7网络管理、监控和优化.ppt

云南电网公司高级网络知识培训7、网络管理、监控和优化服务 网络管理、SNMP协议云南电网网络知识培训云南电网网络知识培训网管的重要性?网络中设备日渐增多交换机、网络中设备日渐增多交换机、路由器、防火墙、拨号访问服务路由器、防火墙、拨号访问服务器器技术日趋复杂以太网、千兆以技术日趋复杂以太网、千兆以太网、多媒体技术、语音、数据、太网、多媒体技术、语音、数据、视频集成、安全策略视频集成、安全策略，发生发生问题时无从下手问题时无从下手 缺乏经验丰富、受过专业培训的缺乏经验丰富、受过专业培训的网络管理人员网络管理人员缺乏综合的网管解决方案缺乏综合的网管解决方案网管基本概念网络管理系统主要功能是维护网络正常高效的运 行。网管系统能及时检测网络出现的故障和进行 处理，能通过监测分析运行状况而估价系统性能.两种网络管理系统标准：1.OSI的网络管理规程:公共管理信息协议(CMIP)2.起源于Internet的TCP/IP的简单网络管理协议(SNMP)What Is the NMS?SecuritySecurityConfigurationConfigurationPerformancePerformanceAccountinAccounting gFaultFaultTroubleshooting for problem discovery,isolation,and resolutionCollect utilization and performance data,analyze data,set utilization thresholdsFinding,configuring,and maintaining network devicesLogging user access and data traffic for billing;providing secure access to the network为了使网络的性能功效达到最高而采用的能够控制管理为了使网络的性能功效达到最高而采用的能够控制管理复杂的数据网络一组工具。复杂的数据网络一组工具。“”网管的管理功能配置管理：定义、识别、初始化、控制、检测被 管对象。故障管理：故障检测、排除。性能管理：流量负载、网络服务器负载情况。记帐管理：哪个用户、什么时间、使用了什么资 源、使用了多少。安全管理：身份验证、授权、加/解密OSI提出网管五个管理功能SNMP 操作模型管理站SNMP代理(Agent)MIB代理(Agent)MIB被管设备被管设备用户接口网管应用程序SNMP 操作读取(get)：管理站 被管设备请求回应写入(set):管理站用写入命令设置被管设备的变量值陷井(Trap):被管设备向管理站报告重要事件获取变量的值网管分类网元管理流量管理安全管理基础设施管理网元管理以设备单元为基础的网络管理，监控网络设备的运行状态、网络链路的通断、异常事件告警等。代表产品：CiscoWorks、华讯网管（EccomNet）、NetCool流量管理对网络流量的智能分析对关键网络节点或关键网络链路上网络流量的长期数据捕获保存能力能够提供长期的流量分析报告代表产品：NetScout安全管理实现对安全设备的统一管理，安全策略的集中下发收集、分析安全事件，提供相应安全建议代表产品：CSM、MARS基础设施管理实现对机房网络设备、主机设备及机柜电源的统一管理代表产品：AvocentCISCO网管体系结构所有CISCO网络管理设备都支持SNMP，即可以在 其上启动SNMP的Agent(软件模块/进程)网管工作站操作系统平台 SUN(solaris)、HP、IBM(AIX)、NT、WIN95网管平台(如SUN:Netmanger,HP:OpenView,IBM:Netview)CISCOWORKS/CWSICISCOVIEW网络管理：Cisco IOS IP SLAs技术云南电网网络知识培训云南电网网络知识培训Cisco IOS IP SLAs技术IP SLAs是内嵌在Cisco IOS中的一个网络管理代理，用于对网络中任意两点间的服务质量进行主动测量可以感知IP业务类型和通信服务级别专门针对IP电话、视频、VPN业务进行了优化所有运行IOS操作系统的Cisco网络硬件设备都支持IP SLAs管理代理，无需额外的采购费用IP SLAs是Cisco提供智能化网络战略的重要组成部分，能提供业界领先的内嵌式服务质量测量智能代理性能测量SPAN和RSPAN监控云南电网网络知识培训云南电网网络知识培训ObjectivesUpon completing this lesson,you will be able to:Describe techniques to enhance the performance of a multilayer switched networkMonitor switch ports using SPAN and VSPANMonitor switch ports using RSPANDescribe the features and operation of network analysis modules on Catalyst switches to improve network traffic managementVerify and troubleshoot the operation of network analysis modulesEnhancing Network PerformanceGather a baseline.Perform a what-if analysis.Perform exception reporting for capacity issues.Determine the network management overhead.Analyze the capacity information.Periodically review capacity information.Have upgrade or tuning procedures set up.Switched Port AnalyzerConfiguring SPANSwitch(config)#monitor session session_num source interface type/num|vlan num,|-|rx|tx|both Configures a SPAN session to monitor trafficSwitch(config)#monitor session session_number destination interface type/num,|-|vlan num Configures the destination for a SPAN sessionRemote SPANConfiguring RSPANEnters configuration mode for a specific VLANSwitch(config)#vlan vlan-numberEnables RSPAN for the VLANSwitch(config-vlan)#remote-span Verifying SPAN and RSPANSwitch#show monitor session session_number detail Displays SPAN session informationSwitch#show monitor session 2Session 2-Type:Remote Source SessionSource Ports:RX Only:Fa3/1 Dest RSPAN VLAN:901 Switch#show monitor session 2 detailSession 2-Type:Remote Source SessionSource Ports:RX Only:Fa1/1-3 TX Only:None Both:NoneSource VLANs:RX Only:None TX Only:None Both:None Source RSPAN VLAN:None Destination Ports:None Filter VLANs:None Dest RSPAN VLAN:901Network Analysis ModuleNAM Initial ConfigurationAssign parametersIP addressSubnet maskIP broadcast addressIP host nameDefault gatewayDomain nameDNS name serverSNMP(MIB variables,access control,system group settings)Start the web serverConfiguring NAMSwitch(config)#interface gi 8/0Switch(config-if)#switchport access vlan 93Switch(config-if)#endSwitch(config)#monitor session 1 destination interface gi 8/1 rootlocalhost#autostart addressmap enable Enables a collection typeRootlocalhost#autostart collection enableVerifying NAMSwitch#show module Displays information about installed modulesSwitch#show moduleMod Ports Card Type Model Serial No.-2 2 Catalyst 6000 supervisor 2(Active)WS-X6K-SUP2-2GE SAD0410050B3 48 48 port 10/100 mb RJ-45 ethernet WS-X6248-RJ-45 SAD030804855 2 Network Analysis Module WS-X6380-NAM SAD05130AXB7 2 Intrusion Detection System WS-X6381-IDS SAD05100HPTSwitch#show interface GigabitEthernet slot/1|2Displays NAM interface informationSummaryPerformance management maintains internetwork performance at acceptable levels by measuring and managing various network performance variables.SPAN selects and copies network traffic to send to a network analyzer.Remote SPAN is a variation of SPAN that sends monitored traffic through an intermediate switch rather than directly to the traffic analyzer.A NAM uses SNMP RMON information to monitor and analyze network traffic.Use the show commands to verify NAM configuration.Syslog云南电网网络知识培训云南电网网络知识培训什么是什么是Syslog?l记录发生了什么事件？包括流量行为的一系列事件都可以记录发生了什么事件？包括流量行为的一系列事件都可以被记录下来。被记录下来。l是一种很好的是一种很好的troubleshooting的工具，尤其是在设备重的工具，尤其是在设备重启或者启或者crash后。后。Syslog配置!service timestamps debug datetime localtimeservice timestamps log datetime localtime！logging buffered 20480No logging console！logging source-interface Loopback0logging host 222.172.222.2logging host 10.180.0.121!Log的级别和数目的级别和数目log级别中包含的具体内容，具体参见设备的级别中包含的具体内容，具体参见设备的datatsheet syslog用用show logging可查看目前可查看目前log的设置情况。的设置情况。SyslogYX-C-M-C7606-B01(config)#logging buffered?Logging severity level Logging buffer size alerts Immediate action needed (severity=1)critical Critical conditions (severity=2)debugging Debugging messages (severity=7)discriminator Establish MD-Buffer association emergencies System is unusable (severity=0)errors Error conditions (severity=3)filtered Enable filtered logging informational Informational messages (severity=6)notifications Normal but significant conditions(severity=5)warnings Warning conditions (severity=4)xml Enable logging in XML to XML logging buffer 默认：informational Informational messages (severity=6)思科网管工具云南电网网络知识培训云南电网网络知识培训Cisco Netmanager(CNM)入门级网元管理软件入门级网元管理软件-Cisco netManager 基础网基础网络管理软件络管理软件Cisco netManager 基础网络管理软件的英文全称是Cisco netManager IP infrastructure它是Cisco netManager网管产品家族中的成员。它是一个高效的网络监控的解决方案，它可以监控思科网络中低端网络设备、以及其它基于SNMP的第三方IT设备，如：服务器、工作站、应用服务器，甚至打印机等netManager基础网络管理软件的基础网络管理软件的基本功能基本功能(1)网络的自动发现（包括主机等一般SNMP设备）实时和历史的性能监控与报告实时和历史的性能监控与报告CPU利用率内存利用率硬盘利用率接口利用率（带宽）设备可用性丰富的故障通知手段：丰富的故障通知手段：SNMP TRAP、SYSLOG，SMS、电子邮件、外部脚本激活弹出窗口和网页报警等丰富的通知机制。netManager基础网络管理软件的基础网络管理软件的基本功能基本功能(2)实时网络拓扑展现实时网络拓扑展现CiscoWorks LMS 3.0+HUMCiscoworks网络管理系统的英文全称是Ciscoworks Lan Manager Solution，简称LMS。CiscoWorks LMS由多个具有出色运营功能的工具组成，提供故障管理、可扩展拓扑视图、先进配置、L2和L3路径分析、支持语音的路径跟踪、广域网性能故障排除、终端工作站跟踪以及设备故障排除等功能CiscoWorks LMS 3.0是一个全新的主要软件版本，在可扩展性、性能和应用级功能方面叫以前版本有了大幅提高。CiscoView 全部全部Cisco 设备支持设备支持详细设备外观图形有详细设备外观图形有助于微小故障的迅速助于微小故障的迅速定位定位简单的点击配置多个简单的点击配置多个端口和参数端口和参数迅速启动实时监控迅速启动实时监控集成于集成于CiscoWorks2000和和Cisco Works for Windows的的Cisco网络设备视图处理器网络设备视图处理器CiscoWorks Windows易于使用的基于易于使用的基于Windows的互连网的互连网管理应用套件管理应用套件支持集成的交换机和支持集成的交换机和路由器路由器带有多个管理级别的带有多个管理级别的安全的安全的SNMP 管理系管理系统统中小型企业专门的网管软件中小型企业专门的网管软件Common Management FoundationArchitectureCD-One(Common Management Foundation)CD-One(Common Management Foundation)Desktop,Web Services,Security,Process Management,HelpDatabase Engine,Job Management,Event DistributionANI(Asynchronous Network Interface)Network Device DiscoveryRUNTIME SERVICESNETWORK SERVICESSYSTEM SERVICESCORBA Event BusCORBA Event BusCustomerCustomerPartnerPartnerInterfaceInterfaceCIM/XMLCiscoCiscoManagementManagementConnectionConnectionCCOCCOHTMLCORBAWeb BrowserWeb BrowserUser InterfaceUser InterfaceCommon to LMS Common to LMS RWAN SMS VMS CVM RWAN SMS VMS CVM ACLACLManagerManagerReal-Time Real-Time MonitorMonitorResourceResourceManagerManagerEssentialsEssentialsContentContentFlowFlowManagerManagerCampusCampusManagerManagerDeviceDeviceFaultFaultManagerManagerInternetworkInternetworkPerformancePerformanceMonitorMonitorLMSLMSLMSLMSLMS LMS RWAN+RWAN+RWANRWANRWANRWANLMS LMS RWAN RWANLMS LMS RWAN RWANInternal InterfaceInternal InterfacesyslogSNMPNetwork DevicesNetwork DevicestelnetCD OneCD TwoSLMCollector SWService Level Mgt SolutionCD OneRMERTMACLIPMRWANSolutionCD OneRME&CD-2VPN MonCSPM(IDS)VPN/Security Mgt SolutionCD OneRMERTMCMCFMLAN MgtSolutionCD OneVoIP Health MonitorVHMCWWACSQPMHSECSPM(fw)HIDSCiscoWorks 2000Netflow 介绍云南电网网络知识培训云南电网网络知识培训AgendaNetFlow OverviewVersionsPartnersCustomer ApplicationsSolutions by TechnologyFeatures and UsesPlatform SpecificsPerformanceRoadmap and Future DirectionSummaryNetFlow OverviewNetFlow Origination&InnovationDeveloped by Darren Kerr and Barry Bruins at Cisco Systems in 1996The value of information in the cache was a secondary discoveryInitially designed as a switching pathNetFlow is now the primary network accounting technology in the industrySampled NetFlow a Cisco innovationNetFlow version 9 an IETF standard Answers questions regarding IP traffic:who,what,where,when,and howNetFlow 技术Cisco Systems在1996发明并取得专利NetFlow现在是业界最主要的网络流量统计技术,同时也已经成为IETF标准提取网络传输的数据包的关键信息：时间，来源，目的，做什么等等。详细描述网络的运行状况和流量特点。What is a flow?Exported DataDefined by seven unique keys:Source IP addressDestination IP addressSource portDestination portLayer 3 protocol typeTOS byte(DSCP)Input logical interface(ifIndex)NetFlow SequenceRouter1.Create and update flows in NetFlow Cache Inactive timer expired(15 sec is default)Active timer expired(30 min(1800 sec)is default)NetFlow cache is full(oldest flows are expired)RST or FIN TCP FlagHeaderExportPacketPayload(flows)2.Expiration3.Aggregation?e.g.Protocol-Port Aggregation Scheme becomes4.Export VersionYesNoAggregated Flows export Version 8 or 9Non-Aggregated Flows export Version 5 or 95.Transport ProtocolCore NetworkCreating Export PacketsEnable NetFlowTrafficCollector(Solaris,HP-UX,or Linux)UDP NetFlowExport PacketsApplication GUIPEExport PacketsApproximately 1500 bytesTypically contain 20-50 flow recordsSent more frequently if traffic increases on NetFlow-enabled interfacesNetFlow PrinciplesInbound traffic onlyUnidirectional flowAccounts for both transit traffic and traffic destined for the routerWorks with Cisco Express Forwarding(CEF)or fast switchingNot a switching pathSupported on all interfaces and Cisco IOS Software platformsReturns the sub-interface information in the flow recordsAgendaNetFlow OverviewVersionsPartnersCustomer ApplicationsSolutions by TechnologyFeatures and UsesPlatform SpecificsPerformanceRoadmap and Future DirectionSummaryVersionsNetFlow VersionsNetFlow VersionComments1Original5Standard and most common7Specific to Cisco Catalyst 6500 and 7600 Series Switches Similar to Version 5,but does not include AS,interface,TCP Flag&TOS information8Choice of eleven aggregation schemesReduces resource usage9Flexible,extensible file export format to enable easier support of additional fields&technologies;coming out now MPLS,Multicast,&BGP Next HopAgendaVersion 5Version 8Version 7Version 9Version 5NetFlow OverviewVersionsVersion 5-Flow FormatSource IP AddressDestination IP AddressPacket CountByte CountUsageQoSTimeof DayApplicationPortUtilizationFrom/ToRouting andPeeringInput ifIndexOutput ifIndexType of ServiceTCP FlagsProtocolStart sysUpTimeEnd sysUpTimeSource TCP/UDP PortDestination TCP/UDP PortNext Hop AddressSource AS NumberDest.AS NumberSource Prefix MaskDest.Prefix MaskSource IP AddressDestination IP AddressAgendaVersion 5Version 7Version 8Version 9Version 7NetFlow OverviewVersionsVersion 7Adds NetFlow switching support for:Cisco Catalyst 5000 Series Switches with an RSM Cisco Catalyst 5000 Series Switches with an MSFCUses MultiLayer Switching(MLS)or CEF with Cisco Catalyst 6000 Series Switches with SUP2IP unicast onlyNo multicast or IPX,even if MLS can do all threeMLS cache is the equivalent of the NetFlow cacheVersion 7-Flow FormatSource IP AddressDestination IP AddressUsageQoSTimeof DayApplicationPortUtilizationFrom/ToRouting andPeeringSource IP AddressDestination IP AddressInput ifIndexOutput ifIndexType of ServiceTCP FlagsProtocolPacket CountByte CountStart sysUpTimeEnd sysUpTimeSource TCP/UDP PortDestination TCP/UDP PortNext Hop AddressSource AS NumberDest.AS NumberSource Subnet MaskDest.Subnet MaskRouterSc(router shortcut)*Added from version 5Note that the ToS and TCP Flags fields are not populatedAgendaVersion 5Version 7Version 8Version 9Version 8NetFlow OverviewVersionsVersion 8Router-based aggregationEnables router to summarize NetFlow dataReduces NetFlow Export data volumeDecreases NetFlow Export bandwidth requirementsCurrently 11 aggregation schemes Five original schemesSix new schemes with the TOS byte fieldSeveral aggregations can be enabled simultaneouslyVersion 8-Flow FormatVersion 8-Flow FormatVersion 8-Configuration3600-4(config)#ip flow-aggregation cache?as AS aggregation as-tos AS-TOS aggregation destination-prefix Destination Prefix aggregation destination-prefix-tos Destination Prefix TOS aggregation prefix Prefix aggregation prefix-port Prefix-port aggregation prefix-tos Prefix-TOS aggregation protocol-port Protocol and port aggregation protocol-port-tos Protocol,port and TOS aggregation source-prefix Source Prefix aggregation source-prefix-tos Source Prefix TOS aggregationNote do not export version 5 at the same time“ip flow-export version 5”AgendaVersion 5Version 8Version 7Version 9Version 9NetFlow OverviewVersionsWhy a New Version?Fixed formats(versions 1,5,7,and 8)are not flexible and adaptableCisco needed to build a new version each time a customer wanted to export new fieldsWhen new versions are created,partners need to reengineer to support the new export formatSolution:Build a flexible and extensible export format!Netflow v9 PrinciplesVersion 9 is an export formatStill a push modelSent the template regularly(configurable)Independent of the underlying protocol,it is ready for any reliable protocol(ie:TCP,SCTP)NetFlow v9 Export PacketData FlowSetTemplate FlowSetOption TemplateFlowSetHeaderFlowSet ID#1Data FlowSetFlowSet ID#2Template ID(specific Field types and lengths)(version,#packets,sequence#,Source ID)Matching ID#s is the way to associate Template to the Data RecordsThe Header follows the same format as prior NetFlow versions so Collectors will be backward compatibleEach Data Record represents one flowIf exported flows have the same fields then they can be contained in the same Template Record e.g.unicast traffic can be combined with multicast recordsIf exported flows have different fields then they cant be contained in the same Template Record e.g.BGP next-hop cant be combined with MPLS Aware NetFlow recordsFlows from Interface AFlows from Interface BTo support technologies such asMPLS or Multicast,this export format canbe leveraged to easily insert new fieldsOption DataFlowSetFlowSet IDOption Data Record(Field values)Option Data Record(Field values)Template RecordTemplate ID#2(specific Field types and lengths)Template RecordTemplate ID#1(specific Field types and lengths)Data Record(Field