Chapter 12 NM Tools and Systems
55 Slides2.65 MB
Chapter 12 NM Tools and Systems
NM Tools and Systems 1. 2. 3. 4. 5. Network Management Tools Network Statistics Measurement Systems Network Management Systems System Management Enterprise Management Systems
1. Network Management Tools NOC Tools (RFC 1470) ftp://wuarchive.wustl.edu/doc/noctools/
Bit Error Rate Tester Physical layer monitoring tool Important for WAN and Broadband access Generates and detects bits Bit error rate (BER) is calculated by comparing the transmitted pattern with received pattern BER can be measured for a modem or two modems and the link in between
BERT in HFC / LAN Environment
Status Monitoring Tools
ifConfig Used to assign/read an address to/of an interface Option -a is to display all interfaces Notice two interface loop-back (lo0) and Ethernet (hme0) [/home/staff/ycchen]ifconfig -a lo0: flags 849 UP,LOOPBACK,RUNNING,MULTICAST mtu 8232 inet 127.0.0.1 netmask ff000000 hme0: flags 863 UP,BROADCAST,NOTRAILERS,RUNNING,MU LTICAST mtu 1500 inet 163.22.20.16 netmask ffffff00 broadcast 163.22.20.255 onfig le0 down onfig le0 163.22.20.16 netmask 255.255.255.0 broadcast 163.22.20.255
Ping Most basic tool for internet management Based on ICMP ECHO REQUEST message Available on all TCP/IP stacks Useful for measuring connectivity Useful for measuring packet loss Can do auto-discovery of TCP/IP equipped stations on single segment
nslookup An interactive program for querying Internet Domain Name System servers Converts a hostname into an IP address and vice versa querying DNS Useful to identify the subnet a host or node belongs to Lists contents of a domain, displaying DNS record
Traffic Monitoring Tools
Packet Loss Measurement
ping Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS] [-r count] [-s count] [[-j host-list] [-k host-list]] [-w timeout] destination-list Options: -t -a -n count -l size -f -i TTL -v TOS -r count -s count -j host-list -k host-list -w timeout Ping the specified host until stopped. To see statistics and continue - type Control-Break; To stop - type Control-C. Resolve addresses to hostnames. Number of echo requests to send. Send buffer size. Set Don't Fragment flag in packet. Time To Live. Type Of Service. Record route for count hops. Timestamp for count hops. Loose source route along host-list. Strict source route along host-list. Timeout in milliseconds to wait for each reply.
bing bing bing 163.22.18.110 203.64.255.90 L1 L2 Used to determine throughput of a link Uses icmp echo utility Knowing packet size and delay, calculates bandwidth bing L1 and L2 and the difference yields the bandwidth of link L1-L2 Bandwidth of link L1-L2 could be higher than the intermediate links. http://www.freenix.fr/freenix/logiciels/bing.html
snoop Puts a network interface in promiscuous mode Logs data on Protocol type Length Source address Destination address Reading of user data limited to superuser
Network Routing Tools
netstat C:\ netstat -n -a Active Connections Proto Local Address Foreign Address State TCP 0.0.0.0:21 0.0.0.0:0 LISTENING TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:1234 0.0.0.0:0 LISTENING TCP 0.0.0.0:1235 0.0.0.0:0 LISTENING TCP 0.0.0.0:1236 0.0.0.0:0 LISTENING TCP 163.31.153.68:1234 163.22.3.4:80 ESTABLISHED TCP 163.31.153.68:1235 163.22.4.67:80 ESTABLISHED TCP 163.31.153.68:1236 163.22.4.67:80 SYN SENT UDP 0.0.0.0:135 *:* UDP 0.0.0.0:445 *:* UDP 0.0.0.0:38037 *:* UDP 127.0.0.1:1230 *:* UDP 163.31.153.68:500 *:*
NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval] -a -e the -s Displays all connections and listening ports. Displays Ethernet statistics. This may be combined with option. Displays addresses and port numbers in numerical -n form. -p proto Shows connections for the protocol specified by proto; proto may be TCP or UDP. If used with the -s option to display per-protocol statistics, proto may be TCP, UDP, or IP. -r Displays the routing table. -s Displays per-protocol statistics. By default, statistics are shown for TCP, UDP and IP; the -p option may be used to specify a subset of the default. interval Redisplays selected statistics, pausing interval seconds between each display. Press CTRL C to stop redisplaying
traceroute/tracert tracert www.hinet.net Usage: tracert [-d] [-h maximum hops] [-j host-list] [-w timeout] target name Options: -d -h maximum hops target. Do not resolve addresses to hostnames. Maximum number of hops to search for -j host-list Loose source route along host-list. -w timeout Wait timeout milliseconds for each reply.
Trace Route http://www.visualroute.com/
Network Management Tools SNMP command tools MIB Walk MIB Browser snmpsniff
SNMP Command Tools snmptest snmpget snmpgetnext snmpset snmptrap snmpwalk snmpnetstat
Network Status Command: snmpnetstat host community Useful for finding status of network connections % snmpnetstat noc5 public Active Internet Connections Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp 0 0 *.* *.* CLOSED tcp 0 0 localhost.46626 localhost.3456 ESTABLISHED tcp 0 0 localhost.46626 localhost.3712 ESTABLISHED tcp 0 0 localhost.46626 localhost.3968 ESTABLISHED tcp 0 0 localhost.46626 localhost.4224 ESTABLISHED tcp 0 0 localhost.3456 localhost.46626 ESTABLISHED tcp 0 0 localhost.3712 localhost.46626 ESTABLISHED tcp 0 0 localhost.3968 localhost.46626 ESTABLISHED tcp 0 0 localhost.4224 localhost.46626 ESTABLISHED tcp 0 0 noc5.41472 noc5.4480 ESTABLISHED tcp 0 0 noc5.41472 noc5.4736 ESTABLISHED tcp 0 0 noc5.4480 noc5.41472 ESTABLISHED tcp 0 0 noc5.4736 noc5.41472 ESTABLISHED
SNMP Browser Command: snmpwalk host community [variable name] Uses Get Next Command Presents MIB Tree
SNMP Sniff snmpsniff -I interface A tool in Linux / FreeBSD environment Puts the interface in promiscuous mode and captures snmp PDUs. Similar to tcpdump
Protocol Analyzer Analyzes data packets on any transmission line including LAN Measurements made locally or remotely Probe (data capture device) captures data and transfers to the protocol analyzer (no storage) Data link between probe and protocol analyzer either dial-up or dedicated link or LAN Protocol analyzer analyzes data at all protocol levels
RMON Probe Communication between probe and analyzer is using SNMP Data gathered and stored for an extended period of time and analyzed later Used for gathering traffic statistics and used for configuration management for performance tuning
Network Monitoring with RMON Probe
Network Statistics Protocol Analyzers RMON Probe / Protocol analyzer MRTG (Multi router traffic grouper) Home-grown program using tcpdump
Traffic Load: Source
Traffic Load: Source/Destination
Protocol Distribution
Enterprise Management Management of data transport IBM Netview, Sun Solstice, HP OpenView, Cabletron Spectrum Systems management CA Unicenter and Tivoli TME Network and systems management Partnerships Telecommunications management TMN, Operations systems Service management and policy management
NMS Components Hardware Operating System Core Application Services Common SNMP Services Vendor Specific NMS Services
NMS Components
Multi-NMS Configuration
Network Configuration Configure agents Configure management systems Community administration parameters Community name MIB view Trap targets Auto-discovery : Scope
Network Monitoring By polling By traps (notifications) Failure indicated by pinging or traps Ping frequency optimized for network load vs. quickness of detection trap messages: linkdown, linkUp, coldStart, warmStart, etc. Network topology discovered by auto-discovery
Global View
Domain View
Segment View
Node Discovery In a Network Node Discovery Given an IP Address with its subnet mask, find the nodes in the same network. Two Major Approaches: Use ICMP ECHO to query all the possible IP addresses. Use SNMP to query the ARP Cache of a node known
Use ICMP ECHO Eg: IP address: 163.25.147.12 Subnet mask: 255.255.255.0 All possible addresses: 163.25.147.1 163.25.147.254 For each of the above addresses, use ICMP ECHO to inquire the address If a node replies (ICMP ECHO Reply), then it is found.
Use SNMP Find a node which supports SNMP The given node, default gateway, or router Or try a node arbitrarily Query the ipNetToMediaTable in MIBipNetToMediaPhysAddress ipNetToMediaType II IP group ipNetToMediaIfIndex 1 2 00:80:43:5F:12:9A 00:80:51:F3:11:DE ipNetToMediaNetAddress 163.25.147.10 dynamic(3) 163.25.147.11 dynamic(3)
Network Discovery Network Discovery Find the networks to be managed with their interconnections Given a network, find the networks which directly connect with it. Recall that networks are connected via routers. Major Approach Use SNMP
Discovering Networks 163.25.145.0 163.25.145.0 163.25.146.0 140.112.8.0 140.112.8.0 140.112.6.0 163.25.148.0 163.25.147.0 140.112.5.0 192.168.13.0 192.168.12.0
A Network Discovery Algorithm 1. First use a node discovery algorithm to find all the nodes in the network. 2. For each discovered node, use SNMP to query the ipAddrTable of MIB-II IP group ipAdEntIfIndex ipAdEntBcastAddr ipAdEntAddr ipAdEntNetMask 163.25.145.254 1 255.255.255.0 163.25.145.255 162.25.146.254 2 255.255.255.0 163.25.146.255 162.25.147.254 3 255.255.255.0 163.25.147.255 3. Query the corresponding entries in ipRouteTable to verify the above addresses
ipRouteTable
Commercial NMS & System Solutions Enterprise NMS Hewlett-Packard OpenView Sun SunNet Manager IBM Netview Cabletron Spectrum Enterprise Manager Low End NMS SNMPc System & Network Management Computer Associates Unicenter TNG Tivoli TME / Netview Big Brother Spong
HP OpenView Network Node Manager Auto-discovery and mapping Drill-down views Fault monitoring Event monitoring MIB Browser SNMP tools Traffic monitoring 3rd party integration
HP OpenView Platform Open, modular, and distributed architecture Object oriented design; TNM can be implemented Open API-based architecture Easy vendor-specific NMS integration by 3rd party
OpenView Distributed Platform Management Applications APIs Routing Event Servic es Postmaster CMIP SNMP Communications Infrastructure Network TCP/IP
Distributed OpenView NNMs MoM
