Novel Approaches to the Monitoring of Computer Networks

A thesis submitted in fulfilment of 
the requirements for the degree of

Guy Antony Halse


Traditional network monitoring techniques suffer from a number of limitations. They are usually designed to solve the most general case, and as a result often fall short of expectation. This project sets out to provide the network administrator with a set of alternative tools to solve specific, but common, problems. It uses the network at Rhodes University as a case study and addresses a number of issues that arise on this network.

Four problematic areas are identified within this network: the automatic determination of network topology and layout, the tracking of network growth, the determination of the physical and logical locations of hosts on the network, and the need for intelligent fault reporting systems. These areas are chosen because other network monitoring techniques have failed to adequately address these problems, and because they present problems that are common across a large number of networks. Each area is examined separately and a solution is sought for each of the problems identified.

As a result, a set of tools is developed to solve these problems using a number of novel network monitoring techniques. These tools are designed to be as portable as possible so as not to limit their use to the case study network. Their use within Rhodes, as well as their applicability to other situations is discussed. In all cases, any limitations and shortfalls in the approaches that were employed are examined.

Table of Contents
1. Introduction
1.1. An Introduction to the Problem Area
1.2. Document Layout
1.3. Conventions and Typography
1.4. Internet Standards Process
1.5. OSI and the ISO
2. Overview Of Network Monitoring
2.1. Goals of network monitoring
2.2. Traditional approaches
2.2.1. SNMP
2.2.2. RMON
2.2.3. Active probes
2.2.4. Passive monitoring
2.2.5. Proprietary protocols
2.2.6. Higher level products
2.3. Problems associated with traditional approaches
2.3.1. Limitations of current methods
2.3.2. The problem of multi-vendor networks
2.4. Network monitoring at Rhodes University
2.4.1. Overview of the network at Rhodes University
2.4.2. Monitoring
2.4.3. Monitoring shortfalls
2.5. Summary
3. First Steps
3.1. Solutions for the layman
3.2. Multi-vendor networks revisited
3.3. RADSL monitoring
3.4. Summary
4. Determining Network Topology
4.1. Traceroute approach
4.2. SNMP approach
4.3. Summary
5. Tracking Network Growth
5.1. Design issues
5.2. Implementation
5.3. Problems and solutions
5.3.1. Social considerations
5.3.2. Network cards
5.3.3. MySQL problems
5.3.4. Routed subnets
5.4. A web front-end
5.5. Some results emerge
5.6. Unexpected uses
5.6.1. DNS dead wood
5.6.2. Uptime indication
5.7. Summary
6. Finding Specific Machines
6.1. Logical location
6.2. Physical location
6.3. A combined approach
6.4. Shortfalls
6.5. Summary
7. Intelligent Reporting
7.1. Symptomatic reporting
7.2. Expert systems
7.2.1. Rule based systems
7.2.2. Expert systems
7.2.3. Pattern recognition
7.2.4. Neural networks
7.3. Intelligent network monitoring
7.3.1. Gathering data
7.3.2. Testing services
7.3.3. Reporting faults
7.4. Summary
8. A Coalescence of Systems
8.1. Open systems interconnect model
8.1.1. Performance management
8.1.2. Configuration management
8.1.3. Accounting management
8.1.4. Fault management
8.1.5. Security management
8.1.6. OSI summary
8.2. Dependencies
8.2.1. Dependencies between systems
8.2.2. Dependency summary
8.3. Portability
8.3.1. RADSL monitoring
8.3.2. SNMP approach to mapping networks
8.3.3. Location of machines
8.3.4. Intelligent reporting
8.4. Existing solutions
8.5. Summary
9. Conclusion and Future Work
9.1. Summary of Work Covered
9.2. Future Work
9.2.1. Separating infrastructure from hosts
9.2.2. Intelligent testing
9.2.3. Other work
9.3. Conclusion
A. SMS-based Reporting System
A.1. Introduction
A.2. SMS Overview
A.3. Simple Object Access Protocol
A.3.1. SOAP overview
A.3.2. SOAP is not the only way
A.4. A Send Only Service
A.4.1. Background
A.4.2. SOAP Encapsulation
A.4.3. HTTP transport
A.4.4. Limitations
A.5. Access Control and Authentication
A.6. A Database Backend
A.7. Dealing With Received SMS
A.7.1. Receiving SMS
A.7.2. Storing it in the database
A.7.3. Threading
A.7.4. Client notification
A.7.5. Client retrieval
A.8. Applications of the Service
A.9. Future Work
Appendix A. References
Glossary of Abbreviations
List of Tables
5-1. Number of hosts on Rhodes University's network
List of Figures
3-1. The two abstraction methods
3-2. Example XML DTD for network monitoring
3-3. Sample page from RADSL monitoring application
3-4. Subset of configuration file
4-1. Topological map of Rhodes University's network
4-2. Trace showing the default gateway assumption
4-3. Routing table entries showing the return route assumption
4-4. Layer two topology map of the Computer Science Department
5-1. Comparison of subnets
5-2. Growth rate of Rhodes University's network
6-1. Location of a network point
7-1. A simple example network
7-2. Decision process for determining network faults
7-3. Various IMAP implementations
8-1. Relationships to OSI network management areas
8-2. Dependencies between different systems
A-1. Overview of the SOAP service
A-2. Typical SOAP request to send SMS
A-3. Typical SOAP response
A-4. Typical client request to retrieve SMS