Table Of Contents
Network Design for a Dial NMS Case Study
Introduction to the Case Study
Benefits of a Dial NMS
Dial NMS Planning Questionnaire
Dial NMS Service Definition
Network Topology
Hardware Requirements
Software Requirements
Configuration Design Parameters
Implementation and Operation Tasks
Network Design for a Dial NMS Case Study
Introduction to the Case Study
This case study describes:
•
How one Internet service provider (ISP) designs, implements, and operates a dial network management system (NMS) for a dial Internet access service (DIAS).
•How to implement dial NMS protocols, applications, and other utilities.
THEnet is an ISP in Austin, Texas that wants to develop a dial NMS and integrate it with its existing Network Operations Center (NOC). THEnet has two dial point-of-presences (POPs) that provide dial-up services for the following types of customers:
•Residential subscribers
•Corporations who outsource their dial-up services and want to avoid the overhead of operating their own dial POP.
Figure 4 THEnet Operates Two POPs from One NOC
•All remote modem users share a common pool of modem resources. Users can dial in to either POP.
•The dial POPs are redundant. If one POP loses service, traffic is re-routed to the other POP. Describing how traffic is re-routed is outside the scope of this case study, and the diagrams in the case study show simplified IP paths only.
THEnet uses this model to identify the different functional areas of the dial NMS:
F = Fault management
C = Configuration management
A = Accounting management
P = Performance management
S = Security management
A dial NMS provides the FCAPS management functions for a DIAS.
Benefits of a Dial NMS
A dial NMS:
•Increases network availability
•Improves end-user satisfaction by improving service performance
•Provides fault-isolation capabilities, which improves fault-analysis information
•Reduces network support costs
•Enables capacity plannning
•Enables security improvements
•Provides accounting (for example, billing and chargeback)
•Processes important connection events and alarms for statistical analysis
•Provides performance-reporting capabilities for a dial Internet access service
•Enables standardized software releases (for example, software versions and configuration files)
•Addresses the perception problems that are commonly associated with dial access networks
Dial NMS Planning Questionnaire
This planning questionnaire describes information that is essential for creating a dial NMS service definition. A questionnaire helps network engineers make accurate design decisions and consider alternative solutions. The network engineers at THEnet answered the design questions as shown in Table 2.
Table 2 Network Design Questions and Answers
Network Design Questions
|
THEnet
Answers
|
What types of services does your network provide?
|
Dial Internet access services
(V.90 analog modem services)
|
How many dial POP sites are you managing?
|
Two sites in Austin, Texas
|
What types of network services will the DIAS support? (Network management is based on customer requirements.)
|
•Residential subscriber services
•Corporate-outsourcing services
|
What is the user-growth projection for the next 5 years?
3 months = Current deployment requirement.
1 year = Current design plan requirement.
5 years = Future scalability plan requirement.
|
•3 months—50,000 users
•1 year—100,000 users
•5 years—1 million users
|
What is the user-to-line ratio during busy hours?
|
10:1
|
What level of service must you guarantee to your customers?
|
Guaranteed up time
|
Do you have redundant connections to the Internet?
|
Yes
|
Do you have redundant connections to the NOC?
|
Yes
|
What existing servers do you have available in the NOC?
|
•SNMP management server
•Syslog server
•AAA server
•Database server
|
What SNMP framework management system do you want to use?
|
HP OpenView (HPOV)
|
What element management system do you use for collecting and managing syslog?
|
CiscoWorks 2000 Resource Manager Essentials
(CW2000 RME)
|
Do you have a preferred platform and operating system for monitoring the network?
|
Yes
Sun Sparc, Solaris 2.6
|
What type of network access servers will you use?
|
Cisco AS5800s
|
Do you have a staff of UNIX experts?
|
Yes
|
Do you provide reports for any service level commitments with your customers? If yes, what management systems will you use?
|
Yes
•Multi Router Traffic Grapher (MRTG)
•Custom-based AAA accounting tools and database query tools
|
Identify the types of users who require network management reports.
|
•Network managers
•Network operators
•Network engineers
•Help desk operators
•Corporations who outsource their dial-up service
•End users
|
What types of reports do you provide?
|
•Periodic performance reports
•Billing reports
•Security reports
•Router operations reports
•High-priority syslog reports
|
What format do the managers want to view the reports in?
|
HTML web pages and
online graphs
|
Who will monitor the management systems?
|
The network operations staff
|
How will network operators be notified of network problems?
|
By sending e-mail to their pagers
|
For fault and performance management purposes, do you need to provide call detail records?
|
Yes
Disconnect cause codes and retrain counters must be inspected.
|
What security protocols do you use for authentication, authorization, and accounting (AAA)?
|
•RADIUS for the remote modem users
•TACACS+ for the router administrators in the NOC
|
What dial NMS freeware do you plan to use?
|
MRTG, UCD-SNMP, Linux, and Apache
|
What software tools do you plan to develop internally?
|
•Log File Rotator
•Device Navigator
•Modem Call Record Viewer
•Web-based management
•War Dialer for performance testing (optional)
|
Do you plan to build and maintain customized scripts?
|
Yes
|
Dial NMS Service Definition
A service definition is a statement that describes required services for a network design.
The dial NMS service definition determined for THEnet is based on:
•The answers provided in Table 2
•The FCAPS model
–Fault management
–Configuration management
–Accounting management
–Performance management
–Security management
Table 3 Dial NMS Service Definition for THEnet
FCAPS
Function
|
Service Requirements and Ways to Collect Management Data
|
Fault
management
|
•SNMP—Use UCD-SNMP and HPOV to explore the SNMP Management Information Bases (MIBs) and create the SNMP framework for the dial NMS.
|
| |
•The Cisco IOS command-line interface (CLI)—Troubleshoot network connectivity problems by collecting robust network statistics. For example, use the following commands:
–show controller t1
–show isdn status
–debug ppp negotiation
–show isdn service
–debug ppp error
–debug isdn events
–debug isdn q921
–debug isdn q931
|
| |
•Syslog—Troubleshoot and isolate faults in the network by collecting syslog data and modem call records. Important syslog messages will be e-mailed daily to the operations staff.
•Log file management—Collect and archive syslog data from network access servers.
•Web-based management—Navigate devices and enable HTTP access to the CLI.
•AAA—Collect accounting disconnect cause codes and view authentication and authorization failures.
|
Configuration management
|
•SNMP—Use CW2000 RME to archive configuration files, manage Cisco IOS images, determine how much memory is installed, and discover which boot ROMs are present.
•CLI—Inspect and modify Cisco IOS configuration files and images. For example, use the following commands:
–show version
–show running
–show modem version
•AAA authentication—Control access to the routers.
•AAA authorization—Limit CLI command access to router administrators on a per group basis. Authorization is also used for limiting network service assignments, such as static IP addresses and access lists.
•AAA accounting—Monitor which configuration changes are made to the routers and identify who is making the changes. Authenticated usernames also appear in syslog.
|
| |
•Effective IP address management—Manage all assigned IP subnets by using a DNS server and the application Cisco Network Registrar.
•Web-based management—Navigate devices and enable HTTP access to the CLI.
|
Accounting management
|
•Send accounting information to a database that is accessible by Standard Query Language (SQL). Archive user-accounting data for billing and auditing purposes.
•Syslog—Collect basic accounting information by using modem call records.
•CLI—Collect accounting statistics. For example, use the following commands:
–show interface accounting
–show isdn history
–show controller t1 call-counters
–show modem log
–show modem summary
–show modem call-stats
|
Performance management
|
•SNMP—For the initial installation, use MRTG to monitor key Object Identifications (OIDs) in the device MIBs. In the future, use commercial software applications that collect mass scale management data streams for large numbers of access servers.
•CLI—Monitor the performance of the access servers. For example, use the following commands:
–show modem operational-status
–show modem connect-speeds
–show modem summary
–show modem call-stats
•Web-based management—Navigate devices and enable HTTP access to the CLI.
•War Dialer—Test remote client PCs by using a free client simulator.
|
Security management
|
•Authenticate, authorize, and account for dial access clients (modem users) in each POP by using RADIUS.
•Authenticate, authorize, and account for router administrators in the NOC by using TACACS+.
•Review the AAA service security logs.
•Review the AAA server database by using SQL queries.
•CLI—Inspect security information. For example, use the following commands:
–show snmp group
–show access-lists
–show location
–show tacacs
–show radius statistics
–show logging
|
| |
•Web-based management—Navigate devices and enable HTTP access to the CLI.
|
Network Topology
Based on the dial NMS service definition in Table 3, the network engineers at THEnet defined the network topology for the POPs and NOC.
Figure 5 Network Topology for One POP
An intranet WAN connects the two POPs together and routes traffic to the Internet. The NOC collects management data from both POPs.
Figure 6 Network Topology for the NOC
An important design issue to consider is where to send syslog data. If syslog data is sent back to a central site NOC, the syslog data must travel across WAN links. Estimate and monitor how much syslog data is generated by each POP and the impact on the WAN links. Modem call records can add a significant amount of traffic to syslog data.
In this case study, THEnet initially sends syslog data across WAN links to the NOC. The WAN links are designed to support a large network capacity in a metropolitan area. Collecting syslog locally in each POP is a future design consideration.
Hardware Requirements
To design the dial NMS for the two POPs and the NOC, the network engineers at THEnet defined these hardware requirements:
Table 4 Hardware Description for Two POPs and the NOC
Hardware
|
Purpose
|
4 Cisco AS5800 access servers
|
Two access servers in each POP to provide access in to the Internet from the PSTN. Cisco IOS Release 12.0(7)T is installed in each access server.
|
2 backbone gateways
|
Enables management data streams to enter the NOC.
Routes traffic to the intranet WAN and the Internet.
|
2 Cisco 2511 OOB console servers
|
Accesses the console ports in the Cisco AS5800s by using out-of-band (OOB) management lines.
|
3 AAA servers
|
One server in each POP to authenticate, authorize, and account for dial access clients by using RADIUS.
One server in the NOC to authenticate, authorize, and account for router administrators by using TACACS+.
|
1 Cisco PIX firewall
|
Protects the NOC by filtering the devices that can access management services, such as TACACS+, RADIUS, syslog, and SNMP.
|
3 Sun Ultra 10 workstations
|
Operates the dial NMS inside the NOC. Solaris version 2.6 is used.
|
The following capacity-planning calculations were made to determine the number of required lines and Cisco AS5800s for the next five years.
Basic parameters:
•There are 23 available bearer channels per PRI line
•There are 28 PRI lines per T3 card (644 channels)
•Each Cisco AS5800 has two T3 cards
•There are 1288 available bearer channels per dual T3 Cisco AS5800
Table 5 Capacity-Planning Matrix for the Line and Chassis Requirements
Time
|
Busy Hour Ratio
|
Users
Required
|
Lines Required
|
Chassis Calculation
|
AS5800s Required
|
3 months
|
10:1
|
50,000
|
5000
|
5000 lines / 1288 = 3.88 chassis
|
4 AS5800s
|
1 year
|
10:1
|
100,000
|
10,000
|
10,000 lines / 1288 = 7.76 chassis
|
8 AS5800s
|
5 years
|
10:1
|
1,000,000
|
100,000
|
100,000 lines / 1288 = 77.64 chassis
|
78 AS5800s
|
These calculations in Table 5 are based on a PRI system integration—not a system signalling 7 (SS7) integration.
For each POP site, also plan for the following elements:
•Power, space, and cooling for each Cisco AS5800
•Required number of AAA servers
•Required number of Cisco 2511s (OOB ports)
•WAN link capacity
Software Requirements
To design the dial NMS inside the NOC, the network engineers at THEnet identified these software and management system requirements:
Table 6 Dial NMS Software and Management System Requirements
Software and Management Systems
|
Purpose
|
UCD-SNMP
|
Uses CLI-based SNMP freeware to explore the SNMP MIBs and OIDs that are useful for operating a dial network.
|
Multi Router Traffic Grapher (MRTG), version 2.8.12
|
Monitors and graphs the traffic load on the network.
|
Web-based management
|
Manages a network by using light-weight NMS tools (LWT).
A LWT is light on:
•Budget
•Staff support
•Course requirements
•GUI requirements
THEnet requires the following LWTs:
•Device Navigator—A web page that links network devices together.
•Cisco IOS Command Center—A web page that provides HTTP access to the CLI.
•Log File Rotator—A freeware script that archives, sorts, and deletes syslogs.
•Modem Call Record Viewer—A tool that enables you to view modem records and syslogs on a web page.
|
HP OpenView (HPOV) Network Node Manager Release 5.0
|
Creates the SNMP framework for the dial NMS and identifies what is breaking in the network.
|
CiscoWorks 2000, maintenance release 2
Resource Manager Essentials (RME), version 2.2
|
Archives configuration files, upgrades the Cisco IOS, determines how much memory is installed, and discovers what boot ROMs are present.
You can install HPOV and CW2000 RME on the same Sun workstation—without conflicts.
|
CiscoSecure Unix, version 2.3(3)
|
•Authenticates, authorizes, and accounts for dial access clients in each POP by using RADIUS.
•Authenticates, authorizes, and accounts for router administrators in the NOC by using TACACS+.
•Uses AAA accounting records to collect performance data, fault data, and track router configuration changes.
|
War Dialer
|
Runs performance tests by using a dial simulator and client PCs.
|
Configuration Design Parameters
Before THEnet can implement and operate the dial NMS, several design parameters must be defined by the network engineers and operators.
Each dial POP requires enough IP address space for the POP to grow to its maximum size. For THEnet, each POP must support up to 50,000 lines. Therefore, an entire class B network is initially assigned to each POP.
Figure 7
IP Subnetting Diagram for the THEnet
To simplify IP address management, each POP uses a similar IP subnetting plan.
Table 7 IP Subnetting Plan for POP #1 and POP #2
Network Name
|
Assigned IP Subnet
|
Description
|
POP #1
|
172.21.0.0/16
|
Class B IP subnet assigned to POP #1.
|
POP #2
|
172.22.0.0/16
|
Class B IP subnet assigned to POP #2.
|
NOC
|
172.23.10.0/24
|
Class C IP subnet assigned to the NOC.
|
Access
|
172.21.101.0/24
172.21.102.0/24
172.22.101.0/24
172.22.102.0/24
|
Primary and secondary class C access Ethernet subnets. All the access devices in each POP are directly connected to these subnets.
|
DeviceID
|
172.21.10.0/24
172.22.10.0/24
|
Identifies each Cisco IOS device with a unique, fixed, and stable loopback IP address for network management purposes.
One IP address is assigned to the loopback 0 interface of each Cisco IOS device.
One IP address block is used to simplify IP-security filtering at the NOC. This technique protects the NOC from devices that should not access management services, such as TACACS+, RADIUS, syslog, and SNMP.
|
IP pool
|
172.21.103.0/24
172.21.104.0/22
172.22.103.0/24
172.22.104.0/22
|
Hosts a pool of IP addresses for the dial access clients with modems.
This IP assignment provides 1280 IP addresses to each POP. The access servers create the IP routes to support the IP pools.
Few IP routes are summarized to the backbone instead of advertising 1280 host routes.
|
Table 8 SNMP Community Strings Used at THEnet
Community Strings
|
Purpose
|
5urf5h0p
|
Assigns a read-only (RO) community string to enable SNMP polling and SNMP get requests.
|
5crapmeta1
|
Assigns a read-write (RW) community string to enable router configuration changes.
|
Caution Do not use "public" or "private" strings, which are well known in the industry, are common hardware defaults, and invite attacks from hackers—regardless if you use filters. To maximize security, choose community strings that are not associated with your personal life or company.
The information in Table 9 is posted and maintained on web-based management pages. Easy access to this information reduces network downtime.
Table 9 T1 Support Management Information at THEnet
T1 Dial-in Number
|
Circuit ID
|
Support Contract
|
Contact Phone Number
|
512-111-2222
|
72ABCA047006-001PT
|
ABC
|
512-555-1212
|
512-333-4444
|
72ABCA047006-002PT
|
DEF
|
512-555-1212
|
Implementation and Operation Tasks
THEnet implements and operates the dial NMS in two phases:
•Phase A—Exploring and setting up basic dial NMS functions by using free management software and light-weight NMS tools:
Task 1—Enabling SNMP in a Cisco IOS Device
Task 2— Exploring SNMP Capabilities by Using UCD-SNMP
Task 3—Using MRTG to Monitor and Graph Traffic Loads
Task 4—Using Syslog, NTP, and Modem Call Records to Isolate and Troubleshoot Faults
Task 5—Setting Up a Web Portal for the Dial NMS
•Phase B—Monitoring and maintaining basic dial NMS functions by using commercially available management systems:
Task 6—Managing IP Addresses by Using DNS
Task 7—Using HP OpenView to Create the SNMP Framework
Task 8—Using CiscoWorks 2000 Resource Manager Essentials
Note Providing information for integrating high-end management systems is beyond the scope of this case study.
The examples in this document are taken from a Sun Microsystems workstation running Solarus 2.6. Some commands and filenames may vary slightly on other Unix systems, such as Linux and HP UX.
Feedback
