© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Structuring and Modularizing the Network Identifying Network Management Protocols and Features

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Network Management Overview

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v SNMP Overview Manager: Polls agents on the network Correlates and displays information SNMP: Supports message exchange Runs on IP Agent: Collects and stores information Responds to manager requests for information Generates traps MIB: Database of objects (information variables) Read and write community strings for controlling access

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v SNMPv1 Message Types

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v SNMP Version 2 SNMPv2 introduced in RFC 1441 SNMPv2C defined in RFC 1901 SNMPv2 new features: –Get Bulk Request –Inform Request –Data types with 64-bit values

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v SNMP Version 3 RFCs 3410 through 3415 Authentication and privacy Authorization and access control Usernames and key management Remotely configurable via SNMP operations Available since Cisco IOS Software Release 12.0

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v MIB Definition Collection of managed objects Each object has a unique identifier Objects are grouped into a tree Standard MIBs = RFC xxxx Private MIBs

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Example: Cisco Router MIB Private extensions to MIB-II: – or –iso.org.dod.internet.private.enterprise.cisco Definitions available at Standard managed objects: –Interfaces –Buffers –Memory –Standard protocols Private managed objects: –Small, medium, large, and huge buffers –Primary and secondary memory –Proprietary protocols

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Example: Variable Retrieval Base format to retrieve the number of errors on an interface iso org dod internet mgmt mib interface ifTable ifEntry ifOutErrors Specific format to retrieve the number of errors on first interface iso org dod internet mgmt mib interface ifTable ifEntry ifOutErrors Instance

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v RMON1 Supports proactive monitoring of LAN traffic: –Network fault diagnosis –Planning –Performance tuning Works on MAC layer data: –Monitors only the aggregate LAN traffic for remote LAN segments –Traffic statistics and analysis Implemented on agents: –Routers, switches, hubs, servers, hosts, and dedicated probes

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v RMON1 Groups (RFC 1513 and 2819)

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v RMON2

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v RMON2 (RFC 2021)

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v NetFlow Infrastructure

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v NetFlow vs. RMON Information Gathering NetFlow can be configured on individual interfaces. NetFlow gathers more detailed information: –Source and destination interface numbers –Source and destination IP addresses –TCP/UDP source port and destination ports –Number of bytes and packets in the flow –Source and destination autonomous system (AS) numbers –IP type of service NetFlow provides greater scalability, customized data collection, and a lower performance impact.

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Applications Using NetFlow Accounting and billing Network planning and analysis Network and security monitoring Application monitoring and profiling User monitoring and profiling NetFlow data warehousing and mining

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Cisco Discovery Protocol Provides a summary of directly connected switches, routers, and other Cisco devices Discovers neighbor devices regardless of which protocol suite they are running Requires that physical media support SNAP encapsulation CDP = Cisco Discovery Protocol Upper-Layer Entry AddressesTCP/IPNovell IPXAppleTalkOthers Cisco Proprietary Data Link Protocol CDP Media Supporting SNAP LANs Frame RelayATMOthers

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Discovering Neighbors with Cisco Discovery Protocol

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Syslog Features Devices produce syslog messages. Syslog messages contain level and facility. Common syslog facilities: –IP –OSPF protocol –SYS operating system –IP Security (IPsec) –Route Switch Processor (RSP) –Interface (IF) Syslog levels: –Emergency (level 0, highest level) –Alert (level 1) –Critical (level 2) –Error (level 3) –Warning (level 4) –Notice (level 5) –Informational (level 6) –Debugging (level 7)

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Example: Syslog Messages

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Syslog Architecture Centralized syslog daemon Remote syslog daemons: –Support for syslog filters –Low bandwidth utilization

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Summary Network management is supported with various devices and servers that use network management protocols and standards. SNMP is a simple network management protocol that is the foundation of a network management architecture. A MIB stores local management agent information on a managed device. RMON is a MIB that supports proactive management of remote networks. NetFlow collects network flow data to support network accounting, usage-based billing, planning, performance monitoring, and QoS applications. Cisco Discovery Protocol is a Cisco proprietary protocol that enables you to discover Cisco devices on the network. Syslog reports system state information based on preset facilities and severity levels.

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v