poglavlje 9 upravljanje mrežom

Network Management 9-1/27

Poglavlje 9Upravljanje mrežom

Computer Networking: A Top Down Approach Featuring the Internet, 3rd edition. Jim Kurose, Keith RossAddison-Wesley, July 2004.


Poglavlje 9: upravljanje mrežomCiljevi: Uvod

motivacija glavne komponente

Okvir upravljanja mrežama na Internet-u MIB: baza upravljačkih informacija SMI: data definition language SNMP: protokol za mrežni menadžment bezbednost i administracija

prezentacioni servisi: ASN.1


Poglavlje 9 kratak pregled

Šta je mrežni menadžment? Okvir Internet-standardnog menadžmenta

Structure of Management Information: SMI Management Information Base: MIB SNMP Protocol Operations and Transport Mappings Bezbednost i administracija

Abstract Syntax Notation 1 - ASN.1


Šta je mrežni menadžment?

autonomni sistemi (“mreže”): 100 ili 1000 međusobno povezanih hardversko/softverskih komponenti

različiti složeni sistemi zahtevaju monitoring, kontrolu: avioni nuklearne centrale drugi?

"Mrežni menadžment uključuje razvijanje, integraciju i koordinaciju hardvera, softvera i ljudi da bi nadgledali, testirali,ispitivali, konfigurisali, analizirali, razvijali i kontrolisali mrežui resurse, da bi ispunili u realnom vremenu performanse radai zahteve kvaliteta servisa sa razumnim troškovima"


Infrastruktura za upravljanje mrežom

agent data

agent data

agent data

agent data

managed device

managed device

managed device

managed device

managingentity data

networkmanagement

protocol

definicije:

managed devices sadržemanaged objects čije podatke sakupljaju u

Management InformationBase (MIB)

managing entity


Standardi mrežnog menadžmenta

OSI CMIP Common Management

Information Protocol projektovan 1980:

unificira net management standard

isuviše sporo standardizovan

SNMP: Simple Network Management Protocol

Internet korene (SGMP) startovan prosto razvijan, prilagođen

rapidno veličina, kompleksnost trenutno: SNMP V3 de facto standard za

mrežni menadžment





ASN.1


SNMP pregled: 4 ključna dela

Management information base (MIB): distribuira informacije skladištenja podataka

mrežnog menadžmenta Structure of Management Information (SMI):

data definition language za MIB objekte SNMP protokol

prenosi manager<->managed object informacije, komande

security, administration sposobnosti glavni dodatak u SNMPv3


SMI: data definition languagejezik za definiciju podataka

Purpose: syntax, semantics of management data well-defined, unambiguous

base data types: straightforward, boring

OBJECT-TYPE data type, status,

semantics of managed object

MODULE-IDENTITY groups related objects

into MIB module

Basic Data Types

INTEGERInteger32

Unsigned32OCTET STRING

OBJECT IDENTIFIEDIPaddressCounter32Counter64Guage32

Time TicksOpaque


SNMP MIB

OBJECT TYPE:

OBJECT TYPE:OBJECT TYPE:

objects specified via SMIOBJECT-TYPE construct

MIB module specified via SMI MODULE-IDENTITY

(100 standardized MIBs, more vendor-specific)

MODULE


SMI: Object, module primeri

OBJECT-TYPE: ipInDelivers MODULE-IDENTITY: ipMIB

ipInDelivers OBJECT TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION “The total number of input datagrams successfully delivered to IP user- protocols (including ICMP)”::= { ip 9}

ipMIB MODULE-IDENTITY LAST-UPDATED “941101000Z” ORGANZATION “IETF SNPv2 Working Group” CONTACT-INFO “ Keith McCloghrie ……” DESCRIPTION “The MIB module for managing IP and ICMP implementations, but excluding their management of IP routes.” REVISION “019331000Z” ………::= {mib-2 48}


MIB primer: UDP modul

Object ID Name Type Comments

1.3.6.1.2.1.7.1 UDPInDatagrams Counter32 total # datagrams delivered

at this node

1.3.6.1.2.1.7.2 UDPNoPorts Counter32 # underliverable datagrams

no app at portl

1.3.6.1.2.1.7.3 UDInErrors Counter32 # undeliverable datagrams

all other reasons

1.3.6.1.2.1.7.4 UDPOutDatagrams Counter32 # datagrams sent

1.3.6.1.2.1.7.5 udpTable SEQUENCE one entry for each port

in use by app, gives port #

and IP address


SNMP Namingquestion: kako dati ime svakom mogućem

standardnom objektu (protokol, podaci, ...) u svakom mogućem mrežnom standardu??

answer: ISO - Object Identifier tree

- stablo identifikacije objekata: hijerarhijski naming svih objekata svaka grana ima ime i broj

1.3.6.1.2.1.7.1ISO

ISO-ident. Org.US DoDInternet

udpInDatagramsUDPMIB2management


Check out www.alvestrand.no/harald/objectid/top.html

OSI Stablo identifikacije objekata


SNMP protokol

Dva načina da se prenesu MIB informacije, komande:

agent data

Managed device

managingentity

response

agent data

Managed device

managingentity

trap msgrequest

request/response mod trap mod


SNMP protokol: tipovi poruka

GetRequestGetNextRequestGetBulkRequest

Mgr-to-agent: “get me data”(instance,next in list, block)

Message type Function

InformRequest Mgr-to-Mgr: here’s MIB value

SetRequest Mgr-to-agent: set MIB value

Response Agent-to-mgr: value, response to Request

Trap Agent-to-mgr: inform managerof exceptional event


SNMP protokol: formati poruka


SNMP bezbednost i administracija

encryption: DES-enkripcija SNMP poruke authentication: compute, send

MIC(m,k): compute hash (MIC) over message (m), secret shared key (k)

protection against playback: use nonce view-based access control

SNMP entity održava bazu podataka prava pristupa, politike za različite korisnike

samoj bazi podataka je moguće pristupiti kao upravljanom objektu!





Problem prezentacije: ASN.1


Problem prezentacije

Q: da li savršeno memory-to-memory kopiranje rešava “komunikacioni problem”?

A: ne uvek!

problem: različiti formati poruka, konvencije skladištenja

struct { char code; int x; } test;test.x = 256;test.code=‘a’

a0000000100000011

a

0000001100000001

test.codetest.x

test.code

test.x

host 1 format host 2 format


Problem prezentacije iz realnog života

aging 60’s hippie

2004 teenagergrandma


Problem prezentacije: potencijalna rečenja

1. Sender learns receiver’s format. Sender translates into receiver’s format. Sender sends.

– real-world analogy?– pros and cons?

2. Sender sends. Receiver learns sender’s format. Receiver translate into receiver-local format

– real-world-analogy– pros and cons?

3. Sender translates host-independent format. Sends. Receiver translates to receiver-local format.

– real-world analogy?– pros and cons?


Rešavanje problema prezentacije

1. Translate local-host format to host-independent format

2. Transmit data in host-independent format3. Translate host-independent format to remote-host

format

aging 60’s hippie 2004 teenagergrandma


ASN.1: Abstract Syntax Notation 1 ISO standard X.680

veoma se koristi na Internet-u like eating vegetables, knowing this “good for you”!

definisani tipovi podataka, konstruktori objekata like SMI

BER: Basic Encoding Rules određuju kako su ASN.1-definisani objekti podataka

koji treba da se prenose svaki objekat koji treba da se prenese ima Type,

Length, Value (TLV) encoding


TLV Encoding

Idea: transmitted data is self-identifying T: data type, one of ASN.1-defined types L: length of data in bytes V: value of data, encoded according to

ASN.1 standard

1234569

BooleanIntegerBitstringOctet stringNullObject IdentifierReal

Tag Value Type


TLV encoding: primer

Value, 5 octets (chars)Length, 5 bytes

Type=4, octet string

Value, 259Length, 2 bytes

Type=2, integer


Upravljanje mrežom: zaključak mrežni menadžment

ekstremno važan: 80% mrežnih “troškova” ASN.1 za opis podataka SNMP protokol kao alat za dopremanje

informacija Mrežni menadžment: više umetnost nego nauka

šta da se izmeri/nadgleda kako da se odgovori na greške?

poglavlje 9 upravljanje mrežom

Documents

protokol za mreni

smimanagement information

module primeriobjecttype

data definition languagesnmp

boringobjecttypedata

unambiguousbase data

ipmib moduleidentity

mibsnmp protocol operations