NETWORK MANAGEMENT Semester 4, Chapter 7 The Administrative Side of Network Management.

Download Report

Transcript NETWORK MANAGEMENT Semester 4, Chapter 7 The Administrative Side of Network Management.

NETWORK MANAGEMENT
Semester 4, Chapter 7
The Administrative Side
of Network Management
A network is a collection of devices that interact
with one another to provide communication. When
a network administrator looks at a network, it
should be as a whole instead of individual parts.
The important thing to remember when dealing
with a network is to view it as a single unit
opposed to a group of individual connected
devices. This also applies to the wide area
connections that are used when connecting to
the Internet
It is important to know the responsibilities of
the network staff.
Network costs
• Maintaining, upgrading, and monitoring
the network
• Network growth over time
• Technical and user training, repairs,
and software deployment
• The cost of redundant equipment for
mission critical operations
When problems arise, some form of error document
should be generated
The two primary reasons for network monitoring are:
1) predicting changes for future growth
2) detecting unexpected changes in network status
PING - AN IMPORTANT NETWORK
TEST!
FOR LARGE NETWORKS
Ping a few of the important hosts, servers, routers,
and switches to verify their connectivity
Network monitoring looks at the actual packet traffic
on the network and generates reports based upon the
network traffic.
Monitor examples
Microsoft Windows NT network monitor
Fluke's Network Analyzer :
Management Station:
The management station is the network manager's
interface into the network system. It has the
programs to manipulate data from and control the
network. The management station also maintains a
database of management information (MIB)
extracted from the devices under its management.
Management Agent:
Component that is contained in the devices that are to be managed.
Bridges, routers, hubs, and switches may contain SNMP agents .
The management agent responds to the management station in two ways.
1) Polling - the management station requests data from the agent and
the agent responds with the requested data.
2) 2) Trapping is a data gathering method designed to reduce traffic on
the network and processing on the devices being monitored.
Thresholds (top or bottom limits) are set on the managed device. If
this threshold on the device is exceeded, the managed device will
send an alert message to the management station.
Management Information Base(MIB):
The management information base has a database
structure and is resident on each device that is
managed. The database contains a series of objects,
which are resource data gathered on the managed
device. Some of the categories in the MIB include Port
interface data, TCP data, and ICMP data.
Network Management Protocol:
The network management protocol used is SNMP.
SNMP is an application layer protocol
SNMP is designed to communicate data between the
management console and the management agent.
It has three key capabilities. The ability to GET, the
management console retrieving data from the agent,
PUT, the management console setting object values on
the agent, and TRAP, the agent notifying the
management console of significant events
One of the greatest enhancements to
SNMP is called Remote Monitoring
(RMON).
RMON extensions to SNMP give the ability to look at
the network as a whole as opposed to looking at
individual devices.
RMON PROBES
Probes gather remote data in RMON.
A probe has the same function as a SNMP agent.
A probe has RMON capabilities; an agent does not.
When working with RMON, as with SNMP, a central
management console is the point of data collection
An RMON probe is located on each segment of the
network monitored.
These probes can be dedicated hosts, resident on a
server, or included in a standard networking device
such as a router or switch.
probes gather the specified data from each segment
and relay it to the management console.
Redundant management consoles
Two major benefits to network management
processes:
•ability to have more than one network administrator
in different physical locations monitor and manage
the same network
•Having two or more management consoles means
that if one of the consoles fails, the other console still
can be used to monitor and control the network until
the first console is repaired. (ie. Redundancy)
The Ethernet Statistics Group
Contains statistics gathered for each monitored
subnetwork. These statistics include counters
(incremental that start from zero) for bytes, packets,
errors, and frame size. The other type of data reference is
an index table. The table identifies each monitored
Ethernet device, allowing counters to be kept for each
individual Ethernet device. The Ethernet Statistics Group
provides a view of the overall load and health of a
subnetwork by measuring different types of errors
including CRC, collisions, over and under-sized packets.
The History Control Group
Contains a data table that will record samples of the
counters in the Ethernet Statistics Group over a
specified period of time. The default time:
every thirty minutes
table size is fifty entries
total of twenty-five hours of continuous monitoring
These samples provide a baseline of the network and
can be used to compare against the original baseline to
resolve problems or to update the baseline as the
network changes.
The Alarm Group
Thresholds set, and when met, a message or alarm
will be sent to the specified people
This process, known as an error trap, can automate
many functions
OR
The Host Group
Contains counters maintained about each host
discovered on the subnetwork segment.
Counter categories maintained are: Packets, Octets,
Errors, and Broadcasts.
Example: Total packets, Packets received, Packets sent,
along with many counters specific to the type of item.
The Host TOPN Group
Prepares reports about a group of hosts that top a
statistical list based on a measured parameter.
Ex: A report could be generated for the top ten hosts
generating broadcasts for a day or most packets
transmitted during the day.
Easy way to determine who and what type of data traffic
most occupies the selected subnetwork
•The Matrix Group
•Records the data communication between two
hosts on a subnetwork
•data is stored in the form of a matrix (a multidimensional table).
Examples: one report might show all
users of a particular server, while
another report shows all the servers
used by a particular host.
The Filter Group
Provides a way that a management console can instruct
an RMON probe to gather selected packets from a
specific interface on a particular subnetwork.
Based on the use of two filters, the DATA and the STATUS
filter.
The data filter is designed to match or not match
particular data patterns
The status filter is based on the type of packet looked at
The Packet Capture Group
Allows the administrator to specify a method to use to
capture packets that have been selected by the Filter Group
Administrator can look at the exact detail for packets that
meet the basic filter
The Event Group
Contains events generated by other groups in the MIB
database
The Token-Ring Group
Contains counters specific to token-ring networks
Remember that RMON is an extension to the SNMP protocol .
SNMP is still required for RMON to operate on a network.
Later revisions of both SNMP and RMON. They are labeled as
SNMPv2 and RMON2.
The first step in network troubleshooting is the definition of
the problem
Know all points – if “this” then “that” scenario.
•The first and most important thing is to use your
engineering journal and take notes.
•Another essential element of preemptive
troubleshooting is labeling
•The Process of Elimination and Divide and Conquer
techniques are the most successful methods for
networking troubleshooting
The following slides will show various tools of
the network administrator.
Ping
Sends ICMP echo packets to verify Ping [-t] [-a] [-n
count] [-l length] [-f] [-i ttl] [-r count]
destination
-t ping until interrupted
-a resolves host name and ping address
-n counts the number of pings
-l length - send specified size echo packets
-f DO NOT FRAGMENT command sent to gateways
-I ttl sets the TTL field
-r count records the route of the outgoing and returning
packets
Destination specifies the remote host to ping, by domain
name or by IP address
Tracert (Traceroute)
This utility shows the route a packet took to reach its
destination (Based on TTL – time to live).
Tracert [-d] [-h maximum_hops] [-j host-list]
[-w timeout] target_name
-d specifies IP addresses shouldn't be resolved to host
names
-h max_hops Maximum number of hops searched
-j host-list specifies the loose source route
-w timeout waits the number of milliseconds specified
for each reply
Telnet
This is a terminal emulation program that will allow you
to run interactive commands on the telnet server.
Netstat Displays protocol statistics and current TCP/IP
network connections.
Netstat [-a] [-e] [-n] [-s] [-p proto] [-r]
[interval]
-a Displays all connections and listening ports. (Server-side connections
are normally not shown)
-eDisplays Ethernet statistics. This may be combined with the -s option
--n Displays addresses and port numbers in numerical form
--p proto Shows connections for the protocol specified by proto; proto
may be tcp or udp-r Displays the contents of the routing table
--s Displays per-protocol statistics. By default, statistics are shown for
TCP, UDP and IP
-p option may be used to specify a subset of the default interval
Redisplays selected statistics, pausing interval seconds between each
display
ARP
Used to gather hardware addresses of local hosts and the default
gateway, you can view the ARP cache and check for invalid or
duplicate entries
arp -a [inet_addr] [-N [if_addr]]
arp -d inet_addr [if_addr]
arp -s inet_addr ether_addr [if_addr]
-a or –g Displays the current contents of the arp cache
-d Deletes the entry specified by inet_addr
-s Adds a static entry to the cache
-N
Displays the arp entries for the specified physical address
inet_addr IP address, in dotted decimal
formatif_addr IP address whose cache should be modified
ether_addr The MAC address in hex separated by hyphens
IPconfig (Windows NT)/WinIPcfg (Windows 95-98)
IPconfig [/all | /renew [adapter] | /release
[adapter]]
/allall information about adapter(s)
/renew renew DHCP lease information for all local adapters
if none is named
/release release DHCP lease information disabling TCP/IP
on this adapter
Network Monitoring ensures a
happy network!
THE END