NOC Services and Applications AFNOG 2003 Sunday Folayan

NOC Services and Applications AFNOG 2003 Sunday Folayan & Brian Longwe Based on: Netmgt T 4 -98 by Scott Bradner Netmgt T 2 -99 by Abha Ahuja Afnog T 2 -2001/2 by Brian Longwe NOC Services and Applications 1

What is Network Management? “In order operate a reliable service, the network must be managed according to a determined discipline, using a coherent structure of information management. ” Geoff Huston, ISP Survival Guide NOC Services and Applications 2

What is a NOC? Network Operations Centre (NOC) n Monitors and manages a service provider’s network • Information about current, historical and planned availability of systems • Network status and operational statistics • Fault monitoring and management Engineers can coordinate their work through the NOC Services and Applications 3

Network Management - Components Parts of Network Management • • Configuration/Change management Performance/Accounting management Fault management Security management NOC Services and Applications 4

Configuration Management Maintaining information relating to the design of the network and its current configuration n Network State • Record of network topology – Static Õwhat is deployed Õwhere it is deployed Õhow it is attached ÕWho is responsible for it ÕHow do I contact them – Dynamic Õoperational status of the network elements NOC Services and Applications 5

Configuration Management n inventory management • database of network elements • history of changes & problems n directory maintenance • all hosts & applications • nameserver database n host and service naming coordination • "Information is not information if you can't find it" NOC Services and Applications 6

Configuration Management Operational Control of network n Start/stop individual components n Alter configuration of devices n Load and save config versions n Hardware/Software upgrades n Methods of access • SNMPGet / SNMPSet • Out-of-Band access NOC Services and Applications 7

What is SNMP? Simple Network Management Protocol n query - response system n • can obtain status from a device • standard queries • enterprise specific n uses database defined in MIB • management information base NOC Services and Applications 8

What do we use SNMP for? n query routers for: • • n in and out bytes per second CPU load uptime BGP peer session status query hosts for: • • network status Message queues Web traffic Squid proxy load NOC Services and Applications 9

SNMP Exercise n Please complete the SNMP Execise NOC Services and Applications 10

Configuration Management SNMP driven display wjh 12 mghgw generali talcott harvisr huelings pitirium nnhvd husc 6 harvard wjhgw 1 geo nngw oitgw 1 sphgw 1 lmagw 1 dfch NOC Services and Applications tch 11

Performance Management A Consistent level of network performance n Data collection – interface stats – throughput – error rates – usage – percent availability Data analysis for performance metrics and trends n Establishment of performance thresholds n Capacity planning and deployment n NOC Services and Applications 12

Importance of Network Statistics Accounting n Troubleshooting n Long-term trend analysis n Capacity Planning n Two different types n • active measurement • passive measurement n Management Tools have statistical functionality NOC Services and Applications 13

MRTG NOC Services and Applications 14

MRTG Checkout http: //noc. ws. afnog. org/mrtg NOC Services and Applications 15

Performance Management Tools n netflow • cflowd (http: //www. caida. org/tools/measurement/cflowd) • collects flow information from cisco routers • AS to AS information • src and destination ip and port information • useful for accounting and statistics • how much of my traffic is port 80? • how much of my traffic goes to AS 237? NOC Services and Applications 16

Netflow examples n Top ten lists (or top five) ##### Top 5 AS's based on number of bytes ####### src. AS dst. AS pkts bytes 6461 237 4473872 3808572766 237 22977795 3180337999 3549 237 6457673 2816009078 2548 237 5215912 2457515319 ##### Top 5 Nets based on number of bytes ###### Net Matrix -----number of net entries: 931777 SRCNET/MASK DSTNET/MASK PKTS 165. 123. 0. 0/16 35. 8. 0. 0/13 745858 207. 126. 96. 0/19 198. 108. 98. 0/24 708205 206. 183. 224. 0/19 198. 108. 16. 0/22 740218 35. 8. 0. 0/13 128. 32. 0. 0/16 671980 ##### Top 10 Ports ####### input port packets bytes 119 10863322 2808194019 80 36073210 862839291 20 1079075 1100961902 7648 1146864 419882753 25 1532439 97294492 BYTES 1036296098 907577874 861538792 467274801 output packets bytes 5712783 427304556 17312202 1387817094 614910 62754268 1147081 414663212 2158042 722584770 NOC Services and Applications 17

Accounting Management n What do you account for? • Use of the network and the services it provides n Types of accounting data • RADIUS/TACACS accounting data from Access servers • Interface statistics • Protocol statistics n Accounting Data affects Business Models • Bill on usage? • Flat-rate billing? NOC Services and Applications 18

Fault Management n Identify the fault • Regular polling of network elements n Isolate the fault • Diagnosis of the network components n Respond to the fault • Allocate resources to resolve the fault • Priority scheduling • Technical/management escalation n Resolve the fault • notification NOC Services and Applications 19

Fault Management - systems n reporting mechanism • link to NOC • notify on-call personnel setup & control alarm procedures n repair/recovery procedures n ticket system n NOC Services and Applications 20

Fault Management - Fault Detection Who notices a problem with the network? • Network Operations Center w/ 24 x 7 operations staff – open trouble ticket to track problem – preliminary troubleshooting – Assign engineer to problem or escalate ticket status • Customer call • Other ISPs NOC Services and Applications 21

Fault Management Fault Detection (con) How can you tell if there is a problem with the network? • Network Monitoring Tools – common utilities Õ ping Õ traceroute Õ Snmp – Monitoring Systems Õ NOCol Õ Brother Big Õ Net. Saint Õ NMIS Õ Openview, etc… HP • Report state or unreachability – detect node down – routing problems NOC Services and Applications 22

Exercise: Big Brother Download Big Brother Source from http: //t 2. ws. afnog. org/downloads. htm Follow instructions on http: //t 2. ws. afnog. org/bigbrother-setup-notes. txt Set up bb-hosts to monitor routers of other tables in the class: NOC Services and Applications 23

Fault Management - Ticket System Very Important! n Need mechanism to track: n • failures • current status of outage • carrier tickets NOC Services and Applications 24

Fault Management: Ticket System n system provides for: • • • short term memory & communication scheduling and work assignment referrals and dispatching oversight statistical analysis long term accountability NOC Services and Applications 25

Fault Management - Ticket Usage create a ticket on ALL calls n create a ticket on ALL problems n create a ticket for ALL scheduled events n copy of ticket mailed to reporter and mailing list(s) n all milestones in resolution of problem maintain the same ticket # n ticket stays "open" until problem resolved n Ticket reporter determines that ticket should be closed. n NOC Services and Applications 26

Fault Management - Ticket Example Sample opening ticket Subject Fix sshd on T 2 instructor machines Serial Number 6 Area none Queue afnog-noc Requestors pfs@cisco. com Owner inst Status resolved Last User Contact Wed Jun 11 17: 02: 21 2003 (30 hr ago) Current Priority 1 Final Priority 1 Due No date assigned Last Action Wed June 11 17: 02: 21 2003 (30 hr ago) Created Mon June 9 14: 08 2003 (2 days ago) NOC Services and Applications 27

Fault Management - Ticket Example Sample progress ticket TT 0000033975 has been MODIFIED. Here are the fields that have been changed: Copy. Of. Time : 5 TTC Temp : 0 Ticket information log : toppi@umich. edu said. . . While I was investigating this, Debbie from UUNet called (via Merit main number) to tell us they were seeing it down. She can be reached at xxx-xxxx. The UUNet ticket is xxxxx. . NOC Services and Applications 28

Fault Management - Ticket Example Sample closing ticket • includes previous ticket contents plus resolution Users on the laptop station minihub are not getting correct DHCP responses. No gateway or DNS entries are returned. Thanks, - Hervey -- CUSTOMER INFORMATION ----------'inst' (AFNOG Instructors) – ------------------- There have been several issues. First, the Cisco config-switch was set so the box would forget it's config on a power cycle (and we've had a few). Second, I made a typo when I cleaned up a DNS file. Things *should* be working now (famous last words). Resolving this till I hear otherwise. GJ -------------------------------->otherwise. Ø>GJ Many thanks! - Hervey NOC Services and Applications 29

Exercise: Ticket System • Download OTRS Source from http: //t 2. noc. ws. afnog. org/downloads. htm • Follow instructions on http: //t 2. noc. ws. afnog. org/OTRS-setup-notes. txt • Create 2 -3 users within ticket system • Create tickets to track network occurrences as they occur - network failures will be provided ; -) NOC Services and Applications 30

Fault Management - typical failures • Node unpingable • no ip connectivity to router • possible reasons: – serial link down Õ telco call – router down/hardware problem Õ engineer call – routing problem Õ troubleshoot with traceroute Õ routeviews machine NOC Services and Applications 31

Security Management: Do’s & Don’t’s § § § § Dont’ leave things that are likely to be interesting to mice lying on the kitchen table overnight Plug the holes that mice are using to get into the house Don’t provide places within the house for mice to build nests Set traps along walls where you often see mice out of the corner of your eye Check the traps daily to rebait them and to dispose of squashed mice. Full traps don’t catch mice, and they smell Avoid using commercial bait-and-kill poisons. Traditional snap traps are best. Get a cat! NOC Services and Applications 32

Security Management - Tools n security tools • • • n cops - host configuration checker (www. cert. org) swatch - email reports of activity on machine Tcpwrappers – log connections, restrict access ssh/skey – crypto authentication and communications Tripwire – monitor changes to system files Keep up to date with security information • bug reports – CERT advisories mailing list: Õhttp: //www. cert. org. /contact_cert/certmaillist. html • bug fixes • intruder alerts NOC Services and Applications 33

Security Management – Good Practice n reporting procedure for security events • e. g. break-ins • abuse email address for customers to report complaints (abuse@your-isp. net) n control internal and external gateways • control firewalls (external and internal) n security log management • centralised logging host NOC Services and Applications 34

How do I manage my network? n Which tools should I use? What do I really need? • Keep it simple! • Need to consider engineers working remotely • Don’t want to spend too much time maintaining the tool (it should be helping you!) • Different tools for NOC and engineers • Different tools for statistics • RELIABILITY! NOC Services and Applications 35

References http: //www. merit. edu/ipma/docs/isp. html n http: //www. nanog. org n http: //www. caida. org n http: //www. nlanr. net n http: //www. cisco. com n http: //www. amazing. com/internet/ n http: //www. isp-resource. com/ n http: //www. merit. edu/ipma n http: //www. ripe. net n NOC Services and Applications 36

More Tools! n http: //www. caida. org/Tools/ • OC 3 Mon/Coral n http: //www. merit. edu/~ipma • Route. Tracker • IRRj • ASExplorer http: //www. geektools. com/ n http: //www. merit. edu/ipma/tools/other. html n NOC Services and Applications 37

ASexplorer NOC Services and Applications 38

Route Flap Stats NOC Services and Applications 39

Looking Glass Tools n http: //www. merit. edu/~ipma/tools/lookingglass. html route-views. oregon-ix. net>show ip bgp 35. 0. 0. 0 BGP routing table entry for 35. 0. 0. 0/8, version 56135569 Paths: (17 available, best #12) 11537 237 198. 32. 8. 252 from 198. 32. 8. 252 Origin incomplete, localpref 100, valid, external Community: 11537: 900 11537: 950 2914 5696 237 129. 250. 0. 3 (inaccessible) from 129. 250. 0. 3 Origin IGP, metric 0, localpref 100, valid, external Community: 2914: 420 2914 5696 237 129. 250. 0. 1 (inaccessible) from 129. 250. 0. 1 Origin IGP, metric 0, localpref 100, valid, external Community: 2914: 420 3561 237 237 204. 70. 4. 89 from 204. 70. 4. 89 Origin IGP, localpref 100, valid, external 267 1225 237 204. 42. 253 from 204. 42. 253 Origin IGP, localpref 100, valid, external Community: 267: 1225: 237 NOC Services and Applications 40

More Looking Glass Tools Traceroute servers n http: //www. merit. edu/ipma/tools/trace. html n Query: trace Addr: www. isoc. org Translating "www. isoc. org". . . domain server (206. 205. 242. 132) [OK] Type escape sequence to abort. Tracing the route to info. isoc. org (198. 6. 250. 9) 1 2 3 4 5 6 7 8 9 iad 1 -core 2 -fa 5 -0 -0. atlas. digex. net (165. 117. 129. 2) 0 msec 4 msec dca 5 -core 2 -s 5 -0 -0. atlas. digex. net (165. 117. 53. 41) 0 msec 4 msec 0 msec dca 5 -core 1 -fa 5 -1 -0. atlas. digex. net (165. 117. 56. 117) 4 msec 0 msec 4 msec Hssi 3 -1 -0. BR 1. DCA 1. ALTER. NET (209. 116. 159. 98) 0 msec 4 msec 101. ATM 2 -0. XR 1. DCA 1. ALTER. NET (146. 188. 160. 226) [AS 701] 4 msec 0 msec 4 msec 195. ATM 7 -0. XR 1. TCO 1. ALTER. NET (146. 188. 160. 102) [AS 701] 4 msec 0 msec 193. ATM 8 -0 -0. GW 1. TCO 1. ALTER. NET (146. 188. 160. 33) [AS 701] 4 msec charlie. isoc. org (198. 6. 250. 1) [AS 701] 8 msec info. isoc. org (198. 6. 250. 9) [AS 701] 8 msec * 12 msec NOC Services and Applications 41

SNMP Tool references • • • MON - http: //www. kernel. org/software/mon/ NOCol - ftp: //ftp. navya. com/pub/vikas/nocol. tar. gz Sysmon - ftp: //puck. nether. net/pub/jared Rover - http: //www. merit. edu/~rover Concord - http: //www. concord. com http: //www. merit. net/~netscarf NOC Services and Applications 42