Chapter 13 - Managing and Troubleshooting TCP/IP

OSI Reference Model - Specific Management Functional Areas (SMFAs)

• accounting management - providing information on costs and account usage
• configuration management - managing the actual configuration of the network
• fault management - detecting, isolating, and correcting faults, including maintaining error logs and diagnostics
• performance management - maintaining maximum efficiency and performance, including gathering statistics and maintaining logs
• security management - maintaining a secure system and managing access

1. Network Management Standards
   
   1. Internet Advisory Board (IAB) developed SNMP for TCP/IP
   2. OSI developed Common Management Information Services (CMIS) and Common Management Information Protocol (CMIP)
   3. IAB published Common Management Information Services and Protocol over TCP/IP (CMOT) standard

2. What is SNMP?
3. Simple Network Management Protocol - method of communicatiing between managed devices and servers
   1. SNMP manager handles the overall software and communications between devices using the SNMP communications protocol (routers, gateways, bridges, concentrators, hubs, hosts, servers, terminal servers, any other SNMP client)
   2. SNMP-managed devices contain the SNMP agent software and a database called the Management Information Base (MIB)
   3. SNMP messages are enclosed within a UDP datagram and routed via IP
   4. five message types:
      1. get request - used to query an MIB
      2. get next request - used to read sequentially through an MIB
      3. get response - used for a response to a get request message
      4. set request - used to set a value in the MIB
      5. trap - used to report events
   5. UDP port 161 is used for the first four; UDP port 162 is used for traps
   6. enables proxy management (device with an SNMP agent and MIB can communicate with other devices that do not have the full SNMP agent software)
   7. SNMP-managed devices communicate with SNMP servers via polled and interrupt formats
   1. Management Information Base (MIB) - database containing status information
   2. Structure and Indentification of Management Information(SMI) - specification that defines the entries in an MIB
      1. object type - name of the particular entry
      2. syntax - value type (i.e. integer, string)
      3. access field - defines level of access to the entry (i.e. read-only)
      4. status field - indicates whether entry in MIB is mandatory, optional, or obsolete
      
      
      1. MIB-1: 114 different entries in the table
      2. MIB-2: 171 entries divided into ten groups
   3. Setting Up SNMP Under UNIX
      1. client software is executed through the snmpd daemon (starts upon boot and is always running)
      2. snmpd reads /etc/inet/snmpd.conf, /etc/inet/snmpd.comm, and /etc/inet/snmpd.trap
   4. SNMP Commands
      1. getone - uses SNMP get command to retrieve a variable value
      2. getnext - uses the SNMP getnext command to retrieve the next variable value
      3. getid - retrieves the values for sysDescr, sysObjectID, and sysUpTime
      4. getmany - retrieves an entire group of MIB variables
      5. getroute - retrieves routing information
      6. snmpstat - retrieves the contents of SNMP data structures
      7. setany - uses the SNMP set command to set a variable value
   5. Setting Up SNMP Under NT
      1. Windows NT SNMP Service only includes an SNMP agent and not SNMP Management tools
      2. Management tools are available on:
         1. HP OpenView
         2. IBM NetView
         3. Sun Net Manager
      3. NT SNMP Services includes the following MIBs ( in the form of .dll s)
         1. Internet MIB II (defined in RFC 1213): 171 objects for config. analysis and network fault troubleshooting
         2. LAN Manager MIB II: 90 objects related to Microsoft Networking (users, shares, sessions, LAN Manager statistics
         3. DHCP MIB: 14 objects for monitoring a DHCP Server
         4. WINS MIB: 70 objects for monitoring a WINS Server
      4. Installation of SNMP also enables NT Performance Monitor TCP/IP performance counters
      5. Installation: Control Panel | Network | Add Software | TCP/IP Protocol | SNMP Service
      6. Configuration (requires Administrator priviliges)
         1. Community: Control Panel | Network | SNMP Services | enter community names and hosts to send traps to
         2. Security: Control Panel | Network | SNMP Services | Security | configure security for community names
         3. Agent Information: Control Panel | Network | SNMP Servies | Agent | configure agents
      7. CAn test the SNMP Service with snmputil on the NT Resource Kit (e.g. snmputil getnext localhost public

4. Network Topologies (80/20 rule: 80% of most network traffic should be for local machines)
   1. Using a router to connect a LAN to the backbone
   2. Using a bridge to connect two LANs (requires same network (MAC) protocol on both LANs)
   3. Using a bridge to connect two WANs
   4. Routers better when frequent broadcasts: Routers filter out broadcasts that apply only to a specific LAN while bridges propagate broadcasts across the network (switching router/ hub router)

5. Configuring a Network - requires
   1. physical address - provided by interface manufacturer
   2. IP address - optional with serial-line interfaces
   3. subnet mask - specifies the network address
   4. protocol - IP, if TCP/IP or UDP is used
   5. Routing protocols - Whether ARP or RARP is used; RIP or OSPF
   6. Broadcast address - format to use for broadcast, usually all 1's
   
   

   IP address class structures

   Class A	0	Network(7 bits)	Local Address(24 bits)
   Class B	10	Network(14 bits)	Local Address(16 bits)
   Class C	110	Network(21 bits)	Local Address(8 bits)
   Class D	1110	Multicast Address (28 bits)

6. Monitoring and Basic Troubleshooting Utilities
   FOUR SPECIFIC TROUBLESHOOTING OBJECTIVES
   • Communication problems
   • Connectivity problems with cards, cables, and related hardware
   • Broadcast storms - sudden flood of broadcast messages that clogs the transmission medium
   • Network performance problems
   • ping
   • spray (sends a constant stream of datagrams or ICMP messages) - useful for checking burst-mode capabilities
   • traceroute
   • rpcinfo - determines which RPC services are currently active on the local or remote system
   • nfsstat - displays information about recent calls
   • mount - shows which directories are currently mounted
   • showmount - shows the current NFS servers on the system
   • telnet / ftp - can be used to verify a port's proper functioning
   
   
   • if DNS is on the system, use nslookup to ensure that DNS is active
   • if NFS is used, check with the mount utility
   • use ping to check whether a remote machine is alive
   • use traceroute to ensure that a routing problem is not occurring (check all ports of the routers if traceroute fails)
   • use netstat to examine ICMP messages recently generated
   • try logging into the remote directly using ftp or telnet
   • if RPCs appear to be the problem, use rpcinfo
   1. Troubleshooting the Network Interface
      1. check cards
      2. check cables (including terminators and T's)
      3. check protocols on all systems (different versions of "Ethernet")
   2. Troubleshooting the Network (IP) Layer
      1. duplicate IP addresses
      2. faulty DNS tables
      3. swapping network cards (IP address / physical address pairing has changed)
      4. faulty devices (use ping & traceroute)
   3. Troubleshooting TCP and UDP
      1. TCP or UDP or both failing?
      2. check port addresses (use ping / telnet / finger)
      3. check configuration parameters in files
   4. Troubleshooting the Application Layer
      1. check if data is getting to the right application
      2. verify that the communications is in the same format (ASCII / EBCDIC)
      3. use 3rd party software: snmpwatch, Internet Rover, mconnect
   5. The Troubleshooting Process
      1. Set the problem's priority. Ask yourself: How serious is this problem? Will the network still function if I attend to other matters first? Can I quantify the loss of work time or productivity the problem is causing?
      2. Collect information to identify the symptoms. Ask the users to describe the problem. A user's description can lead to further questions, which can lead to a deeper description. Compare the present behavior of the network with the baseline behaviour. Search logs and journals for previous occurrences of the problem.
      3. Develop a lost of possible causes. Is the problem related to connectivity devices? Cabling? Protocols? A faltering workstation? What do past occurrences have in common with the present ocurrence?
      4. Test to isolate the cause. Develop tests that will prove or disprove each of the possible causes. A test could be as simple as checking a setup parameter or as complicated as studying network traffic with a protocol analyzer.
      5. Study the results of the test to identify a solution. Your tests will (ideally) point you to the real problem. After you know the problem, you can determine a solution.
      
      
   6. Some common sense troubleshooting tips.
      1. Make sure that all cables and connectors are securely plugged in and that all electrical devices are turned on.
      2. Step through the logical and physcial pathways of the connection in your mind. Verify that each hardware and software component along the path of the connection is functioning properly. Check the cables and adapters; check protocol bindings and systems settings; verify that all required services are running.
      3. Test and experiment to isolate the problem. Remove and replace suspected components one at a time to isolate the defective component. (Keep extra hard drives, cables, jumpers, and network adapters around in case of emergency.)

7. Security