Section 9.7. Network Management | Computer and Communication Networks (paperback)

9.7. Network Management

The main purpose of network management is to monitor, manage, and control a network. A network can be structured with many links, routers, servers, and other physical-layer devices, which can be equipped with many network protocols that coordinate them. Imagine when thousands of such devices or protocols are tied together by an ISP and how drastic their management can become to avoid any interruptions in routine services. In this context the purpose of network management is to monitor, test, and analyze the hardware, software, and human elements of a network and then to configure and control those elements to meet the operational performance requirements of the network.

Figure 9.10 illustrates a simple network management scenario in which LANs connect to the Internet. LAN 1 is dedicated to the network administrator facilities. The network administrator can periodically send management packets to communicate with a certain network entity. A malfunctioning component in a network can also initiate communication of its problem to the network administrator.

Figure 9.10. Simple network management in a scenario of LANs connecting to the Internet

Network management tasks can be characterized as follows :

QoS and performance management. A network administrator periodically monitors and analyzes routers, hosts , and utilization of links and then redirect traffic flow to avoid any overloaded spots. Certain tools are available to detect rapid changes in traffic flow.
Network failure management. Any fault in a network, such as link, host, or router hardware or software outages, must be detected, located, and responded to by the network. Typically, increased checksum errors in frames is an indication of possible error. Figure 9.10 shows adapter failures at router R3 and host H37; these failures can be detected through network management.
Configuration management. This task involves tracking all the devices under management and ensuring that all devices are connected and operate properly. If there is an unexpected change in routing tables, a network administrator wants to discover the misconfigured spot and reconfigure the network before the error affects the network substantially.
Security management. A network administrator is responsible for the security of its network. This task is handled mainly through firewalls, as discussed in Chapter 10. A firewall can monitor and control access points. In such cases, the network administrator wants to know about any intrusion from a suspicious source to the network. For example, a host in a network can be attacked by receiving a large number of SYN packets.
Billing and accounting management. The network administrator specifies user access or restrictions to network resources and issues all billing and charges, if any, to users.

Locating a failing point, such as an adapter failure at a host or a router, can be done by appropriate network management tools. Normally, a standard packet format is specified for network management.

9.7.1. Elements of Network Management

Network management has three main components : network management: a managing center , a managed device , and a network management protocol . The managing center consists of the network administrator and his or her facilities. Typically, the managing center comprises a substantial human network. A managed device is the network equipment, including its software, that is controlled by the managing center. Any hub, bridge, router, server, printer, or modem can be a managed device. The network management protocol is a policy between the managing center and the managed devices. The protocol in this context allows the managing center to obtain the status of managed devices. In network management, an agent is a managed device, such as a router, hub, or bridge. A manager is a network administrative device, as a management host. An agent can use the network management protocol to inform the managing center of an unexpected event.

9.7.2. Structure of Management Information (SMI)

The structure of management information (SMI) language is used to define the rules for naming objects and to encode objects in a managed network center. In other words, SMI is a language by which a specific instance of the data in a managed network center is defined. For example, Integer32 means a 32-bit integer with a value between -2 ³¹ and -2 ³¹ - 1. The SMI language also provides higher-level language constructs, which typically specify the data type, status, and semantics of managed objects containing the management data. For example, the STATUS clause specifies whether the object definition is current or obsolete, ipInDelivers defines a 32-bit counter to trace the number of IP datagrams received at a managed device and then received at an upper-layer protocol.

9.7.3. Management Information Base (MIB)

Management information base (MIB) is an information storage medium that contains managed objects reflecting the current status of the network. Because managed objects have associated pieces of information that are stored in a MIB, the MIB forms a collection of named objects, including their relationships to one another in a management center. The information pieces can be obtained by directing the managing center to do so.

Objects are organized in a hierarchical manner and are identified by the abstract syntax notation one (ASN.1) object definition language. The hierarchy of object names , known as ASN.1 object identifier , is an object identifier tree in which each branch has both a name and a number, as shown in Figure 9.11. Network management can then identify an object by a sequence of names or numbers from the root to that object.

Figure 9.11. ASN.1 object identifier organized hierarchically

On the root of the object identifier hierarchy are three entries: ISO (International Standardization Organization), ITU-T (International Telecommunication Union-Telecommunication) standardization sector, and ISO-ITU-T, the joint branch of these two organizations. Figure 9.11 shows only part of the hierarchy. Under the ISO entry are other branches. For example, the organization (3) branch is labeled sequentially from the root as 1.3. If we continue to follow the entries on this branch, we see a path over dod (6) , Internet (1) , management (2) , mib-2(1) , and ip (4) . This path is identified by (1.3.6.1.2.1.4) to indicate all the labeled numbers from the root to the ip (4) entry. Besides that entry, MIB module represents a number of network interfaces and well-known Internet protocols at the bottom of this tree. This path clearly shows all the standards of "IP" associated with the "MIB-2" computer networking "management."

9.7.4. Simple Network Management Protocol (SNMP)

The Simple Network Management Protocol (SNMP) is designed to monitor the performance of network protocols and devices. SNMP protocol data units (PDUs) can be carried in the payload of a UDP datagram, and so its delivery to a destination is not guaranteed . Managed devices, such as routers and hosts, are objects, and each object has a formal ASN.1 definition. For each object, MIB accommodates a database of information that describes its characteristics. With this protocol, a network manager can find the location of a fault. SNMP runs on top of UDP and uses client/server configurations. The commands of this protocol define how to query information from a server and forward information to a server or a client.

The task of SNMP is to transport MIB information among managing centers and agents executing on behalf of managing centers. For each managed MIB object, an SNMP request is used to retrieve or change its associated value. If an unsolicited message is received by an agent, or when an interface or device goes down, the protocol can also inform the managing center. The second version of this protocol, SNMPv2, runs on top of more protocols and has more messaging options, resulting in more effective network management. SNMPv3 has more security options.

SNMPv2 has seven PDUs, or messages, as follows.

GetRequest is used to obtain a MIB object value.
GetNextRequest is used to obtain the next value of a MIB object.
GetBulkRequest gets multiple values, equivalent to multiple GetRequests but without using multiple overheads.
InformRequest is a manager-to-manager message that two communicating management centers are remote to each other.
SetRequest is used by a managing center to initiate the value of a MIB object.
Response is a reply message to a request-type PDU.
Trap notifies a managing center that an unexpected event has occurred.

Figure 9.12 shows the format of SNMP PDUs. Two types of PDUs are depicted: Get or Set and Trap. The Get or Set PDU format is as follows:

PDU type indicates one of the seven PDU types.
Request ID is an ID used to verify the response of a request. Thus, a managing center can detect lost requests or replies.
Error status is used only by Response PDUs to indicate types of errors reported by an agent.
Error index is a parameter indicating to a network administrator which name has caused an error.

Figure 9.12. SNMP PDU format

If requests or replies are lost, SNMP does not mandate any method for retransmission. Error status and Error index fields are all zeros except for the one in a GetBulkRequest PDU. Figure 9.12 also shows the format of the Trap PDU, whereby the enterprise field is for use in multiple networks; the timestamp field, for measuring up time; and the agent address field, for indicating that the address of the managed agent is included in the PDU header.