Network Management Deployment for WANs and LANs by ranjitm

VIEWS: 184 PAGES: 85

More Info
									Network Management Deployment for LANs and WANs
Mark Basinski mbasinsk@cisco.com

NCM_206

© 2001, Cisco Systems, Inc. All rights reserved.

2

Agenda

I II III IV

Device Technology Designing the Network Understanding Management Tools Application Workflow Examples

NCM_206

© 2001, Cisco Systems, Inc. All rights reserved.

3

Part I
Management Technology Required in Devices

NCM_206

© 2001, Cisco Systems, Inc. All rights reserved.

4

Network Management Technology Basics
Telnet IP Telnet IP MIB—RMON 1 and 2 SNMP Agent CDP MIB SNMP Agent Syslog IP CDP Get, GetNext, Set, GetBulk NTP Responses, SNMP Traps IP ILMI IP CDP Telnet NTP RMON-MIB CISCO-STACK-MIB BRIDGE-MIB ... Telnet IP NTP

MIB SNMP Agent Syslog

SNMP Manager (CW 2000)

MIB SNMP Agent Mini-RMON Syslog

Syslog Message

IP Connectivity
NCM_206

SNMP Traps/RMON

Syslog Telnet

Network Time Protocol

CDP or ILMI
5

© 2001, Cisco Systems, Inc. All rights reserved.

Configuring IP
CatOS CatIOS IOS
NOTE: Mgt Interface Not in VLAN 1 set interface sc0 900 <IP_Addr> <Mask> Router Example of Loopback w/host Route interface Loopback0 ip address 172.20.18.154 255.255.255.255 ATM Example of Internal LEC Config interface ATM2/0/0 ip address <IP_Addr> <Mask> lane client ethernet core-mgt

• Syntax differs between IOS and Catalyst OS devices • Recommend using loopback interface for routers
Provides a ‘well known’ management IP address
NCM_206
© 2001, Cisco Systems, Inc. All rights reserved.

6

SNMP The Management Entity, Agents, and Protocol
Network Management Station IP Network SNMP Manageable Device

Get Request, Get-Next Request Get-Bulk Request Set Request Management Entity Get Response Trap ! SNMP v1, SNMP v2

SNMP AGENT

1000s of Defined Objects

• Management entity collects data by generating requests; this causes in-band traffic coexisting with production traffic • Agents are information storehouses of object definitions provided in many Management Information Bases (MIBs) • SNMP protocol is used to transport the information requests
NCM_206
© 2001, Cisco Systems, Inc. All rights reserved.

7

SNMP Understanding Community Strings
Version Community String
SNMP PDU

Frame Header

IP Header

Protocol Number UDP (17)

UDP Header

Port 161

SNMP Message

Packet Payload Frame Payload

C R C

• SNMP Protocol Data Units (PDUs) are processed as per the access policy indicated by the community string • Community strings are clear text and provide a trivial authentication mechanism (SNMP v1, v2c) • Avoid using the well known defaults:
Read-only agent access: public Read-write agent access: private
NCM_206
© 2001, Cisco Systems, Inc. All rights reserved.

8

SNMP Remote Monitoring MIB
Mini-RMON on Catalyst Switches Is a Sub-set of RMON

Group
Statistics History Alarm Host HostTopN Matrix Filter Capture Event

Description
Detailed Basic Interface Traffic Statistics Short and Long term Statistics Sampling Sampling and Testing Objects for Threshold Conditions Host Based Traffic Statistics Based on L2 Addressing Ranked Statistics from Host Group Host-pair Conversation Statistics Configuration of Packet Selection Criterion Access to Stored Packets that Meet Filter Criterion Action to Log, Issue Trap/notification Triggered by Alarm Group
9

NCM_206

© 2001, Cisco Systems, Inc. All rights reserved.

Configuring SNMP
CatOS CatIOS IOS

set snmp community read-only <text> set snmp community read-write <text> set snmp community read-write-all <text> set snmp trap <IP_Addr> <comm_string> set snmp trap enable all set snmp rmon enable

snmp-server community <text> RO snmp-server community <text> RW snmp-server enable traps snmp-server host <IP_Addr> traps <comm_string> snmp-server trap-source loopback0

• Configuration syntax operating system (OS) dependant • CatOS’ agent has two write access policies
Read-write—partial configuration access Read-write-all—full configuration access

• CatOS’s agent has defaults—change them!
R/O = public • R/W = private • R/W/A = secret
NCM_206
© 2001, Cisco Systems, Inc. All rights reserved.

10

The Syslog Facility
RS-232

Console Messages

CatOS CatIOS IOS syslog 514/udp
(optional)

facility severity level timestamp system log message Syslog Server logfile config
Severity Level 0 1 2 3 4 Description Emergencies Alerts Critical Errors Warnings Notifications Informational Debugging
11

IOS Logging Level needed for Resource Manager Essentials CatOS
NCM_206
© 2001, Cisco Systems, Inc. All rights reserved.

5 6 7

Configuring Syslog
CatOS CatIOS IOS

set logging server <IP_Addr> set logging server level 6 set logging server facility local7 set logging level sys 6 default set logging timestamp set logging enable

logging on logging <hostname | IP_Addr> logging facility local7 logging trap notifications logging source-interface loopback0 service timestamps log datetime

• Syntax differs between IOS and catalyst OS devices • Message textual format differs between IOS and catalyst OS devices • Resource manager essentials requirement for config change
CatOS = Logging level informational (6) CATIOS & IOS = Logging level notification (5)
NCM_206
© 2001, Cisco Systems, Inc. All rights reserved.

12

Configuring Telnet
CatOS CatIOS IOS

set password <passwd> set enablepass <passwd>

enable password <passwd> line tty 0 4 password <passwd> login [local/tacas]

• Syntax differs between IOS and catalyst OS devices • Catalyst switches have telnet enabled but no console/telnet or enable passwords by default—add them! • IOS devices do not have telnet enabled
Enable for management support Secure with TACACS+
NCM_206
© 2001, Cisco Systems, Inc. All rights reserved.

13

Configuring CDP and ILMI
CatOS CatIOS IOS
Global set cdp [enable/disable] Per Port set cdp [enable/disable] <mod/port> cdp enable ILMI Setup for ATM Interface atm pvc 2 0 16 ilmi cdp run Per Interface Global

• Syntax differs between IOS and catalyst OS devices • CDP enabled by default on most interfaces - turn off CDP to limit discovery (Campus Manager)
NCM_206
© 2001, Cisco Systems, Inc. All rights reserved.

14

Configuring NTP
CatOS CatIOS IOS

set ntp client enable set ntp server <IP_Addr> set ntp timezone PST –8 set summertime enable PST

ntp server <IP_Addr> clock timezone PST –8 clock summer-time PDT recurring

• Syntax differs between IOS and catalyst OS devices • Configure NTP on management server • Time synchronisation important for proper syslog, traps, and monitoring correlation
NCM_206
© 2001, Cisco Systems, Inc. All rights reserved.

15

Additional Configuration
CatIOS IOS CatOS

• Cisco IOS device
Hostname and SNMP contact, location, chassisid User login authorisation local or TACACS+ SNMP access lists RMON alarms and events (statistics and history if available)

• Catalyst switch
System name, contact, location User login authorisation local or TACACS Mini-RMON statistics, history, alarms, and events VTP domain name

NCM_206

© 2001, Cisco Systems, Inc. All rights reserved.

16

Technologies Used by CiscoWorks2000 Products
Application RME Inventory Manager RME Config Manager RME Software Image Manager RME Change Audit Svs RME Avail. Manager RME Syslog Analyser
NCM_206
© 2001, Cisco Systems, Inc. All rights reserved.

Traffic Flow

Service(s) SNMP Telnet TFTP SNMP Telnet TFTP SNMP Syslog Telnet SNMP ICMP Syslog

TCP/UDP Port Number UDP 161 TCP 23 UDP 69 UDP 161 TCP 23 UDP 69 UDP 161 UDP 514 TCP 23 UDP 161 N/A UDP 514
17

Technologies Used by CiscoWorks Products
Application Campus Manager Device Fault Manager Real Time Monitor Internet Performance Monitor ACL Manager CiscoView Traffic Flow Service(s) SNMP SNMP SNMP Traps SNMP SNMP Traps SNMP Telnet TFTP SNMP TCP/UDP Port Number UDP 161 UDP 161 UDP 162 UDP 161 UDP 162/395 UDP 161 TCP 23 UDP 69 UDP 161

NCM_206

© 2001, Cisco Systems, Inc. All rights reserved.

18

Part II
Designing the Network for Management

NCM_206

© 2001, Cisco Systems, Inc. All rights reserved.

19

Designing for Management General Guidelines

• Design for management from the start, not as an afterthought • Avoid end-to-end VLANs • Build a reliable data transport • Monitor critical links, forget the rest

NCM_206

© 2001, Cisco Systems, Inc. All rights reserved.

20

Designing for Management Bridging = Problems
• Avoid bridging VLANs end-to-end
All devices in one subnet Large spanning tree domain Spanning tree meltdowns Broadcast storms
Bridge
VLAN 1

End to End Management VLANs

VLAN 1

Bridge

• Create a routed network for your management traffic
Separate IP subnet for each managed area Focus on reliability and simplicity Simple as possible, but no simpler
NCM_206
© 2001, Cisco Systems, Inc. All rights reserved.

Problematic Design

21

Designing for Management I.) No Trunking in Access Layer
• Only 1 IP subnet in each access switch • Management and user data share same VLAN • Management interface provides in-band monitoring point for data path • Distribution L2 management is lowest data VLAN (VLAN 100) • Distribution L3 management source-interface = VLAN100 • Core L3 management sourceinterface = Loopback0
NCM_206
© 2001, Cisco Systems, Inc. All rights reserved.

10.1.110.10

10.1.120.10

10.1.130.10

VLAN 100

VLAN 200

VLAN 300

10.1.110.8

10.1.110.9

L3
10.1.110.2

L3
10.1.110.3

Loopback0
10.1.50.3

Loopback0
10.1.50.4

Catalyst 5000 with L3 Distribution Layer =
or

Catalyst 6000 with L3
22

Designing for Management II.) Trunking in Access Layer
VLAN 100 • Avoid using VLAN 1 for management traffic; think of it as the “control plane” • Management interface in same VLAN for all switches in the VTP domain (e.g. VLAN 100) • Management and user data on different VLANs • Provide reliable, redundant transport • Layer 3 module management source-interface = VLAN100
Distribution Layer =
NCM_206
© 2001, Cisco Systems, Inc. All rights reserved.

10.1.100.12

10.1.100.13

10.1.100.14

10.1.100.10

10.1.100.11

L3
10.1.100.2 vlan100

HSRP
10.1.100.1

L3
10.1.100.3 vlan100

Catalyst 5000 with L3
or

Catalyst 6000 with L3
23

Designing for Management VTP Management Domains
Regional Offices

Paris • Create a unique domain name for each group of switch clusters • Domain name should be geographical • VTP domain names assist for end station location and container mapping • VTP server requirement removed in Campus Manager 3.1 • VLANs can be created on transparent mode switches
NCM_206
© 2001, Cisco Systems, Inc. All rights reserved.

London

Munich

San Jose

Corp Network

Linc-4

VM-1

24

Designing for Management Redundant Infrastructure
10.1.100.15

• High availability management • Completely separates management from user data • Management link is in separate subnet, VLAN, and switch • Higher assurance for management data delivery during congestion or convergence
10.1.100.12 10.1.100.13

SNMP Manager
10.1.100.14

10.1.100.10

10.1.100.11

NCM_206

© 2001, Cisco Systems, Inc. All rights reserved.

25

Designing for Management Terminal Servers
Regional Offices
Modem

• Out-of-band management • Failsafe access • Console connection only, no SNMP • Connect to redundant infrastructure • Secure AUX ports when using modem
Terminal Server Telnet

Corp Network
NCM_206
© 2001, Cisco Systems, Inc. All rights reserved.

Serial Cable
26

Designing for Management Critical Links
Remote Offices

• Define key infrastructure aggregation ports ( )
Automate using CDP, trunk state, router port Manual for server ports

• Setup statistics collection (RMON) • Monitor “away” from the core • Enable traps for link failure and thresholds • Monitor for performance and fault conditions
NCM_206
© 2001, Cisco Systems, Inc. All rights reserved.

Servers

Corp Network
27

What Data to Collect
• Port level statistics—utilisation, collisions, fragments, etc…
Collect via miniRMON or ifIndex port MIBs Basic physical stats good for usage trending and baselining Useful anywhere in the network Not necessary for all user ports

• Detailed physical, network, and application layer data
Collect via RMON 1 and 2 from hardware probe / NAM Detailed L2-L7 stats for understanding traffic breakdown Valuable for LAN and WAN aggregation links Building to building, distribution to core, server farm to core

• What collection interval?
Short for troubleshooting (5–30 sec) “realtime” Long for monitoring and trending (5 min–15 min) “logged”
NCM_206
© 2001, Cisco Systems, Inc. All rights reserved.

28

WAN Probe Deployment
Frame Relay

• Choose WAN aggregation points for probe deployment • Probe uses tap concept to connect in-line between router interface and WAN circuit or CSU/DSU • Multi-port probes can monitor multiple physical connections • One agent can monitor statistics per PVC from a central location • Provides physical, network, and application layer data collection and packet capture—no impact to router or link performance
NCM_206
© 2001, Cisco Systems, Inc. All rights reserved.

00 CI 1 DL DLCI 200

DLC I 30 0

WAN Probe RMON 1 and 2

• Statistics on DLCI and CIR • Per-PVC statistics:
Utilisation and packet rates FECNs, BECNs Protocol usage and conversation matrix
29

LAN Probe and NAM Deployment
• Choose LAN aggregation points for probe deployment
Server farm to core Distribution to core Building to building
Tap Box
RMON 1 and 2 • Host and conversations for link, network and application layers • Address mapping • Per VLAN monitoring (SMON) • Packet Filter/capture • Protocol distribution • User history

LAN Probe

• Connection options
Tap a trunk link Span ports or VLANs to NAM

Trunk

LAN Switch
SPAN Port

• One agent can see all VLAN utilisation and drill down per VLAN if taped or spanning a trunk link
NCM_206
© 2001, Cisco Systems, Inc. All rights reserved.

Per Port mini-RMON: Statistics History Alarms Events

NAM RMON 1 & 2 NAM = Network Analysis Module
30

SPAN and RSPAN Feature
• SPAN
Copies packets from source ports/VLANs to destination ports
Rx/Tx

• RSPAN
Allows spanning of remote ports/VLANs User specified RSPAN VLAN created Output ACL can be applied to RSPAN VLAN for filtering and QoS Utilises VTP pruning to prevent unwanted flooding RSPAN requires catalyst 6000

Destination

A
NAM Intermediate

B C

D

Source

Rx

Rx/Tx

SPAN Source = Port, Multiple Ports, VLAN Trunking must be enabled switch to switch in most cases for RSPAN in/out/both Packets can be Specified per Port
NCM_206
© 2001, Cisco Systems, Inc. All rights reserved.

31

Part III
Understanding Management Tools

NCM_206

© 2001, Cisco Systems, Inc. All rights reserved.

32

What Is the NMS?
A set of tools for controlling a complex data network to maximise its efficiency and productivity.
Troubleshooting for problem discovery, isolation, and resolution Collect utilisation and performance data, analyse data, set utilisation thresholds Finding, configuring, and maintaining network devices Logging user access and data traffic for billing; providing secure access to the network
33

Fault Performance Configuration
Accounting Security

NCM_206

© 2001, Cisco Systems, Inc. All rights reserved.

CiscoWorks2000 Solutions

• Understanding the key processes • Sizing the hardware • Deployment guidelines • Integration and growth

NCM_206

© 2001, Cisco Systems, Inc. All rights reserved.

34

Cisco‘s Management Strategy
The Management Ecosystem
Helpdesk, Trouble-Ticket, Event MOM

Application

DBMS

Server

Network

Desktop

User

CiscoWorks2000
Service Service Service Device Device Device Device Device Device

NCM_206

© 2001, Cisco Systems, Inc. All rights reserved.

35

Traditional NMS Integration

Let’s get a bigger box...
NCM_206
© 2001, Cisco Systems, Inc. All rights reserved.

36

Framework Integration with CiscoWorks2000

CiscoWorks2000 Server

CIM/XML

Server

MIB Integration Icon Registration CiscoView Device Center

NCM_206

© 2001, Cisco Systems, Inc. All rights reserved.

37

Routed WAN Management Solution 1.1

CD One 4 th Ed

Resource Manager Essentials 3.3

Internetwork Performance Monitor 2.3

Real-Time Monitor 1.2

ACL Manager 1.3

CiscoWorks2000 Server, CiscoView and Integration Utility

Device Inventory, Configuration and Software Mgmt

Path Analysis, Troubleshooting

RMON Traffic Monitoring and Troubleshooting

ACLs Mgmt Templates, Deployment

NCM_206

© 2001, Cisco Systems, Inc. All rights reserved.

38

LAN Management Solution 2.0

CD One 4 th Ed

Resource Manager Essentials 3.3

Campus Manager 3.1

Real-Time Monitor 1.2

Device Fault Manager 1.1

CiscoWorks2000 Server, CiscoView and Integration Utility

Device Inventory, Configuration and Software Mgmt

Topology Services, Path Analysis, and User Tracking

RMON Traffic Monitoring and Troubleshooting

Device Fault Management

NCM_206

© 2001, Cisco Systems, Inc. All rights reserved.

39

Common Management Foundation Architecture
LMS • RWAN LMS • RWAN LMS LMS • RWAN+ RWAN RWAN

Resource Manager Essentials

Real-Time Monitor

Campus Manager

Content Device Flow Fault Manager Manager

ACL Manager

Internetwork Performance Monitor

Internal Interface
Common to LMS • RWAN • SMS • VMS • CVM • …

Network Devices

CD-One (Common Management Foundation)
CORBA Event Bus

SNMP syslog

NETWORK SERVICES SYSTEM SERVICES RUNTIME SERVICES

ANI (Asynchronous Network Interface) Network Device Discovery Database Engine, Job Management, Event Distribution Desktop, Web Services, Security, Process Management, Help

telnet
Customer Partner Interface Cisco Management CCO Connection
Web Browser User Interface

CIM/XML
ML HT VA JA

NCM_206

© 2001, Cisco Systems, Inc. All rights reserved.

40

Automatic Network Discovery
• Start at seed IP address • Determine type of device and begin collecting SNMP data • Retrieve CDP/ILMI neighbor tables
IP address Type of device Port

CDP C CDP A Seed ILMI D B ILMI

• Attempt to talk to IP address of all neighbors • Continues until all neighbors have been tried • Constructs the map with accurate connectivity info including trunking status
NCM_206
© 2001, Cisco Systems, Inc. All rights reserved.

CiscoWorks 2000 Server
41

Discovery available ONLY when ANI is running

Change Audit Service
1
Changes to CLI

2

Changes from CiscoWorks2000 Periodic Scans or Scheduled Jobs Configuration Manager Inventory Manager Software Manager

Change Audit Reports

AAA
All Syslog Events

Syslog Analyzer

Managed Syslog Events

Change Audit Database

Syslog Database

Inventory Database
42 42

NCM_206

© 2001, Cisco Systems, Inc. All rights reserved.

Discovering End Stations
• Forwarding tables
CiscoWorks 2000 Server

2 3

Switches

MAC address VLAN Port

Network Device Database

• ARP tables

1 6 5

Routers

Subnets IP address

4

• DNS Service
DNS names

• IP Phones
Phone number Phone type

DNS Servers

• Login names
Unix (ruserd) Windows NT 4.0 PDC Novell NDS 5.0

Call Manager NT PDC NetWare Unix Building the User Tracking Database
NCM_206
© 2001, Cisco Systems, Inc. All rights reserved.

43

User Tracking Table

NCM_206

© 2001, Cisco Systems, Inc. All rights reserved.

44

Fault Analysis - Device Fault Manager
Events DFM Analysis Engine Notifications
Monitoring Console
Symptoms and Compounds

Traps and Polls

Important? No Yes

File Notifier
No Traps and Polls Correlate? Yes

E-mail Notifier Trap Notifier
Intelligent traps sent to Management Framework
NCM_206
© 2001, Cisco Systems, Inc. All rights reserved.

45

System Elements Monitored (DFM)
Routers Connectivity IP polling SNMP polling Excessive Restarts Environmental Temp state Relative temp Voltage state Relative voltage Fan state Power supply state Processor & Memory Backplane utilisation Free memory Memory buffer misses Memory buffer utilisation Memory fragmentation Processor utilisation
NCM_206
© 2001, Cisco Systems, Inc. All rights reserved.

Switches

Hubs

Exception

Operational Operational Operational

Temperature Temperature Power Supply Power Supply Temperature Power Supply

Resource Resource Resource Resource Resource Resource
46

Port and Interface Elements Monitored (DFM)
‘Managed’ Switch Port Groups Ethernet ATM Ethernet ‘Managed’ IP Addressable Interfaces ATM Serial TR FDDI Others Dial on Demand Backup

Broadcasts Collisions Discards Errors Queue Drops Utilization Port Flapping Backup Activated Maximum Uptime Oper Down default DFM settings, can be changed by admin
NCM_206
© 2001, Cisco Systems, Inc. All rights reserved.

Performance Exception Operational Exception
47

Internet Performance Monitor Top Level Architecture
(SA) Service Assurance Agent

4

Scheduled Operation SNA Mainframe, Cisco IOS Router, or any IP Host

1
Access to IPM Server • IPM Client

Si Si

5
Retrieve Results From SAA Configure IPM Configure SAA

3

IPM Server

2
NCM_206
© 2001, Cisco Systems, Inc. All rights reserved.

Retrieve Results from IPM

6
48

Troubleshooting IPM Path Analysis—Where Is the Problem?

NCM_206

© 2001, Cisco Systems, Inc. All rights reserved.

49

SAA Synthetic Operations
Increasing Service Value
Voice HTTP DLSw Latency Jitter Packet Loss DNS/ DHCP Path Echo

Latency

TCP

UDP

ICMP

ToS
NCM_206
© 2001, Cisco Systems, Inc. All rights reserved.

Cisco IOS-Based Service Assurance Agent
50

Scaling in Large Environments

NCM_206

© 2001, Cisco Systems, Inc. All rights reserved.

51

Bundle Scaling Maximum Supported Devices
LMS 2.0 and RWAN 1.1 Campus
Topology User Tracking Availability Syslog Messages 2,000 Devices 30,000 End stations 1,000 Devices 150,000 per Day 5,000 Devices 5,000 Devices 30,000 Ports 3,000 Trunk Ports 15,000 Ports 1,500 Trunk Ports

RME

Config Management Inventory Standalone

DFM

With LMS

NOTE—All Numbers Assume the Recommended Server H/W is Used
NCM_206
© 2001, Cisco Systems, Inc. All rights reserved.

52

Bundle Scaling Maximum Supported Devices
RWAN 1.1
Number of ACLs Is Critical Performance Limit

ACL Manager Customer with ACLs 700+ Lines
20 Min to Download Using Telnet 10 Sec to Download Using Tftp

IPM

1,000 End-to-End Tests

Real Time Monitor

Standalone With LMS

500 Interfaces Not Recommended

NOTE—All Numbers Assume the Recommended Server H/W is Used
NCM_206
© 2001, Cisco Systems, Inc. All rights reserved.

53

LMS 2.0 Bundle Server Sizing Solaris and NT
Small Scale Network (up to 200)—System Recommendations
OS NT Solaris # of Devices (ANI + RME) 200 200 CPU PIII - 500Mhz - SP U60 - 450Mhz - SP RAM 512 MB 512 MB SWAP 1 GB 1 GB Hard Disk

Test Environment
6 GB (NTFS) 6 GB

Medium Scale Network (200-500)—System Recommendations
OS NT Solaris # of Devices (ANI + RME) 500 500 CPU PIII - 550Mhz - MP U60 - 450Mhz - MP RAM 1 GB 1 GB SWAP 1.5 GB 1.5 GB Hard Disk 9 GB (NTFS) 9 GB

ANI Discovery DFM at Bundle Max Syslog Messages 1/second Inventory Collection Weekly Config Archive Weekly UT End Stations 20,000 HPOV Daemons Running

Large Scale Network (500-1000)—System Recommendations
OS NT Solaris # of Devices (ANI + RME) 1000 1000 CPU PIII - 700Mhz - MP U60 - 450Mhz - MP RAM 1.5 GB 1.5 GB SWAP 2 GB 2 GB Hard Disk 9 GB (NTFS) 9 GB

VERY Large Scale Network (1K-2K)—System Recommendations
OS NT Solaris
NCM_206

# of Devices (ANI + RME) 2000 2000

CPU P IV PIII - 900Mhz - MP U60 - 450Mhz - MP

RAM 2 GB 2 GB

SWAP 2.5-3 GB 2.5-3 GB

Hard Disk 15-20 GB (NTFS) 15-20 GB
54

© 2001, Cisco Systems, Inc. All rights reserved.

Campus Bundle Server Sizing HPUX and AIX
Small Scale Network (up to 200)—System Recommendations
OS HPUX AIX # of Devices (ANI + RME) 200 200 CPU J2240 - 200Mhz - SP IBM 150 w/604e 250Mhz - SP RAM 256 MB 256 MB SWAP 1.5 GB 1 GB Hard Disk 6 GB 6 GB

Test Environment Availability Poller 250 Devices Syslog Messages 1/second Inventory Collection Weekly Config Archive Weekly UT End Stations 10,000 HPOV Daemons Running

Medium Scale Network (200-500)—System Recommendations
OS HPUX AIX # of Devices (ANI + RME) 500 500 CPU J5000 - 200Mhz MP IBM 150 w/604e 250Mhz - MP RAM 512 MB 512 MB SWAP 1.5 GB 1 GB Hard Disk 9 GB 9 GB

Large Scale Network (500-1000)—System Recommendations
OS HPUX AIX # of Devices (ANI + RME) 1000 1000 CPU J5000 - 440Mhz MP IBM 150 w/604e 375Mhz - MP RAM 512 GB 512 GB SWAP 1.5 GB 1.5 GB Hard Disk 9 GB 9 GB

NCM_206

© 2001, Cisco Systems, Inc. All rights reserved.

55

Deployment Networks < 2000 Devices
Deploy Centralized Servers • Campus topology hierarchy
VTP and ATM domains (auto) L2 Edge View (auto)
2,000 Devices 30,000 End Users

• RME groupings
Custom views Product families

• Auto sync of devices
Campus manager auto discovers network New devices scheduled to update RME inventory Credential changes from RME back to Campus Manager
NCM_206
© 2001, Cisco Systems, Inc. All rights reserved.

LMS Bundle

NMS Platform

56

Deployment Networks > 2000 Devices
Deploy Localized LMS Servers
• Partition network into groups of 2,000 devices
Limit discovery by IP ranges Limit discovery by VTP domains

• Deploy localised LMS bundles
1 per network partition

• Forward syslog messages to main NMS

2,000 Devices 30,000 End Users

2,000 Devices 30,000 End Users

2,000 Devices 30,000 End Users

Partition 1—North
NCM_206
© 2001, Cisco Systems, Inc. All rights reserved.

Partition 2—Central Partition 3—South
57

Deployment Networks > 2000 Devices
Deploy Centralized RME Server • For customers who need a centralised RME function
Provides single reporting server for inventory, configs, changes, software distribution, bulk changes, etc.

• Supports up to 5,000 devices
1 per network partition

• Forward data from localised installs to central RME
Syslog messages—use remote syslog analyser collector (SAC) Discovered devices from campus manager auto-discovery

• Synchronise device credentials between local and central
SNMP community string changes
NCM_206
© 2001, Cisco Systems, Inc. All rights reserved.

58

Deployment Networks > 2000 Devices
Partition Discovery by: • VTP Domain • IP Address Range 2,000 Devices 30,000 End Users 2,000 Devices 30,000 End Users

Up to 5,000 Devices SAC SAC

“Local” LMS Bundle

“Local” LMS Bundle

ing rward g Fo SNM Syslo P Cr ion eden izat on “Central RME” tials nchr Upd ce Sy ate Devi Essentials Inventory, Config, Syslog

(No Availability) Platform Integration for NMS
SAC = Remote Syslog Analyzer Collector
NCM_206

(CiscoView, Device Center)
59

© 2001, Cisco Systems, Inc. All rights reserved.

Limitations
• No distributed reporting model
Localized LMS bundles are “autonomous” No distributed reporting for multiple RME servers (If you have more than 5,000 devices)

• Inclusive layer 2 map slow/unusable for large networks close to 2,000 devices
Use Layer 2 Edge View map Use sub-maps for VTP or ATM domains Use “switch cloud” sub-maps from layer 2 Edge View
NCM_206
© 2001, Cisco Systems, Inc. All rights reserved.

60

GUI Performance

• Human engineering issue—how fast is fast, and how slow is slow? • MS IE generally outperforms Netscape • Customise device views • Server CPU, client RAM and CPU!! • Tradeoff lower number of devices per server for better GUI performance?

NCM_206

© 2001, Cisco Systems, Inc. All rights reserved.

61

Detailed Information on Scaling
http://www.cisco.com/warp/customer/cc/pd/wr2k/prodlit/ckspp_wp.htm

White Paper

CiscoWorks in Large-Scale Network Environments

NCM_206

© 2001, Cisco Systems, Inc. All rights reserved.

62

Part IV
Application Workflow Examples

NCM_206

© 2001, Cisco Systems, Inc. All rights reserved.

63

Problem and Resolution Examples

I) Application response time II) Voice connectivity III) Software upgrades

NCM_206

© 2001, Cisco Systems, Inc. All rights reserved.

64

I) Application Response Time
Remote User

• Problem
Mobile user in Chicago experiencing slow or no response from corp. web server in San Jose
Regional Offices

Portland

LA

Chicago

• Solution Steps
Find user and server location and info on network Check connection settings Verify VLAN associations Find network path Check utilisation Check response history
Corp Network WWW Servers

SJ-10

Linc-4

VM-1

NCM_206

© 2001, Cisco Systems, Inc. All rights reserved.

65

Locate User and Server
1—Query User Tracking for Location of User and Server
Remote User Regional Offices

Portland

LA

Chicago

SJ-10

2—User Tracking Shows IP Addr, Switch, Port, VLAN, etc…

Corp Network

WWW Servers

NCM_206

© 2001, Cisco Systems, Inc. All rights reserved.

66

Check Port Integrity and Usage
3—Examine CiscoView GUI to Determine Port Integrity
Remote User

Regional Offices

Portland

LA

Chicago

SJ-10

Corp Network

WWW Servers

4—Realtime Utilization
NCM_206
© 2001, Cisco Systems, Inc. All rights reserved.

5—Port Settings
67

Verify VLAN and L2 Forwarding Path
6—Use Campus Manager to Show VLAN Inclusion, Spanning Tree Forwarding States, and Root Bridge
Portland
Remote User

Regional Offices

LA

Chicago

SJ-10

Corp Network

WWW Servers

NCM_206

© 2001, Cisco Systems, Inc. All rights reserved.

68

Determine Network Path
7—Trace L2 and L3 Path Using Path Trace
Remote User

Regional Offices

Portland

LA

Chicago

SJ-10

Corp Network

WWW Servers

8—Determines L2 Port by Port Connections in Addition to L3 “Trace Route”
NCM_206
© 2001, Cisco Systems, Inc. All rights reserved.

69

Check WAN Utilization
Remote User

Regional Offices

Portland

LA

Chicago

SJ-10

9—Compare Traffic per DLCI
Corp Network

WWW Servers

10—Examine Usage History for Specific DLCI 11—Determine Network Protocol Traffic 12—Determine Application Protocol Traffic
NCM_206
© 2001, Cisco Systems, Inc. All rights reserved.

Use Real Time Monitor and WAN Probe

70

Analyze End to End and Per Hop Response History
13—Analyze Latency for Specific Path Using IPM (Internet Performance Monitor)
Remote User

Regional Offices

Portland

LA

Chicago

SJ-10

Corp Network

WWW Servers

14—Drill Down to Latency, Errors, and Completion Summary for Individual Routers along Path
NCM_206
© 2001, Cisco Systems, Inc. All rights reserved.

71

II) IP Phone Connectivity
IP Phone IP Phone

• Problem
How to do this for IP phones
Portland

Regional Offices

LA

Chicago

• Solution steps
Similar to last example, but you need to find phones and trace the path between them
SJ-10
Corp Network

NCM_206

© 2001, Cisco Systems, Inc. All rights reserved.

72

Check Phone Configuration and Status
1—Use Campus Manager to Check SNMP Status of Call Manager and Link to Interface to Verify Phones Are Configured
IP Phone IP Phone

Regional Offices

Portland

LA

Chicago

SJ-10

Corp Network

NCM_206

2—Use User Tracking to Check Status of Phone and © 2001, Cisco Systems, Inc. All rights reserved. Determine Location

73

Call Lookup and Trace
3—Use Path Trace to Find Call
IP Phone IP Phone

Regional Offices

Portland

LA

Chicago

SJ-10

Corp Network

4—Trace L2 and L3 Path
NCM_206
© 2001, Cisco Systems, Inc. All rights reserved.

74

III) Controlled Software Upgrade
Remote User

• Problem
Upgrade required on all remote site routers to support new features
Regional Offices

Portland

LA

Chicago

• Solution steps
Locate applicable devices Check device resources against image requirements Download image from Cisco Schedule and deploy job Verify and check for failures
SJ-10

Corp Network

WWW Servers

Linc-4

VM-1

NCM_206

© 2001, Cisco Systems, Inc. All rights reserved.

75

Device Location

Regional Offices

Portland

LA

Chicago

SJ-10

Corp Network

1—Resource Manager Essentials Allows You to Select Multiple Devices from the Existing Inventory
NCM_206
© 2001, Cisco Systems, Inc. All rights reserved.

76

Image Selection and Verification

Regional Offices

Portland

LA

Chicago

2—Select Appropriate Image and Download if Necessary from CCO
SJ-10

Corp Network

3—Image Is Checked Against Device Resources
NCM_206
© 2001, Cisco Systems, Inc. All rights reserved.

77

Specify Job Details and Download
4— RME Job Control Allows Customization of Software Deployment Options
Regional Offices

Portland

LA

Chicago

SJ-10

Corp Network

NCM_206

© 2001, Cisco Systems, Inc. All rights reserved.

78

Job Verification
5—RME Provides Job Work Order Detail with Success and Failure Indication per Device
Regional Offices

Portland

LA

Chicago

SJ-10

Corp Network

NCM_206

© 2001, Cisco Systems, Inc. All rights reserved.

79

Your starting point: www.cisco.com/go/enm
• Overviews • Data Sheets • Case Studies • Tutorials • Integration Packages (CMC) • ...

NCM_206

© 2001, Cisco Systems, Inc. All rights reserved.

80

Wrap Up

I II III IV

Device Technology Designing the Network Understanding Management Tools Application Workflow Examples

NCM_206

© 2001, Cisco Systems, Inc. All rights reserved.

81

Questions?

NCM_206

© 2001, Cisco Systems, Inc. All rights reserved.

82

Network Management Deployment for LANs and WANs
Session NCM 206

NCM_206

© 2001, Cisco Systems, Inc. All rights reserved.

83

Please Complete Your Evaluation Form
Session NCM 206

NCM_206

© 2001, Cisco Systems, Inc. All rights reserved.

84

NCM_206

© 2001, Cisco Systems, Inc. All rights reserved.

85


								
To top