Network Management & Monitoring with Linux

Some handy tools for managing today's ubiquitous networks.

In today's world, where all the computing revolves around the concept of networking, the work for system administrators has become more and more overwhelming. It is the mission of maintaining the availability of resources such as routers, hubs, servers and every critical device in the network.

There are many reasons managers would like to monitor network devices: bandwidth utilization, operational state of links, bottlenecks, problems with the cabling or routing information distributed between its devices, etc. Monitoring network activity is also a good starting point for discovering security problems and misbehaviors.

In many cases, the network of an organization includes expensive links to remote networks (WAN) or the Internet, whose costs may be based on traffic volume. It's very important to maintain statistics of traffic going through these links. This is a very common task in Europe, where X.25 links are still very common. These links are charged on the basis of packets transmitted and received.

Other types of links, like Point to Point or Frame Relay, are usually charged on a flat rate. In these, the telco ensures a bandwidth that is important to monitor.

In the final part of this article we focus on a tool designed to monitor traffic in router interfaces, with a great graphical representation of this information. It can be easily modified to monitor other kinds of information.

What's SNMP?

The answer to all these needs is a protocol named Simple Network Management Protocol (SNMP). Designed in the '80s, SNMP's initial aim was to integrate the management of different types of networks with a simple design that caused very little stress on the network.

SNMP operates at the application level using TCP/IP transport-level protocols so it can ignore the underlying network hardware. This means the management software uses IP, and so can control devices on any connected network—not just those attached to its physical network. This also has disadvantages: if the IP routing is not working correctly between two devices, it's impossible to reach the target to monitor or reconfigure it.

There are two main elements in the SNMP architecture: the agent and the manager. It's a client-server architecture, where the agent is the server and the manager is the client.

The agent is a program running in each of the monitored or managed nodes of the network. It provides an interface to all the items of their configuration. These items are stored in a data structure called a management information base (MIB), which we explain later. It's the server side, as long as it maintains the information being managed and waits for commands from the client.

The manager is the software that runs in the monitoring station of the network, and its role is contacting the different agents running in the network to poll for values of its internal data. It's the client side of the communication.

There is a special command in the SNMP command set called trap that permits an agent to send unsolicited data to the manager, to inform it of events, such as errors, shutdowns, etc.

In essence, SNMP is a very simple protocol as long as all the operations it performs deal with the fetch-and-store paradigm, and this allows for a small commands set. A manager can perform only two different operations on an agent: request or set the value of a variable in the MIB of the agent. These two operations are known as get-request and set-request. There's a command to respond to a get-request called get-response, which is used only by the agent.

The extensibility of the protocol is directly related to the capability of the MIB to store new items. If a manufacturer wants to add some new commands to a device such as a router, he must add the appropriate variables to its database (MIB).

Almost all manufacturers implement versions of SNMP agents in their devices—routers, hubs, operating systems, and so on. Linux is not an exception to this, and publicly available SNMP agents for Linux can be found on the Internet.

Dealing with Security

SNMP provides very little support for authentication schemes. It supports only a two-password scheme. The public allows managers to request the values of variables, and the private allows these values to be set. These passwords in SNMP are called communities. Every device connected to an SNMP-managed network must have these two communities configured. It is very common to have the public community set to “public” and the private community to “private”, but it's very important to change these values to reflect the security policy of your organization.

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

NPRE

Fadi Sodah's picture

I am monitoring my AIX PPC machines through MRTG, but standard AIX SNMP does not provide any information CPU/Paging/Disk ..etc.
You need to install a different SNMP agent, or collect the data via a different method, I use the NRPE agent and plugins, with the mrtg-nrpe.pl

Dipl.-Ing. Fadi Sodah
Network and Systems Engineer
IBM AIX System Specialist, CCNP, CCSP

great article

Zaal's picture

Easy to understand and great article.
Thank u David

mib compilation.

hrisi's picture

hi,
i,Hrisikesh want to know how to compile the new MIB which is specific to my company product and in which path i will put the new MIB in linux 2.4.18-14.
and what is procedure to execute a new MIB in linux 2.4.18-14.

i am eagerly waiting to ur mail.
thanks
hrisi

Mrtg on Linux

Anonymous's picture

Helllo

This is very impressive document, sir plz i need to add one more ip in my mrtg becuase we added one more ip on our ethernet and we need to know its usage as well and i am trying to find out where we add the new ip but i am not able to find it out.
Please help me out in this matter.
Thanks & Regards

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState