Module 12 Flashcards
Learning Unit 6 (55 cards)
Network Management Overview
• Definition: Assessment, monitoring, maintenance of network components • Goals: o Enhance efficiency and performance o Prevent downtime or loss o Predict and resolve issues proactively • Tasks: o Monitor performance baselines o Control user access o Check hardware faults o Maintain QoS o Record asset/software configs o Schedule upgrades based on usage trends • Example: Detecting traffic overload on switch → replace or upgrade before issues occur
Environmental Monitoring Factors
• Key Conditions to Monitor: o Temperature (device/rack/room) o Humidity, dew point, barometric pressure o Flooding (liquid detectors) o Smoke or fire o Airflow o Vibration o Motion (security cameras) o Lighting (room lights on/off) o Door status (rack/room doors open or closed) o Power: Main/UPS voltage Battery level Power consumption Power outages
Environmental Monitoring Hardware & Connectivity
• Hardware Capabilities: o Dual power connectors (redundancy) o USB console (direct config) o Web interface (network config) o Extra USB ports (modem/log saving) o Wireless connectivity with sensors • Example Device: ENVIROMUX by NTI (medium enterprise monitoring)
Environmental Monitoring Software
• Dashboard Functions: o Displays live sensor data o Set alarm thresholds o Analyze historical data o Remote access (including via smartphone) • Software Example: o PRTG Network Monitor (by Paessler) Works with: ICMP, SNMP, WMI, HTTPS Monitors: CPU temp, power data, other sensor inputs • Alert Methods: o Email o SMS (Short Message Service) o Phone calls o Push notifications o Audible alerts (siren, voice) o SNMP traps • Bonus Feature: Remote control of some environmental elements (e.g., adjust temperature)
Network Monitoring Tools
• Network Monitor o Monitors traffic across multiple devices o E.g. Spiceworks o Shows traffic patterns, overall flow • Protocol Analyzer o Monitors traffic at a specific interface o E.g. Wireshark o Captures packet-level detail • Monitoring Application Behavior o Connected to switch: sees only broadcast + addressed traffic o Wireless: sees more if in promiscuous mode Enabled via monitoring software or OS (e.g. Device Manager on Windows) o Port Mirroring / SPAN: switch duplicates traffic to a specific port o In-line TAP (Test Access Point): 2 data ports (send/receive) 1–2 mirror ports (to monitoring software) Config port (usually rear) o Reporting: Devices report data via SNMP/syslog
Monitoring Tool Functions
• Always available functions: o Enable NIC promiscuous mode o Continuous segment monitoring o Capture all traffic on a segment o Capture frames to/from a node o Reproduce network conditions (custom traffic) o Generate activity stats (e.g. % of broadcast frames) • Advanced features (some tools): o Discover all nodes o Establish baselines o Track bandwidth/storage/CPU/memory o Show usage via graphs/tables/charts o Store traffic data o Generate reports o Trigger alarms on threshold breach (e.g. >60% usage) o Identify anomalies: Top talkers = most data sent Top listeners = most data received
Traffic & Packet Analysis
• Traffic Analysis o Shows flow patterns o Identifies bottlenecks, overloaded services/devices • Packet Analysis o Details of protocols, errors, misconfigs o Requires protocol analyzer • When to use o Monitor abnormal traffic (e.g. network slowdown at 8am) o Locate bad nodes or hacked devices flooding data o Capture & sort traffic by sender volume
Packet & Signal Issues
• Runts o < min size (e.g. Ethernet < 64 bytes) • Giants o max size (e.g. Ethernet > 1518 or >1522 w/ VLAN) • Jabber o Device constantly transmits (bad NIC or interference) • Ghosts o Not real frames; stray voltage misread as frames • Packet Loss o Due to noise, unknown protocols, unrecognized ports • Discarded Packets (Discards) o Arrive too late o Causes: congestion, latency, overflow • Interface Resets o Frequent disconnections; often config errors
Alerts & Notifications
• Triggered when thresholds are met • May generate: o Emails o SMS o Support tickets o Log entries • Devices that log: routers, switches, servers, workstations
Event Logging (Windows & General)
• Event Viewer (Windows): o Views system event logs o Examples: DHCP failure Firewall denial • Custom logging possible: o E.g. log if humidity > 60%
Syslog Overview
• Purpose: central logging across devices • Standard defines: o Event message format o Event message transmission Port 514 (UDP), Port 6514 (TLS) o Event message handling • Roles: o Generator: creates event message o Collector: gathers event messages • Severity levels (aka logging/priority levels): o 0 = Emergency o 1 = Alert o 2 = Critical o 3 = Error o 4 = Warning o 5 = Notice o 6 = Informational o 7 = Debug • Filtering: o By severity level (e.g. log ≥ level 4) o By facility (process): 0 = kernel 1 = user-level 4 = security/authentication
SNMP Architecture
• NMS (Network Management System) o Console or server o Polls devices for data • Managed Device o Any monitored node o Contains multiple managed objects (CPU, NIC, etc.) o Each object has an OID (Object Identifier) • Network Management Agent o Software on the device o Collects and reports device metrics o Uses minimal processing resources • MIB (Management Information Base) o Hierarchical database of managed objects o Stores object descriptions + performance data o Enables efficient analysis
SNMP Protocol Details
• Protocol Type: TCP/IP suite, uses UDP (or TCP if configured) • Ports: o UDP 161 = NMS → Agent o UDP 162 = Agent → NMS • Real-Time Monitoring: Preferred over retroactive log analysis • Device Reconfiguration: Supported (unlike syslog)
SNMP Versions
• SNMPv1: o Released 1988 o Basic, rarely used • SNMPv2: o Better performance and security o Still widely used • SNMPv3: o Adds authentication, validation, encryption o Most secure but complex to configure
SNMP Security Practices
• Disable SNMP where unnecessary • Limit sources of SNMP messages • Use read-only mode to prevent reconfiguration • Set strong community strings (passwords) • Use different community strings for different device types
SNMP Message Types
• Get Request: NMS requests data from agent • Get Response: Agent replies with data • Get Next: NMS requests next MIB row • Walk: Series of Get Nexts across MIB • Trap: o Agent-initiated alert (unsolicited) o Triggered by conditions (e.g., link failure, high temp) o E.g., snmp trap link-status → enable trap o no snmp trap link-status → disable trap o Helps preemptively resolve issues
SNMP Data Visualization
• Line Graphs: Track trends over time • Status Maps: o Green = OK o Yellow = Degraded o Red = Failed • Best Practice: o Avoid collecting excessive routine data (e.g., “I’m here” every 5s) o Configure event-based polling (e.g., CPU > 75%)
NetFlow Overview
• Vendor: Cisco (proprietary) • Function: Tracks IP traffic across enabled interfaces • Focus: Traffic flows & bandwidth utilization • Records: o Each conversation becomes a flow record o Stored in NetFlow cache, then exported • Analyzer: o Receives flow records from exporters o Provides insights on congestion, patterns, change impacts
NetFlow vs SNMP
• NetFlow: o Focus: Traffic relationships, bandwidth usage o Aggregates by flow, not per device o Less deep inspection than full packet capture o Higher traffic visibility, lower resource use o Sampling required to avoid overwhelming network • SNMP: o Focus: Device health, performance, and config o Per-device stats and real-time monitoring o Enables device reconfiguration
Network Traffic Management
• Two main focuses: o Performance management Monitor device & link efficiency Check if demands are being met o Fault management Detect faults in devices, links, or components Signal and respond to issues • Admin responsibilities: o Respond to errors o Adjust device/network configurations o Optimize performance
Performance Baselines
• Definition: o Report of normal network operation o Used as a comparison point for future performance o Includes acceptable performance ranges • Data gathered may include: o Backbone utilization rate o Users logged on per hour/day o Protocol types in use o Error stats: runts, jabbers, giants o Frequency of application usage o Bandwidth usage by individual users • Purpose of baselines: o Diagnose problems, misconfigurations, or intrusions o Detect overuse o Evaluate network upgrades o Track changes over time • Establishing baselines: o Requires ongoing documentation o Must be scheduled and reviewed regularly o Tailored to critical functions and user needs
Baseline Factors & Estimation Example
• Traffic patterns must account for: o Normal variation: Time of day Day of week Month/season (e.g. retail holidays) o Changes to the network: New users may use more/less traffic than current ones • Example Estimation: o 500 users → 50% backbone usage at 10am & 2pm o Adding 200 users (40% increase) o Estimate backbone capacity needs to increase ~40%
Tools for Baselining
• Small networks: o Use simple/inexpensive tools: iPerf (CLI-based) TotuSoft’s LAN Speed Test TamoSoft’s Throughput Test • Large/WAN networks: o Use comprehensive tools: Collect traffic per node Filter by protocol/error types Measure stats across segments simultaneously • Choosing tools: o Depends on: Network size Number of critical applications Required metrics & visibility
Common Network Performance KPIs
• Device availability & performance: o CPU usage o Memory usage o Device temperature o Network speed • Interface statistics: o Data from all interfaces o Identify issues (e.g., frequent power cycles) • Utilization: o Throughput as % of bandwidth o Avoid max-capacity operation o Plan for utilization spikes • Error rate: o % of bits damaged during transit o Often caused by EMI/interference • Packet drops: o Packets: Damaged Expired Blocked by interface o Cause: Delayed comms Resends o Monitor for abnormal rates • Jitter: o Variation in latency between packets o Causes out-of-order delivery o Affects user experience o Solved with traffic management techniques
