Network Management

archived information

Managing a network can be an extremely daunting task. As networks grow, monitoring the status of network hosts and infrastructure becomes increasingly more difficult. Network Monitoring Systems assist a network administrator by monitoring and reporting on service availability, network and host statistics, and network events. There are a number of different open source Network Monitoring Systems that provide this functionality.

Nagios

NAGIOS is a framework for monitoring and tracking the state of network devices and services. NAGIOS internally contains no monitoring abilities, instead, it relies on a system of plugins--mainly consisting of Perl and Shell scripts--to perform checks on network devices. Because Nagios is very widely used, plugins are available to monitor a wide variety of network services and devices. If a plugin is not available, the Nagios framework makes writing a custom plugin rather easy. In contrast to many other NMS which primarily use SNMP as a monitoring mechanism, NAGIOS plugins rely on tools like ping and SSH to get data from managed devices. NAGIOS does have the capability to receive SNMP traps, however the documentation notes that "Nagios is not designed to be a replacement for a full-blown SNMP management application."

OpenNMS

OpenNMS relies heavily on SNMP to glean data from managed network devices. OpenNMS can determine a device or service's availability, collect and store attributes about a managed device, evaluate collected data, and create notifications based on user defined thresholds. OpenNMS is a fully developed open source NMS solution, it has excellent documentation and is extremely scalable.

SNMP (Simple Network Management Protocol)

What is SNMP?

SNMP is a protocol used by Network Management Systems (NMS) to get information about a network device and/or make changes to a device's configuration. Devices managed by SNMP are often referred to as "agents", interactions between an NMS and a SNMP agent can be grouped into one of four categories: reads, writes, traversal operations, and traps.

  • SNMP "reads" get information from an SNMP managed device
  • SNMP "writes" make changes to an SNMP managed device
  • SNMP "traversal operations" are used to determine which of a device's attributes are managed by SNMP
  • SNMP "traps" are used to report changes in a SNMP managed device's status

How does SNMP work?

SNMP is an Application Layer protocol that communicates over UDP port 161 for sending and receiving requests and UDP port 162 for sending traps. SNMP defines three different "communities", each of which offers a different privilege level. These communities are: "read-only", "read-write" and "trap". The "read-only" community only allows SNMP reads, the "read-write" community allows SNMP reads and writes, and the "traps" community allows a device to receive SNMP traps. To access data from these communities a "community string" is needed. "SNMP community strings" are used to establish authentication and authorization between SNMP agents and an NMS. If you are using SNMP versions 1 or 2c, communications between the SNMP agent and NMS--including the transmission of the SNMP community string--are unencrypted; this can present an extreme security risk. At a minimum, it is recommended that you firewall your SNMP agents to only accept connections on UDP ports 161 and 162 from the address of your NMS. It is also recommended that you send SNMP traffic over a VPN in order to encrypt the data. SNMP version 3 has drastically improved the security of SNMP, if possible, migrate your SNMP devices to SNMP version 3.

The parameters that may be managed by an NMS are defined by a Management Information Base (MIB). MIBs are text files located on an MIB agent, when an NMS makes a issues a "read" command of an SNMP agent, the agent retrieves the requested information from the MIB.

  • A MIB is used to define which resource attributes are manageable via SNMP

When a NMS makes a "read" request to an SNMP agent, the NMS uses a Object Identifier (OID) to specify what information it wishes to receive.

  • An 'OID' is a list of number separated by periods that specifies which parameter a SNMP client wishes to access.
  • An 'OID' is a tree, each of the period separated numbers in an OID specify an increasingly specific parameter in the SNMP managed device. For example, Cisco's base OID is "1.3.6.1.4.1.9"; if you want to access more specific information from a Cisco device a more specific OID--a longer OID--is needed.

For more information about SNMP, read the chapter "A Closer Look at SNMP" from the book "Essential SNMP" at : http://oreilly.com/catalog/esnmp/chapter/ch02.html

Configuration Management

Configuration management is crucial to maintaining a large network. Configuration management tools login to a network infrastructure device like a switch or a router, view its configuration, and track changes to the devices configuration in a reversion control system. This functionality is extremely important in a number of ways. For example, if you make changes to a router's Access Control Lists (ACL) and you wish to revert the device to a previous configuration, configuration management software will allow you to do so quickly and easily. Also, if you share the responsibility of maintaining your network's infrastructure, a configuration management system can inform other administrators of changes made to network devices.

RANCID (Really Awesome Cisco confIg Differ) offers configuration management for Cisco, HP, Juniper and Foundry devices.

Links