Chapter 12: Network ManagementJian Ren and Tongtong Li, Michigan State UniversityIntroductionOSI Network Management Model . .Network Management Layers . . . .ISO Network Management FunctionsConfiguration Management . . . . .Fault Management . . . . . . . . . .Security Management . . . . . . . .Accounting Management . . . . . . .Performance Management . . . . . .234666777Network Management Protocols7SNMP/SNMPv1 . . . . . . . . . . .8SNMPv2 . . . . . . . . . . . . . . . .13SNMPv3 . . . . . . . . . . . . . . . .15Remote Network Monitoring (RMON) 23Network Management ToolsNetwork Monitors . . . . . . . . . .2425Network Scanners . . . . . . . . . . .Packet Filters . . . . . . . . . . . . .2526Wireless Network ManagementCellular Networks . . . . . . . . . . .Location Management for CellularNetworks . . . . . . . . . . . . . . .2627Policy-based Network ManagementWhat Is a Policy? . . . . . . . . . .Benefits of PBNM . . . . . . . . . .Architecture of a PBNM System . cronyms3728Abstract: The continuous growth in scale and diversity of computer networks and networkcomponents has made network management one of the most challenging issues facing networkadministrators. It has become impossible to carry out network management functions withoutthe support of automated tools and applications. In this chapter, the major network managementissues, including network management requirements, functions, techniques, security, some wellknown network management protocols and tools, will be discussed. Location management for thewireless cellular networks will also be briefly described. Finally, policy-based network management,which is a promising direction for the next generation of network management, will be brieflydescribed.Keywords: network management, Simple Network Management Protocol (SNMP), Structure of Management Information (SMI), Management Information Base (MIB), Remote NetworkMonitoring (RMON), network monitor, network scanner, packet filter, policy-based network management (PBNM)

1IntroductionNetwork management, in general, is a service that employs a variety of protocols, tools, applications,and devices to assist human network managers in monitoring and controlling of the proper networkresources, both hardware and software, to address service needs and the network objectives.When transmission control protocol/internet protocol (TCP/IP) was developed, little thoughtwas given to network management. Prior to the 1980s, the practice of network management waslargely proprietary because of the high development cost. The rapid development in the 1980stowards larger and more complex networks caused a significant diffusion of network managementtechnologies. The starting point in providing specific network management tools was in November 1987, when Simple Gateway Monitoring Protocol (SGMP) was issued. In early 1988, theInternet Architecture Board (IAB) approved Simple Network Management Protocol (SNMP) as ashort-term solution for network management. Standards like SNMP and Common Management Information Protocol (CMIP) paved the way for standardized network management and developmentof innovative network management tools and applications.A network management system (NMS) refers to a collection of applications that enable networkcomponents to be monitored and controlled. In general, network management systems have thesame basic architecture, as shown in Figure 12.1. The architecture consists of two key elements:a managing device, called a management station, or a manager and the managed devices, calledmanagement agents or simply an agent. A management station serves as the interface between thehuman network manager and the network management system. It is also the platform for management applications to perform management functions through interactions with the managementagents. The management agent responds to the requests from the management station and alsoprovides the management station with unsolicited information.Given the diversity of managed elements, such as routers, bridges, switches, hubs and so on,and the wide variety of operating systems and programming interfaces, a management protocolis critical for the management station to communicate with the management agents effectively.SNMP and CMIP are two well-known network management protocols. A network managementsystem is generally described using the Open System Interconnection (OSI) network managementmodel. As an OSI network management protocol, CMIP was proposed as a replacement for the

DisplayNetwork Management ApplicationNetwork Management ProtocolNetworkAgentAgentAgentManaged DeviceManaged DeviceManaged DeviceFigure 12.1: Typical Network Management Architecture [1]simple but less sophisticated SNMP; however, it has not been widely adopted. For this reason, wewill focus on SNMP in this chapter.1.1OSI Network Management ModelThe OSI network management comprises four major models [2]: Organization Model defines the manager, agent, and managed object. It describes thecomponents of a network management system, the components’ functions and infrastructure. Information Model is concerned with the information structure and storage. It specifiesthe information base used to describe the managed objects and their relationships. TheStructure of Management Information (SMI) defines the syntax and semantics of managementinformation stored in the Management Information Base (MIB). The MIB is used by both theagent process and the manager process for management information exchange and storage. Communication Model deals with the way that information is exchanged between theagent and the manager and between the managers. There are three key elements in thecommunication model: transport protocol, application protocol and the actual message to becommunicated.

OSI ModelTCP/IP ModelLayer 7ApplicationApplicationLayer 6PresentationLayer 5SessionLayer 4TransportTCP/UDPLayer 3NetworkInternetworkLayer 2Data LinkLayer 1PhysicalNetwork Interface andHardwareNot presentedin this modelFigure 12.2: The OSI and TCP/IP Reference Models Functional Model comprises five functional areas of network management, which are discussed in more detail in the next section.1.2Network Management LayersTwo protocol architectures have served as the basis for the development of interoperable communications standards: the International Organization for Standardization (ISO) OSI reference modeland the TCP/IP reference model, which are compared in Figure 12.2 [3]. The OSI reference modelwas developed based on the promise that different layers of the protocol provide different servicesand functions. It provides a conceptual framework for communications among different networkelements. The OSI model has seven layers. Network communication occurs at different layers,from the application layer to the physical layer; however, each layer can only communicate with itsadjacent layers. The primary functions and services of the OSI layers are described in Table 12.1.The OSI and TCP/IP reference models have much in common. Both are based on the conceptof a stack of independent protocols. Also, the functionality of the corresponding layers is roughlysimilar.However, the difference does exist between the two reference models. The concepts that arecentral to the OSI model include service, interface, and protocol. The OSI reference model makesthe distinction among these three concepts explicit. The TCP/IP model, however, does not clearlydistinguish among these three concepts. As a consequence, the protocols in the OSI model arebetter hidden than in the TCP/IP model and can be replaced relatively easily as the technologychanges. The OSI model was devised before the corresponding protocols were invented. Therefore,

LayerApplicationPresentationTable 12.1: OSI Layers and FunctionsFunctions Provides the user application process with access to OSI facilities Responsible for data representation, data compression, data encryption anddecryption Ensures communication between systems with different data representation Allows the application layer to access the session layer services Allows users on different machines to establish sessions between themSessionTransport Establishes and maintains connections between processes, and data transferservices Establishes, maintains and terminates connections between end systems Provides reliable, transparent data transfer between end systems, or hosts Provides end-to-end error recovery and flow control Multiplexes and de-multiplexes messages from applications Builds end-to-end route through the networkNetwork Datagram encapsulation, fragmentation and reassembly Error handling and diagnostics Composed of two sublayers: logical link control (LLC) and and media accesscontrol (MAC)Data Link Provides a well-defined service interface to the network layer Deals with transmission errorsPhysical Regulates data flow Handles the interface to the communication medium Deals with various medium characteristicsit is not biased toward one particular set of protocols, which makes it quite general. With TCP/IP,the reverse is true: the protocols came first, and the model was really just a description of theexisting protocols. Consequently, this model does not fit any other protocol stacks [3].The rest of the chapter is organized as follows. In the section on ISO Network ManagementFunctions, ISO network management functions are briefly described. Network management protocols are discussed in the Section on Network Management Protocols. In the next section, networkmanagement tools are briefly described. Wireless network management is discussed next. Policybased network management is introduced in the following section. The final section draws generalconclusions.

2ISO Network Management FunctionsThe fundamental goal of network management is to ensure that the network resources are availableto the designated users. To ensure rapid and consistent progress on network management functions, ISO has grouped the management functions into five areas: (i) configuration management,(ii) fault management, (iii) accounting management, (iv) security management, and (v) performance management. The ISO classification has gained broad acceptance for both standardized andproprietary network management systems. A description of each management function is providedin the following subsections.2.1Configuration ManagementConfiguration management is concerned with initializing a network, provisioning the network resources and services, and monitoring and controlling the network. More specifically, the responsibilities of configuration management include setting, maintaining, adding, and updating the relationship among components and the status of the components during network operation.Configuration management consists of both device configuration and network configuration.Device configuration can be performed either locally or remotely. Automated network configuration,such as Dynamic Host Configuration Protocol (DHCP) and Domain Name Services (DNS), playsa key role in network management.2.2Fault ManagementFault management involves detection, isolation, and correction of abnormal operations that maycause the failure of the OSI network. The major goal of fault management is to ensure that thenetwork is always available and when a fault occurs, it can be fixed as rapidly as possible.Faults should be distinct from errors. An error is generally a single event, whereas a faultis an abnormal condition that requires management attention to fix. For example, the physicalcommunication line cut is a fault, while a single bit error on a communication line is an error.

2.3Security ManagementSecurity management protects the networks and systems from unauthorized access and securityattacks. The mechanisms for security management include authentication, encryption and authorization. Security management is also concerned with generation, distribution, and storage ofencryption keys as well as other security-related information. Security management may includesecurity systems such as firewalls and intrusion detection systems that provide real-time eventmonitoring and event logs.2.4Accounting ManagementAccounting management enables charge for the use of managed objects to be measured and thecost for such use to be determined. The measure may include the resources consumed, the facilitiesused to collect accounting data, and set billing parameters for the services used by customers, themaintenance of the databases used for billing purposes, and the preparation of resource usage andbilling reports.2.5Performance ManagementPerformance management is concerned with evaluating and reporting the behavior and the effectiveness of the managed network objects. A network monitoring system can measure and displaythe status of the network, such as gathering the statistical information on traffic volume, networkavailability, response times, and throughput.3Network Management ProtocolsIn this section, different versions of SNMP and RMON will be introduced. SNMP is the mostwidely used data network management protocol. Most of the network components used in enterprisenetwork systems have built-in network agents that can respond to an SNMP network managementsystem. This enables new components to be automatically monitored. Remote network monitoring(RMON) is, on the other hand, the most important addition to the basic set of SNMP standards.It defines a remote network monitoring MIB that supplements MIB-2 and provides the networkmanager with vital information about the internetwork.

3.1SNMP/SNMPv1The objective of network management is to build a single protocol that manages both OSI andTCP/IP networks. Based on this goal, SNMP, or SNMPv1 [4–6] was first recommended as aninterim set of specifications for use as the basis of common network management throughout thesystem, whereas the ISO CMIP over TCP/IP (C