6bd79425ee2a62dc10e01f4c7db17b5a.ppt
- Количество слайдов: 32
AANTS: Web-Based Network Administration Tools - Latest Developments Charles Thomas AANTS Administration Team Division of Info. Tech. (Do. IT) Network Services University of Wisconsin - Madison CTHOMAS@wisc. edu
Talk Overview • 20 minutes = BARNSTORM! • Focus more on latest work with AANTS. • Show kinds of tools we’ve found necessary to manage a large network. • Show the kind of tools which can be created by a network-specific programmer using open-source tools.
Present UW Campus Network • Nearly 1800 Cisco network devices, many models. • A few Juniper and Net. Screen devices. • 64, 000+ managed ports. • The number of managed buildings, devices, and ports is growing every day.
The Challenge • Campus LAN admins (Authorized Agents) need to administer the switches and ports which carry their LANs. • The gear is centrally owned/managed, therefore we cannot allow them direct access (e. g. ssh or telnet) to the switches themselves. • Need to maintain good relations with AAs and not deprive them of their sense of autonomy (political/practical).
The Goal • Give our Authorized Agents comparable (and in many cases improved) network management capabilities. • Maintain appropriate levels of security, authorization and access control. • Must be easy-to-use. • Must protect centrally-managed gear, protect AAs from each other.
AANTS: Authorized Agent Network Tool Suite • Loosely-coupled set of web-based utilities for network administration. • Tools are team-developed in-house, optimized toward local networking practices, driven by user need. • Allow users (campus LAN administrators and network engineers) to manage network devices, change device configurations, troubleshoot, inspect traffic data, coordinate with users, and perform other network management tasks.
AANTS: Authorized Agent Network Tool Suite (cont. ) • Dozens of web-based GUI tools which allow all aspects of day-to-day network administration to be performed with a few clicks in a browser. • Supported by a wide variety of behind-the-scenes scripts which handle things like database updates, SNMP information gathering, network state auditing, etc. • Arranged into a hierarchy of functionality: – Network Contacts – Authorized Agents – Super Users
Foundation Technologies: • Net. CMS - Network Device Configuration Management System for tracking router/switch configurations. • Wisc. NIC - RIPE whois database of network resources (VLANs, Administrators, Subnets). • My. SQL - Network configurationinformation. • Cisconf - Cisco tftp config tool. • GNU Make - Project management. • Flow. Scan and MRTG (Multi-Router Traffic Grapher).
No Time For: • Looking. Glass - run command-line device queries. • Net. Watch - Find IP and MAC addresses on network devices. • Net. Stats - Multitude of traffic graphs and statistics. • VLAN Finder - Discover VLAN config info. • Mail. By. Device - Contact users responsible for devices. • Mail. By. Vlan - Contact users responsible for VLANs. • Port. Text. Search - Locate device/port combinations by searching any user-entered port labeling. • Many more!
Edge. Conf • Configure device ports. • Perform multiple port changes as one transaction. • Label ports with user information • Work with port subsets. • Examine switch port configurations and other switch information. • Users can only change devices/ports for which they are authorized.
New Features • Configure POE on ports. • Ability to lock ports to a specific MAC address (security). • Display history of port changes. • Edge. Conf for platform (6500 series) devices.
Mail. By. Device • Select one or more network devices. • Find all VLANs on each device. • Get all technical and administrative contacts for each VLAN from the Wisc. NIC database. • User can compose an email message. • Message will be mailed to all users. • Used to alert users when certain devices are going to be affected by NS actions.
UPSManager • Select one or more UPS devices. • Display current device config. • View all technical device info: – make/model/SN/IP/OS – Contact info – Building/room info, etc. • Create/edit/delete maintenance records. • View/edit maintenance history. • Maintain list of associated components (e. g. batteries, fans).
Code. Pusher • Push commands, operating code, or configuration code to selected network devices. – – Run command-line directives (e. g. ‘show int’). Upgrade system software. Modify device configurations. Manage ACLs. • Parallelized for maximum efficiency. • Can specify a delayed device restart date/time. • Parses results into log files which can be viewed from the web browser. • Performs error-checking. • Reports results via email.
Usage - Past 365 Days • Mail. By. Device - Used 130 times by Do. IT net engineers and NOC staff to alert campus agents of potential network outages. • Config. Pusher - 827 transactions by Do. IT net engineers, tens/hundreds of devices per transaction. • Edge. Conf - 10, 500 transactions, between 1 and 200 port changes per transaction.
Summary • AANTS tools allow our customers to manage their network over the web, regardless of the user’s platform of choice. • AANTS tool development is driven by user input and real-world needs. • AANTS is built on a foundation of freely-available software. • Local networking practices guide AANTS’ growth as a customized system.
Summary (cont. ) • Day-to-day management tasks are handled more quickly and easily for network services staff. • Improved Security Management – Maintain common Access-Control-Lists across network gear. – Locate and isolate compromised and abusive machines. – Identify and block abusive traffic. – Lock ports to individual MAC addresses
Summary (cont. ) • These tools help us maintain good relations with campus LAN admins by empowering them rather than moving responsibility away from them. • This cooperative policy makes use of available campus IT talent to help network services staff manage the network.
Contact the AANTS Admin Team aants-admin@net. doit. wisc. edu
6bd79425ee2a62dc10e01f4c7db17b5a.ppt