revised spring 2006 snmpv3 and network management 1 snmpv3 and network management chapter 2 network...

Revised Spring 2006Revised Spring 2006 SNMPv3 and Network ManagemeSNMPv3 and Network Managementnt

11

SNMPv3 and NetworkSNMPv3 and NetworkManagementManagement

Chapter 2Chapter 2

Network Management, MIBs, and MPLSNetwork Management, MIBs, and MPLSStephen B. MorrisStephen B. Morris

Copyright 2003. Pearson Education Inc., Publishing as Prentice Hall PTR. All rights reserved.Copyright 2003. Pearson Education Inc., Publishing as Prentice Hall PTR. All rights reserved.Visit the companion Web site at Visit the companion Web site at http://authors.phptr.com/morris/http://authors.phptr.com/morris/

11

http://authors.phptr.com/morris/

Revised Spring 2006Revised Spring 2006 Rudimentary NMS Software ComRudimentary NMS Software Componentsponents

22

OverviewOverview

The purpose of this particular lesson is to The purpose of this particular lesson is to familiarize you with the message structure and familiarize you with the message structure and encryption methods of SNMPv3. encryption methods of SNMPv3.


33

StructureStructure Provides modular structure that is flexibleProvides modular structure that is flexible

Complements trend toward component technologyComplements trend toward component technologyHas two main componentsHas two main components

Engine and a collection of applications Engine and a collection of applications Has four subcomponentsHas four subcomponents

Dispatcher and message, security, and access control Dispatcher and message, security, and access control subsystemssubsystems Subcomponents service versions one through threeSubcomponents service versions one through three

Important facts to remember about engine Important facts to remember about engine subcomponentssubcomponents

Can hand off msg processing to each other as requiredCan hand off msg processing to each other as required Are themselves extensible entities Are themselves extensible entities

2


44

ApplicationsApplications Currently five SNMPv3 apps definedCurrently five SNMPv3 apps defined

Cmd generatorsCmd generators create msgs create msgs Cmd respondersCmd responders respond to msgs respond to msgs Notification originatorsNotification originators send trap or inform msgs send trap or inform msgs Notification receiversNotification receivers receive and processs trap or inform msgs receive and processs trap or inform msgs Proxy forwardersProxy forwarders forward messsages between SNMP entity forward messsages between SNMP entity componentscomponents

v3 framework allow room for additional appsv3 framework allow room for additional apps

3


55

Message FormatsMessage Formats

4

Msg VersionMsgIDMaxMsgSizeMsgFlagsMsgSecurity

EngineIDEngineBootsEngineTimeUserName

MD5 Digest orSHA Digest DES Key

ContextIDContextName PDU Types

Common Data General

Authentication

Privacy

Msg format is broken down into four overall sections Msg format is broken down into four overall sections

Common data: occur in all SNMPv3 msgsCommon data: occur in all SNMPv3 msgs Security model data: three subsections-one general, one Security model data: three subsections-one general, one authentication, authentication, and one privacy dataand one privacy data Context: two fields used to provide correct context in which PDU Context: two fields used to provide correct context in which PDU should should be processedbe processed PDU: contains a v2 PDUPDU: contains a v2 PDU

Encrypted or plain text1Encrypted or plain text1

ContextPDU

Security Model Data


66

Message FormatsMessage Formats First field in SNMP msg is the MsgVersionFirst field in SNMP msg is the MsgVersion

The number shown indicates versionThe number shown indicates version MsgID used between two entities for msg correlationMsgID used between two entities for msg correlation

Similar IDs should not be used simultaneouslySimilar IDs should not be used simultaneously Msg should time out or be answered before the ID is used againMsg should time out or be answered before the ID is used again

PDU has a request ID fieldPDU has a request ID field No longer used since encryption is an option under v3No longer used since encryption is an option under v3 MsgID now found in the unencrypted headerMsgID now found in the unencrypted header

5


77

Message FormatsMessage Formats MsgID also allow discernment between duplicate msgsMsgID also allow discernment between duplicate msgs

Underlying datagram services duplicate msgs Underlying datagram services duplicate msgs MaxMsgSizeMaxMsgSize

Supported by sender of msgSupported by sender of msg Largest packet that transport protocol can carry without having Largest packet that transport protocol can carry without having to use to use fragmetationfragmetation Receiver of msg uses info to ensure its reply is within allowed Receiver of msg uses info to ensure its reply is within allowed size rangesize range

MsgFlagsMsgFlags 1 byte long: determines authentication and privacy settings for 1 byte long: determines authentication and privacy settings for the msgthe msg

Indicates if msg requires responseIndicates if msg requires response The security subsystem handles processing of this The security subsystem handles processing of this sectionsection

7


88

Message FormatsMessage Formats MsgSecurityMsgSecurity

An integer object that determines security setting associated An integer object that determines security setting associated with the with the msgmsg

0 reserved for any and 1-3 correlates to SNMP versions 1-30 reserved for any and 1-3 correlates to SNMP versions 1-3 4-255 reserved for standards-track security models4-255 reserved for standards-track security models Values greater than 255 for enterprise specific security modelsValues greater than 255 for enterprise specific security models

Security Model Data: Authentication ProtocolSecurity Model Data: Authentication Protocol MD5 and SHA are two support protocols in SNMPv3MD5 and SHA are two support protocols in SNMPv3

Both authenticate the SNMP msgBoth authenticate the SNMP msg SHA most complex algorithm with 20-byte calculationSHA most complex algorithm with 20-byte calculation MD5 has 16-byte algorithmMD5 has 16-byte algorithm

First 12-bytes/96 bits in both protocols are included in First 12-bytes/96 bits in both protocols are included in the the

authentication authentication fieldfield 20-octet passwd for SHA and 16-octet for MD520-octet passwd for SHA and 16-octet for MD5

8


99

Message FormatsMessage Formats 12-byte octet string used to authenticate msg12-byte octet string used to authenticate msg

String known as electronic fingerprintString known as electronic fingerprint Verifies data has not be altered in transitVerifies data has not be altered in transit

True for MD5 and SHA protocolsTrue for MD5 and SHA protocols SNMP: entity to entitySNMP: entity to entity

During msg exchange authentication key is known to both During msg exchange authentication key is known to both partiesparties During receipt of key the receiver recalculates the know key During receipt of key the receiver recalculates the know key using using algorithmalgorithm If the recalculated key matches the original, then authentication If the recalculated key matches the original, then authentication occursoccurs

Security Model Data: Privacy ProtocolSecurity Model Data: Privacy Protocol Privacy protocol fieldPrivacy protocol field

8-byte octet string used for Data Encryption Standard (DES)8-byte octet string used for Data Encryption Standard (DES) 16-byte key used for encryption16-byte key used for encryption

First 8 octets of key used for encryption/DESFirst 8 octets of key used for encryption/DES Second 8 octets of key used as initialization vectorSecond 8 octets of key used as initialization vector

(continued on next slide)(continued on next slide) 9


1010


Unique 8-octet value is manipulated to prevent re-usage on Unique 8-octet value is manipulated to prevent re-usage on encryption of packetencryption of packet

DES in SNMPv3 uses private key to encrypt/decrypt msgsDES in SNMPv3 uses private key to encrypt/decrypt msgs

ContextContext Deals with existing MIB indexing schemes and how to Deals with existing MIB indexing schemes and how to

extend themextend them Some MIB are indexed by port number Some MIB are indexed by port number

Certain configs there may be cards/units with the same port Certain configs there may be cards/units with the same port numbersnumbers

Context feature allows multiple instances of identical Context feature allows multiple instances of identical MIB tables within same SNMP agentMIB tables within same SNMP agent


1111


SNMPv3 Message ExchangesSNMPv3 Message Exchanges The flow diagram explains the flow of SNMP msgsThe flow diagram explains the flow of SNMP msgs


1212



1313



1414

SNMP ProblemsSNMP Problems

Has difficulty manipulating large data setsHas difficulty manipulating large data sets Scalability issues where table grow in the Scalability issues where table grow in the

thousandsthousands Notifications aren’t guaranteed to arriveNotifications aren’t guaranteed to arrive

UDPUDP Management operations (such as get or set) can Management operations (such as get or set) can

time out if network is congested or agent host is time out if network is congested or agent host is heavily loadedheavily loaded

SNMP use UDPSNMP use UDP

Despite shortcomings, SNMP’s widespread Despite shortcomings, SNMP’s widespread deployment and simplicity are great deployment and simplicity are great strengths!strengths!


1515

SummarySummary

SNMPv3 offers much greater security than SNMPv3 offers much greater security than previous versionsprevious versions

Allows extension of MIBsAllows extension of MIBs Understanding SNMP msg flow is critical to Understanding SNMP msg flow is critical to

network managersnetwork managers Network elements combine to make up a Network elements combine to make up a

managed networkmanaged network


1616

The Network Management The Network Management ProblemProblem

Chapter 3Chapter 3

Network Management, MIBs, and MPLSNetwork Management, MIBs, and MPLS

Stephen B. MorrisStephen B. Morris

Rodrigo Iglesias de Aliaga


1717

OverviewOverview

Network Operators problems with the growth of Network Operators problems with the growth of traffic types and volumes.traffic types and volumes.

Operational increase due to Multiple NMS growth.Operational increase due to Multiple NMS growth. There is a strong need to reduce the cost of There is a strong need to reduce the cost of

ownership and improve the return on investment ownership and improve the return on investment (ROI) for network equipment.(ROI) for network equipment.


1818

OverviewOverview

Automated, flow-through actions are required for Automated, flow-through actions are required for network management operations.network management operations. ProvisioningProvisioning Detecting faultsDetecting faults Checking (and verifying) performanceChecking (and verifying) performance Billing/accountingBilling/accounting Initiating repairs or network upgradesInitiating repairs or network upgrades Maintaining the network inventoryMaintaining the network inventory


1919

Bringing the Managed Data to the Bringing the Managed Data to the CodeCode

Managed objects reside on many SNMP agent Managed objects reside on many SNMP agent hosts.hosts.

Copies of managed objects reside on SNMP Copies of managed objects reside on SNMP management systems.management systems.

Changes in agent data may have to be regularly Changes in agent data may have to be regularly reconciled with the management system copy.reconciled with the management system copy.


2020


Components of an NMSComponents of an NMS


2121


The Quality of an NMS is inversely proportional to The Quality of an NMS is inversely proportional to the gap between its picture of the network and the gap between its picture of the network and the actual state of the underlying network- the the actual state of the underlying network- the smaller the gap, the better the NMS.smaller the gap, the better the NMS.

As managed NES become more complex, an extra As managed NES become more complex, an extra burden is placed on the management system.burden is placed on the management system.


2222

ScalabilityScalability

Today’s Network is Tomorrow’s NEToday’s Network is Tomorrow’s NE Scalability is one of the biggest problems facing modern Scalability is one of the biggest problems facing modern

networking.networking. A scalability problem occurs when an increase in the A scalability problem occurs when an increase in the

number of instances of a given managed object in the number of instances of a given managed object in the network necessitates a compensating, proportional network necessitates a compensating, proportional resource increase inside the management system.resource increase inside the management system.


2323

Layer 2 VPN ScalabilityLayer 2 VPN Scalability

Scalability Problems tend to arise in situations of Scalability Problems tend to arise in situations of proportional growth.proportional growth.

The NThe N22 Problem Problem When the number of layer 2 virtual circuits required is When the number of layer 2 virtual circuits required is

proportional to the square of the number of sites.proportional to the square of the number of sites. Anything in networking that grows at the rate of NAnything in networking that grows at the rate of N22

tends to give rise to a problem of scale.tends to give rise to a problem of scale. As the number of sites gets bigger, the NAs the number of sites gets bigger, the N22 term is more term is more

significant than the other terms.significant than the other terms.


2424

The NThe N22 problem problem


2525

The NThe N22 problem problem

Layer 3 VPNsLayer 3 VPNs Layer 3 VPNs provide a much more scalable solution Layer 3 VPNs provide a much more scalable solution

because the number of connections required is because the number of connections required is proportional to a number of sites, not the square of the proportional to a number of sites, not the square of the number of sites.number of sites.

Layer 3 VPNs avoid the need for a full mesh between all Layer 3 VPNs avoid the need for a full mesh between all of the customer edge routers by providing these of the customer edge routers by providing these features:features:

A layer 3 coreA layer 3 core Overlapping IP address range across the connected sites (if Overlapping IP address range across the connected sites (if

separate organizations use the same VPN service)separate organizations use the same VPN service) Multiple routing table instances in the provider edge Multiple routing table instances in the provider edge

routersrouters


2626

Virtual Circuit Status MonitoringVirtual Circuit Status Monitoring

Scalability problems arise when the MIB table Scalability problems arise when the MIB table entries become very large due to NMS attempts entries become very large due to NMS attempts to read all MIB table entries at the same time.to read all MIB table entries at the same time.


2727

MIB ScalabilityMIB Scalability

Network operators and their users demand more:Network operators and their users demand more: BandwidthBandwidth Faster NetworksFaster Networks Bigger DevicesBigger Devices

Scalability concerns are growing because routers Scalability concerns are growing because routers and switches are routinely expected to support and switches are routinely expected to support the creation of millions of virtual circuits.the creation of millions of virtual circuits.


2828

Creating LSPs in an MPLS networkCreating LSPs in an MPLS network


2929

Other Enterprise Network Other Enterprise Network Scalability IssuesScalability Issues

Scalability concerns also affect enterprise Scalability concerns also affect enterprise networks in these areas:networks in these areas: Storage SolutionsStorage Solutions

Adding, deleting, modifying, and monitoring SANsAdding, deleting, modifying, and monitoring SANs Administration of FirewallsAdministration of Firewalls

Rules for permitting or blocking packet transitRules for permitting or blocking packet transit RoutersRouters

Access control lists and static routesAccess control lists and static routes Security ManagementsSecurity Managements

Encryption keys, biometrics facilities, and password controlEncryption keys, biometrics facilities, and password control Application ManagementApplication Management


3030

Light Reading TrialsLight Reading Trials

Internet core routers from Cisco, Juniper, Internet core routers from Cisco, Juniper, Charlotte’s Networks, and Foundry Networks were Charlotte’s Networks, and Foundry Networks were stress-tested during 2001 using these testsstress-tested during 2001 using these tests MPLS throughputMPLS throughput LatencyLatency IP throughput at OC-48IP throughput at OC-48 IP throughput at OC-192IP throughput at OC-192


3131

Large NEsLarge NEs

Advantages of the deployment of much bigger Advantages of the deployment of much bigger devicedevice They reduce the number of devices required, saving They reduce the number of devices required, saving

central office (CO) space and reducing cooling and power central office (CO) space and reducing cooling and power requirements.requirements.

They may help to reduce cabling by aggregating links.They may help to reduce cabling by aggregating links. They offer richer feature set.They offer richer feature set.

DisadvantagesDisadvantages They are harder to manage.They are harder to manage. They potentially generate vast amounts of management They potentially generate vast amounts of management

data.data. They are a possible single point of failure if not back up.They are a possible single point of failure if not back up.


3232

Expensive (and Scarce) Expensive (and Scarce) Development Skill SetsDevelopment Skill Sets

Building management systems for the devices of Building management systems for the devices of today and tomorrow is increasingly difficult.today and tomorrow is increasingly difficult.

General migration to a Layer 3 infrastructure is General migration to a Layer 3 infrastructure is another reason for the widening gap between another reason for the widening gap between available development skills and required product available development skills and required product features.features.

The need for customers to see rapid ROI for all The need for customers to see rapid ROI for all infrastructural purchasesinfrastructural purchases


3333

Expensive (and Scarce) Expensive (and Scarce) Development Skill SetsDevelopment Skill Sets

A different approach is needed for developing A different approach is needed for developing management systems.management systems.

Acquiring skills like these would positively Acquiring skills like these would positively enhance the development process.enhance the development process. A solution mindsetA solution mindset Distributed, creative problem solvingDistributed, creative problem solving Taking ownershipTaking ownership Acquiring domain expertiseAcquiring domain expertise Embracing short development cyclesEmbracing short development cycles Minimizing code changesMinimizing code changes Strong testing capabilityStrong testing capability


3434

A Solution MindsetA Solution Mindset

Solutions have a number of characteristicsSolutions have a number of characteristics Clear economic valueClear economic value Fulfillment of important requirementsFulfillment of important requirements Resolution of one or more end-user problemsResolution of one or more end-user problems


3535

A Solution MindsetA Solution Mindset


3636

Distributed, Creative Problem Distributed, Creative Problem SolvingSolving

Software BugsSoftware Bugs NE Bugs (Hard to identify)NE Bugs (Hard to identify) Performance Bottlenecks in FCAPS applications Performance Bottlenecks in FCAPS applications

due to congestion on the network.due to congestion on the network. Client Applications crashing from time to timeClient Applications crashing from time to time MIB Table CorruptionMIB Table Corruption SNMP Agent ExceptionsSNMP Agent Exceptions


3737

Distributed, Creative Problem Distributed, Creative Problem SolvingSolving

Tools available to solve these problemsTools available to solve these problems UML support packagesUML support packages Java/C++/SDL productsJava/C++/SDL products Version controlVersion control DebuggersDebuggers


3838

Taking OwnershipTaking Ownership

A broad task can be ring-fenced by a small group A broad task can be ring-fenced by a small group of developers who take responsibility for design, of developers who take responsibility for design, development, and delivery.development, and delivery.

Traditional development boundaries are removed.Traditional development boundaries are removed. No more pure GUI, backend, or database developers.No more pure GUI, backend, or database developers.

All NMS software developers should strive to All NMS software developers should strive to extend their portfolio of skills to achieve this.extend their portfolio of skills to achieve this.

Institutional memory relates to individual Institutional memory relates to individual developers with key knowledge of product developers with key knowledge of product infrastructure.infrastructure.


3939

Acquiring Domain ExpertiseAcquiring Domain Expertise

Domain expertise represents a range of detailed Domain expertise represents a range of detailed knowledgeknowledge IP/MPLS that can be readily applied to the needs of an IP/MPLS that can be readily applied to the needs of an

organization.organization.


4040

Acquiring Domain ExpertiseAcquiring Domain Expertise

Knowledge include areas such us:Knowledge include areas such us: Layer 2 and layer 3 traffic engineeringLayer 2 and layer 3 traffic engineering Layer 2 and layer 3 QoSLayer 2 and layer 3 QoS Network ManagementNetwork Management Convergence of legacy technologies into IPConvergence of legacy technologies into IP Backward and forward compatibility of new technologiesBackward and forward compatibility of new technologies

MPLSMPLS


4141

Linked OverviewsLinked Overviews

ATM Linked OverviewATM Linked Overview IP Linked OverviewIP Linked Overview Embracing Short Development CyclesEmbracing Short Development Cycles Minimizing Code ChangesMinimizing Code Changes


4242

Elements of NMS DevelopmentElements of NMS Development

NMS DevelopmentsNMS Developments Using a browser-based GUIUsing a browser-based GUI Developer wants to check that the software executed Developer wants to check that the software executed

the correct actionsthe correct actions During provisioning, developer verifies JavaDuring provisioning, developer verifies Java Database is updated by the management system codeDatabase is updated by the management system code Verifying that the correct set of managed objects was Verifying that the correct set of managed objects was

written to the NEwritten to the NE


4343

Elements of NMS DevelopmentElements of NMS Development

Data AnalysisData Analysis Upgrade considerationsUpgrade considerations UML, Java, and Object-Oriented DevelopmentUML, Java, and Object-Oriented Development Class Design for Major NMS FeaturesClass Design for Major NMS Features GUI DevelopmentGUI Development Middleware Using CORBA-Based ProductsMiddleware Using CORBA-Based Products Insulating Applications from Low-Level CodeInsulating Applications from Low-Level Code


4444

Expensive (and Scarce) Expensive (and Scarce) Operational Skill SetsOperational Skill Sets

The growing complexity of networks is pointing to The growing complexity of networks is pointing to increasingly scarce operational skillsincreasingly scarce operational skills

Multiservice SwitchesMultiservice Switches Enterprise network typically want to:Enterprise network typically want to:

Reduce the payback period for new purchasesReduce the payback period for new purchases Maintain and expand existing network servicesMaintain and expand existing network services Reduce operational costs associated with multiple networksReduce operational costs associated with multiple networks

TelephonyTelephony LANLAN


4545

Expensive (and Scarce) Expensive (and Scarce) Operational Skill SetsOperational Skill Sets

Multiservice SwitchesMultiservice Switches MPLS provides a way of filling these needs in conjunction MPLS provides a way of filling these needs in conjunction

with multiservice switcheswith multiservice switches ATMATM FRFR TDMTDM IPIP


4646

MPLS: Second ChunkMPLS: Second Chunk

Managed objects of MPLSManaged objects of MPLS Explicit Route ObjectsExplicit Route Objects Resource blocksResource blocks Tunnels and LSPsTunnels and LSPs In-segmentsIn-segments Out-segmentsOut-segments Cross-connectsCross-connects Routing ProtocolsRouting Protocols Signaling ProtocolsSignaling Protocols Label operationsLabel operations Traffic Engineering Traffic Engineering QoSQoS


4747

Explicit Route ObjectsExplicit Route Objects

An ERO is a of layer 3 address hops inside an An ERO is a of layer 3 address hops inside an MPLS cloudMPLS cloud

Describes a list of MPLS nodes through which a Describes a list of MPLS nodes through which a tunnel passes.tunnel passes.

EROs are used by signaling protocols to create EROs are used by signaling protocols to create tunnelstunnels


4848

Resource BlocksResource Blocks

MPLS permits the reservation of resources in the MPLS permits the reservation of resources in the network.network.

Resource blocks provide a means for recording Resource blocks provide a means for recording the bandwidth settingsthe bandwidth settings

Resource blocks includeResource blocks include Maximum reserved bandwidthMaximum reserved bandwidth Maximum traffic burst sizeMaximum traffic burst size Packet lengthPacket length


4949

Tunnels and LSPsTunnels and LSPs

MPLS-encapsulated packets enter the tunnel, MPLS-encapsulated packets enter the tunnel, pass across the appropiaye path, and exhibit pass across the appropiaye path, and exhibit three important characteristicsthree important characteristics Forwarding is based on MPLS label rather than IP headerForwarding is based on MPLS label rather than IP header Resource usage is fixed, based on those rederved at the Resource usage is fixed, based on those rederved at the

time of connection creationtime of connection creation The path taken by the traffic is constrained by the path The path taken by the traffic is constrained by the path

chosen in advance by the user.chosen in advance by the user.


5050

In-Segments and Out-SegmentsIn-Segments and Out-Segments

In-segments on an MPLS node represent the point In-segments on an MPLS node represent the point of ingress for trafficof ingress for traffic

Out-segments represent the point of egress for Out-segments represent the point of egress for traffictraffic


5151

Cross-ConnectsCross-Connects

MPLS node uses the cross-connect settings to MPLS node uses the cross-connect settings to decide how to switch traffic between the decide how to switch traffic between the segmentssegments

Connection TypesConnection Types Point-to-PointPoint-to-Point Point-to-MultipointPoint-to-Multipoint Multipoint-to-PointMultipoint-to-Point


5252

Routing ProtocolsRouting Protocols

MPLS incorporates standard IP routing protocols MPLS incorporates standard IP routing protocols such as OSPF, IS-IS and BGP4such as OSPF, IS-IS and BGP4


5353

Signaling ProtocolsSignaling Protocols

LSPs and tunnels can be achieved either LSPs and tunnels can be achieved either manually or via signalingmanually or via signaling

Signaled connections haveSignaled connections have Resource ReservedResource Reserved Labels DistributedLabels Distributed Paths selected by protocolsPaths selected by protocols

RSVP-TERSVP-TE LDPLDP


5454

Label OperationsLabel Operations

MPLS-labeled traffic is forwarded based on its MPLS-labeled traffic is forwarded based on its encapsulated valueencapsulated value

The operations that can be executed against The operations that can be executed against labels arelabels are LookupLookup SwapSwap PopPop PushPush


5555

MPLS EncapsulationMPLS Encapsulation

The MPLS Encapsulation specifies four reserved The MPLS Encapsulation specifies four reserved label valueslabel values 0-IPv4 explicit null that signals the receiving node to pop 0-IPv4 explicit null that signals the receiving node to pop

the label and execute an IP lookupthe label and execute an IP lookup 1-Router alert that indicates to the receiving node to 1-Router alert that indicates to the receiving node to

examine the packet more closely (rather than simply examine the packet more closely (rather than simply forwarding it)forwarding it)

2-IPv6 explicit null2-IPv6 explicit null 3-Implicit null that signals the receiving node to pop the 3-Implicit null that signals the receiving node to pop the

label and execute an IP lookuplabel and execute an IP lookup


5656

Qos and Traffic EngineeringQos and Traffic Engineering

LAN Bandwidth can be increased as needed using LAN Bandwidth can be increased as needed using switchesswitches Excess bandwidth helps avoid congestionExcess bandwidth helps avoid congestion

Traffic Engineering is set to become a mandatory Traffic Engineering is set to become a mandatory element of converged layer 3 enterprise element of converged layer 3 enterprise networks.networks.


5757

QoSQoS

There are three approaches that can be adopted There are three approaches that can be adopted for providing different levels of network servicefor providing different levels of network service Best effort (as provided by the Internet)Best effort (as provided by the Internet) Fine granularity QoS (Integrated Services – IntServ)Fine granularity QoS (Integrated Services – IntServ) Coarse granularity QoS (Differentiated Services – Coarse granularity QoS (Differentiated Services –

DiffServ)DiffServ)


5858

IP HeaderIP Header


5959

MPLS and ScalabilityMPLS and Scalability

This table can include millions of rowsThis table can include millions of rows It is not practical to try to read or write an object It is not practical to try to read or write an object

of this size using SNMPof this size using SNMP Unfortunately, it might be necessary if a network Unfortunately, it might be necessary if a network

is being initially commissioned or rebalanced is being initially commissioned or rebalanced after adding new hardwareafter adding new hardware


6060



6161



6262

SummarySummary

Bringing managed data and code together is one Bringing managed data and code together is one of the central foundations of computing and of the central foundations of computing and network managementnetwork management

Designers of management systems need rarified Designers of management systems need rarified skills set that matches the range of technologies skills set that matches the range of technologies embedded in NEs and networks Liberal use of embedded in NEs and networks Liberal use of standards documents and linked overviews are standards documents and linked overviews are some important tools for tackling the complexity some important tools for tackling the complexity of system development, managed object of system development, managed object derivation, and definition.derivation, and definition.

Networks must increasingly support a growing Networks must increasingly support a growing range of traffic types. (Traffic Engineering and range of traffic types. (Traffic Engineering and QoS handling in Layer 2 and Layer 3 Networks).QoS handling in Layer 2 and Layer 3 Networks).

revised spring 2006 snmpv3 and network management 1 snmpv3 and network management chapter 2 network...

Documents

msg processing

snmp msg sha

security subsystem

security setting

fragmetation receiver

msgs maxmsgsize

network managementapplications

sender of msg largest