network monitoring and management icmp and snmp. icmp internet control message protocol rfc 792...
TRANSCRIPT
![Page 1: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/1.jpg)
Network Monitoring and Management
ICMP and SNMP
![Page 2: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/2.jpg)
ICMP
Internet Control Message Protocol RFC 792 Transfer of (control) messages from
routers and hosts to hosts Feedback about problems
– e.g. time to live expired Encapsulated in plain IP datagram
– Not reliable
![Page 3: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/3.jpg)
incoming frame
RARPARP
UDP
Application Application
TCP
Application Application
IGMPICMP
EthernetDriver
IP
Application
Transport
Network
Link
![Page 4: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/4.jpg)
(Ethernet frame types in hex, others in decimal)
destaddr
sourceaddrEthernet frame type data CRC
destaddr
sourceaddr dataprotocol typeIP header
hdrcksum
ARP
IP
dataTCP src port headerTCP dest port
FTPserver
telnetserver SMTP23
7
2521
UDP 1761 TCP
IPIP
TCPTCP
x0800
x0806
ICMP
![Page 5: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/5.jpg)
ICMP Types
![Page 6: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/6.jpg)
![Page 7: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/7.jpg)
ICMP Uses IP but is a separate protocol in the network layer ICMP messages contain
– Type
– Code
– 1st 8 bytes of “bad” datagram
IP HEADERPROTOCOL = 1
TYPE CODE CHECKSUM
REMAINDER OF ICMP MESSAGE (FORMAT IS TYPESPECIFIC)
IP HEADER
IP DATA
![Page 8: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/8.jpg)
ICMP Message Formats
![Page 9: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/9.jpg)
![Page 10: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/10.jpg)
![Page 11: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/11.jpg)
![Page 12: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/12.jpg)
Destination UnreachableTYPE CODE CHECKSUM
UNUSED
IP HEADER + 64 bits data from original DG
TYPE = 3CODE
0 = Net unreachable1 = Host unreachable2 = Protocol unreachable3 = Port unreachable4 = Fragmentation needed but DF set5 = Source route failed6 = Dest network unknown7 = Dest host unknown
![Page 13: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/13.jpg)
Source QuenchTYPE CODE CHECKSUM
UNUSED
IP HEADER + 64 bits data from original DG
TYPE = 4; CODE = 0Flow control:• Indicates that a router has dropped the original DG or may indicate that a router is approaching its capacity limit.
• Correct behavior for source host is not defined.
![Page 14: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/14.jpg)
![Page 15: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/15.jpg)
Time Exceeded
TYPE CODE CHECKSUM
UNUSED
IP HEADER + 64 bits data from original DG
TYPE = 11CODE
0 = Time to live exceeded in transit1 = Fragment reassembly time exceeded
![Page 16: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/16.jpg)
Redirect
TYPE CODE CHECKSUM
NEW ROUTER ADDRESS
IP HEADER + 64 bits data from original DG
TYPE = 5CODE =
0 = Network redirect1 = Host redirect2 = Network redirect for specific TOS3 = Host redirect for specific TOS
![Page 17: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/17.jpg)
Redirection Concept
Internet
![Page 18: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/18.jpg)
![Page 19: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/19.jpg)
QUERY Message: Echo and Echo Reply
TYPE CODE CHECKSUM
IDENTIFIER SEQUENCE #
DATA ….
TYPE = 8 = ECHO; 0 = ECHO REPLYCODE = 0IDENTIFIER
An identifier to aid in matching echoes and repliesSEQUENCE #
Same use as for IDENTIFIERUNIX “ping” uses echo/echo reply
![Page 20: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/20.jpg)
Replaced by Network Time Protocol (NTP)
![Page 21: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/21.jpg)
Using Ping[wirth:~] [4:15pm] -> ping www.uakron.eduPING arwen.uakron.edu (130.101.81.50) 56(84) bytes of data.64 bytes from arwen.uakron.edu (130.101.81.50): icmp_seq=0 ttl=62 time=0.512 ms64 bytes from arwen.uakron.edu (130.101.81.50): icmp_seq=1 ttl=62 time=0.449 ms64 bytes from arwen.uakron.edu (130.101.81.50): icmp_seq=2 ttl=62 time=1.38 ms64 bytes from arwen.uakron.edu (130.101.81.50): icmp_seq=3 ttl=62 time=0.439 ms64 bytes from arwen.uakron.edu (130.101.81.50): icmp_seq=4 ttl=62 time=0.448 ms64 bytes from arwen.uakron.edu (130.101.81.50): icmp_seq=5 ttl=62 time=0.496 ms64 bytes from arwen.uakron.edu (130.101.81.50): icmp_seq=6 ttl=62 time=0.449 ms
--- arwen.uakron.edu ping statistics ---7 packets transmitted, 7 received, 0% packet loss, time 6001msrtt min/avg/max/mdev = 0.439/0.596/1.383/0.323 ms, pipe 2[wirth:~] [4:16pm] ->
![Page 22: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/22.jpg)
Extended Ping
IP header options can be used along with ICMP: • route recording,• timestamping, • source routing
Used for path MTU discovery
![Page 23: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/23.jpg)
Traceroute UNIX utility - displays router used to get to a specified
Internet Host (Van Jacobson, 1988) Operation
– router sends ICMP Time Exceeded message to source if TTL is decremented to 0
– if TTL starts at 5, source host will receive Time Exceeded message from router that is 5 hops away
Traceroute sends a series of UDP probes (to port ~33500) with different TTL values… and records the source address of the ICMP Time Exceeded message for each
Probes are formatted so that the destination host will send an ICMP Port Unreachable message
![Page 24: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/24.jpg)
Traceroute and ICMP (2) Trace the route of an IP packet
Router 1
Source
Router 2 Destination
Timeline: TTL=1
Router 1 known TTL=2
Router 2 known TTL=3
Destination known
![Page 25: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/25.jpg)
Traceroute and ICMP (3) Trace the route of an IP packet
– Upon reaching destination,• No “Time exceeded” message generated• How do you know when final destination is
reached?
– Traceroute sends to unused UDP port (>30000), generating an ICMP “destination unreachable” message• With code “port unreachable”
![Page 26: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/26.jpg)
Taceroutemymachine:~% traceroute www.cis.ksu.edutraceroute to polaris.cis.ksu.edu (129.130.10.93), 30 hops max, 40 byte packets 1 wraith.facnet.mcs.kent.edu (131.123.46.1) 0.878 ms 0.620 ms 0.553 ms 2 ghost.uis-mcs.mcs.kent.edu (131.123.40.1) 6.000 ms 3.366 ms 2.632 ms 3 lib2-255x248-e37-lib.gate.kent.edu (131.123.255.254) 7.170 ms 3.552 ms 4.477 ms 4 twcneo-cw.neo.rr.com (204.210.223.3) 9.515 ms 15.167 ms 18.687 ms 5 bordercore4-hssi1-0.NorthRoyalton.cw.net (166.48.233.253) 17.864 ms 10.971 ms
14.652 ms 6 core4.WillowSprings.cw.net (204.70.4.73) 23.438 ms 22.099 ms 17.397 ms 7 wsp-sprint2-nap.WillowSprings.cw.net (206.157.77.94) 18.367 ms 22.854 ms 20.267 ms 8 sl-bb11-chi-2-1.sprintlink.net (144.232.10.157) 23.518 ms 24.528 ms 18.757 ms 9 sl-bb12-chi-5-1.sprintlink.net (144.232.10.6) 21.197 ms 31.452 ms 15.050 ms10 sl-bb10-kc-7-1.sprintlink.net (144.232.9.117) 46.752 ms * 40.125 ms11 sl-gw5-kc-0-0-0.sprintlink.net (144.232.2.62) 38.360 ms 48.002 ms 44.795 ms12 sl-uok-1-0-0.sprintlink.net (144.232.132.14) 93.256 ms 67.070 ms 61.727 ms13 ks-1-ks-ksu.r.greatplains.net (164.113.232.193) 77.743 ms 64.566 ms 67.117 ms14 164.113.212.250 (164.113.212.250) 59.988 ms 46.188 ms 55.616 ms15 129.130.252.9 (129.130.252.9) 68.211 ms 67.881 ms 75.441 ms16 polaris.cis.ksu.edu (129.130.10.93) 76.462 ms 54.838 ms *
![Page 27: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/27.jpg)
PMTU-DTCP: path-MTU discovery
![Page 28: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/28.jpg)
![Page 29: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/29.jpg)
SNMP
Where did it come from ?– Internet Engineering Task Force
• Network Management Area
– SNMP v1– MIBv1, MIBv2– SNMP v2 (?)– SNMP v3 (?)
![Page 30: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/30.jpg)
SNMPv1 History
RFC 1157, 1990: – “A Simple Network Management Protocol
(SNMP)” RFC 1155, 1158, 1213, 1990:
– Specification of the MIBv2 Written in ASN.1
![Page 31: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/31.jpg)
![Page 32: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/32.jpg)
Protocol context of SNMP
![Page 33: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/33.jpg)
SNMPv1 Protocol
Five Simple Messages: get-request get-next-request get-response set-request trap
![Page 34: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/34.jpg)
SNMP - SNMP Message Handling -
SNMP Manager SNMP Agent
GetRequest (What is the value of MIB?)
GetResponse (The value is XXXX!)
GetNextRequest (What is the next value of MIB Tree ?)
GetResponse (The value is XXXX!)
GetResponse (The value is XXXX!)
SetRequest (Modify the value of OID)
Trap (Problem happened!)
![Page 35: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/35.jpg)
SNMPv1: UDP ports
Manager Agent
get_request
get_next_request
get_response port 161
port 161
port 161
port 161port 162
get_response
get_responseset_request
trap
![Page 36: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/36.jpg)
SNMPv1 Packet Format
UDPHeader
Version CommunityPDUType
RequestID
ErrorStatus
ErrorIndex
name value name ...
SNMP version (0 is for version 1) Community (read-only, read-write):
– Shared “password” between agent and manager
PDU: Specifies request type Request ID Error Status Error Index
![Page 37: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/37.jpg)
Community Names
Community names are used to define where an SNMP message is destined for.
•Set up your agents to belong to certain communities.
•Set up your management applications to monitor and receive traps from certain community names.
![Page 38: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/38.jpg)
RFC 1065 (MIB Structure) “Structure and Identification of Management
Information for TCP/IP-based Internets (SMI)” Uses Abstract Syntax Notation 1 (ASN.1) Types of information
– Network Address– IP Address– Counter (32 bit monotonically increasing)– Gauge (32 bit variable)– Timeticks (time in hundredths of a second)– Opaque (arbitrary syntax for text data)
Adopted as a full standard in RFC 1155 (basically unchanged)
![Page 39: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/39.jpg)
MIB definitions
RFC 1066 - MIB definitions using RFC 1065 (RFC 1155) (Rose & McCloghrie)
First version of the MIB now called MIB-I Adopted as a full standard in RFC 1156
(essentially unchanged from 1066) RFC 1158 - extends MIB-I and defines MIB-II Adopted as a full standard in RFC 1213
![Page 40: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/40.jpg)
Vendor extensions to MIB
RFC 1156 (MIB-I) allowed for vendor specific extensions to be included in the MIB
Allows for additional management information about devices not provided for in the standard MIB
For example: CPU utilisation Normal for devices to support all of MIB-II
PLUS have their own vendor-specific extensions
![Page 41: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/41.jpg)
SNMP NAMESSNMP Name Structure
1 - directory
1 - sysDescr 2 - sysObjectID
1 - system
1 - ifIndex 2 - ifDescr 3 - ifType ........ 10 - ifInOctets
1 - ifEntry
1 - ifTable
2 - interfaces
1 - mib
2 - mgmt 3 - expt
9 - cisco
1 - Enterprise
4 - private
1 - Internet
6 - dod
3 - org
1 - iso
![Page 42: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/42.jpg)
OSI Object Identifier Tree
![Page 43: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/43.jpg)
SNMP - MIB Tree -
Objects are managed by the tree Expressed in a row of values divided by the period
root
iso(1)ccitt(0) Joint-iso-ccitt(2)
org(3)
dod(6)
Internet(1)
directory(1) mgmt(2) exprimental(3) private(4)
mib-2(1) enterprise(1)
Standard MIBs Vendor-specific MIBs
![Page 44: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/44.jpg)
SNMP Namingquestion: how to name every possible standard
object (protocol, data, more..) in every possible network standard??
answer: ISO Object Identifier (OID) tree: – hierarchical naming of all objects– each branchpoint has name, number
1.3.6.1.2.1.7.1ISO
ISO-ident. Org.US DoDInternet
udpInDatagramsUDPMIB2management
![Page 45: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/45.jpg)
SNMP - OID -
OID Expression – iso(1). org(3). dod(6). internet(1). mgmt(2). mib2(1)
-> .1.3.6.1.2.1
e.g. sysDscr = .1.3.6.1.2.1.1.1 = mib-2.1.1 = system.1
Subtree Name
OID Description
system 1.3.6.1.2.1.1 Defines a list of objects that pertain to system operation, such as the system uptime, system contact, and system name.
interfaces 1.3.6.1.2.1.2Keeps track of the status of each interface on a managed entity. The interfaces group monitors which interfaces are up or down and tracks such things as octets sent and received, errors and discards, etc.
at 1.3.6.1.2.1.3 The address translation (at) group is deprecated and is provided only for backward compatibility. It will probably be dropped from MIB-III.
ip 1.3.6.1.2.1.4 Keeps track of many aspects of IP, including IP routing.
icmp 1.3.6.1.2.1.5 Tracks things such as ICMP errors, discards, etc.
tcp 1.3.6.1.2.1.6 Tracks, among other things, the state of the TCP connection (e.g., closed, listen, synSent, etc.).
udp 1.3.6.1.2.1.7 Tracks UDP statistics, datagrams in and out, etc.
egp 1.3.6.1.2.1.8 Tracks various statistics about EGP and keeps an EGP neighbor table.
transmission 1.3.6.1.2.1.10 There are currently no objects defined for this group, but other media-specific MIBs are defined using this subtree.
snmp 1.3.6.1.2.1.11Measures the performance of the underlying SNMP implementation on the managed entity and tracks things such as the number of SNMP packets sent and received.
![Page 46: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/46.jpg)
SNMP - MIB & OID -
SNMP Manager can acquire the management information defined by MIB(Management Information Base) from Agent
– Current version : MIBv2 RFC 1213– MIB is the aggregate of object (information) on the
equipment which SNMP Agent holds– Identifier is defined for each object = OID– MIB performed by Agent is roughly divided into:
• MIBv2 : standard, public, specified by IETF• Enterprise MIB : private, specified by vendor company
![Page 47: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/47.jpg)
SNMP MIB
OBJECT TYPE:
OBJECT TYPE:OBJECT TYPE:
objects specified via SMIOBJECT-TYPE construct
MIB module specified via SMI(Structure of Management Information)
MODULE-IDENTITY(100 standardized MIBs, more vendor-
specific)
MODULE
![Page 48: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/48.jpg)
SMI: Object, module examplesOBJECT-TYPE:
ipInDelivers
MODULE-IDENTITY: ipMIB
ipInDelivers OBJECT TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION “The total number of input datagrams successfully delivered to IP user- protocols (including ICMP)”::= { ip 9}
ipMIB MODULE-IDENTITY LAST-UPDATED “941101000Z” ORGANZATION “IETF SNPv2 Working Group” CONTACT-INFO “ Keith McCloghrie ……” DESCRIPTION “The MIB module for managing IP and ICMP implementations, but excluding their management of IP routes.” REVISION “019331000Z” ………::= {mib-2 48}
![Page 49: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/49.jpg)
MIB example: UDP moduleObject ID Name Type Comments
1.3.6.1.2.1.7.1 UDPInDatagrams Counter32 total # datagrams delivered
at this node
1.3.6.1.2.1.7.2 UDPNoPorts Counter32 # underliverable datagrams
no app at portl
1.3.6.1.2.1.7.3 UDInErrors Counter32 # undeliverable datagrams
all other reasons
1.3.6.1.2.1.7.4 UDPOutDatagrams Counter32 # datagrams sent
1.3.6.1.2.1.7.5 udpTable SEQUENCE one entry for each port
in use by app, gives port #
and IP address
![Page 50: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/50.jpg)
ASN.1: Abstract Syntax Notation 1 ISO standard X.680 defined data types, object constructors
– like SMI BER: Basic Encoding Rules
– specify how ASN.1-defined data objects are to be transmitted
– each transmitted object has Type, Length, Value (TLV) encoding
![Page 51: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/51.jpg)
Syntax uses ASN.1 (Abstract Syntax Notation)
– binary encoding 02 01 06 is a 1 byte integer, value 6
Primitive Types INTEGER, OCTECT STRING, OBJECT IDENTIFIER, NULL
Constructor Types SEQUENCE <primitive-type> ... ie. a record SEQUENCE OF <primitive-type> ... ie. an array
Defined Data TypesIpAddress what you expectCounter non-negative integer that wrapsGauge non-negative integer that latchesTimeTicks time in hundredths of seconds
![Page 52: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/52.jpg)
TLV EncodingIdea: transmitted data is self-identifying
– T: data type, one of ASN.1-defined types– L: length of data in bytes– V: value of data, encoded according to ASN.1
standard
1234569
BooleanIntegerBitstringOctet stringNullObject IdentifierReal
Tag Value Type
![Page 53: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/53.jpg)
TLV encoding: example
Value, 5 octets (chars)Length, 5 bytes
Type=4, octet string
Value, 259Length, 2 bytes
Type=2, integer
![Page 54: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/54.jpg)
SNMP - SNMP Message Handling
Command examplesGetRequest
inetapan@tools:~> snmpget -v2c -c xxxx tpr2.jp.apan.net .1.3.6.1.2.1.2.2.1.4.136IF-MIB::ifMtu.136 = INTEGER: 9192
GetNextRequestinetapan@tools:~> snmpget -v2c -c xxxx tpr2.jp.apan.net systemSNMPv2-MIB::system = No Such Object available on this agent at this OIDinetapan@tools:~> snmpwalk -v2c -c xxxx tpr2.jp.apan.net systemSNMPv2-MIB::sysDescr.0 = STRING: m20 internet router, kernel 6.2R3.10SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.2636.1.1.1.2.2DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (423280751) 48 days, 23:46:47.51SNMPv2-MIB::sysContact.0 = STRING:SNMPv2-MIB::sysName.0 = STRING: tpr2SNMPv2-MIB::sysLocation.0 = STRING:SNMPv2-MIB::sysServices.0 = INTEGER: 4
SetRequestinetapan@tools:~> snmpset –v2c –c xxxx tppr.jp.apan.net system.sysLocation.0 system.sysLocation.0 = "" inetapan@tools:~> snmpset –v2c –c yyyy tppr.jp.apan.net system.sysLocation.0 s “Tokyo, JP“system.sysLocation.0 = “Tokyo, JP" inetapan@tools:~> snmpset –v2c –c xxxx tppr.jp.apan.net system.sysLocation.0system.sysLocation.0 = “Tokyo, JP"
![Page 55: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/55.jpg)
SNMP - Trap Message -
The way for Agent to inform Manager about event of something undesirable
Trap originates from Agent and is sent to the trap destination, as configured within Agent itself
When Manager receives a trap, it needs to know how to interpret it PDU
– Enterprise • vendor identification (OID) for the agent
– AgentAddress• The IP address of the node where the trap was generated.
– Trap Type• Generic / Specific (not used)
– Timestamp• The length of time between the last re-initialization of the agent that issued a trap and the moment at
which the trap was issued
![Page 56: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/56.jpg)
SNMP
SNMP Traps– unsolicited notification of events– can include variable list– ColdStart, WarmStart– LinkUp, LinkDown– Authentication Failure– EGP Neighbour Loss– Enterprise Specific
![Page 57: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/57.jpg)
Traps Forwarded automatically from agent to
station(s) in response to an event with the device
Traps defined in MIB-II– Cold-start of system– Warm-start of system– Link down– Link up– Failure of authentication– Exterior Gateway Protocol (EGP) neighbour loss– Enterprise specific
![Page 58: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/58.jpg)
SNMPv2 History
RFC 1441, 1993: “Introduction to version 2 of the Internet-standard Network Management Framework”
RFC 1446, 1993: “Security Protocols for version 2 of the Simple Network Management Protocol”
Written to address security and feature deficiencies in SNMPv1
![Page 59: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/59.jpg)
SNMPv2 Protocol
Extension to SNMPv1 Provided security model 2 new commands
– get-bulk-request– inform-request
![Page 60: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/60.jpg)
SNMPv2 Protocol continued...
privDst dstParty srcParty context PDU
privDst dstParty srcParty context PDU
privDst dstParty srcParty context PDU
privDst
privDst
authInfo
0-length OCTET STRING
General Format
Nonsecure Message
digest dstTime srcTime
dstParty srcParty context PDUdigest dstTime srcTime
dstParty srcParty context PDU0-length OCTET STRING
Authenticated, not encrypted
Private, not authenticated
Private and authenticated
![Page 61: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/61.jpg)
Format of SNMPv1 messages
Version Community PDU Request 0 0 Name X Value X … String type ID
Version Community PDU Request Error Error Name X Value X … String type ID status index
Version Community PDU Enter- Agent Generic Specific Time Name X Value X String type prise Addr trap trap
Get-Request, Get-Next-Request, Set-Request
Get-Response
Trap
![Page 62: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/62.jpg)
62
Coexistence by Means of Proxy Agent
ProxyAgent
SNMPv1agent
SNMPv2manager
SNMPv2 environment SNMPv1 environment
GetRequest GetRequest
GetNextRequest GetNextRequest
SetRequest SetRequest
GetBulkRequest GetNextRequest
Response GetResponse
SNMPv2-Trap Trap
SNMPv2 manager-to-agentPDUs
SNMPv1 manager-to-agentPDUs
SNMPv2 agent-to-manager PDUs
SNMPv1 agent-to-manager PDUs
![Page 63: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/63.jpg)
SNMPv1 and SNMPv2 SNMPv1 is a subset of SNMPv2 Managers usually can send requests in either
format depending on the capability of the agents Requires an update of the agent and manager
software to migrate from SNMPv1 to SNMPv2 Many manufacturers are resisting SNMPv2 for a
variety of reasons leading to an SNMPv3 specification
Almost all manufacturers currently support SNMPv1
![Page 64: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/64.jpg)
Network Monitoring Tools
![Page 65: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/65.jpg)
Ways of MonitoringClassified into three monitoring ways
– In Internal Network (mostly) – Via External Network– Non-network (Emergency case)
1, Monitoring in internalNetwork (mostly)
2, Monitoring via ExternalNetwork - via Peering Network - via the Internet
3, Independent access(Emergency case) - ISDN, PSTN
Internal network
External network
Monitoring Machine
![Page 66: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/66.jpg)
Network Management Software
SNMP Agents– provided by all router vendors– many expanded (enterprise) MIBs– bridges, wiring concentrators, toasters
![Page 67: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/67.jpg)
Network Management Software
Public Domain– Application Programming Interfaces
available from CMU and MIT– include variety of applications
![Page 68: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/68.jpg)
Network Management Software
Commercially– many offerings, UNIX and PC based
• HP OpenView• SunNet Manager• Cabletron Spectrum• *MANY* others
![Page 69: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/69.jpg)
Commercial SNMP Applications
•http://www.hp.com/go/openview/ HP OpenView
•http://www.tivoli.com/ IBM NetView
•http://www.novell.com/products/managewise/ Novell ManageWise
•http://www.sun.com/solstice/ Sun MicroSystems Solstice
•http://www.microsoft.com/smsmgmt/ Microsoft SMS Server
•http://www.compaq.com/products/servers/management/ Compaq Insight Manger
•http://www.redpt.com/ SnmpQL - ODBC Compliant
•http://www.empiretech.com/ Empire Technologies
•ftp://ftp.cinco.com/users/cinco/demo/ Cinco Networks NetXray
•http://www.netinst.com/html/snmp.html SNMP Collector (Win9X/NT)
•http://www.netinst.com/html/Observer.html Observer
•http://www.gordian.com/products_technologies/snmp.html Gordian’s SNMP Agent
•http://www.castlerock.com/ Castle Rock Computing
•http://www.adventnet.com/ Advent Network Management
•http://www.smplsft.com/ SimpleAgent, SimpleTester
![Page 70: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/70.jpg)
Monitoring Targets
Target suitable for checking normality of network service
– Router Dead or Alive? Status? Performance? Routing?
– Server Dead or Alive? Status? Damon? Service Port?
– Traffic, etc. Increase or decrease? Dos Attack? Performance? Environment?
![Page 71: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/71.jpg)
Monitoring Method
How to monitor the target – Active monitor or Passive monitor
• Polling = Monitoring machines give message in watching target – Useful for checking the current status
ICMP/SNMP polling…• Receive trap message from target
– Useful for detecting the status changeSNMP trap, syslog…
• Statistics data– Useful for grasping the trend and transition
– Select the Monitoring Tool• Ping (ICMP), SNMP, Monitoring Tool, Original Tool, etc.
– Check the monitoring Route to Target• Internal or External network
![Page 72: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/72.jpg)
- ICMP/Ping Polling -
Check IP reachability by ICMP echo/reply
– Additional information• RTT (Round Trip Time)• Packet Loss• TTL (Time to Live)
Most standard way of checking node activity Time series RTT/Packet loss data becomes important
information when measuring link performance
ICMP echo
ICMP echo reply
RTT: xx msecPacket Loss: xx %
TTL: xx
![Page 73: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/73.jpg)
UDP/TCP polling
Effective in monitoring service ports of server– Using client for service
• DNS - nslookup
– Using telnet • WWW,SMTP,POP
– Using tool • Radius - radping
Telnet with service port
reply
bash-2.05$ telnet ns.jp.apan.net 80Trying 203.181.248.3...Connected to ns.jp.apan.net.Escape character is '^]'.get<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>501 Method Not Implemented</title> :
![Page 74: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/74.jpg)
Monitoring Software - HP OpenView -
HP OpenView Network Node Manager Overview
– Auto discovery and mapping– Drill-down views (Hierarchy Map) – Fault monitoring : ICMP / SNMP polling– Event monitoring : Trap receiving/Event configuration – SNMP tools : Status polling– MIB Browser– Web-based reports– Extended software is enhanced – Platform : Windows 2000/XP, Solaris 8/9, HP-UX
![Page 75: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/75.jpg)
Monitoring Software - HP OpenView Sample 1-
OpenView Contracture
Event log
ICMP polling for connectivity check
Network map
Router map Network sub-map
![Page 76: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/76.jpg)
Monitoring Software - HP OpenView Sample 2-
OpenView Tools
Snmp configuration for polling - parameters - community
Event configuration
Data collection & Thresholds for SNMP
![Page 77: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/77.jpg)
MRTG (Multi-Router Traffic Grapher)
Overview – Monitors the load of network equipment using SNMP, mainly used for
creation of traffic graph
– Excellent graphing tool developed by Tobias Oetiker
– Plots graph with any two variables against time, It is graph-ized with PNG format on HTML page
– Able to create scripts to feed data into MRTG
– Implements data collection, image, web-page collection
– Very widely deployed in large networks and still being actively developed
– Platform : UNIX system / Windows NT
– Supports SNMPv2 : able to read 64bit counters
– http://people.ee.ethz.ch/~oetiker/webtools/mrtg/
![Page 78: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/78.jpg)
MRTG - Workflow -
Display of graph Green area typically represents incoming
maximum bits per second Blue line typically represents outgoing
maximum bits per second
Workflow1.Read configuration file
2.Collect graphing data from network equipment, based on configuration
3.Update database file and generate graph
4.If required, generate HTML file– MRTG performs above workflow then completes
– Since MRTG collects data of the past 5 minutes (default value of source code), it is desirable to set “crontab” for every 5 minutes
![Page 79: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/79.jpg)
MRTG - Data Storage -
Daily grafh/5min
Weekly grafh/30min
Monthly grafh/2hours
Yearly grafh/1day
Data Storage– Keeps 5 minute data only for 2.5 days.
The data is thrown away afterward.• There is no referring to historical data with high
resolution
• Keeps 1-day data for approx. 2 years
RougherResolution
Interval Num of record Storage period
Graph
5 minutes 600 2.5 days daily
30 minutes 600 12.5 days Weekly
2 hours 600 50 days Monthly
1 day 731 2 years Yearly
![Page 80: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/80.jpg)
RRDtool (Round Robin Database Tool)
Overview– Successor to MRTG – Developed by the same developer of MRTG : Tobias Oetiker– Tool group for RRD can flexibly define data item, time interval, data
amount, graph depiction, etc.– Binary file format that can store data at any interval for any length of
time• File does not grow in size over time
– Ability to make custom graphs across user-defined intervals• Ability to graph multiple variables on a single graph
– Additional scripts are necessary in creating graphs and web-page• 25-30 percent faster than MRTG
– Does not have the function to collect data– http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/
![Page 81: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/81.jpg)
RRDtool - Architecture -
Comparison of architecture between MRTG and RRD
router
router
server
text
SNMPengine
ATM Sw itch
Fram e R elaySw itch
Fram e R elaySw itch
Fram e R elaySw itch
Fram e R elaySw itch
FrontendProgram
FrontendProgram
Graph
Index
Graph
Index
RRD
log
Firew all
Firew all
![Page 82: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/82.jpg)
RRDtool - Sample -
http://mrtg.jp.apan.net/cricket/router-interfaces/
![Page 83: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/83.jpg)
Netflow - Overview -
Overview– Enables IP traffic flow analysis without probes
– Invented and patented by Cisco • Juniper (called cflowd), Foundry, ・・・ many venders are supporting
– Flow cash data on routers is exported
to a flow tool, so that traffic flow is to be analyzed
flow Definition: Source IP addressDestination IP addressSource portDestination portLayer 3 protocol typeTOS byte (DSCP)Input logical interface (ifIndex)
Core Network
Enable NetFlow Traffic
Collector(Solaris, HP-UX, or Linux)
UDP NetFlowExport
Packets
Application GUI
![Page 84: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/84.jpg)
Netflow - Flow Data -
Flow data export– Enable NetFlow on the router
• There is difference in architecture between Cisco and Juniper routers• Take care! the load of a router does not become high! - Check CPU, memory, bandwidth, sampling rate
Flow data collection & Analysis– Prepare the software for receiving flow-export data
• flow-tools http://www.splintered.net/sw/flow-tools/• cflowd http://www.caida.org/tools/measurement/cflowd/• Cisco : NetflowCollector
– Analyze traffic from raw data with software• flow-scan http://net.doit.wisc.edu/~plonka/FlowScan/ (If you want to graph-ize analysis data, I recommend you to use RRDtool)• Cisco : CiscoWorks
– Source and destination IP address– Source and destination TCP/UDP ports– Packet and byte counts– Routing information (next-hop address, source autonomous system (AS) number,
destination AS number, source prefix mask, destination prefix mask)
![Page 85: Network Monitoring and Management ICMP and SNMP. ICMP Internet Control Message Protocol RFC 792 Transfer of (control) messages from routers and hosts](https://reader035.vdocuments.net/reader035/viewer/2022062308/56649e725503460f94b71f81/html5/thumbnails/85.jpg)
Netflow - Example -
Netflow Example