ITEC 275 Computer Networks – Switching, Routing, and WANs

Week 13 Chapter 13 Instructor: RobertD’Andrea 2015

Agenda• SNMP • Management Information Base (MIB)• SNMP Commands• SNMP Communications• DoD Four Layer Model• OSI and TCP/IP Model• TCP/IP Layers• Router Monitoring• Network Design• RMON

SNMPWhat is SNMP?

Simple Network Management Protocol (SNMP) is an application–layer protocol defined by the Internet Architecture Board (IAB) in RFC1157 for exchanging management information between network devices. It is a part of Transmission Control Protocol Internet Protocol (TCP⁄IP) protocol suite.

SNMP

SNMP is one of the widely accepted protocols to manage and monitor network elements. Most of the professional–grade network elements come with bundled SNMP agent. These agents have to be enabled and configured to communicate with the network management system (NMS). The agent configuration involves creating a rule for establishing a specific device threshold. In many cases, the SNMP agent is built in the hardware.

SNMPSNMP basic components and their functionalities

SNMP consists of• SNMP Manager• Managed devices• SNMP agent• The Management Information Database is called

the Management Information Base (MIB).

SNMPSNMP Manager:

A manager or management system is a separate entity that is responsible to communicate with the SNMP agent implemented network devices. This is typically a computer that is used to run one or more network management systems.

SNMP Manager’s key functions• Queries agents• Gets responses from agents• Sets variables in agents• Acknowledges asynchronous events from agents

SNMPManaged Devices:

A managed device or the network element is a part of the network that requires some form of monitoring and management e.g. routers, switches, servers, workstations, printers, and UPSs.

SNMPSNMP Agent:

The agent is a program that is packaged within the network element. Enabling the agent allows it to collect the management information database from the device locally and makes it available to the SNMP manager, when it is queried. These agents could be standard (e.g. Net-SNMP) or specific to a vendor (e.g. HP insight agent)

SNMPSNMP agent’s key functions• Collect management information about its

local environment• Store and retrieve management information

as defined in the MIB.• Signal an event to the manager.• Act as a proxy for some non–SNMP

manageable network node.

Management Information Base (MIB)A MIB (Management Information Base) is

a database of the objects that can be managed on a device. The managed objects, or variables, can be set or read to provide information on the network devices and interfaces.

Management Information Base (MIB)

Management Information database or Management Information Base (MIB)

Every SNMP agent maintains an information database describing the managed device parameters. The SNMP manager uses this database to request the agent for specific information and further translates the information as needed for the Network Management System (NMS). This commonly shared database between the Agent and the Manager is called Management Information Base (MIB).

Management Information Base (MIB)

Typically, a MIB contains a standard set of statistical and control values defined for hardware nodes on a network. SNMP also allows the extension of these standard values with values specific to a particular agent through the use of private MIBs.

In short, MIB files are the set of questions that an SNMP Manager can ask the agent. Agent collects this

data locally and stores it, as defined in the MIB. So, the SNMP Manager should be aware of these standard and

private questions for every type of agent.

Management Information Base (MIB)

snmpwalk .1.3.6.1.2.1.17.4.3.1.1 to get the MAC address table;

snmpwalk .1.3.6.1.2.1.17.4.3.1.2 to get the bridge port number;

snmpwalk .1.3.6.1.2.1.17.1.4.1.2 to get the bridge port to ifIndex mapping.

Management Information Base (MIB)

MIB structure and Object Identifier (Object ID or OID)

Management Information Base (MIB) is a collection of Information for managing network element. The MIB is comprised of managed objects identified by the name Object Identifier (Object ID or OID).

Each Identifier is unique and denotes specific characteristics of a managed device. When queried for, the return value of each identifier could be different e.g. Text, Number, Counter, etc...

Management Information Base (MIB)

There are two types of Managed Object or Object ID: Scalar and Tabular. They are better understandable with an example.

Scalar: Device’s vendor name, the result can be only one. (As definition says: "Scalar Object define a single object instance")

Tabular: CPU utilization of a Quad Processor, this would give me a result for each CPU separately, means there will be 4 results for that particular Object ID. (As definition says: "Tabular object defines multiple related object instance that are grouped together in MIB tables")

Management Information Base (MIB)

Every Object ID is organized hierarchically in MIB. The MIB hierarchy can be represented in a tree structure with individual variable identifier.

A typical object ID will be a dotted list of integers. For example, the OID in RFC1213 for "sysDescr" is .1.3.6.1.2.1.1.1

SNMP CommandsBasic commands of SNMP

The simplicity in information exchange has made the SNMP as widely accepted protocol. The main reason being concise set of commands, here are they listed below:

• GET: The GET operation is a request sent by the manager to the managed device. It is performed to retrieve one or more values from the managed device.

• GET NEXT: This operation is similar to the GET. The significant difference is that the GET NEXT operation retrieves the value of the next OID in the MIB tree.

SNMP Commands• GET BULK: The GETBULK operation is used to

retrieve voluminous data from large MIB table.• SET: This operation is used by the managers to

modify or assign the value of the Managed device.• TRAPS: Unlike the above commands which are

initiated from the SNMP Manager, TRAPS are initiated by the Agents. It is a signal to the SNMP Manager by the Agent on the occurrence of an event.

• INFORM: This command is similar to the TRAP initiated by the Agent, additionally INFORM includes confirmation from the SNMP manager on receiving the message.

SNMP Commands• RESPONSE: It is the command used to carry back

the value(s) or signal of actions directed by the SNMP Manager.

SNMPSNMP is normally part of another software

application like, Spiceworks, LANView, and Ciscoworks. It is a major protocol used in the network industry.

SNMP detects device events is real time before or at the time of failure. These events can be as follows:

CPU, disk, and memory fans

Memory slots

Threshold regarding disk space.

SNMP

SNMP is a service on your Windows operating system. By default SNMP uses port 161 and TRAP⁄ INFORM uses port 162 for communication. Firewall ports must be opened to allow data communication connectivity.

SNMP CommunicationsTypical SNMP communication

SNMP is part of TCP⁄ IP protocol suite, the SNMP messages are wrapped as User Datagram Protocol (UDP) and intern wrapped and transmitted in the Internet Protocol. The next diagram will illustrate the four–layer model developed by Department of Defense (DoD).

The DoD Four Layer model was used during the creation of TCP/IP, but was not formalized until well afterwards (in RFC 1122, "Requirements for Internet Hosts -- Communications Layers", October 1989).

DoD Four Layer Model

OSI and TCP/IP Model

TCP/IP LayersTCP/IP Topology

Router MonitoringWAN links and the routers that serve them are

usually the most expensive part of the network, and managing bandwidth allocation can be complex. Over-subscribing to bandwidth could mean that the company is paying for more bandwidth than required and under-subscribing could result in congestion and unacceptable network performance. WAN Monitoring and Router Monitoring thus become very critical to not just day-to-day productivity but also to a company's bottom-line. Network managers will need to optimize the quality of service by balancing throughput, committed information rate (CIR) and burst rate with congestion, response time, and discards.

Router MonitoringSome of the WAN monitoring challenges

include optimizing bandwidth allocations, ensuring high network availability, quickly resolving WAN problems, capacity planning for future requirements, minimizing recurring costs on WAN links, identifying high traffic/ utilization sources and spotting & updating problematic legacy routers.

OpManager

OpManager was built on the premise that when the number of devices increases and when companies expand to multiple locations, it becomes difficult to maintain a static network map.

The information technology field is a dynamic process and static network maps often fail to capture the new changes in the network. When a failure does occur, it becomes impossible to track the affected device or business service using the static network diagrams. With OpManager, network maps are created automatically for the network administrator.

OPManager

OpManage has a rich web-based interfaces, that offers advanced network management functionality and at a compelling price-point.

Router and WAN Monitoring with OpManager

Network Design

Whether at a service provider, enterprise or government agency, the network operations center is where the action and information resides. Managers and technicians need to have real-time visibility into the health and performance of the entire network. They need actionable alerts that lead them quickly to the cause of performance problems when they arise, as well as the ability to design and test remedial corrections, and implement them with confidence.

RMONWhat is RMON?

The Remote Network MONitoring (RMON) MIB was developed by the IETF to support monitoring and protocol analysis of LANs. The original version (sometimes referred to as RMON1) focused on OSI Layer 1 and Layer 2 information in Ethernet and Token Ring networks. It has been extended by RMON2 which adds support for Network - and Application -layer monitoring and by SMON which adds support for switched networks. It is an industry standard specification that provides much of the functionality offered by proprietary network analyzers. RMON agents are built into many high-end switches and routers.

RMON

Remote Monitoring (RMON) is a standard monitoring specification that enables various network monitors and console systems to exchange network-monitoring data. RMON provides network administrators with more freedom in selecting network-monitoring probes and consoles with features that meet their particular networking needs. An RMON implementation typically operates in a client/server model. Monitoring devices (commonly called "probes") contain RMON software agents that collect information and analyze packets. These probes act as servers and the Network Management applications that communicate with them act as clients. While both agent configuration and data collection use SNMP, RMON is designed

to operate differently than other SNMP-based systems:

RMON

• Probes have more responsibility for data collection and processing, which reduces SNMP traffic and the processing load of the clients.• Information is only transmitted to the

management application when required, instead of continuous polling.

RMON

In short, RMON is designed for "flow-based" monitoring, while SNMP is often used for "device-based" management. RMON is similar to other flow-based monitoring technologies such as NetFlow and Sflow because the data collected deals mainly with traffic patterns rather than the status of individual devices. One disadvantage of this system is that remote devices shoulder more of the management burden, and require more resources to do so. Some devices balance this trade-off by implementing only a subset of the RMON MIB groups (see below). A minimal RMON agent implementation could support only statistics, history, alarm, and event.

This Week’s Outcome• SNMP• Management Information Base (MIB)• SNMP Commands• SNMP Communications• DoD Four Layer Model• OSI and TCP/IP Layers• TCP/IP Layers• Router Monitoring• Network Design• RMON

Concluding Remarks

Questions and/or Concerns