© 2009 Pearson Education, Inc. Publishing as Prentice Hall Chapter 10 Updated January 2009 Raymond Panko’s Business Data Networks and Telecommunications,

© 2009 Pearson Education, Inc. Publishing as Prentice Hall

Chapter 10Updated January 2009

Raymond Panko’sBusiness Data Networks and Telecommunications, 7th edition

May only be used by adopters of the book

Network Management


10-2

10-1: Planning the Technological Infrastructure

• The First Job of Network Management is Planning the Technological Infrastructure, which consists of the Elements of the Network and How they Fit Together.

• What-Is Analysis

– The first step in planning the technological infrastructure is to understand the current network in detail

– Requires a comprehensive inventory


10-3


• Second, Understand the Driving Forces for Change

– Normal growth in application demand

– Disruptive applications

• Applications that require massive network changes

• Video requires higher network capacity

• Voice requires high quality of service

– Organizational changes

– Changes in other aspects of IT (data center consolidation, etc.)


10-4


• Gaps Analysis

– Identify gaps that will exist and that need to be closed

– Characterize and document each

– Create a plan for closing each gap

PerformanceMeasure

Time

What Is

Requirement Gap


10-5


• Options for Closing the Gaps

– Multiple options must be considered

– Select roughly the least expensive option that will fully meet requirements

• Base cost decisions on the total cost of ownership (TCO)

– Select based on scalability

• The ability to grow cost effectively and sufficiently (See Figure 10-2)


10-6

10-2: Scalability


Traffic Management

Capacity is expensive; it must be used wiselyEspecially in WANs, where capacity is expensive


10-8

10-3: Traditional Traffic Management Methods

As we saw in Chapter 4, even in a network withadequate capacity most of the time, there will be occasional

momentary traffic peaks when traffic exceeds capacity.

Switches have to store frames in their memory buffers.This creates latency in delivery.

If the buffer is too small for the delayed traffic, theswitch must drop some frames.


10-9

10-3: Traffic Management Methods

• Traditional Approaches to Managing Momentary Traffic Peaks

– Overprovisioning

• Install much more capacity than is needed most of the time

• This is wasteful of capacity

• Unacceptable in WANs, where capacity is expensive

• Does not require much ongoing management labor


10-10


• Traditional Approaches

– Priority

• Assign priority to applications based on sensitivity to latency

• In momentary periods of congestion, switch sends high-priority frames through, holding back low-priority frames

• Substantial ongoing management labor

• Used heavily in WANs, where the cost per bit is too high to use overprovisioning


10-11

• Traditional Approaches

– QoS Reservations

• In ATM, reserve capacity on each switch and transmission line for an application

• Allows strong QoS guarantees for voice traffic

• Wasteful if the reserved capacity is not sued

• Highly labor-intensive

• Usually, data gets the scraps—capacity that is not reserved for voice



10-12

10-4: Traffic Shaping


10-13



10-14



10-15

Figure 10-5: Compression

A fifth way to manage traffic is to use compression.Here, 3 Gbps and 5 Gbps traffic streams go into the network.Without compression, 8 Gbps of capacity would be needed.

With 10:1 compression, only 800 Mbps of capacity is needed.A 1 Gbps line will be adequate.


Network SimulationSoftware


10-17

• Simulation

– Build a model, study its implications

– More economical to simulate network alternatives than to build several networks and see which one is best

• Purposes– Compare alternatives to select the best one

– Sensitivity analysis to see what will happen if the values of variables are varied over a range

– Anticipating bottlenecks because procurement cycles are long in business, so problems must be anticipated well ahead of time

10-6: Network Simulation


10-18


• What Is: the existing situation

Net 1

Net 2

Net 3

Net 4

Net 5

Net 6

Utilization inPeak Hour

95%

Too high!

R7

What-Is analysis:Describe the current network

Problem: Utilization in the peak hourIs too high (95%); this will

create many momentary overloads


10-19


• What-If: See the Impact of a Change

Net 1

Net 2

Net 3

Net 4

Net 5

Net 6

Est.Utilization inPeak Hour

70%

AddedRouter

AddedLink

What-If analysis:What will happen if something is done?

Adding a new link between R3 and Net5will give good peak hour utilization.

R3

R7


10-20

• The Simulation Process:Step 1: Before the Simulation, Collect Data

– Data must be good

– Otherwise, GIGO (garbage in, garbage out)

– Collect data on the current network

– Forecast growth



10-21

10-7: OPNET IT Guru Node Template

Dragged IconThe Process:

2.Add node icons to thesimulation Work Area

(clients, servers,switches, routers, etc.)

Drag from theObject Palette

Object Palette

Work Area

© 2009 Pearson Education, Inc. Publishing as Prentice Hall10-22

Specify the Topology

3.Specify the topology by adding transmission lines

between nodes (and specifying line speeds).

Click on two nodes, click on a transmissionline icon in the object palette.


10-23

10-8: Configuring Elements in IT Guru

4.Configure EACH node and

transmission lines (IP Time-to-Live value, etc.).In this case, Frame Relay burst speed rate.

© 2009 Pearson Education, Inc. Publishing as Prentice Hall 10-24

10-9: Add Applications

5.Add applications, which generate traffic data

Applications


10-25


• 6. Run the simulation for some simulated period of time

– Examine the output to determine implications

– Validate the simulation if possible (compare with actual data to see if it is correct)


10-10: What-If Analysis

7.Do what-if analyses,

trying different alternatives.


10-27


• 8. Examine application performance, which goes beyond network performance

– Involves network characteristics, but

– Also involves host performance

– And also involves application configuration

– OPNET’s Application Characterization Environment (ACE) can do network and application simulation


IP Subnetting


10-29

• IP Addresses always are 32 bits long

• The firm is assigned a network part– Usually with 8 to 24 bits

• The firm can assign the remaining bits to the subnet part and the host part

– Different choices give different numbers of subnets and hosts per subnet, as in the following examples

– Firms must trade-off the number of subnets and the number of hosts per subnet in a way that makes sense for their organizational situation

IP Subnetting


10-30

IP Subnetting

Part Size(bits) 2N 2N-2

4 24 = 16 16-2 = 14

8 ? ?

12 4,096 4,094

65,536 65,53416

10 ? ?

• If a part has N bits, it can represent 2N-2 subnets or hosts per subnet

– 2N because if you have N bits, you can represent 2N possibilities

– Minus 2 is because you cannot have a part that is all zeros or all ones


10-11: IP Subnetting

DescriptionStep

32Total size of IP address(bits)

1

Size of network partassigned to firm (bits)

2 16

Remaining bits for firm toassign

3 16

Selected subnet/host partsizes (bits)

4 8 / 8

Number of possibleSubnets (2N-2)

254

(28-2)

Number of possible hostsper subnets (2N-2)

254

(28-2)

By Definition

Assigned tothe firm

Bits for thefirm to assign

The firm’sdecision

5Results ofthe firm’sdecision



DescriptionStep


1


2 16


3 16


4 6/10


62

(26-2)


1,022

(210-2)

By Definition

Assigned tothe firm






DescriptionStep


1


2 8


3 24


4 12/12


4,094

(212-2)


4,094

(212-2)

By Definition

Assigned tothe firm






DescriptionStep


1


2 8


3 24


4 8/16


254

(28-2)


65,534

(216-2)

By Definition

Assigned tothe firm






DescriptionStep


2 20


3 12

Selected host partsizes (bits)

4 ?


?


?

Selected subnet partsizes (bits)

Added 4



DescriptionStep


2 20


3 12

Selected host partsizes (bits)

4 ?


?


?

Selected subnet partsizes (bits)

Added 6


Network Address Translation (NAT)


10-38

10-12: Network Address Translation (NAT)

• NAT

– A firm gets a block of IP addresses

• For instance, 60.5.0.0 to 60.5.255.255

• Attackers wish to learn a firm’s host addresses so that they can identify potential target hosts

– NAT allows a firm to hide these “external” IP addresses

• The firm uses different internal IP addresses

• For instance, 192.168.0.0 to 192.168.255.255

• NAT translates between internal and external addresses

• Attackers can only see external addresses


10-39


When an internal host sendsa packet, the NAT firewallchanges the source IPaddress and the sourceport number

The NAT firewall recordsthe original and changedinformation in a translationtable for later use

1


10-40


If an eavesdropper with a sniffer program captures andreads a packet’s source IP address and port number, the sniffer will not learn the true source IP address and port number of the sending host. This means that the attacker cannot send attack packets to the internal hosts.


10-41


• NAT is Transparent to Internal and External Hosts

– Neither knows that NAT has been used

• Expanding the Number of Available IP Addresses

– Problem: companies may receive a limited number of external IP addresses from their ISPs

– This number may be too few

– There are roughly 4,000 possible ephemeral port numbers for each IP address

– So for each external IP address, there can be 4,000 connections


10-42


• NAT is Transparent to Internal and External Hosts

– Neither knows that NAT has been used


– Problem: companies may receive a limited number of external IP addresses from their ISPs

– This number may be too few

– There are roughly 3,000 possible ephemeral port numbers for each IP address

– So for each external IP address, there can be 4,000 connections


10-43



– If a firm is given only 254 external IP addresses, it can have roughly one million external connections

• 254 external IP addresses

• Times 3,975 ephemeral ports/IP address (4,999-1,024)

• = 1,009,650 internal IP addresses

– Even if each internal device averages several simultaneously external connections, there should not be a problem providing as many external IP connections as a firm desires


10-44


• Private IP Address Ranges

– Reserved for use inside firms

– May not be used outside firms

– 10.x.x.x

– 192.168.x.x (most popular)

– 172.16.0.0 through 172.31.255.255


10-45


• Protocol Problems with NAT

– IPsec, VoIP, etc. do not work properly with NAT

• The protocol must know the true IP address of a host

– Work-arounds exist, but they vary by vendor

– Work-arounds must be considered very carefully in product selection


Multiprotocol Label Switching


10-47

10-14: Multiprotocol Label Switching (MPLS)

In normal routing, each router along theroute must do a great deal of work todecide to do with EACH arriving packet,even if many packets are sent to thesame destination host


10-48


In Multiprotocol Label Switching (MPLS),the routers select the best route betweentwo hosts before transmission begins.This route is called the label-switchedpath. In other words, routing decisionsare made only once, before any packetsare sent.


10-49


The first label-switched router adds aLabel to each packet. This label containsThe number of the label-switched route.

The final label-Switched routerRemoves the label.

Other label-switched routerssend the packet back out onthe basis of the label number.

2


10-50

10-14: MPLS

• MPLS is transparent to the hosts

– Label-switching routers add and delete the label

• MPLS Benefits

– Reduced cost per packet because routing decisions are pre-made before any packets are sent

– MPLS allows traffic engineering such as quality of service and load balancing to route packets around congestion


Domain Name System (DNS)


10-52

10-15: Domain Name System (DNS) Lookup

• In Chapter 1, We Saw DNS Lookup

– A host wishes to know the IP address of another host

– The host only knows the other host’s host name

– The host sends a DNS request message to a DNS server

• This message contains the other host’s host name

– The DNS server sends a DNS response message

• This message contains the IP address of the other host


10-53


Often the local DNS server (in this case theHawaii.edu DNS server) will not know the IP address.

The local DNS server contacts the authoritative DNS server for the domain of the other host.

The remote DNS server sends back the IP address.


10-54


The local DNS server sends this IP addressback to the host that sent the DNS request.


10-55

Figure 10-16: Domain Name System (DNS) Hierarchy

More generally,DNS is a hierarchical

naming system fordomains, which are

collections of resourcesunder the control of

an organization

A host is only one typeof named resource

The DNS naming system is hierarchical


10-56


At the top level is theRoot, which contains

All domains. There are13 root DNS servers

Below the root areTop-level domains byType (.com, .edu) or

by country (.uk, .ch, etc.)


10-57


They can then internallyname subnets and hosts

What companies really want are good second-level domain names, such as Microsoft.com

Every second-level domain must maintain an authoritativeDNS server or the hosts in its second-level domain.

2


Dynamic Host Configuration Protocol (DHCP)


10-59

10-17: Dynamic Host Configuration Protocol (DHCP)

When a client PC boots up, it realizes that it does nothave an IP address for itself.

It sends a DHCP Request Message to a DHCP server.This DHCP Request Message asks for an IP address for itself.


10-60


The DHCP server has a pool of IP addresses to manage.It selects one for the client


10-61


The DHCP server sends this IP address to the client PCin a DHCP Response Message

This message also contains other configurationinformation, including a subnet mask, the IP address

of the client’s default router, and theIP addresses of the firm’s DNS servers


10-62

10-17: DHCP

• Servers Get Static (Permanent) IP Addresses

– So that clients can find them

• Clients Could Also Be Configured Manually with Static IP Addresses

– But this would be very time-consuming

– In addition, every time a firm changed the IP addresses of its DNS servers or some other configuration parameter, all clients would have to be changed manually

– With DHCP, clients always get “fresh” configuration data


Simple Network Management Protocol (SNMP)


10-64

10-18: Simple Network Management Protocol (SNMP)

• Core Elements (from Chapter 1)

– Manager program

– Managed devices

– Agents (communicate with the manager on behalf of the managed device)

– Management information base (MIB)

• Stores the retrieved information

• “MIB” can refer to either the database on the manager or on the database schema


10-65


• Messages

– Commands from the manger to the agents

• Get: Please give me the following data about yourself

• Set: Please change the following parameters in your configuration to the values contained in this message

– Responses from the agents to the manager

– Traps (alarms sent by agents)

– SNMP uses UDP at the transport layer to minimize the burden on the network


10-66


• RMON Probes– Remote monitoring probes– A special type of agent– Collects data for a part of the network– Supplies this information to the manager– Offloads some work from the manager

NetworkManagement

Agent (Agent),Objects

RMONProbeNetwork

ManagementSoftware

(Manager)


10-67


• Objects (see Figure 10-19)

– Objects are NOT managed devices

– Objects are pieces of data about a managed device

– E.g., Number of rows in the routing table

– E.g., Number of discards caused by lack of resources (indicates a need for an upgrade)

– E.g., Time since last reboot. (If this time is very brief,the device may be failing intermittently and rebooting after each failure.)


10-68


• Set Commands

– Dangerous if used by attackers

– Many firms disable set to thwart such attacks

– However, if they do, they give up the cost savings from managing remote resources without travel

– SNMPv1: community string shared by the manager and all devices

• Shared secrets are very dangerous. If the community string is learned, all devices can be attacked

– SNMPv3: each manager-agent pair has a different password (strong security)


10-69


• User Functionality

– Reports, diagnostics tools, etc. are very important

– They are not specified in the standard

– They are added by SNMP manager vendors

– Critical in selection

Manager Administrator

Alarm

Summary Report

Query/Response


10-70

10-19: SNMP Object Model

• System Objects (One Set Per Router or Other Device)

– System name

– System description

– System contact person

– System uptime (since last reboot)


10-71


• IP Objects (One Set Per Router or Other Device)

– Forwarding (for routers). Yes if forwarding (routing), No if not

– Subnet mask

– Default time to live

– Traffic statistics


10-72


• IP Objects (One Set Per Router or Other Device)

– Number of discards because of resource limitations

– Number of discards because could not find route

– Number of rows in routing table

– Rows discarded because of lack of space

– Individual row data (mask, metric, next-hop router, etc.)


10-73


• TCP Objects (One Set Per Router or Other Device)

– Maximum/minimum retransmission time

– Maximum number of TCP connections allowed

– Opens/failed connections/resets

– Segments sent

– Segments retransmitted

– Errors in incoming segments

– Number of open port errors

– Data on individual connections (sockets, states)


10-74


• UDP Objects (One Set Per Router or Other Device)

– Error: no application on requested port

– Traffic statistics

• ICMP Objects (One Set Per Router or Other Device)

– Number of errors of various types


10-75


• Interface Objects (One Set per Interface)

– Type (e.g., 69 is 100Base-FX; 71 is 802.11)

– Status: up/down/testing

– Speed

– Traffic statistics: octets, unicast/broadcast/multicast packets

– Errors: discards, unknown protocols, etc.


Directory Servers

Store corporate information

Hierarchical organization of content

LDAP standard for accessing directory servers


10-20: Directory Server Organization and LDAP

University of Waikiki (O) CN=Waikiki

Astronomy(OU)

Staff

Chun

CNBrown

Extx6782

Directory Server withHierarchical Object Structure

Ochoa

Routers

CprSci(OU)

Brown

Faculty

[email protected]

Business (OU)

O=organizationOU=organizational unitCN=common name

Centralized managementrequires centralizedinformation storage

Directory servers do this

Directory server information is organized in a hierarchy




Astronomy(OU)

Staff

Chun

CNBrown

Extx6782

Ochoa

Routers

CprSci(OU)

Brown

Faculty

[email protected]

Business (OU)

LDAP Request:GET e-mail.Brown.faculty.business.waikiki

LDAP Response:[email protected]

Most directories use LDAPfor data queries:

(Lightweight DirectoryAccess Protocol)




Astronomy(OU)

Staff

Chun

CNBrown

Extx6782

Ochoa

Routers

CprSci(OU)

Brown

Faculty

[email protected]

Business (OU)

Based on the example

in the previous slide,

give the LDAP request

message for Ochoa’s

telephone extension


10-80

10-21: Active Directory Domains and Domain Controllers


10-81



10-82



10-83



Topics Covered


10-85

Topics Covered

• Planning the Technological Infrastructure

– What-is analysis

– Driving forces for change

– Gaps analysis

– Options for closing the gaps

• TCO

• Scalability


10-86

Topics Covered

• Traffic Management

– Momentary Traffic Peaks

– Traditional management approaches

• Overprovisioning

• Priority

• QoS guarantees

– Traffic Shaping

• Prevents the network from being overloaded

– Compression


10-87

Topics Covered

• Network Simulation

– Economical way to consider alternatives

– Good for anticipating problems

• Stages

– What-is analysis

– Build the model

– Validate the model

– What-if analysis


10-88

Topics Covered

• IP Subnetting

– Company is given a network part

– It must divide the remaining bits into a subnet part and a host part

– Making one part bigger will automatically make the other part smaller

• More subnets with fewer hosts per subnet

• Fewer subnets with more hosts per subnet

– If a part size is N, there can be 2N-2 networks, subnets, or hosts


10-89

Topics Covered

• Network Address Translation (NAT)

– Security

– More possible hosts

– Problems of firewall traversal

• Multiprotocol Label Switching (MPLS)

– Decide on best route before sending packets

– Afterward, per-packet routing decisions are very simple

– Reduces routing costs

– Allows traffic engineering


10-90

Topics Covered

• Domain Name System

– Domain is collection of resources under an organization

– Local and remote DNS servers

– Second-level domain names (Microsoft.com, etc.)

• Dynamic Host Configuration Protocol (DHCP)

– Give a client PC a fresh IP address and other configuration information

– Cheaper than manual configuration and reconfiguration


10-91

Topics Covered

• Simple Network Management Protocols (SNMP)

– Managers, managed devices, agents, objects

– Security of Set commands

– RMON probes act as subsidiary managers

– Objects (information about managed devices, not managed devices)

• System objects

• IP, TCP. UDP, ICMP objects

• Interface objects (one set per interface)


10-92

Topics Covered

• Directory Servers

– Central database for corporate information

– Organized hierarchically

– LDAP to retrieve information

• Active Directory

– Microsoft’s directory server product

– Active directory domains

– Domain controllers with AD databases

– Replication

© 2009 Pearson Education, Inc. Publishing as Prentice Hall 10-93

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic,

mechanical, photocopying, recording, or otherwise, without the prior written permission of the publisher. Printed in the United States of America.

Copyright © 2009 Pearson Education, Inc. Copyright © 2009 Pearson Education, Inc. Publishing as Prentice HallPublishing as Prentice Hall

Documents

© 2009 Pearson Education, Inc. Publishing as Prentice Hall Chapter 10 Updated January 2009 Raymond Panko’s Business Data Networks and Telecommunications,