1 / 19

Network Monitoring

Network Monitoring . Definitions .

cheung
Télécharger la présentation

Network Monitoring

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Monitoring

  2. Definitions • Network monitoring describes the use of a system that constantly monitors a computer network for slow or failing systems and that notifies the network administrator in case of outages via email, pager or other alarms. It is a subset of the functions involved in network management. • Network traffic measurement is the process of measuring the amount and type of traffic on a particular network. This is especially important with regard to effective bandwidth management.

  3. Why Network monitoring is important • Needs of service providers: • Understand the behavior of their networks • Provide fast, high-quality, reliable service to satisfy customers and thus reduce churn rate • Plan for network deployment and expansion • SLA monitoring, Network security • Usage-based billing for network users (like telephone calls) • Marketing using CRM data • Needs of Customers: • Want to get their money’s worth • Fast, reliable, high-quality, secure, virus-free Internet access

  4. Applications • Network Problem Determination and Analysis • Traffic Report Generation • Intrusion & Hacking Attack (e.g., DoS, DDoS) Detection • Service Level Monitoring (SLM) • Network Planning • Usage-based Billing • Customer Relationship Management (CRM) • Marketing

  5. Network monitoring metrics • CAIDA (The Cooperative Association for Internet Data Analysis) Metrics Working Group (www.caida.org) • Latency • Packet Loss • Throughput • Link Utilization • Availability • IETF’s (Internet Engineering Task )IP Performance Metrics (IPPM) Working Group • Connectivity • One-Way Delay • One-Way Packet Loss • Round Trip Delay • Delay Variation • Bulk transfer capacity

  6. Monitoring methods • Fraleigh et al, (2001) describe two techniques for network measurement. • Active Monitoring • Passive Monitoring

  7. Active Monitoring • Performed by sending test traffic into network • Generate test packets periodically or on-demand • Measure performance of test packets or responses • Take the statistics • Impose extra traffic on network and distort its behavior in the process • Test packet can be blocked by firewall or processed at low priority by routers • Mainly used to monitor network performance

  8. Passive Monitoring • Carried out by observing network traffic • Collect packets from a link or network flow from a router • Perform analysis on captured packets for various purposes • Network device performance degrades by mirroring or flow export • Used to perform various traffic usage/characterization analysis/intrusion detection

  9. NETWORK MANAGEMENT AND MONITORING SOFTWARES • EPM • The ping program • SNMP servers • IBM AURORA Network Performance Profiling System • Intellipool Network Monitor • Jumpnode • Microsoft Network Monitor 3 • MRTG • Nagios (formerly Netsaint) • Netdisco • NetQoS • NetXMS Scalable network and application monitoring system

  10. NETWORK MANAGEMENT AND MONITORING SOFTWARES • Opennms • PRTG • Pandora (Free Monitoring System) - Network and Application Monitoring System • PIKT • RANCID - monitors router/switch configuration changes • RRDtool • siNMs by Siemens • SysOrb Server & Network Monitoring System • Sentinet3 - Network and Systems Monitoring Appliance • ServersCheck Monitoring Software • Cacti network graphing solution • Zabbix - Network and Application Monitoring System • Zenoss - Network and Systems Monitoring Platform • Level Platforms - Software support for network monitoring

  11. What can we use the tools for? • Identifying unofficial services or servers • Monitoring usage and traffic statistics • Troubleshooting your network • Investigating a security incident • Keeping logs of users activities for accountability

  12. HOW WE CAN CHOOSE THE BEST TOOL • Who? What? Where? How? When? • Who is accessing your network? • students, academics, staff, visitors or others • What are they accessing your network for? • academic study, social use, business use, illegal use • Where are they accessing your network from? • internal, external • How are they accessing your network? • remote user, local Ethernet, WAN, dial-up, Wi-Fi, VPN • When did they access your network? • today, yesterday, last week, last month…

  13. Remote network monitoring • What is RMON?RMON is the common abbreviation for Remote Monitoring, a system defined by the IETF that allows you to monitor the traffic of LANs or VLANs remotely.RMON (Remote Network Monitoring) provides standard information that a network administrator can use to monitor, analyze, and troubleshoot a group of local area networks (LANs) from central location.Remote Monitoring (RMON) is an extension to the SNMP MIB

  14. Remote network monitoring • Goals of RMON primary goal is to provide information relating to network errors and utilization. RMON data is gathered as part of ten different monitoring groups.

  15. RMON Groups • Statistics Ethernet stats • History snapshots based on stats(1) • Alarm ability to set threshold, generate alarm on interesting event • Hosts host stats • HostTopNstore/sort by top N hosts • Matrix X talks to Y • Filterfilterpkts and capture/or cause event • Capture traditional pkt analyzer • Event table of events generated by probe • TokenRing maintains statistics and configuration information for token ring subnets

  16. Configuring RMON • How to configure Remote Monitoring (RMON) on the Catalyst 6500 series switches: • RMON on the Catalyst 6500 switches • Configuring RMON Alarm and Event Settings from the Command Line Interface (CLI) • Configuring RMON Alarm and Event Settings from the Command Line Interface (CLI) - Cisco Systems

  17. Advantages • It improves your efficiency • It allows you to manage your network in a more proactive • It reduces the load on the network and the management Increases Productivity for administrators.Permits monitoring on a more frequent basis and hence faster fault diagnosis.Needs no direct visibility by NMS; more reliable information.

  18. Disadvantages • The amount of information it provides is insufficient for network managers and administrators who need to solve complex problems, often at a distance.The mechanism employed for data retrieval to a central management console are slow and very bandwidth inefficient.RMON values are stored in 32 bit registers which limit the count value to 4,294,967,295. Although a seemingly large value, this is actually quite small. In a 100 Mbps fast Ethernet network running at just 10% loading, the counters will be reset to zero after just one hour of acitivity.Full RMON support in hardware typically requires dedicated RISC processor technology and this is achievable in sub -$1,000 routers, hubs

  19. References • NW monitoring and Measurement • NW monitoring • Remote NW monitoring • RMON on the Catalyst 6500 switches • Configuring RMON Alarm and Event Settings from the Command Line Interface (CLI) - Cisco Systems

More Related