Sunday, June 19, 2011

Chapter 12: Network Management Capabilities Within Cisco IOS Software (Part01)

Add a note here Overview

Add a note hereAfter completing this chapter, you will be able to

  • Add a note here Identify the rationale for using embedded management functionality in network infrastructure devices

  • Add a note hereDiscuss design considerations for NetFlow

  • Add a note hereDiscuss design considerations for NBAR

  • Add a note hereDiscuss design considerations for IP SLAs

Add a note hereThe Cisco IOS Software includes embedded management functionality that enables network engineers to achieve efficient network performance, scalability, and availability. These management tools provide critical data for establishing baselines, capacity planning, and determining network bottlenecks. This chapter discusses the importance, requirements, and considerations for implementing the embedded Cisco IOS Software management tools in an enterprise design.


Cisco IOS Embedded Management Tools

Add a note here Network management includes a broad range of policies, procedures, and purpose-built hardware and software tools used to manage networks. Network management affects the performance, reliability, and security of the entire network.

Add a note hereNetwork administrators use network management to verify that the network is working well and behaving in the planned manner. Network management is also used to characterize the performance of the network, to reveal how much traffic is flowing and where it is flowing in the network, and when troubleshooting a network.

Add a note hereEmbedded management software subsystems in Cisco IOS Software help manage, monitor, and automate actions within a router or switch, enabling devices to automatically collect data and take action.


Network Management Support in Cisco IOS Software

Add a note hereManaged equipment provides a variety of information such as the equipment type deployed and how it is connected, the version of software it is running, its status, and so forth. Cisco IOS Software provides extensive management capabilities, including the following:

  • Add a note hereA broad range of show commands provide network information for both in-band and out-of-band (OOB) management.

  • Add a note hereMany Simple Network Management Protocol (SNMP) Management Information Bases (MIB) provide access to vast amounts of information.

  • Add a note hereDevice management applications such as the Cisco Router and Security Device Manager (SDM) and the Cisco Adaptive Security Device Manager (ASDM) provide web-based tools for managing single devices.

  • Add a note hereThe following embedded management software subsystems in Cisco IOS Software help manage, monitor, and automate network management:

    • Add a note here Cisco IOS syslog

    • Add a note hereNetFlow

    • Add a note hereNetwork-Based Application Recognition (NBAR)

    • Add a note hereCisco IOS IP service level agreements (IP SLAs)


Application Optimization and Cisco IOS Technologies

Add a note hereTraditional network management processes focus on managing WAN links because of their scarce bandwidth and susceptibility to issues, including the following:

  • Add a note hereThe expense of WAN connections, sometimes resulting in organizations implementing lower-speed, lower-cost links.

  • Add a note hereSpeed mismatches between LAN and WAN links, leading to congestion, packet loss, and degraded application performance.

  • Add a note hereDifferent types of application traffic with different delivery requirements using the same WAN links. Real-time applications such as voice and video are especially sensitive to congestion and suffer from degraded performance due to delay, jitter, and packet loss. (Jitter is the variance of delay.)

Add a note hereHowever, there is increasing interest in extending network management to support application optimization at the data center and throughout the enterprise. The embedded Cisco IOS technologies provide network management support for application optimization in the network, as illustrated in Figure 12-1.

Click to collapse
Add a note hereFigure 12-1: Cisco IOS Technologies Support Application Optimization

Add a note hereThe phases in the application optimization cycle shown in Figure 12-1 are as follows:

  • Add a note here Baseline application traffic: In the first phase, a baseline is developed that measures network data so that the network manager can understand the basic traffic and application flows and the default network performance. Cisco IOS software technologies that support this phase include NetFlow, NBAR Protocol Discovery, and IP SLAs.

  • Add a note here Optimize to meet objectives: After establishing the baseline, the network manager can apply policies and prioritize traffic so that each application has an optimal portion of network resources. Resources are allocated based on their value to the organization. Quality of service (QoS) is used to reduce congestion, prioritize specific traffic, and optimize end-to-end performance of critical applications. Cisco IOS Software technologies that support this phase include QoS, NBAR, Cisco AutoQoS VoIP, and Cisco AutoQoS for the Enterprise.


    Note

    Add a note hereThe Cisco AutoQoS features are described later in the “NBAR and Cisco AutoQoS” section of this chapter.

  • Add a note here Measure, adjust, and verify: In the third phase of the application optimization cycle, the network manager uses ongoing measurements and proactive adjustments to verify that the optimization techniques and QoS provide the network resources needed to meet the service objectives of the applications. This information is also used to resolve network issues that may occur. Several Cisco IOS Software features help measure network performance, including NetFlow, NBAR Protocol Discovery, IP SLAs, and syslog.

  • Add a note here Deploy new applications: In this phase, network engineers determine the service objectives for new applications, estimate the network resources that will be needed to support these objectives, and allocate resources for new applications. Network management tools and processes enable the network manager to have the confidence to deploy new applications based on an understanding of the existing applications. NBAR and NetFlow are common Cisco IOS technologies used to support this phase.

Add a note here Figure 12-2 highlights where Cisco IOS technologies are commonly deployed in the enterprise environment. Syslog should be deployed on every device; NetFlow, NBAR, and IP SLAs monitoring are deployed at selected locations in the network.

Click to collapse
Add a note hereFigure 12-2: Using Cisco IOS Technologies in the Enterprise

Add a note hereA recommended practice is to use a predefined template to structure network management configuration and reporting information.

Add a note hereThe remainder of this chapter details the four Cisco IOS embedded network management features—syslog, NetFlow, NBAR, and IP SLAs.


Syslog

Add a note hereThe Cisco IOS system message logging (syslog) process enables a device to report and save important error and notification messages; the messages can be saved either locally or to a remote logging server. Syslog messages can be sent to local console connections, terminal monitor connections (vty and tty), the system buffer, or to remote syslog servers, as illustrated in Figure 12-3. Syslog sends text messages to a syslog server using UDP port 514.

Image from book
Add a note hereFigure 12-3: Syslog Messages Can Be Sent to Many Destinations

Add a note here Syslog provides a comprehensive reporting mechanism that logs system messages in plain English text. The syslog messages include both messages in a standardized format (called system logging messages, system error messages, or simply system messages) and output from debug commands. The messages are generated during network operation to assist with identifying the type and severity of a problem, or to aid users in monitoring device activity such as configuration changes.

Add a note here The Cisco IOS Embedded Syslog Manager (ESM) feature provides a programmable framework that allows a network manager to filter, escalate, correlate, route, and customize system logging messages before delivery by the Cisco IOS system message logger. ESM is available in Cisco IOS Software Release 12.3(2)T and later versions. ESM also allows system messages to be logged independently as standard messages, Extensible Markup Language (XML)-formatted messages, or ESM-filtered messages. These outputs can be sent to any of the traditional syslog targets. For example, a network manager could enable standard logging to the console connection, XML-formatted message logging to the buffer, and ESM-filtered message logging to a monitor connection. Similarly, each type of output could be sent to different remote hosts. Separate logging processes ensure that even if there is some problem with one of the formats or filtering, messages from the other processes will be unaffected.


Cisco IOS Syslog Message Standard


Note

Add a note hereSome of the information in this section is derived from Authorized Self-Study Guide: Designing for Cisco Internetwork Solutions (DESGN), Second Edition, by Diane Teare, Cisco Press, 2007 (ISBN 1-58705-272-5).

Add a note hereSyslog messages contain up to 80 characters; a percent sign (%) follows the optional sequence number or timestamp information if configured. Syslog messages are structured as follows:

Add a note hereseq no:timestamp: %facility-severity-MNEMONIC:description

Add a note hereThe following parameters are used in the syslog messages:

  • Add a note here A sequence number appears on the syslog message if the service sequence-numbers global configuration command is configured.

  • Add a note hereThe timestamp shows the date and time of the message or event if the service timestamps log [datetime | log] global configuration command is configured. The timestamp can be have one of three formats:

    • Add a note here mm/dd hh:mm:ss

    • Add a note here hh:mm:ss (for short uptimes)

    • Add a note here d h (for long uptimes)

  • Add a note here Facility: A code consisting of two or more uppercase letters that indicate the facility to which the message refers. Syslog facilities are service identifiers used to identify and categorize system state data for error and event message reporting. A facility can be a hardware device, a protocol, or a module of the system software. Cisco IOS Software has more than 500 different facilities. The following are some common facilities:

    • Add a note hereIP

    • Add a note hereOSPF (Open Shortest Path First Protocol)

    • Add a note hereSYS (operating system)

    • Add a note hereIPsec (IP Security)

    • Add a note hereRSP (route switch processor)

    • Add a note hereIF (interface)

    • Add a note hereLINK (data link messages)

    Add a note hereOther facilities include Cisco Discovery Protocol (CDP), QoS, RADIUS, multicast (MCAST), multilayer switching (MLS), Transmission Control Protocol (TCP), virtual local-area network (VLAN) trunking protocol (VTP), Telnet, and Trivial File Transfer Protocol (TFTP).

  • Add a note here Severity: A single-digit code (from 0 to 7) that reflects the severity of the condition; the lower the number, the more serious the situation. Syslog defines the following severity levels:

    • Add a note hereEmergency (level 0, which is the highest level)

    • Add a note hereAlert (level 1)

    • Add a note hereCritical (level 2)

    • Add a note hereError (level 3)

    • Add a note hereWarning (level 4)

    • Add a note hereNotice (level 5)

    • Add a note hereInformational (level 6)

    • Add a note hereDebugging (level 7)

  • Add a note here Mnemonic: A code that uniquely identifies the error message.

  • Add a note here Description: A text string that describes the condition. This portion of the message sometimes contains detailed information about the event, including port numbers, network addresses, or addresses that correspond to locations in the system memory address space.


Note

Add a note here For more syslog information, refer to http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124sup/124sms/index.htm.

Add a note here Example 12-1 shows a typical message that indicates that the operating system (facility = SYS) is providing a notification (severity = 5) that it has been configured (mnemonic = CONFIG). The message text indicates that a user on vty 0 at address 192.168.64.25 performed this configuration.

Add a note here Example 12-1: Example Syslog Message

Add a note here%SYS-5- CONFIG I: Configured from console by cwr2000 on vty0 (192.168.64.25)


Note

Add a note hereThe documentation for each Cisco IOS Software release, such as the “Cisco IOS Release 12.4T System Message Guide,” found at http://www.cisco.com/en/US/products/ps6441/products_system_message_guide_book09186a00806f9890.html, explains the meaning of these messages.


Syslog Issues

Add a note hereThis section describes some of the issues with syslog.

Add a note hereThe syslog message severity is not used consistently across the different Cisco platforms and Cisco IOS versions. For example, the environmental monitor shutdown event is level 0 in Cisco IOS Release 12.0 and level 1 in Cisco IOS Release 11.2. Therefore, documentation for each Cisco IOS Software release must be read to understand the meaning of the syslog messages. This inconsistency can be problematic if different software releases are running on devices and you want to filter syslog messages to extract information at specific levels of severity.

Add a note hereAnother issue with syslog is that it can be verbose and may provide a mixture of many informational messages interspersed with messages that are useful for analyzing a specific problem or condition. Network managers can use filters or scripts to isolate important messages. Third-party tools, including syslog-ng and Kiwi Syslog Daemon, can also be used to help manage syslog messages.

Add a note hereThe syslog delivery communication mechanism is based on UDP and is therefore not sent over a reliable mechanism. However, this is typically not a problem for a monitoring and alerting tool. RFC 3195, Reliable Delivery for Syslog, is a specification for a reliable delivery mechanism for syslog. Cisco IOS Software Release 12.4(11)T provides support for the Reliable Delivery for Syslog over Blocks Extensible Exchange Protocol (BEEP) feature that enables reliable and secure syslog message delivery. BEEP also allows multiple sessions to a single logging host, independent of the underlying transport method, and provides a filtering mechanism called a message discriminator.

Add a note hereSyslog is not a secure mechanism. Therefore, secure practices, such as establishing access control lists (ACL), to allow receipt of syslog packets only from internal resources, should be used.


No comments:

Post a Comment