Cisco CCIE Security 350-701 – Network Management Part 2

3. Past-Present Methods of Network Mangement- PART 2

Now one more common thing you do for the network management is SNMP. SNMP is something almost in every organization they use. Now the SNMP stands for Simple Network Management Protocol. So it’s a protocol which is going to provide you the information about the networking devices. Like generally we run some kind of software here probably we call it as Network Management Station or Network Management Server which is going to run some kind of software from different vendors.

Like there are Solar Winds, you have Solar Winds or HP open with there are plenty of network management software or network monitoring software. We can say now what SNMP is going to do is SNMP going to each and every device. From this from here we can collect the statistics of this particular devices. You can monitor or you can get all the statistics of the complete networking devices on your screen, maybe kind of dashboard you will have and you have all the options.

And on the single device you can collect plenty of statistics which can include the CPU utilization of individual servers or the routers or the memory utilization as well. Or even it can be the status of the interfaces. Like if any interface goes down then probably that particular router you are going to learn on the SNMP. And here you can view that in the form of alert like a red symbol. Or you can get an automatic email, depending upon what type of software you’re using, what is the license, the features may vary. And not only that, you can also get plenty of other statistics which can include like the link availability or the link utilization, the band utilization as well, or the network status, status of the devices, all those things.

So the main purpose of the SNMP is to monitor the network. So most of the things you can do monitoring of your network from a single centralized device and you will get all the results in the form of graphs, some guest options where you can verify the statistics in a more simple way. You can check it’s not like command line, it’s like UI where you will see the graphs and the different devices or the status. All these things you see in the form of graphs.

So apart from the monitoring even there are some SNMP tools or some SNMP software to have an option of pushing some kind of configurations. You can even tell that. One simple example is if the Cputilization goes around 80%, you can actually force that particular device to restart. Or if the CPU utilization goes high, you can tell to execute some specific command, show command and copy that output and you can send it an automatic email or you can shut down some processes.

There are plenty of things you can do in that. Again, it depends upon the license or the software what you are using in the package. So SNMP is something you’ll be using most commonly generally networking use this. There is one more option. I think there is something like this is in build scripts, what we discussed. Apart from that, there is one more. You will be using something called NetFlow. NetFlow is a kind of feature. The NetFlow is something enables the devices to collect the traffic static information. Like you can say that, let’s say this is your network.

Now, what you can do is you can configure the router or router or any of your networking devices. So probably this particular router can collect some kind of statistics, static information and this information can be exported to a server or the NetFlow Collector. Typically it’s the kind of software which is going to collect this particular statistic. And these statistics will be displayed on this NetFlow Collector device in the form of graphs.

So it is going to display the information of a specific application utilization like what are the different applications you have and what is the utilization of that particular applications or the network utilization or network usage like what is the amount of bandwidth or what is the utilization of Http traffic or ICMP traffic or DNS traffic like that? Or even you can come to know what are the top dockers. Top talkers are nothing but like which traffic is or which traffic or which traffic destined to where or coming from which source is utilizing more bandwidth or maybe more resources of your network. Or even you can calculate the average amount of traffic moving on the network. So it all depends upon how you configure.

We’ll be configuring the device to particular static information. Like I’m going to tell that particular router saying that the capture specific traffic going from this particular source and this particular destination or this particular application and I can export that particular things to the NetFlow Collector where you can see the information, the static information on the collector side. So probably this is going to help generally in the production networks to troubleshoot. Like if any application is experiencing any problem, you can get those statical information with the help of these NetFlow collectors.

So these are the different options what you have, like the different options which will be used previously as well as in the current networks. Also we are using these options for managing your network. So those options are like as you said, the command line and notepad for most of the copy paste of the configurations or the confirmation files. You may use some inbuilt scripts to save your time and SNMP mainly for monitoring your network to some extent you can do some conflation changes.

4. SNMP- Simple Network Mangement Protocol

SNMP stands for Simple Network Management Protocol. Now most of the time in the production scenarios you will be using some kind of monitoring tools or monitoring software for monitoring your network. And for that particular type of monitoring, the protocol which is being used at the back end is SNMP. So let’s try to see why there is a need for SNMP and why there is a need for the monitoring here. Normally network monitoring means monitoring your network.

Like take an example, you got hundreds of devices, we got some routers probably connected here and again, we got some switches here probably in my land and they all are connected with the proper design. And one of the user here, let’s say there is a user sitting here, is experiencing some problem and maybe this is your head office and he’s trying to access some server on the head office, maybe an FTP server or some kind of other servers. And while he’s trying to do that, he realizes that he’s not able to access that particular server.

It’s a kind of simple problem. So that is something what he faces. Now the question is now probably what he’s going to do. Is he’s going to report to your local desktop engine or whoever the engine is available? Normally saying that, okay, I’m facing this problem, then what might be the issue? So now as an It team, it’s our job to ensure that the end users do not have any kind of network issues, even if he’s not able to access the basic Internet. Also your job is to ensure that he should be able to access Internet if he is allowed.

So how normally the troubleshooting process goes something like this guy, let’s say this guy’s, accounts guy, and this guy reports to the nearest desktop engineer, probably that particular desktop engineer or the computer engineer probably, and maybe system admin kind of thing. And he’s going to verify all the things like check the connectivity and then check the applications, check the browser, check the network Nic settings or interface settings. And he’s going to confirm that only that particular user is facing the problem. And again, he’s also going to check whether everyone is facing the problem or only that particular user is facing the problem. And based on that information, he can either fix it or he can escalate the issue to the next level.

Let’s say he figured out that not only that particular user, so all the people on that particular floor are facing the same issue. They are not able to access anything outside their floor probably. Now then he’s going to confirm that okay, the problem is not with the local machines because if it is a problem with that particular machine, then other people should have been able to access. Maybe the problem is on the network side as you don’t have any control on the network side. He is going to report to the next probably the network team and probably on the network team. Again that will escalate to the network team and the network team. You are level one engineer, maybe a junior engineer or the freshering team, one or two years experience. Now then he’s going to figure out, okay, what will be the problem.

The problem is on the switch side, maybe the VLAN information, maybe the connectivity issue, maybe the switch is powered off. What might be the problem? Only that particular users on that particular switch is facing the problem or all the users in the land facing the problem. Because if everyone is facing the problem, maybe the problem is on the server side, maybe on the router side, maybe no.

So based on that he will do some verifications and he verified that there are some misconception of the VLAN, let’s say. And then he’s going to escalate to the next team to make changes or whatever the observations he did and finally it gets fixed. So the problem can be anywhere. Maybe the problem is where can be the VLAN or the simple problem.

Maybe the switch is powered off. Like just keep aside the confirmation issues. But whatever the issues like maybe the switch is powered off, maybe the router the gateway interface is down or maybe there is some connectivity issue here. Or maybe the problem is on the server. The Cputilization of the server, it can be anything because maybe the excessive CP utilization of the server is restarting the server.

Or maybe the server is not reachable because of the excessive CPUT utilization or the bandwidthization. Or it can be anything. But again, the problem with this kind of scenario is it’s very difficult to trace the issue, especially in your network. If you go with this process, it will take at least 30 minutes to maybe more than that roughly. I’m saying if everything goes well, you may figure out this in the next 30 minutes or one or 2 hours, depends upon the problem. But at the end there is nothing like kind of reporting automatically. We want something like the dynamic process where if the router is powered off or if there is any CPU utilization is high, we need to get some alerts so that you can take an action proactively before the problem occurs. And that’s where SNMP is going to do. So mostly in the production scenarios the monitoring of your network is done with the help of something called SNMP. So where we are going to set up a server? Probably anywhere.

Let’s say this server we call it as Network Management Server or Network Management Station, which is installed with some kind of software and we call them as Network monitoring tools. So these are like thirdparty software. If you just search for network monitoring tools. So there are plenty of vendors in the market. You will find probably will be running any one of these.

Like there are license, there are some free source, there are some trial versions you can get. These are all different types of tools and which tool you use. It totally varies in different companies. So if you just check the screenshots of this softest, this softness, they’ll provide you some statical information in the form of graphs, something like this, of course output, and also they will show you the topology, how the device are connected, and also the CPU utilization, band utilization in some kind of graphs. These are all the screenshots, even your physical topology, how the device are connected.

Now, with help of these tools, you can get a view of your network, or you can get the statistics of your network information on a single device. So which means what happens is whenever you are running this software here, you can get the different statistics like CPU utilization, like you have some servers, what is the Cpuzation? So if it is going around 80%, then it can generate an alert maybe on the software or make me, it can generate an email or something, depending upon what software you run, or memory utilization, even the interface availability.

If any one of the interface fails, let’s say you’re connecting a router and then this interface goes down, there is a van connection issue. Now, whenever there’s a van connection issue, automatically the neighbor ship will go down. But most likely if this interface fails, then you get an alert here saying that this interface is down due to some reason. So now you can immediately report to the service board and say that okay, the interface is down because you will come to know early so that you can fix it. Of course there will be alternate path meantime, so the traffic will be forwarded from other path, if there is an alternate path, the backup path, but meantime we can fix that. Okay, if the superlization goes high, then you can see why the superlization is going high and what type of traffic is going, probably you can get those information.

So a lot of things, including CPU is memory utilization, status of the interfaces, whether they are connected or not connected, availability of the links, the band is utilization, those parameters. So this is all you can get on one device. And probably from here where you do all the monitoring and the back end protocol which is going to collect all the statistics between the server and the clients, is done with the help of SNMP protocol. So you have a team build protocol inside your TCP IP, which is going to provide you all this information in the back end. So SNMP provides the information which is required for the server to display their statistics with the help of software. And the back end protocol inside the TCP IP is running SNMP. So you can see there are some of the list of the tools, what I have listed here, but of course you can find plenty of tools and which tool you will be using. It totally depends and every tool will have a slightly different graphical interface.

So we are not getting into that on the server side. So basically we are trying to understand the SNMP options, what the terminology options. Probably in these sessions there are some technologies we need to understand here. SNMP components. Now SNMP components are relevant to the server wherever you’re running this software. We call it as SNMP Manager or Network Management server. That’s what normally we call them as SNMP Manager where you collect all the statistics from where you actually monitor. And we got something called SNMP agent SNMP Agent is nothing but the end device which is going to provide you the statistics like maybe a router, maybe a switch or a firewall or S Server.

It can be any end device which is going to provide you the information to the server. And there is something called MIB. MIB is generally the information the object ID identifies. We call them as which is going to collect what information you want to collect like the CPU classation or the bandwidth utilization. So they all come under MRB. Now, depending upon the functionality of your software and the device, so there are some additional functions you will include in the SNMP.

So there’s something called SNMP Kit, said trap options. Now these options indicate how the information is exchanged between the server and the agent or server and the client. Like in this example, let’s say this is my router which is providing the information to my server. So probably SNMP Get option get option is a request which is used by the server to read the device statistics.

Means the server is going to send out an instruction which is requesting the devices to get this information like the interface status or the memory utilization or the secret utilization or the link availability, this information. So based on the Get request which is initiated by the server, it is going to provide you the information whatever is requested. And again this request is more like a read Only. Read only means you can only get the information but you cannot make any changes.

So it means you don’t have changing access, but only read Only access. Read Only access is something like where you can make changes. So probably there is another option called Set which is slightly different. Now Set option is a little bit different than Gate. Now one simple example we can say is let’s say the CPU utilization of this device is 90%. Now and you got a statistical information saying that the CPU utilization of this server or the device or the router is 90%.

So you can configure this SNMP server to send an instruction to reload the device and that is what we are doing. So there are two types of things normally depending upon. Again these options totally depend upon what type of software you use. You got an SMP server and your networking devices. Now either you can only read the information or in some software depending upon the license.

And of course your device also should support that. You can send some instructions to the device to make changes. Okay? So to some extent it’s not like completely you cannot tell go and change the computer configurations or the BGP configurations completely, not entirely, but you can use some basic instructions to the devices to make some changes. Like one example as I said, reload the router or change the VTP configurations. It can be anything. But of course you need to have the read and write access on the remote device. Which means the Snappy server should have permissions to log in and make changes to that particular device.

So we call this a set option and there is something called additional trap options. SNMP traps we call it as the SNMP traps are generated by the end device. Now one simple example of that trap is let’s say what I can do is let’s say this is my router connecting to my service portal and on this service portal I’m running, let’s say BGP. So I’m running EBGP here.

Now normally by default most of the routing protocol messages or routing protocol traffic is not monitored because generally there is a default SNP software. What they do is they majorly monitor the CPU server utilization, pan utilization, depending upon the features they support. But they don’t get into the actual configurations or verify the neighborship, those kind of things. Of course, if the interface fails, most of the tools will support that.

But what I want is whenever this router see any changes in the BGP messages, like BGP changes, I want the request that information should be sent to the server, your SNP server. So in these scenarios we can configure something called traps, the BGP traps OSP of traps, trap messages where any changes to that particular thing happens on the device, we can tell that okay, immediately send the request or send the chat messages to the device. So these are kind of optional, any kind of interface done. Interface done is not required most of the time because most of the tools supports interface status. But like BGP or EHRP neighborhood going down.

So inform also is another option, we call it as. So depending upon these are the functions you generally get with SNMP. And depending upon that you have some permissions again. So mostly you need read permissions to get actions because you are only collecting the statistics. We are not making changes. You need write permissions so that you can make changes especially for trap sorry, for state actions and notify permissions you require for trap or inform actions. So technically we call them as SNMP views engines SNMP. There are different versions.

We have version one, version two, version two C and version three. Now again, depending upon the software we use and the device supports. Now most of the time you prefer to use version three because it supports some kind of encryption, encryption of your Snippet messages, but whereas encryption as well as authentication for your messages, version two, C, also supports authentication but not very secure. So probably these are the differences most of the time nowadays monitoring software, they support version three. But again, you see there are some people still prefer to use version two because of the complexity or some.

• Category: Uncategorized