Rudimentary NMS Software Components (Chapter 7)

Rudimentary NMS Software Components Chapter 7 -ppt Download

  • Date:01 Aug 2020
  • Views:9
  • Downloads:0
  • Size:2.28 MB

Share Presentation : Rudimentary NMS Software Components Chapter 7

Download and Preview : Rudimentary NMS Software Components Chapter 7

Report CopyRight/DMCA Form For : Rudimentary NMS Software Components Chapter 7


Transcription:

Revised Spring 2006 Rudimentary NMS Software Com 1 SNMPv3 and NetworkManagementNetwork Management MIBs and MPLSStephen B Morris.
Copyright 2003 Pearson Education Inc Publishing as Prentice Hall PTR All rights reserved Visit the companion Web site at http authors phptr com morris Revised Spring 2006 SNMPv3 and Network Manageme 2 OverviewThe purpose of this particular lesson is to.
familiarize you with the message structure andencryption methods of SNMPv3 Revised Spring 2006 Rudimentary NMS Software Com 3 StructureProvides modular structure that is flexible.
Complements trend toward component technology Has two main components Engine and a collection of applications Has four subcomponents Dispatcher and message security and access control.
subsystems Subcomponents service versions one through three Important facts to remember about enginesubcomponents Can hand off msg processing to each other as required.
Are themselves extensible entitiesRevised Spring 2006 SNMPv3 and Network Manageme 42 ApplicationsCurrently five SNMPv3 apps definedCmd generators create msgs.
Cmd responders respond to msgs Notification originators send trap or inform msgs Notification receivers receive and processs trap or inform msgs Proxy forwarders forward messsages between SNMP entitycomponents.
v3 framework allow room for additional appsRevised Spring 2006 SNMPv3 and Network Manageme 53 Message FormatsSecurity Model DataCommon Data.
Msg Version AuthenticationMsgID EngineID ContextMaxMsgSize EngineBoots MD5 Digest PDUPrivacy ContextIDMsgFlags EngineTime or.
UserName SHA Digest DES Key ContextName PDU TypesMsgSecurity Msg format is broken down into four overall sections Common data occur in all SNMPv3 msgs Security model data three subsections one general one.
authentication and one privacy data Context two fields used to provide correct context in which PDUbe processed PDU contains a v2 PDU.
Encrypted or plain text1Revised Spring 2006 SNMPv3 and Network Manageme 64 Message Formats First field in SNMP msg is the MsgVersion The number shown indicates version.
MsgID used between two entities for msg correlation Similar IDs should not be used simultaneously Msg should time out or be answered before the ID is used again PDU has a request ID field No longer used since encryption is an option under v3.
MsgID now found in the unencrypted headerRevised Spring 2006 SNMPv3 and Network Manageme 75 Message Formats MsgID also allow discernment between duplicate msgs Underlying datagram services duplicate msgs.
MaxMsgSize Supported by sender of msg Largest packet that transport protocol can carry without havingfragmetation Receiver of msg uses info to ensure its reply is within allowed.
size range 1 byte long determines authentication and privacy settings for Indicates if msg requires responseThe security subsystem handles processing of thisRevised Spring 2006 SNMPv3 and Network Manageme 87.
Message FormatsMsgSecurity An integer object that determines security setting associated 0 reserved for any and 1 3 correlates to SNMP versions 1 3 4 255 reserved for standards track security models.
Values greater than 255 for enterprise specific security models Security Model Data Authentication Protocol MD5 and SHA are two support protocols in SNMPv3 Both authenticate the SNMP msg SHA most complex algorithm with 20 byte calculation.
MD5 has 16 byte algorithm First 12 bytes 96 bits in both protocols are included inauthentication field 20 octet passwd for SHA and 16 octet for MD5Revised Spring 2006 SNMPv3 and Network Manageme 9.
Message Formats12 byte octet string used to authenticate msg String known as electronic fingerprint Verifies data has not be altered in transit True for MD5 and SHA protocols.
SNMP entity to entity During msg exchange authentication key is known to both During receipt of key the receiver recalculates the know key If the recalculated key matches the original then authentication Security Model Data Privacy Protocol.
Privacy protocol field 8 byte octet string used for Data Encryption Standard DES 16 byte key used for encryption First 8 octets of key used for encryption DES Second 8 octets of key used as initialization vector.
Revised Spring 2006Revised Spring 2006 SNMPv3 and Network ManagemeSNMPv3 and Network Manageme 10 9 continued on next ntslide Message Formats.
Unique 8 octet value is manipulated to prevent re usage onencryption of packet DES in SNMPv3 uses private key to encrypt decrypt msgs Context Deals with existing MIB indexing schemes and how to.
extend them Some MIB are indexed by port number Certain configs there may be cards units with the same port Context feature allows multiple instances of identicalMIB tables within same SNMP agent.
Revised Spring 2006 SNMPv3 and Network Manageme 11 Message Formats SNMPv3 Message Exchanges The flow diagram explains the flow of SNMP msgsRevised Spring 2006 SNMPv3 and Network Manageme 12.
Message FormatsRevised Spring 2006 SNMPv3 and Network Manageme 13 Message FormatsRevised Spring 2006 SNMPv3 and Network Manageme 14 SNMP Problems.
Has difficulty manipulating large data sets Scalability issues where table grow in the thousands Notifications aren t guaranteed to arrive Management operations such as get or set cantime out if network is congested or agent host is.
heavily loaded SNMP use UDP Despite shortcomings SNMP s widespreaddeployment and simplicity are greatstrengths .
Revised Spring 2006 SNMPv3 and Network Manageme 15 SNMPv3 offers much greater security thanprevious versions Allows extension of MIBs Understanding SNMP msg flow is critical to.
network managers Network elements combine to make up amanaged networkRevised Spring 2006 SNMPv3 and Network Manageme 16 The Network Management.
Network Management MIBs and MPLSStephen B MorrisRodrigo Iglesias deRevised Spring 2006 Rudimentary NMS Software Com 17 Overview.
Network Operators problems with the growth oftraffic types and volumes Operational increase due to Multiple NMS growth There is a strong need to reduce the cost ofownership and improve the return on investment.
ROI for network equipment Revised Spring 2006 Rudimentary NMS Software Com 18 Overview Automated flow through actions are required fornetwork management operations .
Provisioning Detecting faults Checking and verifying performance Billing accounting Initiating repairs or network upgrades.
Maintaining the network inventoryRevised Spring 2006 Rudimentary NMS Software Com 19 Bringing the Managed Data to the Managed objects reside on many SNMP agent Copies of managed objects reside on SNMP.
management systems Changes in agent data may have to be regularlyreconciled with the management system copy Revised Spring 2006 Rudimentary NMS Software Com 20 Bringing the Managed Data to the.
Components of an NMSRevised Spring 2006 Rudimentary NMS Software Com 21 Bringing the Managed Data to the The Quality of an NMS is inversely proportional tothe gap between its picture of the network and.
the actual state of the underlying network thesmaller the gap the better the NMS As managed NES become more complex an extraburden is placed on the management system Revised Spring 2006 Rudimentary NMS Software Com 22.
Scalability Today s Network is Tomorrow s NE Scalability is one of the biggest problems facing modernnetworking A scalability problem occurs when an increase in the.
number of instances of a given managed object in thenetwork necessitates a compensating proportionalresource increase inside the management system Revised Spring 2006 Rudimentary NMS Software Com 23 Layer 2 VPN Scalability.
Scalability Problems tend to arise in situations ofproportional growth The N2 Problem When the number of layer 2 virtual circuits required isproportional to the square of the number of sites .
Anything in networking that grows at the rate of N2tends to give rise to a problem of scale As the number of sites gets bigger the N2 term is moresignificant than the other terms Revised Spring 2006 Rudimentary NMS Software Com 24.
The N2 problemRevised Spring 2006 Rudimentary NMS Software Com 25 The N2 problem Layer 3 VPNs Layer 3 VPNs provide a much more scalable solution.
because the number of connections required isproportional to a number of sites not the square of thenumber of sites Layer 3 VPNs avoid the need for a full mesh between all ofthe customer edge routers by providing these features .
A layer 3 core Overlapping IP address range across the connected sites ifseparate organizations use the same VPN service Multiple routing table instances in the provider edge routersRevised Spring 2006 Rudimentary NMS Software Com 26.
Virtual Circuit Status Monitoring Scalability problems arise when the MIB tableentries become very large due to NMS attemptsto read all MIB table entries at the same time Revised Spring 2006 Rudimentary NMS Software Com 27.
MIB Scalability Network operators and their users demand more Bandwidth Faster Networks Bigger Devices.
Scalability concerns are growing because routersand switches are routinely expected to supportthe creation of millions of virtual circuits Revised Spring 2006 Rudimentary NMS Software Com 28 Creating LSPs in an MPLS network.
Revised Spring 2006 Rudimentary NMS Software Com 29 Other Enterprise NetworkScalability Issues Scalability concerns also affect enterprisenetworks in these areas .
Storage Solutions Adding deleting modifying and monitoring SANs Administration of Firewalls Rules for permitting or blocking packet transit Routers.
Access control lists and static routes Security Managements Encryption keys biometrics facilities and password control Application ManagementRevised Spring 2006 Rudimentary NMS Software Com 30.
Light Reading Trials Internet core routers from Cisco Juniper Charlotte s Networks and Foundry Networks werestress tested during 2001 using these tests MPLS throughput.
Latency IP throughput at OC 48 IP throughput at OC 192Revised Spring 2006 Rudimentary NMS Software Com 31 Large NEs.
Advantages of the deployment of much bigger device They reduce the number of devices required saving centraloffice CO space and reducing cooling and powerrequirements They may help to reduce cabling by aggregating links .
They offer richer feature set Disadvantages They are harder to manage They potentially generate vast amounts of management They are a possible single point of failure if not back up .
Revised Spring 2006 Rudimentary NMS Software Com 32 Expensive and Scarce Development Skill Sets Building management systems for the devices oftoday and tomorrow is increasingly difficult .
General migration to a Layer 3 infrastructure isanother reason for the widening gap betweenavailable development skills and required product The need for customers to see rapid ROI for allinfrastructural purchases.
Revised Spring 2006 Rudimentary NMS Software Com 33 Expensive and Scarce Development Skill Sets A different approach is needed for developingmanagement systems .
Acquiring skills like these would positivelyenhance the development process A solution mindset Distributed creative problem solving Taking ownership.
Acquiring domain expertise Embracing short development cycles Minimizing code changes Strong testing capabilityRevised Spring 2006 Rudimentary NMS Software Com 34.
A Solution Mindset Solutions have a number of characteristics Clear economic value Fulfillment of important requirements Resolution of one or more end user problems.
Revised Spring 2006 Rudimentary NMS Software Com 35 A Solution MindsetRevised Spring 2006 Rudimentary NMS Software Com 36 Distributed Creative Problem Software Bugs.
NE Bugs Hard to identify Performance Bottlenecks in FCAPS applicationsdue to congestion on the network Client Applications crashing from time to time MIB Table Corruption.
SNMP Agent ExceptionsRevised Spring 2006 Rudimentary NMS Software Com 37 Distributed Creative Problem Tools available to solve these problems UML support packages.
Chapter 1

Related Presentations