1. What is network management?
There are two types of network management. The first type is the management of network applications, user accounts (such as file usage), and access permissions (licenses. They are all software-related network management issues. We will not discuss it here.
The second type of network management is composed of hardware that makes up the network. This category includes workstations, servers, NICS, routers, bridges, and hubs. Generally, these devices are far away from your location. For this reason, if the network administrator can be notified automatically when a device is faulty, everything will be fine. However, your vro will not notify you by phone when an application problem occurs, and it will not notify you when the router is congested.
To solve this problem, vendors have already set up network management functions in some devices, so that you can remotely query their statuses, they can also give you a warning when a specific type of event occurs. These devices are usually called "smart" devices.
Network management is generally divided into four categories:
Managed nodes (or devices) are the devices you want to monitor.
Special software or firmware used by the agent to track the status of the managed device (firmware)
The network management workstation communicates with agents on different managed nodes and displays the status of these proxies on the central device.
The Network Management Protocol is used by the network management workstation and Dali to exchange information.
When designing and constructing a network management infrastructure, you need to remember the following two network management principles:
The traffic caused by management information should not significantly increase the network traffic.
The Protocol proxy on the managed device should not significantly increase the additional overhead of system processing, so that the main functions of the device are weakened.
--------------------------------------------------------------------------------
2. What is SNMP?
The Simple Network Management Protocol (SNMP) was first proposed by the Internet Engineering Task Organization (IETF) research team to solve the router management problems on the Internet. Many people think that SNMP runs on the IP address because the Internet runs the TCP/IP protocol, but this is not the case.
SNMP is designed to be Protocol Independent, so it can be used on IP, IPX, appletalk, OSI, and other transport protocols used.
SNMP is a series of protocol groups and specifications (see the table below) that provide a way to collect Network Management Information from devices on the network. SNMP also provides a way for devices to report problems and errors to network management workstations.
Description
MiB Management Information Library
Structure and identification of smi Management Information
SNMP Simple Network Management Protocol
There are two methods to collect data from managed devices: polling-only and interrupt-based.
If you only use the round-robin method, the network management workstation is always under control. The defect of this method lies in the real-time information, especially the real-time error. How often do you perform round robin on devices? If the polling interval is too small, too much unnecessary traffic will be generated. If the polling interval is too large and the order is incorrect during the polling, the notifications about some major catastrophic events will be too delayed. This violates the proactive network management purpose.
When an exception occurs, the network management workstation can be notified immediately by means of interruption (assuming that the device has not crashed, and there is still an available communication channel between the managed device and the management workstation ). However, this method is not without its defects. First, system resources are required to generate errors or self-traps. If you have to forward a large amount of information, the managed device may have to consume more time and system resources to generate self-traps, this affects the implementation of its main functions (in violation of the principles of Network Management 2 ).
Moreover, if several self-traps of the same type occur in succession, a large amount of network bandwidth may be occupied by the same information (in violation of network management principle 1 ). This is especially bad if we are stuck with network congestion issues. One way to overcome this defect is to set a threshold (threshold) for the managed device ). However, unfortunately, this method may once again violate principle 2 of network management, because the device must consume more time and system resources to determine whether a trap should be generated.
Result: The combination of the above two methods: TRAP-directed polling may be the most effective method for network management. Generally, the network management workstation polls the agent in the managed device to collect data, and displays the data in the console in a digital or graphical representation. This allows the network administrator to analyze and manage devices and network traffic.
The agent in the managed device can report errors to the network management workstation at any time, such as pre-defined threshold out-of-bounds. The agent does not need to wait until the management workstation polls the agent to receive these errors. These errors are known as SNMP traps ).
In this method, you can use a network management workstation to query a device (assuming it is still reachable ), for more information.
--------------------------------------------------------------------------------
3. What is a managed device?
You may have heard a lot about "SNMP manageable devices", "SNMP compatible devices", or "SNMP managed devices. But what exactly are they? How are they different from smart devices?
Simply put, all the above statements mean "a network device that includes the network management proxy ". These also mean that the proxy supports SNMP protocol for information exchange. As mentioned above, a smart device may not need to use or support the SNMP protocol. So what is a proxy?
Proxy
An agent is a special software (or firmware) that contains information about a special device and/or the environment in which the device is located. When a proxy is installed on a device, the above devices are listed as "managed ". In other words, a proxy is a database.
The data contained in the database varies with the installed device. For example, on a vro, the proxy will contain information about the route selection table, the total number of received and sent packets, and so on. For a bridge, the database may contain information about the number of forwarding packets and the filtering table.
A proxy is a software or firmware that communicates with the network management console. You can perform the following tasks on the "Link" of the console:
The network management workstation can obtain information about the device from the agent.
The network management workstation can modify, add, or delete table items in the proxy. For example, you can select table items for routes in the database maintained by the proxy.
The network management workstation can set a threshold for a specific self-trap.
The proxy can send self-traps to the network management workstation.
Remember that the agent in the managed device does not provide information voluntarily unless there is an event when the threshold is exceeded.
In some accidental circumstances, a specific device may be missing system resources, or the device does not support the transport protocol required by the SNMP proxy, but cannot implement an SNMP proxy. Does this mean you cannot monitor this device? This is not the case. In this case, there is no way at all. You can use a proxy agent, which is equivalent to a foreign device ).
The trusted proxy does not run on managed external devices, but on another device. The network management workstation first contacts the Trusted agent and points out (in some way) the consistency between the Trusted agent and the external device. Then the delegate translates the protocol commands it receives into the management protocols supported by any external device. In this case, the trusted proxy is called the application gateway ).
If an external device does not support any management protocols, the delegated agent must use some passive methods to monitor the device. For example, a trusted proxy of a ring bridge can monitor its performance and generate self-traps if it detects any congestion errors reported by the bridge. Fortunately, most Internet devices currently support SNMP management, so you can easily use an SNMP management device, such as a hub, bridge, or router. Some vendors even provide SNMP agents on their NICs.
MiB
We usually seldom call a database in a managed device a database. In SNMP terminology, it is often referred to as the Management Information Library (MIB ).
A mib describes the objects or table items contained in the database. Each object or table item has the following four attributes:
Object Type)
Syntax)
Access)
Status)
These attributes are defined in the management information structure and identity (SMI; RFC 1155/1065) specification of one of the SNMP specifications. SMI is equivalent to the schema for databases for MIB. SMI defines each object "what looks like ".
Object Type
This attribute defines the name of a specific object, such as sysuptime. It is just a tag. When representing data, SMI uses ASN.1 (Abstract Syntax Notation One ). The object must be "identified ". For the Internet management MiB, the identifiers expressed in the ASN.1 notation start with the following:
Internet object identifier ::={ iso org (3) DOD (6) 1}
Or use a simple format:
1.3.6.1
This is extracted from the ASN.1 document. It defines a tree format for the identifier. The tree is composed of a root and many labeled nodes connected to it. Each node is identified by a non-negative integer value and a text description as concise as possible. Each node may also have sub-nodes that are also marked.
When describing an object identifier (Object indentifier), you can use several formats. The simplest format is to list the integers found by traversing the tree from the root to the discussed object. Starting from the root level, there are three nodes ():
CCITT (0)
ISO (1)
Joint-iso-CCITT (2)
Each "branch" is managed by the management organization shown in the tag.
Syntax
This attribute specifies the data type, such as integer, 8-Bit String number (string; range: 0 to 255), object identifier (pre-defined data type alias), or null. Null is the reserved space.
Access
Access indicates the access level of the specified object. Valid values include read-only, read-write, write-only, and unaccessable.
Status
Status defines the implementation needs of this object: required (the object must be implemented by the managed node); optional (the managed object may implement this object ); or obsolete (the managed device does not need to implement this object ).