Network Management: Getting Started

When it comes to managing your network devices, there are some bare minimum tasks that must be completed. Network management is all about collecting information that can be used to monitor the network to ensure uptime, detect outages/performance degradation, and aid in troubleshooting when problems arise. In this article, I'll describe fundamental best practices you can implement in order to streamline, secure, and improve your overall network management capabilities.

Device logging

Informational and error logs produced by network devices contain a wealth of information that can be useful for troubleshooting, identifying malicious behavior, and everyday maintenance work. While you can enable and view logs on each local device, it's far more efficient to send all network device logs to a centralized syslog server. By doing so, you can set up alerts to notify you about uplinks going down, routing changes, flapping ports, and other faults.

A centralized logging server also allows you to maintain log data much longer. This is incredibly useful when troubleshooting intermittent problems or when investigating potential network/data breaches that may have occurred weeks or months prior. In order for the collected log information to be the most useful, it's critical that you implement the Network Time Protocol (NTP) on each and every device you are receiving log data from. This guarantees that the timestamps of the logs are accurate across the network.

SNMP monitoring

The Simple Network Management Protocol (SNMP)  communicates device status information to a centralized SNMP server through the use of polling and traps. An SNMP server gets most of its information regarding network devices by polling each network component every minute or so. Network equipment information that's commonly collected includes interface up/down, bandwidth utilization, and power supply/fan status. This information is stored on the server and can be graphed over time to show things such as congested interfaces, faulty hardware or environmental problems such a high temperature. SNMP has been around for decades.

networkmgtbasics.jpg

Over time, the SNMP protocol has been learning a few tricks. SNMPv3 is really the only version that should be implemented on your network today because it forces authentication between the device and server. Additionally, all data sent from the monitored device to the monitoring server is encrypted.

Authentication, authorization, and accounting

AAA is the universal term for authentication, authorization and accounting. Authentication is important for network management because it verifies who is accessing the system. Authentication of users who manage network equipment can be configured locally on each network component, but it's better to use  RADIUS or LDAP authentication instead. By centralizing user authentication, it makes it easier to add and remove user access as well as enforce company-wide password policies.

Authorization is what an authenticated user has the rights to actually manage. Some administrators may only require read-only access to network equipment. Others may be allowed to make some configurations, but not others. A few network administrators will likely require full authorization access. Limiting authorization helps further tighten control of changes on the network.

Last, accounting is the ability to maintain a record of things such as what changes were made to network devices, when the changes were made, and who made them. If a mysterious outage occurs and you think it may have been due to a misconfiguration, accounting makes it easy to go back and correlate an outage to any changes made.

Management-access methods

From a security perspective, make sure to disable access that is considered to be insecure. For example, many network devices such as routers and switches allow management through the use of the Telnet protocol. But as most of us know, Telnet communications is transmitted in clear text and can be easily intercepted. Because of this, it's wise to completely disable Telnet access to all network devices. Instead, use SSH for remote command-line access. Or even better, make sure you specify SSH version 2 as it's more secure than version 1.

And just because you have multiple methods to manage network devices, it doesn't mean you need to use them all. If you only manage your firewalls using command line via SSHv2, then by all means, feel free to disable any HTTP/HTTPS management that is used for GUI access.

Processes and tools

If you're new to the world of network management, following these tips should head you in the right direction in terms of streamlining and securing the management of the dozens, hundreds or even thousands of network components for which you are responsible. Enabling/disabling the different services and protocols mentioned above is fairly universal across all networking vendors and products.

You will also find that a few key network management tools -- such as a syslog and SNMP server -- can go a long way towards simplifying your management processes. Once you take care of the basics, you may soon find that you're ready to take advantage of more sophisticated network performance monitoring (NPM) tools, of which there are many.