snmp traffic measurements
play

SNMP Traffic Measurements J urgen Sch onw alder - PowerPoint PPT Presentation

Apr 13, 2023 •629 likes •1.09k views

SNMP Traffic Measurements J urgen Sch onw alder j.schoenwaelder@iu-bremen.de International University Bremen Campus Ring 1 28725 Bremen, Germany http://www.ibr.cs.tu-bs.de/projects/nmrg/ urgen Sch onw slides.tex SNMP Traffic

  1. SNMP Traffic Measurements J¨ urgen Sch¨ onw¨ alder j.schoenwaelder@iu-bremen.de International University Bremen Campus Ring 1 28725 Bremen, Germany http://www.ibr.cs.tu-bs.de/projects/nmrg/ urgen Sch¨ onw¨ slides.tex – SNMP Traffic Measurements – J¨ alder – 10/7/2006 – 19:05 – p. 1

  2. Outline of the Talk • Motivation of SNMP Measurements • Background: Characterization of MIB Modules • Measurement Approach • Tool Support ( libanon & snmpdump ) • First Results • Conclusions urgen Sch¨ onw¨ slides.tex – SNMP Traffic Measurements – J¨ alder – 10/7/2006 – 19:05 – p. 2

  3. 1. Motivation urgen Sch¨ onw¨ slides.tex – SNMP Traffic Measurements – J¨ alder – 10/7/2006 – 19:05 – p. 3

  4. We know SNMP... • The Simple Network Management Protocol (SNMP) is widely deployed to ◦ monitor devices (collect statistics, event reports), ◦ control devices (turning knobs), and ◦ (to a lesser extent) configure devices • SNMP technology is well documented and understood (if you care to study the right documents) • SNMP supports “fancy” features to allow applications to do the right thing (e.g., discontinuity indicators, row creation modes) • Especially us (the SNMP geeks) know about these nice features . . . urgen Sch¨ onw¨ slides.tex – SNMP Traffic Measurements – J¨ alder – 10/7/2006 – 19:05 – p. 4

  5. ... but not how it is used • It remains unclear how SNMP is used in practice in operational networks • In particular, we do not know ◦ what typical SNMP usage patterns are ◦ which features of SNMP are used/not used ◦ which MIB objects and data models (MIB modules) are frequently used ◦ whether the work done in the IETF and elsewhere is related to the actual usage of this technology urgen Sch¨ onw¨ slides.tex – SNMP Traffic Measurements – J¨ alder – 10/7/2006 – 19:05 – p. 5

  6. Why is this important? • Researchers write papers how to improve SNMP or how other technologies (e.g., Web Services) compare to SNMP without having a justified model • The IETF works on protocol extensions (currently session-based security in ISMS) without knowing network management traffic models (and in the context of ISMS to what extend a session-based approach to security is viable) • The IETF requires features during MIB design/review without knowing whether they are used in practice urgen Sch¨ onw¨ slides.tex – SNMP Traffic Measurements – J¨ alder – 10/7/2006 – 19:05 – p. 6

  7. Questions to answer... • Basic statistics (version used, typical manager/agent ratios, operations used, . . . ) • Relationship between periodic (regular polling) and aperiodic traffic patterns • Message size and latency distributions • Concurrency levels (managers performing similar operations on multiple agents concurrently) • Table retrieval approaches ◦ column-by-column vs. row-by-row ◦ usage of getbulk and its parameters, ◦ suppression of index columns, ◦ holes (do they exist?) and how are they dealt with ◦ . . . urgen Sch¨ onw¨ slides.tex – SNMP Traffic Measurements – J¨ alder – 10/7/2006 – 19:05 – p. 7

  8. Questions to answer... (cont.) • Trap-directed polling - myths or reality? • Identification of popular MIB definitions • Usage of deprecated and obsolete objects • Encoding length distributions of various data types • Counters and discontinuities • Synchronization and spin locks • Row creation (dribble-mode vs. one-shot mode) • Implementation and configuration errors • . . . urgen Sch¨ onw¨ slides.tex – SNMP Traffic Measurements – J¨ alder – 10/7/2006 – 19:05 – p. 8

  9. 2. Background: Characterization of MIB Modules urgen Sch¨ onw¨ slides.tex – SNMP Traffic Measurements – J¨ alder – 10/7/2006 – 19:05 – p. 9

  10. Static Analysis of MIB Modules MIB Module Set Modules Types Tables Columns Scalars Notifications IETF 174 377 875 7479 785 195 ATM Forum 11 63 79 777 39 5 Cisco Systems 482 936 1966 16952 3719 611 Enterasys 58 76 128 825 364 28 Juniper Networks 99 170 434 3606 1051 87 All Modules 824 1622 3482 29639 5958 926 • Characterization of MIB modules performed during summer 2004 • Developed a back-end for the smidump MIB compiler to produce various metrics • Results published at IFIP/IEEE IM 2005 (Nice) [1] urgen Sch¨ onw¨ slides.tex – SNMP Traffic Measurements – J¨ alder – 10/7/2006 – 19:05 – p. 10

  11. MIB Module Productivity revised/published MIB modules per year (ALL) 600 number of revised/published modules all modules new modules 500 400 300 200 100 0 1994 1996 1998 2000 2002 2004 year urgen Sch¨ onw¨ slides.tex – SNMP Traffic Measurements – J¨ alder – 10/7/2006 – 19:05 – p. 11

  12. IETF MIB Module Productivity revised/published MIB modules per year (IETF) 140 number of revised/published modules all modules new modules 120 100 80 60 40 20 0 1994 1996 1998 2000 2002 2004 year urgen Sch¨ onw¨ slides.tex – SNMP Traffic Measurements – J¨ alder – 10/7/2006 – 19:05 – p. 12

  13. MIB Module Revision Speed module revision speed (for modules that actually get revised) 100 80 revised modules [%] 60 40 IETF ATMF 20 Enterasys Juniper Cisco 0 0 12 24 36 48 60 72 84 96 108 120 time [months] urgen Sch¨ onw¨ slides.tex – SNMP Traffic Measurements – J¨ alder – 10/7/2006 – 19:05 – p. 13

  14. MIB Module Revision Frequency module revisions frequency 80 IETF percentage of revised modules [%] ATMF 70 Enterasys Juniper 60 Cisco 50 40 30 20 10 0 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 number of revisions urgen Sch¨ onw¨ slides.tex – SNMP Traffic Measurements – J¨ alder – 10/7/2006 – 19:05 – p. 14

  15. Base Type Usage Modules Int32 Uns32 Uns64 OctetString ObjectId Enum Bits All 21.5 35.5 3.3 15.0 0.6 23.3 0.9 IETF 22.3 36.5 2.7 16.6 1.9 18.9 1.2 ATM 32.5 27.0 0.0 11.2 0.4 28.1 1.0 Cisco 20.8 38.1 2.8 13.7 0.2 23.6 0.7 Enterasys 18.3 26.7 0.8 22.0 0.2 28.6 3.4 Juniper 21.5 25.6 7.3 17.0 0.2 27.8 0.6 • Looking at all MIB modules, more than 83.6% of all variables are encoded as ASN.1 INTEGER values • Close to 80% are 32-bit integer values that fit into 1-5 bytes • The actual usage distribution might be different urgen Sch¨ onw¨ slides.tex – SNMP Traffic Measurements – J¨ alder – 10/7/2006 – 19:05 – p. 15

  16. Row Encoding Size Distribution cumulative group / row size distribution 100 scalar groups / conceptual rows [%] 90 80 70 60 50 40 IETF 30 ATMF Enterasys 20 Juniper Cisco 10 All 0 0 200 400 600 800 1000 1200 1400 group / row PDU encoding size [bytes] urgen Sch¨ onw¨ slides.tex – SNMP Traffic Measurements – J¨ alder – 10/7/2006 – 19:05 – p. 16

  17. Create Encoding Size Distribution cumulative row creation size distribution (excl. defaults) 100 90 80 row creation PDUs [%] 70 60 50 40 IETF 30 ATMF Enterasys 20 Juniper Cisco 10 All 0 0 200 400 600 800 1000 1200 1400 create PDU encoding sizes [bytes] urgen Sch¨ onw¨ slides.tex – SNMP Traffic Measurements – J¨ alder – 10/7/2006 – 19:05 – p. 17

  18. Notification Encoding Size Distribution cumulative notification size distribution 100 90 80 70 notifications [%] 60 50 40 IETF 30 ATMF Enterasys 20 Juniper Cisco 10 All 0 0 200 400 600 800 1000 1200 1400 notification PDU encoding size [bytes] urgen Sch¨ onw¨ slides.tex – SNMP Traffic Measurements – J¨ alder – 10/7/2006 – 19:05 – p. 18

  19. 3. Measurement Approach urgen Sch¨ onw¨ slides.tex – SNMP Traffic Measurements – J¨ alder – 10/7/2006 – 19:05 – p. 19

  20. Measurement Process • The measurement process basically consists of five steps: 1. Capture raw SNMP traces in pcap capture files 2. Convert raw traces into a structured machine and human readable format 3. Filter converted traffic traces to suppress or anonymize sensitive information 4. Submit the filtered traces to a repository 5. Analyze the traces by running analysis scripts • Note that full packet traces are needed • Traces may become relatively large files urgen Sch¨ onw¨ slides.tex – SNMP Traffic Measurements – J¨ alder – 10/7/2006 – 19:05 – p. 20

  21. Division of Work • There are several approaches to divide the work between network operators and researchers: ◦ In some cases, the operator chooses to provide the raw traces to researchers under an NDA ◦ In some cases, the operator chooses to provide the filtered / anonymized traces to researchers under an NDA ◦ In some cases, the operator chooses to keep the traces under local control and commits to run analysis scripts on them and to provide the results • To support all approaches, we need to define some common data formats and build tools supporting them urgen Sch¨ onw¨ slides.tex – SNMP Traffic Measurements – J¨ alder – 10/7/2006 – 19:05 – p. 21

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Building Asynchronous SNMP Agents Presented by Ilya Etingof <etingof@gmail.com> Why SNMP

Building Asynchronous SNMP Agents Presented by Ilya Etingof <etingof@gmail.com> Why SNMP

Building Asynchronous SNMP Agents Presented by Ilya Etingof <etingof@gmail.com> Why SNMP SNMP is old, complicated and has many competitors SNMP is still ubiquitous in monitoring SNMP is well-understood by many We have

275 views • 3 slides
Internet traffic measurements Renata Teixeira (Inria) Why measure traffic? Performance

Internet traffic measurements Renata Teixeira (Inria) Why measure traffic? Performance

Internet traffic measurements Renata Teixeira (Inria) Why measure traffic? Performance analysis Anomaly and intrusion detec=on Network engineering Traffic at different granulari=es IP-level packets Capture per-packet

539 views • 40 slides
Machine Translation (M2M) Machine Translation (M2M) SNMP MIB to CIM MOF SNMP MIB to CIM MOF

Machine Translation (M2M) Machine Translation (M2M) SNMP MIB to CIM MOF SNMP MIB to CIM MOF

Machine Translation (M2M) Machine Translation (M2M) SNMP MIB to CIM MOF SNMP MIB to CIM MOF WIMS Working Group CIM Project 19 February 2007 PWG Maui Ira McDonald (High North) M2M Background Background M2M DMTF/PWG

437 views • 7 slides
SNMP MIBs to manage G.698.2 parameters

SNMP MIBs to manage G.698.2 parameters

SNMP MIBs to manage G.698.2 parameters draft-galikunze-ccamp-g-698-2-snmp-mib-02.txt Gabriele Galimberti Cisco Systems Ruediger Kunze Deutsche Telekom Lam, Hing-Kam Alcatel-Lucent Dharini Hiremagalur Juniper

361 views • 8 slides
Measurements and Observations of IP Introduction Multicast Traffic Environment and methodology

Measurements and Observations of IP Introduction Multicast Traffic Environment and methodology

Outline Measurements and Observations of IP Introduction Multicast Traffic Environment and methodology Bruce A. Mah Measurements bmah@CS.Berkeley.EDU Aggregate The Tenet Group Audio conversations University of California at Berkeley

197 views • 4 slides
56 C H A P T E R Chapter Goals Discuss the SNMP Management Information Base. Describe SNMP

56 C H A P T E R Chapter Goals Discuss the SNMP Management Information Base. Describe SNMP

56 C H A P T E R Chapter Goals Discuss the SNMP Management Information Base. Describe SNMP version 1. Describe SNMP version 2. Simple Network Management Protocol Background The Simple Network Management Protocol (SNMP) is an

482 views • 12 slides
MySQL Through SNMP Gerardo Gerry Narvaja @seattlegaucho Agenda - Introduction to our

MySQL Through SNMP Gerardo Gerry Narvaja @seattlegaucho Agenda - Introduction to our

MySQL Through SNMP Gerardo Gerry Narvaja @seattlegaucho Agenda - Introduction to our MySQL SNMP agent (sort of) fork - Why SNMP - Why MySQL agent - Why pass_persist - Why fork - Short introduction on how to measure "bytes

366 views • 20 slides
Bringing ZFS information into SNMP Thomas Stibor GSI Helmholtz Centre for Heavy Ion Research, HPC

Bringing ZFS information into SNMP Thomas Stibor GSI Helmholtz Centre for Heavy Ion Research, HPC

Bringing ZFS information into SNMP Thomas Stibor GSI Helmholtz Centre for Heavy Ion Research, HPC 27. Januar 2014 What is SNMP? Simple Network Management Protocol (SNMP) is protocol for network management. It allows collecting

471 views • 19 slides
SNMP Transition Tool Management of IPv6 Networks with IPv4/IPv6 SNMP Gateway Wiktor Procyk

SNMP Transition Tool Management of IPv6 Networks with IPv4/IPv6 SNMP Gateway Wiktor Procyk

SNMP Transition Tool Management of IPv6 Networks with IPv4/IPv6 SNMP Gateway Wiktor Procyk wiku@man.poznan.pl Zagreb, TERENA, May 2003 Wiktor Procyk <wiku@man.poznan.pl> 1 Introduction IPv6 is the next generation protocol designed

287 views • 18 slides
Understanding Broadband Traffic - Metrics, Measurements, and Policy Steven Bauer, Bill Lehr,

Understanding Broadband Traffic - Metrics, Measurements, and Policy Steven Bauer, Bill Lehr,

Understanding Broadband Traffic - Metrics, Measurements, and Policy Steven Bauer, Bill Lehr, David Clark CSAIL/MIT Oct 21, 2010 Outline The story of a $100,000 bug Why it (and hundreds of other details) matter to the FCC study of

718 views • 47 slides
Early SNMP Case S Early SNMP Case Studies udies Salt and Nutrient Management Plans and

Early SNMP Case S Early SNMP Case Studies udies Salt and Nutrient Management Plans and

Early SNMP Case S Early SNMP Case Studies udies Salt and Nutrient Management Plans and Salt and Nutrient Management Plans and Relat lated Issues at d Issues at Camp P Camp Pendleton MCB ndleton MCB Rob Beggs, Brown and Caldwell

218 views • 21 slides
Salt/Nutrient Management Plan (SNMP) for the Central Basin &West Coast Basin (CBWCB) October

Salt/Nutrient Management Plan (SNMP) for the Central Basin &West Coast Basin (CBWCB) October

Salt/Nutrient Management Plan (SNMP) for the Central Basin &West Coast Basin (CBWCB) October 21, 2013 CEQA Scoping Meeting 1 Presentation Overview Background on Basins SNMP Water Quality Assessment Implementation Measures

701 views • 39 slides
LAN Measurement Carey Williamson Department of Computer Science University of Calgary LAN

LAN Measurement Carey Williamson Department of Computer Science University of Calgary LAN

CPSC 641: LAN Measurement Carey Williamson Department of Computer Science University of Calgary LAN Traffic Measurements Some of the first network traffic measurement papers were for measurements done on Ethernet local area networks

696 views • 7 slides
RAON EPICS integration of SNMP and RAON EPICS integration of SNMP and its realization at early

RAON EPICS integration of SNMP and RAON EPICS integration of SNMP and its realization at early

RAON EPICS integration of SNMP and RAON EPICS integration of SNMP and its realization at early stage its realization at early stage Park, Mi-Jeong Park, Mi-Jeong IBS, S.Korea IBS, S.Korea May 20, 2015, East Lancing, Michigan, USA. EPICS

539 views • 17 slides
Salt/Nutrient Management Plan (SNMP) for the Central Basin and West Coast Basin (CWCB) November

Salt/Nutrient Management Plan (SNMP) for the Central Basin and West Coast Basin (CWCB) November

Salt/Nutrient Management Plan (SNMP) for the Central Basin and West Coast Basin (CWCB) November 15, 2011 Los Angeles Regional Water Quality Control Board (LARWQCB) Workshop for SNMP Development 1 Background of the Central and West Coast

331 views • 14 slides
World 2012 Friday, 13 July 12 SNMP Monitoring of Devices using Lithium Matthew Tilney The

World 2012 Friday, 13 July 12 SNMP Monitoring of Devices using Lithium Matthew Tilney The

World 2012 Friday, 13 July 12 SNMP Monitoring of Devices using Lithium Matthew Tilney The Australian National University XW12 Friday, 13 July 12 Introduction About Me About ANU Device Monitoring SNMP Workshop XW12

1.21k views • 52 slides
All-island Network Code Stakeholder Forum 31 July 2019 Webinar 1 Zoom.us Webinar details: You

All-island Network Code Stakeholder Forum 31 July 2019 Webinar 1 Zoom.us Webinar details: You

All-island Network Code Stakeholder Forum 31 July 2019 Webinar 1 Zoom.us Webinar details: You are invited to a Zoom webinar. We will open the webinar 15mins prior to When: Jul 31, 2019 10:30 AM London Topic: All-island (Network Codes) Forum

762 views • 57 slides
Patent Law Prof. Roger Ford January 27, 2016 Class 3 Disclosure: Enablement Recap Recap

Patent Law Prof. Roger Ford January 27, 2016 Class 3 Disclosure: Enablement Recap Recap

Patent Law Prof. Roger Ford January 27, 2016 Class 3 Disclosure: Enablement Recap Recap Mechanics and formalities of patent claims Claim strategy Claim-drafting exercise Todays agenda Todays agenda The patent

464 views • 32 slides
Engineering For US ALL (E4USA) NSF EEC Grantees Conference October 2019 1 Overview Overview

Engineering For US ALL (E4USA) NSF EEC Grantees Conference October 2019 1 Overview Overview

Engineering For US ALL (E4USA) NSF EEC Grantees Conference October 2019 1 Overview Overview Curriculum Professional Development Partnerships Credit and Placement Research & Assessment Small Group Breakouts

1.35k views • 57 slides
DANTE Visits to NOCs - 2012 TF-NOC, Poznan 13 December 2012 Creating the global research village

DANTE Visits to NOCs - 2012 TF-NOC, Poznan 13 December 2012 Creating the global research village

Serving European NRENs DANTE Visits to NOCs - 2012 TF-NOC, Poznan 13 December 2012 Creating the global research village Agenda Serving European NRENs Purpose Scope Key areas of interest Completed Changes Future Plans 2 Creating

258 views • 15 slides
Product Portfolio PRISMA Engineering S.r.l. is a member of: PRISMA Engineering S.r.l.

Product Portfolio PRISMA Engineering S.r.l. is a member of: PRISMA Engineering S.r.l.

Product Portfolio PRISMA Engineering S.r.l. is a member of: PRISMA Engineering S.r.l. Confidential 11/01/2007 Slide 1 Prisma Products The unique combination of features: Real-time processing. Multi user independent utilization. Multi

428 views • 18 slides
Enabling Massively Multi-Player Online Gaming Applications on a P2P Architecture Scott Douglas,

Enabling Massively Multi-Player Online Gaming Applications on a P2P Architecture Scott Douglas,

7 Proceedings of the International Conference on Information and Automation, December 15-18, 2005, Colombo, Sri Lanka. Enabling Massively Multi-Player Online Gaming Applications on a P2P Architecture Scott Douglas, Egemen Tanin, Aaron Harwood,

318 views • 6 slides
A Functional-Load Account of Geminate Contrastiveness: a Meta-Study Kevin Tang John Harris

A Functional-Load Account of Geminate Contrastiveness: a Meta-Study Kevin Tang John Harris

A Functional-Load Account of Geminate Contrastiveness: a Meta-Study Kevin Tang John Harris Department of Linguistics Division of Language Sciences University College London 4th September 2014 Linguistics Association of Great Britain 2014

865 views • 42 slides
Impact of VLSI Scaling and Synthesis on Multimedia Processor Cores T OM AS B AUTISTA AND A

Impact of VLSI Scaling and Synthesis on Multimedia Processor Cores T OM AS B AUTISTA AND A

Impact of VLSI Scaling and Synthesis on Multimedia Processor Cores T OM AS B AUTISTA AND A NTONIO N U NEZ CAD Division, IUMA Applied Microelectronics Research Institute. University of Las Palmas de Gran Canaria. E-35017 Las Palmas

221 views • 9 slides

More recommend