Tải bản đầy đủ - 0 (trang)
Chapter 10.  Managing IPv6 Networks

Chapter 10.  Managing IPv6 Networks

Tải bản đầy đủ - 0trang

IPv6NetworkManagement:TheChallenges

Thechallengefacingserviceproviders(SPs),originalequipment

manufacturers,softwarevendors,andintegratorsistodevelop

robustapplicationsthatcanperformvariousnetworkmanagementoperationsinachanging,multivendor,

multiplatformnetwork.

IntroducingIPv6networkservicesraisesakeychallengetothe

network-managementandsystemsoperationssupportsystems

(NMS-OSS)architects:copingwiththetechnicaldifferences

betweenIPv4andIPv6technologies.Newchallengesrelatedto

networkaddressing,usability,andnetworkaccesshavetobe

dealtwithwhenIPv6isdeployed.

Forinstance,IPv6addressesareawkwardlylongandunsightly.

Userswillneitherliketoseelongstringssuchas

2001:100:1234:5678:AB12:CD34:1121:2301norwilltheybe

abletoeasilyrecallthem,letalonetypethem!

Furthermore,IPv6addressescanchangedynamicallybecause

offeaturessuchasrenumbering,privacymechanisms,and

autoconfiguration.Dealingwithdynamicaddressesisnot

somethingnewfornetwork-managementsystems(NMSs)when

itcomestomanaginghosts.Itis,however,abiggerissuewith

IPv6becausedynamicaddressallocationcanhappenoutsidea

centralizedplace(suchasstatefulDynamicHostConfiguration

Protocol[DHCP]server),deprivingtheNMSofaconvenient

centralrepositoryofactivehostsaddresses.

Fromtheuserperspective,theIPv6servicesbringupquestions

thatrevolvearoundeaseofuse.HandlingthelargeIPv6

addressesiscumbersome,sotheuseofDomainNameSystems

(DNS)becomesmoreimportantforIPv6deployments.The

guidelineisforapplicationstousejusthostnames,whichare

userfriendly,andtheDNScantakecareofrenumberingand



fallback.

AnotherchallengeformanagingIPv6relatestointegrationwith

IPv4networkmanagement:Howshouldoperatorsmanage

parallelIPv4andIPv6servicesandresources,becauseIPv4and

IPv6areexpectedtocoexistfortheforeseeablefuture?

IPv6andIPv4network-managementconcepts,requirements,

andissuesaremuchalike.Thismakesthechallengeseasierto

tackle.ThetoolsandapplicationsnecessarytomeettheIPv6

network-managementrequirementsarethereforemostly

identicaltotheIPv4ones.Inmostcases,managingIPv6will

entailprovidingproperIPv6supportwithinexisting

managementtools,properdataavailabilityfromIPv6-enabled

devices,andIPv6-enabledcommunicationschannelsbetween

thetwo.



AllocatingIPv6AddressestoManagedNodes

Chapter2,"AnIPv6Refresher,"inthesection"IPv6

Addressing,"reviewsthemainIPv6addresstypes:unicast

(link-local,unique-local,global),multicast,andanycast.Italso

emphasizesthefactthatmultipleaddressesconfiguredonan

interfacearecommonandexpectedwithIPv6.ForanNMSto

communicatewithanIPv6node,itislikelythatglobalunicast

addresses(couldbeunique-local)willbeusedtomanageall

networkelementsfromacentrallocation.Thenetworkoperator

hasmultipleoptionsinselectingthemechanismtoassignglobal

addressestonodes:staticconfiguration,autoconfiguration,

statefulorstatelessDHCPv6,oracombinationof

autoconfigurationwithstatelessDHCPv6.

Fromanetwork-managementstandpoint,however,notallthe

configurationmethodsareequallypractical.

Staticaddressconfiguration,forinstance,isratherprohibitivein



large-scalenetworks.Theformat,thesize,andthecomplexity

ofIPv6addressestendtomakeitworse.Itisnotascalable

option,especiallywhenconsideringthefactthatrenumberingis

afactoflifeinanetwork.Nevertheless,onnetworkingdevices

andapplicationservers,itisrecommendedtoassignastatic

addressthatwillbeknownfromtheNMS.Incaseofhardware

changes,theconfigurationcanbereloadedinthenewbox

withoutchangeontheNMStomanageit.

Statelessautoconfigurationisanattractivealternativeforhosts.

However,itsunpredictabilitymightbeaconcern.Uponreceiving

multiplerouteradvertisements(RAs)fromon-linkrouters,a

hostbuildsmultipleaddresses,andthenetwork-management

stationhasahardtimefiguringoutwhichonetouse(seethe

section"TopologyManagement"forfurtherdetails)toreachthe

host.Thismaynotbeanissueforunmanagedhostssuchas

desktopandlaptops.

AlthoughstatefulDHCPprovesquiteusefulwithIPv4inhelping

theNMStolearnnodeaddresses,statefulDHCPv6isnotwidely

availableoncommercialIPv6stacks(atthetimeofthis

writing).Itis,however,availableonCiscoNetworkRegistrar

(CNR)6.2andreviewedinthesection"Configurationand

ProvisioningManagement."



IntegratingIPv6andIPv4NetworkManagement

ManagingIPv6nodesfromtheNMSrequiresthefollowing

elements:

InstrumentationonIPv6-enableddevicestodeliverIPv6

network-managementdata

TransportofthedatabetweentheIPv6deviceandNMS,

usingIPv4orIPv6



NMSapplicationcapabilitytohandle/analyze/presentthe

data

Ifnetwork-managementinformationtransportisnotsupported

overIPv6,IPv4NMSapplicationscouldmanagetheIPv6

devicesjustlikeanyotherIPv4deviceaslongastheyhave

IPv4reachabilityfromthenetwork-managementplatform.

Asamajorevolutionarystep,IPv6introducesnumerous

mechanismsandfeaturesintheareaoftransitioningand

coexistencewithIPv4,includingtunnelingmechanisms(manual

andautomatic),IPv6overMPLS(6PEand6VPE),and

translationmechanisms(NAT-PT).Allthesemechanismsare

reviewedatlengthinChapter3,"DeliveringIPv6Unicast

Services,"andChapter7,"VPNIPv6ArchitectureandServices."

Althoughtheyhelpthecoexistenceofthetwoprotocols,the

transitionmechanismsraisenewchallengesfortheNMS.

Whentunnelsortranslationmechanismsaredeployedonthe

pathfromtheNMStotheIPv6devices,theNMSmustbe

providedwiththecapabilitytotraversethosetunnels.Itmight

meanthattheNMSsupportssomeofthetransitioning

mechanisms,mostspecificallythoseusedbyhosts(ISATAP,

Teredo,andsoon).

TopologydiscoveryisanotherareaofconcernwithIPv6.The

sizeoftheIPv6addressesaswellastherandomizationinsome

casesofaddressassignmentmakesitimpossibleforanNMSto

scanthecompleteprefixrangeforactivehosts.Atthesame

time,link-localsareoftentheonlyaddressesreportedfrom

neighborcaches,makingthetopologydiscoveryatrue

challenge.Inpractice,topologydiscoveryofIPv6networksis

likelytorelyonIPv4,orbedrivenbymanualconfigurations.

Inthemajorityofthedeployments,IPv6isexpectedtocoexist

withIPv4,nottoreplaceit.Thiscomesatthecostofadditional

networkoperationcomplexity.Tominimizethisextra



complexity,networkoperatorsmightchoosetostickwithdualstackdevices,managedoveranIPv4transport,usinggeneric

(IPv4andIPv6)managementobjects.ItisanIPv6transition

guidelinethatwheneveranodeisnotreachablethroughIPv6,

thereshouldbeafallbackmechanismtocontactitthrough

IPv4.



Note

Minimizingnetwork-managementcomplexityisa

biggerobjectivethanitappears,anditcanimpact

thenetworkdesignitself.Forinstance,someSPs

haveexpressedapreferenceforanIPv6overIPv4

tunnelnetworkdesign(seeChapter3fordetails)

overdeployingnativeIPv6toreduceoperatingcosts

suchasnetworkmanagement.



Dual-stackdevicesappeartoofferapracticaloptionfor

managingIPv6.Thetypeofmanagedobjectsandtheprotocol

usedtotransporttheinformationareindependent.For

instance,SimpleNetworkManagementProtocol(SNMP)canrun

overIPv4orIPv6andreportIPv4orIPv6Management

InformationBases(MIBs).IPv6configurationmanagementor

IPv6topologymanagementcanbeoperatedoverIPv4with

minimumchangesinthetoolsandintheoperatorhabits.







Network-ManagementArchitecture

Network-managementarchitecturesomewhatfollowsthe

networkarchitecturethatwasdefinedinChapter3:

LAN/enterprisenetwork(site),access,aggregation,andcore.

Eachofthesenetworklayerscanidentifyanetworkmanagementdomain.Often,eachdomainisunderadifferent

administrationgroup.InFigure10-1,networkcore,

aggregation,andedgeareunderasingleSPresponsibility,and

managedasasingleentity.Theaccessnetworkandeach

remotesitearemanagedseparately.



Figure10-1.Network-ManagementArchitecture



[Viewfullsizeimage]



Eachdomainisunderthecontrolofanoperationsupport

organization.Thisorganizationmanagesthenetworkwiththe

helpofanetwork-managementintegratedsystem(seethe

section"ManagementPlatforms"),asetof"individual"tools,or

acombinationofthetwo.

Network-managementfunctionsaredetailedinthe"FCAPS"

frameworkspecifiedbytheITU'sTelecommunications

ManagementNetwork(TMN)asfollows:

FaultmanagementThegoalistodetect,report,notify



usersof,troubleshoot,and(totheextentpossible)

automaticallyfixnetworkproblemstokeepthenetwork

runningeffectively.Faultmanagementencompassesseveral

keysubservices:

-TrafficmonitoringItspurposeistogathertraffic

statisticsandtriggeralertswhenanomaliesare

detected.Severaltoolscanprovidethisservicetoday

withIPv6;forinstance,CiscoNetFlowCollector(NFC),

CiscoNetworkAnalysisModule(NAM),Argus,and

Nagios.

-TopologymonitoringThegoalistoperformnetwork

topologydiscovery,andtomonitornetworkresources

suchasinterfaces,links,nodes,networks,andsoon.

ManytoolscanprovidethisserviceinIPv6today:HPOV,CiscoView,Weathermap,andsoon.

-RoutingmanagementThegoalistoprovide

surveillanceoftheroutingtablesthroughoutthe

network.ASpath-tree,forinstance,willprovidethis

supportforIPv6BorderGatewayProtocol(BGP)tables.



PerformancemanagementThegoalistomeasureand

makeavailablevariousaspectsofnetworkperformance

(networkthroughput,userresponsetimes,andline

utilization).CiscoIOSIPservicelevelagreements(IPSLAs,

formerlyServiceAssuranceAgent[SAA]),forinstance,can

achievethisserviceoverIPv6todaywiththehelpofan

IPv4overIPv6tunnel.Servicescanbemonitored,too,such

asHTTP,FTP,RADIUS,DHCP,DNS,andanyintelligentagent

suchasCiscoIOSAgent.

ConfigurationmanagementThegoalistomonitor

networkandsystemconfigurationinformationsothatthe

impactofvariousversionsofhardwareandsoftware



elementscanbetrackedandmanaged.TypicalIPv6enabledtoolsareCiscoWorksRME,HP-OpenView,and

RANCID.

AccountingmanagementThegoalistomeasureresource

utilizationparameterssothatindividualorgroupuseson

thenetworkcanberegulatedandbilledappropriately.

Trafficmonitoring,mentionedpreviously,andassociated

IPv6tools(NFC,NAM,Argus,andsoon)canbeusedfor

thispurpose.

SecuritymanagementThegoalistocontrolaccessto

networkresourcesaccordingtopoliciessothatthenetwork

cannotbesabotaged(intentionallyorunintentionally)and

sensitiveinformationcannotbeaccessedbythosewithout

appropriateauthorization.

Dependingonthemanageddomain,thechoiceofmanagement

toolsvaries,eventhoughmanagementflowsdoexistbetween

entities(asshowninFigure10-1).Integratedmanagement

platformsarethenorminthecoremanagementdomain,

typicallyHP-OVcoupledwithCiscoWorks.AvailabilityofIPv6

supportontheseNMSsbecomesakeyrequirementfor

deployingIPv6inthecore.Onthesite-managementdomain,

dependingonthesizeofthesite,thesameNMSplatformsor

more-discretetoolsmayapply.Nagios,forinstance,provides

someIPv6supportformanaginghostsandroutersinaLAN.

Manytraffic-andperformance-monitoringtoolswithIPv6

supportarenowavailableforuseinthistypeofenvironment.

Allthesetoolsandtheirapplicabilitydomainarereviewedinthe

subsequentsections.







RetrievingInformationfromRoutersand

Switches

YoucanretrieveinformationfromIPv6devicesinmanyways,

andtheyarethesameasforIPv4:

SNMPandMIBs

NetFloworIPfix

Connectiontothedeviceandexecutionoflocallyavailable

commands

Specificapplicationscanprovideadditionalinformation:

ping,traceroute,andsoon.



SNMPandMIBs

TheSimpleNetworkManagementProtocol(SNMP)isarequestreply-basedprotocolrunningoverUDP(ports161and162),

althoughTCPoperationisalsopossible.SNMPisusedbythe

NMStoaccessormodifydatainthemanageddevicesvia

objectscalledManagementInformationBases(MIBs).AMIBis

ahierarchyofinformationthatdescribesanSNMP-manageable

object.Eachobjectisassociatedwithauniqueobjectidentifier

descriptor(OID).TheMIBisorganizedasatree;theleafsare

theobjectinstancesrepresentingaresource(interfaceaddress,

interfacename,event,andsoon).MIBsareeitherstandard

(describedinRFCs)orenterprisespecific.Giventherelatively

slowprogressofIPv6MIBdefinitions,alargenumberof

enterprise-specificMIBshavebeenpublished,includingseveral

Ciscoones.



SNMPisanasymmetricprotocol,operatingbetweena

managementstationandanagent,thedevicebeingmanaged.

Typically,theagentisarouteroraswitchthatimplementsa

fewsimplepackettypesandagenericget-or-setfunctiononits

MIBvariables.Themanagementstationprovidestheuser

interface.SimplemanagementstationscanbebuiltwithUNIX

command-lineutilities.Morecomplex(andexpensive)ones

collectMIBdataovertimeandusegraphicaluserinterfaces

(GUIs)todrawnetworkmaps.

AnSNMPoperationtakestheformofaprotocoldataunit

(PDU).Version1SNMPsupportsfivepossiblePDUs:

GetRequest/SetRequestsuppliesalistofobjectsand,

possibly,valuestheyaretobesetto.

GetResponseinformsthemanagementstationofthe

resultsofaGetRequestorSetRequest.

GetNextRequestisusedtoperformtabletransversal.

TrapistheonlyPDUsentbyanagentonitsowninitiative.

Itisusedtonotifythemanagementstationofanunusual

event.

SNMPversion2(SNMPv2)isanevolutionoftheSNMPv1.

SNMPv2introducestwonewoperations:GetBulkandInform.

TheGetBulkoperationisusedtoretrievelargeblocksofdata.

TheInformoperationallowstwoSNMPentitiestoexchange

acknowledgedinformation.SNMPversion3(SNMPv3)adds

securityandremote-configurationcapabilities.

TherearetwodistinctaspectsforsupportingIPv6SNMP:the

transportofSNMPprotocoloverIPv6andtheIPv6MIBs

support.



Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Chapter 10.  Managing IPv6 Networks

Tải bản đầy đủ ngay(0 tr)

×