ipv6 networks management - renater · n management network n ipv6 mibs: ... • http, ftp, dns......
TRANSCRIPT
IPv6 networks management
Simon Muyal 6net/Spring - 05/2004
Contribsn Bernard Tuy, Renatern Simon Muyal, Renatern Ralf Wolter, Ciscon Patrick Grossetête, Ciscon Munechika Sumikawa, Hitachin Patrick Paul, 6WIND
Simon Muyal 6net/Spring - 05/2004
Agendan Introductionn Management networkn IPv6 MIBs: current statusn Managing IPv6 networks n IPv6 MIBs implementationn Netflown SNMPv6n Management platformsn Management tools
n IPv6 LANn IPv6 MAN/WAN
n Examplesn Conclusionn Demo
Simon Muyal 6net/Spring - 05/2004
Introductionn Manage a network: What is it?
n A set of functions permitting:
• Monitoring• Security• Topology• Inventory• ...
Simon Muyal 6net/Spring - 05/2004
Introductionn IPv6 networks deployed:
n Most are dual stack • LANs (campuses, companies, …)• MANs (RAP, …)• WANs -ISPs (Géant, NRENs, IIJ, NTT/Verio, Abilene, …)• IXes
n Testbed, pilote net, production …=> Management tools are needed
n Which applications are available for managingthese nets ?n Equipment, configurations, …n IP services (servers : DNS, FTP, HTTP, …)
Simon Muyal 6net/Spring - 05/2004
Introductionn SNMP Model:
IPv6 MIBs Status
Simon Muyal 6net/Spring - 05/2004
IPv6 MIBs status
n MIBs are essential for the network management.
n SNMP-based applications are widely usedbut others exist too (NetFlow, …)
n SNMP rely upon MIBs …=>Need to have MIBs to collect IPv6
information as well as get MIBs reachable from an IPv6 address family.
Simon Muyal 6net/Spring - 05/2004
IPv6 MIBs /2n Standardization status at IETF:
n At the beginning:• IPv4 and IPv6 MIBs dissociated.
n Today :• Unified MIBs are on standardization track.
Simon Muyal 6net/Spring - 05/2004
IETF MIB Status /3
n draft-ietf-ipv6-rfc2096-update-07.txt n IP Forwarding Table MIB (02/2004)à proposed standard RFC(in the RFC Editor's queue… can be considered as done)
n draft-ietf-ipv6-rfc2013-update-03.txt n UDP MIB (04/2004)à this hasn't been submitted for publication yet
n draft-ietf-ipv6-rfc2012-update-06.txt n TCP MIB (02/2004)
n draft-ietf-ipv6-rfc2011-update-07.txt n IP MIB, last call Jan 04 n v09.txt (04/2004)
à These two are "Proposed Standard”, IESG Evaluation: “Revised ID Needed".
Simon Muyal 6net/Spring - 05/2004
IETF MIB Status /4
n BGP MIB v6: not stabilized yet.n The current document is draft-ietf-idr-bgp4-mibv2-04.txt(01/2004)
Note that the same folks are working on n draft-ietf-idr-bgp4-mib-14.txt (04/2004), update of RFC 1657.
->Neither of these has had a request for publication yet.
Managing an IPv6 Network
Simon Muyal 6net/Spring - 05/2004
Managing an IPv6 network
n Dual stack IPv6 networksn IPv6 only
n There are not the main case …
n Important to keep in mind n DS is not for evern One IP stack should be removed … one dayn No reasons for netadmins to face twice the
amount of work
Simon Muyal 6net/Spring - 05/2004
Dual Stack IP networksn Part of the monitoring via IPv4
n Connectivity to the equipmentn Tools to manage it (inventory, configurations,
«counters», routing info, …)
n Remaining Part needs IPv6n MIBs IPv6 supportn NetFlow (v9)
Simon Muyal 6net/Spring - 05/2004
IPv6 only networksn Topology discovery (LAN, WAN ?)n IPv6 SNMP agent n SNMP over IPv6 transport
=> Need to identify the missing parts
IPv6 MIBs implement°
Simon Muyal 6net/Spring - 05/2004
IPv6 MIBs implement°/1n Cisco
n Private Cisco MIBs implement ID-00 of RFC 2011 & 2096 updated drafts
n But, no distinction between IPv4 and IPv6 traffic at the interface level from the MIBs (available when new IETF MIB get implemented)
n Information available from CLI• show interface accounting• …
Simon Muyal 6net/Spring - 05/2004
n Juniper
n MIB based on RFC 2465
n with different counters for IPv4 and IPv6 traffic ?
n Or based on filters to collect IPv6 traffic
IPv6 MIBs implement°/2
Simon Muyal 6net/Spring - 05/2004
n Hitachi
n Routers (GR2000/GR4000) and Switches (GS4000) support IPv6 standard MIBs:
• RFC 2452: TCP/IPv6• RFC 2454: UDP/IPv6• RFC 2465: Textual conventions for IPv6• RFC 2466: ICMPv6
n The unified MIBs are not implemented yet.
IPv6 MIBs implement°/3
Simon Muyal 6net/Spring - 05/2004
n 6WIND
n MIBs based on RFC 2465 and RFC 2466n To be checked at our lab …
IPv6 MIBs implement°/4
Netflow
Simon Muyal 6net/Spring - 05/2004
Netflow
Simon Muyal 6net/Spring - 05/2004
NetFlow for IPv6 /1n IETF IPFIX WGn Cisco
n Netflow for IPv6 on Cisco IOS 12.3(7)T• Compliant Netflow v9• Still use an IPv4 transport to export the data• Needs to update your own Netflow Collector
• Cisco NFC v5.0 available• Other collectors are available too …
=>Netflow is not yet there for GSRs though
Simon Muyal 6net/Spring - 05/2004
NetFlow for IPv6 /2n Hitachi
n Support sflow (http://www.sflow.org/) and Netflow is on the roadmap.
n 6WIND:n Not available
SNMP over IPv6
Simon Muyal 6net/Spring - 05/2004
SNMP over IPv6n Cisco:
nSNMP over IPv6 is shipping in 12.0(27)S1. (This is the "limited" version that 6Net tested, so the transportis there, but some features (snmp proxy, infra mibs) still lack IPv6 capability)The plan is to have full SNMP over IPv6 in future releasesnToday, syslog messages related to IPv6 are sent over an IPv4 transport. Later, syslog will run over IPv6 as well
n Hitachi:nSNMP over IPv6 is available
n 6WINDnSNMP over IPv6 is available
Management platforms
Simon Muyal 6net/Spring - 05/2004
Management platforms
n Commercial ISPs use to have integrated management platforms (NRENs folks mostly use GPL or Home made tools)
n HP-OV proposes a version with IPv6 features: NNM 7.0 (sept 2003).
n Ciscoworks: IPv6 version for • Campus Manager under tests Application note on IPv6 management
n Netview (IBM) doesn’t propose any IPv6 featuresn Tivoli : no information …n Infovista : « no IPv6 plan at the moment »
Simon Muyal 6net/Spring - 05/2004
n HP Openviewn Ciscoworks 2000
(Campus Manager)n IBM Netviewn Infovista, Tivolin …
IPv6 ready
IPv6 not ready
« Top ten » …
Monitoring tools
Simon Muyal 6net/Spring - 05/2004
Monitoring tools for IPv6 networks
n For a LAN:• Nagios• Argus• MRTG…
n For a MAN/WAN:• AS PATH tree• Weather map• Netflow• Rancid• Looking Glass…
Simon Muyal 6net/Spring - 05/2004
6Net and IPv6 monitoring toolsn 6Net wp6 : managing large scale IPv6
netsn Tests lot of ipv6 ready toolsn Port many others to ipv6
Simon Muyal 6net/Spring - 05/2004
6Net outcomen 30+ monitoring tools for IPv6
n Testedn Implemented n Documented
n URL: http://tools.6net.org/n To be publicly available in a few weeks
Examples
Simon Muyal 6net/Spring - 05/2004
IPv6 LAN management: Nagios
n URL://www.nagios.orgn Administration of network:
• PCs• Switches• Routers
n Administration of services:• http, ftp, dns...
n Evolution: new features can be added with plug-ins
Simon Muyal 6net/Spring - 05/2004
Nagios
Simon Muyal 6net/Spring - 05/2004
IPv6 MAN/WAN management: AS Path Tree
n Display BGP4+ « topology » from
n BGP4+ routing table.
n Generate HTML pages.
Simon Muyal 6net/Spring - 05/2004
AS Path Tree
Simon Muyal 6net/Spring - 05/2004
IPv6 MAN/WAN management : Looking Glass
n Get information on a router w/o directconnection
n Web Interfacen Final user don’t need a loginn Allow the user to detect causes of failures
w/o asking the NOC
Simon Muyal 6net/Spring - 05/2004
Looking Glass
Simon Muyal 6net/Spring - 05/2004
Inventory : Architecture
Utilisateur Serveur WEBPHP
Serveur BDMysql
RENATER 3
GIPRENATER
NOCRENATERServeur
Perlcrontab
Collecteur SNMP
1''
4''
2'' 3''
Polling SNMP1
2
3'
FTP
SSH 1
2MySql
Simon Muyal 6net/Spring - 05/2004
Inventory: Interfaces
Simon Muyal 6net/Spring - 05/2004
Inventory: BGP Peerings
Simon Muyal 6net/Spring - 05/2004
Conclusionn ISPs –and any other organisations-
need monitoring tools to launch a new service/protocolinto production
n Lot of monitoring tools are now ready for IPv6 networks
n But :n Q1: are my usual tools (used for IPv4 monitoring)
available for IPv6 too ?n Q2: what I need to stress to my favourite vendor to be
ready and manage my IPv6 network ?
Simon Muyal 6net/Spring - 05/2004
Retrieve this information …
n http://sem2.renater.fr/n -> Présentations n -> RFCs …
Simon Muyal 6net/Spring - 05/2004
Demos:n …
Simon Muyal 6net/Spring - 05/2004