TCP/IP - Network Management

1. K. PALANIVEL
SYSTEMS ANALYST, COMPUTER CENTRE
PONDICHERRY UNIVERSITY, PUDUCHERRY – 605014, INDIA.
COMS 525: TCP/IP
NETWORK MANAGEMENT
Topic
Lecture 16

2. TCP/IP Based Networks
• TCP/IP is a suite of protocols
• Internet is based on TCP/IP
• IP is Internet protocol at the network layer level
• TCP is connection-oriented transport protocol and ensures end-to-end
connection
• UDP is connectionless transport protocol and provides datagram service
• Internet e-mail and much of the network mgmt. messages are based on
UDP/IP
• ICMP part of TCP/IP suite

3. Architecture, Protocols and Standards
• Communication architecture
– Modeling of communication systems, comprising
• functional components and
• operations interfaces between them
• Communication protocols
– Operational procedures
• intra- and inter-modules
• Communication standards
– Agreement between manufacturers on protocols
of communication equipment on
• physical characteristics and
• operational procedures

4. Communication Architecture
• Inter-layer interface: user and service provider
• Peer-layer protocol interface
• Analogy of hearing-impaired student
• Role of intermediate systems
• Gateway: Router with protocol conversion as gateway to an
autonomous network or subnet

5. CommunicationArchitecture

6. PDU Communication Model
User A
Application
End System A
Physical Medium
Figure 1.14 PDU Communication Model between End Systems
Presentation
Session
Transport
Network
Data link
Physical
User Z
Application
End System Z
Presentation
Session
Transport
Network
Data link
Physical
UD(A) PCI
(P) PCI (A) PDU
(S) PCI
(N) PCI
(T) PCI
(P) PDU
(S) PDU
(D) PCI
(T) PDU
(N) PDU
UD
(D)PDU Data stream

7. Gateway
SNICP
SNDCP
SNDAP
Transport
Data link
SNICP
SNDCP-SN
SNDAP-SN
Transport
Data link-SN
SNDCP-SN
SNDAP-SN
Transport
Data link
SNICP
SNDCP
SNDAP
Physical-SN
Data link-SN
Physical Physical-SNPhysical
Subnetwork MediumNetwork Medium
System A Gateway System N Subnet system N1
N ZA
N1 N2
N3
DTE-N1
DTE-A
A-N-Z Standard Network
N-N1-N2-N3 Subnetwork under Node N
(a) Network configuration
(b) Protocol Communication
Figure 1.17 Gateway Communication to Proprietary Subnetwork

8. SNA, OSI, and Internet
• Similarity between SNA and
OSI
• Simplicity of Internet;
specifies only layers 3 and 4
• Integrated application layers
over Internet
• Commonality of layers 1
and 2 - IEEE standard
Application
Presentation
Session
Transport
Network
SNICP
SNDCP
SNDAP
Data Link
Physical
Application Specific
Protocols
Transport
Connection-
less: UDP
Connection-
oriented: TCP
Network
IP
Not Specified
Physical
Data Link
Path Control
Transmission Control
Data Flow Control
Presentation Services
End User Application
SNA OSI INTERNET
Figure 1.18 Comparison of OSI, Internet, and SNA Protocol Layer Models

9. Application Protocols
Internet user OSI user
• Telnet Virtual Terminal
• File Transfer Protocol File Transfer Access & Mgmt
• Simple Mail Transfer Protocol Message-oriented Text
Interchange Standard
• Simple Network Management Protocol Common Management
Information Protocol

10. Application Protocols
OSI User
VT
FTAM
MOTIS
CMIP SNMP
SMTP
FTP
Terminal
Application
File Transfer
Mail / Message
Transfer
Management
Application
Presentation Layer Transport Layer
TELNET
Internet User
Figure 1.19 Application Specific Protocols in ISO and Internet Models

11. Common Network Problems
• Loss of connectivity
• Duplicate IP address
• Intermittent problems
• Network configuration issues
• Non-problems
• Performance problems

12. Challenges of IT Managers
• Reliability
• Non-real time problems
• Rapid technological advance
• Managing client/server environment
• Scalability
• Troubleshooting tools and systems
• Trouble prediction
• Standardization of operations - NMS helps
• Centralized management vs “sneaker-net”

13. Network Management

14. Network Management
Network
Management
Network
Provisioning
Network
Operations
Network
Maintenance
Planning
Design
Fault Management
Trouble Ticket
Administration
Network Installation
Network Repairs
Facilities Installation
& Maintenance
Routine Network
Tests
Fault Management / Service Restoration
Configuration Management
Performance Management / Traffic Management
Security Management
Accounting Management
Reports Management
Inventory Management
Data Gathering & Analyses
Figure 1.21 Network Management Functional Groupings

15. Functional Flow Chart
Engineering Group
- Netw ork Planning &
Design
Operations Group
NOC
- Netw ork Operations
I & M Group
-Netw ork Installation &
Maintenance
Fault TT
Configuration Data
TT Restoration
Performance & Traffic Data
Installation
Figure 1.22. Network Management Functional Flow Chart
New
Technology
Network
Users
Management
Decision

16. Components
NMS
Network
Agent
Network
Agent
Network
Objects
Network
Objects
Figure 1.24 Network Management Components

17. Interoperability
NMS
Vendor A
Network
Agent
Network
Agent
Network
Objects
Network
Objects
NMS
Vendor B
Network
Agent
Network
Agent
Network
Objects
Network
Objects
Messages
Services & Protocols
Vendor A
(b) Services and Protocols
Application
Services
Management
Protocol
Transport
Protocols
Objects
Objects
Vendor B
Objects
Objects
Figure 1.23 Network Management Dumbbell Architecture

18. Need for Network Management Tools
• In the early days of the Arpanet, the predecessor of the Internet, the
name service was accomplished by maintaining and distributing one file
with all the IP addresses of the network. But no more … DNS etc
• As networks increase in size
1. The network becomes more indispensable to the organization.
2. More things can go wrong, disabling or degrading the performance
of portions of the network.
3. Today a large network cannot be managed with software assistance.

19. Simple Network Management Protocol

20. SNMP History
• SNMP version 1
– was published in 1988
– Widely accepted
– RFC 1157
• SNMP version 2 added additional functionality
– RFC 1441 (1993)
• SNMP v3 added security features
– RFC 3410-3415 (1999)
– http://www.ibr.cs.tu-bs.de/projects/snmpv3/
– http://www.ietf.org/html.charters/snmpv3-charter.html

21. SNMP v3
– Introduction and Applicability Statements for Internet Standard Management
Framework, RFC 3410, Informational, December 2002
– An Architecture for Describing Simple Network Management Protocol (SNMP)
Management Frameworks, RFC 3411, STD 62, December 2002
– Message Processing and Dispatching for the Simple Network Management
Protocol (SNMP) RFC 3412, STD 62, December 2002
– Simple Network Management Protocol (SNMP) Applications RFC 3413, STD 62,
December 2002
– User-based Security Model (USM) for version 3 of the Simple Network
Management Protocol (SNMPv3) RFC 3414, STD 62, December 2002
– View-based Access Control Model (VACM) for the Simple Network Management
Protocol (SNMP) RFC 3415, STD 62, December 2002

22. SNMP Management Station
– Management station – typically a stand alone device; an interface for
human net manager
– Management agent –
– Management information base
– Network Management protocol
• Get, Set and Notify

23. SNMP GOALS
• Ubiquity
– Pcs and Crays
• Inclusion of Management Should Be Inexpensive
– Small Code
– Limited Functionality
• Management Extensions Should Be Possible
– New MIBS
• Management Should Be Robust
– Connectionless Transport
• Resource/reference for next few slides
– http://www.simpleweb.org/tutorials/slides-ppt.html

24. SNMP Operation
MANAGER
AGENTS
TRAPS
POLLING
MIB

25. SNMP
MANAGER
AGENTS
GET / SET
TRAP
MIB

26. SNMP Operation
MANAGER
AGENTS
TABLES
VARIABLES

27. Basic Concepts of SNMP
• A network management system is an integrated collection of tools for
network monitoring and control.
– Single operator interface
– Minimal amount of separate equipment. Software and network
communications capability built into the existing equipment.

28. SNMP Management Station
• Management station will include:
• an interface for the human net manager for monitoring and controlling
the network
• management applications for data analysis and fault recovery
• Translation of network manager commands to actual controls of the
network
• A database of the MIBs of all managed entities of the network

29. SNMP Management Agent
• Key platforms: hosts, bridges, routers, hubs equipped with SNMP
management agent
• SNMP management agent is a program that communicates with the
SNMP management station
1. Responds to requests for information on network status
2. Responds to requests for management actions
3. May asynchronously provide the management station with
unsolicited “alert” information

30. SNMP Management Information Base
• Each network resource is represented as an object (data variable)
• Management Information Base (MIB) is the collection of objects that an
agent maintains
• Objects in MIB are standardized across the type of agent such as
routers, bridges, etc.
• A management station monitors the network by requesting values from
the MIBs
• A management station controls the network by setting values in the
MIBs of the various agents

31. SNMP Network Management Protocol
• Capabilities of SNMP
1. Get - get the value of an object from an agent
2. Set – set the value of an object of an agent
3. Notify – agent alerts the management station
Protocol context of SNMP

32. SNMPv2
• The strength of SNMPv1 was simplicity implying it was easy to
implement and configure.
• However, deficiencies arose:
1. Lack of support for distributed network management
2. Functional deficiencies
3. Security deficiencies
• The first two were addressed by SNMPv2 and the latter by SNMPv3.

33. Example

34. SNMP v1 and v2
• Trap – an unsolicited message (reporting an alarm condition)
• SNMPv1 is ”connectionless” since it utilizes UDP (rather than TCP) as
the transport layer protocol.
• SNMPv2 allows the use of TCP for reliable, connection-oriented”
service.

35. SNMPv1 Community Facility
• SNMP provides only rudimentary secuirty through the concept of
communitiy.
• SNMP Community – Relationship between an SNMP agent and SNMP
managers.
– Maintain locally on the agent
– List of managers with associated access privalidges
• Each agent controls its MIB; aspects of this control
– Authentication service – which manager can access/control
– Access policy
– Proxy service – this may involve implementing authentication service
for other devices

36. Comparison of SNMPv1 and SNMPv2 Table 8.1
SNMPv1 PDU SNMPv2 PDU Direction Description
GetRequest GetRequest Manager to agent Request value for each
listed object
GetRequest GetRequest Manager to agent Request next value for
each listed object
------ GetBulkRequest Manager to agent Request multiple values
SetRequest SetRequest Manager to agent Set value for each listed
object
------ InformRequest Manager to manager Transmit unsolicited
information
GetResponse Response Agent to manager or
Manage to
manager(SNMPv2)
Respond to manager
request
Trap SNMPv2-Trap Agent to manager Transmit unsolicited
information

37. SNMP Access Policy
• SNMP MIB view – a subset of the objects
• SNMP access modes: Read-Only, Read-Write
• SNMP community profile = SNMP MIB view + access-mode
• SNMP access policy = SNMP community + SNMP community-profile

38. SNMPv3
• SNMPv3 defines a security capability to be used in conjunction with
SNMPv2 preferably or possibly v1

39. SNMPv3 Archttecture
• Consists of a distributed collection of SNMP entities
OTHER
NOTIFICATION
ORIGINATOR
COMMAND
RESPONDER
COMMAND
GENERATOR
NOTIFICATION
RECEIVER
PROXY
FORWARDER
SNMP APPLICATIONS
SNMP ENGINE
MESSAGE PROCESSING
SUBSYSTEM
DISPATCHER
SECURITY
SUBSYSTEM
ACCESS CONTROL
SUBSYSTEM
SNMP ENTITY
OTHER

40. SNMP Manager
NOTIFICATION
RECEIVER
COMMAND
GENERATOR
PDU
DISPATCHER
COMMUNITY BASED
SECURITY MODEL
USER BASED
SECURITY MODEL
OTHER
SECURITY MODEL
SECURITY SUBSYSTEM
SNMPv1
SNMPv2C
SNMPv3
OTHER
MESSAGE PROCESSING
SUBSYSTEM
MESSAGE
DISPATCHER
TRANSPORT
MAPPINGS

41. SNMP Agent
PDU
DISPATCHER
COMMUNITY BASED
SECURITY MODEL
USER BASED
SECURITY MODEL
OTHER
SECURITY MODEL
SECURITY SUBSYSTEM
SNMPv1
SNMPv2C
SNMPv3
OTHER
MESSAGE PROCESSING
SUBSYSTEM
MESSAGE
DISPATCHER
TRANSPORT
MAPPINGS
MANAGEMENT INFORMATION BASE
VIEW BASED
ACCESS CONTROL
ACCESS CONTROL SUBSYSTEM
NOTIFICATION
ORIGINATOR
COMMAND
RESPONDER

42. SNMPv3 Flow

43. Primitives Between Modules
DISPATCHER
ACCESS
CONTROL
SUBSYSTEM
APPLICATIONS
MESSAGE
PROCESSING
SUBSYSTEM
SECURITY
SUBSYSTEM DISPATCHER
ACCESS
CONTROL
SUBSYSTEM
APPLICATIONS
MESSAGE
PROCESSING
SUBSYSTEM
SECURITY
SUBSYSTEM
Parameters
transportDomain
transportAddress
messageProcessingModel
securityModel
securityName
securityLevel
contextEngineID
contextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReference
statusInformation
sendPduHandle
destTransportDomain
destTransportAddress
outgoingMessage
outgoingMessageLength
wholeMsg
wholeMsgLength
pduType
viewType
variableName
globalData
maxMessageSize
securityEngineID
scopedPDU
securityParameters
securityStateReference

44. sendPdu
DISPATCHER
ACCESS
CONTROL
SUBSYSTEM
MESSAGE
PROCESSING
SUBSYSTEM
SECURITY
SUBSYSTEM DISPATCHER
ACCESS
CONTROL
SUBSYSTEM
APPLICATIONS
MESSAGE
PROCESSING
SUBSYSTEM
SECURITY
SUBSYSTEM
Parameters
transportDomain
transportAddress
messageProcessingModel
securityModel
securityName
securityLevel
contextEngineID
contextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReference
statusInformation
sendPduHandle
destTransportDomain
destTransportAddress
outgoingMessage
outgoingMessageLength
wholeMsg
wholeMsgLength
pduType
viewType
variableName
globalData
maxMessageSize
securityEngineID
scopedPDU
securityParameters
securityStateReference
sendPdu
APPLICATIONS

45. prepareOutgoingMessage
ACCESS
CONTROL
SUBSYSTEM
APPLICATIONS
MESSAGE
PROCESSING
SUBSYSTEM
SECURITY
SUBSYSTEM DISPATCHER
ACCESS
CONTROL
SUBSYSTEM
APPLICATIONS
MESSAGE
PROCESSING
SUBSYSTEM
SECURITY
SUBSYSTEM
Parameters
transportDomain
transportAddress
messageProcessingModel
securityModel
securityName
securityLevel
contextEngineID
contextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReference
statusInformation
sendPduHandle
destTransportDomain
destTransportAddress
outgoingMessage
outgoingMessageLength
wholeMsg
wholeMsgLength
pduType
viewType
variableName
globalData
maxMessageSize
securityEngineID
scopedPDU
securityParameters
securityStateReference
prepareOutgoingMessage
DISPATCHER

46. generateRequestMsg
DISPATCHER
ACCESS
CONTROL
SUBSYSTEM
APPLICATIONS
SECURITY
SUBSYSTEM DISPATCHER
ACCESS
CONTROL
SUBSYSTEM
APPLICATIONS
MESSAGE
PROCESSING
SUBSYSTEM
SECURITY
SUBSYSTEM
Parameters
transportDomain
transportAddress
messageProcessingModel
securityModel
securityName
securityLevel
contextEngineID
contextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReference
statusInformation
sendPduHandle
destTransportDomain
destTransportAddress
outgoingMessage
outgoingMessageLength
wholeMsg
wholeMsgLength
pduType
viewType
variableName
globalData
maxMessageSize
securityEngineID
scopedPDU
securityParameters
securityStateReference
generateRequestMsg
MESSAGE
PROCESSING
SUBSYSTEM

47. Send / Receive
ACCESS
CONTROL
SUBSYSTEM
APPLICATIONS
MESSAGE
PROCESSING
SUBSYSTEM
SECURITY
SUBSYSTEM DISPATCHER
ACCESS
CONTROL
SUBSYSTEM
APPLICATIONS
MESSAGE
PROCESSING
SUBSYSTEM
SECURITY
SUBSYSTEM
Parameters
transportDomain
transportAddress
messageProcessingModel
securityModel
securityName
securityLevel
contextEngineID
contextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReference
statusInformation
sendPduHandle
destTransportDomain
destTransportAddress
outgoingMessage
outgoingMessageLength
wholeMsg
wholeMsgLength
pduType
viewType
variableName
globalData
maxMessageSize
securityEngineID
scopedPDU
securityParameters
securityStateReference
send and receive
DISPATCHER

48. prepareDataElements
ACCESS
CONTROL
SUBSYSTEM
APPLICATIONS
MESSAGE
PROCESSING
SUBSYSTEM
SECURITY
SUBSYSTEM DISPATCHER
ACCESS
CONTROL
SUBSYSTEM
APPLICATIONS
MESSAGE
PROCESSING
SUBSYSTEM
SECURITY
SUBSYSTEM
Parameters
transportDomain
transportAddress
messageProcessingModel
securityModel
securityName
securityLevel
contextEngineID
contextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReference
statusInformation
sendPduHandle
destTransportDomain
destTransportAddress
outgoingMessage
outgoingMessageLength
wholeMsg
wholeMsgLength
pduType
viewType
variableName
globalData
maxMessageSize
securityEngineID
scopedPDU
securityParameters
securityStateReference
prepareDataElements
DISPATCHER

49. processIncomingMsg
DISPATCHER
ACCESS
CONTROL
SUBSYSTEM
APPLICATIONS
SECURITY
SUBSYSTEM DISPATCHER
ACCESS
CONTROL
SUBSYSTEM
APPLICATIONS
MESSAGE
PROCESSING
SUBSYSTEM
SECURITY
SUBSYSTEM
Parameters
transportDomain
transportAddress
messageProcessingModel
securityModel
securityName
securityLevel
contextEngineID
contextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReference
statusInformation
sendPduHandle
destTransportDomain
destTransportAddress
outgoingMessage
outgoingMessageLength
wholeMsg
wholeMsgLength
pduType
viewType
variableName
globalData
maxMessageSize
securityEngineID
scopedPDU
securityParameters
securityStateReference
processIncomingMsg
MESSAGE
PROCESSING
SUBSYSTEM

50. processResponsePdu
ACCESS
CONTROL
SUBSYSTEM
APPLICATIONS
MESSAGE
PROCESSING
SUBSYSTEM
SECURITY
SUBSYSTEM DISPATCHER
ACCESS
CONTROL
SUBSYSTEM
APPLICATIONS
MESSAGE
PROCESSING
SUBSYSTEM
SECURITY
SUBSYSTEM
Parameters
transportDomain
transportAddress
messageProcessingModel
securityModel
securityName
securityLevel
contextEngineID
contextName
pduVersion
PDU
expectResponse
maxSizeResponseScopedPDU
stateReference
statusInformation
sendPduHandle
destTransportDomain
destTransportAddress
outgoingMessage
outgoingMessageLength
wholeMsg
wholeMsgLength
pduType
viewType
variableName
globalData
maxMessageSize
securityEngineID
scopedPDU
securityParameters
securityStateReference
processResponsePdu
DISPATCHER

51. SNMP3 Message Format with USM

52. User Security Model (USM)
• Designed to secure against:
– Modification of information
– Masquerade
– Message stream modification
– Disclosure
• Not intended to secure against:
– Denial of Service (DoS attack)
– Traffic analysis

53. Remote Monitoring (RMON)

54. Remote Monitoring (RMON)
• An extension of the network manager’s operation.
• Monitor the data flowing on the remote network using probe or RMON
agents.
• Overcomes degradation of lower operating rate WAN bandwidth when
monitoring geographically separated networks.
• Reduces the amount of information required to be transmitted to NMS.
• Reduces the potential bandwidth saturation of the WAN circuit.

55. Remote Network Monitoring (RMON)
• The Remote Network MONitoring (RMON) MIB was developed by the
IETF to support monitoring and protocol analysis of LANS.
• The original version (sometimes referred to as RMON1) focused on OSI
LAYER 1 and LAYER 2 information in Ethernet and Token Ring
networks.
• It has been extended by RMON2 which adds support for NETWORK-
and APPLICATION-LAYER monitoring and by SMON which adds
support for switched networks.
• It is an industry standard specification that provides much of the
functionality offered by proprietary network analyzers.
• RMON agents are built into many high-end switches and routers.

56. Manager/Probe
probe
get database item (OID)
MIBS (sampled
data)
manager sends
probe
sends
response

57. RMON Principle Operation
WAN circuit
RMON Agent/Probe
Network
Management
Station
Agent
MIB
RMON -MIBs
There were 9 groups defined RMON:
Statistic Group, History Group, Host Group,
Host Top N Group, Traffic Matrix Group, Alarms
Group, Filters Group, Packet Capture Group,
and Events Group.

58. RMON Probe
• Communication between probe and analyzer is using SNMP
• Data gathered and stored for an extended period of time and analyzed later
• Used for gathering traffic statistics and used for configuration
management for performance tuning
PROTOCOL
ANALYZER
RMON
Probe
BACKBONE
NETWORK
SNMP
Traffic
SNMP
Traffic
LAN
RouterRouter

59. Network Monitoring with RMON Probe

60. basic idea/s
• all kinds of stats - but gathered on per link basis as aggregate
– not by manager from every host on link
• ethernet focus (token-ring support too)
• rmon probe can run SOMEWHAT by itself and gather information
– however manager needed for more complex functions (may have to
suck out data on periodic basis due to lack of space)

61. RMON1 MIB
• The RMON1 MIB consists of ten groups:
1. Statistics: real-time LAN statistics e.g. utilization, collisions, CRC errors
2. History: history of selected statistics
3. Alarm: definitions for RMON SNMP traps to be sent when statistics exceed
defined thresholds
4. Hosts: host specific LAN statistics e.g. bytes sent/received, frames
sent/received
5. Hosts top N: record of N most active connections over a given time period
6. Matrix: the sent-received traffic matrix between systems
7. Filter: defines packet data patterns of interest e.g. MAC address or TCP port
8. Capture: collect and forward packets matching the Filter
9. Token Ring: extensions specific to Token Ring
10. .Event: send alerts (SNMP traps) for the Alarm group

62. RMON2 MIB
• The RMON2 MIB adds ten more groups:
1. Protocol Directory: list of protocols the probe can monitor
2. Protocol Distribution: traffic statistics for each protocol
3. Address Map: maps network-layer (IP) to MAC-layer addresses
4. Network-Layer Host: layer 3 traffic statistics, per each host
5. Network-Layer Matrix: layer 3 traffic statistics, per source/destination pairs of hosts
6. Application-Layer Host: traffic statistics by application protocol, per host
7. Application-Layer Matrix: traffic statistics by application protocol, per
source/destination pairs of hos
8. User History: periodic samples of user-specified variables
9. Probe Configuration: remote configure of probes
10. RMON Conformance: requirements for RMON2 MIB conformance

63. Possible RMON Uses
• what kind of questions might you ask?
– how much IP vs IPX traffic?
– how much traffic is web/news/ftp, whatever?
– how utilized (full) is the pipe?
– who talks to server X?
– we have a problem with DHCP, we need to capture the packets and
look?
– global ethernet errors on this link are what?

64. Discussions & Questions