent) Agent Agent Agent Agent Agent Agent Agent AgentAgent AgentAgent Router (agent) Agent Central site Management server (manager) Intermediate manager (manager/agent) Router (agent) Router (agent) Router (agent) Figure 20.2 Example Distributed Network Management Configuration M21_STAL7412_06_SE_C20.QXD 8/22/08 3:29 PM Page 20-10 20.3 / SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) 20-11 Figure 20.4 provides a somewhat closer look at the protocol context of SNMP. From a management station, three types of SNMP messages are issued on behalf of management applications: GetRequest, GetNextRequest, and SetRequest. The first two are two variations of the get function. All three messages are acknowledged by the agent in the form of a GetResponse message, which is passed up to the manage- ment application. In addition, an agent may issue a Trap message in response to an event that affects the MIB and the underlying managed resources. Management re- quests are sent to UDP port 161, while the agent sends traps to UDP port 162. Because SNMP relies on UDP, which is a connectionless protocol, SNMP is it- self connectionless. No ongoing connections are maintained between a management station and its agents. Instead, each exchange is a separate transaction between a management station and an agent. Simple Network Management Protocol Version 2 (SNMPv2) In August of 1988, the specification for SNMP was issued and rapidly became the dominant network management standard. A number of vendors offer standalone network management workstations based on SNMP, and most vendors of bridges, routers, workstations, and PCs offer SNMP agent packages that allow their products to be managed by an SNMP management station. As the name suggests, SNMP is a simple tool for network management. It de- fines a limited, easily implemented management information base (MIB) of scalar Network-dependent protocols IP TCPUDP FTP, etc.SNMP User processes Agent process Host Network-dependent protocols IP TCPUDP FTP, etc.SNMP User processes Agent process Host Network-dependent protocols IP UDP SNMP Agent process Network manager Central MIB Router Internet Management station Network-dependent protocols IP UDP SNMP Manager processes Figure 20.3 SNMPv1 Configuration M21_STAL7412_06_SE_C20.QXD 8/22/08 3:29 PM Page 20-11 variables and two-dimensional tables, and it defines a streamlined protocol to en- able a manager to get and set MIB variables and to enable an agent to issue unso- licited notifications, called traps. This simplicity is the strength of SNMP. SNMP is easily implemented and consumes modest processor and network resources. Also, both the protocol and the MIB structures are sufficiently straightforward that it is not difficult to achieve interoperability among management stations and agent soft- ware from a mix of vendors. With its widespread use, the deficiencies of SNMP became increasingly appar- ent; these include both functional deficiencies and a lack of a security facility. As a result, an enhanced version, known as SNMPv2, was issued (RFCs 1901, 1905 through 1909, and 2578 through 2580). SNMPv2 quickly gained support, and a num- ber of vendors announced products within months of the issuance of the standard. THE ELEMENTS OF SNMPV2 As with SNMPv1, SNMPv2 provides a framework on which network management applications can be built. Those applications, such as fault management, performance monitoring, and accounting, are outside the scope of the standard. SNMPv2 provides the infrastructure for network management. Figure 20.5 is an example of a configuration that illustrates that infrastructure. The essence of SNMPv2 is a protocol that is used to exchange management in- formation. Each “player” in the network management system maintains a local database of information relevant to network management, known as the MIB. The 20-12 CHAPTER 20 / NETWORK MANAGEMENT G et R eq ue st G et N ex tR eq ue st Se tR eq ue st G et R es po ns e Tr ap SNMP management station SNMP manager UDP IP Network-dependent protocols G et R eq ue st G et N ex tR eq ue st Se tR eq ue st G et R es po ns e Tr ap SNMP agent SNMP agent UDP IP Network-dependent protocols Network or internet SNMP messages Application manages objects Management application Managed resources SNMP managed objects Figure 20.4 The Role of SNMPv1 M21_STAL7412_06_SE_C20.QXD 8/22/08 3:29 PM Page 20-12 20.3 / SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) 20-15 Figure 20.6 SNMPv2 PDU Format Seven types of PDUs may be carried in an SNMP message. The general for- mats for these are illustrated informally in Figure 20.6 Several fields are common to a number of PDUs. The Request-ID field is an integer assigned such that each out- standing request can be uniquely identified. This enables a manager to correlate in- coming responses with outstanding requests. It also enables an agent to cope with duplicate PDUs generated by an unreliable transport service.The Variable-Bindings field contains a list of object identifiers; depending on the PDU, the list may also in- clude a value for each object. The GetRequest-PDU, issued by a manager, includes a list of one or more ob- ject names for which values are requested. If the get operation is successful, then the Data Type Description INTEGER Integers in the range of –231 to 231 – 1. UInteger32 Integers in the range of 0 to 232 – 1. Counter32 A nonnegative integer that may be incremented modulo 232. Counter64 A nonnegative integer that may be incremented modulo 264. Gauge32 A nonnegative integer that may increase or decrease, but shall not exceed a maximum value. The maximum value can not be greater than 232 – 1. TimeTicks A nonnegative integer that represents the time, modulo 232, in hundredths of a second. OCTET STRING Octet strings for arbitrary binary or textual data; may be limited to 255 octets. IpAddress A 32-bit internet address. Opaque An arbitrary bit field. BIT STRING An enumeration of named bits. OBJECT IDENTIFIER Administratively assigned name to object or other standardized element. Value is a sequence of up to 128 nonnegative integers. Table 20.2 Allowable Data Types in SNMPv2 PDU type Request-ID 0 0 Variable bindings (a) GetRequest-PDU, GetNextRequest-PDU, SetRequest-PDU, SNMPv2-Trap-PDU, InformRequest-PDU PDU type Request-ID Error-status Error index Variable bindings (b) Response-PDU PDU type Request-ID Nonrepeaters Max-repetitions Variable bindings (c) GetBulkRequest-PDU name1 value1 name2 value2 • • • namen valuen (d) Variable bindings M21_STAL7412_06_SE_C20.QXD 8/22/08 3:29 PM Page 20-15 20-16 CHAPTER 20 / NETWORK MANAGEMENT responding agent will send a Response-PDU. The variable-bindings list will contain the identifier and value of all retrieved objects. For any variables that are not in the relevant MIB view, its identifier and an error code are returned in the variable- bindings list. Thus, SNMPv2 permits partial responses to a GetRequest, which is a significant improvement over SNMP. In SNMP, if one or more of the variables in a GetRequest is not supported, the agent returns an error message with a status of no- SuchName. To cope with such an error, the SNMP manager must either return no values to the requesting application, or it must include an algorithm that responds to an error by removing the missing variables, resending the request, and then sending a partial result to the application. The GetNextRequest-PDU also is issued by a manager and includes a list of one or more objects. In this case, for each object named in the Variable-Bindings field, a value is to be returned for the object that is next in lexicographic order, which is equivalent to saying next in the MIB in terms of its position in the tree structure of object identifiers. As with the GetRequest-PDU, the agent will return values for as many variables as possible. One of the strengths of the GetNextRequest-PDU is that it enables a manager entity to discover the structure of a MIB view dynamically.This is useful if the manager does not know a priori the set of objects that are supported by an agent or that are in a particular MIB view. One of the major enhancements provided in SNMPv2 is the GetBulkRequest PDU. The purpose of this PDU is to minimize the number of protocol exchanges re- quired to retrieve a large amount of management information.The GetBulkRequest PDU allows an SNMPv2 manager to request that the response include as many requested variables as possible given the constraints on message size. The SetRequest-PDU is issued by a manager to request that the values of one or more objects be altered.The receiving SNMPv2 entity responds with a Response- PDU containing the same Request-ID. The SetRequest operation is atomic: Either all of the variables are updated or none are. If the responding entity is able to set values for all of the variables listed in the incoming variable-bindings list, then the Response-PDU includes the Variable-Bindings field, with a value supplied for each variable. If at least one of the variable values cannot be supplied, then no values are returned, and no values are updated. In the latter case, the error-status code indi- cates the reason for the failure, and the error-index field indicates the variable in the Variable-Bindings list that caused the failure. The SNMPv2-Trap-PDU is generated and transmitted by an SNMPv2 entity acting in an agent role when an unusual event occurs. It is used to provide the man- agement station with an asynchronous notification of some significant event. The variable-bindings list is used to contain the information associated with the trap message. Unlike the GetRequest, GetNextRequest, GetBulkRequest, SetRequest, and InformRequest-PDUs, the SNMPv2-Trap-PDU does not elicit a response from the receiving entity; it is an unconfirmed message. The InformRequest-PDU is sent by an SNMPv2 entity acting in a manager role, on behalf of an application, to another SNMPv2 entity acting in a manager role, to provide management information to an application using the latter entity.As with the SNMPv2-Trap-PDU, the Variable-Bindings field is used to convey the associ- ated information. The manager receiving an InformRequest acknowledges receipt with a Response-PDU. M21_STAL7412_06_SE_C20.QXD 8/22/08 3:29 PM Page 20-16 20.3 / SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) 20-17 For both the SNMPv2-Trap and the InformRequest, various conditions can be defined that indicate when the notification is generated; the information to be sent is also specified. Simple Network Management Protocol Version 3 (SNMPv3) Many of the functional deficiencies of SNMP were addressed in SNMPv2. To cor- rect the security deficiencies of SNMPv1/v2, SNMPv3 was issued as a set of Pro- posed Standards in January 1998 (currently RFCs 3410 through 3415). This set of documents does not provide a complete SNMP capability but rather defines an overall SNMP architecture and a set of security capabilities. These are intended to be used with the existing SNMPv2 or with SNMPv1. SNMPv3 provides three important services: authentication, privacy, and access control.The first two are part of the User-Based Security Model (USM), and the last is defined in the View-Based Access Control Model (VACM). Security services are governed by the identity of the user requesting the service; this identity is expressed as a principal, which may be an individual or an application or a group of individu- als or applications. The authentication mechanism in USM assures that a received message was transmitted by the principal whose identifier appears as the source in the message header.This mechanism also assures that the message has not been altered in transit and has not been artificially delayed or replayed.The sending principal provides au- thentication by including a message authentication code with the SNMP message it is sending. This code is a function of the contents of the message, the identity of the sending and receiving parties, the time of transmission, and a secret key that should be known only to sender and receiver.The secret key must be set up outside of USM as a configuration function. That is, the configuration manager or network manager is responsible for distributing secret keys to be loaded into the databases of the var- ious SNMP managers and agents. This can be done manually or using some form of secure data transfer outside of USM.When the receiving principal gets the message, it uses the same secret key to calculate the message authentication code once again. If the receiver’s version of the code matches the value appended to the incoming message, then the receiver knows that the message can only have originated from the authorized manager and that the message was not altered in transit. The shared secret key between sending and receiving parties must be preconfigured. The actual authentication code used is known as HMAC, which is an Internet-standard authen- tication mechanism. The privacy facility of USM enables managers and agents to encrypt messages. Again, manager principal and agent principal must share a secret key. In this case, if the two are configured to use the privacy facility, all traffic between them is en- crypted using the Data Encryption Standard (DES). The sending principal encrypts the message using the DES algorithm and its secret key and sends the message to the receiving principal, which decrypts it using the DES algorithm and the same se- cret key. The access control facility makes it possible to configure agents to provide dif- ferent levels of access to the agent’s MIB to different managers. An agent principal can restrict access to its MIB for a particular manager principal in two ways. First, it M21_STAL7412_06_SE_C20.QXD 8/22/08 3:29 PM Page 20-17 20-20 CHAPTER 20 / NETWORK MANAGEMENT Review Questions 20.1 List and briefly define the key areas that comprise network management. 20.2 Define fault as it applies to network management. 20.3 List two ways in which a network management system may be characterized as inte- grated. 20.4 List and briefly define the key elements of SNMP. 20.5 What functions are provided by SNMP? 20.6 What lower-layer protocol encapsulates SNMP messages? 20.7 Describe two different interpretations of the term MIB. 20.8 What are the differences among SNMPv1, SNMPv2, and SNMPv3? Problems 20.1 Because SNMP uses two different port numbers (UDP ports 161 and 162), a single system can easily run both a manager and an agent. What would happen if the same port number were used for both? 20.2 The original (version 1) specification of SNMP has the following definition of a new type: Gauge :: = [APPLICATION 2] IMPLICIT INTEGER (0..4294967295) The standard includes the following explanation of the semantics of this type: This application-wide type represents a non-negative integer, which may increase or de- crease, but which latches at a maximum value. This standard specifies a maximum value of 2321 (4294967295 decimal) for gauges. Recommended Web site: • Simple Web Site: Maintained by the University of Twente. It is a good source of infor- mation on SNMP, including pointers to many public-domain implementations and lists of books and articles. 20.5 KEY TERMS, REVIEW QUESTIONS,AND PROBLEMS Key Terms accounting management agent configuration and name man- agement fault fault management management information base (MIB) management station manager network management network management protocol network management system performance management security management Simple Network Management Protocol (SNMP) Structure of Management In- formation (SMI) M21_STAL7412_06_SE_C20.QXD 8/22/08 3:29 PM Page 20-20 20.5 / KEY TERMS, REVIEW QUESTIONS,AND PROBLEMS 20-21 Unfortunately, the word latch is not defined, and this has resulted in two different in- terpretations. The SNMPv2 standard cleared up the ambiguity with the following de- finition: The value of a Gauge has its maximum value whenever the information being modeled is greater than or equal to that maximum value; if the information being modeled sub- sequently decreases below the maximum value, the Gauge also decreases. a. What is the alternative interpretation? b. Discuss the pros and cons of the two interpretations. 20.3 One of the first steps in configuring a device to be managed is to give it an IP address. Why? 20.4 Many network administrators use the ping program as a primary management tool. a. Why would you ping a network device? b. Why would you ping yourself? 20.5 We have seen that SNMP uses UDP as its transport protocol. Why was UDP chosen over TCP? 20.6 What is the disadvantage of having the network management system operate at the application layer? M21_STAL7412_06_SE_C20.QXD 8/22/08 3:29 PM Page 20-21