![Page 1: OR WHERE DID ALL THIS TRAFFIC COME FROM ... - O+P OSS · PDF fileBasics SNMP - Simple Network Management Protocol RFC - 1157, 1187 2011, 2012, 2013 - v2 3372 - v3 MIB - Management](https://reader031.vdocuments.mx/reader031/viewer/2022030502/5aae9a177f8b9a190d8c5176/html5/thumbnails/1.jpg)
NETWORK TRAFFIC ANALYSISAT THE 20,000 FOOT LEVEL
OR
WHERE DID ALL THIS TRAFFICCOME FROM
Henry SteinhauerHewitt Associates
Lincolnshire, IL, U.S.A
Background
Basics
Tool Found
Implement
Results
Overview -
![Page 2: OR WHERE DID ALL THIS TRAFFIC COME FROM ... - O+P OSS · PDF fileBasics SNMP - Simple Network Management Protocol RFC - 1157, 1187 2011, 2012, 2013 - v2 3372 - v3 MIB - Management](https://reader031.vdocuments.mx/reader031/viewer/2022030502/5aae9a177f8b9a190d8c5176/html5/thumbnails/2.jpg)
Network Monitoring Needs• Central Location
• Polling based
• NetView 6000
• High Bandwidth Usage caused by monitoring devices over the WAN
• Limited audience - Tied to RS/6000
BACKGROUND-
RFC - SNMP - MIB - OID
RFC - Request for Comment• RFC 2235 - Internet Timeline
• e-mail to nis-info @ nis.nsf.net
— send rfc2235.txt
— nis-info will send it back
Basics
![Page 3: OR WHERE DID ALL THIS TRAFFIC COME FROM ... - O+P OSS · PDF fileBasics SNMP - Simple Network Management Protocol RFC - 1157, 1187 2011, 2012, 2013 - v2 3372 - v3 MIB - Management](https://reader031.vdocuments.mx/reader031/viewer/2022030502/5aae9a177f8b9a190d8c5176/html5/thumbnails/3.jpg)
Basics
SNMP - Simple Network Management Protocol
RFC - 1157, 1187
2011, 2012, 2013 - v2
3372 - v3
MIB - Management Information Base
Each managed device has a Database for items
These are Counters, Information, Status, etc
Basics
![Page 4: OR WHERE DID ALL THIS TRAFFIC COME FROM ... - O+P OSS · PDF fileBasics SNMP - Simple Network Management Protocol RFC - 1157, 1187 2011, 2012, 2013 - v2 3372 - v3 MIB - Management](https://reader031.vdocuments.mx/reader031/viewer/2022030502/5aae9a177f8b9a190d8c5176/html5/thumbnails/4.jpg)
OID - Object Identifier
How SNMP Obtains information from the MIB
1.3.6.1.4 - OID for SNMP information
1.3.6.1.2.1.2.2.1.10 / 16 - Input / Output Bytes
Also known as ifInOctets / ifOutOctets
Basics
NetView/6000
Bay Routers
IBM Switches
Token Ring
Some E100 Switches
Main Platform
![Page 5: OR WHERE DID ALL THIS TRAFFIC COME FROM ... - O+P OSS · PDF fileBasics SNMP - Simple Network Management Protocol RFC - 1157, 1187 2011, 2012, 2013 - v2 3372 - v3 MIB - Management](https://reader031.vdocuments.mx/reader031/viewer/2022030502/5aae9a177f8b9a190d8c5176/html5/thumbnails/5.jpg)
Long Delay for data gathering
Constant changing platforms
Too Much Management Issues
Needed something Simpler
Reason for Change
Multi Router Traffic Grapher - MRTG
url
GNU - GNU is not Unix Software - Public Use
UNIX - NT - Anything that can run Perl
Web Search - MRTG
![Page 6: OR WHERE DID ALL THIS TRAFFIC COME FROM ... - O+P OSS · PDF fileBasics SNMP - Simple Network Management Protocol RFC - 1157, 1187 2011, 2012, 2013 - v2 3372 - v3 MIB - Management](https://reader031.vdocuments.mx/reader031/viewer/2022030502/5aae9a177f8b9a190d8c5176/html5/thumbnails/6.jpg)
Bay Routers - 20+ interfaces on some
Servers - 2 Interfaces each
What we needed to Monitor
Do Something
Conclusion
![Page 7: OR WHERE DID ALL THIS TRAFFIC COME FROM ... - O+P OSS · PDF fileBasics SNMP - Simple Network Management Protocol RFC - 1157, 1187 2011, 2012, 2013 - v2 3372 - v3 MIB - Management](https://reader031.vdocuments.mx/reader031/viewer/2022030502/5aae9a177f8b9a190d8c5176/html5/thumbnails/7.jpg)
MRTG
How to invoke
Any WEB Browser Tool
(I.E. or Netscape)
Internal Web Site - No Dialer needed
Address - MRTG
MRTG - Index Page
![Page 8: OR WHERE DID ALL THIS TRAFFIC COME FROM ... - O+P OSS · PDF fileBasics SNMP - Simple Network Management Protocol RFC - 1157, 1187 2011, 2012, 2013 - v2 3372 - v3 MIB - Management](https://reader031.vdocuments.mx/reader031/viewer/2022030502/5aae9a177f8b9a190d8c5176/html5/thumbnails/8.jpg)
MRTG Region Information
MRTG - Detail
![Page 9: OR WHERE DID ALL THIS TRAFFIC COME FROM ... - O+P OSS · PDF fileBasics SNMP - Simple Network Management Protocol RFC - 1157, 1187 2011, 2012, 2013 - v2 3372 - v3 MIB - Management](https://reader031.vdocuments.mx/reader031/viewer/2022030502/5aae9a177f8b9a190d8c5176/html5/thumbnails/9.jpg)
MRTG
MRTG- Typical Notes Replication
Replicate each Hour -
Red line shows CIR
![Page 10: OR WHERE DID ALL THIS TRAFFIC COME FROM ... - O+P OSS · PDF fileBasics SNMP - Simple Network Management Protocol RFC - 1157, 1187 2011, 2012, 2013 - v2 3372 - v3 MIB - Management](https://reader031.vdocuments.mx/reader031/viewer/2022030502/5aae9a177f8b9a190d8c5176/html5/thumbnails/10.jpg)
MRTG - Notes Install
First Week of Install - Setup Databases - Impact
MRTG - Notes Install
History shows the way it was.
![Page 11: OR WHERE DID ALL THIS TRAFFIC COME FROM ... - O+P OSS · PDF fileBasics SNMP - Simple Network Management Protocol RFC - 1157, 1187 2011, 2012, 2013 - v2 3372 - v3 MIB - Management](https://reader031.vdocuments.mx/reader031/viewer/2022030502/5aae9a177f8b9a190d8c5176/html5/thumbnails/11.jpg)
Questions ?