poglavlje 9 upravljanje mrežom
DESCRIPTION
Poglavlje 9 Upravljanje mrežom. Computer Networking: A Top Down Approach Featuring the Internet , 3 rd edition. Jim Kurose, Keith Ross Addison-Wesley, July 2004. Ciljevi : Uvod motiva cija glavne komponente Okvir upravljanja mrežama na Internet -u MIB: baza upravljačkih informacija - PowerPoint PPT PresentationTRANSCRIPT
Network Management 9-1/27
Poglavlje 9Upravljanje mrežom
Computer Networking: A Top Down Approach Featuring the Internet, 3rd edition. Jim Kurose, Keith RossAddison-Wesley, July 2004.
Network Management 9-2/27
Poglavlje 9: upravljanje mrežomCiljevi: Uvod
motivacija glavne komponente
Okvir upravljanja mrežama na Internet-u MIB: baza upravljačkih informacija SMI: data definition language SNMP: protokol za mrežni menadžment bezbednost i administracija
prezentacioni servisi: ASN.1
Network Management 9-3/27
Poglavlje 9 kratak pregled
Šta je mrežni menadžment? Okvir Internet-standardnog menadžmenta
Structure of Management Information: SMI Management Information Base: MIB SNMP Protocol Operations and Transport Mappings Bezbednost i administracija
Abstract Syntax Notation 1 - ASN.1
Network Management 9-4/27
Šta je mrežni menadžment?
autonomni sistemi (“mreže”): 100 ili 1000 međusobno povezanih hardversko/softverskih komponenti
različiti složeni sistemi zahtevaju monitoring, kontrolu: avioni nuklearne centrale drugi?
"Mrežni menadžment uključuje razvijanje, integraciju i koordinaciju hardvera, softvera i ljudi da bi nadgledali, testirali,ispitivali, konfigurisali, analizirali, razvijali i kontrolisali mrežui resurse, da bi ispunili u realnom vremenu performanse radai zahteve kvaliteta servisa sa razumnim troškovima"
Network Management 9-5/27
Infrastruktura za upravljanje mrežom
agent data
agent data
agent data
agent data
managed device
managed device
managed device
managed device
managingentity data
networkmanagement
protocol
definicije:
managed devices sadržemanaged objects čije podatke sakupljaju u
Management InformationBase (MIB)
managing entity
Network Management 9-6/27
Standardi mrežnog menadžmenta
OSI CMIP Common Management
Information Protocol projektovan 1980:
unificira net management standard
isuviše sporo standardizovan
SNMP: Simple Network Management Protocol
Internet korene (SGMP) startovan prosto razvijan, prilagođen
rapidno veličina, kompleksnost trenutno: SNMP V3 de facto standard za
mrežni menadžment
Network Management 9-7/27
Poglavlje 9 kratak pregled
Šta je mrežni menadžment? Okvir Internet-standardnog menadžmenta
Structure of Management Information: SMI Management Information Base: MIB SNMP Protocol Operations and Transport Mappings Bezbednost i administracija
ASN.1
Network Management 9-8/27
SNMP pregled: 4 ključna dela
Management information base (MIB): distribuira informacije skladištenja podataka
mrežnog menadžmenta Structure of Management Information (SMI):
data definition language za MIB objekte SNMP protokol
prenosi manager<->managed object informacije, komande
security, administration sposobnosti glavni dodatak u SNMPv3
Network Management 9-9/27
SMI: data definition languagejezik za definiciju podataka
Purpose: syntax, semantics of management data well-defined, unambiguous
base data types: straightforward, boring
OBJECT-TYPE data type, status,
semantics of managed object
MODULE-IDENTITY groups related objects
into MIB module
Basic Data Types
INTEGERInteger32
Unsigned32OCTET STRING
OBJECT IDENTIFIEDIPaddressCounter32Counter64Guage32
Time TicksOpaque
Network Management 9-10/27
SNMP MIB
OBJECT TYPE:
OBJECT TYPE:OBJECT TYPE:
objects specified via SMIOBJECT-TYPE construct
MIB module specified via SMI MODULE-IDENTITY
(100 standardized MIBs, more vendor-specific)
MODULE
Network Management 9-11/27
SMI: Object, module primeri
OBJECT-TYPE: ipInDelivers MODULE-IDENTITY: ipMIB
ipInDelivers OBJECT TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION “The total number of input datagrams successfully delivered to IP user- protocols (including ICMP)”::= { ip 9}
ipMIB MODULE-IDENTITY LAST-UPDATED “941101000Z” ORGANZATION “IETF SNPv2 Working Group” CONTACT-INFO “ Keith McCloghrie ……” DESCRIPTION “The MIB module for managing IP and ICMP implementations, but excluding their management of IP routes.” REVISION “019331000Z” ………::= {mib-2 48}
Network Management 9-12/27
MIB primer: UDP modul
Object ID Name Type Comments
1.3.6.1.2.1.7.1 UDPInDatagrams Counter32 total # datagrams delivered
at this node
1.3.6.1.2.1.7.2 UDPNoPorts Counter32 # underliverable datagrams
no app at portl
1.3.6.1.2.1.7.3 UDInErrors Counter32 # undeliverable datagrams
all other reasons
1.3.6.1.2.1.7.4 UDPOutDatagrams Counter32 # datagrams sent
1.3.6.1.2.1.7.5 udpTable SEQUENCE one entry for each port
in use by app, gives port #
and IP address
Network Management 9-13/27
SNMP Namingquestion: kako dati ime svakom mogućem
standardnom objektu (protokol, podaci, ...) u svakom mogućem mrežnom standardu??
answer: ISO - Object Identifier tree
- stablo identifikacije objekata: hijerarhijski naming svih objekata svaka grana ima ime i broj
1.3.6.1.2.1.7.1ISO
ISO-ident. Org.US DoDInternet
udpInDatagramsUDPMIB2management
Network Management 9-14/27
Check out www.alvestrand.no/harald/objectid/top.html
OSI Stablo identifikacije objekata
Network Management 9-15/27
SNMP protokol
Dva načina da se prenesu MIB informacije, komande:
agent data
Managed device
managingentity
response
agent data
Managed device
managingentity
trap msgrequest
request/response mod trap mod
Network Management 9-16/27
SNMP protokol: tipovi poruka
GetRequestGetNextRequestGetBulkRequest
Mgr-to-agent: “get me data”(instance,next in list, block)
Message type Function
InformRequest Mgr-to-Mgr: here’s MIB value
SetRequest Mgr-to-agent: set MIB value
Response Agent-to-mgr: value, response to Request
Trap Agent-to-mgr: inform managerof exceptional event
Network Management 9-17/27
SNMP protokol: formati poruka
Network Management 9-18/27
SNMP bezbednost i administracija
encryption: DES-enkripcija SNMP poruke authentication: compute, send
MIC(m,k): compute hash (MIC) over message (m), secret shared key (k)
protection against playback: use nonce view-based access control
SNMP entity održava bazu podataka prava pristupa, politike za različite korisnike
samoj bazi podataka je moguće pristupiti kao upravljanom objektu!
Network Management 9-19/27
Poglavlje 9 kratak pregled
Šta je mrežni menadžment? Okvir Internet-standardnog menadžmenta
Structure of Management Information: SMI Management Information Base: MIB SNMP Protocol Operations and Transport Mappings Bezbednost i administracija
Problem prezentacije: ASN.1
Network Management 9-20/27
Problem prezentacije
Q: da li savršeno memory-to-memory kopiranje rešava “komunikacioni problem”?
A: ne uvek!
problem: različiti formati poruka, konvencije skladištenja
struct { char code; int x; } test;test.x = 256;test.code=‘a’
a0000000100000011
a
0000001100000001
test.codetest.x
test.code
test.x
host 1 format host 2 format
Network Management 9-21/27
Problem prezentacije iz realnog života
aging 60’s hippie
2004 teenagergrandma
Network Management 9-22/27
Problem prezentacije: potencijalna rečenja
1. Sender learns receiver’s format. Sender translates into receiver’s format. Sender sends.
– real-world analogy?– pros and cons?
2. Sender sends. Receiver learns sender’s format. Receiver translate into receiver-local format
– real-world-analogy– pros and cons?
3. Sender translates host-independent format. Sends. Receiver translates to receiver-local format.
– real-world analogy?– pros and cons?
Network Management 9-23/27
Rešavanje problema prezentacije
1. Translate local-host format to host-independent format
2. Transmit data in host-independent format3. Translate host-independent format to remote-host
format
aging 60’s hippie 2004 teenagergrandma
Network Management 9-24/27
ASN.1: Abstract Syntax Notation 1 ISO standard X.680
veoma se koristi na Internet-u like eating vegetables, knowing this “good for you”!
definisani tipovi podataka, konstruktori objekata like SMI
BER: Basic Encoding Rules određuju kako su ASN.1-definisani objekti podataka
koji treba da se prenose svaki objekat koji treba da se prenese ima Type,
Length, Value (TLV) encoding
Network Management 9-25/27
TLV Encoding
Idea: transmitted data is self-identifying T: data type, one of ASN.1-defined types L: length of data in bytes V: value of data, encoded according to
ASN.1 standard
1234569
BooleanIntegerBitstringOctet stringNullObject IdentifierReal
Tag Value Type
Network Management 9-26/27
TLV encoding: primer
Value, 5 octets (chars)Length, 5 bytes
Type=4, octet string
Value, 259Length, 2 bytes
Type=2, integer
Network Management 9-27/27
Upravljanje mrežom: zaključak mrežni menadžment
ekstremno važan: 80% mrežnih “troškova” ASN.1 za opis podataka SNMP protokol kao alat za dopremanje
informacija Mrežni menadžment: više umetnost nego nauka
šta da se izmeri/nadgleda kako da se odgovori na greške?