Network Management System

 Today I want to discuss monitoring methodologies. We all must be monitoring our network devices in a real time scenario for any kind of fault or outage and track their health status. NMS or Network Management System is used to generate alerts at any kind of unwanted situation.

The Two Components
In any monitoring setup there are two components. First is Network Unit (or SNMP Agent) which needs to be monitored and Second one is a SNMP Server or simply NMS (Network Management Server), which keeps record of Network Unit.

SNMP Vs Trap
Basically, there are two ways to achieve monitoring, SNMP and TRAPs. SNMP is a passive or pull method which is initiated by NMS on a regular interval as a SNMP request and Network Unit responses with its real time system statistics. While TRAP is an active or Push monitoring strategy where any major event is immediately reported to the NMS by network unit itself.

MIB Tree
Usually all network devices are equipped with a SNMP agent and this SNMP Agent has a MIB Tree (Management Information Base Tree). This tree is a hierarchical structure of the device system management and includes all attributes associated to SNMP Agent. These attributes are known as OIDs (Object Identifiers). Initially, NMS runs a SNMPwalk in- order to fetch complete MIB tree of network unit.

  Now based on the requirement, NMS can be configured with specific set of OIDs, out of the entire tree, So that only desired attributes of device can be recorded and not all unused attributes.  Desirable monitoring attributes can be,

Device status (UP/Down)

Interface Status (Up, Down, Bandwidth, Duplex, Speed, MTU etc)

System utilization (RAM, Processor)

 Storage status (Utilized/Remaining space in Hard Disk, Flash, or some other internal storage)

System Environment Status (Power, Temperature, FAN etc)

Operating protocol/ Service status

Apart from that device and vendor specific many other services or parameters can be monitored.

Community String
SNMP Agents are configured with a community string. This string is used to verify that only trusted NMS can poll the device status. NMS sends SNMP query with Agent’s community. If agent gets a query with community other than configured one, agent doesn’t respond.

Community strings can be configured in two modes Read-only and Read-Write. In Read-Only, NMS can only retrieve the agent attributes. While using a Read-Write community, NMS can force Agent to accept and write the configuration on Network device. An agent can be configured with multiple SNMP community strings in both modes Read-Only and Read-Write modes

 NMS sends SNMP request, periodically, to agent with set of configured OIDs and predefined community string. Based on the return value NMS plots graphical map on needful parameters (Like bandwidth utilization or system utilization etc) or it may trigger alarm, in case of device performance goes beyond threshold (Eg. Device unreachable, or high system utilization, or any running service failure etc.)

SNMP can be configured in its three versions.

SNMPv1 was initial protocol for monitoring and had lack of security.

SNMPv2 has not many differences than SNMPv1. Version2 supports 64bit counter where as version1 had 32 bit counters. So Version2 was able to monitor Gigabit interfaces properly.

SNMPv3 had many advantages in terms of security enhancement. Version3 introduced encryption and hashing (Integrity check). And because of the security enhancements remote configuration of devices are reliable.

Well, there are lots more if you dig deeper into monitoring techniques. There are lots of NMS tools available to monitor the network, you can use anyone and discover your way to initiate the monitoring.
I would appreciate if you share your feedback about this post and corrections, if any.