SYLLABUS Subject Code: 10CS834 I.A Marks: 25 Hours/Week: 04
Exam Hours: 03 Total Hours: 52 Exam Marks: 100
1. Introduction: Analogy of Telephone Network Management, Data and Telecommunication Network
,Distributed computing Environments, TCP/IP Based Networks: The Internet and Intranets, Communications Protocols and Standards- Communication Architectures, Protocol Layers and Services; Case Histories of Networking and Management The Importance of topology , Filtering Does Not Reduce Load on Node, Some Common Network Problems; Challenges of Information Technology Managers, Network Management: Goals, Organization, and Functions- Goal of Network Management, Network Provisioning, Network Operations and the NOC, Network Installation and Maintenance; Network and System Management, Network Management System platform, Current Status and Future of Network Management.
2. Basic Foundations: Standards, Models, and Language: Network Management Standards, Network
Management Model, Organization Model,Information Model – Management Information Trees, Managed object Perspectives, Communication Model; ASN.1- Terminology, Symbols, and Conventions, Objects and Data Types, Object Names, An Example of ASN.1 from ISO 8824; Encoding Structure; Macros, Functional Model.
3. SNMPv1 Network Management: Managed Network: The History of SNMP Management, Internet
Organizations and standards, Internet Documents, The SNMP Model, The Organization Model, System Overview. The Information Model – Introduction, The Structure of Management Information, Managed Objects, Management Information Base. The SNMP Communication Model – The SNMP Architecture, Administrative Model,SNMP Specifications, SNMP Operations, SNMP MIB Group, Functional Model.
4. SNMP Management – RMON: Remote Monitoring, RMON SMI and MIB,RMONI1- RMON1 Textual
Conventions, RMON1 Groups and Functions,
1
Relationship
Between
Contro l
and
Data
T ables,
RMON1 Common and
Ethernet Gr oups, RMON Tok en Ring E xtension Gro ups, RMON2 – The
RMO N2 Manageme Managem e nt Inform format atio ion n Base, RMON2 C onformance Specificatio ns ns.
5. Broadband
Netw ork
M anagement:
Br oad band
Access
Networ k s
and
Technologie s: Broadband Access Networ ks, Broad band Access Techn ology; HFCT HFCT Techn Technol olog ogy: The The Br oadband band LAN, LAN, The The Cable Modem, The Ca ble Modem Ter mination System, The HFC Plant, The The RF Spectr u m for Cable Modem; Data Over Cable Reference Architecture; HFC Management – Ca ble Modem and CMTS Mana gem en anageement, ent, HFC Lin k Manag Management,
DSL
T echnology;
Asymmetric
D igital
RF S pectr um
Su bscr iber
Line
Te chnolo gy – Role of the ADSL Access Net work in an Overa ll Net work, ADSL Architectur e, ADSL Channeling Sch emes, ADSL Encoding Schemes; ADSL
Management – ADSL Network
Management
Elements,
Conf igur ation Managem agemen ent, t, ADSL Fault Management, ADSL
ADSL
Per f ormance
Management, S NMP -Based ADSL Line MIB, MIB MIB Intteegr ation with Interfa rfaces ces Grou ps in MIB-2, ADSL Con fig uration Pr ofiles. 6. Network Management Applic ations: Conf igur ation
Provisioning, F a ul t
Inventory Management, Net work Topolo gy, Fault Managem Managementent-
Detection,
Management
L o c a tio n
Fa ult
a nd
Isolation
Technique ques,
Perf ormance
– Perfo r mance Metric s, Data Monitoring, Prob roblem Isolat olatiion,
Pe rf or ma m ance Reasoning,
Management - Network work
Statistics;
Event
Model-Based
Cor r elation
Reasoning,
Techniques
Case-Based
–
Rule-Based
Reasoning,
Codebook
corr elatio ation n Mod Model, State Transition ion Gra Graph ph Mod Model , Finite State Machin Machinee Mode Model, l, Security Manag anageement ent – Policies and Procedur es, Securit y Breaches and the Resour ces
Needed
Authentication Messages Accounting
and
to
Prevent
Author izatio n,
Them,
Fir ewal ewalls ls,,
Client/Ser ver
Cry ptogra p hy,
Authe ntication
Systems,
T ransfer Security, Pr otecti ction of Networ k s fr om Viru s Attack s, Management,
Ser vice Le vel Management.
Report
Manage ment,
Po Policy -Based Management,
TE X T B O O KS: Mani Subram Subramania anian: n: Networ Network k Ma nagem ent- Pr incip nciples les and Prac Practic tice, e, 2nd P ear son Educ ati on, 2010 . RE F EREN CE B O O K S: J. Richar d B ur k e: Netw or k m anage m ent Co ncepts and Practices: a Hand s-O n A pproa ch, PH I, 200 8.
TABLE OF CONTENTS 1.
I nt r o d u c t i o n
1.1 1.2 1.3 1.4 1.5 1.6 1.7 1.8 2.
6-14
Analogy of tele phone networ k Data and telecommunication networ k Distr i buted com puting envir onment Inter net Pr otocols and standar ds IT management Networ k and system management Cur r ent status and future of n etwor k management
Basic Foundations: Standards, Models, and Language
15-27
2.1 Networ k Management Standar ds 2.2 Net work Management M o del 2.3 Or ganization Model 2.4 Infor mation Model 2.5 Communication Model 2.6 AS N.1 2.7 Functional Mo d el 3. SNMPv1
Network M anagement
28-5 2
3.1 Managed Network 3.2 The S NMP Model 3.3 The Organization Model 3.4 The Inf or mation Model 3.5 Management Information Base 3.6 The S NMP Ar chitecture 3.7 Adm i nistrative Model 3.8 Fun ction al Model 4.
SNMP Management – RMON
4.1 Remote Monitoring 4.2 RMO N SMI and MIB 4.3 RMO NI1 4.4 RMO N1 Gr ou ps and Function s 4.5 Relationsh ip Between Contr ol and Da ta Tables 4.6 RMO N1 Common and Ether net Gr oups 4.7 RMON Tok en Ring Extension Groups 4.8 RMO N2 Manage m e nt Inf orm ation B ase
53-61
5. Broadband
Netw ork Manage ment
6 2- 84
5.1 Br oadband Access Networks 5.2 Broadband Access Technology 5.3 HF CT Technol o gy 5.4 HF C M anagem en t 5.5 Asymmetr ic Digital Su bscr i ber Line Technology 5.6 ADSL Management 6. Network Management
App lications
6. 1 Conf igur ation Management 6.2 Performance Man ageme nt 6.3 Event Cor r elation Techniques 6.4 Security Management 6.5 Policy-Based Management 6.6 Service Level Managem ent
85-113
Chapter 1 INTR ODUCTION
1.1 Analogy of Telephone Net work
Char acter istics: • It is R elia ble - does what is ex pected of it • De penda ble - always ther e when you need it (r emem ber 911 ?) • Good quality (connection) - hear ing each other well The reasons for that ar e good planning, design, and im plementation .Good o peration and management of networ k . Telephone Net wor k Mo del • Notice the hier ar chy of sw itches • Pr imar y and secondary routes pr ogr ammed • Automatic routing • Wher e is the most lik ely failur e? • Use of O per ations Systems to ensur e QoS
Regional Center Class 1 switch
Regional Center Class 1 switch
Sectional Center Class 2 switch
Sectional Center Class 2 switch
Primary Center Class 3 switch
Pr imary Center Class 3 switch
Toll Center Class 4 switch
Toll Center Class 4 switch
End Office Class 5 switch
End Office Class 5 switch
To other Regional center s Sectional centers Pr imary centers Toll centers End of fices To other Pr imary centers Toll centers End of fices
To other Class 4 toll points End of fices
Legend: Loop Dir ect Trunk Toll-Connecting Trunk Voice
Voice
Toll Trunk
Fig u r e 1.1 T elephone Network Model
Operations Systems / NO C •
Monitor tele phone network par ameter s S/N ratio, transmission loss, call block age, etc.
• •
•
• •
Real-time management of networ k Tr unk (logical entity between switches) maintenance s ystem measur es loss and S/ N. Tr unk s not meeting QoS ar e removed befo re customer notices poor quality Tr af f ic measur ement systems measur e call blockage. Additional switch planned to keep the call block age below acce pta ble level O per ations s ystems ar e distr i buted at centr al of f ices Networ k management done centr ally fr om Networ k O perations Center ( NOC)
1.2 Data and Telecommunication Network Com puter data is car r ied over long distance by tele phone (telecommunication networ k ). Out put of tele phone is analog and out put of com puter s is digital. Modem is used to “modulate” and “demodulate” .Com puter da ta to analog format and analog to data should be done. Clear distinction between the two networ k s is getting fuzzier with moder n multimedia networ k s.
D at a co mm uni ca tion netw or k
T er mi nal
Te r min al Ho s t
M od em
Mo dem
Lo op
M odem
L oop
Lo op
Voice
Voice
T elec om mu nic at ion net w or k
Fi gur e 1.2 D ata a nd Tel ecom m un i ca t ion Netw ork s
IBM SNA Architecture IBM System Networ k Ar chitectur e (SN A) is a major step in networ k ar chitectur e SNA is based on multitude of (dum b) ter minals accessing a m ainf r ame host at a remote location LAN-WAN Network
L AN
A
L AN
Br i dge /
Br i dg e /
Router
Router
B
Br idg e / Router
L AN
C
WAN communication
link
W o r k sta tio n
W o r kst a tio n
Cluster
Cluster
contr oller
contr oller
Communications contr oller
Communications contr oller
M a in f r a m e
Fi gur e 1.3 IBM Systems Ne twor k Ar chit ec tur e M ode l
Ma jor im pacts of DCE ar e no mor e mono polistic ser vice provider , no centr alized IT contr oller , hosts doing s pecialized function and Client/Ser ver ar chitectur e for med the cor e of DCE networ k Client/Server Model
Contr ol tr ansfer
Client
Server Contr o l tr ansf er
Figur e 1.4 Simple Client-Ser ver Model
For exam ple in Post of f ice analogy; cler k the ser ver , and the customer the client. Client always initiates requests and Ser ver always res ponds. Notice that contr ol is handed over to the receiving entity. 1.3 TCP/IP Based Network s •
TCP/IP is a suite of pr otocols
• • • • •
•
Inter net is based on TCP/IP IP is Inter net pr otocol at the networ k layer le vel TCP is connection-or iented tr ans por t pr otocol and ensur es end-to-end connection UDP is connectionless tr ans por t pr otocol and pr ovides datagr am ser vice Inter net e-mail and much of the networ k management. Messages ar e based on UDP/IP ICMP par t of TCP/IP suite
Architecture, Protocols and Standards • Communication ar chitectur e • Modeling of communication systems, com pr ising • functional com ponents and • o per ations inter f aces between them • Communication pr otocols • O per ational pr ocedur es • intr a- and inter -modules • Communication standar ds • Agr eement between manuf actur er s on pr otocols of communication equi pment on • physical char acter istics and • o per ational pr ocedur es 1.4 Communication protocols and standards
Us er A
U ser Z Pe er -Pr ot o col I nt er f ace
A ppli catio n Lay er s
A pplica t ion Laye rs
Tr an sp or t Laye r s
Tr ans po r t Layers
Ph y sic al Medi um (a) Di r e ct C om m u ni ca ti on be tw ee n E nd Sys te ms Syst em A
I nt er m edi ate s y ste m
S y st em Z
Us er A
Us er Z P eer -P r ot oc ol I nt er f ace
A p plic ati on La ye r s
Ap plica tion Layer s Tr ans por t L ay er
Tr a ns por t La ye r s
Tr an sp or t Laye rs C onver sio n
Ph ysic al Me diu m
P h y s i c a l M e d i um
(b) C om m uni c at ion bet w een E nd S yste ms via an I nt er m e diate Syst em
Fi gur e 1.5 Basic C om m uni ca tion A r chi tect ure
OSI Ref erence M odel User / Application pr ogr am
Layer 7
Application
Layer 6
Pr esentation
Layer 5
Session
Layer 4
Tr anspor t
Layer 3
Networ k
Layer 2
Data link
Layer 1
Physical
Physical medium
Figure 1.6 OSI Protocol Layers
OSI Layers an d Services Ther e ar e similar ities between S NA and OSI. Sim plicity of Inter net s pecif ies only layer s 3 and 4 .Ther e is integr ated a p plication layer s over I nter net. Commonality of lay er s 1 and 2 as in IEEE standar d as shown in ta ble Application Protocols Internet user
Telnet
Vir tual Ter minal
File Tr ansf er Pr otocol
File Tr ansf er Access & Management
Sim ple Mail Tr ansf er
Message-or ientedText
Pr otocol
Inter change Standar d
Sim ple Networ k Management Pr otocol 1.5 Common Network Problems
• • • • • •
OSI user
Loss of connectivity Du plicate IP addr ess Inter mittent pr o blems Networ k conf igur ation issues Non- pr o blems Per f or mance pr o blems
CommonManagement Inf or mation Pr otocol
1.6 Challenges of IT Ma nagers
• • • • • • • • •
Relia bility Non-real time pr o blems Ra pid technological advance Managing client/ser ver envir onment Scala bility Tr ou bleshooting tools and systems Tr ou ble pr ediction Standar dization of o per ations - NMS hel ps Centr alized management vs “sneak er -net
Layer No .
Layer Name
Salient ser vices provided by the lay er
1
Physical
-Tr ansf ers to and gather s from the physical medium raw bit data -Handles physical an d electrical interfaces to the tr ansmission medium
2
Dat a link
-Cons ists of two sublayers: Logical li nk contr ol (LLC) and Media access control (M AC) -LLC: For mats the data to go on the medium; perfor ms error control and flow control -M A C: Controls data transf er to and from L AN; resolves conf li cts wit h other data on L A N
3
Networ k
Forms the switching / routing layer of the networ k
4
Tr ans por t
-Multipl exing and de-multiplexing of messages from a p p l i ca ti o ns - Acts as a tr ansparent layer to appli cations and thus isolates them from the transpor t system layers -Makes and breaks connecti ons for connecti on-ori ented communications -Flow contr ol of data in both directi ons
5
Session
-Establishes and cl ea rs sessions for a pplicatio ns, and thus minimizes loss of data during large data exc hange
6
Pr es entation
-Provi des a set of standard protocols so that the display would be trans par ent to syntax of the applicatio n -Data encrypti on and decrypti on
7
Appli cation
-Provi des application specific pr otocols for each specific application and each specific transport pr otocol system
SN A
OSI
INTE RNET
En d Us er A pplic ation
A p plic ati on
Pr esent atio n S e rvi ce s
Pr e se nt ati on
D at a Flow C ontr ol
A pplication Speci fic Pr ot oc ols
Sessi on
Tr an smis sion C o ntr ol
Tr an spo rt Co nne ctionC o n ne c t i o n le s s : U D P or i ent e d: T CP
Tr ans por t
SNICP Net w or k
P a t h C o n tr o l
N et w or k IP
SNDCP SND A P
Dat a Link
D at a Li nk
Phy sic al
Phy sic al
N ot S pe ci f ie d
Figu r e 1 .7 C om par iso ns of OS I, Inter net, and SNA Pr oto col La yer M od els
1.7 Network Management
N et w or k Management
N et w o r k Pr ovisioning
N et w ork Op er ati ons
N et w or k M a i n t e n a n ce
Plan ning
Fa ult M ana ge m ent / Se r vi ce R e st ora tion
D esi gn
C onf i gur at ion Mana gem e nt
F ault M anageme nt Tr oub le Ti c k et A dministr ati on
Per f or ma nc e Man age ment / Tr af f i c M a na gem en t N et w o r k I nst all at ion S ecur i ty Ma n age men t N et w o r k Re pai r s A cc ountin g Ma nage me nt F a cilitie s I nst allat i on R ep or t s Man age m e nt
& M ai n t e n a n c e R out ine N etw or k
Inven t or y Mana ge ment D at a G ather ing & A na lys es
Figur e 1.8 Networ k Management Functional Gr oupings
Te sts
1.8 Network Operations
Net wor k
Users
Conf igur ati on Data
Management Decision New Technology
TT Restor ation
Per f or mance & Tr af f ic Data
Engineer ing Group
Oper ations Gr oup NOC
- Networ k Planning & Design
I & M Gr oup -Networ k Installation & Maintenance
- Networ k Oper ations
Fault TT
Install ation
Figur e 1.9 Networ k Management Functional Flow Char t
Network Management Components
NMS
Networ k Agent
Networ k Agent
Networ k Objects
Networ k Ob jects
Figur e 1.10 Networ k Management Components
Interoperability Messages
NMS Vendor A
Ser vices & Protocols
NM S Vendor B
Network Agent
Network Agent
Networ k Agent
Network Agent
Network Objects
Network Objects
Networ k Objects
Network Objects
Application Ser vices Ob j ects
Ob jects
M a nag e m ent Pr otocol
Vendor A
Ob j ects
Vendor B
Ob jects
Tr ansport Pr otocols
(b) Ser vices and Pr otoco ls
Figu r e 1.11 Networ k Managem en t D u mbb ell Archit ectu r e
1.9 Current Status and Future of Networ k Managem ent Status:
• • • •
S NMP managem ent Limited CMIP management O per ations systems Polled systems
Futur e tr ends: • • • •
O b ject-or iented a p pr oach Ser vice and policy management Business managemen t We b- based management
Chapter 2 Basic Foundations: Standards, Models, a nd Language I n t r o d uc t i o n Networ k Management is the management of the networ k r esources com pr ising nodes (e.g., hu bs, switches, router s) and link s (e.g., connectivity between two nodes). System Management is the management of systems and system resources in the networ k . Net wor k Management can also be def ined as OAM&P (O per ations, Administr ation, Maintenance, and Pr ovisioning) of network and ser vices. 2.1 Network Management Standards T a bl e 2.1 N e tw o r k M a n a g e m e n t St an d a r ds
S ta n d a r d O S I / C M IP
SNMP / I n te r n e t
TMN
S a l ie n t P o in t s
In te r n atio na l standa rd (ISO / O S I)
M a nag e me n t of d ata co m m u nica ti on s n e tw ork - L A N a n d W A N
D e als wit h all 7 l a y ers
M o st co mp le te
O b je ct or ien te d
W e ll str u ctur ed a nd la ye red
C o n su m e s la r g e re so u r ce in im p l e m e n ta tio n
In d u str y sta n d a r d (IE T F)
Or ig in ally i n te n d ed fo r m a n a g e m e nt of In te r n et co m p o n e n t s, cu r r e n tly a d o p te d fo r W A N a nd te le co m m u n i ca ti o n sy st em s
E a sy to i m p le m e n t
M o st wid e ly im p l e m e n te d
In te r n atio na l stan da rd (ITU-T)
M a n a g e m e n t of te le co m m u n i ca tio n s n e tw o r k
B a se d o n O S I n e tw or k m a n a g e m e n t fr a me w o rk
IE E E
W e b -b a se d Management
A d d r e sse s b o th n e tw o rk a n d a d m inistr a ti ve asp e ct s o f m anagement
IEE E sta n d a r ds a d o p te d in te rn a tio n a lly
A d d r e sse s L AN a n d M A N m a n ag e m e n t
A d o p ts O S I sta n d a r d s sig nifi ca n tly
D ea ls with first tw o l aye rs o f O SI RM
W e b -Ba se d E n te r p r ise M a n a g e m e n t (W B E M )
Ja va M a n a g e m e n t A p pli ca tio n P r o g r a m In te r fa ce (JM A P I)
OSI/CMIP: Common Management Inf or mation Pr otocol • S NMP/Inter net: Sim p le Net wor k Ma nagement Pr otocol (I ETF) TM N: Telecommunications Management Networ k (ITU-T) • IEEE standar ds • We b- based Management • S NMP is the most widely used. S NMP and CMIP use polling methodology for ad ditional load on the networ k . It requir es dedicated work stations for the NMS ( Network Management S ystem) •
2.2 Network Management Model
Networ k Management
Or ganization Model
Inf or mation Model
Communication Model
Functional Model
Figur e 2.1 OSl Networ k M anagem ent Model The Or ganization model descr i bes the networ k management com ponents, functions of com ponents and their r elationshi ps. The OSI Infor mation deals with Str uctur e of management inf or mation (SMI), it deals with syntax and semantics. It contains Management inf or mation base (MIB) and MIB deals with or ganization of management inf or mation. The Communication models consists of Tr ansf er syntax with bi-dir ectional messages, Tr ansf er str uctur e (PDU).The Functional model deals with user o r iented requirem en ts.
The OSI def ines five functional a p plications name ly • Conf igur e com ponents • Monitor com ponents • Measur e per f or mance • Secur e inf or mation • Usage accounting 2.3 Organizational Model This descr i bes com ponents of networ k management and their relationshi p. It def ines the ter ms o b ject, agent and manager . Manager is res ponsi ble for o Manages the managed elements o Sends requests to agents o Monitor s alar ms o Houses a p plications o Pr ovides user inter f ace
Agent is res ponsi ble for o Gather s inf or mation fr om objects o Conf igur es par ameter s of o b jects o Res ponds to manager s’ requests o Generates alar ms and sends them to manager s Managed o b ject per f orms o Networ k element that is managed o Houses management agent o All o b jects ar e either managed or unmanaged
Two-Tier Model
MD B
Manager
Managed ob jects Unm anaged ob jects MDB Mana gem ent Databa se Agent process
Figur e 2.2 T wo -Tier N etwor k Management Organizat io n Model
The Agent built into networ k element for example the Managed hu b, managed r outer . An agent can manage multi ple elements for exam ple the Switched hu b, ATM switch. The MDB is a physical data base. Unmanaged o b jects ar e networ k elements that ar e not managed - both hysical (unmanaged hu b) and logical (passive el ements). Three-T ier Model
The middle layer plays the dual role
Agent to the top-level manager Manager to the managed o b jects Exam ple of middle level: Remote monitor ing agent (R MO N)
Manager
M DB
Agent / Ma na ger
M DB
Managed objects M D B M a nag e m ent D at a bas e Agent pr ocess
Figur e 2.3 T hr ee -Tier Netwo r k Man agement Or gani zation Mo del
Manager of Managers
MoM
Age nt
Agent NMS M anag er
MD B
Age nt
Agent NMS
MD B
M ana ger
MD B
M ana ged o bje ct s M a n a g e d o bj e c t s
Ag ent N MS M oM M DB
Ma nag er of M anag er s Ma nag eme nt D at a base
Age nt
Ma nager
A ge nt p ro cess
Figur e 2.4 Networ k Managem ent O r g an iza tion Mod el with MoM
Agent Networ k Management System manages the domain. Manager of Manager s (MoM) pr esents integr ated view of domains. The Domain may be geogr a phical, administr ative, vendor s pecif ic pr oducts, etc Peer Network Management Systems
Dual role of both NMSs Networ k management system acts as peer s
Dum b bell ar chitectur e discussed in Cha pter 1 Notice that the manager and pr ocesses and not systems
agent
functions
Agent NMS
Manager NMS
Manager NMS
Agent NMS
ar e
Figur e 2.5 Dual Role of Manageme nt Process 2.4 Inf ormation Mode l
Figur e in a book uniquely identif ied by ISBN, Cha pter , and Figur e num ber in that hier ar chical or der . The ID: {ISB N, cha pter , figur e}. The thr ee elements a bove def ine the syntax. Semantics is the meaning of the thr ee entities accor ding to We bster ’s dictionary. The inf or mation com pr ises s yntax and semantics a bout an o b ject. Structure of Management Inf ormation
(SMI)
SMI def ines for a managed o b ject. It contains Syntax, Semantics and plus additional inf or mation such as status. Exam ple sysDescr : {system1} S ynt a x: OCTET STRING Def inition: "A textual descr i ption of the entity " A c c e ss : read-only Status: mandator y M anagement Data B ase / Inf ormation B ase
MDB
Manager
Managed objects
MIB
The distinction between MDB and MIB ar e • •
MDB physical data base; e.g.. Or acle, Sy base MIB vir tual data base; sc h e m a management sof twar e
com piled
into
An NMS can automatically discover a managed o b ject, such as a hu b, when added to the hub is network . The NMS can identif y the new o b ject as hub only af ter the MIB schema of the com piled into NMS s of twar e M anagement Inf ormation Tree
Root .
Level 1 Level 2 Level 3
Figur e 2.6 Gener ic Repr esentation of Manageme nt Inf or mation Tree Ob ject T ype and Instance The o b ject ty pes ar e name,Syntax,Def inition,Status and Access
For the exam ple of a circle
iso itu dod • Designation: • iso • or g • dod inter net •
•
Inter national Standar ds Inter national Telecommunications De par tment of Def ense
Or ganization Union
1 1.3 1.3.6 1.3.6.1
The “cir cle” is syntax. Semantics is def inition fr om dictionar y”. “A plane figure bounded by a single curved line, every point of which is of equal distance fr om the center of the figur e.”
itu 0
iso 1
iso-i tu 2
or g 3
d od 6
i nter net 1
Figur e2.7
OSI Management Inf or mation Tree
Managed Ob ject Perspectives
A c cess : Ac c es s pr ivile ge
Obje ct T ype: O bj e c t I D D es cr i ptor cir cle
an d
St atus I m p l e m en t a i o n re qui r eme nts Syntax m odel of o b j ect
:
Def inti on S e m a n t ic s text u al d es cr i ption
:
Fi gur e 2. 8 (a) I nte r net P e r spe cti ve
Notific ations : Notif y changes in attr ibute values
Ob ject Class: Circular object
Behaviour
Oper ations: Push
Attr ibutes : ci r cle, dimension Figur e 3.9(b) OS I Pe rspective
Attribu tes: ellipse, di mension
:
• • • • • •
ob ject ID and de scr i pt or s ynt ax acce ss st at us de f init ion
ob ject cl a ss at t r ibut es • • o per at ions behavior • not ifications • Pack et Counter Examp le •
unique ID and name for the o b ject used to model the o b ject access pr ivilege to a managed object im plementation requir ements textual descr i ption of the semantics of o b ject type
managed ob ject attr i butes visi ble at its boundary o per ations which may be a pplied to it behavior exhi bited by it in res ponse to operation notif ications emitted by the o b ject
Char acter istics
Example
Object type
PktCounter
Synt ax
Count er
Ac c ess
Read-only
St at us
Mandatory
Desc r p i t ion
Counts number of packets Figur e 2.10(a) Inter net Per spect ive
Char acter istics
Example
Object cl ass
Packet Counter
At t ri but es
Single-val ued
O perations
get, set
Behav i or
Retrieves or resets val ues
Not i f i c at i ons
Generates notificati ons on new value Figur e 2.10 (b) OSI Per sp ec tive
Figur e 2.10 P acket Counter As Example of Managed Object
2.5 Communication Model
In Inter net requests/r es ponses are in OSI o per ations. In Inter net tr a ps and notif ications ar e in (S NMPv2).
Oper ations / Re q u e s t s Manager
Responses
Applications
Notifications / Traps
Agent Networ k Elements / Managed Ob jects
Figur e 2.11 Management Message Communication Model
Transf er Protocols
Manager Applic ations
Manager C o m m u n i c a ti o n Module
Transpor t Layers
Oper ations / Requests / Res pon ses Traps / Notifications
SNMP (Internet) CMIP (OSI)
UDP / IP (Intern e t) OSI Lo wer L ayer Pr ofiles (OSI )
Agent Applications
Agent Comm unication M o dul e
T ranspor t Layers
Phys ical Medium
Figur e 2.12 Management Communication Tr ansf er Pr otocols
Inter net is based on S NMP and OSI is based on CMIP. OSI uses CMISE (Common Management Inf or mation Ser vice Element) a p plication with CMIP. OSI s pecifies both c-o and connectionless tr ans por t pr otocol; S NMPv2 extended to c-o, but r ar ely used.
2.6 Abstract Syntax Notation One:ASN.1
AS N.1 is mor e than syntax; it’s a lan guage. It add resses both syntax and semantics. Ther e ar e two ty pes of syntax • •
A bstr act syntax: set of rules that s pecify data t y pe and str uctur e for inf or mation stor age. Tr ansf er s yntax: set of rules for communicating infor mation between syst ems.
Mak es a p plication layer pr otocols inde pendent of lower layer pro tocols. It can gener ate machine-reada ble code for exam ple Basic Encoding Rules (BER ) is used in management modules. Back us- Nauer Form (BNF) • • • •
• • •
B NF is used for AS N.1 constr ucts Constr ucts develo ped fr om pr imitives The below exam ple illustr ates how num ber s ar e constr ucted fr om the pr imitive Sim ple Ar ithmetic Ex pr ession entity () is constr ucted fr om the pr imitives and
Def inition: ::= Rules: ::= 0|1|2|3|4|5|6|7|8|9 ::= | ::= +|-|x|/ ::= || E x a m p le : 9 is pr imit ive 9 19 is con st r uct of 1 and 9 619 is con st r uct of 6 and 19
Simple Arithmetic Expression
• • •
SAE> ::= | Exam ple: 26 = 13 x 2 Constr ucts and pr imitives
T y pe a n d V a l u e
Assignments values ::= BOOLEAN ::= TRUE | FALSE AS N.1 a module is per son-name Per son- Name :: = { fir st "John", middle "I",
group
of
assignments
last "Smith" } Data Type: Example 1
Module name star ts with ca pital letter s Data ty pes: Pr imitives: NULL, Gr a phicStr ing Constr ucts Alter natives : CHOICE List mak er: SET, SEQUE NCE Re petition: SET OF, SEQUE NCE OF:
Dif ference between SET and SEQUENCE Per sonnelRec or d ::= SET Name, { t i t le Gr aphicStrin g, division CHOICE mar keting {Sector , Countr y}, res earch [1] {pr oduct - based basic pr oduction {Pr oduct - li n e Country } etc.
[ 0]
SEQUENCE
CHOIC E [0 ] NULL, [1 ] NULL}, [2 ] SEQUENCE ,
}
Exa m p l e 1
ASN. 1 Symbols Sym bol ::= | -{} [] () ..
Meaning Def ined as or , alter native, options of a list Signed num ber Following the sym bol ar e comments Star t and end of a list Star t and end of a tag Star t and end of subty pe Range
Data Type: Structure & T ag
•
Str uctur e def ines how data ty pe is built
•
Tag uniquely identif ies the data ty pe
If the Str uctur e is sim ple
Page Nu m ber ::= INTEGER Cha pter Num ber ::= I NTEGER Str uctur e / Constr uct Book Page Num ber ::= SEQUE NCE Exam ple: {1-1, 2-3, 3-39} Tagged
{Cha pter Num ber ,
Der ived fr om another ty pe; given a new ID a p plication s pecif ic Other ty pes: CHOICE, A NY
Book Pages
::=
SEQUE NCE
Se parator ,
Page Num ber }
In Fig, I NTEGER is either univer sal or
OF
{
Book Page Num ber }
or Book Pages ::= SEQUENCE OF {SEQUE NCE {Cha pter Num ber , Se par ator , Page Num ber } } Dat a Type
Ta g Str uct ur e
N um ber Si m p l e
S tr uct ur ed
T ag ged
Cl as s
Ot her
U ni ver sal
A pplicati on
Fi gur e 2. 13 A S N. 1 D ata Type S tr uctu re and Tag
Cont exts pecif ic
Pr iv ate
2.7Functional Model
OSI Functional Model
Configuration Management
• • • • •
Fault Management
Performance Management
Security Management
Accounting Management
The conf igur ation management will set and change networ k configur ation and com ponent par ameter s. It will set up alar m thr esh olds Fault management will do detection and isolation of failur es in networ k and trou ble tick et administr ation Per f or mance management monitor s per f or mance of networ k Secur ity management—Authentication, Author ization and Encr y ption Accounting management-- Functional accounting of networ k usage
Chapter 3 SNMPv1: Organization and Inf ormation Mod els 3.1 Managed Network : Case Histories
•
• • • •
AT&T Networ k Management Center s • Networ k Contr ol Centers • Networ k Oper ations Center C N N Wor ld Headquarter s Centr alized tr ou bleshooting of NIC Per f or mance degr adation du e to NMS Bell O per ating com p any pr ocedur e
Managed L AN NM S 192 . 168. 25 2 .11 0 17 2. 17.252 .1
R out er 2 Back bone Netw or k
R out er 1 172. 16.4 6. 1 Hu b 1 17 2.16.46.2
Hu b 2 17 2.1 6.4 6. 3
Fi gur e 3.1 A M an age d LAN Netw ork
NMS on su bnet 192.168.252.1 manages the router a nd the hu bs on su bnet 172.16.46.1 acr oss the back bone networ k .In for mation o btained querying the hub. Data tr uly ref lects what is stor ed in the hub Managed Router: Port Addresses
• • • •
Inf or mation acquir ed by NMS on the router inter f aces Index ref er s to the interf ace on the router LEC is the LAN emulation car d Ether net 2/0 inter face ref er s to the inter f ace car d 2 and por t 0 in that car d
Ind ex
Interface
IP address
N etw or k Mask
N etw or k Ad dress
Link A dd re ss
23 25
L E C . 1 .0 L E C . 3 .9
255 .255.255.0 255 .255.255.0
Et h ern et2/0 Et h ern et2/3 Et h ern et2/4 Et h ern e t1/2 Et h ern e t 0/1 Et h ern et2/2 Et h ern e t1/1 Et h ern et2/1
19 2.168 .3.0 1 9 2 .1 6 8 .2 5 2 . 0 1 72.16 . .46.0 17 2.16.49.0 17 2.16.52.0 17 2.16.55.0 17 2.16.56.0 17 2.16.57.0 17 2.16.58.0 17 2.16.60.0
0x 0 0000 C3 920 B4 0x 0000 0C3 920 B4
13 16 17 9 2 15 8 14
1 92.16 8.3.1 1 92.16 8.252 .1 5 1 72.16 ..46.1 1 72.16 .49.1 1 72.16 .52.1 1 72.16 .55.1 1 72.16 .56.1 1 72.16 .57.1 1 72.16 .58.1 1 72.16 .60.1
25 5.25 5.255 .0 255 .255.255.0 255 .255.255.0 255 .255.255.0 255 .255.255.0 255 .255.255.0 255 .255.255.0 255 .255.255.0
0x00 000C 392 0 AC 0x 0 0000 C3 920 AF 0x 0 0000 C3 920 B0 0x 0 0000 C3 920 A6 0x0000 0C3 9209 D 0x 0 0000 C3 920 AE 0x 0 0000 C3 920 A5 0x0000 0C3 920 AD
3.2 History Internet SNMP Ma nagement • 1970 Advanced Resear ch Pr o ject Agency Networ k Inter net contr ol Message Pr otocol (ICMP) • Inter net Engineer ing Task For ce (IETF) • 1990 S NMPv1 • 1995 S NMPv2 • 1998 S NMPv3 • Inter net documents: • Request for Comments (R FC) • IETF STD Inter net Standar d • FYI For your inf or mation • Sour ce for RFCs SNMP M a n agement • ft p://nic.mil/r f c Documents • ft p://f t p.inter nic.net/r f c • htt p://nic/inter net.net/ RFC 1065 SMI RFC 1155 STD 16 SNMPv1 Traps RFC 1215
RFC 1066 MIB I RFC 1156
Concise SMI RFC 1212 STD 16
(AR PA NET)
RFC 1067 RFC 1098 SNMPv1 RFC 1157 STD 15
RFC 1158 MIB II RFC 1213 STD 17 RFC 1442 SMIv2 RFC 1902
RFC 1443 SMIv2 Txt Conventions RFC 1903
RFC 1448 SNMPv2 Pr otocol Ops 1905
RFC 1444 SMIv2 Conf or mances RFC 1904
MIB II f or SNMPv2 RFC 1907
Figur e 3.2 SNMP Document Evolution
RFC 1449 SNMPv2 Tr anspor t Map. RFC 1906
3.3 SNMP M ode l
Or ganization Model • Relationshi p between networ k element, agent, and manager • Hier ar chical ar chitectur e • Inf or mation Model • Uses AS N.1 syntax • SMI (Str uctur e of Management Inf or mation • MIB ( Management Inf ormation Base) • Communication Model • Tr ansf er syntax • S NMP over TCP/IP • Communication ser vices addr essed by messages • Secur ity fr amewor k community- based model 3.4 The Organization Model •
Two-Tier Organization Model
SNMP Manager
SNMP Manager
SNMP Manager
SNMPAgent
Network Agent
Network Element
Network Element
(a) One Manager - One Agent Model
(b) Multiple Managers - One Agent Model
Three-Tier Organization Model: RMON
S NMP Manager
RMON Pr obe Managed Ob jects
• • • •
Managed o b ject com pr ises networ k element and management agent RMO N acts as an agent and a manager RMO N (R emote Monitor ing) gather s data fr om MO, analyses the data, and stor es the data Communicates the statistics to the manager
3.5 System Architecture SN MP M anager
Man ag em ent Da t a
SNMP A g en t
SN M P M ana g er A ppli cation
SN M P A g e nt Ap plica ti on
G et N ex t- R equ est G et- Req ue st S et -R eG qe ute-sRtespo ns e
G etN e xt-R equ est Get-R equest Set -Re q eGt ue R-s tes po ns e
Tr a p
Trap
SN MP
SN MP
UD P
UD P
IP
IP
D LC
D LC
PHY
P HY
Ph ysical Me diu m
Fi gur e 3.3 SN M P N et w or k M ana g ement Arc hitect ure
Messages between manager and agent Dir ection of messages - 3 fr om manager and 2 f r om agent SNMP Messages • Get-Request • Sent by manager r equesting data fr om agent • Get- Next-Request • Sent by manager r equesting data on the next MO to the one s pecified • Set-Request • Initializes or changes the value of network element • •
•
•
Get-Res ponse • Agent res ponds with data for get and set requests fr om the manager Tr a p • Alar m gener ated by an agent
3.6 The Inf ormation Model Managed Ob ject Ob ject
Ob ject Type Name: OBJECT IDENTIFIER
Object Instance
Syntax: ASN.1
Encoding: BER
Figur e 3.4 Managed Ob ject: Type and Instance
• •
O b ject ty pe and data ty pe ar e syno nymou s O b ject identif ier is data ty pe, not instance
Managed Ob ject: Multiple Instance s Object
Object T yp e
Name: OBJECT IDENTIFIER
Object In s ta n c e 3 Object Instance 2
Syntax: ASN.1
Encodin g: BER
Ob ject Instance 1
Figur e 3.5 M anaged Ob ject : Type wi th Multip le Instan ce s
• • •
All 3 Com hu bs of the same ver sion have identical identif ier ; they ar e distinguished by the IP addr ess Each IP address is an instance of the object
N am e Uniquely def ined by • DESCR IPTOR AND • OBJECT IDE NTIFIER
•
inter net OBJECT IDE NTIFIER ::= {iso or g(3) dod(6) 1 }.
• • •
inter net OBJECT IDE NTIFIER ::= {iso(1) standar d(3) dod(6) inter net(1)} inter net OBJECT IDE NTIFIER ::= {1 3 6 1} inter net OBJECT IDE NTIFIER ::= {iso standar d dod inter net OBJECT IDE NTIFIER ::= { iso standar d dod(6) inter net(1) } inter net OBJECT IDE NTIFIER ::= { iso(1) standar d(3) 6 1 }
•
Internet Subnodes Inter net {1 3 6 1}
dir ect ory (1)
m gmt (2)
exper imental (3)
pr ivate (4)
Figur e 3.6 Sub nodes und er In ternet N od e in SNMPv1
dir ector y mgmt ex per imental pr ivate
OBJECT IDE NTIFIER ::= {inter net 1} OBJECT IDE NTIFIER ::= {inter net 2} OBJECT IDENTIF IER :: = {inter net 3} OBJECT IDE NTIFIER ::= {inter net 4}
Private MIB Example I n t er n e t {1 3 6 1}
pr i vate (4)
enter pr ises (1)
cis co ( 9)
hp (11)
3 Co m (4 3)
Fi gur e 3.7 Pr iva te Subtr e e for Comme r cia l Vendo rs
Ca bletr on ( 52)
inter net
}
SN MP A SN. 1 Dat a Type
T ag Str uct ur e
Num ber C l as s Si m p l e or Pr i mitive
D ef ined or A ppli cation
C o nstr u ct o r or St r uctured
Uni ver sal
A p plication
C ont e xtsp ecif ic
Pr iv ate
Fi gur e 3.7 SN MP A SN. 1 Dat a Type
Primitive Data Types
Structur e Pr imitive types
Data Type I N TE G E R
OCTET STRING
O B J E C T I D E N T I F IE R NULL
Comments Subtype INTEGER (n1..nN) Special case: Enumerated IN T E G E R t y p e 8-bit bytes bi nary and textual data Subtypes can be specifi ed by either range or fi xed Ob ject position in MIB Placehol der
get -r eque st message has NULL for value fields and get -re s ponse fr om agent has the values filled in • su bty pe: • I NTEGER (0..255) • OCTET STR I NG (S IZE 0..255) • OCTET STR I NG (SIZE 8) Enumerated er r or-status I NTEGER { noEr r or (0) tooBig(1) genEr r (5) author izationEr r or (16) } •
Def i ned types
Networ k Addr ess IpAddress Count er
Not used Dotted decimal IP addres s W rap-ar ound, non-negative integer, monotonically increasi ng, max 2^32 -1 Capped, non-negative i nteger, increase or decrease Non-negative integer in hundr edths of secon d units Appli cation-wi de arbitrary ASN.1 syntax, double wrapped OCTET STRING
G auge Ti meTicks O paque
Def ined data ty pes ar e sim ple or base ty pes O paque is used to cr eate data ty pes based on pr eviously def ined data ty pes
• •
Def ined or Application Data Type
Defi n ed types
Networ k Address Ip Addr ess Counter
G auge TimeTicks O paqu e
Not used Dotted decimal IP addr ess Wr ap -around, non-negative integer , monotonically incre asi ng , max 2^32 -1 Capped, non-negative integer, increase or decrease Non-negative integ er in hundredths of secon d units Appli cation-wide arbitrary ASN.1 syntax, double wrapped OCTET ST R I N G
Constructor or Structu red Data T ype: SEQUE NCE
1 2 3 4 5 6
Object ipAdEntAddr ipAdEntIfIndex ipAdEntNetMask ipAdEntBcastAddr ipAdEntReasmMaxSize ipAddrEntry
OBJECT IDENTIFIER {ipAddrEntry 1} {ipAddrEntry 2} {ipAddrEntry 3} {ipAddrEntry 4} {ipAddrEntry 5} {ipAddrTable 1}
ObjectSyntax IpAddress INTEGER IpAddress INTEGER INTEGER SEQUENCE
List:
•
Ip Addr Entry ::= SEQUENCE { ip AdEntAddr Ip Addr ess ip AdEntIf Index I N TE G E R ip AdEntNetMask Ip Addr ess ip AdEntBcast Addr I N TE G E R ip AdEntReasmMaxSize INTEGER (0..65535) } Managed Ob ject IpAdd rEntry as a li st
Basic Encoding Rules (BER ) Tag, Length, and Value (TLV
Type
Class (7-8th bits)
Length
P/C (6th bit)
Value
Tag Number (1-5th bits)
S NMP Data Types and Tags Ty pe Tag OBJECT IDE NTIFIER U NIVER SAL 6 SEQUE NCE U NIVER SAL 16 I pAddr ess APPLICATION 0 Counter APPLICATION 1 Ga u g e APPLICATION 2 TimeTick s APPLICATION 3 O paque APPLICATIO N 4 Managed O b ject: Structure OBJ ECT: sysDescr : { s ystem 1 } Syntax: OCTET STR I NG Def inition: "A textual descr i ption of the entity. This value should include the full name and ver sion identif ication of the system's har dwar e ty pe, sof twar e o per ating-system, and networ k ing sof twar e. It is mandatory that this only contain pr inta ble ASCII char acter s." Access: read-only Status: mandator y Figure 31 Specifications for System Description
Managed Ob ject: M acro OBJ ECT-TYPE MACR O ::= B E GI N TYPE NOTATION ::= “SY NTAX” t y pe(TYPE O b jectSyntax) “ACCESS” Access “STATUS” Status VALUE NOTATION ::= value(VALUE O b ject Name)
Access ::= “r ead-only” | “wr ite-only” | “not-accessi ble” Status ::= “mandator y” | “o ptional” | “o bsolete” E ND
Figure 3.2(a) OB JECT-TYPE Macro [R FC 1155]
sysDescr OBJECT-TYPE SY NTAX Dis playStr ing (SIZE (0..255)) ACCESS read-only STATUS mandator y DESCR IPTIO N “A textual descr i ption of the entit y. This value should include the full name and ver sion identif ication of the system’s har dware type, sof twar e oper ating-system, and networ k ing sof twar e. It is mandator y that this only contain pr inta ble ASCII char acter s.” ::= {system 1 }
Figure 3.3(b) Scalar or Single Instance Macro: sysDescr [RFC 1213] Aggregate Ob ject • A gr ou p of o b jects • Also called ta bular objects • Can be re pr esented by a ta ble with • Columns of objects Rows of instances • Exam ple: IP addr ess table • Consists of o b jects: • IP addr ess • Inter f ace • Su bnet mask (which subnet thi s addr ess belongs to) • Br oadcast addr ess (value of l.s.b. in IP br oadcast addr ess) • Lar gest IP datagr am that can be assem bled • Multi ple instances of these o b jects associated with the node
Aggregate M.O. Ma cro: T able Ob ject
• • • • • •
• • • •
i pAddr Ta ble OBJECT-TYPE SY NTAX SEQUE NCE OF I pAddr Entry ACCESS n ot-accessi ble STATUS mandatory DESCR IPTION "The ta ble of addr essing inf or mation relevant to this entity's IP addr esses." ::= {ip 20} i pAddr Ta ble OBJ ECT-TYPE ::= {ip 20} i pAddr Entry OBJ ECT-TYPE ::= {i pAddr Ta ble 1}
Aggregate M.O. Ma cro: Entry Ob ject
• • • • • • •
i pAddr Entr y OBJECT-TYPE SY NTAX I pAddr Entr y ACCESS n ot-accessi ble STATUS mandatory DESCR IPTION "The addr essing inf or mation for one of this entity's IP addr esses."
I NDEX { i pAdEntAddr } ::= { i pAddr Ta ble 1 } I pAddrEntr y ::= SEQUE NCE { i pAdEntAddr I pAddr ess, i pAdEntIf Index I NTEGER , i pAdEnt NetMask I pAddr ess, i pAdEntBcastAddr I NTEGER , i pAdEntR easmMaxSize I NTEGER (0..65535) E nt Ad d r uniquely identif ies an instance. May requir e mor e than one o b ject in the Index i p Ad instance to uniquely identify it •
Aggregate M.O. Ma cro: Columnar Ob jects
• • • • •
i pAdEntAddr OBJECT-TYPE SY NTAX I pAddr ess ACCESS read-only STATUS mandatory DESCR IPTION "The IP address to which this entry's addr essing inf or mation per tains."
• • • • • • • • •
•
::= { i pAddr Entr y 1 } i pAdEntR easmMaxSize OBJ ECT-TYPE SY NTAX I NTEGER (0..65535) ACCESS read-only STATUS mandatory DESCR IPTION "The size of the lar gest IP datagr am which this entity can re-assem ble fr om incoming IP fr agmented datagr ams received on this inter f ace." ::= { i pAddr Entry 5 }
Tabular Representation of Aggregate Ob ject
T ABLE T ENTRY E
COLUMN AR OBJECT 1
COLUMN AR OBJECT 2
COLUMN AR OBJECT 3
COLUMN AR OBJECT 4
COLUMN AR OBJECT 5
Figur e 3.8(a) Multiple Instance Managed Ob ject
The o b jects T ABLE T and E NT RY E ar e o b jects that ar e logical o b jects. They def ine the gr ou ping and ar e not accessi ble. Columnar o b jects ar e ob jects that re pr esent the attr i butes and hence ar e accessi ble. Each instance of E is a row of columnar ob jects 1 thr ough 5. Multi ple instances of E ar e represented by multi ple r ows. 3.7 Management Inf ormation Base
• • •
MIB-II (R FC 1213) is su per set of MIB-I O b jects that are related gr ou ped into o b ject gr ou ps MIB module com pr ises module name, im por ts from other modules, and def initions of cur r ent module
RFC 1213 def ines eleven gr oups.
Internet {1 3 6 1}
directory (1)
mgmt (2)
experimental (3)
pr ivate (4)
mib-2 (1)
system (1)
snmp (11) tr an smission (10)
interfa ces (2) at (3)
cmot (9)
ip (4)
egp (8)
icmp (5)
udp (7) tcp (6)
Figur e 4.26 Internet MIB-II Group
E n t it y s ysDes cr sysOb jectID s y s Up Ti m e sysContact sysName s y s L o c at i o n sysServices
OID system 1 system 2 system 3 system 4 system 5 system 6 system 7
Descr iption (br ief) Textual description OBJECT IDENTIFIER of the enti ty Ti me (in hundredths of a second since last reset) Contact person for the node Admini str ative name of the system Physical locati on of the node Value designati n g the layer services provide d by the entity
S y s te m G r o up
s y st e m (mib-2 1)
sysDescr (1) sysOb jectId (2) sysUp Ti m e (3)
sys Ser vices (7) sy s L o c a t i o n ( 6 ) sysName (5) sys Contact (4)
Figu r e 3 .9 S ys tem Gr oup
sysServices
sysSer vices OBJECT-TYPE SY NTAX I NTEGER (0..127) ACCESS read-only STATUS mandator y DESCR IPTIO N "A value which indicates the set of ser vices that this entity pr imar ily off er s.The value is a sum. This sum initially tak es the value zer o, Then, for each layer , L, in the range1 thr ough 7, that this node per f orms transactions for , 2 raised to (L - 1) is added to the sum. For exam ple, a node which per f orms pr imar ily routing functions would have a value of 4 (2^(3-1)). In contr ast, a node which is a host of f er ing application ser vices would have a value of 72 (2^(4-1) + 2^(7-1)). Note that in the context of t he Inter net suite of pr otocols, values should b calculated accor dingly: layer functionality 1 physical (e.g., re peater s) 2 datalink /su bnetwor k (e.g., bridges) 3 inter net (e.g., IP gateway s) 4 end-to-end (e.g., IP hosts) 7 a p plications (e.g., mail relays) For systems including OSI pr otocols, layer s 5 and 6 may also be counted." :: = { system 7 } Interf aces Group
i nter f aces (mi b-2 2)
if Num ber (1)
if Ta bl e ( 2)
if Entr y (1)
if Index (1)
if Specif ic (22) i f O u t Q L e n ( 2 1)
if Descr (2)
if Type (3)
ifOutEr r or s (20)
if Mtu (4)
ifOutDi scar ds (19)
i fS p e e d ( 5 )
if OutNUcastPkts (18)
ifPhys Addr ess (6)
if Out UcastPkt s (1 7)
if Adminstatus (7)
if OutOctets (16)
if Op er Status (8)
if Unk no wnPr otos (15)
if LastCha ng e (9)
if InEr r or s (14)
if InOct ets (1 0) ifInUcastPkts (11)
Le gend:
if In Discar ds (13) ifInNUca stPk ts (12)
I NDE X i n bold
Fi gur e 3.9 I nter f ace s Gr oup
IP Group
ip (mib-2 4)
i pRoutin gDi scar ds (23)
i pFor wardi ng (1) i pDef aultTTL (2)
ipNetT oM edi aTa bl e (2 2) i pRo uteTabl e (21)
i pIn Receives (3) i pIn Hdr Er r or s (4)
i p A ddr T able ( 20)
i pIn Ad dr Er r or s (5)
i pFr agCr e ates (19) i pFr ag Fail s ( 18)
ipFor wDatagr am s (6) ipInUnknownPr otos (7)
ipFr agOKs (1 7)
i pIn Discar ds (8)
i pReasm Fails (16 )
i pIn Deliver s (9)
i pR e as m O K s ( 1 5)
i pOutRe qu ests(10)
ipReasmReqds (14)
i pOutDiscar ds (11)
ipReasmTimeout (13)
ipOutNo Ro utes (12)
Fi gur e 3. 10 IP G rou p
• • • •
i pFor war ding: Gateway(1) and Router (2) IP Addr ess Ta ble contains ta ble of IP addr esses IP Route Ta ble contains an entry for each route IP Networ k -to-Media Ta ble is addr ess tr anslation ta ble ma p ping IP addr esses to physical addr esses IP Address Translation Table ipNetToMediaTable (ip 22)
ipNetToMediaEntr y (1)
ipNetToMediaIf Index (1) ipNetToMediaPhys Addr ess (2)
ipN et T oMe di aT yp e ( 4)
ipNetToMediaNetAddr ess
Figur e 3.11 IP Addr ess Tr anslation Table
(3)
ICMP Grou p
icmp (m ib-2 5)
icm pIn Ms gs ( 1)
i c m p O u t A d d r M a s k R e p s ( 2 6)
ic mpI nErr or s ( 2)
icm pO ut A dd rM as asks (2 5)
ic m p I n D e s t U n r e a c h s ( 3 )
i c m p O u t Ti m e s t a m p R e p s ( 2 4 )
ic mpI nTi meE xcds ( 4) 4)
i c m pO ut T i m e st a mps ( 2 3 )
icm pI nP ar mPr obe ( 5)
icm pO ut Ec ho R e ps ( 22 22)
ic mpI nS r cQ uen ch s ( 6)
ic m p O u t E c h o s ( 2 1)
icm pInR e direct s ( 7)
i cm p O u t R e di r e c t s ( 2 0 )
icm pI nEchos ( 8)
i c m p O u t S r c Q u e n c hs ( 1 9 )
ic mpI n Echo R eps ( 9)
icmpOutP ar mP r o be ( 1 8) i cm p O u tT i m e E x c ds ( 1 7 )
icmpInTimest amps ( 10 ) icm pI nTi me st a m pR e p s (1 1)
ic mp O utD estU n re ac hs ( 16 16 )
icmpI n A d dr Ma sks ( 12 )
icmp O utE rr ors (1 5)
icm pI nA dd rM a sk Re p s ( 13 13 )
ic m p I n M s g s ( 1 4 )
Fi gur e 3. 12 IC M P G ro up
•
•
O b jects associated with ping • icm pOutEchos # ICMP echo messages sent • icm pInEchoR e ps # ICMP echo reply messages re c e i v e d O b jects associated with tr acer out e / t r acer t • icm pInTimeExcs # ICMP time exceeded messages received
TCP Group
tc p (mib-2 6)
tc pRto A lgor i thm
tc pOut Rsts (15)
( 1)
tcpInE r r or s (14)
t c p R t o M i n ( 2)
tcp Co nn Ta ble 13)
tc pRtoM ax (3)
tcp Retr a nSe gs (12)
t c p M a x C o n n ( 4) tcp ActiveOpe ns (5)
tcp OutSe gs (11)
tcpP assi veOpe ns (6)
t c p In S e g s ( 1 0)
tcp Attem ptFails ( 7)
tcp Cur r Estab (9) tcpEstabResets (8)
Figur e 3 .13 T CP Gr oup
TCP Connection T able
Entity
OID
tc pConnTable tcpconnEntry
Descr iption (br ief)
tcp 13 TcpConnTable 1
t c p Co n n S t at e TcpConnEntr y tcpConnLocalAddr ess TcpConnEntr y TcpConnEntr y tcpConnLocalPort tcpConnRemAdd ress TcpConnEntr y TcpConnEntr y tcpConnRemPort
1 2 3 4 5
TCO connecti on table Inf or mation about a particular TCP connection State of the TCP connec tion Local IP address Local port number Remote IP address Remote por t number
tcpConnTable (tcp 1 3) tcpConn Entr y ( 1)
tc pConnState (1)
tc pCo mm RemPor t (5)
tc pCon nLoca lAd dr ess (2)
tcpC on nR emAdd r ess(4)
tcpC onnL ocalPo r t (3)
Figu r e 3.14 T CP Con nectio n Table
UDP Group
Connectionless tr ans por t pr otocol gr oup Has one ta ble, UDP ta ble
E n t it y udpInDatagrams
OID udp 1
udpNoPorts
udp 2
udpInErr ors udpOutDatagrams udpTable udpEntry
udp 3 udp 4 udp 5 udpTable 1
u d p L o c a l A d d r e ss udpLocalPort
udpEntr y 1 udpEntr y 2
Descr iption (brief) Total number of datagrams delivered to the user s Total number of received datagr ams for whi ch there is no application Number of received datagrams with er ror s Total number of datagrams sent UDP Listener table Inf ormation about a par ticular connecti on or UDP listener Local IP addr ess Local UDP por t
udp (mib-2 7)
udpInDatagr ams (1)
udpInEr r or s (3)
udpNoPorts (2)
udpOutDatagr ams (4)
udpTable (5)
udpEntry (1)
udpLocAddr ess (1)
udpLocalPor t (2)
Figur e 3.15 UDP Gr oup
3.7 SNMPv1: Communication Model SN M P A r c h i t e c t u r e SN M P M ana g er
Man ag ement Da t a
SN MP Age nt
StNNM e P M an ag e r Ge x t-R e q u e s t Applicati on e G et - R e que st Se t- R e qeuGstt-Res pon se
P A ge nt SN MReq uest GetN ext Ap plica tion G et-R eq ue st Gset t -R espo ns e Set-R eq u e
Tr ap
Tr ap
S N MP
S N MP
UD P
U DP
IP
IP
DL C
DL C
PHY
P HY
P hy sic al Med ium
Fi gure 3. 16 S N MP N et w or k M a na ge m ent Archit ec tur e
It is tr uly simple networ k management pr otocol . Five messages, thr ee fr om manager and two fr om agent SNMP Messages • Get-Request • Get- Next-Request • Set-Request • Get-Res ponse • Tr a p • Gener ic tra p • S pecif ic tr ap • Time stamp • Gener ic tr ap • coldStar t • war mStar t • link Down • link U p • authenticationf ailur e • eg p Neigh bor Loss • enter pr iseS pecif ic • S pecif ic tr a p • for s pecial measur ements such as statistics • Time stam p: Time since last initialization • 3.8 Administrative Model
• •
Based on community profi le and policy S NMP Entities: • S NMP a p plication entities - Reside in management stations and networ k elements - Manager and agent • S NMP pr otocol entities - Communication pr ocesses (PDU handlers) - Peer pr ocesses that su p por t a p plication entities
SN MP Man ag er
SN M P M anager
SN MP Man ager
A ut he nti ca ti on Sc he me
A ut he nti cati on S ch eme
A ut hent ic ati on S ch eme
A ut he ntic Me ssag es A ut he nti ca ti on Sc he me SN MP Ag ent
Fi gur e 3. 17 SN MP Commu ni t y
• • • • • • •
Secur ity in S NMPv1 is community-based Authentication scheme in manager and agent Community: Pair ing of t wo a p plication entities Community name: Str ing o f octets Two a p plications in the same community communicate with each other A p plication could have multi ple community names Communication is not secur ed in S NMPv1 - no encr y ption
SN MP Ag en t RE A DO N LY
n o t - a c ce s s i b l e O bject 1
READW R IT E
SN MP A cce ss Mo de
r ea d- only
w r it e-o nly
read-wri te
O b j ect 2
O b j ec t 3
O b ject 4
MI B Acc es s
SN MP MI B Vi e w
Fi gur e 3. 18 SN MP C om m unity Pr ofi le
•
• • • • • • •
MIB view • An agent is pr ogr ammed to view only a su bset of managed o b jects of a network e l e m e nt Access mode • Each community name is assigned an access mode:: read-only and read-wr ite Community pr of ile: MIB view + access mode O per ations on an o b ject deter mined by community. Pr of ile and the access mode of the o b ject Total of four access pr ivileges Some o b jects, such as ta ble and ta ble entry ar e non-accessi ble Administr ation model is S NMP access policy S NMP community paired with S NMP. community pr of ile is S NMP access policy
Par ameter s: • Community / communities • Agent / Agents • Manager / manager s
Manager
Community Agent 1
Community Prof ile 1 Com munity P rofile 2
Ag ent 2
A c c e s s P o l ic y
Manager manages Community 1 and 2 net wor k . Com ponents via Agents 1 and 2 . Agent 1 has only view of Community Pr of ile 1, e.g. Cisco com ponents. Agent 2 has only view of Community Pr of ile 2, e.g. 3Com com ponents. Manager has total view of both Cisco and 3 com ponents. Generalized Administration M odel
Man ager 1 (Comm uni ty 1)
Co m mu nity 1 Age nt 1
Co mm uni ty Pr of il e 1 Com mu nity Pr of ile 2
A ge nt 2
Man ager 3 (Comm unit y 1, Com munit y 2)
Co m mu nity 2 Age nt 3
Co mm uni ty Pr of il e 3 Com mu nity Pr of ile 4
A ge nt 4
Man ager 2 (Comm uni ty 2)
Fi gur e 3.19 SN MP Ac ces s P olic y
Manager 1 manages community 1, manager 2. community 2,and manager 3 (MoM ) both communities . 1 and 2 Proxy Access Policy
SN MP Ma nag er (Com mu nit y 1)
SN MP A ge nt
SN MP Co mm uni ty
Fi gur e 3. 2 0 S N MP Pr o xy A c ce ss P olicy
Pr oxy Agent
non-SNMP C om m unity
Pr oxy agent ena bles non-S NMP community. The elements ar e managed by an S NMP manager . An S NMP MIB is cr eated to handle the non-SNMP objects. 3.9 SNMP Protocol Specif ications
SNMP PDU
Da t a
Application PDU
Application Header
Tr ansport PDU
Versi o n
UDP Header
Networ k PDU
S NM P P DU
Application PDU
IP Header
Tr anspor t
DLC Header
Data Link PDU
Comm uni ty
PDU
Networ k PDU
Figur e 3.20 Encapsulated SNMP Message
• • •
•
Pr otocol entities su p por t a p plication entities Communication between remote peer pr ocesses Message consists of • Version identif ier • Community name • Pr otocol Data Unit Message enca psulated and tr ansmitted
Get and Set PDU
PDU RequestID Ty p e
Err or Status
Err or Index
Var Bind 1 name
VarBind 1 value
PDUs ::= CHOICE { Set Typ e PDUs Figur e 5.8 GGeteatnd Re que st -PD U, get-request get-next-request Get NextR equest-PDU, get-res ponse GetR es ponse-PDU, set-request SetR equest-PDU, tr ap Tr a p-PDU } PDU Types: enumer ated I NTEGER get-request [0] get-next-request [1 ] s e t - re q u e s t [2 ] get-res ponse [3 ] tr ap [4]
...
VarBind n name
Var Bind n value
Error in R esponse
Er r or Status ::= INTEGER { noEr r or (0) tooBig(1) noSuch Name(2) bad value(3) re a d O n l y ( 4 ) genEr r (5) } Er r or Index: No. of Var Bind that the fir st er r or occur r ed Trap PDU PDU Type
Ente
Agent Addre ss
Generic Tr ap Type
Gener ic Trap Type co ldS ta r t(0)
w ar mS ta r t( 1)
li nkD o w n(2) li nkU p( 3) a uth e n tica tio nFa ilu r e (4 ) e gp N e i gh b or L oss(5) e nte r p r ise S p ec ifi c(6)
Specific Tr ap Type
Timestamp
VarBind 1 name
Var Bind 1 value
...
VarBind n name
Var Bind n value
Descr iption (brief ) Sen din g pr otocol en tity is re initializing its elf; ag e nt's co n f ig ur a ti o n o r pro to col e ntity imp le me n ta ti o n ma y b e altere d Sen ding pr otocol e n tity is re initia lizi ng its el f; ag e nt co nf ig u r a tio n o r pro to col enti ty imp le me n ta ti o n n ot alte r e d Fail ure of o n e of the co m m u nicatio n links On e of the lin k s has come u p Auth e ntica tio n fa il u re Lo ss of E GP nei g hb or En ter pr ise-specif ic tr ap
Enter pr ise and agent addr ess per tain to the system generating the tr ap. Seven gener ic tr a ps s pecif ied by enumer ated I NTEGER . S pecif ic tr ap is a tr ap not cover ed by enterprise s pecif ic tr ap time stamp indicates elaps ed time since last re- initialization. 3.10 SNMP Operations
Man ager Pr ocess
Get Requ est ( sysDescr .0) GetResp ons e (sysDescr .0= " Su nOS" ) Get Requ est (sysO bjectI D.0) GetResp ons e ( sysOb jectID.0=e nter pr is es .11. 2.3.1 0.1.2 ) GetRe quest (sysUp Ti me.0) Get Respons e (sysUp Ti me.0=2 247 34 95 30) G e t Re q u e s t ( s y s C o n ta c t . 0 ) G etRes p o ns e (sysCo ntact.0=" ") GetRe q u est (sysNam e.0) Get Res p o nse (sys Nam e. 0="n oc 1 ") GetRe qu est (sysLocat ion.0) G e t R e s p o n s e ( s y s L o c a t i on . 0 = " " ) GetRe qu est (sy sSer vi ces.0) GetResp ons e (sysSer vi ces.0=72)
Figur e 3 .21 Get -Reque st Oper ation for Sys te m Gro up
Age nt Pr oc ess
M IB for Get-Next-Request
A
B
T
Z
E
1.1
2 .1
3 .1
1.2
2 .2
3 .2
Figur e 3.21 MIB f or Oper ation Sequences
A More Complex MIB Example
1
1
5
2
2
18
2
6
3
10
4
9
Figu r e 3 .22 MIB Examp le for Lexicogr aphic Or d er i ng
9
21
Get-Next-Request Operation
Manager Pr ocess
Agent Pr ocess GetNextRequest (sysUpTime, atPhys Addr ess)
GetResponse( (sysUpTime.0 = "315131795"), (atPhys Addr ess.13.172.16.46.1 = "0000000C3920 AC"))
GetNextRequest (sysUpTime, atPhys Addr ess.13.172.16.46.1)
GetResponse( (sysUpTime.0 = "315131800"), (atPhys Addr ess.16.172.16.49.1 = "0000000C3920 AF") )
GetNextRequest (sysUpTime, atPhys Addr ess.16.172.16.49.1)
GetResponse( (sysUpTime.0 = "315131805"), (atPhys Addr ess.23.192.168.3.1 = "0000000C3920B4") )
GetNextRequest (sysUpTime, atPhys Addr ess.23.192.168.3.1)
GetResponse( (sysUpTime.0 = "315131810"), (ipFor war ding.0 = "1") )
Figur e 3. 23 Get Ne xtRequ est Exa mple with Indices
atIf Index atPhys AddressatNet Addr ess 23 0000000C3920B4192.168.3.1 172.16.46.1 13 0000000C3920 AC 16 0000000C3920 AF172.16.49.1
Chapter 4 SN M P M a n a g e m e n t - - R M O N
RMON Components
Data Ana ly zer
SNMP Tr aff ic
Ro uter
B A C KBONE N ETW OR K
Ro uter
S N MP T raf f ic
RMON Probe
L AN
RMO N Pr o be Data gather er is a physical device. Data analyzer is a pr ocessor that analyzes data. RMO N Remote Networ k Monitor ing 4.1 Remote Monitoring
Rem ot e FDDI L A N
FDDI Pr obe
Router with RMON
FDDI Back bo ne Netw ork Rout er
Br idge
Local L AN
Rou te r
NMS
Re mote Token Ri ng L AN Token Ring Pr obe
Figur e 4 .1 Ne twor k C onf i gur ati o n wi th RM ON s
The RMON is em bedded monitor ing remote FDDI LAN. Analysis done in NMS RMON Benef its • Monitor s and analyzes locally and relays data; Less load on the network • Needs no dir ect visi bility by NMS; Mor e relia ble infor mation
Ether net Pr obe
• •
Per mits monitor ing on and hence faster fault diagnosis Incr eases pr oductivity for administr ator s
a
mor e
fr equent
basis
4.2 RMON SMI and MIB
rm on (mib-2 1 6)
rm onCo nf orm ance (20) stati stic s (1)
pr obeConf i g (19)
histor y (2)
usr Hi stor y (1 8) a1M atr i x (1 7)
al ar m (3)
a 1 H o s t ( 1 6)
hos t ( 4 )
n1M atr ix (15)
hostTo p N (5) matr ix (6)
n1 Host (14)
filter (7)
ad dr essM ap (1 3)
captur e (8)
pr otocolDi st (12) pr otocolDir (11)
e v e n t ( 9)
RM O N 1
Toke n Ri ng (10)
RM O N2
RMO N1 Extensi on Figur e 4 .2 R MON Gr oup
• • • •
RMO N1: Ether net RMON gr ou ps (r mon 1 - rmo n 9) RMO N1: Extension: Token ring extension (r mon 10) RMO N2: Higher layer s (3-7) gr ou ps (r mon 11 - rmon 20)
4.3 RMON1
Row Creation & Deletio n • Entr yStatus data ty pe intr oduced in RMON • Entr yStatus (similar to RowStatus in S NMPv2) used to cr eate and delete conce ptual row. • Only 4 states in RMON com par ed to 6 in S NMPv2
State valid createRequest underCr eation invalid
Enumeration 1 2 3 4
Descr iption Row exists and is active. It is fully config ur ed and oper ational Create a new row by cr eating this object Row is not fully active Delete the row by disassociating the mapping of this entr y
4.4 RMON Groups and Functions T o k en R i n g S t a t i s t i c s T o k e n R i ng St atistics
T o ke n Ri n g Hist ory
History C ontr ol
Et her n et Stati sti cs Eth ernet St atistics
R em ot el y M onit or ed N et w ork
Et h ernet Hist ory
Hist ory C ontr ol
H o st an d C onv er s ati on St ati st i cs D at a G at h er ing
Ho st St atistics
H o st T opN St atistics
N et w or k Ma nag er
M atr ix S t a t i s t i cs
Filter G r oup Packet Filteri ng
Alar m Ge ner ation
Ch a n n e l Filteri ng
P acket C ap tur e
Ev ent G ener ation
Fi gur e 4 .3 R M O N 1 G r oups and F u nct ion s
Pr o be gather s data. Its functions ar e • Statistics on Ether net, tok en hosts / conver sations • Filter gr oup filter s data pr ior to ca ptur e of data • Gener ation of alar ms and events • RMON1 MIB Groups & Tables • Ten gr ou ps divided into thr ee categor ies • Statistics gr ou ps (r mon 1, 2, 4, 5, 6, and 10)) • Event re por ting gr ou p s (r mon 3 and 9) • Filter and pack et ca ptur e gr oups(r omon 7 and 8) • Gr ou ps with “2” in the name ar e enhancements with RMO N2 Textual Co nvention: LastCr eateTime and TimeFilter • LastCr eateTime tr ack s change of data with the changes in contr ol in the contr ol tables • Timef ilter used to download only those rows that changed af ter a par ticular time • FooTa ble ( bold indicating the indices): fooTi me M ar k f oo I nd e x fooC ount s .0.1 5 fo o C o u n t s
fooCounts.
0.2
9
fooCounts.
1. 1
5
ring,
and
fooCounts.
1. 2
9
fooCounts.
2. 1
5
fooCounts.
1. 2
9
fooCounts.
3. 1
5
fooCounts.
3. 2
9
fooCounts.
4.2
9 -- ( Note that r ow #1 does not exist for times 4 & 5
since the last u pdate occurr ed at time-mark 3.) 9 (Both rows #1 an d #2 do not exist for time-mar k greater fooCounts. 5.2 than 5.)Bold o b jects (f ooTimeMar k and fooIndex) ar e indices
Gr oup Statistics
OID rmon 1
Function Link level statistics
Histor y
rmon 2
Per iodic statisti cal data collection and storage for later retr ieval
Alarm
rm o n 3
Host
rmon 4
Gener ates events when the data sample gather ed cr osses preestablished thr esholds Gather s statistical data on hosts
HostTopN
rm o n 5
Matr ix
rmon 6
Filter
rm o n 7
Filter function that enables captur e of desired par ameter s
Packet Captur e
rm o n 8
Event
rm o n 9
Token Ring
r mon 10
Packet captur e capability to gather packets af ter they flow through a channel Controls the gener ation of events and notif ications See Table 8.3
Co mputes the top N hosts on the respective categor ies of statistics gather ed Statistics on tr af f ic between pair of hosts
Tables -ether StatsTable -ether Stats2Table -histor yContr olTable -ether Histor yTable -histor yContr ol2Table -ether Histor y2Table -alar mTable
-hostContr olTable -hostTable -h o s t Ti m e Ta b l e -hostContr ol2Table -hostTopNcontr ol Table
-matr ixContr olTable -matr ixSDTable -matr ixDSTable -matr ixContr ol2Table -filter Table -channelTable -filter 2Table -channel2Table -buf f er contr olTable -captur eBuf f er Table -eventTable See Table 8.3
4.5 Control and Data Tables dat aT abl e
dat aEnt r y c ontr olTable
co ntr ol Ent ry
cont r ol In d ex
cont r ol In d ex
c o n t ro l D at aS ource
c o n t ro l D at aS ource
c ontr ol T ableSize
c ontr ol T ableSize
contr ol O w ne r
contr ol O w ne r
c ontr ol S t a tu s
c ontr ol S t a tu s
c ont r ol Ot h er
c ont r ol Ot h er
d ata In d e x
dat a Ad dlInde x
dat a Ot h er
d ata In d e x
dat a Ad dlInde x
dat a Ot h er
d ata In d e x
dat a Ad dlInde x
dat a Ot h er
d ata In d e x
dat a Ad dlInde x
dat a Ot h er
Note on Indices: Indices marked in bold letter Value of dataIndex same as value of contr olIndex
Figur e 4.4 Relationship between Contr ol and Data Tables
Contr ol ta ble used to set the instances of data rows in the data table. Values of data index and contr ol index ar e the same. Matr ixSDTa ble is the sour ce-destination ta ble. Contr olDataSour ce identif ies the sour ce of the data. Contr olTa bleSize identif ies entr ies associated with the data sour ce. Contr olOwner is cr eator of the entry. F i lt e r G r o u p
• • • •
Filter gr oup used to ca ptur e pack ets def ined by logical ex pr essions Channel is a str eam of data ca ptur ed based on a logical ex pr ession Filter ta ble allows pack ets to be filter ed with an ar bitr ar y filter ex pr ession A row in the channel table associated with multi ple rows in the f ilter table
filt erTable
filt erE ntry channel Tabl e
channelEntry
channel Index =1
channel Index = 2
channel If Index = 1
ch ann el If Index
channel A cceptType
chann el AcceptType
ch ann el DataCon trol
Other Chann el Parameters
ch ann el DataContr ol
Other Chann el Parameters
No te o n In dices: In dic es marked in bold letter Value of filter ChannelIndex same as value of chann elIndex
Pack et Capture Group • Pack et ca ptur e gr oup is a post-filter gr ou p • Buf f er contr ol ta ble used to select channels • Ca ptur ed data stor ed in the ca ptur e buf f er ta ble
filterI ndex =1
filter Chann elIn dex =1
Filter Parameters
filter Index =2
filter Ch an nel Index =1
Filter Parameters
filter Index =3
filter Ch an nel Index =2
Filter Parameters
filter Index =4
filter Ch an nel Index =2
Filter Param eters
4.6 RMON Tok en Ring Extension Groups
Tok en Ring Group Statistics
Pr omiscuous Statistics
Mac-Layer History
Pr omiscuous History
Ring Station
Ring Station Or der Ring Station Conf igur ation Sour ce Routing
F u nc t i o n Cur r ent utilization and er r or statistics of Mac Layer Cur r ent utilization and er r or statistics of pr omiscuous data Histor ical utilization and er r or statistics of Mac Layer Histor ical utilization and er r or statistics of pr omiscuous data Station statistics
Tables tok enR ingMLStatsTa ble tok enR ingMLStats2Ta ble
tok enR ingPStatsTa ble tok enR ingPStats2Ta ble tok enR ingMLHistor yTa ble
tok enR ingPHistor yTa ble
ringStationContr olTa ble ringStationTa ble ringStationContr ol2Ta ble Or der of the stations ringStationOr der Ta ble Active conf igur ation ringStationConf igContr olTa ble of ring stations ringStationConf igTa ble Utilization statistics sour ceR outingStatsTa ble of sour ce routing sour ceR outingStats2Ta ble inf or mation
Two statistics gr ou ps and associated history gr oups • MAC layer (Statistics gr ou p ) TR par ameter s • Pr omiscuous Statistics gr oup collects pr omiscuously on sizes and types of pack ets Thr ee gr ou ps associated with the stations. Routing gr oup gather s on routing
collects pack ets
4.7 R MON2 • A p plica ble to Layer s 3 and a bove • Functions similar to RMO N1 • Enhancement to RMON1 • Def ined conf or mance and com pliance AT M RM O N ATM For um extended RMON to ATM. Switch extensions and ATM RMON def ines objects at the base la yer . ATM protocol IDs for RMO N2 def ines additional o b jects at the higher levels. ATM devices requir e cell- based measur ements and statistics. Pr o be should be a ble to handle high s peed .
Application Layer
Upper Layer Pr otocols RMON-2 (RF C 2021, 2074)
E t h e r n et RMO N (RFC 1 757)
Toke n Ring R M ON (RF C 1513)
AT M Pr otocol IDs for RMON-2 ( Additions to RFC 20 74)
Networ k Layer
Switch E xt e n si o n s for RMON
'Base' Layer
AT M RMO N
Additional MIBs
IETF MIBs
Figu r e 4.5 RMON MIB F r amewo r k ( © 1995 A T M Fo r u m)
ATM Probe L ocation
ATM Switch
ATM Switch
RMON Pr obe
RMON Pr obe
(a) Exter nal Pr obe with copy
ATM Switch with inter nal RMON Pr obe
(b) Inter nal Pr obe with copy
ATM Switch
ATM Switch RMON Pr obe
(c) Inter nal Pr obe without copy
(d) Exter nal Pr obe without copy
Figur e 4.6 ATM Pr obe Location © 1995 ATM For um)
• • •
Stand-alone pro be in (a) co pies the cells Em bedded ver sion in ( b) has no access to switch fa br ic Inter nal pr obe (c) similar to ( b) with access to switch
re ports
data,
but
• • •
Stand-alone pr o be (d) ta ps networ k -to-network inter f ace between two ATM switches (a) and ( b) requir e du plex cir cuits, steer ing of tr affic, and design modif ication Em bedded designs (c) and (d) require no modif ication
Chapter 5 Broadband Net wor k Management
5.1 Broadband Access Networks Thr ee categor ies of customer base
•
Cor por ate or enter pr ise
•
Ser vice pr ovider s
•
Residence or SOHO
Cable Modem Custo mer
Ca bl e M odem
Networ k
HF C Networ k
Tel eph one Lo op
Ca ble Mod em He ad End
xDSL Modem
Central Of f i ce E qui pm e nt
S DH / S O NE T W A N Ro uter / ATM S wi tc h
Busi ness Custo mer s
OC-n / STS -n Link
Ro uter / ATM Switch
Satelli te Co mmu ni cati on an d/or Teleph o ne Loop
Wir el ess & Teleph on e Lo op
Figur e 5 .1 Br oadband Acc ess N etworks
5.2 Broadband Access Technology
Five ty pes of access networ k s •
OC-n / STS-n link
•
Gateway to ser vice pr ovider s (not shown)
•
HFC / Cable m odem
•
DSL
•
Wir eless
Wir el ess Custo mer Networ k
DS L Custo mer Net wor k
•
Fixed wir eless
•
Satellite communication
Access Technologies Br oadba nd Access Technology
HF C
Tel ephonyReturn
x DS L
Two Wa y
ADSL
H DS L
Sat el l i t e Co mmu nication
Wir eless
V DS L
IS M
M M DS
OneWay
LM DS
TelephonyRet ur n
T w oW ay
T w oWa y
Figu r e 5.2 Br oad band Access T echn olo gies
Hy br id fi ber coaxial technology plant / cable modem at customer pr emises •
Tele phony r etur n (f or ward dir ection) dir ection) tele phone
•
Two-way downstr eam at and u pstr eam at low fr equency band
is ca ble,
one-way, u pstr eam
high
downstr eam (r ever se
fr equency
band
Car r ies voice, video and data. U pstr eam bandwidth requir ements less com par ed to downstream bandwidth. xDSL: Di gital su bscr i ber line technology • • •
Asymmetr ic DSL (ADSL) High-s peed DSL (HDSL) Very-high s peed DSL (VD SL)
Uses existing local loop tele phone facilities.Wir eless: Ter r estr ial fixed wir eless systems Instr uctional scientif ic and medical (ISM):
902 - 928 MHz (0.5 mile) and
2400 - 2483 MHz
(15 miles). Multichannel multi point distr i bution ser vice (MMDS) 2500 - 2686 MHz (35 miles). Local multi point distr i bution ser vice 27,500 - 28,350 MHz and 31,000 - 31,300 MHz (3 miles).
Satellite communication, Tele phony retur n is one-wa y, downstr eam, tele phone. Two-way do wnstr eam and u pstr eam wireless networ k s.
wir eless, u pstr eam
5.3 HFC Network
•
Fi ber - 2 one-way tr ansmission
•
Coaxial - 2-way transmission
•
2-way am plif ier s
Fi ber node: o ptical - RF conver sion Ethernet
C able Mo dem
NIU
Sa tellite
W A N
Head End
Fiber
Fi ber Node
2-WAY CO A X Amp lifier NIU
ISP
C able M odem NIU
Network In te rface Unit TV Mo ni tor
Workstatio n
Head end: • Signals fr om multi ple sour ces multi plexed • Fr equency conver sion for local signal •
Networ k inter f ace device (NID) / unit (NIU).
Demar cation point between customer
networ k and ser vice provider ne twor k s •
Ca ble modem: RF Ether net, analog tele phony, and video
•
Br oad band LAN
•
Asymmetr ic bandwidth allocation for 2-way co mmunication
•
RF s pr ead-s pectr um that car r ies multi ple signals over HFC
RF s pectr um allocation to car ry multimedia ser vices - voice, video and data
•
B r o a d b a n d L AN Downstr eam Signal 5 0 - 86 0 M H z
H ea d End
Cable Modem A
Ter mination
C abl e M o de m B
Cable Modem C
Upstr eam Signal 5 - 42 MHz
Ter mination
Figur e 5.3 Broa dband L AN
Digital-to-Analog Encoding
D i gi t a l
Mo dulated analog M o de m
Digital
M o de m car r ier
1
1 0
0 time
fr equen cy C ha nn el b a n d wi d t h
Figur e 5.4 D ig ital-to -Analog Enc oding
•
bit rate
•
sym bol r ate
•
num ber of levels n = 2k
•
bit rate = sym bol r ate x k
•
Am plitude shif t keying
•
Fr equency shif t keying
•
Phase shif t keying
•
Quadr atur e phase shif t keying •
Four levels ( 00, 01. 10, 11)
•
Relatively insensitive to noise
time
•
Used for low-band u pstr eam
Quadr ature am plitude modulation (not 4-levels) •
Com bination of AM and PM
•
16-QAM = 8 PM x 2 AM or 4 PM x 4 AM
•
Used for higher- b and downstream
Cable Modem
•
HFC uses tr ee to pology
•
Downstr eam in br oadcast mode
•
U pstr eam tr ansmission by ca ble modem coor dinated by head end
•
Data over ca ble inter o per a bility
ser vice
s pecif ications
(D O C S IS )
for ca ble
mod e m
ensures
One-way ca ble modem uses telco-retur n
Toshiba RC A DCM105 Ci sco L A Ncity Motorola
Upstr eam 2 .5 6 M s y m / s e c 10 Mbps 10 Mbps 10 Mbps 10 Mbps
Downstr eam 5.36 Msym/sec 38 Mbps 38 Mbps 10 Mbps 40 Mbps
Functions of Cable Modem
Termination System
Equi pment at the head end All ca ble modems ter minated on the head end Gateway to the exter nal networ k Multi plexes and demulti plexes signals Fr equency conver ts u pstr eam signals • Can be designed either as a br idge or r outer HFC Plant • • • • •
• • • • • •
to
downstr eam
Multi ple fi ber pair s run fr om head end to fiber node; each pair car r ies 2 one-way signals Head end conver ts all (tele phony, digital video, data, and analog video) signals to o ptical carrier to tr ansmit on the fi ber. Houses ar e connected fr om fi ber node via coaxial ca bles Coaxial ca ble ar e in tr ee to pology and car r ies 2-way si gnal Am plif ier s on the coaxial ca ble have 2-way am plif ier s that am plif y the signals in both dir ections “Dr o p fr om coaxial cable to NID (also called NIU) - called “Tap-to-TV” in CATV
RF Spectrum
Upstr eam (Rever se) 5-42 MHz
Guar d Band 42-54 MHz
Downstr eam (For war d) 54-750 MHz Analog Video 54-550 MHz
Digital Data Ser v ices 550-560 MHz
Digital Video 560-700 MHz
Telephony 700-750 MHz
Upstr eam (Rever se) 5-42 MHz Digital Video Control 6-8 MHz
Digital Data Ser vices 10-25 MHz
Telephony 25-40 MHz
Figur e 5.5 An Example of RF Fr equency Assignment Tel co R etur n
DOCS Ref erence Architecture
4 Head End
W AN
HFC Link
6
Cable Modem
1
Subscriber PC
Video Cable Modem Data Ter mination System (CMTS) Mod Swi tc h / R outer
2
Ter m
6 Tr ansmi tter Data
De mod 6
Servers
Oper ation s Suppor t Syst em / El ement Manager
Fi ber Receiver
3
5
Secur ity & Ac cess Controll er
INTERFA CES: 1 CMCI Cabl e M odem to CPE Interf ace 2 CM TS -NSI CMTS Network Si de Interfa ce 3 DOCS-OSSI Data Over Cabl e Ser vi ces Oper ati ons Suppor t System Inter face 4 C MTR I Cabl e Mode m to Tel co Ret ur n Inter f ace 5 DO CSS Data Over Cable Sec urity System 6 RFI Cabl e Mo dem to RF Interfac e
The ar chitectur e shows two-way (HFC link ) and one-way (HFC link & telco retur n). CMT S Components
V ideo Cable Modem Data
6
Te r m inati on Sy stem (CMT S ) Mod Switch / Router
2
Tr ansmitter Fi b er
Data
Term
Receiv er
D em od 6
Serv ers
Operations Suppor t System/
E l e m e nt M a n ag e r
3
5
Security & Access
C ontroller
Switch / router routes the tr affic between ca ble modems and to the exter nal networ k . It inter f aces to CMTS via the ter minator (ter m). Modulator (mod ) and demodulator demod ) tr ansf or m digital data fr om and to analog format. Com biner and s plitter and filter per f orm the com plimentar y functions of mux’ing and demux’ing. Tr ansmitter conver ts the RF signals to o ptical car r ier ; receiver down-conver ts the o ptical signal. Ser ver s handle the a p plications and data bases. Secur ity is managed by the security and access contr oller . OSS and element manager per f or m networ k and ser vice management. DOCS Interf aces
Telco Retur n 4 Head End
W A N
HFC Link
6
Cable Modem
1
Subscriber PC
Video Cable Modem Data Ter mination System (CMTS) Mod Switch / Router
2
Ter m
6 Data
Demod 6
Ser vers
Oper ations Support System/ Element Manager
3
5
Secur ity & Access Controller
Transmitter Fiber Receiver
Thr ee gr ou ps of inter f aces: • Data inter f aces • Ca ble modem to CPE (1) • CMTS- NSI (2) • O per ations su p por t systems and telco-return • OSS (3) • Telco-retur n (4) • RF and secur ity • DOCS secur ity system (5) • RF inter f ace (6) • 5.4 HFC Management •
It is mor e com plex than either com puter networ k or telecommunication networ k . This involves both physical and data layer s. Multi ple physical facilities. Legacy ca ble system.
Multimedia ser vice. It has RF s pectr um management. Ser vice and business management is im por tant for MSOs and customer . Shar ed media im pacts secur ity and bandwidth. Secur ity and pr ivacy of home networ k HFC Protocol Architecture Head End
C abl e M od e m
Appl ications, SNMP Manager
Modem Applications SN MP Agent
SNMP, FTP, H T T P, E T C
SN M P
SNMP, FTP, HTTP, ETC
T C P / UD P
T C P / U DP
TC P / UD P
IP
IP SONET
Applicatio ns
ATM Li nk
HF C Li n k
HF C Lin k
IP Ether net Li nk
Ether net Li nk
Figur e 5.6 Pr otocol La yer A r c hitec tu r e in HFC System
•
Head end has both NM a p plications and manager
•
Ca ble modems have S NMP agents
•
NMS c an be behave as RMO Ns
•
regionalized;
then,
head
ends
could
C M M a na g e m e n t M I B s
mib-2 (inter net.2.1)
system (1)
docsDev (69)
inter faces (2)
tr ansmi ssion (10) if MIB (31)
docsIfMib (127)
docsTrCmMIB (128)
Figur e 5.7 Cable Modem Management MIBs
Thr ee categor ies of MIBs •
Standar d MIBs: •
•
•
system, inter f aces, if MIB
CM and CMTS inter f aces •
.. docIfMIB RF Inter f aces base line pr ivacy and QoS
•
docsTr CmMIB .. tele phony-retur n inter f ace
CM and CMTS o b jects •
docsDev MIB
in
CM
and
CMTS,
DOCS Interf ace MIB transmission (mib-2 10) docsIfMIB (127)
docsIf MIBObjects (1)
docsQosMIB (6)
docsIfNotification (2)
docsBpiMIB (5)
docsIfConfo r mance (3) docsIf BaseObjects(1)
docsIfCmtsObjects (3)
docsIf CmObjects (2) docsBpiMIBObjects (1)
docsBpiConformance (3)
docsBpiNotific ation (2) docsQosMIBObjects (6) docsQosIpPktClassTable (1)
d ocsFlowToC lassTable (6)
docsQosEthPktClassTable (2)
docsSidToClassTable (5)
docsQosServiceClassGroup (3)
docsQosFlowTable (4)
RF MAC Interf ace
Networ k Layer
RF M AC Layer
Downstr eam1
Upstr eam1
RF Physical Layer
Figur e 5.8 RF MAC Interface
U p s t re a m 2
•
Multi ple RF channels upstr eam and downstream
•
Layer ed str uctur e
•
S pecif ied using RFC 1573 if MIB
DOCS Cable Device MIB
Entity docsDevMIBObjects
OID docsDev 1
docsDevBase
docsDevMIBObjects 1
docsDevNm AccessTable
docsDevMIBObjects 2
docsDevSof twar e
docsDevMIBObjects 3
docsDevServer
docsDevMIBObjects 4
docsDevEvent
docsDevMIBObjects 5
docsDevFilter
docsDevMIBObjects 6
docsDevCpe
docsDevMIBObjects 7
Description Objects of the cable modem and CMTS device Extends MIB-II System Group with o bjects needed for cable device system management Defines the minimum level of SNMP access security Provi des inf ormation for networ k-downloadable sof tware upgrades Provi des inf ormation about the pr ogress of the interact i on with vari ous provisioning servers Provi des control and logging for ev ent reporting Conf ig ur es filters at link layer and IP layer for bridged data traffic CPE IP m anagement and anti-spoofin g group on cable modems
HFC Failure M odels
Window
(M o d e m v o l t a g e )
Smooth
(C o n n e c to r lo s s )
Shar p (Signal/Noise)
Event Index
HFC Link Management •
Signal str ength cr itical
•
R equir es continuous using tr ans ponder s (Cheetah Net)
•
Legacy system requir es pr oxy ser ver
monitor ing
of
am plif ier s
RF S pectr um Management •
Allocation of u pstr eam and downstream
s pectr um
•
Fr equency agility management
for
services
-
DSL Access Technology
•
Why is DSL attr active?
•
S hanno n l i mi t of (3-KHz, 30 dB S/N channel)
•
Digital data r ate
tr ansmission
data
over
•
T1/DS1 (1.544M b ps) 18,000 f eet
•
T2/DS2 (6.312 M b ps)
12,000 feet
rate
loop
is
30,000
(DSL)
b ps
im pr oves
•
DSL Limitations
•
Loo p conditions with no dir ect co p per to the house
•
Loaded coils in loop distance) cannot car ry digital signal
•
Moder n su bdivisions or cur b with digital mux
•
O per ating issue)
(used
hav e
com pany
f i ber
inventory
to
incr ease
to
the
dated
neigh bor hood
(administr ative
5.5 ADSL Network
Br oadband Networ k
ATU-C
Splitter
ADSL Loop
Vo i ce
Splitter
ATU-R
Voice
Figur e 5.9 ADSL Access Networ k •
ADSL... Asymmetr ic Digital Su bscr i ber Line
•
ATU-C ADSL tr ansmission unit - centr al of f ice
•
ATU-C ADSL tr ansmission unit - remote/r es idence
•
S plitter se par ates voice and data
ADSL Spectrum Alloc ation with Guard B and Modulation Schemes
FDM Upstream
POTS 4 KHz
25 KHz
Downstream
200 KHz Fr equency
analog
1.1 MHz
Car r ier less am plitude phase (CAP) modulation •
Discr ete multiTone modulation (DMT): 4k Hz tones
•
Both CAP and DMT are QAM- based
•
DMT out per f or ms CAP •
4-to-1 downstr eam thr ough put
•
10-to-1 u pstr eam thr ough put
•
Rate ada ptive
•
On-going active monitor ing
•
Maximum loop var iation cover age
•
Standar d and hence inter o per a bility
ADSL Forum
TR-001 TR-005 TR-006 TR-014 TR-015 TR-016
ADSL For um System Reference Model ADSL Networ k Element Management System SNMP-based ADSL LINE MIB; see also draft- ietf -adslmib-adsll inemib-09.txt DMT Line Code Specific MIB C AP Line Code Specific MIB CMIP-based Networ k Management Fr amewor k
ADSL For um is an industry consortium to
•
•
achieve inter o per a bility
•
acceler ate im plementation
•
addr ess end-to-end system o per ation
•
secur ity
•
m anagement
Physical layer standar d T1-413 (ANSI)
VDSL Network
Ce ntr al Of fice
Fiber
Optical N etwork Un it
T w i s t ed Pa ir
V D SL
VDSL
Home Network
Used in FTTN conf iguration. Asymmetr ic band allocation (similar to ADSL). Fi ber car r ies multi ple channels to O NU. Channels demulti plexed at O NU and car r ied to customer pr emises on multi ple twisted pair s. Shor ter distance of twisted pair s permission of higher data
rate - 55.2 M b ps downstr eam and 2.3 M bps u pstream ADSL Network Pr iv ate Network
Public Networ k
Pr emises Network A D S L A c c e ss N e t w o r k
OS
OS
Ser v ice Systems O n - l in e Se r v ic e s In te r n e t A c ce s s L A N A cc e s s In tera ct i v e V id e o Vid e o Co n f
Br oadband Network Access Node
Nar r owband Networ k Packet Network
ATU-C
ATU-R
A DS L LLLLL L
AD SL
STM
Packet STM
ATM
Packet
ATM ATM
Tran sp ort M odes AD S L A TM ST M TE OS PDN SM
As yn chr on ous Dig it al S ubs cri be r Li n e A s yn ch r o nous Tr ans f er M ode S y nch r onou s Tr an sf er Mod e T er min al E quipm ent O p er atio ns S y st em P r emis es Di str i b uti o n Networ k S er vice Mo dule
Fi gur e 5. 10 O ver all Netw or k and AD SL
Transport Modes
•
Synchr onous tr ans por t mode (STM) • Bit synchr onous tr ansmission ( T1/E1)
•
End-to-end pack et mode
PDN
SM Settop
TE (s) TV
SM PC I/O
TE (s) PC
SM ISDN
TE (s) ISDN
• Used for SOHO (IP pack ets) •
ATM / STM • ATM WAN STM access network
•
(Pu blic
networ k )
and
ATM / Pack et • ATM WAN and packet access networ k (IP)
•
End-to-end ATM
Interf aces
• •
An inter f ace can have multi ple physical connections V inter f ace • VC inter f ace between acces s exter nal networ k and inter f aces • U inter f aces of f the s plitter s; Will be ADSL-Lite • POTS inter f aces - low pass filter inter f aces for POTS • T and B ar e customer pr emises networ k inter faces • T between PDN and service modu les • B auxiliar y data in put (e.g., satellite feed) ADSL Channeling Schemes •
node
and
eliminated
with
Tr ans por t bear er channels • Seven
AS
downstr eam
ch an n els
- multi ples (1-, 2-, 3- or 4-) T1 r ate of 1 .536 Mbps • Thr ee LS - 160. 384, and 576 Kbps •
du plex
channels
Buf f er ing scheme • Fast channel: uses fast buf f er s for real-time data • Inter leaved channel: used for non -real-time data
fast a nd same physical channel
• Both
inter leaved
channels
car r ied
on
the
5.6 ADSL Management T-R
V-C
T/S
Ser vice M o d ul e
Networ k Ter mination Br oad band P HY Networ k La yer
Switch
Sw i t c h AT U-C
ATU-R
PH Y Layer
Ho me Networ k
U-C2
Ser vice M o dul e
U-R 2 High Pas s Filter P S TN
High P a ss Filter Lo op
PS T N L ow Pa s s Filter Splitter-C
U-CU-R
Lo w Pass Filter
P OT S
Telephone Set or V o i ce - B a n d M o d e m
Splitter-R
Inter f aces: T-R Inter f ace between ATU-R and Switchin g layers T/S Inter f ace between ADSL Networ k Ter mination and cust omer instal la tio n or home netw ork U-C Inter f ace b etween Loop and ATU-C ( analog) UC2 Inter f ace between P OTS splitte r and A TU-C U-R Inter f ace b etween Loop and A TU-R ( analo g) U-R 2 Inter f ace bet ween POTS splitt er and ATU-R V-C Logical inter f ace between ATU-C and a digital networ k el ement such as one or m or e sw itchi ng sys tems
Figu r e 5.10 A DSL Fo r u m System Re f er ence Mod el for M anage men t
Management E lements
•
Management of elements done acr oss V-inter f ace: •
Management acr oss V-inter f ace
communications
pr otocol
•
Management acr oss U-inter f aces
communications
pr otocol
•
Par ameter s and o per ations acr oss ATU-C
•
Par ameter s and o per ations acr oss ATU-R
•
ATU-R side of the T inter f ace
•
Note addition of physical management ar chitectur e re pr esentation
•
Management of physical layer i nvolves:
•
•
•
P h y s i c a l c h a n n el
•
Fast channel
•
Interleaved channel
layer
and
sw i t c hi n g
in
t he
Management of type of line encoding •
DMT
•
CAP
Signal Power and Data Rate Mg mt
Reduce power Maximum noise mar gin Incr ease r ate if noise mar gin > Upshift noise mar gin Upshif t noise mar gin Steady state oper ation Tar get noise mar gin Steady state oper ation Downshift noise mar gin Decr ease r ate if noise mar gin < Downshif t noise mar gin Minimum noise mar gin Incr ease power
Figur e 5.11 Noise Mar gins
•
Five levels of noise margin
•
Signal power contr olled by noise mar gin
•
Data r ate: thr eshold mar gins
Incr ease
or
decrease
based
on
•
Data r ate ada ptation automatic at star t-up (2), and dynamic (3)
modes:
Manual
Conf iguration Management Parameters Par ameter ADSL Line type
Component Line Description / Five types: no channel, fast, ADSL Line N A interleaved, either or both / ADSL coding type ADSL Line N A Phy Noise margin under steady ATU-C/R -7) state (BER=<10 Phy Modem reduces power above ATU-C/R this threshold Phy Modem increases power below ATU-C/R this margin Phy Mode 1: Manual ATU-C/R Mode 2: Sel ect at st ar t-up Mode 3: Dynamic Phy Threshold for modem incr eases ATU-C/R data rate Phy Time interval to upshift ATU-C/R
ADSL Line coding Tar get noise margin Max. noi se margin Min. noise mar gin Rate adaptation mode
Upshift noise margin Min. time inter val for upshift rate adaptati on Downshift noise margin
ATU-C/R
Min. time inter val for downshi ft rate adaptati on Desir ed max. rate Desired min. rate Rate adaptation ratio
ATU-C/R
Max. i nterleave delay
ATU-C/R
Alarm thresholds
Rate up threshold Rate down threshold Vendor ID Ver sion No. Ser ial No.
ATU-C/R ATU-C/R ATU-C/R
ATU-C/R
ATU-C/R ATU-C/R ATU-C/R ATU-C/R ATU-C/R
Phy Threshold for modem decreases data rate Phy Time interval to downshift
F/I Max rates for ATU-C/R F/I Min. rates for ATU-C/R Phy Di st ributi on ratio between fast and i nterleaved channels for avail able excess bit r ate F/I Max. transmission delay allowed by interl e avi ng pr ocess Phy 15-minute count thr eshold on loss of signal, frame, poser and er ror-seconds F/I Rate-up change alarm F/I Rate-down change alarm Phy Vendor ID assigned by T1E1.4 Phy Vendor specific versi on Phy Vendor specific Serial No.
F a u l t M a na g e m e n t Par ameter ADSL Li ne status
C o m p o n en t ADSL Li ne
Line Phy
Alar ms thr esh olds
ATU- C/R
Phy
Unable to initialize ATU-R
ATU- C/R
Phy
R a t e c ha n g e
ATU- C/R
Phy
Descripti on Indicates o perational and various ty pes of failur es of the link Generates alarms o n failures or crossing o f thresholds Initializ ation fai lur e of ATU-R fr om ATU-C Event generati on when rate changes when crossi ng of shift margins in both upstr eam and downstr eam
(1),
•
Failur e indication of physical channel by NMS
•
Failur e indication of logical channels
•
Failur e indication of ATU-C/R
•
Self -test of ATU-C/R as per T1.413
•
Noise mar gin thr eshold alar ms
•
Rate change due to noise mar gin
Perf ormance Management
Par ameter Li ne attenuati on
Component ATU-C/ R
Li ne Phy
Noise margin
ATU-C/ R
Phy
Total output power
ATU-C/ R
Phy
Max. attainable rate
ATU-C/ R
Phy
Curr ent rate
ATU-C/ R
F/I
Previ ous rate
ATU-C/ R
F/I
Channel data block l ength
ATU-C/ R
F/I
Interl eave delay
ATU-C/ R
F/I
Statistics
ATU-C/ R
Phy F/I
De scripti on Measured power loss in dB fr om tr ansmitter to receiver ATU Noise margin in dB of the ATU with respect to received si gnal Total output power from the modem Max. cur r ently attai nable data rate by the modem Current transmit rate to which the modem is adapted Rate of the modem bef ore the last change Data bl ock on which CRC check is done Tr ansmit delay introduced by the interleavi ng process 15 minute / 1 day fail ur e statistics
ADSL SNMP MIB
handled Su b-layer s if Stack Ta ble {if Mi b.ifMIBO b jects 2} (R FC 1573) Pr o pose adslPhysIf adslInter If
::= ::=
adslFastIf ::= {tr ansmission 125}
by
{tr ansmission {tr ansmission
if MIB
if Ty pes 94} 124}
a dslF or um (1.3.6 .1. 4. 1. x x) a d sl M I B (1 ) adslLineMib (1 )
ad slTr aps ( 2)
adsl Co nfor m an ce ( 2)
a dslMibO b jects( 1)
a dslLi neT a ble
( 1) ad sl Lin eA lar mC onf Pr of ileTa ble (1 5
a ds A l tuc Ph ys T abl e (2)
adslL ine Conf P ro fileTa bl e(1 4)
ad s A l tur P h ysT ab le ( 3)
a ds A l tur C h anI nt er valT abl e ( 13 )
a ds A l tucC ha n T abl e (4)
a ds A l tuc C ha nI nt er valT abl e( 12 ) a ds A l tur C ha nP er f D at aT able (11)
ad s A l tur C ha nT able ( 5) a ds A l tuc Pe r f D at aT able (6)
a ds A l t uc C han P er f D a t aT ab le ( 10 )
ad s A l tu r P er f Da t aT ab l e (7) ad s A l t ucI nt er v al Ta bl e ( 8)
a ds A l turI nt er val Table (9)
a dslL C SMi b (1 6)
adsl DMT Mi b ( 1)
adslC A P Mib (1)
Fi gur e 5. 12 A DSL S NMP MIB
Proposed IF Types Higher Layer IF (e.g.: ATM)
Higher Layer IF (e.g.: ATM)
Fast Channel IF ( ATU-C & ATU-R) if Type = Fast (125) if Index = k
Inter leaved Channel IF ( ATU-C & ATU-R) if Type = Inter leaved (124) if Index = j
Physical Line IF ( ATU-C & ATU-R) if Type = ADSL (94) if Index = i
Figur e 5.13 Relationship between ADSL Entr ies
)
ADSL Interfaces Table
MIB Var i able
Physical Line (i)
ifDescr ifType (I AN A) ifSpeed
NORM AL 94 ATU-C Line Tx rate NU L L NORM AL NORM AL NORM AL NORM AL (def ault: Enable) True NU L L
if Phy Addr ess if AdminStatus if Oper Status if LastChange if LinkUpDownTr ap Enable if ConnectPr esent ifHighSpeed
ADSL Prof iles Management
•
Conf igur ation pr of ile
•
Per f or mance pr of ile
•
Alar m pr of ile
Tr a ps • • • • • • • •
Gener ic Loss of f r ame Loss of signal Loss of power Er r or -second thr eshold Data rate change Loss of link ATU-C initialization failur e
Inter leaved Channel ( j) NORM AL 124 ATU-C channel Tx r ate N UL L NORM AL NORM AL NORM AL NORM AL (def ault: Enable) False N UL L
Fast Channel (k) NORM AL 125 ATU-C channel Tx rate NULL NORM AL NORM AL NORM AL NORM AL (def ault: Enable) F al s e NULL
Conf iguration Prof ile: Mode I - Dynamic
ADS L-Line
1
2
x
i f I nd e x
if T abl e
pr of i l eI n d ex
i1
ADS L Lin e Entr y
j1
Inter l eav ed Ch an
k1
Fast Chan E nt ry
i2
ADS L Lin e Entr y
j2
Inter l eav ed Ch an
k2
Fast Chan E nt ry
ix
ADS L Lin e Entr y
jx
Inter l eav ed Ch an
kx
Conf igur ation Pr of il e Tabl e
1
Pr of ile-1
2
Pr of ile-2
n
Pr of ile-n
Fast Chan E nt ry
Figur e 5.14 U se of Pr of iles i n M ODE -I (Dy namic)
Conf iguration Prof ile: Mode II - S tati c ADS L-Line
if I n d ex
if T abl e
ro f i l eI nd e x
C onf ig ur at io n Pr of il e T ab le
i1 1
2
i1
A DS L Li ne Entry
j1
Int er lea ved Cha n
k1
Fast Ch a n E ntry
i2
A DS L Li ne Entry
j2
Int er lea ved Cha n
k2
x
ix jx
Pr of ile-i1
i2
Pr of ile-i2
Fast Ch a n E ntry
A DS L Li ne Entry
ix
Int er lea ved Cha n
kx Fast Ch a n E ntry
Fi gur e 5. 1 5 U s e of Pr of i l es in M O D E- II (St at i c)
Pr o f ile-in
Chapter 6 Network Management Applications
Network and Systems Management Business Management
Ser vice Management
Networ k Management
System Management
Element Management
Resour ce Management
Networ k Elements
System Resour ces
Networ ked Inf or mation Systems
Figur e 6.1 Networ k and System Management
TM N ar chitectur e ex panded to include systems management M anagement Applications
•
OSI Model •Conf igur ation •F au l t •Per f or mance •Secur ity •Accounting
•
Re por ts
•
Ser vice Level Management
•
Policy- based management
6.1 Conf iguration M anagement
• •
Networ k Pr ovisioning Inventor y Management • Equi pment • Facilities
•
Networ k To pology
•
Data base Consider ations
Circuit Provisioning
Networ k Pr ovisioning is pr ovisioning of networ k resources such as design, installation and maintenance. It is Cir cuit-switched networ k . Pack et-switched networ k ,
conf iguration for Pr otocol , Per f or mance, QoS . ATM networ k s •
Exam ples: • TIR K S (Tr unk Integr ated System) for cir cuit-switched networ k s
Recor d
Kee ping
• E1 in TIR K S for equi pment management • F1 in TIR K S for facilities management Network T opology
It is Manual. Auto-discovery by NMS using Br oadcast ping , AR P ta ble in devices. Ma p ping of networ k is by Layout, Layer ing. The Views are Physical and Logical. Traditional LAN Configurat ion
One-to-one ma p ping between ph ysical and logical conf igur ation
Hu b 1 Por t A S egm ent A
A1 A2
Rou ter
Por t B S e g m e nt B
B1
Hu b 2
B2
Fi gur e 1 3.2 LA N P hy s i cal C onf i gurat io n
A1
A2 Seg ment A / H ub 1
Ro ut er Seg ment B / H ub 2
B2
B1 Fi gur e 6. 2 Logi cal C onf i gu r ation of T w o LAN S eg m ent s
Virtual LAN Con figuration
Hu b 1 Segm ent A A1 B1
Segm ent B
Por t A / Seg ment A Por t A / Seg ment B
Segm ent A
Router Switch
A2
Segm ent B Hu b 2
Figur e 6.3 VLAN Ph ys ical Conf igur ati on
B2
A1 (H ub 1)
A2 (H ub 2) Segm en t A / H ub 1 & 2
R outer sw it ch Segm en t B / H ub 1 & 2
B1 (H ub 1)
B2 (H ub 2)
Fi gur e 6.4 Logi c al C onf igura tion of Tw o VLA N Segments
Physical and logical conf igur ations dif fer ent. Physical location o btained fr om System gr ou p 6.2 Fault Management
•
Fault is a failur e of a networ k c om ponent
•
Results in loss of connectivity
•
Fault management involves: •
Fault detection •
Polling
•
Down, e g pN ei ghbor Loss Tr a ps: link
Fault location Detect all com ponents failed and tr ace down the tr ee to pology to the sour ce. Fault isolation by network and S NMP tools. Use ar tif icial intelligence / cor r elation techniques. Restor ation of ser vice. Identif ication of root cause of t he pr oblem. Pr o blem resolution. 6.3 Perf ormance Management
•
Tools
•
Per f or mance Metr ics
•
Data Monitor ing
•
Pr o blem Isolation
•
Per f or mance Statistics •
Tools: •
Pr otocol analyzer s
• •
RMO N MR TG
Perf ormance Metrics
•
Macr o-level • • • •
•
Thr ough put Res ponse time Availa bility Relia bility
Micr o-level • • • • • •
B a n d wi d t h Utilization Er r or rate Peak load Aver age load
6.4 Traf f ic Flow Measurement Network Characterization
•
Four levels def ined by IETF (R FC 2063)
•
Thr ee measur ement entities: •
Meter s gather data and build ta bles
•
Meter reader s collect data fr om meter s
•
Manager s over see the oper ation
•
Meter MIB (R FC 2064)
•
Netr Met - an im plemen tation(R FC 2123)
Int er nati on al Backb on es / N atio nal
Re gi onal / Mi dle vel
St ub / En t er pr ise
End-Syst e ms / H os ts
Fi gur e 6.4 Tr af f ic Fl o w Measur e m e nt N et w or k C haract eriz ati on
Data Monitoring and Problem Isolation
•
•
Data monitor ing •
Nor mal behavior
•
A bnor mal behavior high pack et loss, etc)
•
S et up tr a ps (e.g., par ameter s in RMON on o b ject identif ier of inter es t)
•
Set up alar ms for cr iticality
•
Manual and automatic clear ing of alar ms
(e . g . ,
excessive
in
collisions,
alar m
gr ou p
Pr o blem isolation •
Manual mode using networ k an d S NMP t ools
•
in Pr o blems tr ack ing down the to pology
•
Automated mode using cor r elation technology
Perf ormance Statistics
•
Tr af f ic statistics
•
Er r or statistics
multi ple
com ponents
needs
•
Used in
• QoS track ing • Per f or mance tuning • Validation of SLA • Tr end analysis • Facility planning • Functional accounting 6.5Event Correlation Techniques •
Basic elements
•
• Detection and filter ing of events • Cor r elation of o bser ved events using AI • Localize the sour ce of the pr o blem • Identif y the cause of the pr o blem Techniques
• Rule-based reasoning • Model- based reasoning • Case- based reasoning • Code book cor r elation model • State tr ansition gr a ph model • Finite state machine model Rule-Based Reasoning
Data Level
Wor king Memor y
Cr eate new data elements
Recognize
Modif y attr ibutes of data elements
Remove data elements
Inf er ence Engine
Match potential rules
Select best rule
Act
Contr ol Level
Invoke action
Knowledge Level
Figur e 6.5 Basic Rule-Based Reasoning Par adigm
Knowledge Level
Knowledge base contains ex per t knowledge on pr o blem sym ptoms and actions to be tak en if -> then, condition -> action. Wor k ing memor y contains to pological and state inf or mation of the networ k ; recognizes system going into faulty state. Inf er ence engine in coo per ation with knowledge base decides on the action to be tak en. Knowledge executes the action Rule-Based Reasoning
• • • •
Rule- based par adigm is an iter ative pr ocess RBR is “ br ittle” if no pr ecedence exists An ex ponential gr owth in pr o blem in scala bility Pr o blem with if pack et loss < 10% alar m if pack et loss => 10% < 15% alar m if pack et loss => 15% alar m Solution using fuzzy logic
k n o wl e d g e
base
poses insta bility gr een yellow red
Conf iguration for RBR Example
Ser ver D1
Ser ver D2
Bac k bo n e Router A
Alar m A
Router B
Alar m B
Hu b C
Alar m C
Ser ver D3
Figu r e 6.7 R BR-Base d Co r r e la tion Examp le Sce na rio
Ser ver D4
Alar ms Dx
Model-Based R easoning
NMS / Cor r elator
Backbone Networ k Router Model Router
Hub1
Hub2
Hub3
Hub2 Model
Hub1 Model
Hub3 Model
Equivalent Model
Physical Networ k Figur e 6.8 Model-Based Reasoning Event Cor r elator
O b ject-or iented model Model is a re pr esentation of the com ponent it models Model has attr i butes and relations to other m odels Relationship between o b jects ref lected relationshi p between m odels Case-Based Reasoning • • • •
in
C a se Libr ary
Input
Retr ieve
Adapt
Process
Figur e 6.9 Gener al CBR Ar chitectur e •
Unit of k nowledg •
RBR
rule
a
similar
•
CBR
case
•
CBR based on the case ex per ienced bef ore;extend to the cur r ent situation by ada ptation
•
Thr ee ada ptation schemes •
Par ameter ized ada ptation
•
A bstr action / re-s pecialization ada ptation
•
Cr itic- based ada ptation
CBR : Abstraction / Re-specialization
Trouble: file_tr ansf er_throughput=F Additional data: none Resolution: A=f (F), adjus _ t network_load= A Resolution status: good Trouble: file_tr ansf er_throughput=F Additional data: none Resolution: B=g(F), ad jus _ t networ k _ bandwidth=B Resolution status: good Trouble: file_tr ansf er_throughput=F Additional data: ad just_network_load=no Resolution: B=g(F), ad jus _ t networ k _ bandwidth=B Resolution status: good Abstr action / Re-specialization Adaptation
•
•
Two possible resolutions •
A = f (F)
Ad just networ k load level
•
B = g ( F)
Ad just bandwidth
Resolution based on constr aint im posed
CBR -Based Critter Networ k
Spectr um Conf igur ation Management
Fault Detection
CRITTER Fault Management Fault Resolution Case Libr ar y
Input
Adapt
Retr ieve
Application Techniques
Deter minator s
Pr opose
Pr ocess
User -base d Adaptation
User
Figur e 6.10 CRITT ER Ar chitectur e
•
CRITTER is CBR - based trou ble resolution system
•
Integr ated with Ca bletr on S pectr um NMS
•
“Pr o pose” is additional ar chitectur e; per mits manual inter vention
(5 t h )
module
to
CBR
Codebook Correlation Model: Generic Architecture
Configuration Model
Event Model Corr elator
Network
Monitors
Problems
Monitor s ca ptur e alar m events. Conf igur ation model contains the conf igur ation of the networ k Event model re pr esents events and their causal relationships. ips. Cor r elator cor r elates alar m events with event model and deter mines the pr o blem that caused the events Codebook Ap proach
Cor r elation algor ithms based u pon coding a p pro ach to even corr elation. Pr o blem events viewed as messages gener ated by a system and encod ed in sets of alarm s. Cor r elator decod es the pro blem messages to identif y the problems . Two phases:
1.
Code book selection phase: monitor ed identified a nd the gener ate ar e associated with This gener ates code book ( pr o blem-sym ptom matr ix)
2.
Cor r elator com par es and identif ies the pr oblem.
alarm
Pr o blems to be sym ptoms they the pr o blem.
events
with
code book
Causality Graph E4
E5
E6
E1
E2
E3
E7
Figur e 6.11 Causality Gr aph
• • • • • •
Each node is an event An event may cause other events Dir ected edges start ter minate at a resulting event Pictur e c a u s i ng resulting events as sym ptoms
at events
causing
a
as
event
pr o blems
and and
Labeled Causality Graph S1
S2
S3
P1
P2
P3
S4
Figur e 6.12 Labeled Causality Graph
•
Ps ar e pr o blems and Ss ar e sym ptoms
•
P1 causes S1 and S2
•
Note
dir ected
edge
fr om
S1
to
S2
removed;
af ter
removing
S2 is caused dir ectly or in dir ectly (via S1) by P1 •
S2 could also be cau sed by either P2 or P3
Codebook
S1 S2 S3 S4
P1 1 1 0 0
P2 1 1 1 0
P3 0 1 1 1
•
Code book is pr o blem-sym ptom matrix
•
It is der ived fr om causality dir ected edges of pr o pagation of s ym ptoms
•
Num ber of sym ptoms => num ber of pr o blems
•
2 rows ar e adequate to identif y uniquely 3 pro blems
gr a ph
Correlation Matrix
S1 S3
P1 1 0
P2 1 1
P3 0 1
Cor r elation matr ix is reduced code book Correlation Graph S1
S3
P1
P2
P3
Figur e 6.13 Correl ation G raph for
Generalized Causality Graph
9
10 11
5
8
7 6
3
1
4
2
(a) Event Causality Graph
sym ptoms. Mar k all nodes that have only emer ging dir ected edges as pr o blems - Nodes 1, 2 , and 11. Other nodes ar e sym ptoms.
Causality gr a ph has 11 events - pr oblems and
P-S Causality Graph S S
S 9
10
P 5
11 8 7
S
6 3
4
S
S
1
2
P
P (b) P r oble m -Sym pto m Causality Graph
To reduce causality gr a ph to cor r elation gr a ph: •
Sym ptoms 3, 4, one sym ptom, say 3
a nd
•
S7 and S10 hence ignor ed
•
S8 causes S9. Keep S9 and for this would be more o bvious reduction of code book to cor r elation matr ix
are
5
caus ed
ar e
by
cyclical:
S3
Correlation Graph and Matrix
9
3
6
1
11
2
Figur e 6.14 Correla tion Gra ph
with
S5
and
and
eliminate if
re place
we
S8;
reason
go
thr ough
S3 S6 S9
P1 1 0 1
P2 1 1 0
P11 1 0 1
Codebook Enhancements
• • • •
S ta t e • • •
Code book descr i bed so far a s s u me s distance of 1 for uniqueness Noise af f ects accur acy Incr ease Hamming distance to >1 a a Pr o ba bility of pr o blem causing It a ssu m e d as 1. can be m a de Si = be mor e realistic Transition Model Used in Seagate’s Ner veCenter cor r elation system Integr ated in NMS, such as O penView Used to deter mine the status of a node
ping node
response
ping
receive r esponse
Figur e 6.15 State Tr ansition Diagr am f or Ping / Response
State Transition Model Example NMS / Cor r elator
Backbone Network
Router
Hub1
Hub2
Physical Networ k
Hub3
Hamming
sym ptom Pr (P j) to
• •
NMS pings hu bs every minute Failur e indicated by the a bsence of a res ponse
State Transition Graph
pi ng hub
response
pi n g
receiv e res po nse
No res p ons e
ping ed twi ce (Gr ou n d state)
No res p ons e
pi nge d 3 times
No res p ons e Re q u e s t N o r e s p on s e fr om Router, No acti on
recei ve r es p o nse fr om ro uter
ping router Re s p o n s e
Res po nse received fr om Rout er Acti on: Send Alar m Fi gur e 6.1 6 State T ra nsi tion Gr a ph Ex a mpl e
Finite State Machine Model Cli ent
Ser ver
Re q u e s t M es s ag e
S e n d R e q u e st
Res pons e
Re qu es t
Rec eive Resp onse
Com m unication C h a n n el
Re s p o n s e M es s ag e
Fi gur e 6.17 Communic ating Fi ni t e S tate Ma c hine
Rec ei ve Req uest
S en d
Re c e i v e
S e n d Re s p o n s e
Finite state machine model is a passive system; state tr ansition gr a ph model is an active system. An o bser ver agent is pr esent in each node and reports a bnor malities, such as a We b agent. A central s ystem cor r elates events re por ted by the agents. Failur e is detected by a node
enter ing an illegal state 6.6 Security Management
• • • • • • • • •
Secur ity threats Policies and Pr ocedur es Resour ces to pr event secur ity br eaches Fir ewalls Cr y ptogr a phy Authentication and Author izat ion Client/Ser ver authentication system Message tr ansf er secur ity Networ k pr otection secur ity
S e c u r it y T h r e a t s Modif ication of inf or mation Masquer ade Message str eam modif ication
Management Entity A
Management Entity B
Disclosur e Figur e 6.18 Secur ity Thr eats to Management Inf or mation
S NMPv3 addr essed secur ity thr eats using USM (user-b ased secur ity model). USM has two
modules: • •
Authentication module
One-to-one conf igur ation •
ma p ping
Pr ivacy module •
Data conf identiality
between
physical
and
logical
•
Message timeliness
Message pr otection Policies and Procedures
Basic guidelines to set u p policies and pr ocedur es: 1. 2. 3. 4.
Identify what you ar e trying to pr otect. Deter mine what you ar e tr ying to pr otect it f r om. Deter mine how lik ely the thr eats ar e. Im plement measur es, which will pr otect your assets in a cost-ef f ective man ne r.
Review the pr ocess continuously and make im pro vements to each item if a weak ness is f ound Ref er ences:
.
•
For mal statement of rules for pr otecting 2196)
or ganization’s technology and assets (R FC
•
Intr oduction to Fir ewalls ( NIST)
•
Or ange Book by National Com puter Security Center ( NCSC) rat es com puter s based on secur ity design featur es
Secured Communication Network
Client A Fir ewal l Ga te w a y
Sec ur ed Networ k A
C l i en t B Router
Networ k B
Server A
Figur e 6 .1 9 Se cu r ed Co mmu nication Netwo r k
•
Fir ewall secures tr af f ic in and out of Networ k A
•
Secur ity breach could occur by inter ce pting the message going fr om B to A, even if B
has per mission to access Networ k A •
Most systems im plement authentication with user id and passwor d
•
Author ization is by esta blishment of accounts
Firewalls
•
Pr otects a networ k fr om exter nal attack s
•
Contr ols tr af f ic in and out of a secur e network
•
Could be im plemented in a router , gateway, or a s pecial host
Benef its • • • • •
Reduces risk s of access to hos ts Contr olled access Eliminates annoyance to the user s Pr otects pr ivacy (e.g. finger ) Hier ar chical implementati on and technology (e.g. finger ) Pack et Filtering Firewall
of
policy
and
Tr ash SMTP Gateway Ether net
FTP Gateway
Packet Filter ing Router
Inter net
Scr eened SMTP & FTP Secur ed Network Figur e 6.20 Packet Filtering Router Uses pr otocol s pecif ic cr iter ia at DLC, networ k , and tr ans por t layer s.Implemented in router s - called scr eening router or pack et filter ing router s. Filter ing par ameter s: •
Sour ce and/or destination IP address
•
Sour ce and/or addr ess, such as f t p por t 21
destination
TCP/UDP
Multistage screening - addr ess and pr otocol. Wor ks best when rules ar e sim ple.
por t
Application Level Gat eway
Secur ed Networ k
Secur ed L AN
Fir ewall 1
Fir ewall 2
Inter net
Pr oxy Ser vices Application Gateway Figur e 6.21 Application Level Gateway
• Fir ewalls 1 and 2 route tr af f ic only fr om and to the secur ed LAN • Secur ed LAN is gateway LAN • Behavior of a p plication gateway de pendent on the a p plication • FTP tr af f ic stor ed and forwarde d af ter validation • TELNET hosts validated for the session and then dir ect communication established Cryptography •
Secur e communication requires •
Integr ity protection: ensur ing that the message is not tam per ed with
•
Authentication validation: ensur es the or iginator identif ication
•
Secur ity threats
•
• Modif ication of inf or mation • Masquer ade • Message str eam modification • Disclosur e Har dwar e and sof twar e solutions
•
Most secur e commu nication is sof twar e based
Secret Key Cryptography Tr ansmission Channel Plainte xt
E ncr ypStieocnr et Key
Ciph er t ex t
Decr yptiSoencr et Key
Figur e 6.22 Basic Cr yptogr aphic Communication
Pl aintex t
• • • • •
Caesar ci pher : each letter re placed by another letter , which is thr ee letter s behind in the al pha bet Maximum of 26 attem pts to decode Caesar cipher Monoal pha betic ci pher : Re place a letter with another randomly chosen; Maximum attem pts to decode 26! One secr et key is needed between each pair Two standar d algorithms for secr et key: • •
DE S ( Da t a Encry ption 64- bit message block s and 56- bit key IDEA (Inter national Data Encry ption 64- bit message block s and 128- bit key
•
Message block der ived using CBC (Ci pher Block Chaining)
•
Pr inci ple based on rear r anging the times based on pr edeter mined algor ithm and secr et key
blocks
Standar d): Algorithm):
several
Public Key Cryptography
Tr ansmission Channel Plaintext
Encr yption
Cipher text
Public Key
Decr y ptio n
Plaintext
Pr ivate Key
Figu r e 6.23 Pu blic Key Cr yp tog r a ph ic Co mm unication
• • • • • •
Asymmetr ic cry ptogr a phy - pu blic and pr ivate key Pu blic key is distr i buted by the receiver to the sender s to encr y pt the message. Pr ivate key is used by receiver t o decode ci pher text Mail box analogy Commonly used pu blic key is RSA (R ivest, Shamir , and Adleman); 512 - bit key, var ia ble block size RSA less ef f icient than DES and IDEA; used to encry pt secr et key
Message Digest
• • • •
Message digest is a cr y ptogr a phic hash algorithm added to a message One-way function Analogy with CR C If the message is tam per ed with the message digest at the receiving end fails to validate
• • •
MD5 (used in S NMPv3) commonly used MD MD5 tak es a message of ar bitr ary length (32-Byte) block s and gener ates 128- bit message digest SHS (Secur ed Hash Standar d) message digest pro posed by NIS T handles 264 bits and gener ates 160- bit out put
Digital Signature Pl ai ntext
Pl ai ntext P l a i n te x t
Ian's Pr ivate Key (S)
D ig it a l Sign ature
Rita's Publi c Key (R)
E ncr yption
Plaintex t
Rita's Pr ivate K ey (R) Ian's P u bli c Key (S)
Tr an smis sion C hann el Si gn ed Cip h ertext
D ecr yp tio n
Sig nat ur e V alidatio n
Fi gur e 6. 24 Si gn ed P ublic K e y Cr y ptogr a p hic Co mmun ic ati on
• • •
Pr inci ple rever se of pu blic key Signatur e cr eated using pr ivate key and validated using pu blic key Digital signatur e is a message digest gener ated fr om plaintext and pr ivate key by a hashing algorithm Digital signatur e is concatenated with the plaintext and encr y pted using pu blic key
• • Authentication and Authorization •
•
Authentication ver if ies user identif ication •
Client/ser ver envir onment
•
• Tick et-gr anting system • Authentication ser ver system • Cry ptogr a phic authentication Messaging envir onment
• e-mail • e-commer ce Author ization gr ants access to inf or mation •
Read, read-wr ite, no-access
•
Indef inite per iod, finite per iod, one-time use
Tick et-Granting System
Ker b er os
Clie n t W or ks t at ion
Us er Inp ut
A ut h enti cati on Ser ver
A pplica t ion Ser v er / Ser vice
Tick et Gr a nting Ser ver
Fi gur e 6. 26 Ti c ke t-Granti n g Sys tem
Authentication Server
User In p u t
Client Wor kstation
Authentication Ser ver
Authentication
Pr oxy Ser ver Ser vice
Application Ser ver / Ser vice
Authentication
Figur e 6.27 Authentication Ser ver
• • • • • •
Ar chitectur e of Novell LAN Authentication ser ver does not issue tick et Login and passwor d not sent fr om client wor k station User sends id to central authentication ser ver Authentication ser ver act s as pr oxy and authenticates the user w ith the a p plication ser ver Pr ocess tr ans par ent to the user
agent
to
the
client
Message Transf er Sec urity
•
Messaging one-way communication
•
Secur e and secur ed
•
Thr ee secure mail systems
message
need s
to
•
Pr ivacy Enhanced Mail (PEM)
•
Pr etty Good Pr ivacy (PGP)
•
X-400: OSI s pecif ications fr amework ; not im plementation s pecif ic
•
Privacy E nhanced Mail
•
Develo ped by IETF (R FC 1421 - 1424)
•
End-to-end cry ptogr a phy
•
Pr ovides •
Conf identiality
•
Authentication
•
Message integr ity assur ance
•
Non re pudiation of or igin
•
Data encr y ption key pu blic key- based agr eed u pon method
•
P EM pr ocesses message encoding
(DEK ) co u ld or iginator
based
on
•
MIC-CLEAR (Message Integr ity Code-CLEAR )
•
MIC-O NLY
•
E NCR YPTED
be
authenticated
that
be and
def ine
secr et
cr y ptogr a phy
or receiver
and
PE M Processes
MIC Encrypted DEK Text
User Plaintex t
SMTP For mat Conv ers ion
SMTP Text
MIC Generator
MIC-CLEA R PEM
MIC/DEK
e-mail System
MIC Encrypted DEK
(a) MIC-CLEAR P EM Pr ocess
Encoded Text MIC/DEK
U ser Plaintext
SMTP For mat Conv ers ion
SMTP Text
Enc oder (Printabe l code)
MIC Generator
MIC ONLY PEM
e-mail System
MIC Encrypted DEK (b) MIC-ONLY PE M Pr ocess
Encrypted & Encoded Message
MIC/DEK
User Plaintext
SMTP For mat Conversion
SMTP Text
MIC Generator
Legend: DEK Data Encryption Key IK Inter exchange Key MIC Message Integr ity Code SM TP Simple Mail Tr ansfer Protocol
Padding & Enc ry pt ion
Encoder (Printable code)
ENCRYPTED PEM
e-mail System
(c) ENCR Y PTED PE M Process
Figure 13. 40 PE M Pr ocesses
DEK a random num ber gener ated per message basis:
used to encry pt the message text
and gener ate MIC. IK a long-range key agreed upon between the sender receiver used to encry pt DEK : IK is either pu blic or secr et. Pu blic key avoids r e pudiation. Pretty Good Privacy
•
PGP secur e mail pack age develo ped by Zimmerma n
•
Availa ble in pu blic domain
•
Signatur e gener ation •
Uses MD5 to generate hash code
•
Encr y pts hash using RSA algo rithm
code
wi t h
•
Encry ption of the message done using IDEA or RSA
•
Com pr ession done with ZIP
•
e-mail conver sion done using Radix-64
•
PGP similar com pr ession
to
encr y pted
sender’s
pri vate
PEM
with
Publi c Key
key
added
Signature Encr ypted & C o mpr es sed M ess age
Pl aintext
Encr yption
C o mpr es s ion
C onc at e nat ion
Pl aintext
e- mail c onv er s ion
e- mail sy st em
Sig nat ur e G e ner ati on Pr i vate Key
Fi gur e 6. 28 P GP P ro c ess
SNMPv3 Security
• • • • • •
Authentication key equivalent to DEK in PEM or pr ivate key in PGP Authentication key gener ated using user passwor d and S NMP engine id Authentication key may be used to encry pt message USM pr e par es the whole message including scoped PDU HMAC, equivalent of signatur e in PEM and PGP, gener ated using authentication key and the whole message Authentication module pr ovided with authentication key and HMAC to pr ocess incoming message
E ncr y pt e d s co p e d P D U
sc o p e d P D U
Pr ivacy M o dul e
Encr yption Key
pa ssword a ut hor it at iv eSn mpE ngi n eI d
wholeM sg
HM AC Gen.
authK ey
Authentication M o dul e
a ut he ntic at ed whol eMsg
USM
Figu r e 6.29 SNMP Secu r e C om mu nic ation
Virus Attack s
• • • •
USM
Executa ble pr ogr ams that mak e co pies and inser t them into other pr ogr ams Attack s hosts and routers Attack inf ects boot tr ack, com pr omises c pu, floods networ k t r affic, etc. Pr evention is by identifying the patter n of the vir us and im plementing pr otection in vir us check ers
• Accounting Management • • • • •
Least develo ped Usage of resour ces Hidden cost of IT usage (li br ar ies) Functional accounting Business a p plication
6.7 Policy-B ased Management
•
Do m a i n attr i butes)
s pace
consists
of
•
Rule s pace consists of rules (if -then)
•
Policy Dr iver contr ols action to be tak en
•
Distinction between policy res ponsi bility and accounta bility
o b jects
and
rule;
(alar ms
policy
wi t h
assigns
Service Level Management
•
S LA management QoS of networ k
•
SLA def ines •
of
service
Identif ication of ser vices and char acter istics
equivalent
to