PPT

fullgorgedcutNetworking and Communications

Oct 24, 2013 (3 years and 10 months ago)

75 views

Lecture 3

Network Implementation and
Management Strategies

Outline of this lecture


Why a network implementation strategy is
needed


Examine the principles of network design


Explain why a network management strategy is
needed


Describe network management category and
related activities


Classify current network management strategies


Select a management strategy for this module

Why a network implementation strategy
is needed


The network is essential to the organization nowadays.
Network should meet the requirements from business of
the organization.


The network is distributed, large size. It depends on
geographical distribution and business model.


The implementation choices are many and often costly.
Optimal services should be considered. Future
requirements and scalability of design and technology
should be considered


A strategy is needed so that all of these issues will be
considered when deciding on the implementation choice.
Implementation design can be considered an important
part of network management.


Why a network management strategy
should be designed


Unilateral changes in resource inventory, resource
configurations and number of hosted applications at
department level can place unexpected loads on the
campus system which reduce performance and
availability , cause packets to be drop and make fault
detection and correction more difficult.


It requires a process by which the campus level can
monitor and coordinate all network management
activities of all departments. The design of this process
is a network management strategy.

Network implementation strategy
design


LAN for a small network, e.g. Lab.,
department, office, small building.


WAN for a large network, used to connect
geographically distributed units of an
organisation. The Internet and Public Switch
Telephone Network are a WAN.


MAN is a Metropolitan Area Network.


Typical Network Connectivity and
Components


LAN


LAN


WAN

Network Implementation Design Analysis

Category

Issues

Geographical Distribution

1.
Office: Subnets, LAN

2.
Department (many offices), Subnets, LAN

3.
Division ( many departments)


LAN


WAN

4. Organization ( many divisions)


Local


LAN


MAN


WAN


National


WAN


Global


WAN

Subnets

1.
How many


Connectivity


Bridges


Switches


Routers

2. Ethernet


Wireless



Number of receivers


10BASET


Location of hub(s)


10BASE2


10BASE5


How many IP addresses



Static addresses


Addresses supplied by DHCP

Category

Issues

LAN

1.
How many

2.
Domain names

3.
DNS (Domain Name Service) configuration

4.
Network address

5.
Subnets


How many

5.
Connectivity


Switched Ethernet


Router

6.
Ethernet

7.
Token Ring

8.
FDDI (Fiber Distributed Data Network)

MAN (Metropolitan Area Network)

1.
Connectivity between LANs


FDDI (Fiber Distributed Data Interface)


SONET (Synchronous Optical Network)


LAN


ATM


SMDS ( Switched Multi
-
megabit Data Service)


DQDB (Dual Queue Dual Bus)


Ethernet

WAN

1.
Connectivity between LANs or MANs


PSTN(


X.25 (
an ITU
-
T standard protocol suite for packet switched WAN)


TI
-
T3 (
leased lines used in telecom, T1:1.544,T3:44.736 Mbit/s)


SONET (Synchronous Optical Networking)


Frame Relay


SMDS (Switched multimegabit data service)


ATM (Asynchronous Transfer Mode)


Distribution of services

Category

Issues

Bandwidth Requirements

1.
Video Bandwidth


Constant


Time Dependent


Bandwidth on Demand

2. Audio Bandwidth


Constant


Time Dependent


Bandwidth on Demand

3.
Teleconferencing Bandwidth

Media Requirements

1.
Cable

2.
Wireless

3.
Microwave

4.
Satellite

5.
Optical Fiber

Technology

1.
What is available now

2.
Minimum required for the job

3.
Technology improvements during next 5 years

4.
Required to support expected growth

Service Level Agreements (SLA)

1.
Specified bandwidth available at any time

2.
Specified bandwidth available during specified time periods

3.
Bandwidth on demand

Security Requirements

1.
Location of firewalls

2.
Firewall capabilities

3.
Location of proxy servers

4.
Encryption and authentication needs

5.
Network Intrusion Detectors (NID)

Budget

1.
To support resources of optimum network

2.
To support resources of minimum network

Examples of small local network

Please read Chapter 7 of the book ‘Network Design and Administration’ for detail explanations


Examples of small local network

Please read Chapter 7 Network design and administration for detail explanations

Local wireless network

Please read Chapter 7 Network design and administration for detail explanations

Local wireless network

Please read Chapter 7 Network design and administration for detail explanations

Example of
Metropolitan Area Network

Logical links of the design

Metropolitan Area Network(MAN)

How to connect LANs of branches in
different cities? (WAN connectivity)


PSTN:
Public Switched Telephone Network



X.25
:
an ITU
-
T standard protocol suite for packet switched wide area network.


TI
-
T3
:
T1 and T3 are two common types of leased lines used in telecommunications.
Both
T1 lines

and
T3 lines

are reserved circuits that operate over either copper or fiber optic
cables. T1:1.544, T2:6.312, T3:44.736 Mbit/s.


SONET:

The Synchronous Optical NETwork (SONET) standard for fibber optic networks


Frame Relay:

a standardized wide area networking technology that
specifies the physical and logical link layers of digital telecommunications channels
using a packet switching methodology.


SMDS:

Switched multimegabit data service (SMDS)

was a connectionless
service used to connect LANs, MANs and WANs to exchange data.


ATM:

Asynchronous Transfer Mode

is a standardized digital data transmission
technology.


Distribution of services

17

headquarters

branch office

salesperson

in hotel

PSTN

X.25

T1
-
T3

SONET…

laptop

Router

Router

WAN for connection of branches

PSTN

Broadband

18

Virtual Private Networks (VPNs)


Institutions often want private networks for security.


However, costly! For example, separate routers, links, DNS
infrastructure.


With a VPN, institution’s inter
-
office traffic is sent over public Internet
instead of private
leased
lines.

But inter
-
office traffic is encrypted before entering public Internet.


A key feature of a VPN is its ability to work over both private networks
as well as public networks like the Internet. Using a method called
tunneling
, a VPN use the same hardware infrastructure as existing
Internet or intranet links. VPN technologies includes various security
mechanisms to protect the virtual, private connections.


Specifically, a VPN supports at least three different modes of use:


Internet remote access client connections


LAN
-
to
-
LAN internetworking


Controlled access within an intranet


VPN Solution for Remote Connection

A VPN can be set up to support remote, protected access to the corporate
home offices over the Internet. An Internet VPN solution uses a client/server
design works as follows:

1. A remote host (client) wanting to log into the company network first connects
to any public Internet Service Provider (ISP).


2. Next, the host initiates a VPN connection to the company VPN server. This
connection is made via a VPN client installed on the remote host.


3. Once the connection has been established, the remote client can
communicate with the internal company systems over the Internet just as if it
were a local host.

Before VPNs, remote workers accessed company networks over private leased
lines or through dialup remote access servers. While VPN clients and servers
careful require installation of hardware and software, an Internet VPN is a
superior solution in many situations.

20

IP

header

IPsec

header

Secure

payl oad

headquarters

branch office

salesperson

in hotel

Public

Internet

laptop


IPsec

Router

IPv4 and IPsec

Router

IPv4 and IPsec

Virtual Private Network (VPN)

21

IPsec services


Internet Protocol Security

(
IPsec
) is a

protocol suite

for securing

Internet
Protocol

(IP) communications by

authenticating

and

encrypting

each

IP
packet

of a communication session. IPsec also includes protocols for
establishing

mutual authentication

between agents at the beginning of
the session and negotiation of

cryptographic keys

to be used during the
session.


IPsec is an end
-
to
-
end security scheme operating in the

Internet Layer

of
the

Internet Protocol Suite. It can be used in protecting data flows
between a pair of hosts (
host
-
to
-
host
), between a pair of security
gateways (
network
-
to
-
network
), or between a security gateway and a host
(
network
-
to
-
host
).



Two protocols providing different service models:


AH (Authentication Header protocol)


ESP (Encapsulation Security Protocol )


22

IPsec

Transport Mode


In transport mode, only the payload (the data you transfer)
of the IP packet is usually

encrypted

and/or authenticated.
The routing is intact, since the IP header is neither modified
nor encrypted; however, when the

authentication header

is
used, the IP addresses cannot be

translated, as this will
invalidate the

hash value.
The

transport

and

application

layers are always secured by
hash, so they cannot be modified in any way (for example
by

translating

the

port

numbers). Transport mode is used for
host
-
to
-
host communications.

IPsec

IPsec

23

IPsec


tunneling mode


In tunnel mode, the entire IP packet is encrypted and/or
authenticated. It is then encapsulated into a new IP packet with a new
IP header. Tunnel mode is used to create

virtual private networks

for
network
-
to
-
network communications (e.g. between routers to link
sites), host
-
to
-
network communications (e.g. remote user access),
and host
-
to
-
host communications (e.g. private chat).

IPsec

IPsec

Two protocols


Authentication Header (AH) protocol


provides source authentication & data integrity
but
not
confidentiality


Encapsulation Security Protocol (ESP)


provides source authentication, data integrity,
and
confidentiality


more widely used than AH

24

25

Four combinations are possible!


Host mode

with AH


Host mode

with ESP


Tunnel mode

with AH


Tunnel mode

with ESP

Most common and

most important

26

Security associations (SAs)


Before sending data, a virtual connection is established from
sending entity to receiving entity.


Called “security association (SA)”


SAs are simplex: for only one direction


Both sending and receiving entites maintain
state
information

about the SA


Recall that TCP endpoints also maintain state information.


IP is connectionless; IPsec is connection
-
oriented!


27

193.68.2.23

200.168.1.100

172.16.1/24

172.16.2/24

SA

Internet

Headquarters

Branch Office

R1

R2

Example SA from R1 to R2

R1 stores for SA


32
-
bit identifier for SA:
Security Parameter Index (SPI)


the origin interface of the SA (200.168.1.100)


destination interface of the SA (193.68.2.23)


type of encryption to be used (for example, 3DES with CBC)


encryption key


type of integrity check (for example, HMAC with with MD5)


authentication key

28

Security Association Database (SAD)

r
Endpoint holds state of its SAs in a SAD, where it can
locate them during processing.


r
When sending IPsec datagram, R1 accesses SAD to
determine how to process datagram.


r
When IPsec datagram arrives to R2, R2 examines SPI in
IPsec datagram, indexes SAD with SPI, and processes
datagram accordingly.




29

IPsec datagram

Focus for now on tunnel mode with ESP

new IP

header

ESP

hdr

original

IP hdr

Original IP

datagram payload

ESP

trl

ESP

auth

encrypted

“enchilada” authenticated

padding

pad

length

next

header

SPI

Seq

#

30

What happens?

193.68.2.23


200.168.1.100


172.16.1/24

172.16.2/24

SA

Internet

Headquarters

Branch Office

R1

R2

new IP

header

ESP

hdr

original

IP hdr

Original IP

datagram payload

ESP

trl

ESP

auth

encrypted

“enchilada” authenticated

padding

pad

length

next

header

SPI

Seq

#

31

R1 converts original datagram

into IPsec datagram


Appends to back of original datagram (which includes original
header fields!) an “ESP trailer” field.


Encrypts result using algorithm & key specified by SA.


Appends to front of this encrypted quantity the “ESP header,
creating “enchilada”.


Creates authentication MAC over the
whole enchilada
, using
algorithm and key specified in SA;


Appends MAC to back of enchilada, forming
payload
;


Creates brand new IP header, with all the classic IPv4 header
fields, which it appends before payload.


32

Inside the enchilada:


ESP trailer: Padding for block ciphers


ESP header:


SPI, so receiving entity knows what to do


Sequence number, to thwart replay attacks


MAC in ESP auth field is created with shared secret key

new IP

header

ESP

hdr

original

IP hdr

Original IP

datagram payload

ESP

trl

ESP

auth

encrypted

“enchilada” authenticated

padding

pad

length

next

header

SPI

Seq

#

33

IPsec sequence numbers


For new SA, sender initializes seq. # to 0


Each time datagram is sent on SA:


Sender increments seq # counter


Places value in seq # field


Goal:


Prevent attacker from sniffing and replaying a packet


Receipt of duplicate, authenticated IP packets may disrupt service


Method:


Destination checks for duplicates


But doesn’t keep track of ALL received packets; instead uses a window


34

Security Policy Database (SPD)



Policy: For a given datagram, sending entity
needs to know if it should use IPsec.


Needs also to know which SA to use


May use: source and destination IP address;
protocol number.


Info in SPD indicates “what” to do with
arriving datagram;


Info in the SAD indicates “how” to do it.

Summary: IPsec services


Suppose Trudy sits somewhere between R1
and R2. She doesn’t know the keys.


Will Trudy be able to see contents of original
datagram? How about source, dest IP address,
transport protocol, application port?


Flip bits without detection?


Masquerade as R1 using R1’s IP address?


Replay a datagram?



35

Network Management Categories

CATEGORY

METRICS

Reliability


Transmission error rates


Dropped packets


Link failures

Faults


Proactive prevention


Detection


Location


Correction time

Availability


Mean time between failures (MTBF) of network

Performance


Time to provide a response to the user

Processor total use

Processor interrupts/sec

Processor queue length

Transmit packet lengths

Throughput


Bytes per second that a user can expect to transmit reliably.


Guaranteed throughput based on Service Level Agreement (SLA)

Data


Packet throughput

Voice


Ordered packet throughput

Video


Link bandwidth


Bandwidth on demand

Use


Packets/sec


Transactions/sec

Resource Use


Application software


Network devices


Services


Permanent storage


CPU

A Network Management Categorization and Associated Metrics

ISO Network Management Categories

Performance management:
implementing performance controls, based on the IP
services architecture; collecting network and system performance data; analyzing these
performance data; generating short
-

and long
-
term reports from these data; and controlling
network and system performance parameters.

Fault management:
processing events and alarms (where an alarm is an event
that
triggers a real
-
time notification to network personnel); problem identification, isolation,
troubleshooting, and resolution; and returning the network to an operational state.

Configuration management:
setting system parameters for turn
-
up; provisioning
the network; configuration, system backups and restores; and developing and operating
system databases.


Security management:
implementing security controls, based on the security
architecture; collecting and analyzing security data; and generating security

reports and logs from these data.

Accounting management:
monitoring and managing subscriber service usage and
service billing.

Performance Management Sub
-
Categories and Related Activities

Collecting Baseline Utilization Data


Measuring link utilization using a probe


Counting packets received/transmitted by a specific device



Measuring device processor usage


Monitoring device queue lengths


Monitoring device memory utilization


Measuring total response times

Collecting a History of Utilization
Data



Measuring utilization and response times at different times of the day


Measuring utilization and response times on different days over an extended period

Capacity Planning


Manually graphing or using a network management tool to graph utilization as a
function of time to detect trends


Preparing trend reports to document projected need for and the cost of network
expansion.

Setting Notification Thresholds


Having a network management tool poll devices for values of critical parameters
and graphing these values as a function of time


Setting polling intervals


Setting alarms/alerts on those parameters when the threshold is reached or a
percentage of it is reached


Initiating an action when the threshold is reached such a sending a message to the
network manager.

Building Databases


Having the network management tool create a database of records containing device
name, parameter, threshold and time for off
-
line analysis.


Using the database to extract time dependence of utilization


Using the time dependence of parameters to decide when network upgrades will be
necessary to maintain performance

Running Network Simulations


Using a simulation tool to develop a model of the network


Using the model’s parameters and utilization data to optimize network performance

Latency


Query/Response time interval

Prioritization


Prioritize faults in the order in which they should be addressed



Use in
-
band management packets to learn about important faults



Identify which fault events should cause messages to be sent to the manager


Identify which devices should be polled and at what intervals



Identify which device parameter values should be collected and how often



Prioritize which messages should be stored in the manager’s database


Timeliness Required


Management Station is passive and only receives event notifications


Management Station is active and polls for device variable values at required
intervals


Application periodically requests a service from a service provider

Physical Connectivity Testing


Using a cable tester to check that links are not broken

Software Connectivity Testing


Using an application that makes a request of another device that requires a
response.


The most often application for this is Ping.Exe. It calls the Internet Control
Message Protocol ( ICMP) which sends periodic Echo Request messages to a
selected device on a TCP/IP network


Application on one device makes a request of an application on another device

Device Configuration

Devices are configured conservatively to minimize chances of dropped packets.

SNMP Polls


Devices are periodically polled to collect network statistics

Fault Reports Generated


Thresholds configured and alarms generated


Text media used for report


Audio media used for report


A color graphical display used to show down devices


Human manager is notified by pager

Traffic Monitored


Remote Monitors used


Protocol analyzers used


Traps sent to Network Management Station


Device statistics monitored

Trends


Graphical trends generated to identify potential faults

Fault Management Sub
-
Categories and Related Activities

Configuration Management Sub
-
Categories and Related Activities

Configuration

(Local)


Choice of medium access protocol


Choice of correct cabling and connectors



Choice of cabling layout


Determining the number of physical interfaces on devices


Setting device interface parameter values


Interrupts


I/O Addresses


DMA numbers


Network layer addresses (e.g. IP, NetWare, etc)


Configuration of multiport devices (e.g. hubs, switches and routers)


Use of the Windows Registry


Comparing current versus stored configurations


Checking software environments


SNMP service

Configuration (Remote)


From the network management station


Disabling device ports


Redirecting port forwarding


Disabling devices


Comparing current versus stored configurations


Configuring routing tables


Configuring security parameters such as community strings and user names


Configuring addresses of management stations to which traps should be sent


Verifying integrity of changes

Configuration

(Automated)


Using the Dynamic Host Configuration Protocol (DHCP) to configure IP addresses


Using Plug and Play enabled NICs for automatic selection of interrupts and I/O addresses


Domain Name Services (DNS) addresses


Trap messages from agents

Applying Basic Techniques


Identifying hosts that store sensitive information


Management of passwords


Assigning user rights and permissions


Recording failed logins


Setting remote access barrier codes


Employing virus scanning


Limiting views of the Enterprise network


Tracking time and origin of remote accesses to servers

Identifying Access Methods Used


Electronic Mail


File Transfer


Web Browsing


Directory Service


Remote Login


Remote Procedure Call


Remote Execution


Network Monitors


Network Management System

Using Access Control Methods


Encryption


Packet filtering at routers


Packet filtering at firewalls


Source host authentication


Source user authentication

Maintenance


Audits of the activity at secure access points


Executing security attack programs (Network Intrusion Detection)


Detecting and documenting breaches

Accessing Public Data Networks


No restrictions
-

hosts are responsible for securing all access points


Limited access
-

only some hosts can interface with the Public Data
Network using a proxy server

Using an Automated Security Manager


Queries the configuration database to identify all access points for each
device.


Reads event logs and notes security
-
related events.


Security Manager shows a security event on the network map.


Reports of invalid access point attempts are generated daily for
analysis

Security Management Sub
-
Categories and Related Activities

Gather Network Device Utilization
Data


Measure usage of resources by cost center


Set quotas to enable fair use of resources


Site metering to track adherence to software licensing

Bill Users of Network Resources


Set charges based on usage.


Measure one of the following


Number of transactions



Number of packets


Number of bytes


Set charges on direction of information flow

Use and Accounting Management
Tools


Query usage database to measure statistics versus quotas


Define network billing domains


Implement automatic billing based on usage by users in the domain


Enable billing predictions


Enable user selection of billing domains on the network map

Reporting


Create historical billings trends


Automatic distribution of billing to Cost Centers


Project future billings by cost center

Accounting Management Sub
-
Categories and Related Activities

Company

Product

URL

Comments

Apptitude


(HiFn)

Meterware/

Analyzer

http://www.hifn.com


NMS used in this book. Is a complete SNMPv1 tool. It is only available with
the book. Apptitude was a leader in SNMP management software and
hardware for many years. HiFn develops integrated circuits for encryption.

SNMP Research
International


EnterPol


CIAgent


SNMPv3
Wizard

http://www.snmp.com/in
dex.html


EnterPol is a NMS. CIAgent is an agent. CIAgent is a free download.
SNMPv3 Wizard is an agent configuration tool. The company has many
other products. The company has been a leader in the SNMP field

Castlerock

SnmpC

http://www.castlerock.co
m/


The Work Group Edition 5.1 is appropriate for small networks It supports
SNMPv3, as does the Enterprise edition that provides other capabilities.
Cost of the Work Group Edition is $995.00 The company has been a leader
in the SNMP field

Solar Winds

Engineers Edition

http://solarwinds.net/

Provides

a

number

of

management

tools

ranging

in

price

from

$
145

to

$
1995
.

The

$
1995
.
00

package

is

Web
-
enabled
.

The

Engineers

Edition

at

$
995
.
00

looks

like

the

most

attractive

for

users

of

this

book

in

that

it

contains

most

of

the

features

of

the

HiFn

Ama
;
uzer
.


MG
-
SOFT

Net Inspector Lite

http://www.mg
-
soft.si/

Net

Inspector

Lite

is

$
495
.
00
.

It

looks

like

a

good

choice

for

readers

of

this

book
.

MG
-
SOFT

provides

many

other

more

comprehensive

products

and

products

can

be

enhanced

by

proxy

front
-
end

modules
.

There

are

also

products

that

support

SNMPv
3

Triticom

LANdecoder SNMP
Manager

http://www.triticom.com
/


LANdecoder

SNMP

Manager

is

a

simple,

easy

to

use

SNMP

Manager

for

Microsoft

Windows

environment
.

With

it,

you

can

query

and

control

any

SNMP
-
capable

device

on

your

network
.

It

can

operate

standalone

or

be

integrated

with

Triticom’s

LANdecoder

32

V

3
.
2
.
,

a

network

analyzer
.

The

price

of

LANdecoder

SNMP

manager

is

$
995
.
00

Finisar

Shomiti Surveyor

http://www.finisar
-
systems.com/


Shomiti Systems is now part of Finisar. The Surveyor product is a
comprehensive network hardware manager. A free download is available.

Acterna

Link View Classic
7.2

http://www.acterna.com
/


A software based network analyzer at a price of $995.00. Includes a traffic
generator. Excellent graphics Also available is Advanced Ethernet Adapter
which provides promiscuous capture of packets. Price is then $2700.00.

Current Network Management Tools


Company

Product

URL

Comments

Network
Instruments

Observer 8

http://www.netinst.com/html/obs
erver.html


Supports Ethernet, Token Ring, FDDI, GigaBit and Windows
98/ME and NT/2000/XP. Includes capture for protocol
analysis. Price is $995.00

Precision
Guesswork

LANwatch32 v7.0

http://www.sandstorm.net/produ
cts/lanwatch/

Described to be an easy
-
to
-
use command
-
line application
that allows you to GET a variable, SET a variable, get the NEXT
variable, or even get all the variables. Provides programs for
receiving ALERTS, as well as a simple monitoring program that
allows you to tell if your hosts are SNMP reachable, IP
reachable, or not reachable. Allows you to remotely monitor,
gather and change networking information from hosts on
your network. Enables you to diagnose existing problems on
the network, predict where problems are likely to occur,
pinpoint faulty routers and interfaces, and, in general, exert
control over your network.

Cisco

Small Network
Management

LAN Management

http://www.cisco.com/en/US/pro
d/collateral/netmgtsw/ps6504/ps
6528/ps2425/prod_bulletin0900a
ecd8021cd16.html

Cisco produces many network management products. These
products seem most appropriate for audience of this book.

3COM

Network
Supervisor 3.5

http://www.3com.com/products/e
n_US/detail.jsp?tab=features&pat
htype=purchase&sku=3C15100C


This free package can be downloaded from this site. Other
packages are available from this site also.

Computer

Associates

Unicenter
Network and
Systems Manager
3.0

http://www3.ca.com/Solutions/Su
bSolution.asp?ID=2846


This is the basic network infrastructure management package.
There are add
-
on applications available such as a
performance application

Enterasys

NetSight

Element Mgr.

NetSight

Policy Mgr.

http://www.enterasys.com/produc
ts/items/NS
-
EM/


http://www.enterasys.com/produc
ts/items/NETSIGHT
-
PM/


Element Manager is the basic network management package.
Policy Manager incorporates the business model into the
management process

Sunrise Telecom

LAN Explorer

http://www.sunrisetelecom.com/l
ansoftware/lanexplorer.shtml


A comprehensive NMS, comparable to Analyzer but also
containing packet capture and analysis capabilities. $799.00
per license.

Network Management Tools (continued)

Company

Product

URL

Comments

HP

Toptools

http://www.hp.com/toptools/p
rodinfo/overview.intro.html


Toptools is a comprehensive hardware management product. It
has many plug
-
ins for specific hardware. All its features can be
integrated into your enterprise management platforms such as hp
OpenView Network Node Manager, Microsoft SMS, CA Unicenter
TNG, IBM Tivoli Enterprise Management and Tivoli NetView

IBM

Tivoli Netview 7.1

http://www.tivoli.com/product
s/index/netview/

This comprehensive management product also correlates and
manages events for systematic management of faults.

Groupe Bull S. A.

EVIOIAN (A Bull
Company)

Openmaster SLM

http://www.bull.com/


Monitoring and control functions encompass systems
management, network management, and application
management, and it can manage software configurations,
hardware assets and batch production. It also works at a higher
level, addressing the underlying business needs in a business
-
oriented way, to provide measurable business value.

Compuware

Network Vantage

http://www.compuware.com/p
roducts/vantage/networkvanta
ge/


Formerly called Ecoscope, monitors network performance by
monitoring protocol and application traffic. Par of a suite called
Vantage

NetScout

nGenius Real
Time Monitor

http://www.netscout.com/prod
ucts/rtm.htm


Real time voice, video and data traffic. Part of the nGenius Suite.

Nortel

Optivity 6.0
Network
Management
System

http://www.nortelnetworks.co
m/products/01/optivity/net_m
gmt/index.html


Optivity Network Management System is a comprehensive
network management solution. Its key features include fault
management, performance analysis, reporting, and access level
security

BGS

Patrol Connect
SNMP

http://www.bgs.com/products/
proddocview.cfm?id=7263


There are many Patrol products by BGS. Connect SNMP seems the
most appropriated for this book. BGS products cover all aspects of
network management.

Network Management Tools (continued)

Network Management Configurations

Centralized Configuration


Mgmt is centralized to the
network Mgmt station on the
backbone network. Mgmt
Station hosts the NMS and
Mgmt Information Base.
Information is gathered using
the NMS and SNMP packets to
query the agents on the LAN
devices. The word probe is copy
and store information from
transmitted and received
packets.


One disadvantage is that the
mgmt is highly dependent on
the routers. NMS cannot get
mgmt information from the LAN
if the connected router is shut
down.

Network Management Configurations

Distributed Configuration


LANs are managed by a Local
administrator using the local
NMS while a Central
Administrator manages
backbone devices using an NMS
host attached to the back
network.

The NMS on the backbone need to
be more comprehensive for its
functions. The NMS maintain a
MIB for each LAN and each LAN
NMS keep its MIB updated. The
backbone NMS can query a LAN
NMS to obtain information
about devices. The LAN NMS
can also query the backbone
NMS to obtain information
about devices.

Selected Management Strategy


Which NMS tools? There may or may not exist a
management tool that implements all of the functions
required by a management policy and strategy. Do you
write a new network management tool?


This module takes centralized strategy. The reason is to
demonstrate management fundamentals with the
simplest network. This module takes SNMPv1 for
demonstration because it is the dominant network
management protocol used in today’s network
environments and is the simplest to implement.

The NMS needs access to the MIB on the devices. Four types of MIBs,
MIB I, MIB II, RMON MIB, and Proprietary MIB. MIB II is an extension of
MIB I.

NMS

Mgmt Station


MIB II

Objects


RMON

MIB

Objects



Proprietary

MIB

Objects





Agent

Mgmt Agent


MIB II

Instances


RMON

MIB

Instances


Proprietary

MIB

Instances




Agent

Probe


RMON

MIB

Instances







SNMP Messages

SNMP Messages

Figure 3
-
4 : MIB Objects and Instances

Summary


Network implementation strategy


Network Implementation Design Analysis


Examples of Network Design


VPN


Network Management Configurations


Management Strategy


Selected Management Strategy