Computer Networking: A Top-Down Approach Featuring the Internet Chapter 9 -- 8.3: The Internet Network-Management Framework

8.3: The Internet Network-Management Framework

Contrary to what the name SNMP (Simple Network-Management Protocol) might suggest, network management in the Internet is much more than just a protocol for moving management data between a management entity and its agents, and has grown to be much more complex than the word "simple" might suggest. The current Internet Standard Management Framework traces its roots back to the Simple Gateway Monitoring Protocol, SGMP [RFC 1028]. SGMP was designed by a group of university network researchers, users, and managers, whose experience with SGMP allowed them to design, implement, and deploy SNMP in just a few months [Lynch 1993]--a far cry from today's rather drawn-out standardization process. Since then, SNMP has evolved from SNMPv1 through SNMPv2 to the most recent version, SNMPv3 [RFC 2570], released in April 1999.

When describing any framework for network management, certain questions must inevitably be addressed:

What (from a semantic viewpoint) is being monitored? And what form of control can be exercised by the network administrator?
What is the specific form of the information that will be reported and/or exchanged?
What is the communication protocol for exchanging this information?

Recall our human organizational analogy from the previous section. The boss and the branch managers will need to agree on the measures of activity, productivity, and budget used to report the branch office's status. Similarly, they'll need to agree on the actions the boss can take (for example, cut the budget, order the branch manager to change some aspect of the office's operation, or fire the staff and shut down the branch office). At a lower level of detail, they'll need to agree on the form in which this data is reported. For example, in what currency (dollars, euros?) will the budget be reported? In what units will productivity be measured? While these are trivial details, they must be agreed upon, nonetheless. Finally, the manner in which information is conveyed between the main office and the branch offices (that is, their communication protocol) must be specified.

The Internet Network-Management Framework addresses the questions posed above. The framework consists of four parts:

Definitions of network-management objects known as MIB objects. In the Internet network-management framework, management information is represented as a collection of managed objects that together form a virtual information store, known as the Management Information Base (MIB). An MIB object might be a counter, such as the number of IP datagrams discarded at a router due to errors in an IP datagram header; or the number of carrier sense errors in an Ethernet interface card; descriptive information such as the version of the software running on a DNS server; status information such as whether a particular device is functioning correctly or not; or protocol-specific information such as a routing path to a destination. MIB objects thus define the management information maintained by a managed node. Related MIB objects are gathered into so-called MIB modules. In our human organization analogy, the MIB defines the information conveyed between the branch office and the main office.
A data definition language, known as SMI (Structure of Management Information) that defines the data types, an object model, and rules for writing and revising management information. MIB objects are specified in this data definition language. In our human organizational analogy, the SMI is used to define the details of the format of the information to be exchanged.
A protocol, SNMP, for conveying information and commands between a managing entity and an agent executing on behalf of that entity within a managed network device.
Security and administration capabilities. The addition of these capabilities represents the major enhancement in SNMPv3 over SNMPv2.

The Internet network-management architecture is thus modular by design, with a protocol-independent data-definition language and MIB, and an MIB-independent protocol. Interestingly, this modular architecture was first put in place to ease the transition from an SNMP-based network management to a network-management framework being developed by the International Organization for Standardization (ISO), the competing network-management architecture when SNMP was first conceived--a transition that never occurred. Over time, however, SNMP's design modularity has allowed it to evolve through three major revisions, with each of the four major parts of SNMP discussed above evolving independently. Clearly, the right decision about modularity was made, if even for the wrong reason!

In the following four subsections, we cover the four major components of the Internet network-management framework in more detail.

8.3.1: Structure of Management Information: SMI

The Structure of Management Information, SMI (a rather oddly named component of the network-management framework whose name gives no hint of its functionality), is the language used to define the management information residing in a managed-network entity. Such a definition language is needed to ensure that the syntax and semantics of the network-management data are well-defined and unambiguous. Note that the SMI does not define a specific instance of the data in a managed-network entity, but rather the language in which such information is specified. The documents describing the SMI for SNMPv3 (which rather confusingly, is called SMIv2) are [RFC 2578; RFC 2579; RFC 2580]. Let us examine the SMI in a bottom-up manner, starting with the base data types in the SMI. We'll then look at how managed objects are described in SMI, and then how related managed objects are grouped into modules.

SMI Base Data Types

RFC 2578 specifies the basic data types in the SMI MIB module-definition language. Although the SMI is based on the ASN.1 (Abstract Syntax Notation One) [ISO 1987; ISO X.680 1998] object-definition language (see Section 8.4), enough SMI-specific data types have been added that SMI should be considered a data-definition language in its own right. The 11 basic data types defined in RFC 2578 are shown in Table 8.1. In addition to these scalar objects, it is also possible to impose a tabular structure on an ordered collection of MIB objects using the SEQUENCE OF construct; see RFC 2578 for details. Most of the data types in Table 8.1 will be familiar (or self-explanatory) to most readers. The one data type we will discuss in more detail shortly is the OBJECT IDENTIFIER data type, which is used to name an object.

Table 8.1: Basic data types of the SMI

Data type Description

INTEGER 32 bit integer, as defined in ASN.1, with a value between -2^31 and 2^31-1 inclusive, or a value from a list of possible named constant values

Integer 32 32 bit integer with a value between -2^31 and 2^31-1 inclusive

Unsigned 32 Unsigned 32 bit integer in the range 0 to 2^23-1 inclusive

OCTET STRING ASN.1-format byte string representing arbitrary binary or textual data, up to 65535 bytes long

OBJECT IDENTIFIER ASN.1-format administratively assigned (structured name); see Section 8.3

IPaddress 32-bit Internet address, in network byte order

Counter32 32-bit counter that increases from 0 to 2^32-1 and then wraps around to 0.

Counter64 64-bit counter

Gauge32 32-bit integer that will not count above 2^31-1 nor decrease beyond 0 when increased or decreased

TimeTicks Time, measured in 1/100th of seconds since some event

Opaque Uninterrupted ASN.1 string, needed for backward compatibility

SMI Higher-Level Constructs

In addition to the basic data types, the SMI data-definition language also provides higher-level language constructs.

The OBJECT-TYPE construct is used to specify the data type, status, and semantics of a managed object. Collectively, these managed objects contain the management data that lie at the heart of network management. There are nearly 10,000 defined objects in various Internet RFC's [RFC 2570]. The OBJECT-TYPE construct has four clauses. The SYNTAX clause of an OBJECT-TYPE definition specifies the basic data type associated with the object. The MAX-ACCESS clause specifies whether the managed object can be read, be written, be created, or have its value included in a notification. The STATUS clause indicates whether object definition is current and valid, obsolete (in which case it should not be implemented, as its definition is included for historical purposes only) or deprecated (obsolete, but implementable for interoperability with older implementations). The DESCRIPTION clause contains a human-readable textual definition of the object; this "documents" the purpose of the managed object and should provide all the semantic information needed to implement the managed object.

As an example of the OBJECT-TYPE construct, consider the ipInDelivers object type definition from RFC 2011. This object defines a 32-bit counter that keeps track of the number of IP datagrams that were received at the managed node and were successfully delivered to an upper-layer protocol. The final line of this definition is concerned with the name of this object, a topic we will consider in the following section.

ipInDelivers OBJECT-TYPE

   SYNTAX Counter32

   MAX-ACCESS read-only

   STATUS current

   DESCRIPTION

            "The total number of input datagrams 

             successfully delivered to IP user-protocols 

             (including ICMP)."

   ::= { ip 9 }

The MODULE-IDENTITY construct allows related objects to be grouped together within a "module." For example, RFC 2011 specifies the MIB module that defines managed objects (including ipInDelivers) for managing implementations of the Internet Protocol (IP) and its associated Internet Control Message Protocol (ICMP). RFC 2012 specifies the MIB module for TCP, and RFC 2013 specifies the MIB module for UDP. RFC 2021 defines the MIB module for RMON remote monitoring. In addition to containing the OBJECT-TYPE definitions of the managed objects within the module, the MODULE-IDENTITY construct contains clauses to document contact information of the author of the module, the date of the last update, a revision history, and a textual description of the module. As an example, consider the module definition for management of the IP protocol:

ipMIB MODULE-IDENTITY

    LAST-UPDATED "9411010000Z"

    ORGANIZATION "IETF SNMPv2 Working Group"

    CONTACT-INFO

            "        Keith McCloghrie

            Postal:  Cisco Systems, Inc.

                     170 West Tasman Drive

                     San Jose, CA 95134-1706

                     US



            Phone:   +1 408 526 5260

            E-mail:  kzm@cisco.com"



    DESCRIPTION

            "The MIB module for managing IP and ICMP 

            implementations, but excluding their

            management of IP routes."

    REVISION "9103310000Z"

    DESCRIPTION

            "The initial revision of this MIB module was

            part of MIB-II."

    ::= { mib-2 48}

The NOTIFICATION-TYPE construct is used to specify information regarding "SNMPv2-Trap" and "InformationRequest" messages generated by an agent, or a managing entity; see Section 8.3.3. This information includes a textual DESCRIPTION of when such messages are to be sent, as well as list of values to be included in the message generated; see RFC 2578 for details.

The MODULE-COMPLIANCE construct defines the set of managed objects within a module that an agent must implement.

The AGENT-CAPABILITIES construct specifies the capabilities of agents with respect to object- and event-notification definitions.

8.3.2: Management Information Base: MIB

As noted above, the Management Information Base, MIB, can be thought of as a virtual information store, holding managed objects whose values collectively reflect the current "state" of the network. These values may be queried and/or set by a managing entity by sending SNMP messages to the agent that is executing in a managed node on behalf of the managing entity. Managed objects are specified using the OBJECT-TYPE SMI construct discussed above and gathered into MIB modules using the MODULE-IDENTITY construct.

The IETF has been busy standardizing the MIB modules associated with routers, hosts, and other network equipment. This includes basic identification data about a particular piece of hardware, and management information about the device's network interfaces and protocols. As of the release of SNMPv3 (mid-1999), there were nearly 100 standards-based MIB modules and an even larger number of vendor-specific (private) MIB modules. With all of these standards, the IETF needed a way to identify and name the standardized modules, as well as the specific managed objects within a module. Rather than start from scratch, the IETF adopted a standardized object identification (naming) framework that had already been put in place by the International Organization for Standardization (ISO). As is the case with many standards bodies, the ISO had "grand plans" for their standardized object identification framework--to identify every possible standardized object (for example, data format, protocol, or piece of information) in any network, regardless of the network standards organization (for example, Internet IETF, ISO, IEEE, or ANSI), equipment manufacturer, or network owner. A lofty goal indeed! The object identification framework adopted by ISO is part of the ASN.1 (Abstract Syntax Notation One) [ISO 1987; ISO X.680 1998] object-definition language that we'll discuss in section 8.4. Standardized MIB modules have their own cozy corner in this all-encompassing naming framework, as discussed below.

As shown in Figure 8.3, objects are named in the ISO naming framework in a hierarchical manner. Note that each branch point in the tree has both a name and a number (shown in parentheses); any point in the tree is thus identifiable by the sequence of names or numbers that specify the path from the root to that point in the identifier tree. A fun, but incomplete and unofficial, Web-based utility for traversing part of the object identifier tree (using branch information contributed by volunteers) may be found in [Alvestrand 1997].

Figure 8.3: ADN.1 Object identifier tree

At the top of the hierarchy are the International Organization for Standardization (ISO) and the Telecommunication Standardization Sector of the International Telecommunication Union (ITU-T), the two main standards organizations dealing with ASN.1, as well as a branch for joint efforts by these two organizations. Under the ISO branch of the tree, we find entries for all ISO standards (1.0) and for standards issued by standards bodies of various ISO-member countries (1.2). Although not shown in Figure 8.3, under (ISO ISO-Member-Body, a.k.a. 1.2) we would find USA (1.2.840), under which we would find a number of IEEE, ANSI, and company-specific standards. These include RSA (1.2.840.11359) and Microsoft (1.2.840.113556), under which we find the Microsoft File Formats (1.2.840.113556.4) for various Microsoft products, such as Word (1.2.840.113556.4.2). But we are interested here in networking (not Microsoft Word files), so let us turn our attention to the branch labeled 1.3, the standards issued by bodies recognized by the ISO. These include the U.S. Department of Defense (6) (under which we will find the Internet standards), the Open Software Foundation (22), the airline association SITA (69) and NATO-identified bodies (57), as well as many other organizations.

Under the Internet branch of the tree (1.3.6.1), there are seven categories. Under the private (1.3.6.1.4) branch, we will find a list [IANA 1999b] of the names and private enterprise codes of more than 4,000 private companies that have registered with the Internet Assigned Numbers Authority (IANA) [IANA 1999]. Under the management (1.3.6.1.2) and MIB-2 branch (1.3.6.1.2.1) of the object identifier tree, we find the definitions of the standardized MIB modules. Whew--it's a long journey down to our corner of the ISO name space!

Standardized MIB Modules

The lowest level of the tree in Figure 8.3 shows some of the important hardware-oriented MIB modules (system and interface) as well as modules associated with some of the most important Internet protocols. RFC 2400 lists all of the standardized MIB modules. While MIB-related RFCs make for rather tedious and dry reading, it is instructive (that is, like eating vegetables, it is "good for you") to consider a few MIB module definitions to get a flavor for the type of information in a module.

The managed objects falling under system contain general information about the device being managed; all managed devices must support the system MIB objects. Table 8.2 defines the objects in the system group, as defined in RFC 1213.

Table 8.2: Managed objects in the MIB-2 system group

Object Identifier Name Type Description (from RFC 1213)

1.3.6.1.2.1.1.1 sysDescr OCTET STRING "full name and version identification of the system's hardware type, software operating-system, and networking software

1.3.6.1.2.1.1.2 sysObjectID OBJECT IDENTIFIER Vendor assigned object ID that "provides an easy and unambiguous means for determining 'what kind of box' is being managed."

1.3.6.1.2.1.1.3 sysUpTime TimeTicks "The time (in hundredths of a second) since the network management portion of the system was last re-initialized."

1.3.6.1.2.1.1.4 sysContact OCTET STRING "The contact person for this managed node, together with information on how to contact this person."

1.3.6.1.2.1.1.5 sysName OCTET STRING "An administratively assigned name for this managed node. By convention, this is the node's fully qualified domain name."

1.3.6.1.2.1.1.6 sysLocation OCTET STRING "The physical location of this node."

1.3.6.1.2.1.1.7 sysServices Integer32 A coded value that indicates the set of services available at this node: physical (for example, a repeater), datalink/subnet (for example, bridge), Internet (for example, IP gateway), end-end (for example, host), applications

Table 8.3 defines the managed objects in the MIB module for the UDP protocol at a managed entity.

Table 8.3: Managed objects in the MIB-2 udp module

Object identifier Name Type Description (from RFC 2013)

1.3.6.1.2.1.7.1 udpInDatagrams Counter32 "total number of UDP datagrams to UDP users"

1.3.6.1.2.1.7.2 udpNoPorts Counter32 "total number of received UDP datagrams for which there was no application at the destination port"

1.3.6.1.2.1.7.3 udpInErrors Counter32 "number of received UDP datagrams that could not be delivered for reasons other than the lack of an application at the destination port"

1.3.6.1.2.1.7.4 udpOutDatagrams Counter32 "total number of UDP datagrams sent from this entity"

1.3.6.1.2.1.7.5. udpTable SEQUENCE of UdpEntry "a sequence of UdpEntry objects, one for each port that is currently open by an application, giving the IP address and the port number used by the application"

8.3.3: SNMP Protocol Operations and Transport Mappings

The Simple Network Management Protocol Version 2 (SNMPv2) [RFC 1905] is used to convey MIB information among managing entities and agents executing on behalf of managing entities. The most common usage of SNMP is in a request-response mode in which an SNMPv2 managing entity sends a request to an SNMPv2 agent, who receives the request, performs some action, and sends a reply to the request. Typically, a request will be used to query (retrieve) or modify (set) MIB object values associated with a managed device. A second common usage of SNMP is for an agent to send an unsolicited message, known as a trap message, to a managing entity. Trap messages are used to notify a managing entity of an exceptional situation that has resulted in changes to MIB object values. We saw earlier in Section 8.1 that the network administrator might want to receive a trap message, for example, when an interface goes down, congestion reaches a predefined level on a link, or some other noteworthy event occurs. Note that there are a number of important tradeoffs between polling (request-response interaction) and trapping; see the homework problems.

SNMPv2 defines seven types of messages, known generically as Protocol Data Units--PDUs, as shown in Table 8.4.

Table 8.4: SNMPv2 PDU types

SNMPv2 PDU Type sender-receiver Description

GetRequest manager-to-agent get value of one or more MIB object instances

GetNextRequest manager-to-agent get value of next MIB object instance in list or table

GetBulkRequest manager-to-agent get values in large block of data, for example values in a large table

InformRequest manager-to-manager inform remort managing entity of MIB values remote to its access

SetRequest manager-to-agent set value of one or more MIB object instances

Response agent-to-manager or manager-to-manager generated in response to GetRequest, GetNextRequest, GetBulkRequest, SetRequestPDU, or InformRequest

SNMPv2-Trap agent-to-manager inform manager of an exceptional event

The format of the PDU is shown in Figure 8.4.

Figure 8.4: SNMP PDU format

The GetRequest, GetNextRequest, and GetBulkRequest PDUs are all sent from a managing entity to an agent to request the value of one or more MIB objects at the agent's managed device. The object identifiers of the MIB objects whose values are being requested are specified in the variable binding portion of the PDU. GetRequest, GetNextRequest, and GetBulkRequest differ in the granularity of their data requests. GetRequest can request an arbitrary set of MIB values; multiple GetNextRequests can be used to sequence through a list or table of MIB objects; GetBulkRequest allows a large block of data to be returned, avoiding the overhead incurred if multiple GetRequest or GetNextRequest messages were to be sent. In all three cases, the agent responds with a Response PDU containing the object identifiers and their associated values.
The SetRequest PDU is used by a managing entity to set the value of one or more MIB objects in a managed device. An agent replies with a Response PDU with the 'noError' Error Status to confirm that the value has indeed been set.
The InformRequest PDU is used by a managing entity to notify another managing entity of MIB information that is remote to the receiving entity. The receiving entity replies with a Response PDU with the 'noError' Error Status to acknowledge receipt of the InformRequest PDU.
The final type of SNMPv2 PDU is the trap message. Trap messages are generated asynchronously, that is, not in response to a received request but rather in response to an event for which the managing entity requires notification. RFC 1907 defines well-known trap types that include a cold or warm start by a device, a link going up or down, the loss of a neighbor, or an authentication failure event. A received trap request has no required response from a managing entity.

Given the request-response nature of SNMPv2, it is worth noting here that although SNMP PDUs can be carried via many different transport protocols, the SNMP PDU is typically carried in the payload of a UDP datagram. Indeed, RFC 1906 states that UDP is "the preferred transport mapping." Since UDP is an unreliable transport protocol, there is no guarantee that a request, or its response will be received at the intended destination. The Request ID field of the PDU is used by the managing entity to number its requests to an agent; an agent's response takes its Request ID from that of the received request. Thus, the Request ID field can be used by the managing entity to detect lost requests or replies. It is up to the managing entity to decide whether to retransmit a request if no corresponding response is received after a given amount of time. In particular, the SNMP standard does not mandate any particular procedure for retransmission, or even if retransmission is to be done in the first place. It only requires that the managing entity "needs to act responsibly in respect to the frequency and duration of re-transmissions." This, of course, leads one to wonder how a "responsible" protocol should behave!

8.3.4: Security and Administration

The designers of SNMPv3 have said that "SNMPv3 can be thought of as SNMPv2 with additional security and administration capabilities" [RFC 2570]. Certainly, there are changes in SNMPv3 over SNMPv2, but nowhere are those changes more evident than in the area of administration and security. The central role of security in SNMPv3 was particularly important, since the lack of adequate security resulted in SNMP being used primarily for monitoring rather than control (e.g., SetRequest is rarely used in SNMPv1).

As SNMP has matured through three versions, its functionality has grown but so too, alas, has the number of SNMP-related standards documents. This is evidenced by the fact that there is even now an RFC [RFC 2571] that " describes an architecture for describing SNMP Management Frameworks"! While the notion of an "architecture" for "describing a framework" might be a bit much to wrap one's mind around, the goal of RFC 2571 is an admirable one--to introduce a common language for describing the functionality and actions taken by an SNMPv3 agent or managing entity. The architecture of an SNMPv3 entity is straightforward, and a tour through the architecture will serve to solidify our understanding of SNMP.

So-called SNMP applications consist of a command generator, notification receiver, and proxy forwarder (all of which are typically found in a managing entity); a command responder and notification originator (both of which are typically found in an agent); and the possibility of other applications. The command generator generates the GetRequest, GetNextRequest, GetBulkRequest, and SetRequest PDUs that we examined in Section 8.3.3 and handles the received responses to these PDUs. The command responder executes in an agent and receives, processes, and replies to (using the Response message) received GetRequest, GetNext Request, GetBulkRequest, and SetRequest PDUs. The notification originator application in an agent generates Trap PDUs; these PDUs are eventually received and processed in a notification receiver application at a managing entity. The proxy forwarder application forwards request, notification, and response PDUs.

A PDU sent by an SNMP application next passes through the SNMP "engine" before it is sent via the appropriate transport protocol. Figure 8.5 shows how a PDU generated by the command generator application first enters the dispatch module, where the SNMP version is determined. The PDU is then processed in the message-processing system, where the PDU is wrapped in a message header containing the SNMP version number, a message ID, and message size information. If encryption or authentication is needed, the appropriate header fields for this information are included as well; see RFC 2571 for details. Finally, the SNMP message (the application-generated PDU plus the message header information) is passed to the appropriate transport protocol. The preferred transport protocol for carrying SNMP messages is UDP (that is, SNMP messages are carried as the payload in a UDP datagram), and the preferred port number for the SNMP is port 161. Port 162 is used for trap messages.

Figure 8.5: SNMPv3 engine and applications

We have seen above that SNMP messages are used to not just monitor, but also to control (for example, through the SetRequest command) network elements. Clearly, an intruder that could intercept SNMP messages and/or generate its own SNMP packets into the management infrastructure could wreak havoc in the network. Thus, it is crucial that SNMP messages be transmitted securely. Surprisingly, it is only in the most recent version of SNMP that security has received the attention that it deserves. SNMPv3 provides for encryption, authentication, protection against playback attacks (see Sections 7.2 and 7.3), and access control. SNMPv3 security is known as user-based security [RFC 2574] in that there is the traditional concept of a user, identified by a user name, with which security information such as a password, key value, or access privileges are associated.

Encryption. SNMP PDUs can be encrypted using the Data Encryption Standard (DES) in cipher block chaining mode; see Section 7.2 for a discussion of DES. Note that since DES is a shared-key system, the secret key of the user encrypting data must be known by the receiving entity that must decrypt the data.
Authentication. SNMP combines the use of a hash function, such as the MD5 algorithm that we studied in Section 7.4, with a secret key value to provide both authentication and protection against tampering. The approach, known as HMAC (Hashed Message Authentication Codes) [RFC 2104] is conceptually simple. Suppose the sender has an SNMP PDU, m, that it wants to send to the receiver. This PDU may have already been encrypted. Suppose also that both the sender and receiver know a shared secret key, K, which need not be the same key used for encryption. The sender will send m to the receiver. However, rather than sending along a simple Message Integrity Code (MIC), MIC(m), that has been computed over m (see Section 7.4.2) to protect against tampering, the sender appends the shared secret key to m and computes a MIC, MIC(m,K) over the combined PDU and key. The value MIC(m,K) (but not the secret key!) is then transmitted along with m. When the receiver receives m, it appends the secret key K and computes MIC(m,K). If this computed value matches the transmitted value of MIC(m,K), then the receiver knows not only that the message has not been tampered with, but also that the message was sent by someone who knows the value of K, that is, by a trusted, and now authenticated, sender. In operation, HMAC actually performs the append-and-hash operation twice, using a slightly modified key value each time; see RFC 2104 for details.
Protection against playback. Recall from our discussion in Chapter 7 that nonces can be used to guard against playback attacks. SNMPv3 adopts a related approach. In order to ensure that a received message is not a replay of some earlier message, the receiver requires that the sender include a value in each message that is based on a counter in the receiver. This counter, which functions as a nonce, reflects the amount of time since the last reboot of the receiver's network management software and the total number of reboots since the receiver's network-management software was last configured. As long as the counter in a received message is within some margin of error from the receiver's actual value, the message is accepted as a nonreplay message, at which point it may be authenticated and/or decrypted. See RFC 2574 for details.
Access control. SNMPv3 provides a view-based access control [RFC 2575] that controls which network-management information can be queried and/or set by which users. An SNMP entity retains information about access rights and policies in a Local Configuration Datastore (LCD). Portions of the LCD are themselves accessible as managed objects, defined in the View-based Access Control Model Configuration MIB [RFC 2575], and thus can be managed and manipulated remotely via SNMP.

There are hundreds (if not thousands) of network management products available today, all embodying to some extent the network management framework and SNMP foundation that we have studied in this section. A survey of these products is well beyond the scope of this text and (no doubt) the reader's attention span. Thus, we provide here pointers to a few of the more prominent products. A good starting point for an overview of the breadth of network management tools is Chapter 12 in [Subramanian 2000]

Network management tools divide broadly into those from network equipment vendors, that specialize in the management of the vendor's equipment, and those aimed at managing networks with heterogeneous equipment. Among the vendor- specific offerings is CiscoWorks2000 [Cisco CiscoWorks 2000], for the management of LANs and WANs built on a Cisco device foundation. 3Com's Transcend network management system [3Com Transcend 2000] is SNMP-compliant and provides "3Com SmartAgent intelligent agent" technology to aid in network management. Nortel's Optivity Network Management System [Nortel 2000] provides for network management, service management and policy management (bandwidth management, QoS, application-level security, and IP/address).

Among the popular tools for managing heterogeneous networks are Hewlett-Packard's Openview [Openview 2000], Aprisa's Spectrum [Aprisa 2000], and Sun's Solstice network management system[Sun 2000]. All three of these systems adopt a distributed system architecture in which multiple servers gather network management information from their managed domain. The network management station can then gather results from these servers, display information, and take control actions. All three products support the SNMP and CMIP protocols, and provide automated assistance for event/alarm correlation.