Network Management

Network Management Basics: SNMP

Abstract:
From the dawning days of The Internet, the network grew from hosts on a wire, to hosts on a wire joined by a bridge to extend electrical signals, to a logical group of hosts on wires being defined as a network and joined to other networks via routers. Throughout these periods, there was always a need for a way to manage the infrastructure, and SNMP is The Internet Standard. The SNMP Internet Standard is a critical piece of total management business requirements.


The Network:
Every device on The Internet has a physical Hardware Address, to facilitate communications on it's own wire, and a logical Internet Protocol (IP) Address, to facilitate communications to other locations, provided through Routers. Someone on that network has to provide the logical IP Addresses, this person is normally some kind of network administrator. This person has some kind of responsibility to manage the network.


The Creation:
Networks were traditionally circuit switched, driven by a telephone company. In 1969, Steve Crocker developed a system to track agreed upon standards, called RFC's (Request for Comments), to facilitate interconnection of networks. The worlds first operational packet switching network came into existence, known as ARPANET (the Advanced Research Projects Agency Network) in 1977.

Ping:
As The Internet started to grow, basic diagnosis utilities were needed. Mike Muuss created a utility called Ping in December 1983. The most important function of this tool was the use of the ICMP Echo Request (type 8) network packet to another IP Address and the observation of the returned value.

The Manager may send an Echo Request or Ping to a remote device's logical IP Address to see if there is connectivity. If there is no connectivity, no packet is returned, or sometimes an Router in the path may return a message such as "Host Unreachable" or "TTL Exceeded" (packet time-to-live.) The manager may receive additional information such as the time it took for the packet to make the round trip.

Traceroute:
As networks continued to get more complex, the management requirements grew. Traceroute was born, attributed to Van Jacobson in 1987. Now, the manager could send a packet to an agent and receive a path of each router which the packet would traverse, bundling in the round trip times.

The Problem:
Such tools like "ping" and "traceroute" were critical for an individual manager to understand network connectivity - but neither provided in-depth information about the target agent device. A "ping" not being returned did not necessarily mean that the agent or target device is "down". A “ping” returning does not necessarily mean that the agent did not go down a few minutes earlier. A "traceroute" response to another location does not necessarily mean there is a problem with the agent or target device. These tools did not do much to allow a manager to understand history of a device or the intermediate network devices.
SNMPv1:
In 1988, SNMP (now referred to as Version 1) was born, through a variety of published RFC's. SNMP retained many of the advantages of ICMP and Traceroute (light-weight, avoided use of heavy TCP protocol), but brought to the world:

• programmable name for a device agent
• programmable location field for a device agent
• a description of the hardware and firmware on the device agent
• last-reboot counter of the device agent
• configuration, fault, and performance knowledge of interfaces (Interface Table)
• other physical hardware devices connected on the network (ARP Table)
• other neighboring logical devices connected on the network (Routing Table)
• passwords (called community strings) for basic protection
• framework for vendors to extend the management capabilities

This information is held in the MIB (Management Information Base) of the device - a database of information that each device holds regarding the health of the hardware, firmware, operating system, and applications.)


SNMPv1 was made up of RFC 1065, 1066, 1067. Updates included 1155, 1156, 1157. RFC 1213 (called MIB-1) was later updated 1156 (called MIB-2.)

SNMPv2:
In 1993, SNMP Version 2 was created through RFC's 1141-1452. Security was updated, but not widely adopted. Introduced was an efficient way to transfer information (GetBulkRequest) - which was readily adopted, to alleviate concerns of the protocol being "overly chatty".

SNMPv2c:
In 1996, SNMPv2c (Community-Based Simple Network Management Protocol Version 2) was introduced in RFC 1901-1908. The most important added the capability was to encrypt the password (community string) in transit, alleviating the concerns of the protocol being "insecure".

SNMPv3:
In December 2002, SNMPv3 was released, comprised of RFC's 3411-3418. In 2004, the IETF (Internet Engineering Task Force) designated SNMPv3 as STD0062 or a Full Internet Standard. Practically speaking, SNMPv3 adds encryption of the payload, to completely secure the protocol.

Modern Computing:
Today, nearly every modern equipment vendor, who instruments their internet equipment for management, bundles SNMP in their standard packaging - since SNMPv3 is The Internet Standard. This means that most equipment that plugs into a network via ethernet or wireless can be managed in an "agentless" manor (i.e. without loading any special additional components.)

Most Internet Infrastructure (i.e. computers, servers, routers, switches, etc.) allow for the following basic capabilities (sometimes using an internet standard, sometimes using vendor extension):

• Interface Configuration (administratively up, down; interface capacity)
• Interface Fault Status (Up, Down, Testing, Last-Change Time-stamp))
• Interface Performance Statistics (packets, bytes, errors, etc.)
• SNMP Agent Last-Reboot Timestamp
• Memory and/or Buffer Usage; Buffer Allocation Errors
• Flash and/or Disk Capacity and Usage
• Running Processes
• Installed Software
• CPU Usage
• Alert to a Manager when an Agent detects a problem

Customer Benefit:
Since SNMPv3 is The IETF Internet Standard, most equipment on a network can be reasonably managed without ever adding software to an end device. This means a service provider can provide greater insight into the health and performance of a customer estate with proper management software, especially historical trends when data is captured and stored in a database.

Difficulties:
SNMP is only a piece of the puzzle for managing a network.

• Business Processes
  A customer must know what business services are traversing a device to understand the impact of an outage or what business processes are at risk when assets in the estate are performing poorly.
• Security / End-of-Life Management
  A customer must know the version of the hardware and firmware is in the estate in order to understand when a security vulnerability or end-of-life equipment may place their business at risk.
• Logistics / Asset Management
  A customer must know what assets make up their network estate and where the assets are located in order to understand where impacts originate during faults or where security risks exist.
• Configuration Management
  A customer must know how to update the firmware on managed devices in the estate when defects in the software may be impacting business processes or creating security risks due to vulnerabilities.
• Performance Management
  A customer must know what "normal" operation of their estate is, collecting this data over time, in order to predict when faults will arise, so impacts to business processes are minimized.
• Fault Management
  A customer must know when faults occurred in the past, where they occured, when they occurred, what the problem was, and what the solution was - in order to understand the business impacts and create a strategy to mitigate future similar business impacts.

SNMP is a single skill, which can be leveraged to manage any number of device vendor, types, and model numbers. Network Management requires an expertise in all of the above areas, in addition to understanding SNMP.

This open up a prime opportunity for service providers with experience to assist customers since customers may only have experience with a particular device vendor/model/type or not have experience in SNMP.

Network Management at EMC World 2012

Abstract:
EMC purchase network management vendor SMARTS with their InCharge suite, a number of years ago, rebranding the suite as Ionix. EMC purchased Voyence, rebranding it as NCM (Network Configuration Manager). After EMC World 2012, they completed the acquisition of Watch4Net APG (Advanced Performance Grapher.) The suite of these platforms is now being rolled into a single new brand called EMC IT Operations Intelligence. EMC World 2012 was poised to advertize the new branding in a significant way.
Result:
EMC World 2012 in Las Vegas, Nevada was unfortunately pretty uneventful for service providers. Why was it uneventful?

The labs for EMC IT Operations Intelligence did not function. There were a lot of other labs, which functioned, but not the Network Management labs. EMC World 2012 was a sure "shot-in-the-head" for demonstrating, to service providers, the benefits of running EMC Network Management tools in a VM.

After 7 days, EMC could not get their IT Operations Intelligence Network Management Suite running in a VMWare VM.

Background:
Small customers may host their network management tools in a VMWare VM. Enterprises will occasionally implement their network management systems on smaller systems, where they know they will get deterministic behavior from the underlying platform.

Service Providers traditionally run their mission critical network management systems on larger UNIX Systems, so as to provide instant scalability (swap in CPU boards) and 99.999 availability (reboot once-a-year, whether they need to or not.)

The platform of choice in the Service Provider market for scalable Network Management platforms has been SPARC Solaris, for decades... clearly, for a reason. This was demonstrated well at EMC World 2012.

The Problem:
Why not host a network management platform in a VMWare infrastructure? Besides, the fact that EMC could not make it happen, after 1 year of preparation, and 7 days of struggling... there are basic logistics.

Network Management is dependent upon ICMP and SNMP. Both of these protocols are "connectionless protocols" - sometimes referred to as "unreliable protocols". Why would a network management platform use "unreliable protocols"?

The IETF understands that network management should always be light (each poll is a single packet, while a TCP protocol requires a 3-way handshake to start the transaction, poll the single packet, then break down with another 3-way handshake. Imagine doing this for thousands of devices every x seconds - not very light-weight, not very smart. A "connection based protocol" will also hide the nature of an unreliable underlying network, which is what a network management platform is supposed to expose - so it can be fixed.

Now stick a network management platform in a VM, where the network connection from the VM (holding an operating system, with a TCP/IP stack), going down through the hypervisor (which is another operating system, with another TCP/IP stack, which is also sharing the resources of that VM with other VM's.) If there is the slightest glitch in the VM or the hypervisor, which may cause the the packets to be queued or dropped - the actual VMWare infrastructure will signal to the Network Management Centers that there is a network problem, in their customer's network!

Politics:
Clearly, someone at EMC does not understand Network Management, nor do they understand Managed Service Providers.

The Network Management Platform MUST BE ROCK SOLID, so the Network Operations Center personnel will NEVER mistake a alerts in their console from a customer's managed device as a local performance issue in their VM.

With EMC using Solaris to reach into the Telco Data Centers, EMC later using Cisco to reach into the Telco Data Centers - EMC is done using their partners. VMWare was the platform of choice, to [not] demonstrate their Network Management tools on. Cisco was the [soon to be replaced] platform of choice, since EMC announced they will start building their own servers.

Either someone at EMC is sleeping-at-the-wheel or they need to get a spine to support their customers. Either way, this does not bode well for EMC as a provider of software solutions for service providers.


Business Requirements:
In order for a real service provider to reliably run a real network management system in a virtualized environment:

• The virtualized platform must not insert any overhead.
• All resources provided must be deterministic.
• Patches are installed while the system is live.
• Engagement of patches must be deterministic.
• Patch engagement must be fast.
• Rollback of patches must be deterministic.
• Patch rollback must be fast.
• Availability must be 99.999.

Solutions:
There are many platforms which fulfill these basic business requirements, but none of them are VMWare. Ironically, only SPARC Solaris platform is currently supported by EMC for IT Operations Intelligence, EMC does not support SPARC Solaris under VMWare, and EMC chose not to demonstrate their Network Management suite under a platform which meets service provider requirements.

Today, Zones is about the only virtualized technology which offers 0%-overhead virtualizataion. (Actually, on SMP systems, virtualizing via Zones can increase application throughput, if Zones are partitioned by CPU board.) Zones, to work in this environment, seem to work best with external storage providers, like EMC.

Any platform which offers 0% virtualization penalty with ZFS support can easily meet service providers technical platform business requirements. Of these, the top 3 are probably the best supported by commercial interests

• Oracle SPARC Solaris
• Oracle Intel Solaris
• Joyent SMART OS
• OpenIndiana
• Illumian
• BeleniX
• SchilliX
• StormOS

Conclusion:
Today's market is becoming more proprietary each passing day. The movement towards supporting applications only under proprietary solutions (such as VMWare) has demonstrated it's risk during EMC World 2012. A network management provider would not be well advised to use any network management tool which is bound to a single proprietary platform element and does not support POSIX platforms.

SNMP

Abstract:
Network Management Frameworks range from Desktop to Enterprise to Managed Services Grade. Solar Winds is one of those Desktop to Enterprise Grade management tools, which does not provide a cross-platform scalable platform for real management - but may suite the needs of some. The following links were added to the Network Management Blog SNMP Tab.


Solar Winds Management Modules
[html] Solar Winds Application & Server Management
[html] Solar Winds Network Management
[html] Security Information & Event Management
[html] Storage Management
[html] Virtualization Management

The Network Management SNMP Resources Tab was updated!

SNMP MIB Repositories

[HTML] - MIBSearch.COM
[HTML] - SNMPLink.ORG [Brocade|Cisco|Extreme|Juniper|Standards]
[HTML] - OIDView.com [on-line application]


SNMP Network Management Platforms
[HTML] - HP Network Node Manager 9i

HP Network Node Manager - Data Sheets
[PDF] HP Network Management Center
[PDF] HP Network Node Manager (NNMi) Software
[PDF] HP Solutions for Automated Network Management
[PDF] HP NNMi Data Sheet
[HTML] NP NNMi Manuals
[HTML] HP NNMi 9.1 Supported Device Matrix
[HTML] HP NNMi 9.0 Supported Device Matrix


HP Network Node Manager - Specifications
[HTML] HP NNMi 9.10 (Advanced)
[HTML] HP NNM iSPI for IP Multicast 9.10
[HTML] HP NNM iSPI for IP Telephony 9.10
[HTML] HP NNM iSPI for MPLS 9.10
[HTML] HP NNM iSPI Performance for Metrics 9.10
[HTML] HP NNM iSPI Performance for Quality Assurance 9.10
[HTML] HP NNM iSPI Performance for Traffic 9.10

The following SNMP Management Utilities have been added to the SNMP Tab.

SNMP - Management Utilities
[HTML] - net-snmp snmp agent and snmp libraries
[HTML] - collectd back-end collecting engine
[HTML] - collection 4 front-end graphing engine
[HTML] - Add close option to collectd snmp plug-in

[TheRegister's article on new antenna technology]
Wireless Breakthroughs: Full Duplex and Unlimited Channels

Abstract:
Wired communication had traditionally been more point-to-point communication through technologies such as POTS (Plain Old Telephone System), ISDN, TCP/IP., etc. Wireless communication had traditionally been more point-to-multipoint through broadcast technologies such as radio, television, and satellite. With the convergence of technologies, wireless and wired have been competing with one another in all markets, but wireless had traditionally been saddled by short-comings conquered in wireless communications such as half-duplex and limited frequencies in bandwidth spectrum. These challenges have been getting addressed in wireless.


[GizMag's article on full duplex radio]
Full Duplex Wireless Radio:
Full Duplex is the ability to transmit at the same time as receiving information. Around this time, last year, in 2011.

Stanford University researchers have found a way to double the capacity of wireless networks, while at the same time making them more reliable and efficient.

Full Duplex is important for such operations such as one person on a wireless phone to speak at the same time as another person on one or more other wireless phones.


Many Channels, One Radio Frequency:
Channels within a radio frequency provides the ability for multiple pieces of wireless equipment to share a piece of wireless spectrum. Traditionally, multiple channels can be bound together between devices to get more bandwidth or fewer channels can be used between devices to allow for more devices to use wireless spectrum. A new capability was recently demonstrated:

We have shown experimentally, in a real-world setting, that it is possible to use two beams of incoherent radio waves, transmitted on the same frequency but encoded in two different orbital angular momentum states, to simultaneously transmit two independent radio channels.

With the addition of this capability, more devices may be able to operate in the same area, and higher bandwidth communications (i.e. high definition video) may be able to easily function wirelessly.

Security Implications:
Wired infrastructure is generally more secure, being a point-to-point infrastructure with such technologies such as switches. When the movement from wired to wireless infrastructure occurs, encryption becomes ever more important, especially with management protocols.


[SPARCT4 Micrograph from NetMgt article]
Network Management Connection:
With the capabilities of wireless communication becoming more robust, the need to use wired communication to edge devices such as desktops in a business, may become a thing of the past. Network Managers need to take this into consideration when planning their next generation network management platforms.

If a network management platform is not running SNMPv3 and it is not running SSH or HTTPS for configuration - it is time for it to be thrown out. The vast majority of devices will all be connected wirelessly in the very near future - security is of the essence. Network Management platforms which support encryption, such as the SPARC T processor series, will become increasingly important when managing these wireless environments.

Abstract:
Network Management is as old as The Internet. Various low level protocols and commands such as ICMP, Ping, and Traceroute were created in order to assist in basic debugging. Middle Level protocols such as SNMP were created to help understand toplology, health, and performance, as well as facilitate configuration. EMC offers a management platform, formerly known as SMARTS, which supports SNMPv3, the Internet Standard management protocol.

SNMP - The Standard:
Wikipedia described SNMPv3:

As of 2004 the IETF recognizes Simple Network Management Protocol version 3 as defined by RFC 3411–RFC 3418 (also known as STD0062) as the current standard version of SNMP. The IETF has designated SNMPv3 a full Internet standard, the highest maturity level for an RFC.

Support by EMC:
Systems Management ARTS or SMARTS created a product called InCharge, which was designed around managing networks for large service providers. EMC later purchased the company, to consolidate larger management ambitions.

EMC is now rumored to be experiencing schizophenea in it's product management cycle - exiting the Enterprise market with the decision to abandon UNIX markets such as IBM AIX, and considering an exit from it's Managed Services Market with experimenting to abandon UNIX markets such as Solaris.

With a product assumption, several portfolio name changes, and abandoning one core constitency after another - EMC is appearing to be at a point of crisis.

Service Providers and SNMPv3:
For service providers deciding to risk their fortunes on leaderless vendor, there is one good thing to keep in mind - SMARTS InCharge, or EMC Ionix, or whatever they decide to call the dead-product now a days does support SNMPv3.

To interogate discovered devices, in order to determine SNMP support, the topology dump can be leveraged.

sun9999/user$ sm_tpmgr -s AM-99 --dump-agents

To test an edge device for SNMP V3 capabilities, the a simple get command will almost be thorough.

sun9999/user$ sm_snmp --useif=10.11.12.13 --snmp=3 --user=${User} --auth=${Auth} --authPass=${AuthPass} --priv=${Priv} --privPass=${PrivPass} --dest=TestDevice.TestDomain.org get .1.3.6.1.2.1.1.2.0 2>&1 && echo "Test: Success: ${Node}\n" echo "Test: Failed: ${Node}\n"

MAIN-N-Using interface 10.11.12.13
SNMP-N-EUSMUSER-[USM]: Unknown User Name
Test: Failed: TestDevice.TestDomain.org

MAIN-N-Using interface 10.11.12.13
Error: authorizationError.1.3.6.1.2.1.1.2.0 = Null
Test: Success: SE_Corp_Banregio_Mty

MAIN-N-Using interface 10.11.12.13
.1.3.6.1.2.1.1.2.0 = noSuchObject
Test: Success: TestDevice.TestDomain.org

MAIN-N-Using interface 10.11.12.13
.1.3.6.1.2.1.1.2.0 = .1.3.6.1.4.1.43.1.16.4.2.21
Test: Success: TestDevice.TestDomain.org

Cavaets:
This script provides a Success or Failed flag, but this does not guarantee the device is fully discoverable.

• A successful return is not a guarantee of full SNMPv3 usability


• Authorization errors return a NULL and an error message with a Success flag


• Permission issues may return "noSuchObject" get result message with a Success flag

A combination of the Success flag with the content result will provide a highly likely assessment of whether the discovered device may be fully SNMPv3 supportable.

Abstract:

In a converged world of EMC, who purchased SMARTS and VMWare, bundling various vendors into a single Ionix umbrella - functionality is slowly being hidden and removed, making managed services and enterprise management more difficult from a standards perspective. The ESM / EISM or Server Monitoring product is the latest product to start being dumbed-down by EMC.

The History:

With ESXi being a product of VMWare and VMWare being owned by EMC, the combined company offers a different management solution called VirtualCenter, which is highly proprietary. VirtualCenter is not an Managed Services grade product, able to run under multiple operating system platforms. The EISM or ESM product has traditionally been cross-platform, enabling Managed Service providers to manage servers, hypervisors, and applications processes all from a highly scalable central platform.

The Problem:

EMC is starting the process of crippling managed services products in their portfolio, so enterprise products can be emphasized through it's VMWare subsidiary, and additional tools (which were formerly not required for monitoring) would be a required purchased product.

By default, in recent versions of EMC Ionix ESM (or EISM) - the Server Monitoring solution - VMWare required Virtual Center to manage ESXi platforms, out of the box.

The Solution:

For Managed Service Providers, this is not an optimal solution. To revert back to the "standards" based methodology of managing servers - SNMP VMWare Discovery can be re-enabled manually.

sun9999/root$ cd /opt/InCharge8/ESM/smarts/bin
sun9999/root$ sm_edit conf/esm/DISCOVERY_VMWARE.import

#----- Register VMware VCenter Probe with TopologyManager-------#
ICF_TopologyManager::ICF-TopologyManager
{
# We get ASL error 'duplicate row' when we try to add a row again.
# To avoid this ASL error, first remove (we don't get ASL error if not found)
# a row then add it later.
types -= { "VCenterDiscovery","Java Probe to Discover VMware VCenter" }
types += { "VCenterDiscovery","Java Probe to Discover VMware VCenter" }
}

Remember to restart the ESM domain manager upon completion.

Trying to enable SNMP under Solaris 10?

A few important things to know:

Adjust your community strings and manager parameters:

sun9999/admin$ ls -al /etc/sma/snmp/snmpd.conf /etc/snmp/conf/snmpd.conf
-rw------- 1 root bin 3300 Feb 11 03:32 /etc/sma/snmp/snmpd.conf
-rw-rw-r-- 1 root nsm 2221 Mar 17 2009 /etc/snmp/conf/snmpd.conf

Ensure your service is online:

sun9999/admin$ svcs snmpdx
STATE STIME FMRI
online May_21 svc:/application/management/snmpdx:default

Ensure your daemons are running:

sun9999/admin$ ps -elf | grep snmp
0 S root 1330 1 0 40 20 ? 370 ? May 21 ? 0:04 /usr/lib/snmp/snmpdx -y -c /etc/snm
0 S root 1322 1 0 40 20 ? 1290 ? May 21 ? 6:01 /usr/sfw/sbin/snmpd

Abstract: We're enabling SNMP community strings (SNMP's concept of a password) on a Cisco router named 'C2600' running Cisco's IOS (Internetwork Operating System). The router has never previously been configured for SNMP.



WARNING: SNMP in IOS versions 11.x-12.0 had a security vulnerability. More here.


Notes: IOS is also used in other Cisco managed network equipment and the generic term 'device' will be used onward in reference to the router.
Full IOS commands are used but many can be shortened: 'configure terminal' to 'conf term'; 'show' to 'sh'. Pressing *Tab* autocompletes a command if the letter combination is unique. Entering 're' *Tab* will fail as it could be for 'reload', 'rename','restart', or 'resume'. Entering 'ren' *Tab* will complete to 'rename'. If you forget a command, the '?' *Enter* will display most of the commands.



C2600> enable

Enable mode is used to view a device's settings.



C2600# show running-config

If SNMP is mentioned it was previously configured.


C2600# configure terminal

Configure allows you to change the device's settings.



C2600(config)# snmp-server community 'public-string' RO

'RO' stands for 'Read-Only' meaning that someone who knows the device's public string can view the device's SNMP settings. A relatively harmless ability.



C2600(config)# snmp-server community 'private-string' RW (RW read-write)

RW stands for Read-Write meaning that someone who knows the private string can change the device's settings. Someone with this knowledge can ruin your plans for the day, especially if the device is thousands of miles away. An instance: here's instructions for "How To Copy Configurations To and From Cisco Devices Using SNMP"



Replace 'public-string' and 'private-string' with appropriate substitutions. The common default strings are 'public' & 'private'. These strings are not recommended for securing the device.



C2600(config)# exit

Exits configure mode back to enable mode.



C2600# show running-config

A few lines about SNMP should appear.



C2600# write memory

This writes the new settings to memory. If you skip this step, you'll need to start over.



To check that configuration was successful:

C2600# show snmp

Empty stats about usage will display if SNMP is correctly configured.