Lecture 10:

Network Management Applications

(Part 1)

Chapter 13
Network Management Applications
Network Management: Principles and Practice
© Mani Subramanian 2000
1
 Outline
◼ I. Today’s Networks & Services
◼ II. Network Management Requirements
◼ III. Network and Systems Management
◼ IV. Configuration Management
◼ V. Other Tasks of Configuration Management
◼ Performance Management
◼ Fault Management
◼ Event Correlation Techniques
◼ Security Management
◼ VI. Accounting Management
◼ VII. Policy-based Management
◼ VIII. Service Level Management
2
 I. Today’s Networks & Services
Cloud, VM, Unified Communication, Social Networks, AI, HPC, HCI
(Hyperconverged Infrastructure), Security, WAF Local, Long-distance,
Oversea Phone service
World-Wide Web 080, 070, collect-call
Email, DNS, FTP third-party IN service
News, Telnet, IRC cellular, C2, PCS, TRS
RealAudio, RealVideo
MBone
MPLS SDH Access
IP Networks 4G/5G
Infiniband
Fast/Gigabit WANs SS#7 PSDN PSTN
Ethernet /VoIP
SAN
WiFi ISDN
B-ISDN IN/AIN

Computer Networks Telecom Networks

Video Conferencing
Electronic Commerce
Internet Phone Video-on-Demand
Banking, Accounting Tele-conferencing
Distance Learning Video-conferencing
Internet Telephony

How to manage several diverse types of systems,

3
networks, and applications.
 II. NM Users’ Requirements
◼ Controlling corporate strategic assets
❑ effective control of network & computing resources
◼ Controlling complexity
❑ continued growth of devices, users, applications & protocols
◼ Improving service
❑ users expect better service with increased resources
◼ Balancing various needs
❑ must assign and control resources to balance various needs
◼ Reducing downtime
❑ more users and applications depend on availability
◼ Controlling costs
❑ effective resource utilization in order to control costs

4
NM Functional Requirements

◼ Fault Management
❑ detection, isolation and correction of abnormal operations
◼ Configuration Management
❑ identify managed resources and their connectivity, discovery
◼ Accounting Management
❑ keep track of usage for charging
◼ Performance Management
❑ monitor and evaluate the behavior of managed resources
◼ Security Management
❑ allow only authorized access and control

FCAPS
5
Fault Management
◼ Concerned with:
❑ providing a reliable networking environment
❑ ensuring that the systems as a whole, and each essential
component individually, are in proper working order
❑ redundant components and routes can be used to increase fault
tolerance => power supply, fan, interface => redundant
equipment

◼ When a fault occurs, the manager should be able to:

❑ determine exactly where the fault (i.e., abnormal condition) is
❑ isolate the rest of the network from failure
❑ reconfigure or modify the network for continued operation
❑ repair or replace the failed components to restore the network
6
Configuration Management
◼ Concerned with:
❑ initializing a network & shutting down part or all of the network
❑ maintaining, adding and updating the relationships among
components
❑ monitoring the status of components during network operation

◼ Network manager should be able to:

❑ startup and shutdown operations on a network
❑ identify the components that comprise the network (discovery)
❑ change the connectivity of the components (possibly as a result
of network upgrade, fault recovery or security checks)
❑ detect changes in the network configuration

7
Accounting Management

◼ Concerned with:
❑ keeping track of the usage of network resources
❑ charging the use of network resources
❑ monitoring the end-user activities for possible abuse, for
suggesting better usage to users and for network planning

◼ Manager should be able to:

❑ specify the kinds of accounting information to be recorded at
various nodes
❑ specify the algorithms to be used in calculating the charging
❑ generate accounting reports

8
Performance Management
◼ Concerned with:
❑ providing an efficient communication environment
❑ monitoring and analyzing the performance of the components
❑ making proper adjustments to improve network performance

◼ Manager should be able to:

❑ determine the capacity utilization, throughput, the average and
worst-case response times
❑ monitor and gather data on the activities of components
❑ analyze the gathered data and assess performance levels
❑ determine the sources of performance problems & fix them
❑ use the performance stats for future network planning

9
https://www.researchgate.net/figure/Traffic-load-incoming-and-outgoing-
10
traffic-sample-monthly-and-yearly-resultslive_fig1_314282026
Security Management
◼ Concerned with:
❑ providing a secure networking environment
❑ preventing hacking, illegal and unauthorized access
❑ managing information protection and access-control facilities

◼ Manager should be able to:

❑ generate, distribute and store encryption keys
❑ maintain and distribute passwords and other authorization or
access-control information
❑ monitor and control access to networks
❑ collect, store and examine audit records and security logs
❑ enable & disable the logging facilities

11
III. Network and Systems
Management
Business
Management

Service
Management

Network System
Management Management

Element Resource
Management Management

Network System
Elements Resources

Networked Information Systems

12
IV. Configuration Management
◼ Network Provisioning
❑ Provisioning of network resources
✓ Design
✓ Installation and maintenance

◼ Inventory Management
❑ Equipment
❑ Facilities
◼ Network Topology
◼ Database Considerations

13
Network Topology
◼ Network Topology Discovery
◼ Manual
◼ Auto-discovery by NMS using
❑ Broadcast ping
❑ ARP table in devices
◼ Mapping of network
❑ Layout
❑ Layering
◼ Views
❑ Physical
❑ Logical
14
Network Topology Discovery

163.25.145.0 163.25.146.0

140.112.8.0 140.112.6.0
163.25.146.128
163.25.147.0

140.112.5.0

192.168.13.0 192.168.12.0

15
Mapping of Network

16
Discovery in A Network

◼ What to be discovered in a network ?

❑ Node Discovery
◼ The network devices in each network segment
❑ Network Discovery
◼ The topology of networks of interest
❑ Service Discovery
◼ The network services provided

◼ Network Topology Discovery

❑ Network Discovery + Node Discovery

17
Node Discovery

◼ Node Discovery
❑ Given an IP Address, find the nodes in the same
network.
◼ Two Major Approaches:
❑ Use Ping (ICMP ECHO) to query the possible IP
addresses.
❑ Use SNMP (ipNetToMediaTable) to retrieve the
ARP Cache of a known node.

18
Use ICMP ECHO
163.25.147.1 alive
163.25.147.2 alive
◼ Eg: IP address: 163.25.147.12 163.25.147.3 no
Subnet mask: 255.255.255.0 163.25.147.4 no
…
◼ All possible addresses: 163.25.147.254 alive

❑ 163.25.147.1 ~ 163.25.147.254 x
❑ 163.25.0.1 – 163.25.255.254
◼ For each of the above addresses, use ICMP
ECHO to inquire the address
◼ If a node replies (ICMP ECHO Reply), then it is
found.
◼ Broadcast Ping

19
Use SNMP

◼ Find a node which supports SNMP

❑ The given node, default gateway, or router
❑ Or try a node arbitrarily
◼ Query the ipNetToMediaTable in MIB-II IP group
(ARP Cache)

ipNetToMediaPhysAddress ipNetToMediaType
ipNetToMediaIfIndex ipNetToMediaNetAddress

1 00:80:43:5F:12:9A 163.25.147.10 dynamic(3)

2 00:80:51:F3:11:DE 163.25.147.11 dynamic(3)

20
Network Discovery (1)

◼ Network Discovery
❑ Find the networks of interest with their
interconnections
◼ Key Issue:
❑ Given a network, what are the networks directly
connected with it ?
◼ Major Approach
❑ Use SNMP (ipRouteTable) to retrieve the routing
table of a router.

21
Network Discovery (2)

Default Router

Routing table

22
Network Discovery (3)

23
24
Service Discovery

◼ Given a node, find out the network services

provided by the node.
◼ Recall that each network service will use a
dedicated TCP/UDP port.
◼ Standard TCP/UDP Ports: 0 ~ 1023
◼ Two Approaches
❑ Use TCP Connection Polling (Port Scan)
❑ Use SNMP

25
Use TCP Connection Polling

◼ First specify the TCP services (i.e., TCP port

numbers) to be discovered. -> netstat
◼ For each TCP service to be discovered, use a
TCP connection to try to connect to the
corresponding TCP port of the node.
◼ If the connection is successfully established,
then the service is found.
◼ Note that it is difficult to discover the UDP
services following the same way.

26
tcpConnTable

27
Use SNMP
◼ If the node supports SNMP
❑ Use SNMP to query tcpConnTable

tcpConnLocalAddress tcpConnRemAddress
tcpConnState tcpConnLocalPort tcpConnRemPort
listen(2) 0.0.0.0 80 0.0.0.0 0
established(5) 163.25.149.254 23 163.25.146.22 1234

❑ Use SNMP to query udpTable

udpLocalAddress udpLocalPort
0.0.0.0 111
0.0.0.0 161
28
29
V. Other Tasks of Configuration
Management
◼ Inventory Management - Documentation
◼ IP Address Management (IPAM)
❑ A means of planning, tracking, and managing the
Internet Protocol address space used in a
network.
◼ Layer 2 Management (Topology?)

30
The Big Picture
- Monitoring Notifications
- Data collection
- Accounting

Ticket
- Change control &
monitoring
Ticket
- Capacity planning
- NOC Tools - Availability (SLAs)
- Ticket system - Trends
- Detect problems
Ticket
Ticket
- Improvements
- Upgrades
Ticket - User complaints
- Requests

- Fix problems

31
A Few Open Source Solutions…
Performance Change Mgmt Net Management
▪ Cricket ▪ Mercurial ▪ Big Brother
▪ IFPFM ▪ Rancid (routers)
▪ flowc ▪ Big Sister
▪ RCS ▪ Cacti
▪ mrtg
▪ Subversion ▪ Hyperic
▪ netflow
▪ NfSen ▪ Munin
▪ ntop Security/NIDS ▪ Nagios*
▪ pmacct ▪ Nessus ▪ Netdisco
▪ rrdtool ▪ OSSEC ▪ Netdot
▪ SmokePing ▪ Prelude ▪ OpenNMS
▪ Samhain ▪ Sysmon
SNMP/Perl/ping ▪ SNORT ▪ Zabbix
▪ Ticketing ▪ Untangle
▪ RT, Trac, Redmine

32
Inventory Management :
Documentation: Diagrams

33
Automated Systems
There are quite a few automated network
documentation systems.
❑ IPplan:
https://sourceforge.net/projects/iptrack/
❑ Netdisco:
http://netdisco.org/
❑ Netdot:
https://github.com/cvicente/Netdot
❑ Wiremaps:
https://github.com/vincentbernat/wiremaps

30
IPplan:

From the IPplan web page:

“IPplan is a free (GPL), web based, multilingual, TCP IP address management
(IPAM) software and tracking tool written in php 4, simplifying the
administration of your IP address space. IPplan goes beyond TCPIP address
management including DNS administration, configuration file management,
circuit management (customizable via templates) and storing of hardware
information (customizable via templates).”

31
The main index page

32
33
34
Netdisco:
◼ Project launched 2003. Version 1.0 released
October 2009.
◼ Some popular uses of Netdisco:
❑ Locate a machine on the network by MAC or IP and
show the switch port it lives at.
❑ Turn Off a switch port while leaving an audit trail.
Admins log why a port was shut down.
❑ Inventory your network hardware by model, vendor,
switch-card, firmware and operating system.
❑ Report on IP address and switch port usage: historical
and current.
❑ Pretty pictures of your network.
https://metacpan.org/pod/App::Netdisco 35
36
37
38
Netdot: (1)
Includes functionality of IPplan and Netdisco and
more.
Core functionality includes:
❑ Device discovery via SNMP
❑ Layer2 topology discovery and graphs, using:
◼ CDP/LLDP (Cisco Discovery Protocol / Link Layer Discovery Protocol )
◼ Spanning Tree Protocol
◼ Switch forwarding tables
◼ Router point-to-point subnets
❑ IPv4 and IPv6 address space management (IPAM)
◼ Address space visualization
◼ DNS/DHCP config management
◼ IP and MAC address tracking

39
 CISCOWORKs + (NMS)
Netdot
(NMS)

SNMP SNMP
(CISCO MIB) SNMP X SNMP
(STP MIB) SNMP X
X X
L2 SW L2 SW L2 SW
(CISCO) (Other) (Other) L2 SW L2 SW L2 SW
(CISCO) (Other) (Other)
MIB +
MIB +
STP MIB MIB +
CISCO MIB +
MIB STP MIB
MIB CISCO
MIB
MIB
Netdot: (2)
Functionality (continued):
❑ Cable plant (sites, fiber, copper, closets, circuits...)
❑ Contacts (departments, providers, vendors, etc.)
❑ Export scripts for various tools
(Nagios, Sysmon, RANCID, Cacti, etc)
◼ I.E., how we could automate node creation in Cacti!
❑ Multi-level user access: Admin, Operator, User
❑ It draws pretty pictures of your network

40
Wiremaps (1)
◼ The Wiremaps project is somewhat similar to NetDisco.
◼ L2 related information:
❑ CDP / LLDP,
❑ EDP
◼ Extreme Discovery Protocol (EDP). EDP is a vendor proprietary
protocol from Extreme Networks
❑ SONMP discovery protocols,
◼ The Nortel Discovery Protocol (NDP) formerly called SynOptics
Network Management Protocol (SONMP) is a data link layer (Layer 2)
network
❑ FDB and ARP tables
◼ The FDB (forwarding database) table is used by a Layer 2 device
(switch/bridge) to store the MAC addresses that have been learned and
which ports that MAC address was learned on
❑ Misc information like interface names.
41
Wiremaps (2)

42
Wiremaps (3)

43
 VI. Accounting Management

• Least developed
• Usage of resources
• Hidden cost of IT usage (libraries)
• Functional accounting
• Business application

49
Report Management
Table 13.1 Planning and Management Reports
Category Reports
Quality of service / Network availability
Service level agreement Systems availability
Problem reports
Service response
Customer satisfaction
Traffic trends Traffic patterns
Analysis of internal traffic volume
Analysis of external traffic volume
Technology trends Current status
Technology migration projection
Cost of Operations Functional
Usage
Personnel

50
 Table 13.2 System Reports
Category Reports
Traffic Traffic load - internal
Traffic load - external
Failures Network failures
System failures
Performance Network
Servers
Applications

Table 13.3 User Reports

Category
Service level agreement
User specific reports
Reports
Network availability
System availability
Traffic load
Performance
User-defined reports

51
VII. Policy-Based Management (1)
Network
Attributes

Policy Space

Domain Space

Policy Driver Action Space

Rule Space

Figure 13.43 Policy Management Architecture

▪ Domain space consists of objects (alarms with attributes)

▪ Rule space consists of rules (if-then)
▪ Policy Driver controls action to be taken
▪ Distinction between policy and rule; policy assigns responsibility and
accountability
▪ Action Space implements actions
52
Policy-Based Management (2)
◼ In policy-based management, managing a network or a networked
system relates to specifying and enforcing a set of rules, the policies.
◼ Policies are constraints under which the managed system operates.
Sometimes they specify the reaction of the system to events or
conditions.
◼ Policies allow to raise the level of abstraction for management
functionality.
◼ To take effect, policies need to be translated into sequences of
actions carried out by the network’s devices or a system’s control
components.
◼ While policies often allow management functions to be expressed in
a concise and elegant way, the translation into action can be very
hard.

53
 Policy-Based Management (3)
◼ Industry driver: Simplified and automated configuration management,
due to
❑ Increasing complexity of devices and services
❑ Lack of experienced human administrators
Goal: specify polices on a “business level” and store at single place.
◼ Standardization activities:
❑ IETF focusing on networking aspects (since 1996)
❑ DMTF, an industry consortium, focusing on enterprise computing and
networking (since 1999)
◼ Application domains
❑ Configuration for performance management (qos, utilization) and security
(encryption, authentication, access control, etc.)
❑ Routing

54
Define Policies
◼ Policies are Goal Statements
◼ Implementing Policies: Conditions and Actions
◼ Conditions
❑ Packet header
❑ External conditions
❑ User
◼ Actions
❑ Filter rules
❑ Encryption requirements
❑ Quality of service requirements

55
Examples of Network Policies
◼ Most policies can be expressed in the forms
❑ IF X THEN Y
If X holds then Y must hold.
❑ ON X IF Y THEN Z
When X occurs, if Y holds the perform Z.

◼ Examples
❑ Access control policies:
Managers of department D can access server S.
❑ Firewall policies
Packets with sender address 128.*.*.* are deleted.
❑ Admission control policies
If more than 20,000 VoIP calls in domain, block additional calls.

56
◼ If user == list of users then
allow access host = 10.34.102.104 && port =
80, 443, 22

57
Representing Policies as Tables
Sender addr Sender port Rec addr Rec port Protocol Class

140.192.37.* Any 161.120.33.40 53 udp 101110

A table with DiffServ policies 101110 is the DSCP for EF.

Customer Service Operation Grade Class

Company A Stock utility buy_share Gold 12

A table with policies for a web service.

Each row in a table represents a policy.
Independent attributes are green, dependent attributes are blue. 58
VIII. Service Level Management (1)
◼ SLA management of service equivalent to QoS of network
◼ SLA defines
❑ Identification of services and characteristics
❑ Negotiation of SLA
❑ Deployment of agents to monitor and control
❑ Generation of reports
◼ SLA characteristics
❑ Service parameters
❑ Service levels
❑ Component parameters
❑ Component-to-service mappings
◼ Examples are https://cloud.google.com/terms/sla and
https://aws.amazon.com/legal/service-level-agreements/ .
59
https://cloud.google.com/compute/sla 60
https://aws.amazon.com/compute/sla/ 61
Things might find in an SLA

Service Hours of User Response

Description operation times

Incident Availability &

Resolution
Response Continuity
times
times targets

Critical Change
Customer
operational Response
Responsibilities
periods Times

62