|
Home > Archive > alt.certification.network-plus > June 2002 > Network Management System
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Network Management System
|
|
| Sted Alana 2002-06-24, 6:43 pm |
| How is the architecture of the software used in a network management system
designed to reduce the amount of data transmitted over the network?
I thought it had something to do with SNMP using UDP, but SNMP is a protocol
and not software architecture.
Any suggestions appreciated.
Thanks
--
N e w s N e t C u s t o m e r
E - m a i l : sted.alana@hotmail.com
| |
| Andy Barkl 2002-06-24, 6:44 pm |
| "Sted Alana" <Sted_Alana@hotmail.com> wrote in message
news:3d05f738_1@news.iprimus.com.au...
> How is the architecture of the software used in a network management
system
> designed to reduce the amount of data transmitted over the network?
>
> I thought it had something to do with SNMP using UDP, but SNMP is a
protocol
> and not software architecture.
>
> Any suggestions appreciated.
>
> Thanks
>
> --
> N e w s N e t C u s t o m e r
> E - m a i l : sted.alana@hotmail.com
Perhaps you are referring to the specifics of operation for the SNMP
protocol or some of the more popular NMS software such as Intel LANDesk or
HP Open View and their efficiency in polling and trapping MIB data?
| |
| Sted Alana 2002-06-24, 6:44 pm |
|
>> How is the architecture of the software used in a network management
> system
> > designed to reduce the amount of data transmitted over the network?
> >
> > I thought it had something to do with SNMP using UDP, but SNMP is a
> protocol
> > and not software architecture.
> >
> > Any suggestions appreciated.
> Perhaps you are referring to the specifics of operation for the SNMP
> protocol or some of the more popular NMS software such as Intel LANDesk or
> HP Open View and their efficiency in polling and trapping MIB data?
The question given to me refers to the genernal software architecture of a
NMS. By this question, I assume NME (agents) and NMA (managers) being the
two software components. But I cant see how this general architecture is
designed to reduce the amount of data transmitted over the network.
Again, any suggestions appreciated.
| |
| Andy Barkl 2002-06-24, 6:44 pm |
| "Sted Alana" <Sted_Alana@hotmail.com> wrote in message
news:3d06f583$1_1@news.iprimus.com.au...
>
> >> How is the architecture of the software used in a network management
> > system
> > > designed to reduce the amount of data transmitted over the network?
> > >
> > > I thought it had something to do with SNMP using UDP, but SNMP is a
> > protocol
> > > and not software architecture.
> > >
> > > Any suggestions appreciated.
>
> > Perhaps you are referring to the specifics of operation for the SNMP
> > protocol or some of the more popular NMS software such as Intel LANDesk
or
> > HP Open View and their efficiency in polling and trapping MIB data?
>
> The question given to me refers to the genernal software architecture of a
> NMS. By this question, I assume NME (agents) and NMA (managers) being the
> two software components. But I cant see how this general architecture is
> designed to reduce the amount of data transmitted over the network.
>
> Again, any suggestions appreciated.
There are a series of remote monitoring and management protocols
incorporated within the different NMS products. SNMP, RDP, are a few that I
am aware of and because of the different management protocols and the design
and use within a given NMS, there could be a difference in their
architecture.
| |
| NO SPAM REMOVE 2002-06-24, 6:44 pm |
| On Wed, 12 Jun 2002 07:17:11 GMT, "Sted Alana" <Sted_Alana@hotmail.com> wrote:
>
>>> How is the architecture of the software used in a network management
>> system
>> > designed to reduce the amount of data transmitted over the network?
>> >
>> > I thought it had something to do with SNMP using UDP, but SNMP is a
>> protocol
>> > and not software architecture.
>> >
>> > Any suggestions appreciated.
>
>> Perhaps you are referring to the specifics of operation for the SNMP
>> protocol or some of the more popular NMS software such as Intel LANDesk or
>> HP Open View and their efficiency in polling and trapping MIB data?
>
>The question given to me refers to the genernal software architecture of a
>NMS. By this question, I assume NME (agents) and NMA (managers) being the
>two software components. But I cant see how this general architecture is
>designed to reduce the amount of data transmitted over the network.
>
>Again, any suggestions appreciated.
>
If you look at the overall design of Network Management System it is to reduce
the amount of data transmitted to manage a network. The manager polls some (or
all) agents on a regular basis using a connectionless protocol and receives it's
responses using the same protocol (eg checking to see a device is up). Agents
are configured to send traps when specific conditions are met (eg. traffic
exceeds a predefined threshold etc)
Depending on the architecture the solution supports it can reduce traffic
further. You can have a centralised, distributed or hierarchical architecture. A
centralised architecture has all agents basically reporting to a single
management system (usually an individual machine).
A distributed architecture will have some agents reporting to one manager, other
agents reporting to another, the disadvantage being that there is usually no
central managed. One manager can let another manager know that whats happening
on an agent but it maintains the records for the agents it manages. Essentially
they can only send messages back and forth to each other but canot update each
other's query/result database. The advantage of this system is load balancing
(particularly when polling agents) so that the managers doesn't get
overburdened.
A hierarchical architecture combines the centralised system with a distributed
system. It's the most complex of the architectures but provides the strengths of
both distributed and centralised architectures. In this model, you still have a
centralised Network Management Station (manager) but it only coordinates queries
sent out from additional managers below it. You can delegate tasks and
responsibilities to diferent managers on the network. In this way you can still
centrally maintain and store informaiton yet still ensure that distributed
systems are responsible for processing queries and responses.
You can also have one agent working on one device that works as a proxy or
gateway for other devices that may not run the protocol your NMS uses (it may
not have enough memory to run multiple protocols. Say you have an NMS that only
uses SNMPv1 but the device you want to manage supports only SNMPv2c, you could
have another device that understands both versions act as a proxy for the
incompatible device.
The other advantage to using a proxy system is that instead of your manager
querying every device on the network, it could query specific devices that act
as proxies that query other devices, cache the request/response then pass it
along at an alternate interval. This is assuming of course, that you have
devices that could act as proxies and have the capacity to cache the
information.
The overhead on most network management systems is usually low through the use
of connectionless protocols such as UDP (RFC1906 recommends the use of UDP for
SNMPv2) . SNMP messages are limited to a maximum of 460 bytes to limit the
impact on the network being managed.
I hope this is of some use.
Grant Schmarr A+ INet+ Network+ Server+ CIW MCIWA MCIWD
| |
| Sted Alana 2002-06-24, 6:44 pm |
|
> >The question given to me refers to the genernal software architecture of
a
> >NMS. By this question, I assume NME (agents) and NMA (managers) being the
> >two software components. But I cant see how this general architecture is
> >designed to reduce the amount of data transmitted over the network.
> >
> >Again, any suggestions appreciated.
> >
>
> If you look at the overall design of Network Management System it is to
reduce
> the amount of data transmitted to manage a network. The manager polls some
(or
> all) agents on a regular basis using a connectionless protocol and
receives it's
> responses using the same protocol (eg checking to see a device is up).
Agents
> are configured to send traps when specific conditions are met (eg. traffic
> exceeds a predefined threshold etc)
>
> Depending on the architecture the solution supports it can reduce traffic
> further. You can have a centralised, distributed or hierarchical
architecture. A
> centralised architecture has all agents basically reporting to a single
> management system (usually an individual machine).
>
> A distributed architecture will have some agents reporting to one manager,
other
> agents reporting to another, the disadvantage being that there is usually
no
> central managed. One manager can let another manager know that whats
happening
> on an agent but it maintains the records for the agents it manages.
Essentially
> they can only send messages back and forth to each other but canot update
each
> other's query/result database. The advantage of this system is load
balancing
> (particularly when polling agents) so that the managers doesn't get
> overburdened.
>
> A hierarchical architecture combines the centralised system with a
distributed
> system. It's the most complex of the architectures but provides the
strengths of
> both distributed and centralised architectures. In this model, you still
have a
> centralised Network Management Station (manager) but it only coordinates
queries
> sent out from additional managers below it. You can delegate tasks and
> responsibilities to diferent managers on the network. In this way you can
still
> centrally maintain and store informaiton yet still ensure that distributed
> systems are responsible for processing queries and responses.
>
> You can also have one agent working on one device that works as a proxy or
> gateway for other devices that may not run the protocol your NMS uses (it
may
> not have enough memory to run multiple protocols. Say you have an NMS that
only
> uses SNMPv1 but the device you want to manage supports only SNMPv2c, you
could
> have another device that understands both versions act as a proxy for the
> incompatible device.
>
> The other advantage to using a proxy system is that instead of your
manager
> querying every device on the network, it could query specific devices that
act
> as proxies that query other devices, cache the request/response then pass
it
> along at an alternate interval. This is assuming of course, that you have
> devices that could act as proxies and have the capacity to cache the
> information.
>
> The overhead on most network management systems is usually low through the
use
> of connectionless protocols such as UDP (RFC1906 recommends the use of UDP
for
> SNMPv2) . SNMP messages are limited to a maximum of 460 bytes to limit the
> impact on the network being managed.
Excellent explanation - well done!.
You mentioned traps; can you eloborate further please?
regards
| |
| NO SPAM REMOVE 2002-06-24, 6:44 pm |
| On Fri, 14 Jun 2002 09:42:18 GMT, "Sted Alana" <Sted_Alana@hotmail.com> wrote:
>
>> >The question given to me refers to the genernal software architecture of
>a
>> >NMS. By this question, I assume NME (agents) and NMA (managers) being the
>> >two software components. But I cant see how this general architecture is
>> >designed to reduce the amount of data transmitted over the network.
>> >
>> >Again, any suggestions appreciated.
>> >
<SNIP>
>You mentioned traps; can you eloborate further please?
An agent configured on a device (eg. managed hub) can be configured to send a
trap message (it has 'trapped' a condition that it has been asked to monitor).
In SNMP it's an unsolicited command type sent to a manager after sensing a
prespecified condition. What traps are sent and what conditions are measured
depends on what the manufacturer supports on the device. While there might be
standard traps there may be others that the manufacturer has included in a
Management Information Base (MIB) for the device.
In SNMP the seven standard Trap messages are:
ColdStart - The sending entity reinitiliased (usually a power up).
WarmStart - The sending agen reinitialised but neither the agent's configuration
nor the protocol implementation was altered.
LinkDown - communication link failed.
LinkUp - communication link opended.
EgpNeighborLoss - an EGP neighbour failed.
AuthenticationFailure - the agent received an incorrect community name from the
NMS (or someone using an NMS tool)
EnterpriseSpecific - nongeneric trap occured which can be identified with
information in the Specific Trap Type field and the Enterprise field of the trap
message. This is where the manufacturer/developer will have configured specific
conditions to monitor.
As an example, in an environment with managed hubs I would set the community
names for the devices to something other than the defaults. Within the hub
configuration software, there may be an option enabling it to send a trap if the
device receives an incorrect community name as part of the query. This trap
could then be sent to the manager and on the device I can have the software page
me, email me or send a message to a console (someone might be trying to
enumerate the network). A conditition that could be monitored is where a port
fails on the hub, the hub may automatically partition off the port (to prevent
errors being propogated throughout the network) and if configured to do, send a
trap to the manager which then takes the appropriate action (if configured to do
so).
The manager software usually allows to you to categorise an event into an event
category. In this way, if the manufacturer has supplied customised options for
you to monitor you can then classify the event into a category and based on
that, take an appropriate action (page the sysadmin, email the sysadmin, log the
event etc).
Some event categories could include;
Error events - an error occurs (some products allow you to categorise further
into severity leves; critical, major, minor, warning, normal, unknown events
etc)
Status events - a change in status of a device, service etc
Threshold events - a particular threshold has been exceeded (or has degraded)
Application alert events - an application has had an event occured that you had
marked for monitoring.
Configuration events - a configuration of a device or service has changed
An agent is often configured to send traps to a specific device or devices
(usually the machine(s) where the Network Management Station software has been
installed).
Traps should be used judiciously. It is easy to overwhelm a centralised system
if you set too many traps on the devices/services you are monitoring.
You usually use the NMS to configure the agents to set the traps on which they
will respond but it is the device or service itself that sends the traps when a
condition is met.
The manager software only responds to the trap received it does not initiate the
trap. When the manager wants to get information from a device or service it uses
a traversal operation (it queries the device or service, and the agent on the
device or service sends a response).
The advantage of using traps is that the device only sends a trap event when the
preset condition/threshold is met/exceeded. This minimises the traffic used to
manage the network but it depends on what the person administering the system
sets as conditions. Too low a threshold results in lots of trap messages being
generated, too high a threshold may result in getting a trap occur when the
problem becomes a crisis (and well after the administrator is already aware of
it).
If I were monitoring a device for failure then I'd configure the manager to
check on the device on a regular basis (it basically would poll the device at a
preset period). If I wanted to know when a device was reaching saturation level,
I'd configure a trap on the device.
I've gotten a little off the track here but I hope this helps.
Grant Schmarr A+ INet+ Network+ Server+ CIW MICWA MCIWD
|
|
|
|
|