Network Management Protocols and Tools Study

- I -

  NETWORK MANAGEMENT PROTOCOLS  1

1.1  EXECUTIVE SUMMARY  1

1.2  PURPOSE AND SCOPE OF SMNP AND CMIP  2

SNMP  Simple Network Management Protocol  2

  SNMP at a glance  2

  History of the network management protocol  2

  About the protocol  3

  SNMP Architecture  4

CMIP  Common Management Information Protocol  6

  CMIP at a glance  6

  CMIP architecture  7

1  COMPARISON  9

  Management Information System  9

  MIB Structure  9

  SNMP MIB  9

  CMIP MIB  10

  Object Naming  10

  Syntax  11

  Structure of Management Information  11

  Feature Comparison  11

  Management Access Model  12

  Scalability  13

  Performance  14

  Reliability  14

  Security  15

1.4  ASSESSMENT OF THE IMPACT OF THE MIDDLEWARE  17

CORBA   18

DCOM   21

  CRITIQUE OF VARIOUS NETWORK MANAGEMENT TOOLS  23

2.1  SELECTION OF SUITABLE NETWORK MANAGEMENT PRODUCTS  23

  Network Management Tools  23

  Diagnostic Tools  23

  Monitoring Tools  24

  Management Tools  25

  Network Management Solutions  26

  Novell ManageWise  27

  Hewlett Packard OpenView  27

IBM  NetView  27

2  MIB  29

2.3  EVALUATION OF COMMERCIAL TOOLS FOR NETWORK MANAGEMENT  31

  Sniffer  31

  Ping  31

  Traceroute  32

- II -

Multi Router Traffic Grapher (MRTG) ........................................................................................... 33

Fluke LANMeter ............................................................................................................................ 34

REFERENCES .................................................................................................................... 36

- 1 -

1 Network Management Protocols

1.1 Executive Summary

The report covers the evaluation of the network management protocols SNMP (Simple Network Management Protocol) and CMIP (Common Management Information Protocol). The history of the network management protocol is explained in the beginning to set the base for an understanding of the need for efficient network management protocols, which carry management information in their payload. The description and thorough comparison of the two protocols reveal several highlights: SNMP and CMIP are designed with different backgrounds and purposes. SNMP is appreciated due to its simplicity and ease of implementation and criticized for its lack of security issues and overall performance. CMIP was designed to overcome the shortcomings of SNMP and to outweigh it in every field. This aim has been achieved but what renders the protocol useless is the fact that it requires too much network resources. SNMP remains the network management protocol of choice.

After the presentation of the two protocols the attention is drawn to the impact of middleware on the management processes. Middleware can be considered as a layer of software that supports multiple communication protocols, multiple programming languages, and runs on various computer platforms. It helps to integrate otherwise incompatible system components by providing standardized mechanisms that distributed components can use to communicate over a network. With middleware the best of both worlds (SNMP versus CMIP) can be achieved. The most important middleware technologies are the Distributed Component Object Model (DCOM) and the Common Object Request Broker Architecture (CORBA). Although middleware eats up network resources significantly, it adds value to the corporative network due to its high performance and standardized interfaces that enable managers to employ network devices with the focus on the gained benefit rather than on their potential integration in the current network environment. One can see that network management, supported by middleware, moves towards the coverage of all layers in the OSI reference model.

- 2 -

1.2 Purpose and Scope of SMNP and CMIP

This part of the report will describe the two main major network management protocols in detail. Each protocol will be analysed separately focussing on their overall concept and architecture.

1.2.1 SNMP (Simple Network Management Protocol)

1.2.1.1 SNMP at a glance

1.2.1.1.1 History of the network management protocol

With the declaration in 1983 of the Ministry Of Defence that TCP/IP should be the new standard Internet protocol, the ARPANET died and was replaced through the Internet. The Internet grew rapidly without having any management control standard. Therefore developers tried to build up a network management model. The earliest one was das High-Level Entity Management System (HEMS), however it did not find its use on the Internet. (Klein[1], 1999; Selegran, 1999) In 1987 the Open Systems Interconnection group (OSI) presented a new model that was called CMIP (Common Management Information Protocol). It could only be used for OSI-based networks; therefore it was replaced by CMOT (CMIP over TCP), which has been declared as the new network management protocol standard. However, CMOT was not widely used.

In 1987 a group of network developers introduced a new protocol, SGMP (Simple Gateway Management Protocol). Its architecture was simple and it could be integrated seamlessly into an existing network. It found acceptance relatively fast. (Klein[1], 1999; Selegran, 1999) In 1988 the ten Internet Activity Boards (IAB) met and discussed which of the three protocols should be used for the Internet. As a result, CMOT was considered to be the optimal solution for a network management protocol, whereas SGMP was the suggested short-term solution due to its wide acceptance. HEMS was dropped. Therefore it was necessary to develop an

- 3 -

Internet Management Framework as an interim solution for systems to move from SMGP to CMOT protocols. This framework was called SNMP (Simple Network Management Protocol). (Klein[1], 1999; Pras, 1995; Selegran, 1999) In April 1989 the IAB recommended SNMP to be the new standard for the TCP Internet Management Framework. At that time problems and disagreements occurred based on many details of this Internet Management Framework between CMOT- and SNMP- associations. Therefore it was decided by the IAB to give up the idea of a joint framework management and to start the further development of both frameworks instead. (Klein, 1999[1]) In 1990 the SNMP convinced IAB to recommend their protocol as the standard protocol worldwide. (Klein, 1999[1]; Selegran, 1999)

1.2.1.1.2 About the protocol

SNMP (Simple Network Management Protocol) is the first network management protocol standard. As already stated, it comes from a de facto based background of TCP/IP communication and is an application-layer protocol. The protocol facilitates the exchange of management information between network devices. One or multiple management stations configure, monitor and receive messages from the nodes within the network. (Fear, 1996; Ford, 1996) SNMP is formally specified in various Request For Comment (RFC) documents; it is relatively straightforward and easy to understand. This is one of the major reasons why it became such a popular network management protocol. It became a standard since vendors developed SNMP-based management applications. As already mentioned earlier it was considered to be a “quickly designed ‘band-aid’ solution to internetwork management difficulties while other, larger and better protocols were being designed.” (Fear, 1996) But due to the fact that no better solution was released, SNMP became the network management protocol of choice. (Fear, 1996; Ford, 1996; Pras 1995)

- 4 -

1.2.1.2 SNMP Architecture

SNMPv1 (Version 1) works after the following principles:

One can distinguish between two different types of management units, the SNMP managers and the agents. A network management station (NMS) is a workstation, where multiple network management applications are running. Medium to large network management systems are usually built on a third-party software platform (network management suite) like for instance HP OpenView or IBM NetView (Tivoli). The NMS is used to collect information from the managed nodes via agents and present it in a comfortable way to its user. An agent has the task to monitor one or various network nodes and to gather data (management information) about what they are doing and what their status is. This management information is then sent to the NMS. There are two techniques that are used for the

responds to the manager with the requested information. Event reporting is an action that an agent initiates. It sends information to the manager, who waits then for the incoming data. Most of the work within the SNMP management is done by the management applications that are running on the NMS. Since NMS has the resources to cope with this type of management, whereas the resources of a node are often limited in terms of CPU performance or limited memory and should be saved for their real tasks. In other words, the performance impact on the managed devices and agents should be minimized. There are various types of nodes. Some manage and are manageable (bilevel entities), some understand different versions of SNMP protocols (bilingual entities), some are not manageable and others act as proxy-agents for further nodes. For example proxy-agents act as a gateway for nodes that do not support network management protocols at all or are only compatible with

- 5 -

different types of network management protocols. In the last case the proxy acts as a translator between multiple protocols. (Ford, 1996; Klein, 1999[2]) Basically, SNMP messages exchanged over the network contain two parts, a message header and a Protocol Data Units (PDU). While the message header comprises a version number and the community name (the common area of the management system and the managed node), the PDU contains the specified SNMP operations. These include variables that have both titles and values. In total there are five different types of PDU, which SNMP uses to monitor network events: Two are reading terminal data, two are setting terminal data and one is used for monitoring network events, such as terminal start-ups or shut-downs. SNMPv1 is based on a simple request-response principle. It provides four operations to serve as the commends mentioned above: The reading (get) commands enable the network manager to monitor the managed devices and the writing (set) commands are used by the NMS to control the variables stored in the managed devices. Traversal operations (get-next) determine which variables of a managed device support and can sequentially gather information in variable tables (like for example router tables). Finally, the ‘trap’-command reports certain events asynchronously to the NMS. It is not a response to a former request. (Fear, 1999; Ford, 1996) SNMP operates over the connectionless UDP for two reasons: First of all it is an unreliable transport provider, in which data can get lost. But in case of repeated provider failures, it is still possible to exchange at least a fraction of the whole management information. A connection-orientated provider delivers either all the data or nothing at all. Connectionless providers act similar to the best-effort approach, where in case of failures some of the data may reach its destination and thereby management will be still possible in a limited way. SNMP does not perform retransmissions by itself. It is up to the manager to detect data loss and to initiate retransmission. (Pras, 1995) The second implication for UDP is that managers have to perform checks to detect whether agents are still operational. Unlike connection-oriented providers, who have life-time control functions to check whether an agent is operational or not, the manager has the responsibility to take care of this issue. (Pras, 1995)

- 6 -

It is important to stress that SNMP only defines how the management information is exchanged over the network and not which information exists at all. This is defined in the MIBs (Management Information Base) of the managed nodes. A MIB is a collection of data-object descriptions that contains the definitions of the elements the network manager wants to be informed about. Each resource that is to be managed is represented as an object (SNMP is an object-based but not an object-oriented protocol). One can imagine a MIB as a structured collection of such objects. Each system in a network like a router, bridge, server or workstation maintains a MIB that “reflects the status of the managed resources of that system.” (Ford, 1996) However, network management bases on reading and modifying the values of these objects and thereby controlling the resources at that system. (Ford, 1996)

1.2.2 CMIP (Common Management Information Protocol)

1.2.2.1 CMIP at a glance

In contrast to SNMP, CMIP was developed by the International Organization for Standardization (ISO) with totally different goals. Whereas SNMP was originally designed for the use by IP devices only, CMIP was intended to be non-protocol specific and for the use in all network environments. The IAB recommended CMIP “as the basis for a network management protocol to satisfy future requirements.” (Ford, 1996) It comes from a de jure standard-based background associated with the Open Systems Interconnection (OSI). In network management and distributed systems protocols alone cannot provide communication. Therefore the OSI proposes an object-oriented management model that provides the required standard resource descriptions. In this environment management information is represented as managed objects and managed object classes. (Bailey, 1998) As already mentioned in the history of the management protocols (earlier in this report) the CMIP protocol was supposed to replace the SNMP protocol in the late eighties. It was designed to be better than SNMP by overcoming the