Network Monitoring and Management (NMM)

Synopsis

Return to Outlines

This workshop is designed for engineers and system staff at ISPs and large networks, including academic networks who are involved with system management, network monitoring and management, incident response and security. This course is for those who need to manage Network operations and NOCs. Proper network instrumentation is a fundamental requirement for realizing infrastructure security at both the network and desktop level, and this course emphasizes the security benefits for the tools and the techniques covered. The agenda of topics is presented below and labs constitute about 60% of the course.

Workshop Topics

  • Introduction to Network Monitoring and Management
  • Recap of Linux command line use. Depending on the class level this may be very basic to more in-depth. Potential topics include:
    • Introduction to Linux
    • TCP/IP network essentials
    • Security essentials including SSH
    • Linux commands and the command line interface (CLI)
    • Text editors (vi, nano)
    • Linux permissions
    • Linux scripting basics
    • Apache web server configuration basics
  • Cisco IOS Configuration Basics
  • SNMP (Simple Network Management Protocol)
  • Installation, configuration and understanding of output of some or all of the following network monitoring and management tools:
    • LibreNMS - automated network monitoring tool
    • Netflow, NfSen - traffic analysis and exploration
    • Nagios - Server and Service monitoring and alerting
    • RANCID: network equipment configuration backup, change tracking & automation including the use of SVNWeb
    • RT (Request Tracker): Ticketing systems for helpdesk /support and integration of RT and Nagios to automatically generate tickets.
    • Smokeping - Latency/Round Trip Time, Jitter and packet loss monitor
  • Log management: Collecting logs, monitoring them, using forensic tools and pattern matching utilities to alert when there are problems:
    • syslog / rsyslog with Tenshi
    • A discussion of the ELK stack (Elasticsearch, Logstash and Kibana)
  • Network Operation Center (NOCs)
  • Network Documentation
    • Netdot (Network Documentation Tool)
  • Exam, questionnaire and certificates

Target Audience

    Network system administrators, engineers and technicians from Research Education Networks, Universities and ISPs who are responsible for network maintenance, planning and design as well as security of their networks.

Prerequisites

  • Reasonable knowledge of the UNIX/Linux command line environment
  • Basic knowledge of TCP/IP networking
  • Participants are required to bring a laptop

Objectives

At the end of the workshop, students will be able to:

  • Perform package installation and basic administration tasks via the Linux command line
  • Perform basic Cisco IOS configuration tasks
  • Configure the SNMP (Simple Network Management Protocol) on both Linux servers and Cisco networking equipment
  • Install and configure LibreNMS to perform automated network monitoring and discovery functions
  • Install and configure Smokeping to perform latency, round trip time, jitter and packet loss monitoring
  • Install and configure Nagios to perform server and service monitoring and alerting
  • Demonstrate techniques to deal with log (syslog) management. Collecting logs and monitoring them for patterns
  • Install and configure Netdot to perform the appropriate functions with regards Network Documentation and automated configuration generation
  • Install and configure Netflow and NfSen to perform traffic analysis and exploration
  • Install and configure RANCID to perform network equipment configuration backup, change tracking & automation
  • Install and configure RT (Request Tracker) to act as a ticketing system for helpdesk / support
  • Integrate Nagios with RT to enable automated ticket generation based on network management events.

At the end of the workshop, students will understand:

  • The concepts of:
    • Baselining
    • Security through traffic analysis
    • Types of delay (processing, queuing, transmission and propagation)
    • Network incident response (Ticketing)
    • Network Traffic Flows
  • Why we monitor
  • What we monitor
  • How we document
  • Why we document

And, many other aspects and the importance of proper implementation of network traffic and device monitoring.

Return to Outlines