Chapter 2. Overview Of Network Monitoring

Table of Contents
2.1. Goals of network monitoring
2.2. Traditional approaches
2.3. Problems associated with traditional approaches
2.4. Network monitoring at Rhodes University
2.5. Summary

It is important to understand some of the goals of network management before the problems associated with current network management techniques can be examined. Once these techniques of network monitoring, and the problems associated with them, are understood the more specific goals of this project can be examined. These goals need to be put in context, however, and this requires some knowledge of the network infrastructure and layout at Rhodes University.

2.1. Goals of network monitoring

Modern computer networks tend to be large heterogeneous collections of computers, switches, routers and a large assortment of other devices. To a large degree, the growth of such networks is ad-hoc and based on the current and perceived future needs of the users. As networks get larger and faster, the job of monitoring and managing them gets more complex. However, the job of managing computer networks becomes increasingly more important as society becomes more dependent on computers and the Internet for every day business tasks. Network downtime now costs significant amounts of money [CPR, 2001] so it is important that network and system managers are aware of everything that is happening on the networks for which they are responsible. Fortunately, computers are fairly good at watching other computers which means we can automate this task to some extent.

In their discussion on the basics of network management, Cisco Systems point out that the term "network management" means different things to different people [Cisco, 2002]. They give two examples at opposite ends of the spectrum to illustrate this diversity: A solitary network consultant monitoring network activity and high end workstations generating graphical views of network topologies and traffic. Both of these examples employ some form of tool to gather, analyse and represent information about a computer network; therefore, in general, network management involves a set of tools to aid people to monitor and maintain computer networks.

In an attempt to better understand the goals of network monitoring, it is useful to have a model of some kind.

The International Telecommunications Union (ITU) proposed a network management model aimed at understanding the major functions of network management and monitoring software. This management model forms part of the X.700 series of documents from the ITU and is based on the Open Systems Interconnect (OSI) reference model. It is in the process of being standardised by the International Standards Organisation (ISO). It addresses five conceptual areas, being: performance management, configuration management, accounting management, fault management and security management [Rose, 1991].

These conceptual areas are useful in understanding the goals of network monitoring and management, but first there is need to differentiate between the two. The difference between network management and networking monitoring is blurred — people tend to use the two terms interchangeably. For the purposes of this document the term "monitoring" will be used to refer to systems that simply observe and report on a network, without taking any corrective action of their own accord. The term "management" will be used to refer to systems that both monitor a network and take corrective or preventative maintenance action without the need for intervention. As such, "network monitoring" is a subset of "network management". For this reason, although the ISO model refers to network management, a large proportion of the ideas it contains are applicable to the role of network monitoring. The five areas contained in the ISO model will now be examined in more detail:

Fault management is the detection of problems and faults on the network. Such faults should be properly logged, and if appropriate an alarm should be raised. This area is responsible for proper problem identification, determining the cause of the fault and ensuring the proper resolution of the problem. Management software operating in this area may attempt to correct faults on its own, whereas monitoring software relies on notifying somebody of the problem so that they can intervene.

The aim of configuration management is to keep track of the network's configuration, both hardware and software. This area includes keeping track of what computers and networking infrastructure are on a network, and how they are interconnected. In addition, configuration management includes following what software versions each device is running, as well as the software configuration of each device.

Security management incorporates all aspects of authentication and access control, from the definition of access policies to the enforcing of those policies. Security management software may need to be aware of access control lists (ACLs), users' access levels, and all other areas of security policy. All transactions should be properly logged to create an audit trail. Exception reports can be generated for events that fall out of the scope of the defined policies, and these reports can be used to alert administrators of the policy violation.

The area of performance management looks at the current and expected performance of the network. Elements of network performance that may be monitored include availability, response time, error rate, throughput and utilisation. This information may be compared to theoretical performance levels, historical averages or norms in order to determine how well the network is currently performing. Erratic behaviour and unusual changes in performance may help to predict network faults before they occur, enabling network managers to take preemptive measures. Historical performance information of this sort may be used to determine network growth and predict usage patterns. This data can, in turn, be used to aid in network capacity planning.

Accounting management covers two broad areas: asset control and cost management. Asset control refers to knowing what computers are on the network, who they belong to, who is using them, and perhaps where they are located. The second area, cost management, looks at what the costs of providing network services are and how they are paid for. This may include charging models that see users in some way pay for the resources they use. The management of such charging models, as well as the gathering of any data required to implement them falls within the scope of this area.

In practice there is often a large amount of operational overlap between these five "network management" areas.