1. K. PALANIVEL
SYSTEMS ANALYST, COMPUTER CENTRE
PONDICHERRY UNIVERSITY, PUDUCHERRY – 605014, INDIA.
COMS 525: TCP/IP
NETWORK MANAGEMENT
Topic
Lecture 16
2. TCP/IP Based Networks
• TCP/IP is a suite of protocols
• Internet is based on TCP/IP
• IP is Internet protocol at the network layer level
• TCP is connection-oriented transport protocol and ensures end-to-end
connection
• UDP is connectionless transport protocol and provides datagram service
• Internet e-mail and much of the network mgmt. messages are based on
UDP/IP
• ICMP part of TCP/IP suite
3. Architecture, Protocols and Standards
• Communication architecture
– Modeling of communication systems, comprising
• functional components and
• operations interfaces between them
• Communication protocols
– Operational procedures
• intra- and inter-modules
• Communication standards
– Agreement between manufacturers on protocols
of communication equipment on
• physical characteristics and
• operational procedures
4. Communication Architecture
• Inter-layer interface: user and service provider
• Peer-layer protocol interface
• Analogy of hearing-impaired student
• Role of intermediate systems
• Gateway: Router with protocol conversion as gateway to an
autonomous network or subnet
6. PDU Communication Model
User A
Application
End System A
Physical Medium
Figure 1.14 PDU Communication Model between End Systems
Presentation
Session
Transport
Network
Data link
Physical
User Z
Application
End System Z
Presentation
Session
Transport
Network
Data link
Physical
UD(A) PCI
(P) PCI (A) PDU
(S) PCI
(N) PCI
(T) PCI
(P) PDU
(S) PDU
(D) PCI
(T) PDU
(N) PDU
UD
(D)PDU Data stream
8. SNA, OSI, and Internet
• Similarity between SNA and
OSI
• Simplicity of Internet;
specifies only layers 3 and 4
• Integrated application layers
over Internet
• Commonality of layers 1
and 2 - IEEE standard
Application
Presentation
Session
Transport
Network
SNICP
SNDCP
SNDAP
Data Link
Physical
Application Specific
Protocols
Transport
Connection-
less: UDP
Connection-
oriented: TCP
Network
IP
Not Specified
Physical
Data Link
Path Control
Transmission Control
Data Flow Control
Presentation Services
End User Application
SNA OSI INTERNET
Figure 1.18 Comparison of OSI, Internet, and SNA Protocol Layer Models
9. Application Protocols
Internet user OSI user
• Telnet Virtual Terminal
• File Transfer Protocol File Transfer Access & Mgmt
• Simple Mail Transfer Protocol Message-oriented Text
Interchange Standard
• Simple Network Management Protocol Common Management
Information Protocol
10. Application Protocols
OSI User
VT
FTAM
MOTIS
CMIP SNMP
SMTP
FTP
Terminal
Application
File Transfer
Mail / Message
Transfer
Management
Application
Presentation Layer Transport Layer
TELNET
Internet User
Figure 1.19 Application Specific Protocols in ISO and Internet Models
11. Common Network Problems
• Loss of connectivity
• Duplicate IP address
• Intermittent problems
• Network configuration issues
• Non-problems
• Performance problems
12. Challenges of IT Managers
• Reliability
• Non-real time problems
• Rapid technological advance
• Managing client/server environment
• Scalability
• Troubleshooting tools and systems
• Trouble prediction
• Standardization of operations - NMS helps
• Centralized management vs “sneaker-net”
18. Need for Network Management Tools
• In the early days of the Arpanet, the predecessor of the Internet, the
name service was accomplished by maintaining and distributing one file
with all the IP addresses of the network. But no more … DNS etc
• As networks increase in size
1. The network becomes more indispensable to the organization.
2. More things can go wrong, disabling or degrading the performance
of portions of the network.
3. Today a large network cannot be managed with software assistance.
20. SNMP History
• SNMP version 1
– was published in 1988
– Widely accepted
– RFC 1157
• SNMP version 2 added additional functionality
– RFC 1441 (1993)
• SNMP v3 added security features
– RFC 3410-3415 (1999)
– http://www.ibr.cs.tu-bs.de/projects/snmpv3/
– http://www.ietf.org/html.charters/snmpv3-charter.html
21. SNMP v3
– Introduction and Applicability Statements for Internet Standard Management
Framework, RFC 3410, Informational, December 2002
– An Architecture for Describing Simple Network Management Protocol (SNMP)
Management Frameworks, RFC 3411, STD 62, December 2002
– Message Processing and Dispatching for the Simple Network Management
Protocol (SNMP) RFC 3412, STD 62, December 2002
– Simple Network Management Protocol (SNMP) Applications RFC 3413, STD 62,
December 2002
– User-based Security Model (USM) for version 3 of the Simple Network
Management Protocol (SNMPv3) RFC 3414, STD 62, December 2002
– View-based Access Control Model (VACM) for the Simple Network Management
Protocol (SNMP) RFC 3415, STD 62, December 2002
22. SNMP Management Station
– Management station – typically a stand alone device; an interface for
human net manager
– Management agent –
– Management information base
– Network Management protocol
• Get, Set and Notify
23. SNMP GOALS
• Ubiquity
– Pcs and Crays
• Inclusion of Management Should Be Inexpensive
– Small Code
– Limited Functionality
• Management Extensions Should Be Possible
– New MIBS
• Management Should Be Robust
– Connectionless Transport
• Resource/reference for next few slides
– http://www.simpleweb.org/tutorials/slides-ppt.html
27. Basic Concepts of SNMP
• A network management system is an integrated collection of tools for
network monitoring and control.
– Single operator interface
– Minimal amount of separate equipment. Software and network
communications capability built into the existing equipment.
28. SNMP Management Station
• Management station will include:
• an interface for the human net manager for monitoring and controlling
the network
• management applications for data analysis and fault recovery
• Translation of network manager commands to actual controls of the
network
• A database of the MIBs of all managed entities of the network
29. SNMP Management Agent
• Key platforms: hosts, bridges, routers, hubs equipped with SNMP
management agent
• SNMP management agent is a program that communicates with the
SNMP management station
1. Responds to requests for information on network status
2. Responds to requests for management actions
3. May asynchronously provide the management station with
unsolicited “alert” information
30. SNMP Management Information Base
• Each network resource is represented as an object (data variable)
• Management Information Base (MIB) is the collection of objects that an
agent maintains
• Objects in MIB are standardized across the type of agent such as
routers, bridges, etc.
• A management station monitors the network by requesting values from
the MIBs
• A management station controls the network by setting values in the
MIBs of the various agents
31. SNMP Network Management Protocol
• Capabilities of SNMP
1. Get - get the value of an object from an agent
2. Set – set the value of an object of an agent
3. Notify – agent alerts the management station
Protocol context of SNMP
32. SNMPv2
• The strength of SNMPv1 was simplicity implying it was easy to
implement and configure.
• However, deficiencies arose:
1. Lack of support for distributed network management
2. Functional deficiencies
3. Security deficiencies
• The first two were addressed by SNMPv2 and the latter by SNMPv3.
34. SNMP v1 and v2
• Trap – an unsolicited message (reporting an alarm condition)
• SNMPv1 is ”connectionless” since it utilizes UDP (rather than TCP) as
the transport layer protocol.
• SNMPv2 allows the use of TCP for reliable, connection-oriented”
service.
35. SNMPv1 Community Facility
• SNMP provides only rudimentary secuirty through the concept of
communitiy.
• SNMP Community – Relationship between an SNMP agent and SNMP
managers.
– Maintain locally on the agent
– List of managers with associated access privalidges
• Each agent controls its MIB; aspects of this control
– Authentication service – which manager can access/control
– Access policy
– Proxy service – this may involve implementing authentication service
for other devices
36. Comparison of SNMPv1 and SNMPv2 Table 8.1
SNMPv1 PDU SNMPv2 PDU Direction Description
GetRequest GetRequest Manager to agent Request value for each
listed object
GetRequest GetRequest Manager to agent Request next value for
each listed object
------ GetBulkRequest Manager to agent Request multiple values
SetRequest SetRequest Manager to agent Set value for each listed
object
------ InformRequest Manager to manager Transmit unsolicited
information
GetResponse Response Agent to manager or
Manage to
manager(SNMPv2)
Respond to manager
request
Trap SNMPv2-Trap Agent to manager Transmit unsolicited
information
37. SNMP Access Policy
• SNMP MIB view – a subset of the objects
• SNMP access modes: Read-Only, Read-Write
• SNMP community profile = SNMP MIB view + access-mode
• SNMP access policy = SNMP community + SNMP community-profile
38. SNMPv3
• SNMPv3 defines a security capability to be used in conjunction with
SNMPv2 preferably or possibly v1
39. SNMPv3 Archttecture
• Consists of a distributed collection of SNMP entities
OTHER
NOTIFICATION
ORIGINATOR
COMMAND
RESPONDER
COMMAND
GENERATOR
NOTIFICATION
RECEIVER
PROXY
FORWARDER
SNMP APPLICATIONS
SNMP ENGINE
MESSAGE PROCESSING
SUBSYSTEM
DISPATCHER
SECURITY
SUBSYSTEM
ACCESS CONTROL
SUBSYSTEM
SNMP ENTITY
OTHER
41. SNMP Agent
PDU
DISPATCHER
COMMUNITY BASED
SECURITY MODEL
USER BASED
SECURITY MODEL
OTHER
SECURITY MODEL
SECURITY SUBSYSTEM
SNMPv1
SNMPv2C
SNMPv3
OTHER
MESSAGE PROCESSING
SUBSYSTEM
MESSAGE
DISPATCHER
TRANSPORT
MAPPINGS
MANAGEMENT INFORMATION BASE
VIEW BASED
ACCESS CONTROL
ACCESS CONTROL SUBSYSTEM
NOTIFICATION
ORIGINATOR
COMMAND
RESPONDER
52. User Security Model (USM)
• Designed to secure against:
– Modification of information
– Masquerade
– Message stream modification
– Disclosure
• Not intended to secure against:
– Denial of Service (DoS attack)
– Traffic analysis
54. Remote Monitoring (RMON)
• An extension of the network manager’s operation.
• Monitor the data flowing on the remote network using probe or RMON
agents.
• Overcomes degradation of lower operating rate WAN bandwidth when
monitoring geographically separated networks.
• Reduces the amount of information required to be transmitted to NMS.
• Reduces the potential bandwidth saturation of the WAN circuit.
55. Remote Network Monitoring (RMON)
• The Remote Network MONitoring (RMON) MIB was developed by the
IETF to support monitoring and protocol analysis of LANS.
• The original version (sometimes referred to as RMON1) focused on OSI
LAYER 1 and LAYER 2 information in Ethernet and Token Ring
networks.
• It has been extended by RMON2 which adds support for NETWORK-
and APPLICATION-LAYER monitoring and by SMON which adds
support for switched networks.
• It is an industry standard specification that provides much of the
functionality offered by proprietary network analyzers.
• RMON agents are built into many high-end switches and routers.
57. RMON Principle Operation
WAN circuit
RMON Agent/Probe
Network
Management
Station
Agent
MIB
RMON -MIBs
There were 9 groups defined RMON:
Statistic Group, History Group, Host Group,
Host Top N Group, Traffic Matrix Group, Alarms
Group, Filters Group, Packet Capture Group,
and Events Group.
58. RMON Probe
• Communication between probe and analyzer is using SNMP
• Data gathered and stored for an extended period of time and analyzed later
• Used for gathering traffic statistics and used for configuration
management for performance tuning
PROTOCOL
ANALYZER
RMON
Probe
BACKBONE
NETWORK
SNMP
Traffic
SNMP
Traffic
LAN
RouterRouter
60. basic idea/s
• all kinds of stats - but gathered on per link basis as aggregate
– not by manager from every host on link
• ethernet focus (token-ring support too)
• rmon probe can run SOMEWHAT by itself and gather information
– however manager needed for more complex functions (may have to
suck out data on periodic basis due to lack of space)
61. RMON1 MIB
• The RMON1 MIB consists of ten groups:
1. Statistics: real-time LAN statistics e.g. utilization, collisions, CRC errors
2. History: history of selected statistics
3. Alarm: definitions for RMON SNMP traps to be sent when statistics exceed
defined thresholds
4. Hosts: host specific LAN statistics e.g. bytes sent/received, frames
sent/received
5. Hosts top N: record of N most active connections over a given time period
6. Matrix: the sent-received traffic matrix between systems
7. Filter: defines packet data patterns of interest e.g. MAC address or TCP port
8. Capture: collect and forward packets matching the Filter
9. Token Ring: extensions specific to Token Ring
10. .Event: send alerts (SNMP traps) for the Alarm group
62. RMON2 MIB
• The RMON2 MIB adds ten more groups:
1. Protocol Directory: list of protocols the probe can monitor
2. Protocol Distribution: traffic statistics for each protocol
3. Address Map: maps network-layer (IP) to MAC-layer addresses
4. Network-Layer Host: layer 3 traffic statistics, per each host
5. Network-Layer Matrix: layer 3 traffic statistics, per source/destination pairs of hosts
6. Application-Layer Host: traffic statistics by application protocol, per host
7. Application-Layer Matrix: traffic statistics by application protocol, per
source/destination pairs of hos
8. User History: periodic samples of user-specified variables
9. Probe Configuration: remote configure of probes
10. RMON Conformance: requirements for RMON2 MIB conformance
63. Possible RMON Uses
• what kind of questions might you ask?
– how much IP vs IPX traffic?
– how much traffic is web/news/ftp, whatever?
– how utilized (full) is the pipe?
– who talks to server X?
– we have a problem with DHCP, we need to capture the packets and
look?
– global ethernet errors on this link are what?