1 / 28

Introduction Context Options Solution Conclusions

Introduction Context Options Solution Conclusions. Automated Management of Large IP Networks. Marti.Griera@uab.cat Jordi.Guijarro@uab.cat Terena Networking Conference 2007 21-24 May 2007, Copenhagen, Denmark. Introduction Context Options Solution Conclusions.

trula
Télécharger la présentation

Introduction Context Options Solution Conclusions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction Context Options Solution Conclusions Automated Management of Large IP Networks Marti.Griera@uab.cat Jordi.Guijarro@uab.cat Terena Networking Conference 2007 21-24 May 2007, Copenhagen, Denmark

  2. Introduction Context Options Solution Conclusions • Introduction • Context • Choosing Options • Our Solution • Conclusion

  3. Introduction Context Options Solution Conclusions Today Large IP Networks tend to be... Fast growing Heterogeneous Difficult to maintain Difficult to control So a new concept arises: “Network Growth Sustainability”

  4. Introduction Context Options Solution Conclusions • Reuse rather than buy new hardware • Recycle rather than enlarge the IP address pools or maintain inactive addresses or devices • Reduce the incident handling time A “Sustainable Growing Network” would...

  5. Introduction Context Options Solution Conclusions • In a full switch stack, can I recycle a port and give service to a new network jack without having to enlarge the stack? Which is the port that has been for longer unused? • Who is the owner of this fake (DHCP) server? Can I quarantine it from my management console? • Where has been connected this node with a (default router) duplicate address? • What is the L2 traceroute of a given MAC address? • Who is the owner of this node that 10 days ago generated a security incident I’m processing now? And answer questions like...

  6. Introduction Context Options Solution Conclusions • On routine tasks like registering a new node in the network (let the user self service it) • Searching through bridge tables to find in which port is a problematic MAC address • Following the wires in the wiring closet • Moving stations from one subnet to another • Calling my users to find out who is the owner of that 10 days ago incident machine But let me not to spend my time...

  7. Introduction Context Options Solution Conclusions • Centralized Network Management… • But not access to user nodes • Multi brand multi generation hardware • +700 Network Switch or Router nodes all of them SNMP enabled • +14.000 User Network Ports • +420 L2-L2 links • Public and static DHCP served addressing • +10.000 User Network Nodes We wanted to apply this philosophy to our network whose main traits are:

  8. Introduction Context Options Solution Conclusions Are there “Sustainable” Products in the Market? • Network Infrastructure oriented (like HP Openview) • IP Inventory oriented (like ALM) • “NAC” type oriented (like CISCO’s NAC or Enterasys UPN) No one met our requirements but…

  9. Introduction Context Options Solution Conclusions Promising free software + The will to develop =

  10. Solution -> Objectives Products Own Development Snapshot • Better service time on user network related tasks: automated self service • To keep an Up-to-date Inventory • Have all the information for keeping the network growing sustainable Main Objectives

  11. For better service time on user node network tasks Solution -> Objectives Products Own Development Snapshot Change management procedures on DNS and DHCP services User-centred approach self service

  12. Build Network Management upon Sauron.. Solution -> Objectives Products Own Development Snapshot • GPL licensed product for integrated management of DNS and DHCP services provided by Jyväskylä University (Finland) http://sauron.jyu.fi/

  13. Sauron Openet used Features Solution -> Objectives Products Own Development Snapshot • Network Services Database Oriented • ISC configuration files generation • IP Address Space Statistics • Command line Interaction • Subnets Movement • Massive Import Tools

  14. To keep an up-to-date Inventory... Solution -> Objectives Products Own Development Snapshot We needed a multi-brand multi-generation network monitor platform

  15. To Build a real time inventory using Netdisco Solution -> Objectives Products Own Development Snapshot • Open Source product BSD licensed • for network management and control originally developed by Max Baker on • UC Santa Cruz's NTS department http://www.netdisco.org

  16. Netdisco Openet used Features Solution -> Objectives Products Own Development Snapshot • Active inventory of network nodes IP Address – MAC Address – Switch Port • Network equipment Inventory • Topology History Changes Registry • Node search • Auto-Discovery functions

  17. Is it enough ? Solution -> Objectives Products Own Development Snapshot Active and Static Data, But Automated ?

  18. What is missing? Solution -> Objectives Products Own Development Snapshot • Infrastructure Inventory Relation • Process Automation • Reporting • Alarm management • Geographic Location

  19. Solution -> Objectives Products Own Development Snapshot What do we have to keep in our Inventory: • For every Network Node its Responsible User • For every Network Node its Network Switch Port where it’s connected • For every Network Switch its Geographic Location Change History 2004 2007

  20. Network Declared Network Discovered Inventory Nodes Nodes Solution -> Objectives Products Own Development Snapshot Infrastructure Inventory relation... The more both sources match, the better

  21. Component Relation Solution -> Objectives Products Own Development Snapshot IT Personnel Inventory Module DNS/DHCP Management and Control Console Self Service Module Active Inventory Module Staff

  22. Self Service Module Solution -> Objectives Products Own Development Snapshot User delegated actions

  23. Management and Control Module offers Solution -> Objectives Products Own Development Snapshot Visible Services - Controlled Transparent Networks Devices,Port Control, AutoInventory, Multihost Ports, Innactive Hosts, xSubnet Reports, Infraestructure Relation, Innactive Ports, Autoranges,Users-Host Relation,New Installations

  24. Active Inventory Static Inventory Front-End Back-End Apache Web Server Shared Library SNMP::Info Sauron Mason Components Netdisco Admin Daemon SNMP Database Database Database IT Staff Switches and Routers Cron BIND DHCP Cron Management Module Users A final snapshot... Solution -> Objectives Products Own DevelopmentSnapshot

  25. Introduction Context Options Solution Conclusions • More control and happier users • Better response time on (security) incidents • Network resource optimization • Network Topology and Inventory Up-to-date We have now a “Sustainable Growing Network” After one year using Openet...

  26. Introduction Context Options Solution Conclusions Thank you for your attention! Any question? +Info Marti.Griera@uab.cat Jordi.Guijarro@uab.cat Maribel.Jimenez@uab.cat

More Related