차세대 인터넷 망관리 기술 2000. 12. 12 이 재 용 연세대학교 전기전자공학과...
Post on 18-Dec-2015
235 views
TRANSCRIPT
차세대 인터넷차세대 인터넷
TCP/IP 기반의유선 Web 응용 서비스
~2002 ~2005
개 인 : ADSL (1.544Mbps)사무실 : 고속 LAN (10Mbps)
무선 인터넷
무선 모뎀 (64Kbps)IMT-2000 (128K ~ 2Mbps)
QoS 제공 기반의Web 응용 서비스(Intserv/Diffserv)
유 · 무선 고속 통합 인터넷
All-IP 무선 인터넷
개 인 : 6Mbps사무실 : 10Mbps
Traditional SNMP ManagementTraditional SNMP Management
DeviceDevice
AgentAgent
DeviceDevice
AgentAgent
DeviceDevice
AgentAgent
NMSNMSDBServer
DBServer
For Long-term Analysis
Periodic pollingUsing SNMP
FunctionsFunctions
Basic Functions Admin framework
handling MIB browser
Applications Fault mgmt Configuration mgmt Accounting mgmt Performance mgmt Security mgmt
Other functions DB interface
차세대 인터넷 망 관리 요구사항차세대 인터넷 망 관리 요구사항
통합 망으로 인한관리 망 크기의 증대
새로운 서비스 출현으로인한 서비스 관리
End-to-End QoS보장 관리
확장성(Scalability)
유연성(Flexibility)
강인성(Robustness)
End-to-endScope고속화에 따른
관리
분산 관리Paradigm 의
필요성
- 구조
- 관리 객체
•관리 통신•Agent•Master
분산 망 관리 동향 분산 망 관리 동향 (1)(1)
구조적 측면 OSF (Open Software Foundation)
DME(Distributed Management Environment) IETF (Internet Engineering Task Force)
AgentX (Agent Extensibility Protocol) ITU/TMN
ODMA (Open Distributed Management Architecture) FIPA (Foundation for Intelligent Physical Agents)/OMG
Mobile Agent
분산 망 관리 동향 분산 망 관리 동향 (2)(2)
관리 객체 측면 OMG
CORBA (Common Object Request Broker Architecture) SUN etc.
Java RMI(Remote Method Invocation) JMX(Java Management eXtension)
IETF RMON I, RMON II Functional MIB (Expression MIB, Event MIB, Scheduling MIB)
ITU Event Notification / M-Action
WBEM ArchitectureWBEM Architecture
Common Common Information Information Model (CIM)Model (CIM)
SNMPSNMP ObjectsObjects
CMIPCMIP ObjectsObjects
DMIDMI ObjectsObjects
ManagedManaged ObjectsObjects
Win 32Win 32 ObjectsObjects
Object ProvidersObject ProvidersSNMPSNMPCMIPCMIP RPCRPCXMLXML Win32Win32
CIM Object ManagerCIM Object Manager
COMCOM
ManagedManagedNodeNode
DCOM / XMLDCOM / XML
OtherOtherManagement AppManagement App
DCOM / XMLDCOM / XML
WindowsWindowsManagement AppManagement App
BMC software 구조BMC software 구조
CORBA-based Inter-domain Manager CORBA-based Inter-domain Manager Using WebUsing Web
CORBA – based Inter-domain Manager
CORBA/SNMP gateway
ORB
HTML JAVA Applet JAVA Applet WEB Browser
CORBA/SNMP gateway
SNMP Sub-domain
Agent AgentAgent
CORBA Sub-domain
Agent AgentAgent
CMIP Sub-domain
Agent AgentAgent
HTML(CGI) CORBA (Orbix Web)
RMI
망관리에서의 분산화 망관리에서의 분산화 : : Event Notification/M-ActionEvent Notification/M-Action
NMS
ServerServer Server
Notification M-Action
Action
NM client 의 load 를 줄여줌
Event filtering / Correlation 이 요구됨
Event 발생은 미리 작성된 Scenario 에 의함
Event 발생에 대한 reaction은 NMS 에 의존하므로 신속한 대응 미흡
망관리에서의 분산화 망관리에서의 분산화 : RMON: RMON
RMON 1- Subnetwork-wide 통계 제공- Off-line 관리 (data gathering)- alarm defing and event reporting- frame filtering and capturingRMON 2- End-to-End 통계자료 제공 • email, file transfer.www 에 따른 응용계층 트래픽을 감시 • host 들에서 특정 application 의 트래픽을 기록 가능단점 RMON 장비의 CPU, memory 낭비
- Network-layer address 에 근거한 통계자료 모음 (nlHOST) • Control table
Subnet SpecSubnet Spec
XY
• Data Table
Host related statistics
Host related statistics
# of input packets / octets# of output packets / octets
•••
Host related statistics
Host a Host b Host c
RMON Probe NMS
Host d Host e
Subnet X
Interface 2
Interface 1
Subnet Y
망관리에서의 분산화 망관리에서의 분산화 : Mobile Agent: Mobile Agent
NMS
Server
Script(code, data, state)
지적능력을 스스로 갖고 새로운 프로세스를 만들어 낼 수 있다 (Autonomy) Server 간에 이동이 가능하다 (Mobility) (remote execution 또는 migration)분산된 일을 server 를 지나며 수행 가능 (Intelligence)비동기적으로 망 관리 수행 가능 (Asynchronousity)망 관리에서 확장성과 유연성을 중대시한다 표준화그룹 : FIPA, OMG MASIF Platform : Aglet,Concordia,grasshopper, Voyager
Distributed Management : Management by Delegation (MbD)
Server
Server
Results
* FIPA : Foundation for Intelligent Physical Agent
* OMG : Object Management Group
* MASIF : MOBILE Agent System Interoperability Facility
Distributed ObjectsDistributed Objects
Common Object Request Broker Architecture Web-Based Enterprise Management
Java Management eXtensions
CORBA (1)CORBA (1)
Object Management Architecture standardized by OMG
Joint Inter-Domain Management (JIDM) group Sponsored by Open Group and the TMF
(Telecommunication Management Forum) Provide tools that enable management system based on
CMIP, SNMP, and CORBA to work together. Provide CMIP/CORBA and SNMP/CORBA inter-working. Map between GDMO/ASN.1 and CORBA IDL. Map between SNMP SMI and CORBA IDL.
CORBA (2)CORBA (2)
Web 기술과의 통합을 시도 Orbix Web from IONA CorbaWeb from academia
SNMP domain
Middleware(ex. ORB) Middleware(ex. ORB)
SNMPSNMP CMIPCMIP IDLIDL
ASN.1Objects
Manager
CMIP domain CORBA domain
GDMOObjects
CORBAObjects
Stub Skeleton
Network
Client(Caller)
Object(Callee)
Object Request Broker (ORB)
WBEMWBEM
Desktop Management Interface(DMI) 에서 제기됨 Web-Based Enterprise Management (WBEM)
초기에는 HMMS, HMMP, and HMOM 로 구성됨 Drastic upheaval of WBEM
Common Information Model (CIM) CIMOM 이 HMOM 을 대치 . HTTP 과 XML 을 수용함 . Current work
Integrating CIM with CORBA and Java-based management. Developing SNMP/CIM, DMI/CMI, and CMIP/CIM gateway.
Java technologiesJava technologies
Java RMI Can be combined with Object Serialization. Management objects (SNMP or CMIS/CMIP objects) are mapped int
o distributed Java objects. JMAPI (Java Management API)
Based on Java RMI Set of tools and guidelines to build management applets. Supports the most common SNMP MIB (MIB-II)
JMX (Java Management eXtension) A management framework destined for object-oriented web-based m
anagement. SNMP API, WBEM API, (already specified) and TMN API (currently un
der definition) SNMP-to Java MIB compiler (translates the managed objects into M
Bean Component)
JMXJMX
JMX Architecture Instrumentation level : give instant manageability to any
object Agent level : provide management agent. Manager level : provide management component
operating as manager or agent. JMX Components
JMX Manageable Resource JMX Agent JMX Manager Services for management Addition Management Protocol APIs
Interacting with other management environments.
Key Component of JMXKey Component of JMX
ManagerLevel
AgentLevel
InstrumentationLevel
Proprietary Management Application Web Browser
Proprietary Management Application
JMX Manager
MBeanServer
Service
Object 2
Object 1
Object 3Java virtual machine Java virtual machine
ProtocolAdaptors
MBean (registered in the server) Plain JavaBeans Component (not registered)
AgentX (Agent Extensibility Protocol)AgentX (Agent Extensibility Protocol)
Motivation for AgentXMotivation for AgentX
Distributed management 의 필요성 Hierarchical framework.
Management applications 의 분산된 agent 에 대한 투명한 접근 Managed objects 의 동적인 확장
MIB 장비로부터 SNMP protocol engine 을 분리 MIB 구현 모듈의 동적인 추가
AgentX FrameworkAgentX Framework
ManagerSNMPEntity
AgentXDispatcher
Sub-Agent
Sub-Agent
Sub-Agent
AgentX Master-Agent
Extensibilityprotocol
SNMP
Master agent Agent 역할로서 SNMP
프로토콜 메시지의 송수신 . MIB 에는 거의 직접적으로
접근하지 않음 . Subagent(s)
Master-agent 에 의해 처리되는 SNMP 메시지로부터 “ Shielded” 됨 .
MIB 을 직접 접근 .
AgentX Roles – Master AgentAgentX Roles – Master Agent
기능 Subagent 로부터 AgentX session 확립 요구를 받아들임 . Subagent 로부터 MIB region 의 등록 접수 현재 등록된 MIB region 에 따라 , AgentX 프로토콜이 MIB 에 접근 Subagent 를 위해 notification 을 전달해줌 .
AgentX Roles - SubagentAgentX Roles - Subagent
기능 Master-agent 와 함께 AgentX session 시작 Master-agent 에게 MIB region 을 등록 등록된 MIB region 내에서 OID 와 실제 variable 을 bind 시킴 Variable 에 대한 관리 동작을 수행 관리 객체 (MO: Managed Object) 를 초기화 시킴 Notification 을 주도
Example: Management with AgentXExample: Management with AgentX
Master Agent
MIB Registry
Mail Server
Email MIB
Subagent
WWW Server
WWW MIB
Subagent
10baseT Hub
Repeater MIB
Subagent
AgentX
AgentX
AgentX
NMSSNMP
From a manager’s point of view, an extensible agent behaves exactly as would a monolithic agent.
The master agent is MIB ignorantand SNMP omniscient while the subagent is SNMP ignorant and MIB omniscient.
AgentX Protocol OperationsAgentX Protocol Operations
18 Protocol operations are defined. 7 PDUs for Master agent Subagent direction
10 PDUs for Subagent Master agent direction
1 PDU for both Master agent and subagent.
Master agent Subagent Get-PDU, GetNext-PDU, Get-Bulk-PDU, TestSet-PDU, CommitSet-
PDU, UndoSet-PDU, and CleanupSet-PDU.
Subagent Master agent Open-PDU, Close-PDU, Register-PDU, Unregister-PDU, Notify-PDU,
Ping-PDU, IndexAllocation-PDU, IndexDeallocation-PDU, AddAgentCaps-PDU, and RemoveAgentCaps-PDU.
Both side Response-PDU
OID RegistrationOID Registration
Subagents may register single instances: E.g., 1.3.6.1.2.1.25.1.2.0 = HOST-RESOURCES-
MIB.hrSystemDate.0
Subagents may register OID regions: E.g., 1.3.6.1.2.1.2.2.1.[1-22].7 = IF-MIB.ifIndex.7 – IF-
MIB.ifSpecific.7
Only a single subagent can be “authoritative” for a particular OID region. Priority values are used to identify the authoritative
subagent if regions overlap.
Transport Layer MappingsTransport Layer Mappings
AgentX defines the following transport mappings: AgentX over TCP
The master agent accepts TCP connection requests for the well-known port 705.
Subagents connect to the master agent using 705 port number.
AgentX over UNIX-domain Sockets The master agent creates a well-known UNIX-domain socket
endpoint called “/var/agentx/master”.
AgentX PDUs are not encoded using the BER They are transmitted as a contiguous byte stream. (Unlike
SNMP PDUs)
Security ConsiderationsSecurity Considerations
Agent session 동안 SNMP 보안 관련 정보가 subagent 에게 전달되는 방법이 없다 .
NMSMasterAgent
SubagentCommunity
USEC for v3
No mechanism
Implementations and ProductsImplementations and Products
JAX – A Java AgentX Sub-Agent Toolkit http://www.ibr.cs.tu-bs.de/projects/jasmin/jax.html
CMU AgentX Implementation http://www.net.cmu.edu/groups/netdev/agentx/
Compaq True64 UNIX version5.0 mailto: [email protected]
Epilogue Envoy http://www.isi.com
UC Davis, SNMP suites ucd-snmp.ucdavis.edu
Frank Fock, Agent++ http://www.fock.de/agent++
AgentX LimitationsAgentX Limitations
Requires relatively complex operations on the master agent side in order to realize SNMP lexicographical ordering and access control efficiently.
Only a single subagent can be “authoritative” for a particular OID regions. Only one network device which has same MIB can be
managed at the same time.
Security mechanism is not considered.
Functional MIBsFunctional MIBs
Expression MIBEvent MIB
Scheduling MIBRemote Operations MIBs
Notification Log MIB
Expression MIBExpression MIB
목적 : 망관리 시스템에서 네트워크 트래픽 overhead 를 줄이기 위함
MIB variable 에 대한 expression computation 수행 Expression 구성시 3 가지 MIB object sampling 형태 지원
absolute, delta, changed (boolean sampling).
Information about a single expression(Interval, Prefix…)
expExpressionEntry
Information about errors in processing
an expression
expErrorEntry
A table of object definitions for each expExpressionEntry
row(OID, wildcard…)
expObjectEntryA table of values from evaluated
expressions
expValueEntry
Used by
ProduceResult
ProduceError
Event MIBEvent MIB
목적 MIB variable 이 threshold 를 지나치거나 , 변화된 값을 가질 때
event 를 발생시키기 위함 다른 MIB 과의 관계
[RFC1757] RMON alarm, event group 의 능력에 대한 superset 제공
[RFC1905] SNMPv2 의 Manager-Manager MIB 의 계승 / 보완 [RFC2573] SNMPv3 Management Target 과 Notification MIB
의 서비스에 의존 [RFC2982] 분산 관리 Expression MIB 을 보완한다 .
Scheduling MIBScheduling MIB
목적 주기적 또는 주어진 날짜와 시간에
수행될 action 에 대한 scheduling
동작 Control object 를 변경시켜
schedule 을 enable/disable 시킴
다른 관리 기능에 의해 활성화 /비활성화 되는 schedule 을 미리 구성할 수 있게 함 .
schedEntry
schedOwner SnmpAdminString, schedName SnmpAdminString, schedDescr SnmpAdminString, schedInterval Unsigned32, schedWeekDay BITS, schedMonth BITS, schedDay BITS, schedHour BITS, schedMinute BITS, schedContextName SnmpAdminString, schedVariable VariablePointer, schedValue Integer32, schedType INTEGER, schedAdminStatus INTEGER, schedOperStatus INTEGER, schedFailures Counter32, schedLastFailure SnmpPduErrorStatus, schedLastFailed DateAndTime, schedStorageType StorageType, schedRowStatus RowStatus
Remote Operations MIBsRemote Operations MIBs
Ping MIB Remote host 에서 관리 응용으로 하여금 Ping 수행 가능케 함 .
Traceroute MIB Remote host 에서 Traceroute 수행케 함 .
Lookup MIB Remote host 에서 Name lookup 가능케 함 .
Notification Log MIBNotification Log MIB
목적 Local loggin 기능의 형태로 다른 MIB 에게 common infrastructure
제공 주로 sender 의 Notification 을 위해 사용되나 receiver 도 사용 가능 .
A table of Notification log statistics entries(logged or bumped)
nlmStatsLogEntry
A table of variablesto go with Notification
log entries (values…)
nlmLogVariableEntry
A table of logging control entries.
(entry limit, filter…)
nlmConfigLogEntryA table of Notification
log entries(variables…)
nlmLogEntry
statistics
contains
has
Script MIBScript MIB
Overview of the Script MIB(1)Overview of the Script MIB(1)
Defined in RFC2592 SNMP-compliant MIB Script MIB
분산된 장소로 Script 전달 Script 를 위한 argument 전달 동작중인 script 의 monitor, control 이 원격으로 가능 Running script 로 부터 결과 받음 .
Overview of the Script MIB(2)Overview of the Script MIB(2)
• Consists of six tables– Language– Extension– Script– Code– Launch– Run
• OID is (mib-2 64)
scriptMIB(mib-2 64)
smObjects
smLangTable
smExtsnTable
smScriptObject
smScriptTable
smCodeTable
smRunObjects
mib - II
smLaunchTable
smRunTable
Table (1)Table (1)
Language Table Agent 가 지원하는 언어 정보 제공 . E.g. Java, and Tcl etc.
Extension Table Language 확장에 대한 정보 제공 Local resource 나 network protocol 에 대한 interface 제공 가능 .
Table (2)Table (2)
Script Table Script MIB 을 지원하는 network 장비에 설치된 모든 script 를 나열 Script 를 설치 / 제거 , script 상태를 변경 / 읽기 등을 가능케하는 o
bject 가짐 . 지정된 URL 로 부터 script 를 Agent 에 의해 영원히 설치되고 ,
받아질 수 있음 . Code Table
SNMP set operation 에 의해 Agent 에게 script 를 도착하게 (push) 함 .
Table (3)Table (3)
Launch Table 준비된 script 를 서술 List 의 각 entry 는
Script 에서 전달된 argument Script 수행중의 신뢰도 , 허가등을 나타냄 .
Run Table 최근 끝나거나 , 돌고 있는 script list Manager 로 하여금 동작되고 있는 script 에 대한 정보 추출이나
제어 가능케 함 .
Operations of Script MIBOperations of Script MIB
smLangTablesmLangTable
JavaJava JDK1.1.8JDK1.1.8
PerlPerl 5.0045.004
smScriptTablePre-
installed Info AccessⓢPre-
installed Info AccessⓢDynamic-loaded Info Accessⓢ
Dynamic-loaded Info Accessⓢ
smLaunchTable
secutiryⓢ
ⓢ
ⓢ
ⓢ
args
args
args
args
secutiry
secutiry
secutiry
Launch
Launch
Launch
Launch
smRunTable
stateⓢ
ⓢ
ⓢ
ⓢ
args
args
args
args
state
state
state
result
result
result
resultNetwork
Node
SNMP agent
Manager Script Repository
SNMPpush script
HTTP or other
HTTP
①
②
③ ④⑤
pull script
Applications of Script MIBApplications of Script MIB
Scripts as Agent Scripts as Mid-level manager
Monitoring Service testing (QoS monitoring) Service management and control Fault handling
Scripts as AgentScripts as Agent
Agent 를 확장하거나 구현 표준 MIB 로 부터 관리정보를 computing 하는 서비스
제공 Agent 의 확장성 제공 .
managermanager
Internet Server
Script MIBagent
Script MIBagent
MIB-II(ex. tcpConnTable)
MIB-II(ex. tcpConnTable)
ScriptRepository
ScriptRepository
Launch script
Retrieving result
Polling
response
Scripts for monitoringScripts for monitoring
Monitoring Detecting irregular
condition Collecting accounting data
More scalable The number of node to be
monitored MIB objects per node
Significantly decrease management traffic. Pre-process monitored data
More flexible Easy to add nodes to be
monitored Easy to modify the set of
MIB objects monitored.
managermanager
M
AM
A
AA AA AAAA
mid-levelmanager
M : ManagerA : Agent
Script for service testingScript for service testing
Service testing (QoS monitoring) Checking the availability and
the static and dynamic parameters of a given services.
Introducing new MIB module Lacks flexibility for new
services Service testing by Script MIB
Rapidly adaptable to new situation.
Script MIB agent is located where potential users are (differ from central manager).
Script MIB can be installed on several remote location which require service monitoring.
InternetServer
Receiveservices
Send test packet
UserAgent
manager
result
MIB
Launchscript
Script for service deployment and Script for service deployment and controlcontrol
Local mid-level managers can control server
processes are running on the same
node as the processes. The Script MIB offers a
convenient solution for the rapid development and installation of network services.
example) Remote service
deployment on programmable switch.
manager
Webserver
Check service
Download script
Control networkProgrammableswitch
Scripts for fault handlingScripts for fault handling
Fault handlings can be distributed to mid-level manager as script.
Central manager only required to decide which fault handling procedure to apply.
Procedures① Fault identification② Choose adequate script③ Install script④ Start and execute script⑤ Remove script
manager
Web server(repository)
①Fault notification
②ChooseAdequate script
③Install script
④Execution⑤Remove script
References (1)References (1)
Sun, “Java Management Extension White Paper,” http://java.sun.com/products/JavaManagement
WBEM Initiative, Online: http://www.dmtf.org/wbem CORBA, Online: http://www.omg.org/ M. Daniele et al., “Agent Extensibility (AgentX) Protocol Version
1,” , RFC2741, January 2000. L. Heintz et al., “Definitions of Managed Objects for Extensible S
NMP Agents,” , RFC2742, January 2000. R. Kavasseri and Bob Stewart, “Event MIB,” , RFC2981, October
2000 R. Kavasseri and Bob Stewart, “Distributed Management Epressi
on MIB,” , RFC2982, October 2000.
References (2)References (2)
Bob Stewart and Ramanathan R. Kavasseri, “Notification Log MIB,” , internet draft, draft-ietf-disman-notif-log-mib-16.txt, February 2000.
Kenneth White, “Definitions of Managed Objects for Remote Ping, Traceroute, and Lookup Operations,” , RFC2925, September 2000.
D. Levi and J. Schönwälder, “Definitions of Managed Objects for Scheduling Management Operations,” , RFC2591, May 1999.
D. Levi and J. Schönwälder, “Definitions of Managed Objects for the Delegation of Management Scripts,” , RFC2592, May 1999
References (3)References (3)
J Schönwälder, “Emerging Internet Management Technologies,” IM’99 Tutorial, 1999.
Jürgen Schönwälder, Jürgen Quittek and Cornelia Kappler, “Building Distrubuted Management Applications with the IETF Script MIB,” IEEE Journal on Selected Areas in Communications, vol. 18, no. 5, May 2000.
David Levi, “Introduction to the Script MIB,” Simple Times, vol. 7 no. 2, Nov. 1999.
Éamonn McManus, “Script MIB Implementation Experience,” Simple Times, vol. 7 no. 2, Nov. 1999.
Frank Strauß, “Script MIB Performance Analysis,” Simple Times, vol. 7 no. 2, Nov. 1999.
Jürgen Quittek and Cornelia Kappler, “Practical Experiences with Script MIB Application,” Simple Times, vol. 7 no. 2, Nov. 1999.