Previous Table of Contents Next


Hour 22
Who Watches The Watchmen? Network Management Tools

Nothing strengthens the judgement and quickens the conscience like individual responsibility.

—Elizabeth Cady Stanton

“Network management” is possibly one of the most overused phrases in networking. Used to mean everything from change management to network monitoring to remote reconfiguration, network management started out as an amorphous marketing blob of a phrase used to soothe you into parting with your money. It used to be that you could buy tens of thousands of dollars worth of hardware and software, end up with a proprietary solution that didn’t do you much good, and be left with the net result of being tens of thousands of dollars poorer.

Not anymore! Today’s network management packages can provide powerful tools to help you coordinate the task of keeping track of hundreds of network devices and thousands of network stations. Although the high-end management stations and associated network probes can be costly, you now have a choice between comprehensive and complex or simple and slick tools to help you monitor your network’s general health or to simply report proactively when things stop working.

Certain management packages include everything but the kitchen sink. In particular, they include tools that we’ve briefly discussed:

  Automated network application deployment tools (Hour 16, “Beauty Is Consistency Deep: Saving Yourself Trouble”)
  Remote control and support (Hour 17, “Where Do I Start?”)

For this hour, we’ll define a network management tool as any tool that helps you monitor your network infrastructure gear, applications, and servers remotely. You’ll see how network management can help you take the bull by the horns and build a more reliable network.

Big Monitor Is Watching

The germane function of network management is, in fact, the monitoring of key services and infrastructures. As network troubleshooters, we are interested in seeing when things are about to fail, as well as when they fail. When we monitor, we’re interested in the following items:

  Performance—Is the resource running out of steam? What’s it running out of?
  Uptime—How long has it been up? Should we restart it as a preventative measure?
  Availability—Is the resource available, or is it down?

Because you could monitor literally hundreds of individual resources via the network—for example, the power supplies in your server, each hard drive, the internal temperature of the CPU, its network card buffers, and so on—network management packages have introduced the concepts of thresholds and alerts.

When a resource goes outside the thresholds you or the manufacturer set up, an alert to the network is generated, and you get notified about it. This is the basic concept behind network monitoring.

Depending upon which network management package you choose, this can be more or less automatic. Some management packages use proprietary methods of monitoring (which is not a terrible thing if it works and is easy to use) and some use standards-based monitoring. Which one is right for you? It really depends on how large your shop is, what tools your vendor provides when you buy your network gear, and how well they fit into a management solution. We’ll explore this further, but first, let’s look at what monitoring standards exist.

MIB: Men In Black? My Information Buddy? Mental Illness Bonanza?

Network management, like all networking, is full of crazy acronyms. Three of the most important acronyms (which also double as important TCP/IP standards) are SNMP, MIB, and RMON.


See ftp://rtfm.mit.edu/pub/usenet/news.answers/snmp-faq/part1 and Part II, “Black Box Troublshooting Strategies,” for answers to common questions about SNMP, RMON, and MIBs.

SNMP stands for Simple Network Management Protocol and is a standard way of providing certain network information to nodes that request it, while allowing privileged nodes to change that information. How is this accomplished?

SNMP is just another TCP/IP service, a service that lives on UDP socket 161. A workstation, server, router, switch, or other network device that has the SNMP service running on it is called an SNMP agent. Any SNMP agent provides certain variables to requesting management stations. A common set of well-understood variables is known as an MIB; MIBs compose information available through SNMP. Figure 22.1 shows an MIB browser from MG-Soft (www.mg-soft.com).


Figure 22.1  The MG-Soft MIB browser is a good way to start getting familiar with SNMP and MIBs.

Whoa! What’s an MIB? MIB stands for managed information base and is a shorthand way of referring to all the resource variables that exist in one group. For instance, just about all SNMP agents will respond to MIB-I and MIB-II variables, such as SysContact, SysName, SysLocation for record keeping, and ifOutOctets and ifInOctets, referring to the number of bytes received or transmitted by an interface (if). Of course, you need a network management station to be able to read variables from an agent.

Many manufacturers provide their own MIBs, because they have specific information that isn’t contained in the general MIBs. For example, my GroupWise system has a couple of specific variables in its MIBs that wouldn’t be useful for any other system (for example, poaUndeliverableMsgs, which stands for Post Office Agent’s Undeliverable Messages). Presumably, the agent that lives on the device or software already knows about its MIB; however, an MIB file exists that allows you to “export” the MIB to a network manager that doesn’t know about it.


The MIB browser from Figure 22.1 provides a good way for you to tool around the MIB and SNMP world. It includes an MIB compiler so that you can insert vendor-supplied MIBs and check out the information that the agent supplies. Cool!

Okay, so having an SNMP agent on a device allows you to keep track of millions of resources at once. This is neat, but what about alerts? That is, when something goes out of its threshold, how does SNMP tell you about it?


Previous Table of Contents Next