Upload
lola-lockett
View
216
Download
0
Embed Size (px)
Citation preview
SINMSA Slow Intelligence Network Manager based on
SNMP Protocol
Francesco Colace1 – [email protected] Chang2 – [email protected] De Santo1 – [email protected]
1Department of Information and Electrical Engineering, University of Salerno, Italy
2Department of Computer Science, University of Pittsburgh, USA
DMS 2010 – Chicago, IL
DMS 2010 – Chicago, IL
Outline
• The Network Management
• Towards a Slow Intelligence Network Manager• The Slow Intelligence System Approach• The Ontology• The SNMP Protocol
• SINMS • The proposed architecture• A first prototype• Evaluation Parameters• Experimental Results
• Conclusions
DMS 2010 – Chicago, IL
The Network Management
• The Network Management: the process of controlling a network so as to maximise its efficiency and productivity
• Network Management Tasks
• Fault management• Configuration management• Accounting management• Performance management• Security management
DMS 2010 – Chicago, IL
The Network Management
• The are a small number of accessories methods to support network and network device management.
• Access methods include • the SNMP• command-line interface (CLIs)• custom XML• CMIP• Windows Management Instrumentation
(WMI)• Transaction Language 1• CORBA• NETCONF• Java Management Extensions (JMX).
DMS 2010 – Chicago, IL
Towards A Slow Intelligence Network Manager
• The aim of this paper is to design and implement a Network Manager able:
• To detect automatically faults in a computer network
• To infer the actions to do in order to recover the faults
• To share knowledge about faults and actions with other similar networks
• The proposed results can be reached by the use of• Slow Intelligence System Approach• Ontology
DMS 2010 – Chicago, IL
Slow Intelligent System
• SISs are general-purpose systems characterized by being able to improve
performance over time through a process involving an Enumeration Phase
DMS 2010 – Chicago, IL
Slow Intelligent System
• SISs are general-purpose systems characterized by being able to improve
performance over time through a process involving a Propagation Phase
DMS 2010 – Chicago, IL
Slow Intelligent System
• SISs are general-purpose systems characterized by being able to improve
performance over time through a process involving an Adaptation Phase
DMS 2010 – Chicago, IL
Slow Intelligent System
• SISs are general-purpose systems characterized by being able to improve
performance over time through a process involving an Elimination Phase
DMS 2010 – Chicago, IL
Slow Intelligent System
• SISs are general-purpose systems characterized by being able to improve
performance over time through a process involving a Concentration Phase
DMS 2010 – Chicago, IL
Slow Intelligent System
• A SIS continuously learns, searches for new solutions and propagates and
shares its experience with other peers• A SIS differs from expert systems in
that the learning is not always obvious.
• From the structural point of view, a SIS is a system with multiple decision
cycles such that actions of slow decision cycle(s) may override actions of quick decision cycle(s), resulting in
poorer performance in the short run but better performance in the long-run
DMS 2010 – Chicago, IL
Slow Intelligent System and Network Management
• A network manager has to find a possible solution starting from a fault signal. So it
has to enumerate all the possible solutions: Enumeration Phase
• A network manager can share with other systems or experts knowledge in order to
acquire new solution’s approaches: Propagation phase
• A network manager has to adapt a candidate solution to the context of the
managed network: Adaptation Phase• A network manager has to select only one
solution: Elimination Phase• A network manager has to execute at its
best the selected solution: Concentration Phase
DMS 2010 – Chicago, IL
Slow Intelligent System and Ontology
Ontology
DMS 2010 – Chicago, IL
Ontology for Network Management
• Ontology
• the definition of ontology is still a challenging task
• a good practical definition is: “an ontology is a method of representing items of knowledge (ideas, facts, things) in a way that defines the relationships and classification of concepts within a specified domain of knowledge”
• O = {C, A, RT, R, AX}
DMS 2010 – Chicago, IL
Ontology for Network Management
• The development of the ontologies’ system has been obtained
• By the use of SNMP protocol
• It is more than just a protocol. In fact it defines an architecture for extracting information from the network regarding the current operational state of the network, using a vendor-independent family of mechanisms
• By the use of experts
DMS 2010 – Chicago, IL
Ontology for Network Management
• In the case of the proposed Network Manager the following ontologies have been developed:• OSNMP = {CSNMP, ASNMP, HSNMP, RTSNMP, RSNMP}. This ontology aims to
define the entire structure of SNMP protocol by analyzing the various messages and the relations between them
• OFault = {CFault, AFault, HFault, RTFault, RFault}. This ontology describes each kind of possible errors that can occur within a LAN
• OCause = {CCause, ACause, HCause, RTCause, RCause}. This ontology defines the causes of the faults that may occur in a LAN
• OSolution = {CSolution, ASolution, HSolution, RTSolution, RSolution}. This ontology defines the solutions that can be taken to recover from fault situations which occurred within a LAN
• OAction = {CAction, AAction, HAction, RTAction, RAction}. This ontology aims to identify the actions to be taken in order to recover from fault situations
• OComponent = {CComponent, AComponent, HComponent, RhComponent, RAction }. This ontology describes the components that may be present within a LAN
• OEnvironment = {CEnvironment, AEnvironment, HEnvironment, RhEnvironment, REnvironment}. This ontology describes the operative context where the LAN works
DMS 2010 – Chicago, IL
Ontology for Network Management: Faults
DMS 2010 – Chicago, IL
Ontology for Network Management: Actions
DMS 2010 – Chicago, IL
SINMS – The Proposed Architecture
Local_Server_k
Central_Server
Device_k_1 Device_k_2 Device_k_n… … …
Local_Server_m
Device_m_1 Device_m_2 Device_m_n… … …
Local_Server_i
Device_i_1 Device_i_2 Device_i_n… … …
Local_Server_j
Device_j_1 Device_j_2 Device_j_n… … …
Ok-SNMP
Ok_Fault Ok_Cause
Ok_Solution
Ok_Action
Ok_Component
Ok_Environment
Om-SNMP
Om_Fault Om_Cause
Om_Solution
Om_Action
Om_Component
Om_Environment
Oi-SNMP
Oi_Fault Oi_Cause
Oi_Solution
Oi_Action
Oi_Component
Oi_Environment
Oj-SNMP
Oj_Fault Oj_Cause
Oj_Solution
Oj_Action
Oj_Component
Oj_Environment
Ocentral-SNMP
Ocentral_Fault Ocentral_Cause
Ocentral_Solution
Ocentral_Action
Ocentral_Component
Ocemtral_Environment
DMS 2010 – Chicago, IL
SINMS – The Proposed Architecture
Device_1
Zabbix_Agent
Device_2
Zabbix_Agent
Device_N
Zabbix_Agent
… … …
Zabbix_Server
SNMP-MessageReader
SINMSLocal_Server_i
SINMSCentral_Server
SNMP_Events
Ontologies
Local_Server_i
ActionsActions
ActionsActions
Actions
Ontologies
Central_Server
Other_Local_servers
DMS 2010 – Chicago, IL
SINMS – The Operative Workflow
ActionBuilder
ActionBuilder
ActionBuilder
ActionBuilder
OntologyUpdating
OntologyUpdating
ComparatorEmpty Set
ComparatorEmpty Set
ComparatorEmpty Set
ActionSelector
OntologySelector
Actuator
ReportGenerator
Ontologies
Ontologies
Local
Server
Local_Server_ActionsActions
Local_Server_Actions
Local_Servers
Central
Server_Actions
Ontology_Nodes
Ontology_NodesOntology_Nodes
DMS 2010 – Chicago, IL
SINMS – The Prototype
• Adopted Technologies for the framework development
• Java• MySql• SNMP• Zabbix• OWL• Protegè
DMS 2010 – Chicago, IL
SINMS – The Prototype
DMS 2010 – Chicago, IL
Experimental Scenario 1
• The network manager has to manage two different LANs. • The first one is composed by a Cisco switch
and 30 personal computers • The second LAN is composed by a Nortel
switch, 30 personal computers equipped with various operative systems and a HP network printer.
• Each local server has SNMP ontology able to cover the 80% of the SNMP messages that the hosts in the LAN can launch
DMS 2010 – Chicago, IL
Experimental Scenario 1
• The experimental phase aimed to evaluate the following parameters:• The system’s ability to identify the correct management actions
to apply in the LAN after a SNMP signal. This parameter, named CA, is so defined:
• The system’s ability to select in a LAN a viable solution that was previously adopted in a similar case in another LAN. This parameter, named IS, is so defined:
• The system’s ability to manage the introduction of a new component in a LAN. In particular the system has to recognize components that were previously managed in other LANs. This parameter, named KC, is so defined:
ActionWrongActionCorrect
ActionCorrectCA
_#_#
_#
ActionInferredWrongActionInferredCorrect
ActionInferredCorrectIS
__#__#
__#
NCActionWrongNCActionCorrect
NCActionCorrectKC
__#__#
__#
DMS 2010 – Chicago, IL
Experimental Scenario 1
• The previous indexes were calculated in the following way:
• The CA index: this index was calculated after 10, 20, 30, 40 and 50 SNMP signals. In this case there was not variations in the LANs
• The IS index: this index was calculated forcing some SNMP events in the LAN not expected in its SNMP reference ontology. This index was evaluated after 10, 20, 30, 40, 50 SNMP signal not expected.
• The KC index was estimated after the introduction of new components in a LAN. In particular for five times a component belonging to a LAN has been shifted in the other LAN and the index was evaluated after 10, 20, 30, 40, 50 SNMP signal launched from the host.
Index 10 20 30 40 50
CA
90,00% 95,00% 93,33% 92,50% 94,00%
IS
50,00% 60,00% 66,67% 70,00% 74,00%
KC
60,00% 70,00% 76,67% 80,00% 82,00%
DMS 2010 – Chicago, IL
Experimental Scenario 2
The Network Manager has been tested for 72 hours monitoring the following LANS
Lab_1:1 Switch Cisco Catalyst1 HP Network Printer40 Personal Computer
Lab_21 Switch Nortel1 Canon Network Printer35 Personal Computer
Lab_31 Switch Cisco Catalyst50 Personal Computer
DMS 2010 – Chicago, IL
Experimental Scenario 2
The network manager can recognize 237 OID
Each local server can recognize and manage 80 OID (selected in a randomatic way)
The overlapping among the systems is the following:
S_L_1 and S_L_2 = 45 S_L_1 and S_L_3 = 39 S_L_2 and S_L_1 = 37
DMS 2010 – Chicago, IL
Experimental Scenario 2
SNMP_SignalsSNMP_Signals Managed_SignalsManaged_Signals
Managed_SignalsManaged_Signals__
After_Central_After_Central_Server_RequestServer_Request
Not_ManagedNot_Managed__
SignalsSignals
Local_Server_1Local_Server_1 41284128 40584058 2929 4141
Local_Server_2Local_Server_2 40074007 39263926 2828 5353
Local_Server_3Local_Server_3 38243824 37493749 3232 4343
24 hours24 hoursM/MAR/NMM/MAR/NM
48 hours48 hoursM/MAR/NMM/MAR/NM
72 hours72 hoursM/MAR/NMM/MAR/NM
Local_Server_1Local_Server_1 1222 1222 –– 12 - 17 12 - 17 1244 1244 –– 11 - 10 11 - 10 1592 1592 –– 6 - 14 6 - 14
Local_Server_2Local_Server_2 1104 1104 –– 13 - 11 13 - 11 1321 1321 –– 10 - 24 10 - 24 1501 1501 –– 5 - 18 5 - 18
Local_Server_3Local_Server_3 1281 1281 –– 12 12 –– 8 8 1309 1309 –– 13 - 19 13 - 19 1159 1159 –– 7 - 16 7 - 16
DMS 2010 – Chicago, IL
Conclusions
• In this paper a novel method for network management has been introduced
• This method is based on• SNMP
• Ontology • Slow Intelligence System approach
• The approach has been tested in various operative scenario with good results
• The future works aim to improve the system by the introduction of some
modules based on Artificial Intelligence for the automatic inference of actions
when the network manager does not find any solutions