Keeping Tabs on Your Network

First, a Horror Story

Types of Management Tools

What is SNMP?

Dartmouth’s Net Management

InterMapper demo

Questions

Rich Brown

Dartware, LLC

20 May 2005

A Horror Story

What happened…

How could it have been prevented?

What is Network Management?

A set of tools that:– Help you know what’s happening in your net– Help you administer your network– Make you look good with your customers...– By actually doing a good job

Network Management System

MonitoringSystem

Servers Servers

Routers &Routers & SwitchesSwitches

Wireless gearWireless gear

EnvironmentalEnvironmentalSensorsSensors

Power SystemsPower Systems

E-mail, PagersE-mail, Pagers & Sounds& Sounds

Web Pages/Web Pages/Remote ViewsRemote Views

Strip ChartsStrip Charts

Diagram of Diagram of the the networknetwork

Log FilesLog Files

Types of Management Tools

Fault Management Configuration Management Security Management Performance Management Accounting Management Asset Management Planning Management Content Management

What is SNMP?

SNMP is a protocol (set of rules) for conveying management or status information from devices such as servers, workstations, routers, switches, radios and other gear to a management station.

Two ways to get data from a device– Management station “pulls” data from a device

being tested (the SNMP Agent)– Agent “pushes” a trap to the management station

The data values are defined by a MIB

What’s a MIB?

“Management Information Base” MIB defines the kinds of data a device tracks MIBs for various devices

– Router or Switch: traffic (packet & byte counts) & error counts (receive, transmit, discards, etc)

– Web Server MIB shows pages served, 404s, 401s, etc.– Mail Server MIB shows messages processed, queue lengths– Environmental sensors: temperatures, switch closures,

water on floor, door alarm, others– Typical Radio MIB: RSL, BER, number of subscribers,

bandwidth, inside/outside temperature, etc.

What’s an OID?

“Object Identifier” The “name” of the variable Always starts with 1.3.6.1…

– 1.3.6.1.2.1… for standardized MIBs– 1.3.6.1.4.1… for vendor specific MIBs

Four Basic SNMP Operations

– Get Retrieves the value of a MIB variable stored on the agent

machine (gauge, counter, string, or address of another MIB variable)

– GetNext Retrieves the value of the “next” MIB variable

– Set Changes the value of a MIB variable

– Trap An unsolicited notification sent by an agent to a

management application (typically a notification of something unexpected, like an error)

Traps

Traps are unsolicited reports that are sent to a management system by an SNMP agent process

When an interesting event occurs, an agent generates a trap message and sends it to a designated network address

Many events can be configured to signal a trap, like a network cable fault, failing NNIC of hard drive, a general protection fault, or a power supply failure

Ports & UDP

SNMP uses User Datagram Protocol (UDP) as the transport mechanism for SNMP messages

Like FTP, SNMP uses two well-known ports to operate:– UDP Port 161 SNMP Get/Set Messages– UDP Port 162 SNMP Trap Messages

Advantages of using SNMP

Standardized Widely supported by many vendors Distributed management access Lightweight protocol

SNMP Management Solutions

Open Source – Nagios, Big Brother, MRTG, perl scripts

Commercial SMB – InterMapper, WhatsUp Gold, IPMonitor

Commercial Enterprise – OpenView, Tivoli, Unicenter, BMC Patrol

Dartmouth’s Net Management

A variety of tools...– InterMapper– Aruba wireless monitoring tools– Spam filtering – NAT for entire campus

InterMapper Demo

InterMapper is a fault management tool Monitors network equipment and servers

24x7 to alert the manager about troubles Some performance management tools Get a demo from

http://www.intermapper.com

Questions

Ask now, or e-mail me– Rich.Brown@dartware.com

Thanks!

Bonus Slides

These slides didn’t fit into the presentation, but we kept them for your information...

Why is it Important?

To give Good Service and be professional A management system helps you to:

– Know about problems before the phone rings– Know how your network’s configured—documentation– Know how your network is operating– Know about network limits before you hit the wall

You can start small– Fault and Performance Management are critical– Implement other tools as your network grows

Types of Network Management

Fault Management: Reactive and proactive network fault management

Performance Management: Number of packets dropped, timeouts, collisions, CRC errors, response times

Configuration Management: Inventory, configuration, provisioning

Planning Management: Analysis of trends to help justify a network upgrade or a bandwidth increase

Security Management: SNMP doesn't provide much here Accounting Management: Cost management and chargeback

assessment Asset Management: Statistics of equipment, facility and

administration personnel

Benefits of using SNMP

Vendor Neutral Tools for Monitoring Universal Support Monitor lots of interesting information

Client Pull & Server Push

SNMP is a client “pull” model– The management system (client) “pulls”

data from the agent (server) SNMP also provides “server push” model

– The agent (server) “pushes” out a trap message to a (client) management system

Fault Management

Discover that a problem exists Notify the responsible parties Isolate the problem; show what is working Possibly fix the problem

Configuration Management

Configure critical devices consistently– e.g. Routers and Servers

Take inventory of important software on workstations

Update computers automatically

Security Management

Controlling access to information on the network

Setting up accounts; testing passwords Firewalls & Intrusion Detection Systems

Performance Management

Collecting and analyzing data about use Setting thresholds for alarms Simulating alternatives to find maximum

performance Study trends and make predictions

Accounting Management

Tracking individual or group use of network resources

Billing for use Controlling use of network

Stand-alone vs. Platform

Stand-alone programs solve specific problems; can be well-targeted and inexpensive; usually are easy to set up; but often duplicate notification, logging, databases, etc.

Platforms provide base services plus plug-in modules; unified notifications, logging, databases; but can be very expensive to buy and hard to set up

Which ones do I need?

Everyone needs security management tools: at least a firewall and access control– This will become true at your home when you

get cable modem or DSL service Fault management tools give timely warnings For the other tools, it depends…