Network Management Introduction (Second)

By obtaining reliability from failure analysis and prevention through the network performance and traffic analysis, it can be used as basic information when improving network process speed, adjust network bandwidth and planning a network expansion plan.

Main Features

 

1. Support various traffic collection targets and traffic tracking management

It supports many traffic collection targets from Flow-supporting network equipment to all versions of SNMP, various Flow, etc. It maintains a smooth network state during important working hours by reducing unneeded bandwidth build-up costs through unneeded traffics and a 5-step in-depth traffic tracing function.

 

2. Traffic management as Dos/DDos, etc and detecting abnormal flow

List-viewing and distribution-viewing are supported for abnormal traffics and target and types of abnormal traffic, Victim, Flow, Packet, Byte and time can be verified from the list, and based on this, you can plan for the detailed re-engineering plan.

 

3. Traffic pattern analysis per IP and services

You can analyze Top N, Byte, BPS, PPS analysis and history status per Interface and IP address transmitted, and can analyze Top N and history, increase/decrease comparison per service.

 

4. Detailed analysis on protocol and interrelationship traffics

You can analyze Top N, Byte, Packet, BPS, PPS analysis and history status per Interface/Protocols transmitted and per interrelationship. And you can analyze Top N and history, compare per protocol.

 

5. End to End detailed analysis per traffic

Traffic End to End analysis can obtain reliability by analyzing causes for failure and prevention and can be used as basic data in improving network processing speed, adjusting network bandwidth (provides basic data in setting QoS), and when establishing a network expansion plan.

 

※ Please contact me by email if you want to get more information
(crive@watchtek.co.kr)

The following news will be updated in June

Thank you

Let’s find about the OpenFlow

1) Overview

The OpenFlow architecture consists of three basic concepts. (1) The network is built up by OpenFlow-compliant switches that compose the data plane; (2) the control plane consists of one or more OpenFlow controllers; (3) a secure control channel connects the switches with the control plane. In the following, we discuss OpenFlow switches and controllers and the interactions among them.

An OpenFlow-compliant switch is a basic forwarding device that forwards packets according to its flow table. This table holds a set of flow table entries, each of which consists of match fields, counters and instructions, as illustrated in Figure 2. Flow table entries are also called flow rules or flow entries.

2) OpenFlow 1.0 (First Version)

The OpenFlow 1.0 specification was released in December, 2009. As of this writing, it is the most commonly deployed version of OpenFlow. Ethernet and IP packets can be matched based on the source and destination address. In addition, Ethernet-type and VLAN fields can be matched for Ethernet, the differentiated services (DS) and Explicit Congestion Notification (ECN) fields, and the protocol field can be matched for IP. Moreover, matching on TCP or UDP source and destination port numbers is possible.

Figure 3 illustrates the packet handling mechanism of OpenFlow 1.0 as described in Section 3.1. The OpenFlow standard exactly specifies the packet parsing and matching algorithm. The packet matching algorithm starts with a comparison of the Ethernet and VLAN fields and continues if necessary with IP header fields. If the IP type signals TCP or UDP, the corresponding transport layer header fields are considered.

Several actions can be set per flow. The most important action is the forwarding action. This action forwards the packet to a specific port or floods it to all ports. In addition, the controller can instruct the switch to encapsulate all packets of a flow and send them to the controller. An action to drop packets is also available. This action enables the implementation of network access control with OpenFlow. Another action allows modifying the header fields of the packet, e.g., modification of the VLAN tag, IP source, destination addresses, etc.

Statistics can be gathered using various counters in the switch. They may be queried by the controller. It can query table statistics that contain the number of active entries and processed packets. Statistics about flows are stored per flow inside the flow table entries. In addition, statistics per port and per queue are also available.

OpenFlow 1.0 provides basic quality of service (QoS) support using queues, and OpenFlow 1.0 only supports minimum rate queues. An OpenFlow-compliant switch can contain one ore more queues, and each queue is attached to a port. An OpenFlow controller can query the information about queues of a Future Internet 2014, 6 309 switch.

3) OpenFlow 1.4 (Newest Version)

OpenFlow 1.4 was released in October 2013. The ONF improved the support for the OpenFlow Extensible Match (OXM). TLV structures for ports, tables and queues are added to the protocol, and hard-coded parts from earlier specifications are now replaced by the new TLV structures. The configuration of optical ports is now possible. In addition, controllers can send control messages in a single message bundle to switches. Minor improvements of group tables, flow eviction on full tables and monitoring features are also included.

Resource: Future Internet (Wolfgang Braun and Michael Menth)

The Knowledge Network Plane: Five Reasoning

1. Ontology

An ontology not only allows for syntax and semantics of the information, but enables or constrains the scope of reasoning that can be performed on the entities defined by the ontology. An ontology in the KP must support extensibility, locally independent definition, some reasonable amount of convergence, and global discovery when needed. Our current ontology language of choice is OWL although it is not the only possibility.

 

2. Function library and definitions

There are two reasons that a library or catalog of network management tool definitions and implementations is important to the architecture. First, because the management target is any part of the broad network where management is desired, tools may be needed in a wide variety of locations. Perhaps even more importantly, in order for the KP to improve and evolve, it will be important to incorporate new tools with new capabilities into existing toolkits. This will require both a definition of each tool and implementations. If each inclusion of a new capability needs to be handled through manual intervention, improved and evolving behaviors are unlikely to succeed

 

3. Probabilistic programming

The significant majority of computation that will occur in the KP will be statistical or probabilistic. Lee in his thesis took a preliminary step in specifying probabilistic knowledge. Beverly in his thesis concentrated exclusively on statistical analysis of network information, because essentially all information that is collected from measuring and monitoring is sampled, incomplete, only partially accessible, intentionally incorrect, or some combination of these. The information as a whole is statistical.

 

4. Agent system

Probabilistic programming: The significant majority of computation that will occur in the KP will be statistical or probabilistic. Lee in his thesis took a preliminary step in specifying probabilistic knowledge. Beverly in his thesis concentrated exclusively on statistical analysis of network information, because essentially all information that is collected from measuring and monitoring is sampled, incomplete, only partially accessible, intentionally incorrect, or some combination of these. The information as a whole is statistical.

 

5. Reasoning organization framework

One of the core challenges in a design that requires as much distribution, coordination, extensibility, and policy control as the KP is that the questions of (1) how to decompose functionality in order to distribute it, (2) how to re-organize functionality under changing conditions, and (3) how to understand the effectiveness of an organization or re-organization of functionality, will require at least automated assistance for the human programmer or network manager. We suspect that the integration across many factors, locations, and policies is not something that human intelligence is best suited for. The humans will definitely be the sources of policy definitions and choices. They may oversee and supervise the organization and

 

Resource: MIT Computer Science and Artificial Intelligence Laboratory

Introduction of WITO Service.

1. Service Capacity

1-1 Retain the best Man power of the IT integrated operation management field

1-2 Establishment and operation of the best integrated operation management system in kore

1-3 Performance and management methodology by verified projects (WatchAll methodology)

1-4 Operation and management know-how on a large scale

 

2. WITO Service (Watchtek Information Technology Outsourcing)

2-1 IT Service management

– Establishment and application of ITIL-based standard operation procedure
– Improvement of the service quality through setting SLA indicator and improving continuously
– A stable operation support and management of service historythrough operation of a service desk

2-2 Integrated operation management

– Operation, maintenance, failure handling, history management, support operation personnel of the system and network
– Perform preemptive failure handling with regular and irregular preventive inspections
– Improve operation reliability through standardized management process and methodology

2-3 Integrated control(monitoring)

– Perform integrated monitoring with best products as SMS, NMS and FMS, etc
– Performance and storage management, regular inspection and report through automation systems
– Analysis and improvement through the accumulation of operation data

 

※ Please contact me by email if you want to get more information
(crive@watchtek.co.kr)

The following news will be updated in April.

Thank you

 

 

Six challenges list for computation and reasoning information

This is information for efficient network management.

1. The nature of the information

The information available for network management generally is incomplete, often incorrect, or intentionally masked or hidden.3 By definition the best one

can expect is that it is statistically representative. The computations performed over the information must not only account for this statistical, incomplete, and large-scale nature,

but must also be selected to match characteristics such as dependence or independence, long-term drift, availability or lack thereof of adequate training sets, and so forth. Generally, the appropriate algorithms are most likely to come from statistical machine learning, but must be selected appropriately to the intended results.

 

2. Efficiency/performance

As with the measurement, monitoring, and management of information, the tools that comprise network management can themselves also have an impact on the efficiency and performance of the network itself. Algorithms and their implementations must be selected to minimize their impact on performance while providing adequate functionality, accuracy, and detail, but need not provide more than that.

 

3. Decomposition

In many cases, it will be critically important to be able to decompose and distribute the computations required for a tool or capability. This may be driven by performance or policy constraints on moving information, competition for computing resources, or simply required computational capabilities, such as the limited availability of a particular machine architecture that especially suits a particular functional component. The drivers for decomposition include functionality, geography or topology, and policy.

 

4. Composition

As with the challenge of sharing and reusing information, it will be important to be able to compose tools or computations into more sophisticated ones. At a basic level, there are and will continue to be a set of tools that do inference over collected data. A simple example is the inference of lost packet rates. In fact, this may be handled by different tools in different places, but being able to compose a tool for aggregating traffic loss over the links of a path that traverses many networks will require the ability to compose not only the inferences of traffic loss based on local packet traces, but also tools for discovering the links that comprise a path.4 For broad network management capabilities to operate usefully and effectively it is important to support composition of functions or tools.

 

5. Extensibility

Beyond the problem of composition, we must recognize that network management is not static. New tools and capabilities are being designed and implemented all the time. For network management not to stagnate and become out of date, it is necessary that a composed tool be extensible to incorporate newer and more effective supporting tools as they become available. The challenges here include not only how to discover them, but also how to invoke or use them, without requiring human intervention for each new extension.

 

6. Organizing framework

In order to relieve network managers of the often extremely detailed and complex tasks of organizing network management functions under differing and often changing conditions of physical organization, behavior criteria, and policy constraints, there is a need for a framework that can operate over a set of constraints and objectives to organize network management tools appropriately and then evaluate the effectiveness of that organization. Even the initial structuring,

organizing and location of functionality is not an easy task. There is a significant open question of how to be able to evaluate the effectiveness of a framework set of decisions for organizing network management function. One must ask about a variety of questions such as the nature and source of the evaluation criteria such as what are they, how accurate or flexible can they be, etc. In addition one must ask about the scope and time over which such evaluations might take place.

 

Resource: MIT Computer Science and Artificial Intelligence Laboratory

SDN USE CASES

1. Traffic engineering

The wide area network (WAN) that connects the datacenters of cloud providers is critical for the performance of Internet services. WAN links are very expensive, and to guarantee the required performance WAN routers consist of high-end, specialized equipment. To compound the problem, providers are unable to fully leverage their high investment on the infrastructure. Given the extreme lack of efficiency of these inter-datacenter networks they are provisioned for an average utilization of 30-40%.

Recognizing this problem, Google and Microsoft have deployed large-scale SDN infrastructures for boosting the utilization of their inter-datacenter links. These systems – Google’s B4 and Microsoft’s SWAN – leverage on SDN to substantially increase the utilization of their WAN links. In particular, the logical centralization of network control enables centralized traffic engineering and simpler traffic prioritization, making it possible to have these links used up to nearly 100% utilization without impairing the quality of service. Besides avoiding link usage inefficiencies, the network equipment used in these solutions is built from merchant switch silicon, further reducing costs and increasing flexibility.

2. Network management

Datacenter operators have developed, over the years, automated systems for managing their traffic and infrastructure, in order to keep their networks running smoothly. Management applications are sophisticated in their own right. More challenging still, the different applications that continuously run in these networks (it is common to have, for instance, a traffic engineering application alongside another to mitigate link failures) can conflict with each other.

Statesman is an SDN-based solution deployed in Microsoft Azure datacenters that provides a state management abstraction aimed to solve this problem. Specifically, this service introduces two main ideas to simplify the design and deployment of network management applications. First, it maintain different view of network state to prevent conflicts and invariant violations. Applications cannot change the state of the network directly. Instead, each application applies its own logic to the network’s observed state to generate proposed states that may change one or more state variables. Statesman merges all proposed states into one target state while ensuring safety and performance invariants. Second, Statesman uses a dependency model to capture the domain-specific dependencies among state variables.

3. Network virtualization

As mentioned before, networking has long supported virtualized primitives such as virtual links (tunnels such as MPLS) or broadcast domains (VLANs to slice L2 networks). Traditional network virtualization technologies do not provide full network virtualization and require significant manual network management on a box by-box basis. As a consequence, current network provisioning can take months, while compute provisioning takes only minutes.

VMware has recently started offering a network virtualization solution using SDN principles, the Network Virtualization Platform (NVP) (commercialized as NSX). NVP is designed for multi-tenant datacenters and has been deployed in dozens of production environments over the last few years. NVP is an edge-based implementation that does not require SDN-based hardware. The only requirement is for the datacenter computing resources controlled by NVP to be fully virtualized.

In NVP a centralized controller cluster is responsible for configuring the virtual switches in the hypervisor of every host (OpenvSwitch) with the appropriate logical forwarding. The solution then leverages on a set of tunnels between every pair of host-hypervisors to forward traffic.

Resource: 1) Fernando M. V. Ramos LaSIGE/FCUL, University of Lisboa, Portugal
2)  Diego Kreutz, Paulo Verissimo SnT/University of Luxembourg, Luxembourg

What is an open flow?

The OpenFlow specification defines a standard collection of features that switches must provide, as well as an interface that controllers can use to communicate with switches including instructions for installing and deleting forwarding rules, and notifications about flows, topology, and traffic statistics.

※ Traditional and software-defined architectures

An OpenFlow switch maintains a forwarding table that contains a list of prioritized rules. Each rule has a pattern that describes a set of packets and actions that describe transformations on packets. When a packet arrives at a switch, the switch finds a rule whose pattern matches the packet headers and applies the associated actions. If multiple rules match, the switch applies the actions of the highest priority rule, while if no rules match, the switch encapsulates the packet

in an OpenFlow message and sends it to the controllers. The controllers can either process the packet directly, or send messages back to the switch instructing it to install or delete rules in its forwarding table. The maximum size of a table is determined by hardware constraints, but most switches have space for at least several thousand rules. To support traffic monitoring, every rule has associated counters that keep track of basic statistics such as the number and total size of all packets processed with that rule. Controllers can read these counters using OpenFlow messages.

They can also configure the physical ports on a switch by creating queues that rate-limit traffic or provide minimum bandwidth guarantees—features that are useful for implementing traffic engineering applications.

Resource: Abstractions for Software-Defined Networks / Author are Martin Casado, Nate Foster, Arjun Guha.

Let’s find about the SDN.

1. Definition

We discuss SDN along the definition given by the ONF. It is the most accepted SDN definition worldwide, because most global players in the networking industry and many IT corporations participate in the ONF

2. Protocol Options for the Southbound Interface

The most common southbound interface is OpenFlow, which is standardized by the Open Networking Foundation (ONF). OpenFlow is a protocol that describes the interaction of one or more control servers with OpenFlow-compliant switches. An OpenFlow controller installs flow table entries in switches, so that these switches can forward traffic according to these entries. Thus, OpenFlow switches depend on configuration by controllers. A flow is classified by match fields that are similar to access control lists (ACLs) and may contain wildcards.

3. SDN, Active and Programmable Networks

In the past, various technologies were developed to enable programmability in communication networks. Active networks (AN) were developed in the 1990s. The basic idea of AN is to inject programs into data packets. Switches extract and execute programs from data packets. With this method, new routing mechanisms and network services can be implemented without the modification of the forwarding hardware. However, this approach has not prevailed, due to security concerns and performance issues that can occur on executing programs in the forwarding devices. For example, an attacker can inject malicious programs into network packets and forward them into the network.

Programmable networks (PN) also provide a means for programmability in the network by executing programs on packets similar to AN. However, programs are not included in the data packets as with AN. The programs are installed inside the network nodes, which execute the programs on the packets. This clearly reduced security concerns that occur with AN, because a network node only accepts programs after a prior signaling and node setup. Various proposals for PN were made in the past. For example, xbind was proposed for asynchronous transfer mode (ATM) networks that are tailored towards quality of service (QoS) and multimedia applications. The aim of xbind was to overcome the complexity associated with ATM and to allow easier service creation by separating the control algorithms from the ATM protocol, which was enabled by the programmability of the forwarding devices through programming languages.

Both approaches, AN and PN, introduce new flexibility by allowing programs to be executed within the network. They are more flexible than an OpenFlow-based SDN approach, because they allow one to program the data plane in an extensible way. New data plane functionality can be implemented through programs that are either part of data packets with AN or installed inside network nodes with PN. An OpenFlow-based SDN approach cannot extend the data plane functionality without an upgrade of the switches, due to the fact that OpenFlow only provides a fixed set of network operations. The OpenFlow controller is only able to program the switch with its supported set of operations.

Resource: Article(Software-Defined Networking Using OpenFlow: Protocols, Applications and Architectural Design Choices) / Author is Wolfgang Braun and Michael Menth

WatchAll NEWS (February 2017 issue)

Way to get cunsulting for IT Service

 

WatchAll Suggests solutions for difficult IT services. We provide the best IT consulting.
We supports all processes from consulting, design, introduction, and maintainance to enable to an optimized intergrated management accrording to diffenent IT enviorments or each IT site by professional IT consultants who prossess know-how accumulated throgh numerous successful contracts.

 

※ IT Consulting Process

IT consulting is conducted through a total of 5 steps methodology from the launch, IT environment and situation analysis to process design and planning.

WatchAll’s Unique Process

 

 

※ Four Key Point Service

 

1. First Point service

 

2. Second Point service

 

3. Third Point service

 

4. Fourth Point service

 

We can provide the above All services and solve All problems.

Please contact me by email if you want to get more information
(crive@watchtek.co.kr)

The following news will be updated in March.

Thank you